1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright 2012-2021 Tintri by DDN, Inc. All rights reserved. 24 */ 25 26 #include <sys/sid.h> 27 #include <sys/nbmlock.h> 28 #include <smbsrv/smb_fsops.h> 29 #include <smbsrv/smb_kproto.h> 30 #include <acl/acl_common.h> 31 #include <sys/fcntl.h> 32 #include <sys/filio.h> 33 #include <sys/flock.h> 34 #include <fs/fs_subr.h> 35 36 extern caller_context_t smb_ct; 37 38 static int smb_fsop_create_file_with_stream(smb_request_t *, cred_t *, 39 smb_node_t *, char *, char *, int, smb_attr_t *, smb_node_t **); 40 41 static int smb_fsop_create_file(smb_request_t *, cred_t *, smb_node_t *, 42 char *, int, smb_attr_t *, smb_node_t **); 43 44 #ifdef _KERNEL 45 static int smb_fsop_create_with_sd(smb_request_t *, cred_t *, smb_node_t *, 46 char *, smb_attr_t *, smb_node_t **, smb_fssd_t *); 47 static int smb_fsop_sdinherit(smb_request_t *, smb_node_t *, smb_fssd_t *); 48 #endif /* _KERNEL */ 49 50 /* 51 * The smb_fsop_* functions have knowledge of CIFS semantics. 52 * 53 * The smb_vop_* functions have minimal knowledge of CIFS semantics and 54 * serve as an interface to the VFS layer. 55 * 56 * Hence, smb_request_t and smb_node_t structures should not be passed 57 * from the smb_fsop_* layer to the smb_vop_* layer. 58 * 59 * In general, CIFS service code should only ever call smb_fsop_* 60 * functions directly, and never smb_vop_* functions directly. 61 * 62 * smb_fsop_* functions should call smb_vop_* functions where possible, instead 63 * of their smb_fsop_* counterparts. However, there are times when 64 * this cannot be avoided. 65 */ 66 67 /* 68 * Note: Stream names cannot be mangled. 69 */ 70 71 /* 72 * smb_fsop_amask_to_omode 73 * 74 * Convert the access mask to the open mode (for use 75 * with the VOP_OPEN call). 76 * 77 * Note that opening a file for attribute only access 78 * will also translate into an FREAD or FWRITE open mode 79 * (i.e., it's not just for data). 80 * 81 * This is needed so that opens are tracked appropriately 82 * for oplock processing. 83 */ 84 85 int 86 smb_fsop_amask_to_omode(uint32_t access) 87 { 88 int mode = 0; 89 90 if (access & (FILE_READ_DATA | FILE_EXECUTE | 91 FILE_READ_ATTRIBUTES | FILE_READ_EA)) 92 mode |= FREAD; 93 94 if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA | 95 FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)) 96 mode |= FWRITE; 97 98 if (access & FILE_APPEND_DATA) 99 mode |= FAPPEND; 100 101 return (mode); 102 } 103 104 int 105 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred) 106 { 107 /* 108 * Assuming that the same vnode is returned as we had before. 109 * (I.e., with certain types of files or file systems, a 110 * different vnode might be returned by VOP_OPEN) 111 */ 112 return (smb_vop_open(&node->vp, mode, cred)); 113 } 114 115 void 116 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred) 117 { 118 smb_vop_close(node->vp, mode, cred); 119 } 120 121 #ifdef _KERNEL 122 static int 123 smb_fsop_create_with_sd(smb_request_t *sr, cred_t *cr, 124 smb_node_t *dnode, char *name, 125 smb_attr_t *attr, smb_node_t **ret_snode, smb_fssd_t *fs_sd) 126 { 127 vsecattr_t *vsap; 128 vsecattr_t vsecattr; 129 smb_attr_t set_attr; 130 acl_t *acl, *dacl, *sacl; 131 vnode_t *vp; 132 cred_t *kcr = zone_kcred(); 133 int aclbsize = 0; /* size of acl list in bytes */ 134 int flags = 0; 135 int rc; 136 boolean_t is_dir; 137 138 ASSERT(fs_sd); 139 ASSERT(ret_snode != NULL); 140 141 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 142 flags = SMB_IGNORE_CASE; 143 if (SMB_TREE_SUPPORTS_CATIA(sr)) 144 flags |= SMB_CATIA; 145 146 ASSERT(cr); 147 148 is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0); 149 150 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) { 151 dacl = fs_sd->sd_zdacl; 152 sacl = fs_sd->sd_zsacl; 153 if (dacl != NULL || sacl != NULL) { 154 if (dacl && sacl) { 155 acl = smb_fsacl_merge(dacl, sacl); 156 } else if (dacl) { 157 acl = dacl; 158 } else { 159 acl = sacl; 160 } 161 162 rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize); 163 164 if (dacl && sacl) 165 acl_free(acl); 166 167 if (rc != 0) 168 return (rc); 169 170 vsap = &vsecattr; 171 } else { 172 vsap = NULL; 173 } 174 175 /* The tree ACEs may prevent a create */ 176 rc = EACCES; 177 if (is_dir) { 178 if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_SUBDIRECTORY) != 0) 179 rc = smb_vop_mkdir(dnode->vp, name, attr, 180 &vp, flags, cr, vsap); 181 } else { 182 if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_FILE) != 0) 183 rc = smb_vop_create(dnode->vp, name, attr, 184 &vp, flags, cr, vsap); 185 } 186 187 if (vsap != NULL) 188 kmem_free(vsap->vsa_aclentp, aclbsize); 189 190 if (rc != 0) 191 return (rc); 192 193 set_attr.sa_mask = 0; 194 195 /* 196 * Ideally we should be able to specify the owner and owning 197 * group at create time along with the ACL. Since we cannot 198 * do that right now, kcred is passed to smb_vop_setattr so it 199 * doesn't fail due to lack of permission. 200 */ 201 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 202 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 203 set_attr.sa_mask |= SMB_AT_UID; 204 } 205 206 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 207 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 208 set_attr.sa_mask |= SMB_AT_GID; 209 } 210 211 if (set_attr.sa_mask) 212 rc = smb_vop_setattr(vp, NULL, &set_attr, 0, kcr); 213 214 if (rc == 0) { 215 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, 216 name, dnode, NULL); 217 218 if (*ret_snode == NULL) 219 rc = ENOMEM; 220 221 VN_RELE(vp); 222 } 223 } else { 224 /* 225 * For filesystems that don't support ACL-on-create, try 226 * to set the specified SD after create, which could actually 227 * fail because of conflicts between inherited security 228 * attributes upon creation and the specified SD. 229 * 230 * Passing kcred to smb_fsop_sdwrite() to overcome this issue. 231 */ 232 233 if (is_dir) { 234 rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, 235 flags, cr, NULL); 236 } else { 237 rc = smb_vop_create(dnode->vp, name, attr, &vp, 238 flags, cr, NULL); 239 } 240 241 if (rc != 0) 242 return (rc); 243 244 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, 245 name, dnode, NULL); 246 247 if (*ret_snode != NULL) { 248 if (!smb_tree_has_feature(sr->tid_tree, 249 SMB_TREE_NFS_MOUNTED)) 250 rc = smb_fsop_sdwrite(sr, kcr, *ret_snode, 251 fs_sd, 1); 252 } else { 253 rc = ENOMEM; 254 } 255 256 VN_RELE(vp); 257 } 258 259 if (rc != 0) { 260 if (is_dir) 261 (void) smb_vop_rmdir(dnode->vp, name, flags, cr); 262 else 263 (void) smb_vop_remove(dnode->vp, name, flags, cr); 264 } 265 266 return (rc); 267 } 268 #endif /* _KERNEL */ 269 270 /* 271 * smb_fsop_create 272 * 273 * All SMB functions should use this wrapper to ensure that 274 * all the smb_vop_creates are performed with the appropriate credentials. 275 * Please document any direct calls to explain the reason for avoiding 276 * this wrapper. 277 * 278 * *ret_snode is returned with a reference upon success. No reference is 279 * taken if an error is returned. 280 */ 281 int 282 smb_fsop_create(smb_request_t *sr, cred_t *cr, smb_node_t *dnode, 283 char *name, smb_attr_t *attr, smb_node_t **ret_snode) 284 { 285 int rc = 0; 286 int flags = 0; 287 char *fname, *sname; 288 char *longname = NULL; 289 290 ASSERT(cr); 291 ASSERT(dnode); 292 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 293 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 294 295 ASSERT(ret_snode); 296 *ret_snode = 0; 297 298 ASSERT(name); 299 if (*name == 0) 300 return (EINVAL); 301 302 ASSERT(sr); 303 ASSERT(sr->tid_tree); 304 305 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 306 return (EACCES); 307 308 if (SMB_TREE_IS_READONLY(sr)) 309 return (EROFS); 310 311 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 312 flags = SMB_IGNORE_CASE; 313 if (SMB_TREE_SUPPORTS_CATIA(sr)) 314 flags |= SMB_CATIA; 315 if (SMB_TREE_SUPPORTS_ABE(sr)) 316 flags |= SMB_ABE; 317 318 if (smb_is_stream_name(name)) { 319 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 320 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 321 smb_stream_parse_name(name, fname, sname); 322 323 rc = smb_fsop_create_file_with_stream(sr, cr, dnode, 324 fname, sname, flags, attr, ret_snode); 325 326 kmem_free(fname, MAXNAMELEN); 327 kmem_free(sname, MAXNAMELEN); 328 return (rc); 329 } 330 331 /* Not a named stream */ 332 333 if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) { 334 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 335 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags); 336 kmem_free(longname, MAXNAMELEN); 337 338 if (rc == 0) 339 rc = EEXIST; 340 if (rc != ENOENT) 341 return (rc); 342 } 343 344 rc = smb_fsop_create_file(sr, cr, dnode, name, flags, 345 attr, ret_snode); 346 return (rc); 347 348 } 349 350 351 /* 352 * smb_fsop_create_file_with_stream 353 * 354 * Create named stream (sname) on file (fname), creating the file if it 355 * doesn't exist. 356 * If we created the file and then creation of the named stream fails, 357 * we delete the file. 358 * Since we use the real file name for the smb_vop_remove we 359 * clear the SMB_IGNORE_CASE flag to ensure a case sensitive 360 * match. 361 * 362 * Note that some stream "types" are "restricted" and only 363 * internal callers (cr == kcred) can create those. 364 */ 365 static int 366 smb_fsop_create_file_with_stream(smb_request_t *sr, cred_t *cr, 367 smb_node_t *dnode, char *fname, char *sname, int flags, 368 smb_attr_t *attr, smb_node_t **ret_snode) 369 { 370 smb_node_t *fnode; 371 cred_t *kcr = zone_kcred(); 372 int rc = 0; 373 boolean_t fcreate = B_FALSE; 374 375 ASSERT(ret_snode != NULL); 376 377 if (cr != kcr && smb_strname_restricted(sname)) 378 return (EACCES); 379 380 /* Look up / create the unnamed stream, fname */ 381 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 382 sr->tid_tree->t_snode, dnode, fname, &fnode); 383 if (rc == 0) { 384 if (smb_fsop_access(sr, sr->user_cr, fnode, 385 sr->sr_open.desired_access) != 0) { 386 smb_node_release(fnode); 387 rc = EACCES; 388 } 389 } else if (rc == ENOENT) { 390 fcreate = B_TRUE; 391 rc = smb_fsop_create_file(sr, cr, dnode, fname, flags, 392 attr, &fnode); 393 } 394 if (rc != 0) 395 return (rc); 396 397 rc = smb_fsop_create_stream(sr, cr, dnode, fnode, sname, flags, attr, 398 ret_snode); 399 400 if (rc != 0) { 401 if (fcreate) { 402 flags &= ~SMB_IGNORE_CASE; 403 (void) smb_vop_remove(dnode->vp, 404 fnode->od_name, flags, cr); 405 } 406 } 407 408 smb_node_release(fnode); 409 return (rc); 410 } 411 412 /* 413 * smb_fsop_create_stream 414 * 415 * Create named stream (sname) on existing file (fnode). 416 * 417 * The second parameter of smb_vop_setattr() is set to 418 * NULL, even though an unnamed stream exists. This is 419 * because we want to set the UID and GID on the named 420 * stream in this case for consistency with the (unnamed 421 * stream) file (see comments for smb_vop_setattr()). 422 * 423 * Note that some stream "types" are "restricted" and only 424 * internal callers (cr == kcred) can create those. 425 */ 426 int 427 smb_fsop_create_stream(smb_request_t *sr, cred_t *cr, 428 smb_node_t *dnode, smb_node_t *fnode, char *sname, int flags, 429 smb_attr_t *attr, smb_node_t **ret_snode) 430 { 431 smb_attr_t fattr; 432 vnode_t *xattrdvp; 433 vnode_t *vp; 434 cred_t *kcr = zone_kcred(); 435 int rc = 0; 436 437 ASSERT(ret_snode != NULL); 438 439 if (cr != kcr && smb_strname_restricted(sname)) 440 return (EACCES); 441 442 bzero(&fattr, sizeof (fattr)); 443 fattr.sa_mask = SMB_AT_UID | SMB_AT_GID; 444 rc = smb_vop_getattr(fnode->vp, NULL, &fattr, 0, kcr); 445 446 if (rc == 0) { 447 /* create the named stream, sname */ 448 rc = smb_vop_stream_create(fnode->vp, sname, 449 attr, &vp, &xattrdvp, flags, cr); 450 } 451 if (rc != 0) 452 return (rc); 453 454 attr->sa_vattr.va_uid = fattr.sa_vattr.va_uid; 455 attr->sa_vattr.va_gid = fattr.sa_vattr.va_gid; 456 attr->sa_mask = SMB_AT_UID | SMB_AT_GID; 457 458 rc = smb_vop_setattr(vp, NULL, attr, 0, kcr); 459 if (rc != 0) { 460 VN_RELE(xattrdvp); 461 VN_RELE(vp); 462 return (rc); 463 } 464 465 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdvp, 466 vp, sname); 467 468 VN_RELE(xattrdvp); 469 VN_RELE(vp); 470 471 if (*ret_snode == NULL) 472 rc = ENOMEM; 473 474 /* notify change to the unnamed stream */ 475 if (rc == 0) 476 smb_node_notify_change(dnode, 477 FILE_ACTION_ADDED_STREAM, fnode->od_name); 478 479 return (rc); 480 } 481 482 /* 483 * smb_fsop_create_file 484 */ 485 static int 486 smb_fsop_create_file(smb_request_t *sr, cred_t *cr, 487 smb_node_t *dnode, char *name, int flags, 488 smb_attr_t *attr, smb_node_t **ret_snode) 489 { 490 smb_arg_open_t *op = &sr->sr_open; 491 vnode_t *vp; 492 int rc; 493 494 ASSERT(ret_snode != NULL); 495 496 #ifdef _KERNEL 497 smb_fssd_t fs_sd; 498 uint32_t secinfo; 499 uint32_t status; 500 501 if (op->sd) { 502 /* 503 * SD sent by client in Windows format. Needs to be 504 * converted to FS format. Inherit DACL/SACL if they're not 505 * specified. 506 */ 507 secinfo = smb_sd_get_secinfo(op->sd); 508 509 if ((secinfo & SMB_SACL_SECINFO) != 0 && 510 !smb_user_has_security_priv(sr->uid_user, cr)) 511 return (EPERM); 512 513 smb_fssd_init(&fs_sd, secinfo, 0); 514 515 status = smb_sd_tofs(op->sd, &fs_sd); 516 if (status == NT_STATUS_SUCCESS) { 517 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd); 518 if (rc == 0) 519 rc = smb_fsop_create_with_sd(sr, cr, dnode, 520 name, attr, ret_snode, &fs_sd); 521 522 } else { 523 rc = EINVAL; 524 } 525 smb_fssd_term(&fs_sd); 526 } else if (sr->tid_tree->t_acltype == ACE_T) { 527 /* 528 * No incoming SD and filesystem is ZFS 529 * Server applies Windows inheritance rules, 530 * see smb_fsop_sdinherit() comments as to why. 531 */ 532 smb_fssd_init(&fs_sd, 0, 0); 533 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd); 534 if (rc == 0) { 535 rc = smb_fsop_create_with_sd(sr, cr, dnode, 536 name, attr, ret_snode, &fs_sd); 537 } 538 539 smb_fssd_term(&fs_sd); 540 } else 541 #endif /* _KERNEL */ 542 { 543 /* 544 * No incoming SD and filesystem is not ZFS 545 * let the filesystem handles the inheritance. 546 */ 547 rc = smb_vop_create(dnode->vp, name, attr, &vp, 548 flags, cr, NULL); 549 550 if (rc == 0) { 551 *ret_snode = smb_node_lookup(sr, op, cr, vp, 552 name, dnode, NULL); 553 554 if (*ret_snode == NULL) 555 rc = ENOMEM; 556 557 VN_RELE(vp); 558 } 559 560 } 561 562 if (rc == 0) 563 smb_node_notify_change(dnode, FILE_ACTION_ADDED, name); 564 565 return (rc); 566 } 567 568 /* 569 * smb_fsop_mkdir 570 * 571 * All SMB functions should use this wrapper to ensure that 572 * the the calls are performed with the appropriate credentials. 573 * Please document any direct call to explain the reason 574 * for avoiding this wrapper. 575 * 576 * It is assumed that a reference exists on snode coming into this routine. 577 * 578 * *ret_snode is returned with a reference upon success. No reference is 579 * taken if an error is returned. 580 */ 581 int 582 smb_fsop_mkdir( 583 smb_request_t *sr, 584 cred_t *cr, 585 smb_node_t *dnode, 586 char *name, 587 smb_attr_t *attr, 588 smb_node_t **ret_snode) 589 { 590 struct open_param *op = &sr->arg.open; 591 char *longname; 592 vnode_t *vp; 593 int flags = 0; 594 int rc; 595 596 #ifdef _KERNEL 597 smb_fssd_t fs_sd; 598 uint32_t secinfo; 599 uint32_t status; 600 #endif /* _KERNEL */ 601 602 ASSERT(cr); 603 ASSERT(dnode); 604 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 605 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 606 607 ASSERT(ret_snode); 608 *ret_snode = 0; 609 610 ASSERT(name); 611 if (*name == 0) 612 return (EINVAL); 613 614 ASSERT(sr); 615 ASSERT(sr->tid_tree); 616 617 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 618 return (EACCES); 619 620 if (SMB_TREE_IS_READONLY(sr)) 621 return (EROFS); 622 if (SMB_TREE_SUPPORTS_CATIA(sr)) 623 flags |= SMB_CATIA; 624 if (SMB_TREE_SUPPORTS_ABE(sr)) 625 flags |= SMB_ABE; 626 627 if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) { 628 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 629 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags); 630 kmem_free(longname, MAXNAMELEN); 631 632 /* 633 * If the name passed in by the client has an unmangled 634 * equivalent that is found in the specified directory, 635 * then the mkdir cannot succeed. Return EEXIST. 636 * 637 * Only if ENOENT is returned will a mkdir be attempted. 638 */ 639 640 if (rc == 0) 641 rc = EEXIST; 642 643 if (rc != ENOENT) 644 return (rc); 645 } 646 647 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 648 flags = SMB_IGNORE_CASE; 649 650 #ifdef _KERNEL 651 if (op->sd) { 652 /* 653 * SD sent by client in Windows format. Needs to be 654 * converted to FS format. Inherit DACL/SACL if they're not 655 * specified. 656 */ 657 secinfo = smb_sd_get_secinfo(op->sd); 658 659 if ((secinfo & SMB_SACL_SECINFO) != 0 && 660 !smb_user_has_security_priv(sr->uid_user, cr)) 661 return (EPERM); 662 663 smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR); 664 665 status = smb_sd_tofs(op->sd, &fs_sd); 666 if (status == NT_STATUS_SUCCESS) { 667 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd); 668 if (rc == 0) 669 rc = smb_fsop_create_with_sd(sr, cr, dnode, 670 name, attr, ret_snode, &fs_sd); 671 } 672 else 673 rc = EINVAL; 674 smb_fssd_term(&fs_sd); 675 } else if (sr->tid_tree->t_acltype == ACE_T) { 676 /* 677 * No incoming SD and filesystem is ZFS 678 * Server applies Windows inheritance rules, 679 * see smb_fsop_sdinherit() comments as to why. 680 */ 681 smb_fssd_init(&fs_sd, 0, SMB_FSSD_FLAGS_DIR); 682 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd); 683 if (rc == 0) { 684 rc = smb_fsop_create_with_sd(sr, cr, dnode, 685 name, attr, ret_snode, &fs_sd); 686 } 687 688 smb_fssd_term(&fs_sd); 689 690 } else 691 #endif /* _KERNEL */ 692 { 693 rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, flags, cr, 694 NULL); 695 696 if (rc == 0) { 697 *ret_snode = smb_node_lookup(sr, op, cr, vp, name, 698 dnode, NULL); 699 700 if (*ret_snode == NULL) 701 rc = ENOMEM; 702 703 VN_RELE(vp); 704 } 705 } 706 707 if (rc == 0) 708 smb_node_notify_change(dnode, FILE_ACTION_ADDED, name); 709 710 return (rc); 711 } 712 713 /* 714 * smb_fsop_remove 715 * 716 * All SMB functions should use this wrapper to ensure that 717 * the the calls are performed with the appropriate credentials. 718 * Please document any direct call to explain the reason 719 * for avoiding this wrapper. 720 * 721 * It is assumed that a reference exists on snode coming into this routine. 722 * 723 * A null smb_request might be passed to this function. 724 * 725 * Note that some stream "types" are "restricted" and only 726 * internal callers (cr == kcred) can remove those. 727 */ 728 int 729 smb_fsop_remove( 730 smb_request_t *sr, 731 cred_t *cr, 732 smb_node_t *dnode, 733 char *name, 734 uint32_t flags) 735 { 736 smb_node_t *fnode; 737 char *longname; 738 char *fname; 739 char *sname; 740 int rc; 741 742 ASSERT(cr); 743 /* 744 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 745 * function is called during the deletion of the node (because of 746 * DELETE_ON_CLOSE). 747 */ 748 ASSERT(dnode); 749 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 750 751 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 || 752 SMB_TREE_HAS_ACCESS(sr, ACE_DELETE) == 0) 753 return (EACCES); 754 755 if (SMB_TREE_IS_READONLY(sr)) 756 return (EROFS); 757 758 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 759 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 760 761 if (dnode->flags & NODE_XATTR_DIR) { 762 if (cr != zone_kcred() && smb_strname_restricted(name)) { 763 rc = EACCES; 764 goto out; 765 } 766 767 fnode = dnode->n_dnode; 768 rc = smb_vop_stream_remove(fnode->vp, name, flags, cr); 769 770 /* notify change to the unnamed stream */ 771 if ((rc == 0) && fnode->n_dnode) { 772 smb_node_notify_change(fnode->n_dnode, 773 FILE_ACTION_REMOVED_STREAM, fnode->od_name); 774 } 775 } else if (smb_is_stream_name(name)) { 776 smb_stream_parse_name(name, fname, sname); 777 778 if (cr != zone_kcred() && smb_strname_restricted(sname)) { 779 rc = EACCES; 780 goto out; 781 } 782 783 /* 784 * Look up the unnamed stream (i.e. fname). 785 * Unmangle processing will be done on fname 786 * as well as any link target. 787 */ 788 789 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 790 sr->tid_tree->t_snode, dnode, fname, &fnode); 791 792 if (rc != 0) { 793 goto out; 794 } 795 796 /* 797 * XXX 798 * Need to find out what permission is required by NTFS 799 * to remove a stream. 800 */ 801 rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr); 802 803 smb_node_release(fnode); 804 805 /* notify change to the unnamed stream */ 806 if (rc == 0) { 807 smb_node_notify_change(dnode, 808 FILE_ACTION_REMOVED_STREAM, fname); 809 } 810 } else { 811 rc = smb_vop_remove(dnode->vp, name, flags, cr); 812 813 if (rc == ENOENT) { 814 if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) || 815 !smb_maybe_mangled(name)) { 816 goto out; 817 } 818 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 819 820 if (SMB_TREE_SUPPORTS_ABE(sr)) 821 flags |= SMB_ABE; 822 823 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, 824 flags); 825 826 if (rc == 0) { 827 /* 828 * longname is the real (case-sensitive) 829 * on-disk name. 830 * We make sure we do a remove on this exact 831 * name, as the name was mangled and denotes 832 * a unique file. 833 */ 834 flags &= ~SMB_IGNORE_CASE; 835 rc = smb_vop_remove(dnode->vp, longname, 836 flags, cr); 837 } 838 kmem_free(longname, MAXNAMELEN); 839 } 840 if (rc == 0) { 841 smb_node_notify_change(dnode, 842 FILE_ACTION_REMOVED, name); 843 } 844 } 845 846 out: 847 kmem_free(fname, MAXNAMELEN); 848 kmem_free(sname, MAXNAMELEN); 849 850 return (rc); 851 } 852 853 /* 854 * smb_fsop_remove_streams 855 * 856 * This function removes a file's streams without removing the 857 * file itself. 858 * 859 * It is assumed that fnode is not a link. 860 */ 861 uint32_t 862 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode) 863 { 864 int rc, flags = 0; 865 smb_odir_t *od; 866 smb_odirent_t *odirent; 867 uint32_t status; 868 boolean_t eos; 869 870 ASSERT(sr); 871 ASSERT(cr); 872 ASSERT(fnode); 873 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 874 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 875 876 if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0) 877 return (NT_STATUS_ACCESS_DENIED); 878 879 if (SMB_TREE_IS_READONLY(sr)) 880 return (NT_STATUS_ACCESS_DENIED); 881 882 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 883 flags = SMB_IGNORE_CASE; 884 885 if (SMB_TREE_SUPPORTS_CATIA(sr)) 886 flags |= SMB_CATIA; 887 888 status = smb_odir_openat(sr, fnode, &od); 889 switch (status) { 890 case 0: 891 break; 892 case NT_STATUS_OBJECT_NAME_NOT_FOUND: 893 case NT_STATUS_NO_SUCH_FILE: 894 case NT_STATUS_NOT_SUPPORTED: 895 /* No streams to remove. */ 896 return (0); 897 default: 898 return (status); 899 } 900 901 odirent = kmem_alloc(sizeof (smb_odirent_t), KM_SLEEP); 902 for (;;) { 903 rc = smb_odir_read(sr, od, odirent, &eos); 904 if ((rc != 0) || (eos)) 905 break; 906 (void) smb_vop_remove(od->d_dnode->vp, odirent->od_name, 907 flags, cr); 908 } 909 kmem_free(odirent, sizeof (smb_odirent_t)); 910 if (eos && rc == ENOENT) 911 rc = 0; 912 913 smb_odir_close(od); 914 smb_odir_release(od); 915 if (rc) 916 status = smb_errno2status(rc); 917 return (status); 918 } 919 920 /* 921 * smb_fsop_rmdir 922 * 923 * All SMB functions should use this wrapper to ensure that 924 * the the calls are performed with the appropriate credentials. 925 * Please document any direct call to explain the reason 926 * for avoiding this wrapper. 927 * 928 * It is assumed that a reference exists on snode coming into this routine. 929 */ 930 int 931 smb_fsop_rmdir( 932 smb_request_t *sr, 933 cred_t *cr, 934 smb_node_t *dnode, 935 char *name, 936 uint32_t flags) 937 { 938 int rc; 939 char *longname; 940 941 ASSERT(cr); 942 /* 943 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 944 * function is called during the deletion of the node (because of 945 * DELETE_ON_CLOSE). 946 */ 947 ASSERT(dnode); 948 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 949 950 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 || 951 SMB_TREE_HAS_ACCESS(sr, ACE_DELETE_CHILD) == 0) 952 return (EACCES); 953 954 if (SMB_TREE_IS_READONLY(sr)) 955 return (EROFS); 956 957 rc = smb_vop_rmdir(dnode->vp, name, flags, cr); 958 959 if (rc == ENOENT) { 960 if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) || 961 !smb_maybe_mangled(name)) { 962 return (rc); 963 } 964 965 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 966 967 if (SMB_TREE_SUPPORTS_ABE(sr)) 968 flags |= SMB_ABE; 969 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags); 970 971 if (rc == 0) { 972 /* 973 * longname is the real (case-sensitive) 974 * on-disk name. 975 * We make sure we do a rmdir on this exact 976 * name, as the name was mangled and denotes 977 * a unique directory. 978 */ 979 flags &= ~SMB_IGNORE_CASE; 980 rc = smb_vop_rmdir(dnode->vp, longname, flags, cr); 981 } 982 983 kmem_free(longname, MAXNAMELEN); 984 } 985 986 if (rc == 0) 987 smb_node_notify_change(dnode, FILE_ACTION_REMOVED, name); 988 989 return (rc); 990 } 991 992 /* 993 * smb_fsop_getattr 994 * 995 * All SMB functions should use this wrapper to ensure that 996 * the the calls are performed with the appropriate credentials. 997 * Please document any direct call to explain the reason 998 * for avoiding this wrapper. 999 * 1000 * It is assumed that a reference exists on snode coming into this routine. 1001 */ 1002 int 1003 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1004 smb_attr_t *attr) 1005 { 1006 smb_node_t *unnamed_node; 1007 vnode_t *unnamed_vp = NULL; 1008 uint32_t status; 1009 uint32_t access = 0; 1010 int flags = 0; 1011 int rc; 1012 1013 ASSERT(cr); 1014 ASSERT(snode); 1015 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1016 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1017 1018 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0 || 1019 SMB_TREE_HAS_ACCESS(sr, ACE_READ_ATTRIBUTES) == 0) 1020 return (EACCES); 1021 1022 /* sr could be NULL in some cases */ 1023 if (sr && sr->fid_ofile) { 1024 /* if uid and/or gid is requested */ 1025 if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 1026 access |= READ_CONTROL; 1027 1028 /* if anything else is also requested */ 1029 if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 1030 access |= FILE_READ_ATTRIBUTES; 1031 1032 status = smb_ofile_access(sr->fid_ofile, cr, access); 1033 if (status != NT_STATUS_SUCCESS) 1034 return (EACCES); 1035 1036 if (smb_tree_has_feature(sr->tid_tree, 1037 SMB_TREE_ACEMASKONACCESS)) 1038 flags = ATTR_NOACLCHECK; 1039 } 1040 1041 unnamed_node = SMB_IS_STREAM(snode); 1042 1043 if (unnamed_node) { 1044 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1045 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1046 unnamed_vp = unnamed_node->vp; 1047 } 1048 1049 rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr); 1050 1051 if ((rc == 0) && smb_node_is_dfslink(snode)) { 1052 /* a DFS link should be treated as a directory */ 1053 attr->sa_dosattr |= FILE_ATTRIBUTE_DIRECTORY; 1054 } 1055 1056 return (rc); 1057 } 1058 1059 /* 1060 * smb_fsop_link 1061 * 1062 * All SMB functions should use this smb_vop_link wrapper to ensure that 1063 * the smb_vop_link is performed with the appropriate credentials. 1064 * Please document any direct call to smb_vop_link to explain the reason 1065 * for avoiding this wrapper. 1066 * 1067 * It is assumed that references exist on from_dnode and to_dnode coming 1068 * into this routine. 1069 */ 1070 int 1071 smb_fsop_link(smb_request_t *sr, cred_t *cr, smb_node_t *from_fnode, 1072 smb_node_t *to_dnode, char *to_name) 1073 { 1074 char *longname = NULL; 1075 int flags = 0; 1076 int rc; 1077 1078 ASSERT(sr); 1079 ASSERT(sr->tid_tree); 1080 ASSERT(cr); 1081 ASSERT(to_dnode); 1082 ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC); 1083 ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1084 ASSERT(from_fnode); 1085 ASSERT(from_fnode->n_magic == SMB_NODE_MAGIC); 1086 ASSERT(from_fnode->n_state != SMB_NODE_STATE_DESTROYING); 1087 1088 if (SMB_TREE_CONTAINS_NODE(sr, from_fnode) == 0) 1089 return (EACCES); 1090 1091 if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0) 1092 return (EACCES); 1093 1094 if (SMB_TREE_IS_READONLY(sr)) 1095 return (EROFS); 1096 1097 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1098 flags = SMB_IGNORE_CASE; 1099 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1100 flags |= SMB_CATIA; 1101 if (SMB_TREE_SUPPORTS_ABE(sr)) 1102 flags |= SMB_ABE; 1103 1104 if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(to_name)) { 1105 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1106 rc = smb_unmangle(to_dnode, to_name, longname, 1107 MAXNAMELEN, flags); 1108 kmem_free(longname, MAXNAMELEN); 1109 1110 if (rc == 0) 1111 rc = EEXIST; 1112 if (rc != ENOENT) 1113 return (rc); 1114 } 1115 1116 rc = smb_vop_link(to_dnode->vp, from_fnode->vp, to_name, flags, cr); 1117 1118 if (rc == 0) 1119 smb_node_notify_change(to_dnode, FILE_ACTION_ADDED, to_name); 1120 1121 return (rc); 1122 } 1123 1124 /* 1125 * smb_fsop_rename 1126 * 1127 * All SMB functions should use this smb_vop_rename wrapper to ensure that 1128 * the smb_vop_rename is performed with the appropriate credentials. 1129 * Please document any direct call to smb_vop_rename to explain the reason 1130 * for avoiding this wrapper. 1131 * 1132 * It is assumed that references exist on from_dnode and to_dnode coming 1133 * into this routine. 1134 */ 1135 int 1136 smb_fsop_rename( 1137 smb_request_t *sr, 1138 cred_t *cr, 1139 smb_node_t *from_dnode, 1140 char *from_name, 1141 smb_node_t *to_dnode, 1142 char *to_name) 1143 { 1144 smb_node_t *from_snode; 1145 smb_attr_t from_attr; 1146 vnode_t *from_vp; 1147 int flags = 0, ret_flags; 1148 int rc; 1149 boolean_t isdir; 1150 1151 ASSERT(cr); 1152 ASSERT(from_dnode); 1153 ASSERT(from_dnode->n_magic == SMB_NODE_MAGIC); 1154 ASSERT(from_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1155 1156 ASSERT(to_dnode); 1157 ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC); 1158 ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1159 1160 if (SMB_TREE_CONTAINS_NODE(sr, from_dnode) == 0) 1161 return (EACCES); 1162 1163 if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0) 1164 return (EACCES); 1165 1166 ASSERT(sr); 1167 ASSERT(sr->tid_tree); 1168 if (SMB_TREE_IS_READONLY(sr)) 1169 return (EROFS); 1170 1171 /* 1172 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE 1173 * here. 1174 * 1175 * A case-sensitive rename is always done in this routine 1176 * because we are using the on-disk name from an earlier lookup. 1177 * If a mangled name was passed in by the caller (denoting a 1178 * deterministic lookup), then the exact file must be renamed 1179 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or 1180 * else the underlying file system might return a "first-match" 1181 * on this on-disk name, possibly resulting in the wrong file). 1182 */ 1183 1184 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1185 flags |= SMB_CATIA; 1186 1187 /* 1188 * XXX: Lock required through smb_node_release() below? 1189 */ 1190 1191 rc = smb_vop_lookup(from_dnode->vp, from_name, &from_vp, NULL, 1192 flags, &ret_flags, NULL, &from_attr, cr); 1193 1194 if (rc != 0) 1195 return (rc); 1196 1197 /* 1198 * Make sure "from" vp is not a mount point. 1199 */ 1200 if (from_vp->v_type == VDIR && vn_ismntpt(from_vp)) { 1201 VN_RELE(from_vp); 1202 return (EACCES); 1203 } 1204 1205 if (from_attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) { 1206 VN_RELE(from_vp); 1207 return (EACCES); 1208 } 1209 1210 isdir = ((from_attr.sa_dosattr & FILE_ATTRIBUTE_DIRECTORY) != 0); 1211 1212 if ((isdir && SMB_TREE_HAS_ACCESS(sr, 1213 ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY) != 1214 (ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY)) || 1215 (!isdir && SMB_TREE_HAS_ACCESS(sr, ACE_DELETE | ACE_ADD_FILE) != 1216 (ACE_DELETE | ACE_ADD_FILE))) { 1217 VN_RELE(from_vp); 1218 return (EACCES); 1219 } 1220 1221 /* 1222 * SMB checks access on open and retains an access granted 1223 * mask for use while the file is open. ACL changes should 1224 * not affect access to an open file. 1225 * 1226 * If the rename is being performed on an ofile: 1227 * - Check the ofile's access granted mask to see if the 1228 * rename is permitted - requires DELETE access. 1229 * - If the file system does access checking, set the 1230 * ATTR_NOACLCHECK flag to ensure that the file system 1231 * does not check permissions on subsequent calls. 1232 */ 1233 if (sr && sr->fid_ofile) { 1234 rc = smb_ofile_access(sr->fid_ofile, cr, DELETE); 1235 if (rc != NT_STATUS_SUCCESS) { 1236 VN_RELE(from_vp); 1237 return (EACCES); 1238 } 1239 1240 /* 1241 * TODO: avoid ACL check for source file. 1242 * smb_vop_rename() passes its own flags to VOP_RENAME, 1243 * and ZFS doesn't pass it on to zfs_zaccess_rename(). 1244 */ 1245 } 1246 1247 rc = smb_vop_rename(from_dnode->vp, from_name, to_dnode->vp, 1248 to_name, flags, cr); 1249 1250 if (rc == 0) { 1251 from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name, 1252 from_dnode, NULL); 1253 1254 if (from_snode == NULL) { 1255 rc = ENOMEM; 1256 } else { 1257 smb_node_rename(from_dnode, from_snode, 1258 to_dnode, to_name); 1259 smb_node_release(from_snode); 1260 } 1261 } 1262 VN_RELE(from_vp); 1263 1264 if (rc == 0) { 1265 if (from_dnode == to_dnode) { 1266 smb_node_notify_change(from_dnode, 1267 FILE_ACTION_RENAMED_OLD_NAME, from_name); 1268 smb_node_notify_change(to_dnode, 1269 FILE_ACTION_RENAMED_NEW_NAME, to_name); 1270 } else { 1271 smb_node_notify_change(from_dnode, 1272 FILE_ACTION_REMOVED, from_name); 1273 smb_node_notify_change(to_dnode, 1274 FILE_ACTION_ADDED, to_name); 1275 } 1276 } 1277 1278 /* XXX: unlock */ 1279 1280 return (rc); 1281 } 1282 1283 /* 1284 * smb_fsop_setattr 1285 * 1286 * All SMB functions should use this wrapper to ensure that 1287 * the the calls are performed with the appropriate credentials. 1288 * Please document any direct call to explain the reason 1289 * for avoiding this wrapper. 1290 * 1291 * It is assumed that a reference exists on snode coming into 1292 * this function. 1293 * A null smb_request might be passed to this function. 1294 */ 1295 int 1296 smb_fsop_setattr( 1297 smb_request_t *sr, 1298 cred_t *cr, 1299 smb_node_t *snode, 1300 smb_attr_t *set_attr) 1301 { 1302 smb_node_t *unnamed_node; 1303 vnode_t *unnamed_vp = NULL; 1304 uint32_t status; 1305 uint32_t access; 1306 int rc = 0; 1307 int flags = 0; 1308 uint_t sa_mask; 1309 1310 ASSERT(cr); 1311 ASSERT(snode); 1312 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1313 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1314 1315 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0) 1316 return (EACCES); 1317 1318 if (SMB_TREE_IS_READONLY(sr)) 1319 return (EROFS); 1320 1321 if (SMB_TREE_HAS_ACCESS(sr, 1322 ACE_WRITE_ATTRIBUTES | ACE_WRITE_NAMED_ATTRS) == 0) 1323 return (EACCES); 1324 1325 /* 1326 * SMB checks access on open and retains an access granted 1327 * mask for use while the file is open. ACL changes should 1328 * not affect access to an open file. 1329 * 1330 * If the setattr is being performed on an ofile: 1331 * - Check the ofile's access granted mask to see if the 1332 * setattr is permitted. 1333 * UID, GID - require WRITE_OWNER 1334 * SIZE, ALLOCSZ - require FILE_WRITE_DATA 1335 * all other attributes require FILE_WRITE_ATTRIBUTES 1336 * 1337 * - If the file system does access checking, set the 1338 * ATTR_NOACLCHECK flag to ensure that the file system 1339 * does not check permissions on subsequent calls. 1340 */ 1341 if (sr && sr->fid_ofile) { 1342 sa_mask = set_attr->sa_mask; 1343 access = 0; 1344 1345 if (sa_mask & (SMB_AT_SIZE | SMB_AT_ALLOCSZ)) { 1346 access |= FILE_WRITE_DATA; 1347 sa_mask &= ~(SMB_AT_SIZE | SMB_AT_ALLOCSZ); 1348 } 1349 1350 if (sa_mask & (SMB_AT_UID|SMB_AT_GID)) { 1351 access |= WRITE_OWNER; 1352 sa_mask &= ~(SMB_AT_UID|SMB_AT_GID); 1353 } 1354 1355 if (sa_mask) 1356 access |= FILE_WRITE_ATTRIBUTES; 1357 1358 status = smb_ofile_access(sr->fid_ofile, cr, access); 1359 if (status != NT_STATUS_SUCCESS) 1360 return (EACCES); 1361 1362 if (smb_tree_has_feature(sr->tid_tree, 1363 SMB_TREE_ACEMASKONACCESS)) 1364 flags = ATTR_NOACLCHECK; 1365 } 1366 1367 unnamed_node = SMB_IS_STREAM(snode); 1368 1369 if (unnamed_node) { 1370 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1371 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1372 unnamed_vp = unnamed_node->vp; 1373 } 1374 1375 rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr); 1376 return (rc); 1377 } 1378 1379 /* 1380 * Support for SMB2 setinfo FileValidDataLengthInformation. 1381 * Free (zero out) data in the range off, off+len 1382 */ 1383 int 1384 smb_fsop_freesp( 1385 smb_request_t *sr, 1386 cred_t *cr, 1387 smb_ofile_t *ofile, 1388 off64_t off, 1389 off64_t len) 1390 { 1391 flock64_t flk; 1392 smb_node_t *node = ofile->f_node; 1393 uint32_t status; 1394 uint32_t access = FILE_WRITE_DATA; 1395 int rc; 1396 1397 ASSERT(cr); 1398 ASSERT(node); 1399 ASSERT(node->n_magic == SMB_NODE_MAGIC); 1400 ASSERT(node->n_state != SMB_NODE_STATE_DESTROYING); 1401 1402 if (SMB_TREE_CONTAINS_NODE(sr, node) == 0) 1403 return (EACCES); 1404 1405 if (SMB_TREE_IS_READONLY(sr)) 1406 return (EROFS); 1407 1408 if (SMB_TREE_HAS_ACCESS(sr, access) == 0) 1409 return (EACCES); 1410 1411 /* 1412 * SMB checks access on open and retains an access granted 1413 * mask for use while the file is open. ACL changes should 1414 * not affect access to an open file. 1415 * 1416 * If the setattr is being performed on an ofile: 1417 * - Check the ofile's access granted mask to see if this 1418 * modification should be permitted (FILE_WRITE_DATA) 1419 */ 1420 status = smb_ofile_access(sr->fid_ofile, cr, access); 1421 if (status != NT_STATUS_SUCCESS) 1422 return (EACCES); 1423 1424 bzero(&flk, sizeof (flk)); 1425 flk.l_start = off; 1426 flk.l_len = len; 1427 1428 rc = smb_vop_space(node->vp, F_FREESP, &flk, FWRITE, 0LL, cr); 1429 return (rc); 1430 } 1431 1432 /* 1433 * smb_fsop_read 1434 * 1435 * All SMB functions should use this wrapper to ensure that 1436 * the the calls are performed with the appropriate credentials. 1437 * Please document any direct call to explain the reason 1438 * for avoiding this wrapper. 1439 * 1440 * It is assumed that a reference exists on snode coming into this routine. 1441 * Note that ofile may be different from sr->fid_ofile, or may be NULL. 1442 */ 1443 int 1444 smb_fsop_read(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1445 smb_ofile_t *ofile, uio_t *uio, int ioflag) 1446 { 1447 caller_context_t ct; 1448 cred_t *kcr = zone_kcred(); 1449 uint32_t amask; 1450 int svmand; 1451 int rc; 1452 1453 ASSERT(cr); 1454 ASSERT(snode); 1455 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1456 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1457 1458 ASSERT(sr); 1459 1460 if (ofile != NULL) { 1461 /* 1462 * Check tree access. Not SMB_TREE_HAS_ACCESS 1463 * because we need to use ofile->f_tree 1464 */ 1465 if ((ofile->f_tree->t_access & ACE_READ_DATA) == 0) 1466 return (EACCES); 1467 1468 /* 1469 * Check ofile access. Use in-line smb_ofile_access 1470 * so we can check both amask bits at the same time. 1471 * If any bit in amask is granted, allow this read. 1472 */ 1473 amask = FILE_READ_DATA; 1474 if (sr->smb_flg2 & SMB_FLAGS2_READ_IF_EXECUTE) 1475 amask |= FILE_EXECUTE; 1476 if (cr != kcr && (ofile->f_granted_access & amask) == 0) 1477 return (EACCES); 1478 } 1479 1480 /* 1481 * Streams permission are checked against the unnamed stream, 1482 * but in FS level they have their own permissions. To avoid 1483 * rejection by FS due to lack of permission on the actual 1484 * extended attr kcred is passed for streams. 1485 */ 1486 if (SMB_IS_STREAM(snode)) 1487 cr = kcr; 1488 1489 smb_node_start_crit(snode, RW_READER); 1490 rc = nbl_svmand(snode->vp, kcr, &svmand); 1491 if (rc) { 1492 smb_node_end_crit(snode); 1493 return (rc); 1494 } 1495 1496 /* 1497 * Note: SMB allows a zero-byte read, which should not 1498 * conflict with any locks. However nbl_lock_conflict 1499 * takes a zero-byte length as lock to EOF, so we must 1500 * special case that here. 1501 */ 1502 if (uio->uio_resid > 0) { 1503 ct = smb_ct; 1504 if (ofile != NULL) 1505 ct.cc_pid = ofile->f_uniqid; 1506 rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset, 1507 uio->uio_resid, svmand, &ct); 1508 if (rc != 0) { 1509 smb_node_end_crit(snode); 1510 return (ERANGE); 1511 } 1512 } 1513 1514 rc = smb_vop_read(snode->vp, uio, ioflag, cr); 1515 smb_node_end_crit(snode); 1516 1517 return (rc); 1518 } 1519 1520 /* 1521 * smb_fsop_write 1522 * 1523 * It is assumed that a reference exists on snode coming into this routine. 1524 * Note that ofile may be different from sr->fid_ofile, or may be NULL. 1525 */ 1526 int 1527 smb_fsop_write( 1528 smb_request_t *sr, 1529 cred_t *cr, 1530 smb_node_t *snode, 1531 smb_ofile_t *ofile, 1532 uio_t *uio, 1533 uint32_t *lcount, 1534 int ioflag) 1535 { 1536 caller_context_t ct; 1537 smb_attr_t attr; 1538 cred_t *kcr = zone_kcred(); 1539 smb_node_t *u_node; 1540 vnode_t *u_vp = NULL; 1541 vnode_t *vp; 1542 uint32_t amask; 1543 int svmand; 1544 int rc; 1545 1546 ASSERT(cr); 1547 ASSERT(snode); 1548 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1549 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1550 1551 ASSERT(sr); 1552 vp = snode->vp; 1553 1554 if (ofile != NULL) { 1555 amask = FILE_WRITE_DATA | FILE_APPEND_DATA; 1556 1557 /* Check tree access. */ 1558 if ((ofile->f_tree->t_access & amask) == 0) 1559 return (EROFS); 1560 1561 /* 1562 * Check ofile access. Use in-line smb_ofile_access 1563 * so we can check both amask bits at the same time. 1564 * If any bit in amask is granted, allow this write. 1565 */ 1566 if (cr != kcr && (ofile->f_granted_access & amask) == 0) 1567 return (EACCES); 1568 } 1569 1570 /* 1571 * Streams permission are checked against the unnamed stream, 1572 * but in FS level they have their own permissions. To avoid 1573 * rejection by FS due to lack of permission on the actual 1574 * extended attr kcred is passed for streams. 1575 */ 1576 u_node = SMB_IS_STREAM(snode); 1577 if (u_node != NULL) { 1578 ASSERT(u_node->n_magic == SMB_NODE_MAGIC); 1579 ASSERT(u_node->n_state != SMB_NODE_STATE_DESTROYING); 1580 u_vp = u_node->vp; 1581 cr = kcr; 1582 } 1583 1584 smb_node_start_crit(snode, RW_READER); 1585 rc = nbl_svmand(vp, kcr, &svmand); 1586 if (rc) { 1587 smb_node_end_crit(snode); 1588 return (rc); 1589 } 1590 1591 /* 1592 * Note: SMB allows a zero-byte write, which should not 1593 * conflict with any locks. However nbl_lock_conflict 1594 * takes a zero-byte length as lock to EOF, so we must 1595 * special case that here. 1596 */ 1597 if (uio->uio_resid > 0) { 1598 ct = smb_ct; 1599 if (ofile != NULL) 1600 ct.cc_pid = ofile->f_uniqid; 1601 rc = nbl_lock_conflict(vp, NBL_WRITE, uio->uio_loffset, 1602 uio->uio_resid, svmand, &ct); 1603 if (rc != 0) { 1604 smb_node_end_crit(snode); 1605 return (ERANGE); 1606 } 1607 } 1608 1609 rc = smb_vop_write(vp, uio, ioflag, lcount, cr); 1610 1611 /* 1612 * Once the mtime has been set via this ofile, the 1613 * automatic mtime changes from writes via this ofile 1614 * should cease, preserving the mtime that was set. 1615 * See: [MS-FSA] 2.1.5.14 and smb_node_setattr. 1616 * 1617 * The VFS interface does not offer a way to ask it to 1618 * skip the mtime updates, so we simulate the desired 1619 * behavior by re-setting the mtime after writes on a 1620 * handle where the mtime has been set. 1621 */ 1622 if (ofile != NULL && 1623 (ofile->f_pending_attr.sa_mask & SMB_AT_MTIME) != 0) { 1624 bcopy(&ofile->f_pending_attr, &attr, sizeof (attr)); 1625 attr.sa_mask = SMB_AT_MTIME; 1626 (void) smb_vop_setattr(vp, u_vp, &attr, 0, kcr); 1627 } 1628 1629 smb_node_end_crit(snode); 1630 1631 return (rc); 1632 } 1633 1634 /* 1635 * Find the next allocated range starting at or after 1636 * the offset (*datap), returning the start/end of 1637 * that range in (*datap, *holep) 1638 */ 1639 int 1640 smb_fsop_next_alloc_range( 1641 cred_t *cr, 1642 smb_node_t *node, 1643 off64_t *datap, 1644 off64_t *holep) 1645 { 1646 int err; 1647 1648 err = smb_vop_ioctl(node->vp, _FIO_SEEK_DATA, datap, cr); 1649 if (err != 0) 1650 return (err); 1651 1652 *holep = *datap; 1653 err = smb_vop_ioctl(node->vp, _FIO_SEEK_HOLE, holep, cr); 1654 1655 return (err); 1656 } 1657 1658 /* 1659 * smb_fsop_statfs 1660 * 1661 * This is a wrapper function used for stat operations. 1662 */ 1663 int 1664 smb_fsop_statfs( 1665 cred_t *cr, 1666 smb_node_t *snode, 1667 struct statvfs64 *statp) 1668 { 1669 ASSERT(cr); 1670 ASSERT(snode); 1671 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1672 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1673 1674 return (smb_vop_statfs(snode->vp, statp, cr)); 1675 } 1676 1677 /* 1678 * smb_fsop_access 1679 * 1680 * Named streams do not have separate permissions from the associated 1681 * unnamed stream. Thus, if node is a named stream, the permissions 1682 * check will be performed on the associated unnamed stream. 1683 * 1684 * However, our named streams do have their own quarantine attribute, 1685 * separate from that on the unnamed stream. If READ or EXECUTE 1686 * access has been requested on a named stream, an additional access 1687 * check is performed on the named stream in case it has been 1688 * quarantined. kcred is used to avoid issues with the permissions 1689 * set on the extended attribute file representing the named stream. 1690 * 1691 * Note that some stream "types" are "restricted" and only 1692 * internal callers (cr == kcred) can access those. 1693 */ 1694 int 1695 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1696 uint32_t faccess) 1697 { 1698 int access = 0; 1699 int error; 1700 vnode_t *dir_vp; 1701 boolean_t acl_check = B_TRUE; 1702 smb_node_t *unnamed_node; 1703 1704 ASSERT(sr); 1705 ASSERT(cr); 1706 ASSERT(snode); 1707 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1708 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1709 1710 if (SMB_TREE_IS_READONLY(sr)) { 1711 if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA| 1712 FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES| 1713 DELETE|WRITE_DAC|WRITE_OWNER)) { 1714 return (NT_STATUS_ACCESS_DENIED); 1715 } 1716 } 1717 1718 if (smb_node_is_reparse(snode) && (faccess & DELETE)) 1719 return (NT_STATUS_ACCESS_DENIED); 1720 1721 unnamed_node = SMB_IS_STREAM(snode); 1722 if (unnamed_node) { 1723 cred_t *kcr = zone_kcred(); 1724 1725 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1726 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1727 1728 if (cr != kcr && smb_strname_restricted(snode->od_name)) 1729 return (NT_STATUS_ACCESS_DENIED); 1730 1731 /* 1732 * Perform VREAD access check on the named stream in case it 1733 * is quarantined. kcred is passed to smb_vop_access so it 1734 * doesn't fail due to lack of permission. 1735 */ 1736 if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) { 1737 error = smb_vop_access(snode->vp, VREAD, 1738 0, NULL, kcr); 1739 if (error) 1740 return (NT_STATUS_ACCESS_DENIED); 1741 } 1742 1743 /* 1744 * Streams authorization should be performed against the 1745 * unnamed stream. 1746 */ 1747 snode = unnamed_node; 1748 } 1749 1750 if (faccess & ACCESS_SYSTEM_SECURITY) { 1751 /* 1752 * This permission is required for reading/writing SACL and 1753 * it's not part of DACL. It's only granted via proper 1754 * privileges. 1755 */ 1756 if (!smb_user_has_security_priv(sr->uid_user, cr)) 1757 return (NT_STATUS_PRIVILEGE_NOT_HELD); 1758 1759 faccess &= ~ACCESS_SYSTEM_SECURITY; 1760 } 1761 1762 /* Links don't have ACL */ 1763 if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) || 1764 smb_node_is_symlink(snode)) 1765 acl_check = B_FALSE; 1766 1767 /* Deny access based on the share access mask */ 1768 1769 if ((faccess & ~sr->tid_tree->t_access) != 0) 1770 return (NT_STATUS_ACCESS_DENIED); 1771 1772 if (acl_check) { 1773 dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL; 1774 error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp, 1775 cr); 1776 } else { 1777 /* 1778 * FS doesn't understand 32-bit mask, need to map 1779 */ 1780 if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA)) 1781 access |= VWRITE; 1782 1783 if (faccess & FILE_READ_DATA) 1784 access |= VREAD; 1785 1786 if (faccess & FILE_EXECUTE) 1787 access |= VEXEC; 1788 1789 error = smb_vop_access(snode->vp, access, 0, NULL, cr); 1790 } 1791 1792 return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS); 1793 } 1794 1795 /* 1796 * smb_fsop_lookup_name() 1797 * 1798 * Lookup both the file and stream specified in 'name'. 1799 * If name indicates that the file is a stream file, perform 1800 * stream specific lookup, otherwise call smb_fsop_lookup. 1801 * 1802 * On success, returns the found node in *ret_snode. This will be either a named 1803 * or unnamed stream node, depending on the name specified. 1804 * 1805 * Return an error if the looked-up file is in outside the tree. 1806 * (Required when invoked from open path.) 1807 * 1808 * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE): 1809 * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set 1810 * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE 1811 * flag is set in the flags value passed as a parameter, a case insensitive 1812 * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set 1813 * or not). 1814 */ 1815 1816 int 1817 smb_fsop_lookup_name( 1818 smb_request_t *sr, 1819 cred_t *cr, 1820 int flags, 1821 smb_node_t *root_node, 1822 smb_node_t *dnode, 1823 char *name, 1824 smb_node_t **ret_snode) 1825 { 1826 char *sname = NULL; 1827 int rc; 1828 smb_node_t *tmp_node; 1829 1830 ASSERT(ret_snode != NULL); 1831 1832 rc = smb_fsop_lookup_file(sr, cr, flags, root_node, dnode, name, 1833 &sname, ret_snode); 1834 1835 if (rc != 0 || sname == NULL) 1836 return (rc); 1837 1838 tmp_node = *ret_snode; 1839 rc = smb_fsop_lookup_stream(sr, cr, flags, root_node, tmp_node, sname, 1840 ret_snode); 1841 kmem_free(sname, MAXNAMELEN); 1842 smb_node_release(tmp_node); 1843 1844 return (rc); 1845 } 1846 1847 /* 1848 * smb_fsop_lookup_file() 1849 * 1850 * Look up of the file portion of 'name'. If a Stream is specified, 1851 * return the stream name in 'sname', which this allocates. 1852 * The caller must free 'sname'. 1853 * 1854 * Return an error if the looked-up file is outside the tree. 1855 * (Required when invoked from open path.) 1856 * 1857 * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE): 1858 * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set 1859 * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE 1860 * flag is set in the flags value passed as a parameter, a case insensitive 1861 * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set 1862 * or not). 1863 */ 1864 1865 int 1866 smb_fsop_lookup_file( 1867 smb_request_t *sr, 1868 cred_t *cr, 1869 int flags, 1870 smb_node_t *root_node, 1871 smb_node_t *dnode, 1872 char *name, 1873 char **sname, 1874 smb_node_t **ret_snode) 1875 { 1876 char *fname; 1877 int rc; 1878 1879 ASSERT(cr); 1880 ASSERT(dnode); 1881 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 1882 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 1883 ASSERT(ret_snode != NULL); 1884 1885 /* 1886 * The following check is required for streams processing, below 1887 */ 1888 1889 if (!(flags & SMB_CASE_SENSITIVE)) { 1890 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1891 flags |= SMB_IGNORE_CASE; 1892 } 1893 1894 *sname = NULL; 1895 if (smb_is_stream_name(name)) { 1896 *sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1897 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1898 smb_stream_parse_name(name, fname, *sname); 1899 1900 /* 1901 * Look up the unnamed stream (i.e. fname). 1902 * Unmangle processing will be done on fname 1903 * as well as any link target. 1904 */ 1905 rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, 1906 fname, ret_snode); 1907 kmem_free(fname, MAXNAMELEN); 1908 } else { 1909 rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, name, 1910 ret_snode); 1911 } 1912 1913 if (rc == 0) { 1914 ASSERT(ret_snode); 1915 if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) { 1916 smb_node_release(*ret_snode); 1917 *ret_snode = NULL; 1918 rc = EACCES; 1919 } 1920 } 1921 1922 if (rc != 0 && *sname != NULL) { 1923 kmem_free(*sname, MAXNAMELEN); 1924 *sname = NULL; 1925 } 1926 return (rc); 1927 } 1928 1929 /* 1930 * smb_fsop_lookup_stream 1931 * 1932 * The file exists, see if the stream exists. 1933 */ 1934 int 1935 smb_fsop_lookup_stream( 1936 smb_request_t *sr, 1937 cred_t *cr, 1938 int flags, 1939 smb_node_t *root_node, 1940 smb_node_t *fnode, 1941 char *sname, 1942 smb_node_t **ret_snode) 1943 { 1944 char *od_name; 1945 vnode_t *xattrdirvp; 1946 vnode_t *vp; 1947 int rc; 1948 1949 /* 1950 * The following check is required for streams processing, below 1951 */ 1952 1953 if (!(flags & SMB_CASE_SENSITIVE)) { 1954 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1955 flags |= SMB_IGNORE_CASE; 1956 } 1957 1958 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1959 1960 /* 1961 * od_name is the on-disk name of the stream, except 1962 * without the prepended stream prefix (SMB_STREAM_PREFIX) 1963 */ 1964 1965 rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name, 1966 &xattrdirvp, flags, root_node->vp, cr); 1967 1968 if (rc != 0) { 1969 kmem_free(od_name, MAXNAMELEN); 1970 return (rc); 1971 } 1972 1973 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1974 vp, od_name); 1975 1976 kmem_free(od_name, MAXNAMELEN); 1977 VN_RELE(xattrdirvp); 1978 VN_RELE(vp); 1979 1980 if (*ret_snode == NULL) 1981 return (ENOMEM); 1982 1983 return (rc); 1984 } 1985 1986 /* 1987 * smb_fsop_lookup 1988 * 1989 * All SMB functions should use this smb_vop_lookup wrapper to ensure that 1990 * the smb_vop_lookup is performed with the appropriate credentials and using 1991 * case insensitive compares. Please document any direct call to smb_vop_lookup 1992 * to explain the reason for avoiding this wrapper. 1993 * 1994 * It is assumed that a reference exists on dnode coming into this routine 1995 * (and that it is safe from deallocation). 1996 * 1997 * Same with the root_node. 1998 * 1999 * *ret_snode is returned with a reference upon success. No reference is 2000 * taken if an error is returned. 2001 * 2002 * Note: The returned ret_snode may be in a child mount. This is ok for 2003 * readdir. 2004 * 2005 * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent 2006 * operations on files not in the parent mount. 2007 * 2008 * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE): 2009 * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set 2010 * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE 2011 * flag is set in the flags value passed as a parameter, a case insensitive 2012 * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set 2013 * or not). 2014 */ 2015 int 2016 smb_fsop_lookup( 2017 smb_request_t *sr, 2018 cred_t *cr, 2019 int flags, 2020 smb_node_t *root_node, 2021 smb_node_t *dnode, 2022 char *name, 2023 smb_node_t **ret_snode) 2024 { 2025 smb_node_t *lnk_target_node; 2026 smb_node_t *lnk_dnode; 2027 char *longname; 2028 char *od_name; 2029 vnode_t *vp; 2030 int rc; 2031 int ret_flags; 2032 smb_attr_t attr; 2033 2034 ASSERT(cr); 2035 ASSERT(dnode); 2036 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 2037 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 2038 2039 if (name == NULL) 2040 return (EINVAL); 2041 2042 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 2043 return (EACCES); 2044 2045 if (!(flags & SMB_CASE_SENSITIVE)) { 2046 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 2047 flags |= SMB_IGNORE_CASE; 2048 } 2049 if (SMB_TREE_SUPPORTS_CATIA(sr)) 2050 flags |= SMB_CATIA; 2051 if (SMB_TREE_SUPPORTS_ABE(sr)) 2052 flags |= SMB_ABE; 2053 2054 /* 2055 * Can have "" or "." when opening named streams on a directory. 2056 */ 2057 if (name[0] == '\0' || (name[0] == '.' && name[1] == '\0')) { 2058 smb_node_ref(dnode); 2059 *ret_snode = dnode; 2060 return (0); 2061 } 2062 2063 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 2064 2065 rc = smb_vop_lookup(dnode->vp, name, &vp, od_name, flags, 2066 &ret_flags, root_node ? root_node->vp : NULL, &attr, cr); 2067 2068 if (rc != 0) { 2069 if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) || 2070 !smb_maybe_mangled(name)) { 2071 kmem_free(od_name, MAXNAMELEN); 2072 return (rc); 2073 } 2074 2075 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 2076 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags); 2077 if (rc != 0) { 2078 kmem_free(od_name, MAXNAMELEN); 2079 kmem_free(longname, MAXNAMELEN); 2080 return (rc); 2081 } 2082 2083 /* 2084 * longname is the real (case-sensitive) 2085 * on-disk name. 2086 * We make sure we do a lookup on this exact 2087 * name, as the name was mangled and denotes 2088 * a unique file. 2089 */ 2090 2091 if (flags & SMB_IGNORE_CASE) 2092 flags &= ~SMB_IGNORE_CASE; 2093 2094 rc = smb_vop_lookup(dnode->vp, longname, &vp, od_name, 2095 flags, &ret_flags, root_node ? root_node->vp : NULL, &attr, 2096 cr); 2097 2098 kmem_free(longname, MAXNAMELEN); 2099 2100 if (rc != 0) { 2101 kmem_free(od_name, MAXNAMELEN); 2102 return (rc); 2103 } 2104 } 2105 2106 if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK) && 2107 ((attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) == 0)) { 2108 rc = smb_pathname(sr, od_name, FOLLOW, root_node, dnode, 2109 &lnk_dnode, &lnk_target_node, cr, NULL); 2110 2111 if (rc != 0) { 2112 /* 2113 * The link is assumed to be for the last component 2114 * of a path. Hence any ENOTDIR error will be returned 2115 * as ENOENT. 2116 */ 2117 if (rc == ENOTDIR) 2118 rc = ENOENT; 2119 2120 VN_RELE(vp); 2121 kmem_free(od_name, MAXNAMELEN); 2122 return (rc); 2123 } 2124 2125 /* 2126 * Release the original VLNK vnode 2127 */ 2128 2129 VN_RELE(vp); 2130 vp = lnk_target_node->vp; 2131 2132 rc = smb_vop_traverse_check(&vp); 2133 2134 if (rc != 0) { 2135 smb_node_release(lnk_dnode); 2136 smb_node_release(lnk_target_node); 2137 kmem_free(od_name, MAXNAMELEN); 2138 return (rc); 2139 } 2140 2141 /* 2142 * smb_vop_traverse_check() may have returned a different vnode 2143 */ 2144 2145 if (lnk_target_node->vp == vp) { 2146 *ret_snode = lnk_target_node; 2147 } else { 2148 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, 2149 lnk_target_node->od_name, lnk_dnode, NULL); 2150 VN_RELE(vp); 2151 2152 if (*ret_snode == NULL) 2153 rc = ENOMEM; 2154 smb_node_release(lnk_target_node); 2155 } 2156 2157 smb_node_release(lnk_dnode); 2158 2159 } else { 2160 2161 rc = smb_vop_traverse_check(&vp); 2162 if (rc) { 2163 VN_RELE(vp); 2164 kmem_free(od_name, MAXNAMELEN); 2165 return (rc); 2166 } 2167 2168 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name, 2169 dnode, NULL); 2170 VN_RELE(vp); 2171 2172 if (*ret_snode == NULL) 2173 rc = ENOMEM; 2174 } 2175 2176 kmem_free(od_name, MAXNAMELEN); 2177 return (rc); 2178 } 2179 2180 int /*ARGSUSED*/ 2181 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode) 2182 { 2183 ASSERT(cr); 2184 ASSERT(snode); 2185 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2186 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2187 2188 ASSERT(sr); 2189 ASSERT(sr->tid_tree); 2190 if (SMB_TREE_IS_READONLY(sr)) 2191 return (EROFS); 2192 2193 return (smb_vop_commit(snode->vp, cr)); 2194 } 2195 2196 /* 2197 * smb_fsop_aclread 2198 * 2199 * Retrieve filesystem ACL. Depends on requested ACLs in 2200 * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in 2201 * fs_sd. Note that requesting a DACL/SACL doesn't mean that 2202 * the corresponding field in fs_sd should be non-NULL upon 2203 * return, since the target ACL might not contain that type of 2204 * entries. 2205 * 2206 * Returned ACL is always in ACE_T (aka ZFS) format. 2207 * If successful the allocated memory for the ACL should be freed 2208 * using smb_fsacl_free() or smb_fssd_term() 2209 */ 2210 int 2211 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2212 smb_fssd_t *fs_sd) 2213 { 2214 int error = 0; 2215 int flags = 0; 2216 int access = 0; 2217 acl_t *acl; 2218 2219 ASSERT(cr); 2220 2221 /* Can't query security on named streams */ 2222 if (SMB_IS_STREAM(snode) != NULL) 2223 return (EINVAL); 2224 2225 if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_ACL) == 0) 2226 return (EACCES); 2227 2228 if (sr->fid_ofile) { 2229 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2230 access = READ_CONTROL; 2231 2232 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2233 access |= ACCESS_SYSTEM_SECURITY; 2234 2235 error = smb_ofile_access(sr->fid_ofile, cr, access); 2236 if (error != NT_STATUS_SUCCESS) { 2237 return (EACCES); 2238 } 2239 } 2240 2241 2242 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) 2243 flags = ATTR_NOACLCHECK; 2244 2245 error = smb_vop_acl_read(snode->vp, &acl, flags, 2246 sr->tid_tree->t_acltype, cr); 2247 if (error != 0) { 2248 return (error); 2249 } 2250 2251 error = acl_translate(acl, _ACL_ACE_ENABLED, 2252 smb_node_is_dir(snode), fs_sd->sd_uid, fs_sd->sd_gid); 2253 2254 if (error == 0) { 2255 smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl, 2256 fs_sd->sd_secinfo); 2257 } 2258 2259 acl_free(acl); 2260 return (error); 2261 } 2262 2263 /* 2264 * smb_fsop_aclwrite 2265 * 2266 * Stores the filesystem ACL provided in fs_sd->sd_acl. 2267 */ 2268 int 2269 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2270 smb_fssd_t *fs_sd) 2271 { 2272 int target_flavor; 2273 int error = 0; 2274 int flags = 0; 2275 int access = 0; 2276 acl_t *acl, *dacl, *sacl; 2277 2278 ASSERT(cr); 2279 2280 ASSERT(sr); 2281 ASSERT(sr->tid_tree); 2282 if (SMB_TREE_IS_READONLY(sr)) 2283 return (EROFS); 2284 2285 /* Can't set security on named streams */ 2286 if (SMB_IS_STREAM(snode) != NULL) 2287 return (EINVAL); 2288 2289 if (SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_ACL) == 0) 2290 return (EACCES); 2291 2292 if (sr->fid_ofile) { 2293 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2294 access = WRITE_DAC; 2295 2296 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2297 access |= ACCESS_SYSTEM_SECURITY; 2298 2299 error = smb_ofile_access(sr->fid_ofile, cr, access); 2300 if (error != NT_STATUS_SUCCESS) 2301 return (EACCES); 2302 } 2303 2304 switch (sr->tid_tree->t_acltype) { 2305 case ACLENT_T: 2306 target_flavor = _ACL_ACLENT_ENABLED; 2307 break; 2308 2309 case ACE_T: 2310 target_flavor = _ACL_ACE_ENABLED; 2311 break; 2312 default: 2313 return (EINVAL); 2314 } 2315 2316 dacl = fs_sd->sd_zdacl; 2317 sacl = fs_sd->sd_zsacl; 2318 2319 ASSERT(dacl || sacl); 2320 if ((dacl == NULL) && (sacl == NULL)) 2321 return (EINVAL); 2322 2323 if (dacl && sacl) 2324 acl = smb_fsacl_merge(dacl, sacl); 2325 else if (dacl) 2326 acl = dacl; 2327 else 2328 acl = sacl; 2329 2330 error = acl_translate(acl, target_flavor, smb_node_is_dir(snode), 2331 fs_sd->sd_uid, fs_sd->sd_gid); 2332 if (error == 0) { 2333 if (smb_tree_has_feature(sr->tid_tree, 2334 SMB_TREE_ACEMASKONACCESS)) 2335 flags = ATTR_NOACLCHECK; 2336 2337 error = smb_vop_acl_write(snode->vp, acl, flags, cr); 2338 } 2339 2340 if (dacl && sacl) 2341 acl_free(acl); 2342 2343 return (error); 2344 } 2345 2346 acl_type_t 2347 smb_fsop_acltype(smb_node_t *snode) 2348 { 2349 return (smb_vop_acl_type(snode->vp)); 2350 } 2351 2352 /* 2353 * smb_fsop_sdread 2354 * 2355 * Read the requested security descriptor items from filesystem. 2356 * The items are specified in fs_sd->sd_secinfo. 2357 */ 2358 int 2359 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2360 smb_fssd_t *fs_sd) 2361 { 2362 int error = 0; 2363 int getowner = 0; 2364 cred_t *ga_cred; 2365 smb_attr_t attr; 2366 2367 ASSERT(cr); 2368 ASSERT(fs_sd); 2369 2370 /* Can't query security on named streams */ 2371 if (SMB_IS_STREAM(snode) != NULL) 2372 return (EINVAL); 2373 2374 /* 2375 * File's uid/gid is fetched in two cases: 2376 * 2377 * 1. it's explicitly requested 2378 * 2379 * 2. target ACL is ACE_T (ZFS ACL). They're needed for 2380 * owner@/group@ entries. In this case kcred should be used 2381 * because uid/gid are fetched on behalf of smb server. 2382 */ 2383 if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) { 2384 getowner = 1; 2385 ga_cred = cr; 2386 } else if (sr->tid_tree->t_acltype == ACE_T) { 2387 getowner = 1; 2388 ga_cred = zone_kcred(); 2389 } 2390 2391 if (getowner) { 2392 /* 2393 * Windows require READ_CONTROL to read owner/group SID since 2394 * they're part of Security Descriptor. 2395 * ZFS only requires read_attribute. Need to have a explicit 2396 * access check here. 2397 */ 2398 if (sr->fid_ofile == NULL) { 2399 error = smb_fsop_access(sr, ga_cred, snode, 2400 READ_CONTROL); 2401 if (error) 2402 return (EACCES); 2403 } 2404 2405 attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2406 error = smb_fsop_getattr(sr, ga_cred, snode, &attr); 2407 if (error == 0) { 2408 fs_sd->sd_uid = attr.sa_vattr.va_uid; 2409 fs_sd->sd_gid = attr.sa_vattr.va_gid; 2410 } else { 2411 return (error); 2412 } 2413 } 2414 2415 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2416 error = smb_fsop_aclread(sr, cr, snode, fs_sd); 2417 } 2418 2419 return (error); 2420 } 2421 2422 /* 2423 * smb_fsop_sdmerge 2424 * 2425 * From SMB point of view DACL and SACL are two separate list 2426 * which can be manipulated independently without one affecting 2427 * the other, but entries for both DACL and SACL will end up 2428 * in the same ACL if target filesystem supports ACE_T ACLs. 2429 * 2430 * So, if either DACL or SACL is present in the client set request 2431 * the entries corresponding to the non-present ACL shouldn't 2432 * be touched in the FS ACL. 2433 * 2434 * fs_sd parameter contains DACL and SACL specified by SMB 2435 * client to be set on a file/directory. The client could 2436 * specify both or one of these ACLs (if none is specified 2437 * we don't get this far). When both DACL and SACL are given 2438 * by client the existing ACL should be overwritten. If only 2439 * one of them is specified the entries corresponding to the other 2440 * ACL should not be touched. For example, if only DACL 2441 * is specified in input fs_sd, the function reads audit entries 2442 * of the existing ACL of the file and point fs_sd->sd_zsdacl 2443 * pointer to the fetched SACL, this way when smb_fsop_sdwrite() 2444 * function is called the passed fs_sd would point to the specified 2445 * DACL by client and fetched SACL from filesystem, so the file 2446 * will end up with correct ACL. 2447 */ 2448 static int 2449 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd) 2450 { 2451 smb_fssd_t cur_sd; 2452 cred_t *kcr = zone_kcred(); 2453 int error = 0; 2454 2455 if (sr->tid_tree->t_acltype != ACE_T) 2456 /* Don't bother if target FS doesn't support ACE_T */ 2457 return (0); 2458 2459 if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) { 2460 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 2461 /* 2462 * Don't overwrite existing audit entries 2463 */ 2464 smb_fssd_init(&cur_sd, SMB_SACL_SECINFO, 2465 fs_sd->sd_flags); 2466 2467 error = smb_fsop_sdread(sr, kcr, snode, &cur_sd); 2468 if (error == 0) { 2469 ASSERT(fs_sd->sd_zsacl == NULL); 2470 fs_sd->sd_zsacl = cur_sd.sd_zsacl; 2471 if (fs_sd->sd_zsacl && fs_sd->sd_zdacl) 2472 fs_sd->sd_zsacl->acl_flags = 2473 fs_sd->sd_zdacl->acl_flags; 2474 } 2475 } else { 2476 /* 2477 * Don't overwrite existing access entries 2478 */ 2479 smb_fssd_init(&cur_sd, SMB_DACL_SECINFO, 2480 fs_sd->sd_flags); 2481 2482 error = smb_fsop_sdread(sr, kcr, snode, &cur_sd); 2483 if (error == 0) { 2484 ASSERT(fs_sd->sd_zdacl == NULL); 2485 fs_sd->sd_zdacl = cur_sd.sd_zdacl; 2486 if (fs_sd->sd_zdacl && fs_sd->sd_zsacl) 2487 fs_sd->sd_zdacl->acl_flags = 2488 fs_sd->sd_zsacl->acl_flags; 2489 } 2490 } 2491 2492 if (error) 2493 smb_fssd_term(&cur_sd); 2494 } 2495 2496 return (error); 2497 } 2498 2499 /* 2500 * smb_fsop_sdwrite 2501 * 2502 * Stores the given uid, gid and acl in filesystem. 2503 * Provided items in fs_sd are specified by fs_sd->sd_secinfo. 2504 * 2505 * A SMB security descriptor could contain owner, primary group, 2506 * DACL and SACL. Setting an SD should be atomic but here it has to 2507 * be done via two separate FS operations: VOP_SETATTR and 2508 * VOP_SETSECATTR. Therefore, this function has to simulate the 2509 * atomicity as well as it can. 2510 * 2511 * Get the current uid, gid before setting the new uid/gid 2512 * so if smb_fsop_aclwrite fails they can be restored. root cred is 2513 * used to get currend uid/gid since this operation is performed on 2514 * behalf of the server not the user. 2515 * 2516 * If setting uid/gid fails with EPERM it means that and invalid 2517 * owner has been specified. Callers should translate this to 2518 * STATUS_INVALID_OWNER which is not the normal mapping for EPERM 2519 * in upper layers, so EPERM is mapped to EBADE. 2520 * 2521 * If 'overwrite' is non-zero, then the existing ACL is ignored. 2522 */ 2523 int 2524 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2525 smb_fssd_t *fs_sd, int overwrite) 2526 { 2527 smb_attr_t set_attr; 2528 smb_attr_t orig_attr; 2529 cred_t *kcr = zone_kcred(); 2530 int error = 0; 2531 int access = 0; 2532 2533 ASSERT(cr); 2534 ASSERT(fs_sd); 2535 2536 ASSERT(sr); 2537 ASSERT(sr->tid_tree); 2538 if (SMB_TREE_IS_READONLY(sr)) 2539 return (EROFS); 2540 2541 /* Can't set security on named streams */ 2542 if (SMB_IS_STREAM(snode) != NULL) 2543 return (EINVAL); 2544 2545 bzero(&set_attr, sizeof (smb_attr_t)); 2546 2547 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 2548 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 2549 set_attr.sa_mask |= SMB_AT_UID; 2550 access |= WRITE_OWNER; 2551 } 2552 2553 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 2554 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 2555 set_attr.sa_mask |= SMB_AT_GID; 2556 access |= WRITE_OWNER; 2557 } 2558 2559 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2560 access |= WRITE_DAC; 2561 2562 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2563 access |= ACCESS_SYSTEM_SECURITY; 2564 2565 if (sr->fid_ofile) 2566 error = smb_ofile_access(sr->fid_ofile, cr, access); 2567 else 2568 error = smb_fsop_access(sr, cr, snode, access); 2569 2570 if (error) 2571 return (EACCES); 2572 2573 if (set_attr.sa_mask) { 2574 orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2575 error = smb_fsop_getattr(sr, kcr, snode, &orig_attr); 2576 if (error == 0) { 2577 error = smb_fsop_setattr(sr, cr, snode, &set_attr); 2578 if (error == EPERM) 2579 error = EBADE; 2580 } 2581 2582 if (error) 2583 return (error); 2584 } 2585 2586 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2587 if (overwrite == 0) 2588 error = smb_fsop_sdmerge(sr, snode, fs_sd); 2589 2590 if (error == 0) 2591 error = smb_fsop_aclwrite(sr, cr, snode, fs_sd); 2592 2593 if (error != 0) { 2594 /* 2595 * Revert uid/gid changes if required. 2596 */ 2597 if (set_attr.sa_mask) { 2598 orig_attr.sa_mask = set_attr.sa_mask; 2599 (void) smb_fsop_setattr(sr, kcr, snode, 2600 &orig_attr); 2601 } 2602 } 2603 } 2604 2605 return (error); 2606 } 2607 2608 #ifdef _KERNEL 2609 /* 2610 * smb_fsop_sdinherit 2611 * 2612 * Inherit the security descriptor from the parent container. 2613 * This function is called after FS has created the file/folder 2614 * so if this doesn't do anything it means FS inheritance is 2615 * in place. 2616 * 2617 * Do inheritance for ZFS internally. 2618 * 2619 * If we want to let ZFS does the inheritance the 2620 * following setting should be true: 2621 * 2622 * - aclinherit = passthrough 2623 * - aclmode = passthrough 2624 * - smbd umask = 0777 2625 * 2626 * This will result in right effective permissions but 2627 * ZFS will always add 6 ACEs for owner, owning group 2628 * and others to be POSIX compliant. This is not what 2629 * Windows clients/users expect, so we decided that CIFS 2630 * implements Windows rules and overwrite whatever ZFS 2631 * comes up with. This way we also don't have to care 2632 * about ZFS aclinherit and aclmode settings. 2633 */ 2634 static int 2635 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd) 2636 { 2637 acl_t *dacl = NULL; 2638 acl_t *sacl = NULL; 2639 int is_dir; 2640 int error; 2641 uint32_t secinfo; 2642 smb_fssd_t pfs_sd; 2643 2644 ASSERT(fs_sd); 2645 2646 secinfo = fs_sd->sd_secinfo; 2647 2648 /* Anything to do? */ 2649 if ((secinfo & SMB_ACL_SECINFO) == SMB_ACL_SECINFO) 2650 return (0); 2651 2652 /* 2653 * No forced inheritance for non-ZFS filesystems. 2654 */ 2655 if (sr->tid_tree->t_acltype != ACE_T) 2656 return (0); 2657 2658 smb_fssd_init(&pfs_sd, SMB_ACL_SECINFO, fs_sd->sd_flags); 2659 2660 /* Fetch parent directory's ACL */ 2661 error = smb_fsop_sdread(sr, zone_kcred(), dnode, &pfs_sd); 2662 if (error) { 2663 return (error); 2664 } 2665 2666 is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR); 2667 if ((secinfo & SMB_DACL_SECINFO) == 0) { 2668 dacl = smb_fsacl_inherit(pfs_sd.sd_zdacl, is_dir, 2669 SMB_DACL_SECINFO, sr->user_cr); 2670 fs_sd->sd_zdacl = dacl; 2671 } 2672 2673 if ((secinfo & SMB_SACL_SECINFO) == 0) { 2674 sacl = smb_fsacl_inherit(pfs_sd.sd_zsacl, is_dir, 2675 SMB_SACL_SECINFO, sr->user_cr); 2676 fs_sd->sd_zsacl = sacl; 2677 } 2678 2679 smb_fsacl_free(pfs_sd.sd_zdacl); 2680 smb_fsacl_free(pfs_sd.sd_zsacl); 2681 return (0); 2682 } 2683 #endif /* _KERNEL */ 2684 2685 /* 2686 * smb_fsop_eaccess 2687 * 2688 * Returns the effective permission of the given credential for the 2689 * specified object. 2690 * 2691 * This is just a workaround. We need VFS/FS support for this. 2692 */ 2693 void 2694 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2695 uint32_t *eaccess) 2696 { 2697 int access = 0; 2698 vnode_t *dir_vp; 2699 smb_node_t *unnamed_node; 2700 2701 ASSERT(cr); 2702 ASSERT(snode); 2703 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2704 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2705 2706 unnamed_node = SMB_IS_STREAM(snode); 2707 if (unnamed_node) { 2708 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2709 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2710 /* 2711 * Streams authorization should be performed against the 2712 * unnamed stream. 2713 */ 2714 snode = unnamed_node; 2715 } 2716 2717 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) { 2718 dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL; 2719 smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp, 2720 cr); 2721 return; 2722 } 2723 2724 /* 2725 * FS doesn't understand 32-bit mask 2726 */ 2727 smb_vop_eaccess(snode->vp, &access, 0, NULL, cr); 2728 access &= sr->tid_tree->t_access; 2729 2730 *eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES; 2731 2732 if (access & VREAD) 2733 *eaccess |= FILE_READ_DATA; 2734 2735 if (access & VEXEC) 2736 *eaccess |= FILE_EXECUTE; 2737 2738 if (access & VWRITE) 2739 *eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | 2740 FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD; 2741 2742 if (access & (VREAD | VWRITE)) 2743 *eaccess |= SYNCHRONIZE; 2744 2745 #ifdef _FAKE_KERNEL 2746 /* Should be: if (we are the owner)... */ 2747 if (access & VWRITE) 2748 *eaccess |= DELETE | WRITE_DAC | WRITE_OWNER; 2749 #endif 2750 } 2751 2752 /* 2753 * smb_fsop_shrlock 2754 * 2755 * For the current open request, check file sharing rules 2756 * against existing opens. 2757 * 2758 * Returns NT_STATUS_SHARING_VIOLATION if there is any 2759 * sharing conflict. Returns NT_STATUS_SUCCESS otherwise. 2760 * 2761 * Full system-wide share reservation synchronization is available 2762 * when the nbmand (non-blocking mandatory) mount option is set 2763 * (i.e. nbl_need_crit() is true) and nbmand critical regions are used. 2764 * This provides synchronization with NFS and local processes. The 2765 * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called 2766 * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well 2767 * as the CIFS rename and delete paths. 2768 * 2769 * The CIFS server will also enter the nbl critical region in the open, 2770 * rename, and delete paths when nbmand is not set. There is limited 2771 * coordination with local and VFS share reservations in this case. 2772 * Note that when the nbmand mount option is not set, the VFS layer 2773 * only processes advisory reservations and the delete mode is not checked. 2774 * 2775 * Whether or not the nbmand mount option is set, intra-CIFS share 2776 * checking is done in the open, delete, and rename paths using a CIFS 2777 * critical region (node->n_share_lock). 2778 */ 2779 uint32_t 2780 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid, 2781 uint32_t desired_access, uint32_t share_access) 2782 { 2783 int rc; 2784 2785 /* Allow access if the request is just for meta data */ 2786 if ((desired_access & FILE_DATA_ALL) == 0) 2787 return (NT_STATUS_SUCCESS); 2788 2789 rc = smb_node_open_check(node, desired_access, share_access); 2790 if (rc) 2791 return (NT_STATUS_SHARING_VIOLATION); 2792 2793 rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access, 2794 cr); 2795 if (rc) 2796 return (NT_STATUS_SHARING_VIOLATION); 2797 2798 return (NT_STATUS_SUCCESS); 2799 } 2800 2801 void 2802 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid) 2803 { 2804 (void) smb_vop_unshrlock(node->vp, uniq_fid, cr); 2805 } 2806 2807 int 2808 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock, 2809 cred_t *cr) 2810 { 2811 flock64_t bf; 2812 int flag = F_REMOTELOCK; 2813 2814 /* 2815 * VOP_FRLOCK() will not be called if: 2816 * 2817 * 1) The lock has a range of zero bytes. The semantics of Windows and 2818 * POSIX are different. In the case of POSIX it asks for the locking 2819 * of all the bytes from the offset provided until the end of the 2820 * file. In the case of Windows a range of zero locks nothing and 2821 * doesn't conflict with any other lock. 2822 * 2823 * 2) The lock rolls over (start + lenght < start). Solaris will assert 2824 * if such a request is submitted. This will not create 2825 * incompatibilities between POSIX and Windows. In the Windows world, 2826 * if a client submits such a lock, the server will not lock any 2827 * bytes. Interestingly if the same lock (same offset and length) is 2828 * resubmitted Windows will consider that there is an overlap and 2829 * the granting rules will then apply. 2830 * 2831 * 3) The SMB-level process IDs (smb_pid) are not passed down to the 2832 * POSIX level in l_pid because (a) the rules about lock PIDs are 2833 * different in SMB, and (b) we're putting our ofile f_uniqid in 2834 * the POSIX l_pid field to segregate locks per SMB ofile. 2835 * (We're also using a "remote" system ID in l_sysid.) 2836 * All SMB locking PIDs are handled at the SMB level and 2837 * not exposed in POSIX locking. 2838 */ 2839 if ((lock->l_length == 0) || 2840 ((lock->l_start + lock->l_length - 1) < lock->l_start)) 2841 return (0); 2842 2843 bzero(&bf, sizeof (bf)); 2844 2845 if (unlock) { 2846 bf.l_type = F_UNLCK; 2847 } else if (lock->l_type == SMB_LOCK_TYPE_READONLY) { 2848 bf.l_type = F_RDLCK; 2849 flag |= FREAD; 2850 } else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) { 2851 bf.l_type = F_WRLCK; 2852 flag |= FWRITE; 2853 } 2854 2855 bf.l_start = lock->l_start; 2856 bf.l_len = lock->l_length; 2857 bf.l_pid = lock->l_file->f_uniqid; 2858 bf.l_sysid = smb_ct.cc_sysid; 2859 2860 return (smb_vop_frlock(node->vp, cr, flag, &bf)); 2861 } 2862