1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/sid.h> 27 #include <sys/nbmlock.h> 28 #include <smbsrv/smb_fsops.h> 29 #include <smbsrv/smb_kproto.h> 30 #include <smbsrv/ntstatus.h> 31 #include <smbsrv/ntaccess.h> 32 #include <smbsrv/smb_incl.h> 33 #include <acl/acl_common.h> 34 #include <sys/fcntl.h> 35 #include <sys/flock.h> 36 #include <fs/fs_subr.h> 37 38 extern caller_context_t smb_ct; 39 40 extern int smb_fem_oplock_install(smb_node_t *); 41 extern void smb_fem_oplock_uninstall(smb_node_t *); 42 43 extern int smb_vop_other_opens(vnode_t *, int); 44 45 static int smb_fsop_create_stream(smb_request_t *, cred_t *, smb_node_t *, 46 char *, char *, int, smb_attr_t *, smb_node_t **); 47 48 static int smb_fsop_create_file(smb_request_t *, cred_t *, smb_node_t *, 49 char *, int, smb_attr_t *, smb_node_t **); 50 51 static int smb_fsop_create_with_sd(smb_request_t *, cred_t *, smb_node_t *, 52 char *, smb_attr_t *, smb_node_t **, smb_fssd_t *); 53 54 static int smb_fsop_sdinherit(smb_request_t *, smb_node_t *, smb_fssd_t *); 55 56 /* 57 * The smb_fsop_* functions have knowledge of CIFS semantics. 58 * 59 * The smb_vop_* functions have minimal knowledge of CIFS semantics and 60 * serve as an interface to the VFS layer. 61 * 62 * Hence, smb_request_t and smb_node_t structures should not be passed 63 * from the smb_fsop_* layer to the smb_vop_* layer. 64 * 65 * In general, CIFS service code should only ever call smb_fsop_* 66 * functions directly, and never smb_vop_* functions directly. 67 * 68 * smb_fsop_* functions should call smb_vop_* functions where possible, instead 69 * of their smb_fsop_* counterparts. However, there are times when 70 * this cannot be avoided. 71 */ 72 73 /* 74 * Note: Stream names cannot be mangled. 75 */ 76 77 /* 78 * smb_fsop_amask_to_omode 79 * 80 * Convert the access mask to the open mode (for use 81 * with the VOP_OPEN call). 82 * 83 * Note that opening a file for attribute only access 84 * will also translate into an FREAD or FWRITE open mode 85 * (i.e., it's not just for data). 86 * 87 * This is needed so that opens are tracked appropriately 88 * for oplock processing. 89 */ 90 91 int 92 smb_fsop_amask_to_omode(uint32_t access) 93 { 94 int mode = 0; 95 96 if (access & (FILE_READ_DATA | FILE_EXECUTE | 97 FILE_READ_ATTRIBUTES | FILE_READ_EA)) 98 mode |= FREAD; 99 100 if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA | 101 FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)) 102 mode |= FWRITE; 103 104 if (access & FILE_APPEND_DATA) 105 mode |= FAPPEND; 106 107 return (mode); 108 } 109 110 int 111 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred) 112 { 113 /* 114 * Assuming that the same vnode is returned as we had before. 115 * (I.e., with certain types of files or file systems, a 116 * different vnode might be returned by VOP_OPEN) 117 */ 118 return (smb_vop_open(&node->vp, mode, cred)); 119 } 120 121 void 122 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred) 123 { 124 smb_vop_close(node->vp, mode, cred); 125 } 126 127 int 128 smb_fsop_oplock_install(smb_node_t *node, int mode) 129 { 130 int rc; 131 132 if (smb_vop_other_opens(node->vp, mode)) 133 return (EMFILE); 134 135 if ((rc = smb_fem_oplock_install(node))) 136 return (rc); 137 138 if (smb_vop_other_opens(node->vp, mode)) { 139 (void) smb_fem_oplock_uninstall(node); 140 return (EMFILE); 141 } 142 143 return (0); 144 } 145 146 void 147 smb_fsop_oplock_uninstall(smb_node_t *node) 148 { 149 smb_fem_oplock_uninstall(node); 150 } 151 152 static int 153 smb_fsop_create_with_sd(smb_request_t *sr, cred_t *cr, 154 smb_node_t *dnode, char *name, 155 smb_attr_t *attr, smb_node_t **ret_snode, smb_fssd_t *fs_sd) 156 { 157 vsecattr_t *vsap; 158 vsecattr_t vsecattr; 159 acl_t *acl, *dacl, *sacl; 160 smb_attr_t set_attr; 161 vnode_t *vp; 162 int aclbsize = 0; /* size of acl list in bytes */ 163 int flags = 0; 164 int rc; 165 boolean_t is_dir; 166 167 ASSERT(fs_sd); 168 169 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 170 flags = SMB_IGNORE_CASE; 171 if (SMB_TREE_SUPPORTS_CATIA(sr)) 172 flags |= SMB_CATIA; 173 174 ASSERT(cr); 175 176 is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0); 177 178 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) { 179 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 180 dacl = fs_sd->sd_zdacl; 181 sacl = fs_sd->sd_zsacl; 182 ASSERT(dacl || sacl); 183 if (dacl && sacl) { 184 acl = smb_fsacl_merge(dacl, sacl); 185 } else if (dacl) { 186 acl = dacl; 187 } else { 188 acl = sacl; 189 } 190 191 rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize); 192 193 if (dacl && sacl) 194 acl_free(acl); 195 196 if (rc != 0) 197 return (rc); 198 199 vsap = &vsecattr; 200 } else { 201 vsap = NULL; 202 } 203 204 /* The tree ACEs may prevent a create */ 205 rc = EACCES; 206 if (is_dir) { 207 if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_SUBDIRECTORY) != 0) 208 rc = smb_vop_mkdir(dnode->vp, name, attr, 209 &vp, flags, cr, vsap); 210 } else { 211 if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_FILE) != 0) 212 rc = smb_vop_create(dnode->vp, name, attr, 213 &vp, flags, cr, vsap); 214 } 215 216 if (vsap != NULL) 217 kmem_free(vsap->vsa_aclentp, aclbsize); 218 219 if (rc != 0) 220 return (rc); 221 222 set_attr.sa_mask = 0; 223 224 /* 225 * Ideally we should be able to specify the owner and owning 226 * group at create time along with the ACL. Since we cannot 227 * do that right now, kcred is passed to smb_vop_setattr so it 228 * doesn't fail due to lack of permission. 229 */ 230 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 231 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 232 set_attr.sa_mask |= SMB_AT_UID; 233 } 234 235 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 236 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 237 set_attr.sa_mask |= SMB_AT_GID; 238 } 239 240 if (set_attr.sa_mask) 241 rc = smb_vop_setattr(vp, NULL, &set_attr, 0, kcred); 242 243 if (rc == 0) { 244 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, 245 name, dnode, NULL); 246 247 if (*ret_snode == NULL) 248 rc = ENOMEM; 249 250 VN_RELE(vp); 251 } 252 } else { 253 /* 254 * For filesystems that don't support ACL-on-create, try 255 * to set the specified SD after create, which could actually 256 * fail because of conflicts between inherited security 257 * attributes upon creation and the specified SD. 258 * 259 * Passing kcred to smb_fsop_sdwrite() to overcome this issue. 260 */ 261 262 if (is_dir) { 263 rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, 264 flags, cr, NULL); 265 } else { 266 rc = smb_vop_create(dnode->vp, name, attr, &vp, 267 flags, cr, NULL); 268 } 269 270 if (rc != 0) 271 return (rc); 272 273 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, 274 name, dnode, NULL); 275 276 if (*ret_snode != NULL) { 277 if (!smb_tree_has_feature(sr->tid_tree, 278 SMB_TREE_NFS_MOUNTED)) 279 rc = smb_fsop_sdwrite(sr, kcred, *ret_snode, 280 fs_sd, 1); 281 } else { 282 rc = ENOMEM; 283 } 284 285 VN_RELE(vp); 286 } 287 288 if (rc != 0) { 289 if (is_dir) 290 (void) smb_vop_rmdir(dnode->vp, name, flags, cr); 291 else 292 (void) smb_vop_remove(dnode->vp, name, flags, cr); 293 } 294 295 return (rc); 296 } 297 298 /* 299 * smb_fsop_create 300 * 301 * All SMB functions should use this wrapper to ensure that 302 * all the smb_vop_creates are performed with the appropriate credentials. 303 * Please document any direct calls to explain the reason for avoiding 304 * this wrapper. 305 * 306 * *ret_snode is returned with a reference upon success. No reference is 307 * taken if an error is returned. 308 */ 309 int 310 smb_fsop_create(smb_request_t *sr, cred_t *cr, smb_node_t *dnode, 311 char *name, smb_attr_t *attr, smb_node_t **ret_snode) 312 { 313 int rc = 0; 314 int flags = 0; 315 char *fname, *sname; 316 char *longname = NULL; 317 318 ASSERT(cr); 319 ASSERT(dnode); 320 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 321 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 322 323 ASSERT(ret_snode); 324 *ret_snode = 0; 325 326 ASSERT(name); 327 if (*name == 0) 328 return (EINVAL); 329 330 ASSERT(sr); 331 ASSERT(sr->tid_tree); 332 333 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 334 return (EACCES); 335 336 if (SMB_TREE_IS_READONLY(sr)) 337 return (EROFS); 338 339 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 340 flags = SMB_IGNORE_CASE; 341 if (SMB_TREE_SUPPORTS_CATIA(sr)) 342 flags |= SMB_CATIA; 343 if (SMB_TREE_SUPPORTS_ABE(sr)) 344 flags |= SMB_ABE; 345 346 if (smb_is_stream_name(name)) { 347 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 348 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 349 smb_stream_parse_name(name, fname, sname); 350 351 rc = smb_fsop_create_stream(sr, cr, dnode, 352 fname, sname, flags, attr, ret_snode); 353 354 kmem_free(fname, MAXNAMELEN); 355 kmem_free(sname, MAXNAMELEN); 356 return (rc); 357 } 358 359 /* Not a named stream */ 360 361 if (smb_maybe_mangled_name(name)) { 362 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 363 rc = smb_unmangle_name(dnode, name, longname, 364 MAXNAMELEN, flags); 365 kmem_free(longname, MAXNAMELEN); 366 367 if (rc == 0) 368 rc = EEXIST; 369 if (rc != ENOENT) 370 return (rc); 371 } 372 373 rc = smb_fsop_create_file(sr, cr, dnode, name, flags, 374 attr, ret_snode); 375 return (rc); 376 377 } 378 379 380 /* 381 * smb_fsop_create_stream 382 * 383 * Create NTFS named stream file (sname) on unnamed stream 384 * file (fname), creating the unnamed stream file if it 385 * doesn't exist. 386 * If we created the unnamed stream file and then creation 387 * of the named stream file fails, we delete the unnamed stream. 388 * Since we use the real file name for the smb_vop_remove we 389 * clear the SMB_IGNORE_CASE flag to ensure a case sensitive 390 * match. 391 * 392 * The second parameter of smb_vop_setattr() is set to 393 * NULL, even though an unnamed stream exists. This is 394 * because we want to set the UID and GID on the named 395 * stream in this case for consistency with the (unnamed 396 * stream) file (see comments for smb_vop_setattr()). 397 */ 398 static int 399 smb_fsop_create_stream(smb_request_t *sr, cred_t *cr, 400 smb_node_t *dnode, char *fname, char *sname, int flags, 401 smb_attr_t *attr, smb_node_t **ret_snode) 402 { 403 smb_node_t *fnode; 404 smb_attr_t fattr; 405 vnode_t *xattrdvp; 406 vnode_t *vp; 407 int rc = 0; 408 boolean_t fcreate = B_FALSE; 409 410 /* Look up / create the unnamed stream, fname */ 411 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 412 sr->tid_tree->t_snode, dnode, fname, &fnode); 413 if (rc == ENOENT) { 414 fcreate = B_TRUE; 415 rc = smb_fsop_create_file(sr, cr, dnode, fname, flags, 416 attr, &fnode); 417 } 418 if (rc != 0) 419 return (rc); 420 421 fattr.sa_mask = SMB_AT_UID | SMB_AT_GID; 422 rc = smb_vop_getattr(fnode->vp, NULL, &fattr, 0, kcred); 423 424 if (rc == 0) { 425 /* create the named stream, sname */ 426 rc = smb_vop_stream_create(fnode->vp, sname, attr, 427 &vp, &xattrdvp, flags, cr); 428 } 429 if (rc != 0) { 430 if (fcreate) { 431 flags &= ~SMB_IGNORE_CASE; 432 (void) smb_vop_remove(dnode->vp, 433 fnode->od_name, flags, cr); 434 } 435 smb_node_release(fnode); 436 return (rc); 437 } 438 439 attr->sa_vattr.va_uid = fattr.sa_vattr.va_uid; 440 attr->sa_vattr.va_gid = fattr.sa_vattr.va_gid; 441 attr->sa_mask = SMB_AT_UID | SMB_AT_GID; 442 443 rc = smb_vop_setattr(vp, NULL, attr, 0, kcred); 444 if (rc != 0) { 445 smb_node_release(fnode); 446 return (rc); 447 } 448 449 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdvp, 450 vp, sname); 451 452 smb_node_release(fnode); 453 VN_RELE(xattrdvp); 454 VN_RELE(vp); 455 456 if (*ret_snode == NULL) 457 rc = ENOMEM; 458 459 return (rc); 460 } 461 462 /* 463 * smb_fsop_create_file 464 */ 465 static int 466 smb_fsop_create_file(smb_request_t *sr, cred_t *cr, 467 smb_node_t *dnode, char *name, int flags, 468 smb_attr_t *attr, smb_node_t **ret_snode) 469 { 470 open_param_t *op = &sr->arg.open; 471 vnode_t *vp; 472 smb_fssd_t fs_sd; 473 uint32_t secinfo; 474 uint32_t status; 475 int rc = 0; 476 477 if (op->sd) { 478 /* 479 * SD sent by client in Windows format. Needs to be 480 * converted to FS format. No inheritance. 481 */ 482 secinfo = smb_sd_get_secinfo(op->sd); 483 smb_fssd_init(&fs_sd, secinfo, 0); 484 485 status = smb_sd_tofs(op->sd, &fs_sd); 486 if (status == NT_STATUS_SUCCESS) { 487 rc = smb_fsop_create_with_sd(sr, cr, dnode, 488 name, attr, ret_snode, &fs_sd); 489 } else { 490 rc = EINVAL; 491 } 492 smb_fssd_term(&fs_sd); 493 } else if (sr->tid_tree->t_acltype == ACE_T) { 494 /* 495 * No incoming SD and filesystem is ZFS 496 * Server applies Windows inheritance rules, 497 * see smb_fsop_sdinherit() comments as to why. 498 */ 499 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0); 500 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd); 501 if (rc == 0) { 502 rc = smb_fsop_create_with_sd(sr, cr, dnode, 503 name, attr, ret_snode, &fs_sd); 504 } 505 506 smb_fssd_term(&fs_sd); 507 } else { 508 /* 509 * No incoming SD and filesystem is not ZFS 510 * let the filesystem handles the inheritance. 511 */ 512 rc = smb_vop_create(dnode->vp, name, attr, &vp, 513 flags, cr, NULL); 514 515 if (rc == 0) { 516 *ret_snode = smb_node_lookup(sr, op, cr, vp, 517 name, dnode, NULL); 518 519 if (*ret_snode == NULL) 520 rc = ENOMEM; 521 522 VN_RELE(vp); 523 } 524 525 } 526 return (rc); 527 } 528 529 /* 530 * smb_fsop_mkdir 531 * 532 * All SMB functions should use this wrapper to ensure that 533 * the the calls are performed with the appropriate credentials. 534 * Please document any direct call to explain the reason 535 * for avoiding this wrapper. 536 * 537 * It is assumed that a reference exists on snode coming into this routine. 538 * 539 * *ret_snode is returned with a reference upon success. No reference is 540 * taken if an error is returned. 541 */ 542 int 543 smb_fsop_mkdir( 544 smb_request_t *sr, 545 cred_t *cr, 546 smb_node_t *dnode, 547 char *name, 548 smb_attr_t *attr, 549 smb_node_t **ret_snode) 550 { 551 struct open_param *op = &sr->arg.open; 552 char *longname; 553 vnode_t *vp; 554 int flags = 0; 555 smb_fssd_t fs_sd; 556 uint32_t secinfo; 557 uint32_t status; 558 int rc; 559 ASSERT(cr); 560 ASSERT(dnode); 561 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 562 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 563 564 ASSERT(ret_snode); 565 *ret_snode = 0; 566 567 ASSERT(name); 568 if (*name == 0) 569 return (EINVAL); 570 571 ASSERT(sr); 572 ASSERT(sr->tid_tree); 573 574 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 575 return (EACCES); 576 577 if (SMB_TREE_IS_READONLY(sr)) 578 return (EROFS); 579 if (SMB_TREE_SUPPORTS_CATIA(sr)) 580 flags |= SMB_CATIA; 581 if (SMB_TREE_SUPPORTS_ABE(sr)) 582 flags |= SMB_ABE; 583 584 if (smb_maybe_mangled_name(name)) { 585 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 586 rc = smb_unmangle_name(dnode, name, longname, 587 MAXNAMELEN, flags); 588 kmem_free(longname, MAXNAMELEN); 589 590 /* 591 * If the name passed in by the client has an unmangled 592 * equivalent that is found in the specified directory, 593 * then the mkdir cannot succeed. Return EEXIST. 594 * 595 * Only if ENOENT is returned will a mkdir be attempted. 596 */ 597 598 if (rc == 0) 599 rc = EEXIST; 600 601 if (rc != ENOENT) 602 return (rc); 603 } 604 605 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 606 flags = SMB_IGNORE_CASE; 607 608 if (op->sd) { 609 /* 610 * SD sent by client in Windows format. Needs to be 611 * converted to FS format. No inheritance. 612 */ 613 secinfo = smb_sd_get_secinfo(op->sd); 614 smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR); 615 616 status = smb_sd_tofs(op->sd, &fs_sd); 617 if (status == NT_STATUS_SUCCESS) { 618 rc = smb_fsop_create_with_sd(sr, cr, dnode, 619 name, attr, ret_snode, &fs_sd); 620 } 621 else 622 rc = EINVAL; 623 smb_fssd_term(&fs_sd); 624 } else if (sr->tid_tree->t_acltype == ACE_T) { 625 /* 626 * No incoming SD and filesystem is ZFS 627 * Server applies Windows inheritance rules, 628 * see smb_fsop_sdinherit() comments as to why. 629 */ 630 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR); 631 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd); 632 if (rc == 0) { 633 rc = smb_fsop_create_with_sd(sr, cr, dnode, 634 name, attr, ret_snode, &fs_sd); 635 } 636 637 smb_fssd_term(&fs_sd); 638 639 } else { 640 rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, flags, cr, 641 NULL); 642 643 if (rc == 0) { 644 *ret_snode = smb_node_lookup(sr, op, cr, vp, name, 645 dnode, NULL); 646 647 if (*ret_snode == NULL) 648 rc = ENOMEM; 649 650 VN_RELE(vp); 651 } 652 } 653 654 return (rc); 655 } 656 657 /* 658 * smb_fsop_remove 659 * 660 * All SMB functions should use this wrapper to ensure that 661 * the the calls are performed with the appropriate credentials. 662 * Please document any direct call to explain the reason 663 * for avoiding this wrapper. 664 * 665 * It is assumed that a reference exists on snode coming into this routine. 666 * 667 * A null smb_request might be passed to this function. 668 */ 669 int 670 smb_fsop_remove( 671 smb_request_t *sr, 672 cred_t *cr, 673 smb_node_t *dnode, 674 char *name, 675 uint32_t flags) 676 { 677 smb_node_t *fnode; 678 char *longname; 679 char *fname; 680 char *sname; 681 int rc; 682 683 ASSERT(cr); 684 /* 685 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 686 * function is called during the deletion of the node (because of 687 * DELETE_ON_CLOSE). 688 */ 689 ASSERT(dnode); 690 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 691 692 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 || 693 SMB_TREE_HAS_ACCESS(sr, ACE_DELETE) == 0) 694 return (EACCES); 695 696 if (SMB_TREE_IS_READONLY(sr)) 697 return (EROFS); 698 699 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 700 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 701 702 if (dnode->flags & NODE_XATTR_DIR) { 703 rc = smb_vop_stream_remove(dnode->n_dnode->vp, 704 name, flags, cr); 705 } else if (smb_is_stream_name(name)) { 706 smb_stream_parse_name(name, fname, sname); 707 708 /* 709 * Look up the unnamed stream (i.e. fname). 710 * Unmangle processing will be done on fname 711 * as well as any link target. 712 */ 713 714 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 715 sr->tid_tree->t_snode, dnode, fname, &fnode); 716 717 if (rc != 0) { 718 kmem_free(fname, MAXNAMELEN); 719 kmem_free(sname, MAXNAMELEN); 720 return (rc); 721 } 722 723 /* 724 * XXX 725 * Need to find out what permission is required by NTFS 726 * to remove a stream. 727 */ 728 rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr); 729 730 smb_node_release(fnode); 731 } else { 732 rc = smb_vop_remove(dnode->vp, name, flags, cr); 733 734 if (rc == ENOENT) { 735 if (smb_maybe_mangled_name(name) == 0) { 736 kmem_free(fname, MAXNAMELEN); 737 kmem_free(sname, MAXNAMELEN); 738 return (rc); 739 } 740 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 741 742 if (SMB_TREE_SUPPORTS_ABE(sr)) 743 flags |= SMB_ABE; 744 745 rc = smb_unmangle_name(dnode, name, 746 longname, MAXNAMELEN, flags); 747 748 if (rc == 0) { 749 /* 750 * longname is the real (case-sensitive) 751 * on-disk name. 752 * We make sure we do a remove on this exact 753 * name, as the name was mangled and denotes 754 * a unique file. 755 */ 756 flags &= ~SMB_IGNORE_CASE; 757 rc = smb_vop_remove(dnode->vp, longname, 758 flags, cr); 759 } 760 761 kmem_free(longname, MAXNAMELEN); 762 } 763 } 764 765 kmem_free(fname, MAXNAMELEN); 766 kmem_free(sname, MAXNAMELEN); 767 return (rc); 768 } 769 770 /* 771 * smb_fsop_remove_streams 772 * 773 * This function removes a file's streams without removing the 774 * file itself. 775 * 776 * It is assumed that fnode is not a link. 777 */ 778 int 779 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode) 780 { 781 int rc, flags = 0; 782 uint16_t odid; 783 smb_odir_t *od; 784 smb_odirent_t *odirent; 785 boolean_t eos; 786 787 ASSERT(sr); 788 ASSERT(cr); 789 ASSERT(fnode); 790 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 791 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 792 793 if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0) { 794 smbsr_errno(sr, EACCES); 795 return (-1); 796 } 797 798 if (SMB_TREE_IS_READONLY(sr)) { 799 smbsr_errno(sr, EROFS); 800 return (-1); 801 } 802 803 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 804 flags = SMB_IGNORE_CASE; 805 806 if (SMB_TREE_SUPPORTS_CATIA(sr)) 807 flags |= SMB_CATIA; 808 809 if ((odid = smb_odir_openat(sr, fnode)) == 0) { 810 smbsr_errno(sr, ENOENT); 811 return (-1); 812 } 813 814 if ((od = smb_tree_lookup_odir(sr->tid_tree, odid)) == NULL) { 815 smbsr_errno(sr, ENOENT); 816 return (-1); 817 } 818 819 odirent = kmem_alloc(sizeof (smb_odirent_t), KM_SLEEP); 820 for (;;) { 821 rc = smb_odir_read(sr, od, odirent, &eos); 822 if ((rc != 0) || (eos)) 823 break; 824 (void) smb_vop_remove(od->d_dnode->vp, odirent->od_name, 825 flags, cr); 826 } 827 kmem_free(odirent, sizeof (smb_odirent_t)); 828 829 smb_odir_close(od); 830 smb_odir_release(od); 831 return (rc); 832 } 833 834 /* 835 * smb_fsop_rmdir 836 * 837 * All SMB functions should use this wrapper to ensure that 838 * the the calls are performed with the appropriate credentials. 839 * Please document any direct call to explain the reason 840 * for avoiding this wrapper. 841 * 842 * It is assumed that a reference exists on snode coming into this routine. 843 */ 844 int 845 smb_fsop_rmdir( 846 smb_request_t *sr, 847 cred_t *cr, 848 smb_node_t *dnode, 849 char *name, 850 uint32_t flags) 851 { 852 int rc; 853 char *longname; 854 855 ASSERT(cr); 856 /* 857 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 858 * function is called during the deletion of the node (because of 859 * DELETE_ON_CLOSE). 860 */ 861 ASSERT(dnode); 862 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 863 864 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 || 865 SMB_TREE_HAS_ACCESS(sr, ACE_DELETE_CHILD) == 0) 866 return (EACCES); 867 868 if (SMB_TREE_IS_READONLY(sr)) 869 return (EROFS); 870 871 rc = smb_vop_rmdir(dnode->vp, name, flags, cr); 872 873 if (rc == ENOENT) { 874 if (smb_maybe_mangled_name(name) == 0) 875 return (rc); 876 877 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 878 879 if (SMB_TREE_SUPPORTS_ABE(sr)) 880 flags |= SMB_ABE; 881 rc = smb_unmangle_name(dnode, name, longname, 882 MAXNAMELEN, flags); 883 884 if (rc == 0) { 885 /* 886 * longname is the real (case-sensitive) 887 * on-disk name. 888 * We make sure we do a rmdir on this exact 889 * name, as the name was mangled and denotes 890 * a unique directory. 891 */ 892 flags &= ~SMB_IGNORE_CASE; 893 rc = smb_vop_rmdir(dnode->vp, longname, flags, cr); 894 } 895 896 kmem_free(longname, MAXNAMELEN); 897 } 898 899 return (rc); 900 } 901 902 /* 903 * smb_fsop_getattr 904 * 905 * All SMB functions should use this wrapper to ensure that 906 * the the calls are performed with the appropriate credentials. 907 * Please document any direct call to explain the reason 908 * for avoiding this wrapper. 909 * 910 * It is assumed that a reference exists on snode coming into this routine. 911 */ 912 int 913 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 914 smb_attr_t *attr) 915 { 916 smb_node_t *unnamed_node; 917 vnode_t *unnamed_vp = NULL; 918 uint32_t status; 919 uint32_t access = 0; 920 int flags = 0; 921 int rc; 922 923 ASSERT(cr); 924 ASSERT(snode); 925 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 926 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 927 928 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0 || 929 SMB_TREE_HAS_ACCESS(sr, ACE_READ_ATTRIBUTES) == 0) 930 return (EACCES); 931 932 /* sr could be NULL in some cases */ 933 if (sr && sr->fid_ofile) { 934 /* if uid and/or gid is requested */ 935 if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 936 access |= READ_CONTROL; 937 938 /* if anything else is also requested */ 939 if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 940 access |= FILE_READ_ATTRIBUTES; 941 942 status = smb_ofile_access(sr->fid_ofile, cr, access); 943 if (status != NT_STATUS_SUCCESS) 944 return (EACCES); 945 946 if (smb_tree_has_feature(sr->tid_tree, 947 SMB_TREE_ACEMASKONACCESS)) 948 flags = ATTR_NOACLCHECK; 949 } 950 951 unnamed_node = SMB_IS_STREAM(snode); 952 953 if (unnamed_node) { 954 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 955 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 956 unnamed_vp = unnamed_node->vp; 957 } 958 959 rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr); 960 return (rc); 961 } 962 963 /* 964 * smb_fsop_link 965 * 966 * All SMB functions should use this smb_vop_link wrapper to ensure that 967 * the smb_vop_link is performed with the appropriate credentials. 968 * Please document any direct call to smb_vop_link to explain the reason 969 * for avoiding this wrapper. 970 * 971 * It is assumed that references exist on from_dnode and to_dnode coming 972 * into this routine. 973 */ 974 int 975 smb_fsop_link(smb_request_t *sr, cred_t *cr, smb_node_t *to_dnode, 976 smb_node_t *from_fnode, char *to_name) 977 { 978 char *longname = NULL; 979 int flags = 0; 980 int rc; 981 982 ASSERT(sr); 983 ASSERT(sr->tid_tree); 984 ASSERT(cr); 985 ASSERT(to_dnode); 986 ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC); 987 ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING); 988 ASSERT(from_fnode); 989 ASSERT(from_fnode->n_magic == SMB_NODE_MAGIC); 990 ASSERT(from_fnode->n_state != SMB_NODE_STATE_DESTROYING); 991 992 if (SMB_TREE_CONTAINS_NODE(sr, from_fnode) == 0) 993 return (EACCES); 994 995 if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0) 996 return (EACCES); 997 998 if (SMB_TREE_IS_READONLY(sr)) 999 return (EROFS); 1000 1001 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1002 flags = SMB_IGNORE_CASE; 1003 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1004 flags |= SMB_CATIA; 1005 if (SMB_TREE_SUPPORTS_ABE(sr)) 1006 flags |= SMB_ABE; 1007 1008 if (smb_maybe_mangled_name(to_name)) { 1009 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1010 rc = smb_unmangle_name(to_dnode, to_name, 1011 longname, MAXNAMELEN, flags); 1012 kmem_free(longname, MAXNAMELEN); 1013 1014 if (rc == 0) 1015 rc = EEXIST; 1016 if (rc != ENOENT) 1017 return (rc); 1018 } 1019 1020 rc = smb_vop_link(to_dnode->vp, from_fnode->vp, to_name, flags, cr); 1021 return (rc); 1022 } 1023 1024 /* 1025 * smb_fsop_rename 1026 * 1027 * All SMB functions should use this smb_vop_rename wrapper to ensure that 1028 * the smb_vop_rename is performed with the appropriate credentials. 1029 * Please document any direct call to smb_vop_rename to explain the reason 1030 * for avoiding this wrapper. 1031 * 1032 * It is assumed that references exist on from_dnode and to_dnode coming 1033 * into this routine. 1034 */ 1035 int 1036 smb_fsop_rename( 1037 smb_request_t *sr, 1038 cred_t *cr, 1039 smb_node_t *from_dnode, 1040 char *from_name, 1041 smb_node_t *to_dnode, 1042 char *to_name) 1043 { 1044 smb_node_t *from_snode; 1045 vnode_t *from_vp; 1046 int flags = 0, ret_flags; 1047 int rc; 1048 boolean_t isdir; 1049 1050 ASSERT(cr); 1051 ASSERT(from_dnode); 1052 ASSERT(from_dnode->n_magic == SMB_NODE_MAGIC); 1053 ASSERT(from_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1054 1055 ASSERT(to_dnode); 1056 ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC); 1057 ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1058 1059 if (SMB_TREE_CONTAINS_NODE(sr, from_dnode) == 0) 1060 return (EACCES); 1061 1062 if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0) 1063 return (EACCES); 1064 1065 ASSERT(sr); 1066 ASSERT(sr->tid_tree); 1067 if (SMB_TREE_IS_READONLY(sr)) 1068 return (EROFS); 1069 1070 /* 1071 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE 1072 * here. 1073 * 1074 * A case-sensitive rename is always done in this routine 1075 * because we are using the on-disk name from an earlier lookup. 1076 * If a mangled name was passed in by the caller (denoting a 1077 * deterministic lookup), then the exact file must be renamed 1078 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or 1079 * else the underlying file system might return a "first-match" 1080 * on this on-disk name, possibly resulting in the wrong file). 1081 */ 1082 1083 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1084 flags |= SMB_CATIA; 1085 1086 /* 1087 * XXX: Lock required through smb_node_release() below? 1088 */ 1089 1090 rc = smb_vop_lookup(from_dnode->vp, from_name, &from_vp, NULL, 1091 flags, &ret_flags, NULL, cr); 1092 1093 if (rc != 0) 1094 return (rc); 1095 1096 isdir = from_vp->v_type == VDIR; 1097 1098 if ((isdir && SMB_TREE_HAS_ACCESS(sr, 1099 ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY) != 1100 (ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY)) || 1101 (!isdir && SMB_TREE_HAS_ACCESS(sr, ACE_DELETE | ACE_ADD_FILE) != 1102 (ACE_DELETE | ACE_ADD_FILE))) 1103 return (EACCES); 1104 1105 rc = smb_vop_rename(from_dnode->vp, from_name, to_dnode->vp, 1106 to_name, flags, cr); 1107 1108 if (rc == 0) { 1109 from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name, 1110 from_dnode, NULL); 1111 1112 if (from_snode == NULL) { 1113 rc = ENOMEM; 1114 } else { 1115 smb_node_rename(from_dnode, from_snode, 1116 to_dnode, to_name); 1117 smb_node_release(from_snode); 1118 } 1119 } 1120 VN_RELE(from_vp); 1121 1122 /* XXX: unlock */ 1123 1124 return (rc); 1125 } 1126 1127 /* 1128 * smb_fsop_setattr 1129 * 1130 * All SMB functions should use this wrapper to ensure that 1131 * the the calls are performed with the appropriate credentials. 1132 * Please document any direct call to explain the reason 1133 * for avoiding this wrapper. 1134 * 1135 * It is assumed that a reference exists on snode coming into 1136 * this function. 1137 * A null smb_request might be passed to this function. 1138 */ 1139 int 1140 smb_fsop_setattr( 1141 smb_request_t *sr, 1142 cred_t *cr, 1143 smb_node_t *snode, 1144 smb_attr_t *set_attr) 1145 { 1146 smb_node_t *unnamed_node; 1147 vnode_t *unnamed_vp = NULL; 1148 uint32_t status; 1149 uint32_t access; 1150 int rc = 0; 1151 int flags = 0; 1152 uint_t sa_mask; 1153 1154 ASSERT(cr); 1155 ASSERT(snode); 1156 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1157 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1158 1159 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0) 1160 return (EACCES); 1161 1162 if (SMB_TREE_IS_READONLY(sr)) 1163 return (EROFS); 1164 1165 if (SMB_TREE_HAS_ACCESS(sr, 1166 ACE_WRITE_ATTRIBUTES | ACE_WRITE_NAMED_ATTRS) == 0) 1167 return (EACCES); 1168 1169 /* 1170 * The file system cannot detect pending READDONLY 1171 * (i.e. if the file has been opened readonly but 1172 * not yet closed) so we need to test READONLY here. 1173 */ 1174 if (sr && (set_attr->sa_mask & SMB_AT_SIZE)) { 1175 if (sr->fid_ofile) { 1176 if (SMB_OFILE_IS_READONLY(sr->fid_ofile)) 1177 return (EACCES); 1178 } else { 1179 if (SMB_PATHFILE_IS_READONLY(sr, snode)) 1180 return (EACCES); 1181 } 1182 } 1183 1184 /* 1185 * SMB checks access on open and retains an access granted 1186 * mask for use while the file is open. ACL changes should 1187 * not affect access to an open file. 1188 * 1189 * If the setattr is being performed on an ofile: 1190 * - Check the ofile's access granted mask to see if the 1191 * setattr is permitted. 1192 * UID, GID - require WRITE_OWNER 1193 * SIZE, ALLOCSZ - require FILE_WRITE_DATA 1194 * all other attributes require FILE_WRITE_ATTRIBUTES 1195 * 1196 * - If the file system does access checking, set the 1197 * ATTR_NOACLCHECK flag to ensure that the file system 1198 * does not check permissions on subsequent calls. 1199 */ 1200 if (sr && sr->fid_ofile) { 1201 sa_mask = set_attr->sa_mask; 1202 access = 0; 1203 1204 if (sa_mask & (SMB_AT_SIZE | SMB_AT_ALLOCSZ)) { 1205 access |= FILE_WRITE_DATA; 1206 sa_mask &= ~(SMB_AT_SIZE | SMB_AT_ALLOCSZ); 1207 } 1208 1209 if (sa_mask & (SMB_AT_UID|SMB_AT_GID)) { 1210 access |= WRITE_OWNER; 1211 sa_mask &= ~(SMB_AT_UID|SMB_AT_GID); 1212 } 1213 1214 if (sa_mask) 1215 access |= FILE_WRITE_ATTRIBUTES; 1216 1217 status = smb_ofile_access(sr->fid_ofile, cr, access); 1218 if (status != NT_STATUS_SUCCESS) 1219 return (EACCES); 1220 1221 if (smb_tree_has_feature(sr->tid_tree, 1222 SMB_TREE_ACEMASKONACCESS)) 1223 flags = ATTR_NOACLCHECK; 1224 } 1225 1226 unnamed_node = SMB_IS_STREAM(snode); 1227 1228 if (unnamed_node) { 1229 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1230 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1231 unnamed_vp = unnamed_node->vp; 1232 } 1233 1234 rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr); 1235 return (rc); 1236 } 1237 1238 /* 1239 * smb_fsop_read 1240 * 1241 * All SMB functions should use this wrapper to ensure that 1242 * the the calls are performed with the appropriate credentials. 1243 * Please document any direct call to explain the reason 1244 * for avoiding this wrapper. 1245 * 1246 * It is assumed that a reference exists on snode coming into this routine. 1247 */ 1248 int 1249 smb_fsop_read(smb_request_t *sr, cred_t *cr, smb_node_t *snode, uio_t *uio) 1250 { 1251 caller_context_t ct; 1252 int svmand; 1253 int rc; 1254 1255 ASSERT(cr); 1256 ASSERT(snode); 1257 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1258 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1259 1260 ASSERT(sr); 1261 ASSERT(sr->fid_ofile); 1262 1263 if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_DATA) == 0) 1264 return (EACCES); 1265 1266 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA); 1267 if (rc != NT_STATUS_SUCCESS) { 1268 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE); 1269 if (rc != NT_STATUS_SUCCESS) 1270 return (EACCES); 1271 } 1272 1273 /* 1274 * Streams permission are checked against the unnamed stream, 1275 * but in FS level they have their own permissions. To avoid 1276 * rejection by FS due to lack of permission on the actual 1277 * extended attr kcred is passed for streams. 1278 */ 1279 if (SMB_IS_STREAM(snode)) 1280 cr = kcred; 1281 1282 smb_node_start_crit(snode, RW_READER); 1283 rc = nbl_svmand(snode->vp, kcred, &svmand); 1284 if (rc) { 1285 smb_node_end_crit(snode); 1286 return (rc); 1287 } 1288 1289 ct = smb_ct; 1290 ct.cc_pid = sr->fid_ofile->f_uniqid; 1291 rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset, 1292 uio->uio_iov->iov_len, svmand, &ct); 1293 1294 if (rc) { 1295 smb_node_end_crit(snode); 1296 return (ERANGE); 1297 } 1298 1299 rc = smb_vop_read(snode->vp, uio, cr); 1300 smb_node_end_crit(snode); 1301 1302 return (rc); 1303 } 1304 1305 /* 1306 * smb_fsop_write 1307 * 1308 * This is a wrapper function used for smb_write and smb_write_raw operations. 1309 * 1310 * It is assumed that a reference exists on snode coming into this routine. 1311 */ 1312 int 1313 smb_fsop_write( 1314 smb_request_t *sr, 1315 cred_t *cr, 1316 smb_node_t *snode, 1317 uio_t *uio, 1318 uint32_t *lcount, 1319 int ioflag) 1320 { 1321 caller_context_t ct; 1322 int svmand; 1323 int rc; 1324 1325 ASSERT(cr); 1326 ASSERT(snode); 1327 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1328 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1329 1330 ASSERT(sr); 1331 ASSERT(sr->tid_tree); 1332 ASSERT(sr->fid_ofile); 1333 1334 if (SMB_TREE_IS_READONLY(sr)) 1335 return (EROFS); 1336 1337 if (SMB_OFILE_IS_READONLY(sr->fid_ofile) || 1338 SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_DATA | ACE_APPEND_DATA) == 0) 1339 return (EACCES); 1340 1341 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_WRITE_DATA); 1342 if (rc != NT_STATUS_SUCCESS) { 1343 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_APPEND_DATA); 1344 if (rc != NT_STATUS_SUCCESS) 1345 return (EACCES); 1346 } 1347 1348 /* 1349 * Streams permission are checked against the unnamed stream, 1350 * but in FS level they have their own permissions. To avoid 1351 * rejection by FS due to lack of permission on the actual 1352 * extended attr kcred is passed for streams. 1353 */ 1354 if (SMB_IS_STREAM(snode)) 1355 cr = kcred; 1356 1357 smb_node_start_crit(snode, RW_READER); 1358 rc = nbl_svmand(snode->vp, kcred, &svmand); 1359 if (rc) { 1360 smb_node_end_crit(snode); 1361 return (rc); 1362 } 1363 1364 ct = smb_ct; 1365 ct.cc_pid = sr->fid_ofile->f_uniqid; 1366 rc = nbl_lock_conflict(snode->vp, NBL_WRITE, uio->uio_loffset, 1367 uio->uio_iov->iov_len, svmand, &ct); 1368 1369 if (rc) { 1370 smb_node_end_crit(snode); 1371 return (ERANGE); 1372 } 1373 1374 rc = smb_vop_write(snode->vp, uio, ioflag, lcount, cr); 1375 smb_node_end_crit(snode); 1376 1377 return (rc); 1378 } 1379 1380 /* 1381 * smb_fsop_statfs 1382 * 1383 * This is a wrapper function used for stat operations. 1384 */ 1385 int 1386 smb_fsop_statfs( 1387 cred_t *cr, 1388 smb_node_t *snode, 1389 struct statvfs64 *statp) 1390 { 1391 ASSERT(cr); 1392 ASSERT(snode); 1393 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1394 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1395 1396 return (smb_vop_statfs(snode->vp, statp, cr)); 1397 } 1398 1399 /* 1400 * smb_fsop_access 1401 * 1402 * Named streams do not have separate permissions from the associated 1403 * unnamed stream. Thus, if node is a named stream, the permissions 1404 * check will be performed on the associated unnamed stream. 1405 * 1406 * However, our named streams do have their own quarantine attribute, 1407 * separate from that on the unnamed stream. If READ or EXECUTE 1408 * access has been requested on a named stream, an additional access 1409 * check is performed on the named stream in case it has been 1410 * quarantined. kcred is used to avoid issues with the permissions 1411 * set on the extended attribute file representing the named stream. 1412 */ 1413 int 1414 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1415 uint32_t faccess) 1416 { 1417 int access = 0; 1418 int error; 1419 vnode_t *dir_vp; 1420 boolean_t acl_check = B_TRUE; 1421 smb_node_t *unnamed_node; 1422 1423 ASSERT(sr); 1424 ASSERT(cr); 1425 ASSERT(snode); 1426 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1427 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1428 1429 if (faccess == 0) 1430 return (NT_STATUS_SUCCESS); 1431 1432 if (SMB_TREE_IS_READONLY(sr)) { 1433 if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA| 1434 FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES| 1435 DELETE|WRITE_DAC|WRITE_OWNER)) { 1436 return (NT_STATUS_ACCESS_DENIED); 1437 } 1438 } 1439 1440 unnamed_node = SMB_IS_STREAM(snode); 1441 if (unnamed_node) { 1442 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1443 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1444 1445 /* 1446 * Perform VREAD access check on the named stream in case it 1447 * is quarantined. kcred is passed to smb_vop_access so it 1448 * doesn't fail due to lack of permission. 1449 */ 1450 if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) { 1451 error = smb_vop_access(snode->vp, VREAD, 1452 0, NULL, kcred); 1453 if (error) 1454 return (NT_STATUS_ACCESS_DENIED); 1455 } 1456 1457 /* 1458 * Streams authorization should be performed against the 1459 * unnamed stream. 1460 */ 1461 snode = unnamed_node; 1462 } 1463 1464 if (faccess & ACCESS_SYSTEM_SECURITY) { 1465 /* 1466 * This permission is required for reading/writing SACL and 1467 * it's not part of DACL. It's only granted via proper 1468 * privileges. 1469 */ 1470 if ((sr->uid_user->u_privileges & 1471 (SMB_USER_PRIV_BACKUP | 1472 SMB_USER_PRIV_RESTORE | 1473 SMB_USER_PRIV_SECURITY)) == 0) 1474 return (NT_STATUS_PRIVILEGE_NOT_HELD); 1475 1476 faccess &= ~ACCESS_SYSTEM_SECURITY; 1477 } 1478 1479 /* Links don't have ACL */ 1480 if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) || 1481 smb_node_is_link(snode)) 1482 acl_check = B_FALSE; 1483 1484 /* 1485 * Use the most restrictive parts of both faccess and the 1486 * share access. An AND of the two value masks gives us that 1487 * since we've already converted to a mask of what we "can" 1488 * do. 1489 */ 1490 faccess &= sr->tid_tree->t_access; 1491 1492 if (acl_check) { 1493 dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL; 1494 error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp, 1495 cr); 1496 } else { 1497 /* 1498 * FS doesn't understand 32-bit mask, need to map 1499 */ 1500 if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA)) 1501 access |= VWRITE; 1502 1503 if (faccess & FILE_READ_DATA) 1504 access |= VREAD; 1505 1506 if (faccess & FILE_EXECUTE) 1507 access |= VEXEC; 1508 1509 error = smb_vop_access(snode->vp, access, 0, NULL, cr); 1510 } 1511 1512 return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS); 1513 } 1514 1515 /* 1516 * smb_fsop_lookup_name() 1517 * 1518 * If name indicates that the file is a stream file, perform 1519 * stream specific lookup, otherwise call smb_fsop_lookup. 1520 * 1521 * Return an error if the looked-up file is in outside the tree. 1522 * (Required when invoked from open path.) 1523 */ 1524 1525 int 1526 smb_fsop_lookup_name( 1527 smb_request_t *sr, 1528 cred_t *cr, 1529 int flags, 1530 smb_node_t *root_node, 1531 smb_node_t *dnode, 1532 char *name, 1533 smb_node_t **ret_snode) 1534 { 1535 smb_node_t *fnode; 1536 vnode_t *xattrdirvp; 1537 vnode_t *vp; 1538 char *od_name; 1539 char *fname; 1540 char *sname; 1541 int rc; 1542 1543 ASSERT(cr); 1544 ASSERT(dnode); 1545 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 1546 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 1547 1548 /* 1549 * The following check is required for streams processing, below 1550 */ 1551 1552 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1553 flags |= SMB_IGNORE_CASE; 1554 1555 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1556 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1557 1558 if (smb_is_stream_name(name)) { 1559 smb_stream_parse_name(name, fname, sname); 1560 1561 /* 1562 * Look up the unnamed stream (i.e. fname). 1563 * Unmangle processing will be done on fname 1564 * as well as any link target. 1565 */ 1566 rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, 1567 fname, &fnode); 1568 1569 if (rc != 0) { 1570 kmem_free(fname, MAXNAMELEN); 1571 kmem_free(sname, MAXNAMELEN); 1572 return (rc); 1573 } 1574 1575 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1576 1577 /* 1578 * od_name is the on-disk name of the stream, except 1579 * without the prepended stream prefix (SMB_STREAM_PREFIX) 1580 */ 1581 1582 /* 1583 * XXX 1584 * What permissions NTFS requires for stream lookup if any? 1585 */ 1586 rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name, 1587 &xattrdirvp, flags, root_node->vp, cr); 1588 1589 if (rc != 0) { 1590 smb_node_release(fnode); 1591 kmem_free(fname, MAXNAMELEN); 1592 kmem_free(sname, MAXNAMELEN); 1593 kmem_free(od_name, MAXNAMELEN); 1594 return (rc); 1595 } 1596 1597 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1598 vp, od_name); 1599 1600 kmem_free(od_name, MAXNAMELEN); 1601 smb_node_release(fnode); 1602 VN_RELE(xattrdirvp); 1603 VN_RELE(vp); 1604 1605 if (*ret_snode == NULL) { 1606 kmem_free(fname, MAXNAMELEN); 1607 kmem_free(sname, MAXNAMELEN); 1608 return (ENOMEM); 1609 } 1610 } else { 1611 rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, name, 1612 ret_snode); 1613 } 1614 1615 if (rc == 0) { 1616 ASSERT(ret_snode); 1617 if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) { 1618 smb_node_release(*ret_snode); 1619 *ret_snode = NULL; 1620 rc = EACCES; 1621 } 1622 } 1623 1624 kmem_free(fname, MAXNAMELEN); 1625 kmem_free(sname, MAXNAMELEN); 1626 1627 return (rc); 1628 } 1629 1630 /* 1631 * smb_fsop_lookup 1632 * 1633 * All SMB functions should use this smb_vop_lookup wrapper to ensure that 1634 * the smb_vop_lookup is performed with the appropriate credentials and using 1635 * case insensitive compares. Please document any direct call to smb_vop_lookup 1636 * to explain the reason for avoiding this wrapper. 1637 * 1638 * It is assumed that a reference exists on dnode coming into this routine 1639 * (and that it is safe from deallocation). 1640 * 1641 * Same with the root_node. 1642 * 1643 * *ret_snode is returned with a reference upon success. No reference is 1644 * taken if an error is returned. 1645 * 1646 * Note: The returned ret_snode may be in a child mount. This is ok for 1647 * readdir. 1648 * 1649 * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent 1650 * operations on files not in the parent mount. 1651 */ 1652 int 1653 smb_fsop_lookup( 1654 smb_request_t *sr, 1655 cred_t *cr, 1656 int flags, 1657 smb_node_t *root_node, 1658 smb_node_t *dnode, 1659 char *name, 1660 smb_node_t **ret_snode) 1661 { 1662 smb_node_t *lnk_target_node; 1663 smb_node_t *lnk_dnode; 1664 char *longname; 1665 char *od_name; 1666 vnode_t *vp; 1667 int rc; 1668 int ret_flags; 1669 1670 ASSERT(cr); 1671 ASSERT(dnode); 1672 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 1673 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 1674 1675 if (name == NULL) 1676 return (EINVAL); 1677 1678 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 1679 return (EACCES); 1680 1681 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1682 flags |= SMB_IGNORE_CASE; 1683 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1684 flags |= SMB_CATIA; 1685 if (SMB_TREE_SUPPORTS_ABE(sr)) 1686 flags |= SMB_ABE; 1687 1688 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1689 1690 rc = smb_vop_lookup(dnode->vp, name, &vp, od_name, flags, 1691 &ret_flags, root_node ? root_node->vp : NULL, cr); 1692 1693 if (rc != 0) { 1694 if (smb_maybe_mangled_name(name) == 0) { 1695 kmem_free(od_name, MAXNAMELEN); 1696 return (rc); 1697 } 1698 1699 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1700 rc = smb_unmangle_name(dnode, name, longname, 1701 MAXNAMELEN, flags); 1702 if (rc != 0) { 1703 kmem_free(od_name, MAXNAMELEN); 1704 kmem_free(longname, MAXNAMELEN); 1705 return (rc); 1706 } 1707 1708 /* 1709 * longname is the real (case-sensitive) 1710 * on-disk name. 1711 * We make sure we do a lookup on this exact 1712 * name, as the name was mangled and denotes 1713 * a unique file. 1714 */ 1715 1716 if (flags & SMB_IGNORE_CASE) 1717 flags &= ~SMB_IGNORE_CASE; 1718 1719 rc = smb_vop_lookup(dnode->vp, longname, &vp, od_name, 1720 flags, &ret_flags, root_node ? root_node->vp : NULL, cr); 1721 1722 kmem_free(longname, MAXNAMELEN); 1723 1724 if (rc != 0) { 1725 kmem_free(od_name, MAXNAMELEN); 1726 return (rc); 1727 } 1728 } 1729 1730 if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK)) { 1731 1732 rc = smb_pathname(sr, od_name, FOLLOW, root_node, dnode, 1733 &lnk_dnode, &lnk_target_node, cr); 1734 1735 if (rc != 0) { 1736 /* 1737 * The link is assumed to be for the last component 1738 * of a path. Hence any ENOTDIR error will be returned 1739 * as ENOENT. 1740 */ 1741 if (rc == ENOTDIR) 1742 rc = ENOENT; 1743 1744 VN_RELE(vp); 1745 kmem_free(od_name, MAXNAMELEN); 1746 return (rc); 1747 } 1748 1749 /* 1750 * Release the original VLNK vnode 1751 */ 1752 1753 VN_RELE(vp); 1754 vp = lnk_target_node->vp; 1755 1756 rc = smb_vop_traverse_check(&vp); 1757 1758 if (rc != 0) { 1759 smb_node_release(lnk_dnode); 1760 smb_node_release(lnk_target_node); 1761 kmem_free(od_name, MAXNAMELEN); 1762 return (rc); 1763 } 1764 1765 /* 1766 * smb_vop_traverse_check() may have returned a different vnode 1767 */ 1768 1769 if (lnk_target_node->vp == vp) { 1770 *ret_snode = lnk_target_node; 1771 } else { 1772 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, 1773 lnk_target_node->od_name, lnk_dnode, NULL); 1774 VN_RELE(vp); 1775 1776 if (*ret_snode == NULL) 1777 rc = ENOMEM; 1778 smb_node_release(lnk_target_node); 1779 } 1780 1781 smb_node_release(lnk_dnode); 1782 1783 } else { 1784 1785 rc = smb_vop_traverse_check(&vp); 1786 if (rc) { 1787 VN_RELE(vp); 1788 kmem_free(od_name, MAXNAMELEN); 1789 return (rc); 1790 } 1791 1792 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name, 1793 dnode, NULL); 1794 VN_RELE(vp); 1795 1796 if (*ret_snode == NULL) 1797 rc = ENOMEM; 1798 } 1799 1800 kmem_free(od_name, MAXNAMELEN); 1801 return (rc); 1802 } 1803 1804 int /*ARGSUSED*/ 1805 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode) 1806 { 1807 ASSERT(cr); 1808 ASSERT(snode); 1809 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1810 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1811 1812 ASSERT(sr); 1813 ASSERT(sr->tid_tree); 1814 if (SMB_TREE_IS_READONLY(sr)) 1815 return (EROFS); 1816 1817 return (smb_vop_commit(snode->vp, cr)); 1818 } 1819 1820 /* 1821 * smb_fsop_aclread 1822 * 1823 * Retrieve filesystem ACL. Depends on requested ACLs in 1824 * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in 1825 * fs_sd. Note that requesting a DACL/SACL doesn't mean that 1826 * the corresponding field in fs_sd should be non-NULL upon 1827 * return, since the target ACL might not contain that type of 1828 * entries. 1829 * 1830 * Returned ACL is always in ACE_T (aka ZFS) format. 1831 * If successful the allocated memory for the ACL should be freed 1832 * using smb_fsacl_free() or smb_fssd_term() 1833 */ 1834 int 1835 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1836 smb_fssd_t *fs_sd) 1837 { 1838 int error = 0; 1839 int flags = 0; 1840 int access = 0; 1841 acl_t *acl; 1842 smb_node_t *unnamed_node; 1843 1844 ASSERT(cr); 1845 1846 if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_ACL) == 0) 1847 return (EACCES); 1848 1849 if (sr->fid_ofile) { 1850 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 1851 access = READ_CONTROL; 1852 1853 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 1854 access |= ACCESS_SYSTEM_SECURITY; 1855 1856 error = smb_ofile_access(sr->fid_ofile, cr, access); 1857 if (error != NT_STATUS_SUCCESS) { 1858 return (EACCES); 1859 } 1860 } 1861 1862 unnamed_node = SMB_IS_STREAM(snode); 1863 if (unnamed_node) { 1864 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1865 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1866 /* 1867 * Streams don't have ACL, any read ACL attempt on a stream 1868 * should be performed on the unnamed stream. 1869 */ 1870 snode = unnamed_node; 1871 } 1872 1873 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) 1874 flags = ATTR_NOACLCHECK; 1875 1876 error = smb_vop_acl_read(snode->vp, &acl, flags, 1877 sr->tid_tree->t_acltype, cr); 1878 if (error != 0) { 1879 return (error); 1880 } 1881 1882 error = acl_translate(acl, _ACL_ACE_ENABLED, 1883 (snode->vp->v_type == VDIR), fs_sd->sd_uid, fs_sd->sd_gid); 1884 1885 if (error == 0) { 1886 smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl, 1887 fs_sd->sd_secinfo); 1888 } 1889 1890 acl_free(acl); 1891 return (error); 1892 } 1893 1894 /* 1895 * smb_fsop_aclwrite 1896 * 1897 * Stores the filesystem ACL provided in fs_sd->sd_acl. 1898 */ 1899 int 1900 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1901 smb_fssd_t *fs_sd) 1902 { 1903 int target_flavor; 1904 int error = 0; 1905 int flags = 0; 1906 int access = 0; 1907 acl_t *acl, *dacl, *sacl; 1908 smb_node_t *unnamed_node; 1909 1910 ASSERT(cr); 1911 1912 ASSERT(sr); 1913 ASSERT(sr->tid_tree); 1914 if (SMB_TREE_IS_READONLY(sr)) 1915 return (EROFS); 1916 1917 if (SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_ACL) == 0) 1918 return (EACCES); 1919 1920 if (sr->fid_ofile) { 1921 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 1922 access = WRITE_DAC; 1923 1924 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 1925 access |= ACCESS_SYSTEM_SECURITY; 1926 1927 error = smb_ofile_access(sr->fid_ofile, cr, access); 1928 if (error != NT_STATUS_SUCCESS) 1929 return (EACCES); 1930 } 1931 1932 switch (sr->tid_tree->t_acltype) { 1933 case ACLENT_T: 1934 target_flavor = _ACL_ACLENT_ENABLED; 1935 break; 1936 1937 case ACE_T: 1938 target_flavor = _ACL_ACE_ENABLED; 1939 break; 1940 default: 1941 return (EINVAL); 1942 } 1943 1944 unnamed_node = SMB_IS_STREAM(snode); 1945 if (unnamed_node) { 1946 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1947 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1948 /* 1949 * Streams don't have ACL, any write ACL attempt on a stream 1950 * should be performed on the unnamed stream. 1951 */ 1952 snode = unnamed_node; 1953 } 1954 1955 dacl = fs_sd->sd_zdacl; 1956 sacl = fs_sd->sd_zsacl; 1957 1958 ASSERT(dacl || sacl); 1959 if ((dacl == NULL) && (sacl == NULL)) 1960 return (EINVAL); 1961 1962 if (dacl && sacl) 1963 acl = smb_fsacl_merge(dacl, sacl); 1964 else if (dacl) 1965 acl = dacl; 1966 else 1967 acl = sacl; 1968 1969 error = acl_translate(acl, target_flavor, (snode->vp->v_type == VDIR), 1970 fs_sd->sd_uid, fs_sd->sd_gid); 1971 if (error == 0) { 1972 if (smb_tree_has_feature(sr->tid_tree, 1973 SMB_TREE_ACEMASKONACCESS)) 1974 flags = ATTR_NOACLCHECK; 1975 1976 error = smb_vop_acl_write(snode->vp, acl, flags, cr); 1977 } 1978 1979 if (dacl && sacl) 1980 acl_free(acl); 1981 1982 return (error); 1983 } 1984 1985 acl_type_t 1986 smb_fsop_acltype(smb_node_t *snode) 1987 { 1988 return (smb_vop_acl_type(snode->vp)); 1989 } 1990 1991 /* 1992 * smb_fsop_sdread 1993 * 1994 * Read the requested security descriptor items from filesystem. 1995 * The items are specified in fs_sd->sd_secinfo. 1996 */ 1997 int 1998 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1999 smb_fssd_t *fs_sd) 2000 { 2001 int error = 0; 2002 int getowner = 0; 2003 cred_t *ga_cred; 2004 smb_attr_t attr; 2005 2006 ASSERT(cr); 2007 ASSERT(fs_sd); 2008 2009 /* 2010 * File's uid/gid is fetched in two cases: 2011 * 2012 * 1. it's explicitly requested 2013 * 2014 * 2. target ACL is ACE_T (ZFS ACL). They're needed for 2015 * owner@/group@ entries. In this case kcred should be used 2016 * because uid/gid are fetched on behalf of smb server. 2017 */ 2018 if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) { 2019 getowner = 1; 2020 ga_cred = cr; 2021 } else if (sr->tid_tree->t_acltype == ACE_T) { 2022 getowner = 1; 2023 ga_cred = kcred; 2024 } 2025 2026 if (getowner) { 2027 /* 2028 * Windows require READ_CONTROL to read owner/group SID since 2029 * they're part of Security Descriptor. 2030 * ZFS only requires read_attribute. Need to have a explicit 2031 * access check here. 2032 */ 2033 if (sr->fid_ofile == NULL) { 2034 error = smb_fsop_access(sr, ga_cred, snode, 2035 READ_CONTROL); 2036 if (error) 2037 return (EACCES); 2038 } 2039 2040 attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2041 error = smb_fsop_getattr(sr, ga_cred, snode, &attr); 2042 if (error == 0) { 2043 fs_sd->sd_uid = attr.sa_vattr.va_uid; 2044 fs_sd->sd_gid = attr.sa_vattr.va_gid; 2045 } else { 2046 return (error); 2047 } 2048 } 2049 2050 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2051 error = smb_fsop_aclread(sr, cr, snode, fs_sd); 2052 } 2053 2054 return (error); 2055 } 2056 2057 /* 2058 * smb_fsop_sdmerge 2059 * 2060 * From SMB point of view DACL and SACL are two separate list 2061 * which can be manipulated independently without one affecting 2062 * the other, but entries for both DACL and SACL will end up 2063 * in the same ACL if target filesystem supports ACE_T ACLs. 2064 * 2065 * So, if either DACL or SACL is present in the client set request 2066 * the entries corresponding to the non-present ACL shouldn't 2067 * be touched in the FS ACL. 2068 * 2069 * fs_sd parameter contains DACL and SACL specified by SMB 2070 * client to be set on a file/directory. The client could 2071 * specify both or one of these ACLs (if none is specified 2072 * we don't get this far). When both DACL and SACL are given 2073 * by client the existing ACL should be overwritten. If only 2074 * one of them is specified the entries corresponding to the other 2075 * ACL should not be touched. For example, if only DACL 2076 * is specified in input fs_sd, the function reads audit entries 2077 * of the existing ACL of the file and point fs_sd->sd_zsdacl 2078 * pointer to the fetched SACL, this way when smb_fsop_sdwrite() 2079 * function is called the passed fs_sd would point to the specified 2080 * DACL by client and fetched SACL from filesystem, so the file 2081 * will end up with correct ACL. 2082 */ 2083 static int 2084 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd) 2085 { 2086 smb_fssd_t cur_sd; 2087 int error = 0; 2088 2089 if (sr->tid_tree->t_acltype != ACE_T) 2090 /* Don't bother if target FS doesn't support ACE_T */ 2091 return (0); 2092 2093 if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) { 2094 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 2095 /* 2096 * Don't overwrite existing audit entries 2097 */ 2098 smb_fssd_init(&cur_sd, SMB_SACL_SECINFO, 2099 fs_sd->sd_flags); 2100 2101 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2102 if (error == 0) { 2103 ASSERT(fs_sd->sd_zsacl == NULL); 2104 fs_sd->sd_zsacl = cur_sd.sd_zsacl; 2105 if (fs_sd->sd_zsacl && fs_sd->sd_zdacl) 2106 fs_sd->sd_zsacl->acl_flags = 2107 fs_sd->sd_zdacl->acl_flags; 2108 } 2109 } else { 2110 /* 2111 * Don't overwrite existing access entries 2112 */ 2113 smb_fssd_init(&cur_sd, SMB_DACL_SECINFO, 2114 fs_sd->sd_flags); 2115 2116 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2117 if (error == 0) { 2118 ASSERT(fs_sd->sd_zdacl == NULL); 2119 fs_sd->sd_zdacl = cur_sd.sd_zdacl; 2120 if (fs_sd->sd_zdacl && fs_sd->sd_zsacl) 2121 fs_sd->sd_zdacl->acl_flags = 2122 fs_sd->sd_zsacl->acl_flags; 2123 } 2124 } 2125 2126 if (error) 2127 smb_fssd_term(&cur_sd); 2128 } 2129 2130 return (error); 2131 } 2132 2133 /* 2134 * smb_fsop_sdwrite 2135 * 2136 * Stores the given uid, gid and acl in filesystem. 2137 * Provided items in fs_sd are specified by fs_sd->sd_secinfo. 2138 * 2139 * A SMB security descriptor could contain owner, primary group, 2140 * DACL and SACL. Setting an SD should be atomic but here it has to 2141 * be done via two separate FS operations: VOP_SETATTR and 2142 * VOP_SETSECATTR. Therefore, this function has to simulate the 2143 * atomicity as well as it can. 2144 * 2145 * Get the current uid, gid before setting the new uid/gid 2146 * so if smb_fsop_aclwrite fails they can be restored. root cred is 2147 * used to get currend uid/gid since this operation is performed on 2148 * behalf of the server not the user. 2149 * 2150 * If setting uid/gid fails with EPERM it means that and invalid 2151 * owner has been specified. Callers should translate this to 2152 * STATUS_INVALID_OWNER which is not the normal mapping for EPERM 2153 * in upper layers, so EPERM is mapped to EBADE. 2154 */ 2155 int 2156 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2157 smb_fssd_t *fs_sd, int overwrite) 2158 { 2159 int error = 0; 2160 int access = 0; 2161 smb_attr_t set_attr; 2162 smb_attr_t orig_attr; 2163 2164 ASSERT(cr); 2165 ASSERT(fs_sd); 2166 2167 ASSERT(sr); 2168 ASSERT(sr->tid_tree); 2169 if (SMB_TREE_IS_READONLY(sr)) 2170 return (EROFS); 2171 2172 bzero(&set_attr, sizeof (smb_attr_t)); 2173 2174 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 2175 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 2176 set_attr.sa_mask |= SMB_AT_UID; 2177 access |= WRITE_OWNER; 2178 } 2179 2180 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 2181 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 2182 set_attr.sa_mask |= SMB_AT_GID; 2183 access |= WRITE_OWNER; 2184 } 2185 2186 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2187 access |= WRITE_DAC; 2188 2189 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2190 access |= ACCESS_SYSTEM_SECURITY; 2191 2192 if (sr->fid_ofile) 2193 error = smb_ofile_access(sr->fid_ofile, cr, access); 2194 else 2195 error = smb_fsop_access(sr, cr, snode, access); 2196 2197 if (error) 2198 return (EACCES); 2199 2200 if (set_attr.sa_mask) { 2201 orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2202 error = smb_fsop_getattr(sr, kcred, snode, &orig_attr); 2203 if (error == 0) { 2204 error = smb_fsop_setattr(sr, cr, snode, &set_attr); 2205 if (error == EPERM) 2206 error = EBADE; 2207 } 2208 2209 if (error) 2210 return (error); 2211 } 2212 2213 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2214 if (overwrite == 0) { 2215 error = smb_fsop_sdmerge(sr, snode, fs_sd); 2216 if (error) 2217 return (error); 2218 } 2219 2220 error = smb_fsop_aclwrite(sr, cr, snode, fs_sd); 2221 if (error) { 2222 /* 2223 * Revert uid/gid changes if required. 2224 */ 2225 if (set_attr.sa_mask) { 2226 orig_attr.sa_mask = set_attr.sa_mask; 2227 (void) smb_fsop_setattr(sr, kcred, snode, 2228 &orig_attr); 2229 } 2230 } 2231 } 2232 2233 return (error); 2234 } 2235 2236 /* 2237 * smb_fsop_sdinherit 2238 * 2239 * Inherit the security descriptor from the parent container. 2240 * This function is called after FS has created the file/folder 2241 * so if this doesn't do anything it means FS inheritance is 2242 * in place. 2243 * 2244 * Do inheritance for ZFS internally. 2245 * 2246 * If we want to let ZFS does the inheritance the 2247 * following setting should be true: 2248 * 2249 * - aclinherit = passthrough 2250 * - aclmode = passthrough 2251 * - smbd umask = 0777 2252 * 2253 * This will result in right effective permissions but 2254 * ZFS will always add 6 ACEs for owner, owning group 2255 * and others to be POSIX compliant. This is not what 2256 * Windows clients/users expect, so we decided that CIFS 2257 * implements Windows rules and overwrite whatever ZFS 2258 * comes up with. This way we also don't have to care 2259 * about ZFS aclinherit and aclmode settings. 2260 */ 2261 static int 2262 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd) 2263 { 2264 int is_dir; 2265 acl_t *dacl = NULL; 2266 acl_t *sacl = NULL; 2267 ksid_t *owner_sid; 2268 int error; 2269 2270 ASSERT(fs_sd); 2271 2272 if (sr->tid_tree->t_acltype != ACE_T) { 2273 /* 2274 * No forced inheritance for non-ZFS filesystems. 2275 */ 2276 fs_sd->sd_secinfo = 0; 2277 return (0); 2278 } 2279 2280 2281 /* Fetch parent directory's ACL */ 2282 error = smb_fsop_sdread(sr, kcred, dnode, fs_sd); 2283 if (error) { 2284 return (error); 2285 } 2286 2287 is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR); 2288 owner_sid = crgetsid(sr->user_cr, KSID_OWNER); 2289 ASSERT(owner_sid); 2290 dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO, 2291 owner_sid->ks_id); 2292 sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO, 2293 (uid_t)-1); 2294 2295 if (sacl == NULL) 2296 fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO; 2297 2298 smb_fsacl_free(fs_sd->sd_zdacl); 2299 smb_fsacl_free(fs_sd->sd_zsacl); 2300 2301 fs_sd->sd_zdacl = dacl; 2302 fs_sd->sd_zsacl = sacl; 2303 2304 return (0); 2305 } 2306 2307 /* 2308 * smb_fsop_eaccess 2309 * 2310 * Returns the effective permission of the given credential for the 2311 * specified object. 2312 * 2313 * This is just a workaround. We need VFS/FS support for this. 2314 */ 2315 void 2316 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2317 uint32_t *eaccess) 2318 { 2319 int access = 0; 2320 vnode_t *dir_vp; 2321 smb_node_t *unnamed_node; 2322 2323 ASSERT(cr); 2324 ASSERT(snode); 2325 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2326 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2327 2328 unnamed_node = SMB_IS_STREAM(snode); 2329 if (unnamed_node) { 2330 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2331 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2332 /* 2333 * Streams authorization should be performed against the 2334 * unnamed stream. 2335 */ 2336 snode = unnamed_node; 2337 } 2338 2339 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) { 2340 dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL; 2341 smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp, 2342 cr); 2343 return; 2344 } 2345 2346 /* 2347 * FS doesn't understand 32-bit mask 2348 */ 2349 smb_vop_eaccess(snode->vp, &access, 0, NULL, cr); 2350 access &= sr->tid_tree->t_access; 2351 2352 *eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES; 2353 2354 if (access & VREAD) 2355 *eaccess |= FILE_READ_DATA; 2356 2357 if (access & VEXEC) 2358 *eaccess |= FILE_EXECUTE; 2359 2360 if (access & VWRITE) 2361 *eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | 2362 FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD; 2363 } 2364 2365 /* 2366 * smb_fsop_shrlock 2367 * 2368 * For the current open request, check file sharing rules 2369 * against existing opens. 2370 * 2371 * Returns NT_STATUS_SHARING_VIOLATION if there is any 2372 * sharing conflict. Returns NT_STATUS_SUCCESS otherwise. 2373 * 2374 * Full system-wide share reservation synchronization is available 2375 * when the nbmand (non-blocking mandatory) mount option is set 2376 * (i.e. nbl_need_crit() is true) and nbmand critical regions are used. 2377 * This provides synchronization with NFS and local processes. The 2378 * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called 2379 * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well 2380 * as the CIFS rename and delete paths. 2381 * 2382 * The CIFS server will also enter the nbl critical region in the open, 2383 * rename, and delete paths when nbmand is not set. There is limited 2384 * coordination with local and VFS share reservations in this case. 2385 * Note that when the nbmand mount option is not set, the VFS layer 2386 * only processes advisory reservations and the delete mode is not checked. 2387 * 2388 * Whether or not the nbmand mount option is set, intra-CIFS share 2389 * checking is done in the open, delete, and rename paths using a CIFS 2390 * critical region (node->n_share_lock). 2391 */ 2392 2393 uint32_t 2394 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid, 2395 uint32_t desired_access, uint32_t share_access) 2396 { 2397 int rc; 2398 2399 if (smb_node_is_dir(node)) 2400 return (NT_STATUS_SUCCESS); 2401 2402 /* Allow access if the request is just for meta data */ 2403 if ((desired_access & FILE_DATA_ALL) == 0) 2404 return (NT_STATUS_SUCCESS); 2405 2406 rc = smb_node_open_check(node, cr, desired_access, share_access); 2407 if (rc) 2408 return (NT_STATUS_SHARING_VIOLATION); 2409 2410 rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access, 2411 cr); 2412 if (rc) 2413 return (NT_STATUS_SHARING_VIOLATION); 2414 2415 return (NT_STATUS_SUCCESS); 2416 } 2417 2418 void 2419 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid) 2420 { 2421 if (smb_node_is_dir(node)) 2422 return; 2423 2424 (void) smb_vop_unshrlock(node->vp, uniq_fid, cr); 2425 } 2426 2427 int 2428 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock, 2429 cred_t *cr) 2430 { 2431 flock64_t bf; 2432 int flag = F_REMOTELOCK; 2433 2434 /* 2435 * VOP_FRLOCK() will not be called if: 2436 * 2437 * 1) The lock has a range of zero bytes. The semantics of Windows and 2438 * POSIX are different. In the case of POSIX it asks for the locking 2439 * of all the bytes from the offset provided until the end of the 2440 * file. In the case of Windows a range of zero locks nothing and 2441 * doesn't conflict with any other lock. 2442 * 2443 * 2) The lock rolls over (start + lenght < start). Solaris will assert 2444 * if such a request is submitted. This will not create 2445 * incompatibilities between POSIX and Windows. In the Windows world, 2446 * if a client submits such a lock, the server will not lock any 2447 * bytes. Interestingly if the same lock (same offset and length) is 2448 * resubmitted Windows will consider that there is an overlap and 2449 * the granting rules will then apply. 2450 */ 2451 if ((lock->l_length == 0) || 2452 ((lock->l_start + lock->l_length - 1) < lock->l_start)) 2453 return (0); 2454 2455 bzero(&bf, sizeof (bf)); 2456 2457 if (unlock) { 2458 bf.l_type = F_UNLCK; 2459 } else if (lock->l_type == SMB_LOCK_TYPE_READONLY) { 2460 bf.l_type = F_RDLCK; 2461 flag |= FREAD; 2462 } else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) { 2463 bf.l_type = F_WRLCK; 2464 flag |= FWRITE; 2465 } 2466 2467 bf.l_start = lock->l_start; 2468 bf.l_len = lock->l_length; 2469 bf.l_pid = lock->l_file->f_uniqid; 2470 bf.l_sysid = smb_ct.cc_sysid; 2471 2472 return (smb_vop_frlock(node->vp, cr, flag, &bf)); 2473 } 2474