xref: /titanic_41/usr/src/uts/common/fs/smbsrv/smb_delete.c (revision a922b1bdd4f9c287b5a8b60da4a5ffd623f99d26)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Copyright 2013 Nexenta Systems, Inc. All rights reserved.
25  */
26 
27 #include <smbsrv/smb_kproto.h>
28 #include <smbsrv/smb_fsops.h>
29 #include <smbsrv/smbinfo.h>
30 #include <sys/nbmlock.h>
31 
32 static int smb_delete_check_path(smb_request_t *);
33 static int smb_delete_single_file(smb_request_t *, smb_error_t *);
34 static int smb_delete_multiple_files(smb_request_t *, smb_error_t *);
35 static int smb_delete_find_fname(smb_request_t *, smb_odir_t *, char *, int);
36 static int smb_delete_check_dosattr(smb_request_t *, smb_error_t *);
37 static int smb_delete_remove_file(smb_request_t *, smb_error_t *);
38 
39 static void smb_delete_error(smb_error_t *, uint32_t, uint16_t, uint16_t);
40 
41 /*
42  * smb_com_delete
43  *
44  * The delete file message is sent to delete a data file. The appropriate
45  * Tid and additional pathname are passed. Read only files may not be
46  * deleted, the read-only attribute must be reset prior to file deletion.
47  *
48  * NT supports a hidden permission known as File Delete Child (FDC). If
49  * the user has FullControl access to a directory, the user is permitted
50  * to delete any object in the directory regardless of the permissions
51  * on the object.
52  *
53  * Client Request                     Description
54  * ================================== =================================
55  * UCHAR WordCount;                   Count of parameter words = 1
56  * USHORT SearchAttributes;
57  * USHORT ByteCount;                  Count of data bytes; min = 2
58  * UCHAR BufferFormat;                0x04
59  * STRING FileName[];                 File name
60  *
61  * Multiple files may be deleted in response to a single request as
62  * SMB_COM_DELETE supports wildcards
63  *
64  * SearchAttributes indicates the attributes that the target file(s) must
65  * have. If the attribute is zero then only normal files are deleted. If
66  * the system file or hidden attributes are specified then the delete is
67  * inclusive -both the specified type(s) of files and normal files are
68  * deleted. Attributes are described in the "Attribute Encoding" section
69  * of this document.
70  *
71  * If bit0 of the Flags2 field of the SMB header is set, a pattern is
72  * passed in, and the file has a long name, then the passed pattern  much
73  * match the long file name for the delete to succeed. If bit0 is clear, a
74  * pattern is passed in, and the file has a long name, then the passed
75  * pattern must match the file's short name for the deletion to succeed.
76  *
77  * Server Response                    Description
78  * ================================== =================================
79  * UCHAR WordCount;                   Count of parameter words = 0
80  * USHORT ByteCount;                  Count of data bytes = 0
81  *
82  * 4.2.10.1  Errors
83  *
84  * ERRDOS/ERRbadpath
85  * ERRDOS/ERRbadfile
86  * ERRDOS/ERRnoaccess
87  * ERRDOS/ERRbadshare	# returned by NT for files that are already open
88  * ERRHRD/ERRnowrite
89  * ERRSRV/ERRaccess
90  * ERRSRV/ERRinvdevice
91  * ERRSRV/ERRinvid
92  * ERRSRV/ERRbaduid
93  */
94 smb_sdrc_t
95 smb_pre_delete(smb_request_t *sr)
96 {
97 	int rc;
98 	smb_fqi_t *fqi;
99 
100 	fqi = &sr->arg.dirop.fqi;
101 
102 	if ((rc = smbsr_decode_vwv(sr, "w", &fqi->fq_sattr)) == 0)
103 		rc = smbsr_decode_data(sr, "%S", sr, &fqi->fq_path.pn_path);
104 
105 	DTRACE_SMB_2(op__Delete__start, smb_request_t *, sr, smb_fqi_t *, fqi);
106 
107 	return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR);
108 }
109 
110 void
111 smb_post_delete(smb_request_t *sr)
112 {
113 	DTRACE_SMB_1(op__Delete__done, smb_request_t *, sr);
114 }
115 
116 /*
117  * smb_com_delete
118  *
119  * 1. intialize, pre-process and validate pathname
120  *
121  * 2. process the path to get directory node & last_comp,
122  *    store these in fqi
123  *    - If smb_pathname_reduce cannot find the specified path,
124  *      the error (ENOTDIR) is translated to NT_STATUS_OBJECT_PATH_NOT_FOUND
125  *      if the target is a single file (no wildcards).  If there are
126  *      wildcards in the last_comp, NT_STATUS_OBJECT_NAME_NOT_FOUND is
127  *      used instead.
128  *    - If the directory node is the mount point and the last component
129  *      is ".." NT_STATUS_OBJECT_PATH_SYNTAX_BAD is returned.
130  *
131  * 3. check access permissions
132  *
133  * 4. invoke the appropriate deletion routine to find and remove
134  *    the specified file(s).
135  *    - if target is a single file (no wildcards) - smb_delete_single_file
136  *    - if the target contains wildcards - smb_delete_multiple_files
137  *
138  * Returns: SDRC_SUCCESS or SDRC_ERROR
139  */
140 smb_sdrc_t
141 smb_com_delete(smb_request_t *sr)
142 {
143 	int rc;
144 	smb_error_t err;
145 	uint32_t status;
146 	boolean_t wildcards = B_FALSE;
147 	smb_fqi_t *fqi;
148 	smb_pathname_t *pn;
149 
150 	fqi = &sr->arg.dirop.fqi;
151 	pn = &fqi->fq_path;
152 
153 	smb_pathname_init(sr, pn, pn->pn_path);
154 	if (!smb_pathname_validate(sr, pn))
155 		return (SDRC_ERROR);
156 	if (smb_delete_check_path(sr) != 0)
157 		return (SDRC_ERROR);
158 
159 	wildcards = smb_contains_wildcards(pn->pn_fname);
160 
161 	rc = smb_pathname_reduce(sr, sr->user_cr, fqi->fq_path.pn_path,
162 	    sr->tid_tree->t_snode, sr->tid_tree->t_snode,
163 	    &fqi->fq_dnode, fqi->fq_last_comp);
164 	if (rc == 0) {
165 		if (!smb_node_is_dir(fqi->fq_dnode)) {
166 			smb_node_release(fqi->fq_dnode);
167 			rc = ENOTDIR;
168 		}
169 	}
170 	if (rc != 0) {
171 		if (rc == ENOTDIR) {
172 			if (wildcards)
173 				status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
174 			else
175 				status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
176 			smbsr_error(sr, status, ERRDOS, ERROR_FILE_NOT_FOUND);
177 		} else {
178 			smbsr_errno(sr, rc);
179 		}
180 
181 		return (SDRC_ERROR);
182 	}
183 
184 	if ((fqi->fq_dnode == sr->tid_tree->t_snode) &&
185 	    (strcmp(fqi->fq_last_comp, "..") == 0)) {
186 		smb_node_release(fqi->fq_dnode);
187 		smbsr_error(sr, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
188 		    ERRDOS, ERROR_BAD_PATHNAME);
189 		return (SDRC_ERROR);
190 	}
191 
192 	rc = smb_fsop_access(sr, sr->user_cr, fqi->fq_dnode,
193 	    FILE_LIST_DIRECTORY);
194 	if (rc != 0) {
195 		smb_node_release(fqi->fq_dnode);
196 		smbsr_error(sr, NT_STATUS_ACCESS_DENIED,
197 		    ERRDOS, ERROR_ACCESS_DENIED);
198 		return (SDRC_ERROR);
199 	}
200 
201 	if (wildcards)
202 		rc = smb_delete_multiple_files(sr, &err);
203 	else
204 		rc = smb_delete_single_file(sr, &err);
205 
206 	smb_node_release(fqi->fq_dnode);
207 
208 	if (rc != 0)
209 		smbsr_set_error(sr, &err);
210 	else
211 		rc = smbsr_encode_empty_result(sr);
212 
213 	return (rc == 0 ? SDRC_SUCCESS : SDRC_ERROR);
214 }
215 
216 /*
217  * smb_delete_single_file
218  *
219  * Find the specified file and, if its attributes match the search
220  * criteria, delete it.
221  *
222  * Returns 0 - success (file deleted)
223  *        -1 - error, err is populated with error details
224  */
225 static int
226 smb_delete_single_file(smb_request_t *sr, smb_error_t *err)
227 {
228 	smb_fqi_t *fqi;
229 	smb_pathname_t *pn;
230 
231 	fqi = &sr->arg.dirop.fqi;
232 	pn = &fqi->fq_path;
233 
234 	/* pn already initialized and validated */
235 	if (!smb_validate_object_name(sr, pn)) {
236 		smb_delete_error(err, sr->smb_error.status,
237 		    ERRDOS, ERROR_INVALID_NAME);
238 		return (-1);
239 	}
240 
241 	if (smb_fsop_lookup_name(sr, sr->user_cr, 0, sr->tid_tree->t_snode,
242 	    fqi->fq_dnode, fqi->fq_last_comp, &fqi->fq_fnode) != 0) {
243 		smb_delete_error(err, NT_STATUS_OBJECT_NAME_NOT_FOUND,
244 		    ERRDOS, ERROR_FILE_NOT_FOUND);
245 		return (-1);
246 	}
247 
248 	if (smb_delete_check_dosattr(sr, err) != 0) {
249 		smb_node_release(fqi->fq_fnode);
250 		return (-1);
251 	}
252 
253 	if (smb_delete_remove_file(sr, err) != 0) {
254 		smb_node_release(fqi->fq_fnode);
255 		return (-1);
256 	}
257 
258 	smb_node_release(fqi->fq_fnode);
259 	return (0);
260 }
261 
262 /*
263  * smb_delete_multiple_files
264  *
265  * For each matching file found by smb_delete_find_fname:
266  * 1. lookup file
267  * 2. check the file's attributes
268  *    - The search ends with an error if a readonly file
269  *      (NT_STATUS_CANNOT_DELETE) is matched.
270  *    - The search ends (but not an error) if a directory is
271  *      matched and the request's search did not include
272  *      directories.
273  *    - Otherwise, if smb_delete_check_dosattr fails the file
274  *      is skipped and the search continues (at step 1)
275  * 3. delete the file
276  *
277  * Returns 0 - success
278  *        -1 - error, err is populated with error details
279  */
280 static int
281 smb_delete_multiple_files(smb_request_t *sr, smb_error_t *err)
282 {
283 	int rc, deleted = 0;
284 	smb_fqi_t *fqi;
285 	uint16_t odid;
286 	smb_odir_t *od;
287 	char namebuf[MAXNAMELEN];
288 
289 	fqi = &sr->arg.dirop.fqi;
290 
291 	/*
292 	 * Specify all search attributes (SMB_SEARCH_ATTRIBUTES) so that
293 	 * delete-specific checking can be done (smb_delete_check_dosattr).
294 	 */
295 	odid = smb_odir_open(sr, fqi->fq_path.pn_path,
296 	    SMB_SEARCH_ATTRIBUTES, 0);
297 	if (odid == 0)
298 		return (-1);
299 
300 	if ((od = smb_tree_lookup_odir(sr, odid)) == NULL)
301 		return (-1);
302 
303 	for (;;) {
304 		rc = smb_delete_find_fname(sr, od, namebuf, MAXNAMELEN);
305 		if (rc != 0)
306 			break;
307 
308 		rc = smb_fsop_lookup_name(sr, sr->user_cr, SMB_CASE_SENSITIVE,
309 		    sr->tid_tree->t_snode, fqi->fq_dnode,
310 		    namebuf, &fqi->fq_fnode);
311 		if (rc != 0)
312 			break;
313 
314 		if (smb_delete_check_dosattr(sr, err) != 0) {
315 			smb_node_release(fqi->fq_fnode);
316 			if (err->status == NT_STATUS_CANNOT_DELETE) {
317 				smb_odir_close(od);
318 				smb_odir_release(od);
319 				return (-1);
320 			}
321 			if ((err->status == NT_STATUS_FILE_IS_A_DIRECTORY) &&
322 			    (SMB_SEARCH_DIRECTORY(fqi->fq_sattr) != 0))
323 				break;
324 			continue;
325 		}
326 
327 		if (smb_delete_remove_file(sr, err) == 0) {
328 			++deleted;
329 			smb_node_release(fqi->fq_fnode);
330 			continue;
331 		}
332 		if (err->status == NT_STATUS_OBJECT_NAME_NOT_FOUND) {
333 			smb_node_release(fqi->fq_fnode);
334 			continue;
335 		}
336 
337 		smb_odir_close(od);
338 		smb_odir_release(od);
339 		smb_node_release(fqi->fq_fnode);
340 		return (-1);
341 	}
342 
343 	smb_odir_close(od);
344 	smb_odir_release(od);
345 
346 	if ((rc != 0) && (rc != ENOENT)) {
347 		smbsr_map_errno(rc, err);
348 		return (-1);
349 	}
350 
351 	if (deleted == 0) {
352 		smb_delete_error(err, NT_STATUS_NO_SUCH_FILE,
353 		    ERRDOS, ERROR_FILE_NOT_FOUND);
354 		return (-1);
355 	}
356 
357 	return (0);
358 }
359 
360 /*
361  * smb_delete_find_fname
362  *
363  * Find next filename that matches search pattern and return it
364  * in namebuf.
365  *
366  * Returns: 0 - success
367  *          errno
368  */
369 static int
370 smb_delete_find_fname(smb_request_t *sr, smb_odir_t *od, char *namebuf, int len)
371 {
372 	int		rc;
373 	smb_odirent_t	*odirent;
374 	boolean_t	eos;
375 
376 	odirent = kmem_alloc(sizeof (smb_odirent_t), KM_SLEEP);
377 
378 	rc = smb_odir_read(sr, od, odirent, &eos);
379 	if (rc == 0) {
380 		if (eos)
381 			rc = ENOENT;
382 		else
383 			(void) strlcpy(namebuf, odirent->od_name, len);
384 	}
385 	kmem_free(odirent, sizeof (smb_odirent_t));
386 	return (rc);
387 }
388 
389 /*
390  * smb_delete_check_dosattr
391  *
392  * Check file's dos atributes to ensure that
393  * 1. the file is not a directory - NT_STATUS_FILE_IS_A_DIRECTORY
394  * 2. the file is not readonly - NT_STATUS_CANNOT_DELETE
395  * 3. the file's dos attributes comply with the specified search attributes
396  *     If the file is either hidden or system and those attributes
397  *     are not specified in the search attributes - NT_STATUS_NO_SUCH_FILE
398  *
399  * Returns: 0 - file's attributes pass all checks
400  *         -1 - err populated with error details
401  */
402 static int
403 smb_delete_check_dosattr(smb_request_t *sr, smb_error_t *err)
404 {
405 	smb_fqi_t *fqi;
406 	smb_node_t *node;
407 	smb_attr_t attr;
408 	uint16_t sattr;
409 
410 	fqi = &sr->arg.dirop.fqi;
411 	sattr = fqi->fq_sattr;
412 	node = fqi->fq_fnode;
413 
414 	bzero(&attr, sizeof (attr));
415 	attr.sa_mask = SMB_AT_DOSATTR;
416 	if (smb_node_getattr(sr, node, kcred, NULL, &attr) != 0) {
417 		smb_delete_error(err, NT_STATUS_INTERNAL_ERROR,
418 		    ERRDOS, ERROR_INTERNAL_ERROR);
419 		return (-1);
420 	}
421 
422 	if (attr.sa_dosattr & FILE_ATTRIBUTE_DIRECTORY) {
423 		smb_delete_error(err, NT_STATUS_FILE_IS_A_DIRECTORY,
424 		    ERRDOS, ERROR_ACCESS_DENIED);
425 		return (-1);
426 	}
427 
428 	if (SMB_PATHFILE_IS_READONLY(sr, node)) {
429 		smb_delete_error(err, NT_STATUS_CANNOT_DELETE,
430 		    ERRDOS, ERROR_ACCESS_DENIED);
431 		return (-1);
432 	}
433 
434 	if ((attr.sa_dosattr & FILE_ATTRIBUTE_HIDDEN) &&
435 	    !(SMB_SEARCH_HIDDEN(sattr))) {
436 		smb_delete_error(err, NT_STATUS_NO_SUCH_FILE,
437 		    ERRDOS, ERROR_FILE_NOT_FOUND);
438 		return (-1);
439 	}
440 
441 	if ((attr.sa_dosattr & FILE_ATTRIBUTE_SYSTEM) &&
442 	    !(SMB_SEARCH_SYSTEM(sattr))) {
443 		smb_delete_error(err, NT_STATUS_NO_SUCH_FILE,
444 		    ERRDOS, ERROR_FILE_NOT_FOUND);
445 		return (-1);
446 	}
447 
448 	return (0);
449 }
450 
451 /*
452  * smb_delete_remove_file
453  *
454  * For consistency with Windows 2000, the range check should be done
455  * after checking for sharing violations.  Attempting to delete a
456  * locked file will result in sharing violation, which is the same
457  * thing that will happen if you try to delete a non-locked open file.
458  *
459  * Note that windows 2000 rejects lock requests on open files that
460  * have been opened with metadata open modes.  The error is
461  * STATUS_ACCESS_DENIED.
462  *
463  * NT does not always close a file immediately, which can cause the
464  * share and access checking to fail (the node refcnt is greater
465  * than one), and the file doesn't get deleted. Breaking the oplock
466  * before share and lock checking gives the client a chance to
467  * close the file.
468  *
469  * Returns: 0 - success
470  *         -1 - error, err populated with error details
471  */
472 static int
473 smb_delete_remove_file(smb_request_t *sr, smb_error_t *err)
474 {
475 	int rc, count;
476 	uint32_t status;
477 	smb_fqi_t *fqi;
478 	smb_node_t *node;
479 	uint32_t flags = 0;
480 
481 	fqi = &sr->arg.dirop.fqi;
482 	node = fqi->fq_fnode;
483 
484 	/*
485 	 * Break BATCH oplock before ofile checks. If a client
486 	 * has a file open, this will force a flush or close,
487 	 * which may affect the outcome of any share checking.
488 	 */
489 	(void) smb_oplock_break(sr, node,
490 	    SMB_OPLOCK_BREAK_TO_LEVEL_II | SMB_OPLOCK_BREAK_BATCH);
491 
492 	/*
493 	 * Wait (a little) for the oplock break to be
494 	 * responded to by clients closing handles.
495 	 * Hold node->n_lock as reader to keep new
496 	 * ofiles from showing up after we check.
497 	 */
498 	smb_node_rdlock(node);
499 	for (count = 0; count <= 12; count++) {
500 		status = smb_node_delete_check(node);
501 		if (status != NT_STATUS_SHARING_VIOLATION)
502 			break;
503 		smb_node_unlock(node);
504 		delay(MSEC_TO_TICK(100));
505 		smb_node_rdlock(node);
506 	}
507 	if (status != NT_STATUS_SUCCESS) {
508 		smb_delete_error(err, NT_STATUS_SHARING_VIOLATION,
509 		    ERRDOS, ERROR_SHARING_VIOLATION);
510 		smb_node_unlock(node);
511 		return (-1);
512 	}
513 
514 	/*
515 	 * Note, the combination of these two:
516 	 *	smb_node_rdlock(node);
517 	 *	nbl_start_crit(node->vp, RW_READER);
518 	 * is equivalent to this call:
519 	 *	smb_node_start_crit(node, RW_READER)
520 	 *
521 	 * Cleanup after this point should use:
522 	 *	smb_node_end_crit(node)
523 	 */
524 	nbl_start_crit(node->vp, RW_READER);
525 
526 	/*
527 	 * This checks nbl_share_conflict, nbl_lock_conflict
528 	 */
529 	status = smb_nbl_conflict(node, 0, UINT64_MAX, NBL_REMOVE);
530 	if (status == NT_STATUS_SHARING_VIOLATION) {
531 		smb_node_end_crit(node);
532 		smb_delete_error(err, NT_STATUS_SHARING_VIOLATION,
533 		    ERRDOS, ERROR_SHARING_VIOLATION);
534 		return (-1);
535 	}
536 	if (status != NT_STATUS_SUCCESS) {
537 		smb_node_end_crit(node);
538 		smb_delete_error(err, NT_STATUS_ACCESS_DENIED,
539 		    ERRDOS, ERROR_ACCESS_DENIED);
540 		return (-1);
541 	}
542 
543 	if (SMB_TREE_SUPPORTS_CATIA(sr))
544 		flags |= SMB_CATIA;
545 
546 	rc = smb_fsop_remove(sr, sr->user_cr, node->n_dnode,
547 	    node->od_name, flags);
548 	if (rc != 0) {
549 		if (rc == ENOENT)
550 			smb_delete_error(err, NT_STATUS_OBJECT_NAME_NOT_FOUND,
551 			    ERRDOS, ERROR_FILE_NOT_FOUND);
552 		else
553 			smbsr_map_errno(rc, err);
554 
555 		smb_node_end_crit(node);
556 		return (-1);
557 	}
558 
559 	smb_node_end_crit(node);
560 	return (0);
561 }
562 
563 
564 /*
565  * smb_delete_check_path
566  *
567  * smb_pathname_validate() should already have been used to
568  * perform initial validation on the pathname. Additional
569  * request specific validation of the filename is performed
570  * here.
571  *
572  * - pn->pn_fname is NULL should result in NT_STATUS_FILE_IS_A_DIRECTORY
573  *
574  * - Any wildcard filename that resolves to '.' should result in
575  *   NT_STATUS_OBJECT_NAME_INVALID if the search attributes include
576  *   FILE_ATTRIBUTE_DIRECTORY
577  *
578  * Returns:
579  *   0: path is valid.
580  *  -1: path is invalid. Sets error information in sr.
581  */
582 static int
583 smb_delete_check_path(smb_request_t *sr)
584 {
585 	smb_fqi_t *fqi = &sr->arg.dirop.fqi;
586 	smb_pathname_t *pn = &fqi->fq_path;
587 
588 	if (pn->pn_fname == NULL) {
589 		smbsr_error(sr, NT_STATUS_FILE_IS_A_DIRECTORY,
590 		    ERRDOS, ERROR_ACCESS_DENIED);
591 		return (-1);
592 	}
593 
594 	/* fname component is, or resolves to, '.' (dot) */
595 	if ((strcmp(pn->pn_fname, ".") == 0) ||
596 	    (SMB_SEARCH_DIRECTORY(fqi->fq_sattr) &&
597 	    (smb_match(pn->pn_fname, ".", B_FALSE)))) {
598 		smbsr_error(sr, NT_STATUS_OBJECT_NAME_INVALID,
599 		    ERRDOS, ERROR_INVALID_NAME);
600 		return (-1);
601 	}
602 
603 	return (0);
604 }
605 
606 /*
607  * smb_delete_error
608  */
609 static void
610 smb_delete_error(smb_error_t *err,
611     uint32_t status, uint16_t errcls, uint16_t errcode)
612 {
613 	err->status = status;
614 	err->errcls = errcls;
615 	err->errcode = errcode;
616 }
617