1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright 2013 Nexenta Systems, Inc. All rights reserved. 25 */ 26 27 #include <sys/sdt.h> 28 #include <smbsrv/smb_kproto.h> 29 #include <smbsrv/smb_fsops.h> 30 #include <smbsrv/netbios.h> 31 32 33 static int smb_write_truncate(smb_request_t *, smb_rw_param_t *); 34 35 36 /* 37 * Write count bytes at the specified offset in a file. The offset is 38 * limited to 32-bits. If the count is zero, the file is truncated to 39 * the length specified by the offset. 40 * 41 * The response count indicates the actual number of bytes written, which 42 * will equal the requested count on success. If request and response 43 * counts differ but there is no error, the client will assume that the 44 * server encountered a resource issue. 45 */ 46 smb_sdrc_t 47 smb_pre_write(smb_request_t *sr) 48 { 49 smb_rw_param_t *param; 50 uint32_t off; 51 uint16_t count; 52 int rc; 53 54 param = kmem_zalloc(sizeof (smb_rw_param_t), KM_SLEEP); 55 sr->arg.rw = param; 56 param->rw_magic = SMB_RW_MAGIC; 57 58 rc = smbsr_decode_vwv(sr, "wwl", &sr->smb_fid, &count, &off); 59 60 param->rw_count = (uint32_t)count; 61 param->rw_offset = (uint64_t)off; 62 param->rw_vdb.vdb_uio.uio_loffset = (offset_t)param->rw_offset; 63 64 DTRACE_SMB_2(op__Write__start, smb_request_t *, sr, 65 smb_rw_param_t *, param); 66 67 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 68 } 69 70 void 71 smb_post_write(smb_request_t *sr) 72 { 73 DTRACE_SMB_2(op__Write__done, smb_request_t *, sr, 74 smb_rw_param_t *, sr->arg.rw); 75 76 kmem_free(sr->arg.rw, sizeof (smb_rw_param_t)); 77 } 78 79 smb_sdrc_t 80 smb_com_write(smb_request_t *sr) 81 { 82 smb_rw_param_t *param = sr->arg.rw; 83 int rc; 84 85 smbsr_lookup_file(sr); 86 if (sr->fid_ofile == NULL) { 87 smbsr_error(sr, NT_STATUS_INVALID_HANDLE, ERRDOS, ERRbadfid); 88 return (SDRC_ERROR); 89 } 90 91 sr->user_cr = smb_ofile_getcred(sr->fid_ofile); 92 93 if (param->rw_count == 0) { 94 rc = smb_write_truncate(sr, param); 95 } else { 96 rc = smbsr_decode_data(sr, "D", ¶m->rw_vdb); 97 98 if ((rc != 0) || (param->rw_vdb.vdb_len != param->rw_count)) { 99 smbsr_error(sr, NT_STATUS_INVALID_PARAMETER, 100 ERRDOS, ERROR_INVALID_PARAMETER); 101 return (SDRC_ERROR); 102 } 103 104 param->rw_vdb.vdb_uio.uio_loffset = (offset_t)param->rw_offset; 105 106 rc = smb_common_write(sr, param); 107 } 108 109 if (rc != 0) { 110 if (sr->smb_error.status != NT_STATUS_FILE_LOCK_CONFLICT) 111 smbsr_errno(sr, rc); 112 return (SDRC_ERROR); 113 } 114 115 rc = smbsr_encode_result(sr, 1, 0, "bww", 1, 116 (uint16_t)param->rw_count, 0); 117 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 118 } 119 120 /* 121 * Write count bytes to a file and then close the file. This function 122 * can only be used to write to 32-bit offsets and the client must set 123 * WordCount (6 or 12) correctly in order to locate the data to be 124 * written. If an error occurs on the write, the file should still be 125 * closed. If Count is 0, the file is truncated (or extended) to offset. 126 * 127 * If the last_write time is non-zero, last_write should be used to set 128 * the mtime. Otherwise the file system stamps the mtime. Failure to 129 * set mtime should not result in an error response. 130 */ 131 smb_sdrc_t 132 smb_pre_write_and_close(smb_request_t *sr) 133 { 134 smb_rw_param_t *param; 135 uint32_t off; 136 uint16_t count; 137 int rc; 138 139 param = kmem_zalloc(sizeof (smb_rw_param_t), KM_SLEEP); 140 sr->arg.rw = param; 141 param->rw_magic = SMB_RW_MAGIC; 142 143 if (sr->smb_wct == 12) { 144 rc = smbsr_decode_vwv(sr, "wwll12.", &sr->smb_fid, 145 &count, &off, ¶m->rw_last_write); 146 } else { 147 rc = smbsr_decode_vwv(sr, "wwll", &sr->smb_fid, 148 &count, &off, ¶m->rw_last_write); 149 } 150 151 param->rw_count = (uint32_t)count; 152 param->rw_offset = (uint64_t)off; 153 154 DTRACE_SMB_2(op__WriteAndClose__start, smb_request_t *, sr, 155 smb_rw_param_t *, param); 156 157 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 158 } 159 160 void 161 smb_post_write_and_close(smb_request_t *sr) 162 { 163 DTRACE_SMB_2(op__WriteAndClose__done, smb_request_t *, sr, 164 smb_rw_param_t *, sr->arg.rw); 165 166 kmem_free(sr->arg.rw, sizeof (smb_rw_param_t)); 167 } 168 169 smb_sdrc_t 170 smb_com_write_and_close(smb_request_t *sr) 171 { 172 smb_rw_param_t *param = sr->arg.rw; 173 uint16_t count; 174 int rc = 0; 175 176 smbsr_lookup_file(sr); 177 if (sr->fid_ofile == NULL) { 178 smbsr_error(sr, NT_STATUS_INVALID_HANDLE, ERRDOS, ERRbadfid); 179 return (SDRC_ERROR); 180 } 181 182 sr->user_cr = smb_ofile_getcred(sr->fid_ofile); 183 184 if (param->rw_count == 0) { 185 rc = smb_write_truncate(sr, param); 186 } else { 187 /* 188 * There may be a bug here: should this be "3.#B"? 189 */ 190 rc = smbsr_decode_data(sr, ".#B", param->rw_count, 191 ¶m->rw_vdb); 192 193 if ((rc != 0) || (param->rw_vdb.vdb_len != param->rw_count)) { 194 smbsr_error(sr, NT_STATUS_INVALID_PARAMETER, 195 ERRDOS, ERROR_INVALID_PARAMETER); 196 return (SDRC_ERROR); 197 } 198 199 param->rw_vdb.vdb_uio.uio_loffset = (offset_t)param->rw_offset; 200 201 rc = smb_common_write(sr, param); 202 } 203 204 if (rc != 0) { 205 if (sr->smb_error.status != NT_STATUS_FILE_LOCK_CONFLICT) 206 smbsr_errno(sr, rc); 207 return (SDRC_ERROR); 208 } 209 210 smb_ofile_close(sr->fid_ofile, param->rw_last_write); 211 212 count = (uint16_t)param->rw_count; 213 rc = smbsr_encode_result(sr, 1, 0, "bww", 1, count, 0); 214 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 215 } 216 217 /* 218 * Write count bytes to a file at the specified offset and then unlock 219 * them. Write behind is safe because the client should have the range 220 * locked and this request is allowed to extend the file - note that 221 * offset is limited to 32-bits. 222 * 223 * Spec advice: it is an error for count to be zero. For compatibility, 224 * we take no action and return success. 225 * 226 * The SmbLockAndRead/SmbWriteAndUnlock sub-dialect is only valid on disk 227 * files. Reject any attempt to use it on other shares. 228 * 229 * The response count indicates the actual number of bytes written, which 230 * will equal the requested count on success. If request and response 231 * counts differ but there is no error, the client will assume that the 232 * server encountered a resource issue. 233 */ 234 smb_sdrc_t 235 smb_pre_write_and_unlock(smb_request_t *sr) 236 { 237 smb_rw_param_t *param; 238 uint32_t off; 239 uint16_t count; 240 uint16_t remcnt; 241 int rc; 242 243 param = kmem_zalloc(sizeof (smb_rw_param_t), KM_SLEEP); 244 sr->arg.rw = param; 245 param->rw_magic = SMB_RW_MAGIC; 246 247 rc = smbsr_decode_vwv(sr, "wwlw", &sr->smb_fid, &count, &off, &remcnt); 248 249 param->rw_count = (uint32_t)count; 250 param->rw_offset = (uint64_t)off; 251 252 DTRACE_SMB_2(op__WriteAndUnlock__start, smb_request_t *, sr, 253 smb_rw_param_t *, param); 254 255 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 256 } 257 258 void 259 smb_post_write_and_unlock(smb_request_t *sr) 260 { 261 DTRACE_SMB_2(op__WriteAndUnlock__done, smb_request_t *, sr, 262 smb_rw_param_t *, sr->arg.rw); 263 264 kmem_free(sr->arg.rw, sizeof (smb_rw_param_t)); 265 } 266 267 smb_sdrc_t 268 smb_com_write_and_unlock(smb_request_t *sr) 269 { 270 smb_rw_param_t *param = sr->arg.rw; 271 uint32_t status; 272 int rc = 0; 273 274 if (STYPE_ISDSK(sr->tid_tree->t_res_type) == 0) { 275 smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRDOS, ERRnoaccess); 276 return (SDRC_ERROR); 277 } 278 279 smbsr_lookup_file(sr); 280 if (sr->fid_ofile == NULL) { 281 smbsr_error(sr, NT_STATUS_INVALID_HANDLE, ERRDOS, ERRbadfid); 282 return (SDRC_ERROR); 283 } 284 285 sr->user_cr = smb_ofile_getcred(sr->fid_ofile); 286 287 if (param->rw_count == 0) { 288 rc = smbsr_encode_result(sr, 1, 0, "bww", 1, 0, 0); 289 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 290 } 291 292 293 rc = smbsr_decode_data(sr, "D", ¶m->rw_vdb); 294 295 if ((rc != 0) || (param->rw_count != param->rw_vdb.vdb_len)) { 296 smbsr_error(sr, NT_STATUS_INVALID_PARAMETER, 297 ERRDOS, ERROR_INVALID_PARAMETER); 298 return (SDRC_ERROR); 299 } 300 301 param->rw_vdb.vdb_uio.uio_loffset = (offset_t)param->rw_offset; 302 303 if ((rc = smb_common_write(sr, param)) != 0) { 304 if (sr->smb_error.status != NT_STATUS_FILE_LOCK_CONFLICT) 305 smbsr_errno(sr, rc); 306 return (SDRC_ERROR); 307 } 308 309 status = smb_unlock_range(sr, sr->fid_ofile->f_node, param->rw_offset, 310 (uint64_t)param->rw_count); 311 if (status != NT_STATUS_SUCCESS) { 312 smbsr_error(sr, NT_STATUS_RANGE_NOT_LOCKED, 313 ERRDOS, ERROR_NOT_LOCKED); 314 return (SDRC_ERROR); 315 } 316 317 rc = smbsr_encode_result(sr, 1, 0, "bww", 1, 318 (uint16_t)param->rw_count, 0); 319 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 320 } 321 322 /* 323 * Write bytes to a file (SMB Core). This request was extended in 324 * LM 0.12 to support 64-bit offsets, indicated by sending a wct of 325 * 14, instead of 12, and including additional offset information. 326 * 327 * A ByteCount of 0 does not truncate the file - use SMB_COM_WRITE 328 * to truncate a file. A zero length merely transfers zero bytes. 329 * 330 * If bit 0 of WriteMode is set, Fid must refer to a disk file and 331 * the data must be on stable storage before responding. 332 * 333 * MS-SMB 3.3.5.8 update to LM 0.12 4.2.5: 334 * If CAP_LARGE_WRITEX is set, the byte count may be larger than the 335 * negotiated buffer size and the server is expected to write the 336 * number of bytes specified. 337 */ 338 smb_sdrc_t 339 smb_pre_write_andx(smb_request_t *sr) 340 { 341 smb_rw_param_t *param; 342 uint32_t off_low; 343 uint32_t off_high; 344 uint16_t datalen_low; 345 uint16_t datalen_high; 346 uint16_t remcnt; 347 int rc; 348 349 param = kmem_zalloc(sizeof (smb_rw_param_t), KM_SLEEP); 350 sr->arg.rw = param; 351 param->rw_magic = SMB_RW_MAGIC; 352 353 if (sr->smb_wct == 14) { 354 rc = smbsr_decode_vwv(sr, "4.wl4.wwwwwl", &sr->smb_fid, 355 &off_low, ¶m->rw_mode, &remcnt, &datalen_high, 356 &datalen_low, ¶m->rw_dsoff, &off_high); 357 358 param->rw_dsoff -= 63; 359 param->rw_offset = ((uint64_t)off_high << 32) | off_low; 360 } else { 361 rc = smbsr_decode_vwv(sr, "4.wl4.wwwww", &sr->smb_fid, 362 &off_low, ¶m->rw_mode, &remcnt, &datalen_high, 363 &datalen_low, ¶m->rw_dsoff); 364 365 param->rw_offset = (uint64_t)off_low; 366 param->rw_dsoff -= 59; 367 } 368 369 param->rw_count = (uint32_t)datalen_low; 370 371 if (sr->session->capabilities & CAP_LARGE_WRITEX) 372 param->rw_count |= ((uint32_t)datalen_high << 16); 373 374 DTRACE_SMB_2(op__WriteX__start, smb_request_t *, sr, 375 smb_rw_param_t *, param); 376 377 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 378 } 379 380 void 381 smb_post_write_andx(smb_request_t *sr) 382 { 383 DTRACE_SMB_2(op__WriteX__done, smb_request_t *, sr, 384 smb_rw_param_t *, sr->arg.rw); 385 386 kmem_free(sr->arg.rw, sizeof (smb_rw_param_t)); 387 } 388 389 smb_sdrc_t 390 smb_com_write_andx(smb_request_t *sr) 391 { 392 smb_rw_param_t *param = sr->arg.rw; 393 uint16_t count_high; 394 uint16_t count_low; 395 int rc; 396 397 ASSERT(param); 398 ASSERT(param->rw_magic == SMB_RW_MAGIC); 399 400 smbsr_lookup_file(sr); 401 if (sr->fid_ofile == NULL) { 402 smbsr_error(sr, NT_STATUS_INVALID_HANDLE, ERRDOS, ERRbadfid); 403 return (SDRC_ERROR); 404 } 405 406 sr->user_cr = smb_ofile_getcred(sr->fid_ofile); 407 408 if (SMB_WRMODE_IS_STABLE(param->rw_mode) && 409 STYPE_ISIPC(sr->tid_tree->t_res_type)) { 410 smbsr_error(sr, 0, ERRSRV, ERRaccess); 411 return (SDRC_ERROR); 412 } 413 414 rc = smbsr_decode_data(sr, "#.#B", param->rw_dsoff, param->rw_count, 415 ¶m->rw_vdb); 416 417 if ((rc != 0) || (param->rw_vdb.vdb_len != param->rw_count)) { 418 smbsr_error(sr, NT_STATUS_INVALID_PARAMETER, 419 ERRDOS, ERROR_INVALID_PARAMETER); 420 return (SDRC_ERROR); 421 } 422 423 param->rw_vdb.vdb_uio.uio_loffset = (offset_t)param->rw_offset; 424 425 if (param->rw_count != 0) { 426 if ((rc = smb_common_write(sr, param)) != 0) { 427 if (sr->smb_error.status != 428 NT_STATUS_FILE_LOCK_CONFLICT) 429 smbsr_errno(sr, rc); 430 return (SDRC_ERROR); 431 } 432 } 433 434 count_low = param->rw_count & 0xFFFF; 435 count_high = (param->rw_count >> 16) & 0xFF; 436 437 rc = smbsr_encode_result(sr, 6, 0, "bb1.wwwwww", 438 6, sr->andx_com, 15, count_low, 0, count_high, 0, 0); 439 440 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 441 } 442 443 /* 444 * Common function for writing files or IPC/MSRPC named pipes. 445 * 446 * Returns errno values. 447 */ 448 int 449 smb_common_write(smb_request_t *sr, smb_rw_param_t *param) 450 { 451 smb_ofile_t *ofile = sr->fid_ofile; 452 smb_node_t *node; 453 int stability = 0; 454 uint32_t lcount; 455 int rc = 0; 456 457 switch (sr->tid_tree->t_res_type & STYPE_MASK) { 458 case STYPE_DISKTREE: 459 case STYPE_PRINTQ: 460 node = ofile->f_node; 461 462 if (!smb_node_is_dir(node)) { 463 rc = smb_lock_range_access(sr, node, param->rw_offset, 464 param->rw_count, B_TRUE); 465 if (rc != NT_STATUS_SUCCESS) { 466 smbsr_error(sr, NT_STATUS_FILE_LOCK_CONFLICT, 467 ERRDOS, ERROR_LOCK_VIOLATION); 468 return (EACCES); 469 } 470 } 471 472 if (SMB_WRMODE_IS_STABLE(param->rw_mode) || 473 (node->flags & NODE_FLAGS_WRITE_THROUGH)) { 474 stability = FSYNC; 475 } 476 477 rc = smb_fsop_write(sr, sr->user_cr, node, 478 ¶m->rw_vdb.vdb_uio, &lcount, stability); 479 480 if (rc) 481 return (rc); 482 483 /* 484 * Used to have code here to set mtime. 485 * We have just done a write, so we know 486 * the file system will update mtime. 487 * No need to do it again here. 488 * 489 * However, keep track of the fact that 490 * we have written data via this handle. 491 */ 492 ofile->f_written = B_TRUE; 493 494 if (!smb_node_is_dir(node)) 495 smb_oplock_break_levelII(node); 496 497 param->rw_count = lcount; 498 break; 499 500 case STYPE_IPC: 501 param->rw_count = param->rw_vdb.vdb_uio.uio_resid; 502 503 if ((rc = smb_opipe_write(sr, ¶m->rw_vdb.vdb_uio)) != 0) 504 param->rw_count = 0; 505 break; 506 507 default: 508 rc = EACCES; 509 break; 510 } 511 512 if (rc != 0) 513 return (rc); 514 515 mutex_enter(&ofile->f_mutex); 516 ofile->f_seek_pos = param->rw_offset + param->rw_count; 517 mutex_exit(&ofile->f_mutex); 518 return (rc); 519 } 520 521 /* 522 * Truncate a disk file to the specified offset. 523 * Typically, w_count will be zero here. 524 * 525 * Note that smb_write_andx cannot be used to reduce the file size so, 526 * if this is required, smb_write is called with a count of zero and 527 * the appropriate file length in offset. The file should be resized 528 * to the length specified by the offset. 529 * 530 * Returns errno values. 531 */ 532 static int 533 smb_write_truncate(smb_request_t *sr, smb_rw_param_t *param) 534 { 535 smb_ofile_t *ofile = sr->fid_ofile; 536 smb_node_t *node = ofile->f_node; 537 smb_attr_t attr; 538 uint32_t status; 539 int rc; 540 541 if (STYPE_ISIPC(sr->tid_tree->t_res_type)) 542 return (0); 543 544 mutex_enter(&node->n_mutex); 545 if (!smb_node_is_dir(node)) { 546 status = smb_lock_range_access(sr, node, param->rw_offset, 547 param->rw_count, B_TRUE); 548 if (status != NT_STATUS_SUCCESS) { 549 mutex_exit(&node->n_mutex); 550 smbsr_error(sr, NT_STATUS_FILE_LOCK_CONFLICT, 551 ERRDOS, ERROR_LOCK_VIOLATION); 552 return (EACCES); 553 } 554 } 555 mutex_exit(&node->n_mutex); 556 557 bzero(&attr, sizeof (smb_attr_t)); 558 attr.sa_mask = SMB_AT_SIZE; 559 attr.sa_vattr.va_size = param->rw_offset; 560 rc = smb_node_setattr(sr, node, sr->user_cr, ofile, &attr); 561 if (rc != 0) 562 return (rc); 563 564 mutex_enter(&ofile->f_mutex); 565 ofile->f_seek_pos = param->rw_offset + param->rw_count; 566 mutex_exit(&ofile->f_mutex); 567 return (0); 568 } 569