1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/sid.h> 29 #include <smbsrv/smb_fsops.h> 30 #include <smbsrv/smb_kproto.h> 31 #include <smbsrv/smbvar.h> 32 #include <smbsrv/ntstatus.h> 33 #include <smbsrv/ntaccess.h> 34 #include <acl/acl_common.h> 35 36 u_longlong_t smb_caller_id; 37 38 static int smb_fsop_amask_to_omode(uint32_t granted_access); 39 static int smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, 40 smb_fssd_t *fs_sd); 41 42 /* 43 * The smb_fsop_* functions have knowledge of CIFS semantics. 44 * 45 * The smb_vop_* functions have minimal knowledge of CIFS semantics and 46 * serve as an interface to the VFS layer. 47 * 48 * Hence, smb_request_t and smb_node_t structures should not be passed 49 * from the smb_fsop_* layer to the smb_vop_* layer. 50 * 51 * In general, CIFS service code should only ever call smb_fsop_* 52 * functions directly, and never smb_vop_* functions directly. 53 * 54 * smb_fsop_* functions should call smb_vop_* functions where possible, instead 55 * of their smb_fsop_* counterparts. However, there are times when 56 * this cannot be avoided. 57 */ 58 59 /* 60 * Note: Stream names cannot be mangled. 61 */ 62 63 int 64 smb_fsop_start() 65 { 66 int error; 67 68 smb_caller_id = fs_new_caller_id(); 69 error = smb_node_root_init(); 70 71 if (error == 0) 72 error = smb_fem_init(); 73 74 return (error); 75 } 76 77 void 78 smb_fsop_stop() 79 { 80 smb_fem_shutdown(); 81 smb_vfs_rele_all(); 82 smb_node_root_fini(); 83 } 84 85 int 86 smb_fsop_open(smb_ofile_t *of) 87 { 88 caller_context_t ct; 89 int mode; 90 91 mode = smb_fsop_amask_to_omode(of->f_granted_access); 92 93 smb_get_caller_context(NULL, &ct); 94 95 /* 96 * Assuming that same vnode is returned as we had before 97 * (i.e. no special vnodes) 98 */ 99 100 return (smb_vop_open(&of->f_node->vp, mode, of->f_cr, &ct)); 101 } 102 103 int 104 smb_fsop_close(smb_ofile_t *of) 105 { 106 caller_context_t ct; 107 int mode; 108 109 mode = smb_fsop_amask_to_omode(of->f_granted_access); 110 111 smb_get_caller_context(NULL, &ct); 112 113 return (smb_vop_close(of->f_node->vp, mode, of->f_cr, &ct)); 114 } 115 116 static int 117 smb_fsop_amask_to_omode(uint32_t granted_access) 118 { 119 int mode = 0; 120 121 if (granted_access & (ACE_READ_DATA | ACE_EXECUTE)) 122 mode |= FREAD; 123 124 if (granted_access & (ACE_WRITE_DATA | ACE_APPEND_DATA)) 125 mode |= FWRITE; 126 127 if (granted_access & ACE_APPEND_DATA) 128 mode |= FAPPEND; 129 130 return (mode); 131 } 132 133 static int 134 smb_fsop_create_with_sd( 135 struct smb_request *sr, 136 cred_t *cr, 137 smb_node_t *snode, 138 char *name, 139 smb_attr_t *attr, 140 smb_node_t **ret_snode, 141 smb_attr_t *ret_attr, 142 smb_fssd_t *fs_sd) 143 { 144 caller_context_t ct; 145 vsecattr_t *vsap; 146 vsecattr_t vsecattr; 147 acl_t *acl, *dacl, *sacl; 148 smb_attr_t set_attr; 149 vnode_t *vp; 150 int aclbsize = 0; /* size of acl list in bytes */ 151 int flags = 0; 152 int is_dir; 153 int rc; 154 boolean_t no_xvattr = B_FALSE; 155 156 ASSERT(fs_sd); 157 158 if (SMB_TREE_CASE_INSENSITIVE(sr)) 159 flags = SMB_IGNORE_CASE; 160 161 ASSERT(cr); 162 smb_get_caller_context(sr, &ct); 163 164 is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0); 165 166 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACLONCREATE) { 167 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 168 dacl = fs_sd->sd_zdacl; 169 sacl = fs_sd->sd_zsacl; 170 ASSERT(dacl || sacl); 171 if (dacl && sacl) { 172 acl = smb_fsacl_merge(dacl, sacl); 173 } else if (dacl) { 174 acl = dacl; 175 } else { 176 acl = sacl; 177 } 178 179 rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize); 180 181 if (dacl && sacl) 182 acl_free(acl); 183 184 if (rc) 185 return (rc); 186 187 vsap = &vsecattr; 188 } 189 else 190 vsap = NULL; 191 192 if (is_dir) { 193 rc = smb_vop_mkdir(snode->vp, name, attr, &vp, flags, 194 cr, &ct, vsap); 195 } else { 196 rc = smb_vop_create(snode->vp, name, attr, &vp, flags, 197 cr, &ct, vsap); 198 } 199 200 if (vsap != NULL) 201 kmem_free(vsap->vsa_aclentp, aclbsize); 202 203 if (rc != 0) 204 return (rc); 205 206 set_attr.sa_mask = 0; 207 208 /* 209 * Ideally we should be able to specify the owner and owning 210 * group at create time along with the ACL. Since we cannot 211 * do that right now, kcred is passed to smb_vop_setattr so it 212 * doesn't fail due to lack of permission. 213 */ 214 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 215 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 216 set_attr.sa_mask |= SMB_AT_UID; 217 } 218 219 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 220 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 221 set_attr.sa_mask |= SMB_AT_GID; 222 } 223 224 if (set_attr.sa_mask) { 225 if (sr && sr->tid_tree) 226 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 227 no_xvattr = B_TRUE; 228 rc = smb_vop_setattr(snode->vp, NULL, &set_attr, 229 0, kcred, no_xvattr, &ct); 230 } 231 232 } else { 233 /* 234 * For filesystems that don't support ACL-on-create, try 235 * to set the specified SD after create, which could actually 236 * fail because of conflicts between inherited security 237 * attributes upon creation and the specified SD. 238 * 239 * Passing kcred to smb_fsop_sdwrite() to overcome this issue. 240 */ 241 242 if (is_dir) { 243 rc = smb_vop_mkdir(snode->vp, name, attr, &vp, flags, 244 cr, &ct, NULL); 245 } else { 246 rc = smb_vop_create(snode->vp, name, attr, &vp, flags, 247 cr, &ct, NULL); 248 } 249 250 if (rc != 0) 251 return (rc); 252 253 if ((sr->tid_tree->t_flags & SMB_TREE_FLAG_NFS_MOUNTED) == 0) 254 rc = smb_fsop_sdwrite(sr, kcred, snode, fs_sd, 1); 255 } 256 257 if (rc == 0) { 258 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, name, 259 snode, NULL, ret_attr); 260 261 if (*ret_snode == NULL) { 262 VN_RELE(vp); 263 rc = ENOMEM; 264 } 265 } 266 267 if (rc != 0) { 268 if (is_dir) { 269 (void) smb_vop_rmdir(snode->vp, name, flags, cr, &ct); 270 } else { 271 (void) smb_vop_remove(snode->vp, name, flags, cr, &ct); 272 } 273 } 274 275 return (rc); 276 } 277 278 279 /* 280 * smb_fsop_create 281 * 282 * All SMB functions should use this wrapper to ensure that 283 * all the smb_vop_creates are performed with the appropriate credentials. 284 * Please document any direct calls to explain the reason 285 * for avoiding this wrapper. 286 * 287 * It is assumed that a reference exists on snode coming into this routine. 288 * 289 * *ret_snode is returned with a reference upon success. No reference is 290 * taken if an error is returned. 291 */ 292 293 int 294 smb_fsop_create( 295 struct smb_request *sr, 296 cred_t *cr, 297 smb_node_t *dir_snode, 298 char *name, 299 smb_attr_t *attr, 300 smb_node_t **ret_snode, 301 smb_attr_t *ret_attr) 302 { 303 struct open_param *op = &sr->arg.open; 304 smb_node_t *fnode; 305 smb_attr_t file_attr; 306 caller_context_t ct; 307 vnode_t *xattrdirvp; 308 vnode_t *vp; 309 char *longname = NULL; 310 char *namep; 311 char *fname; 312 char *sname; 313 int is_stream; 314 int flags = 0; 315 int rc = 0; 316 smb_fssd_t fs_sd; 317 uint32_t secinfo; 318 uint32_t status; 319 320 ASSERT(cr); 321 ASSERT(dir_snode); 322 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 323 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 324 325 ASSERT(ret_snode); 326 *ret_snode = 0; 327 328 ASSERT(name); 329 if (*name == 0) 330 return (EINVAL); 331 332 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 333 return (EACCES); 334 335 ASSERT(sr); 336 ASSERT(sr->tid_tree); 337 if (SMB_TREE_IS_READ_ONLY(sr)) 338 return (EROFS); 339 340 if (SMB_TREE_CASE_INSENSITIVE(sr)) 341 flags = SMB_IGNORE_CASE; 342 343 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 344 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 345 346 is_stream = smb_stream_parse_name(name, fname, sname); 347 348 if (is_stream) 349 namep = fname; 350 else 351 namep = name; 352 353 if (smb_maybe_mangled_name(namep)) { 354 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 355 356 rc = smb_unmangle_name(sr, cr, dir_snode, namep, longname, 357 MAXNAMELEN, NULL, NULL, 1); 358 359 if ((is_stream == 0) && (rc == 0)) 360 rc = EEXIST; 361 362 if ((is_stream && rc) || 363 ((is_stream == 0) && (rc != ENOENT))) { 364 kmem_free(longname, MAXNAMELEN); 365 kmem_free(fname, MAXNAMELEN); 366 kmem_free(sname, MAXNAMELEN); 367 return (rc); 368 } 369 370 if (is_stream) 371 namep = longname; 372 else 373 kmem_free(longname, MAXNAMELEN); 374 } 375 376 if (is_stream) { 377 /* 378 * Look up the unnamed stream. 379 * 380 * Mangle processing in smb_fsop_lookup() for the unnamed 381 * stream won't be needed (as it was done above), but 382 * it may be needed on any link target (which 383 * smb_fsop_lookup() will provide). 384 */ 385 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 386 sr->tid_tree->t_snode, dir_snode, namep, &fnode, &file_attr, 387 0, 0); 388 389 if (longname) { 390 kmem_free(longname, MAXNAMELEN); 391 namep = NULL; 392 } 393 394 if (rc != 0) { 395 kmem_free(fname, MAXNAMELEN); 396 kmem_free(sname, MAXNAMELEN); 397 return (rc); 398 } 399 400 smb_get_caller_context(sr, &ct); 401 402 rc = smb_vop_stream_create(fnode->vp, sname, attr, &vp, 403 &xattrdirvp, flags, cr, &ct); 404 405 if (rc != 0) { 406 smb_node_release(fnode); 407 kmem_free(fname, MAXNAMELEN); 408 kmem_free(sname, MAXNAMELEN); 409 return (rc); 410 } 411 412 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 413 vp, sname, ret_attr); 414 415 smb_node_release(fnode); 416 417 if (*ret_snode == NULL) { 418 VN_RELE(xattrdirvp); 419 VN_RELE(vp); 420 kmem_free(fname, MAXNAMELEN); 421 kmem_free(sname, MAXNAMELEN); 422 return (ENOMEM); 423 } 424 } else { 425 if (op->sd) { 426 /* 427 * SD sent by client in Windows format. Needs to be 428 * converted to FS format. No inheritance. 429 */ 430 secinfo = smb_sd_get_secinfo(op->sd); 431 smb_fssd_init(&fs_sd, secinfo, 0); 432 433 status = smb_sd_tofs(op->sd, &fs_sd); 434 if (status == NT_STATUS_SUCCESS) { 435 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 436 name, attr, ret_snode, ret_attr, &fs_sd); 437 } 438 else 439 rc = EINVAL; 440 smb_fssd_term(&fs_sd); 441 } else if (sr->tid_tree->t_acltype == ACE_T) { 442 /* 443 * No incoming SD and filesystem is ZFS 444 * Server applies Windows inheritance rules, 445 * see smb_fsop_sdinherit() comments as to why. 446 */ 447 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0); 448 rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd); 449 if (rc == 0) { 450 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 451 name, attr, ret_snode, ret_attr, &fs_sd); 452 } 453 454 smb_fssd_term(&fs_sd); 455 } else { 456 /* 457 * No incoming SD and filesystem is not ZFS 458 * let the filesystem handles the inheritance. 459 */ 460 smb_get_caller_context(sr, &ct); 461 rc = smb_vop_create(dir_snode->vp, name, attr, &vp, 462 flags, cr, &ct, NULL); 463 464 if (rc == 0) { 465 *ret_snode = smb_node_lookup(sr, op, cr, vp, 466 name, dir_snode, NULL, ret_attr); 467 468 if (*ret_snode == NULL) { 469 VN_RELE(vp); 470 rc = ENOMEM; 471 } 472 } 473 474 } 475 } 476 477 kmem_free(fname, MAXNAMELEN); 478 kmem_free(sname, MAXNAMELEN); 479 return (rc); 480 } 481 482 /* 483 * smb_fsop_mkdir 484 * 485 * All SMB functions should use this wrapper to ensure that 486 * the the calls are performed with the appropriate credentials. 487 * Please document any direct call to explain the reason 488 * for avoiding this wrapper. 489 * 490 * It is assumed that a reference exists on snode coming into this routine. 491 * 492 * *ret_snode is returned with a reference upon success. No reference is 493 * taken if an error is returned. 494 */ 495 int 496 smb_fsop_mkdir( 497 struct smb_request *sr, 498 cred_t *cr, 499 smb_node_t *dir_snode, 500 char *name, 501 smb_attr_t *attr, 502 smb_node_t **ret_snode, 503 smb_attr_t *ret_attr) 504 { 505 struct open_param *op = &sr->arg.open; 506 caller_context_t ct; 507 char *longname; 508 vnode_t *vp; 509 int flags = 0; 510 smb_fssd_t fs_sd; 511 uint32_t secinfo; 512 uint32_t status; 513 int rc; 514 515 ASSERT(cr); 516 ASSERT(dir_snode); 517 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 518 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 519 520 ASSERT(ret_snode); 521 *ret_snode = 0; 522 523 ASSERT(name); 524 if (*name == 0) 525 return (EINVAL); 526 527 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 528 return (EACCES); 529 530 ASSERT(sr); 531 ASSERT(sr->tid_tree); 532 if (SMB_TREE_IS_READ_ONLY(sr)) 533 return (EROFS); 534 535 if (smb_maybe_mangled_name(name)) { 536 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 537 rc = smb_unmangle_name(sr, cr, dir_snode, name, longname, 538 MAXNAMELEN, NULL, NULL, 1); 539 540 kmem_free(longname, MAXNAMELEN); 541 542 /* 543 * If the name passed in by the client has an unmangled 544 * equivalent that is found in the specified directory, 545 * then the mkdir cannot succeed. Return EEXIST. 546 * 547 * Only if ENOENT is returned will a mkdir be attempted. 548 */ 549 550 if (rc == 0) 551 rc = EEXIST; 552 553 if (rc != ENOENT) 554 return (rc); 555 } 556 557 if (SMB_TREE_CASE_INSENSITIVE(sr)) 558 flags = SMB_IGNORE_CASE; 559 560 smb_get_caller_context(sr, &ct); 561 562 if (op->sd) { 563 /* 564 * SD sent by client in Windows format. Needs to be 565 * converted to FS format. No inheritance. 566 */ 567 secinfo = smb_sd_get_secinfo(op->sd); 568 smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR); 569 570 status = smb_sd_tofs(op->sd, &fs_sd); 571 if (status == NT_STATUS_SUCCESS) { 572 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 573 name, attr, ret_snode, ret_attr, &fs_sd); 574 } 575 else 576 rc = EINVAL; 577 smb_fssd_term(&fs_sd); 578 } else if (sr->tid_tree->t_acltype == ACE_T) { 579 /* 580 * No incoming SD and filesystem is ZFS 581 * Server applies Windows inheritance rules, 582 * see smb_fsop_sdinherit() comments as to why. 583 */ 584 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR); 585 rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd); 586 if (rc == 0) { 587 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 588 name, attr, ret_snode, ret_attr, &fs_sd); 589 } 590 591 smb_fssd_term(&fs_sd); 592 593 } else { 594 rc = smb_vop_mkdir(dir_snode->vp, name, attr, &vp, flags, cr, 595 &ct, NULL); 596 597 if (rc == 0) { 598 *ret_snode = smb_node_lookup(sr, op, cr, vp, name, 599 dir_snode, NULL, ret_attr); 600 601 if (*ret_snode == NULL) { 602 VN_RELE(vp); 603 rc = ENOMEM; 604 } 605 } 606 } 607 608 return (rc); 609 } 610 611 /* 612 * smb_fsop_remove 613 * 614 * All SMB functions should use this wrapper to ensure that 615 * the the calls are performed with the appropriate credentials. 616 * Please document any direct call to explain the reason 617 * for avoiding this wrapper. 618 * 619 * It is assumed that a reference exists on snode coming into this routine. 620 * 621 * od: This means that the name passed in is an on-disk name. 622 * A null smb_request might be passed to this function. 623 */ 624 625 int 626 smb_fsop_remove( 627 struct smb_request *sr, 628 cred_t *cr, 629 smb_node_t *dir_snode, 630 char *name, 631 int od) 632 { 633 smb_node_t *fnode; 634 smb_attr_t file_attr; 635 caller_context_t ct; 636 char *longname; 637 char *fname; 638 char *sname; 639 int flags = 0; 640 int rc; 641 642 ASSERT(cr); 643 /* 644 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 645 * function is called during the deletion of the node (because of 646 * DELETE_ON_CLOSE). 647 */ 648 ASSERT(dir_snode); 649 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 650 651 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 652 return (EACCES); 653 654 if (SMB_TREE_IS_READ_ONLY(sr)) 655 return (EROFS); 656 657 smb_get_caller_context(sr, &ct); 658 659 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 660 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 661 662 if (smb_stream_parse_name(name, fname, sname)) { 663 664 ASSERT(od == 0); 665 666 if (SMB_TREE_CASE_INSENSITIVE(sr)) 667 flags = SMB_IGNORE_CASE; 668 669 /* 670 * Look up the unnamed stream (i.e. fname). 671 * Unmangle processing will be done on fname 672 * as well as any link target. 673 */ 674 675 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 676 sr->tid_tree->t_snode, dir_snode, fname, &fnode, &file_attr, 677 0, 0); 678 679 if (rc != 0) { 680 kmem_free(fname, MAXNAMELEN); 681 kmem_free(sname, MAXNAMELEN); 682 return (rc); 683 } 684 685 /* 686 * XXX 687 * Need to find out what permission is required by NTFS 688 * to remove a stream. 689 */ 690 rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr, &ct); 691 692 smb_node_release(fnode); 693 } else { 694 /* 695 * If the passed-in name is an on-disk name, 696 * then we need to do a case-sensitive remove. 697 * This is important if the on-disk name 698 * corresponds to a mangled name passed in by 699 * the client. We want to make sure to remove 700 * the exact file specified by the client, 701 * instead of letting the underlying file system 702 * do a remove on the "first match." 703 */ 704 705 if ((od == 0) && SMB_TREE_CASE_INSENSITIVE(sr)) 706 flags = SMB_IGNORE_CASE; 707 708 rc = smb_vop_remove(dir_snode->vp, name, flags, cr, &ct); 709 710 if (rc == ENOENT) { 711 if (smb_maybe_mangled_name(name) == 0) { 712 kmem_free(fname, MAXNAMELEN); 713 kmem_free(sname, MAXNAMELEN); 714 return (rc); 715 } 716 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 717 718 rc = smb_unmangle_name(sr, cr, dir_snode, name, 719 longname, MAXNAMELEN, NULL, NULL, 1); 720 721 if (rc == 0) { 722 /* 723 * We passed "1" as the "od" parameter 724 * to smb_unmangle_name(), such that longname 725 * is the real (case-sensitive) on-disk name. 726 * We make sure we do a remove on this exact 727 * name, as the name was mangled and denotes 728 * a unique file. 729 */ 730 flags &= ~SMB_IGNORE_CASE; 731 rc = smb_vop_remove(dir_snode->vp, longname, 732 flags, cr, &ct); 733 } 734 735 kmem_free(longname, MAXNAMELEN); 736 } 737 } 738 739 kmem_free(fname, MAXNAMELEN); 740 kmem_free(sname, MAXNAMELEN); 741 return (rc); 742 } 743 744 /* 745 * smb_fsop_remove_streams 746 * 747 * This function removes a file's streams without removing the 748 * file itself. 749 * 750 * It is assumed that snode is not a link. 751 */ 752 int 753 smb_fsop_remove_streams(struct smb_request *sr, cred_t *cr, 754 smb_node_t *fnode) 755 { 756 struct fs_stream_info stream_info; 757 caller_context_t ct; 758 uint32_t cookie = 0; 759 int flags = 0; 760 int rc; 761 762 ASSERT(cr); 763 ASSERT(fnode); 764 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 765 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 766 767 if (SMB_TREE_ROOT_FS(sr, fnode) == 0) 768 return (EACCES); 769 770 if (SMB_TREE_IS_READ_ONLY(sr)) 771 return (EROFS); 772 773 if (SMB_TREE_CASE_INSENSITIVE(sr)) 774 flags = SMB_IGNORE_CASE; 775 776 smb_get_caller_context(sr, &ct); 777 778 for (;;) { 779 rc = smb_vop_stream_readdir(fnode->vp, &cookie, &stream_info, 780 NULL, NULL, flags, cr, &ct); 781 782 if ((rc != 0) || (cookie == SMB_EOF)) 783 break; 784 785 (void) smb_vop_stream_remove(fnode->vp, stream_info.name, flags, 786 cr, &ct); 787 } 788 return (rc); 789 } 790 791 /* 792 * smb_fsop_rmdir 793 * 794 * All SMB functions should use this wrapper to ensure that 795 * the the calls are performed with the appropriate credentials. 796 * Please document any direct call to explain the reason 797 * for avoiding this wrapper. 798 * 799 * It is assumed that a reference exists on snode coming into this routine. 800 * 801 * od: This means that the name passed in is an on-disk name. 802 */ 803 804 int 805 smb_fsop_rmdir( 806 struct smb_request *sr, 807 cred_t *cr, 808 smb_node_t *dir_snode, 809 char *name, 810 int od) 811 { 812 caller_context_t ct; 813 int rc; 814 int flags = 0; 815 char *longname; 816 817 ASSERT(cr); 818 /* 819 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 820 * function is called during the deletion of the node (because of 821 * DELETE_ON_CLOSE). 822 */ 823 ASSERT(dir_snode); 824 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 825 826 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 827 return (EACCES); 828 829 if (SMB_TREE_IS_READ_ONLY(sr)) 830 return (EROFS); 831 832 /* 833 * If the passed-in name is an on-disk name, 834 * then we need to do a case-sensitive rmdir. 835 * This is important if the on-disk name 836 * corresponds to a mangled name passed in by 837 * the client. We want to make sure to remove 838 * the exact directory specified by the client, 839 * instead of letting the underlying file system 840 * do a rmdir on the "first match." 841 */ 842 843 if ((od == 0) && SMB_TREE_CASE_INSENSITIVE(sr)) 844 flags = SMB_IGNORE_CASE; 845 846 smb_get_caller_context(sr, &ct); 847 848 rc = smb_vop_rmdir(dir_snode->vp, name, flags, cr, &ct); 849 850 if (rc == ENOENT) { 851 if (smb_maybe_mangled_name(name) == 0) 852 return (rc); 853 854 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 855 856 rc = smb_unmangle_name(sr, cr, dir_snode, 857 name, longname, MAXNAMELEN, NULL, 858 NULL, 1); 859 860 if (rc == 0) { 861 /* 862 * We passed "1" as the "od" parameter 863 * to smb_unmangle_name(), such that longname 864 * is the real (case-sensitive) on-disk name. 865 * We make sure we do a rmdir on this exact 866 * name, as the name was mangled and denotes 867 * a unique directory. 868 */ 869 flags &= ~SMB_IGNORE_CASE; 870 rc = smb_vop_rmdir(dir_snode->vp, longname, flags, cr, 871 &ct); 872 } 873 874 kmem_free(longname, MAXNAMELEN); 875 } 876 877 return (rc); 878 } 879 880 /* 881 * smb_fsop_getattr 882 * 883 * All SMB functions should use this wrapper to ensure that 884 * the the calls are performed with the appropriate credentials. 885 * Please document any direct call to explain the reason 886 * for avoiding this wrapper. 887 * 888 * It is assumed that a reference exists on snode coming into this routine. 889 */ 890 int 891 smb_fsop_getattr(struct smb_request *sr, cred_t *cr, smb_node_t *snode, 892 smb_attr_t *attr) 893 { 894 smb_node_t *unnamed_node; 895 vnode_t *unnamed_vp = NULL; 896 caller_context_t ct; 897 uint32_t status; 898 uint32_t access = 0; 899 int flags = 0; 900 901 ASSERT(cr); 902 ASSERT(snode); 903 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 904 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 905 906 if (SMB_TREE_ROOT_FS(sr, snode) == 0) 907 return (EACCES); 908 909 if (sr->fid_ofile) { 910 /* if uid and/or gid is requested */ 911 if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 912 access |= READ_CONTROL; 913 914 /* if anything else is also requested */ 915 if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 916 access |= FILE_READ_ATTRIBUTES; 917 918 status = smb_ofile_access(sr->fid_ofile, cr, access); 919 if (status != NT_STATUS_SUCCESS) 920 return (EACCES); 921 922 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 923 flags = ATTR_NOACLCHECK; 924 } 925 926 smb_get_caller_context(sr, &ct); 927 928 unnamed_node = SMB_IS_STREAM(snode); 929 930 if (unnamed_node) { 931 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 932 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 933 unnamed_vp = unnamed_node->vp; 934 } 935 936 return (smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr, &ct)); 937 } 938 939 /* 940 * smb_fsop_readdir 941 * 942 * All SMB functions should use this smb_fsop_readdir wrapper to ensure that 943 * the smb_vop_readdir is performed with the appropriate credentials. 944 * Please document any direct call to smb_vop_readdir to explain the reason 945 * for avoiding this wrapper. 946 * 947 * It is assumed that a reference exists on snode coming into this routine. 948 */ 949 int 950 smb_fsop_readdir( 951 struct smb_request *sr, 952 cred_t *cr, 953 smb_node_t *dir_snode, 954 uint32_t *cookie, 955 char *name, 956 int *namelen, 957 ino64_t *fileid, 958 struct fs_stream_info *stream_info, 959 smb_node_t **ret_snode, 960 smb_attr_t *ret_attr) 961 { 962 caller_context_t ct; 963 smb_node_t *ret_snodep; 964 smb_node_t *fnode; 965 smb_attr_t tmp_attr; 966 vnode_t *xattrdirvp; 967 vnode_t *fvp; 968 vnode_t *vp = NULL; 969 char *od_name; 970 int rc; 971 int flags = 0; 972 973 ASSERT(cr); 974 ASSERT(dir_snode); 975 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 976 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 977 978 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 979 return (EACCES); 980 981 if (*cookie == SMB_EOF) { 982 *namelen = 0; 983 return (0); 984 } 985 986 if (SMB_TREE_CASE_INSENSITIVE(sr)) 987 flags = SMB_IGNORE_CASE; 988 989 smb_get_caller_context(sr, &ct); 990 991 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 992 993 if (stream_info) { 994 rc = smb_vop_lookup(dir_snode->vp, name, &fvp, od_name, 995 SMB_FOLLOW_LINKS, sr->tid_tree->t_snode->vp, cr, &ct); 996 997 if (rc != 0) { 998 kmem_free(od_name, MAXNAMELEN); 999 return (rc); 1000 } 1001 1002 fnode = smb_node_lookup(sr, NULL, cr, fvp, od_name, dir_snode, 1003 NULL, ret_attr); 1004 1005 kmem_free(od_name, MAXNAMELEN); 1006 1007 if (fnode == NULL) { 1008 VN_RELE(fvp); 1009 return (ENOMEM); 1010 } 1011 1012 /* 1013 * XXX 1014 * Need to find out what permission(s) NTFS requires for getting 1015 * a file's streams list. 1016 * 1017 * Might have to use kcred. 1018 */ 1019 rc = smb_vop_stream_readdir(fvp, cookie, stream_info, &vp, 1020 &xattrdirvp, flags, cr, &ct); 1021 1022 if ((rc != 0) || (*cookie == SMB_EOF)) { 1023 smb_node_release(fnode); 1024 return (rc); 1025 } 1026 1027 ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1028 vp, stream_info->name, &tmp_attr); 1029 1030 smb_node_release(fnode); 1031 1032 if (ret_snodep == NULL) { 1033 VN_RELE(xattrdirvp); 1034 VN_RELE(vp); 1035 return (ENOMEM); 1036 } 1037 1038 stream_info->size = tmp_attr.sa_vattr.va_size; 1039 1040 if (ret_attr) 1041 *ret_attr = tmp_attr; 1042 1043 if (ret_snode) 1044 *ret_snode = ret_snodep; 1045 else 1046 smb_node_release(ret_snodep); 1047 1048 } else { 1049 rc = smb_vop_readdir(dir_snode->vp, cookie, name, namelen, 1050 fileid, &vp, od_name, flags, cr, &ct); 1051 1052 if (rc != 0) { 1053 kmem_free(od_name, MAXNAMELEN); 1054 return (rc); 1055 } 1056 1057 if (*namelen) { 1058 ASSERT(vp); 1059 if (ret_attr || ret_snode) { 1060 ret_snodep = smb_node_lookup(sr, NULL, cr, vp, 1061 od_name, dir_snode, NULL, &tmp_attr); 1062 1063 if (ret_snodep == NULL) { 1064 kmem_free(od_name, MAXNAMELEN); 1065 VN_RELE(vp); 1066 return (ENOMEM); 1067 } 1068 1069 if (ret_attr) 1070 *ret_attr = tmp_attr; 1071 1072 if (ret_snode) 1073 *ret_snode = ret_snodep; 1074 else 1075 smb_node_release(ret_snodep); 1076 } 1077 } 1078 1079 kmem_free(od_name, MAXNAMELEN); 1080 } 1081 1082 return (rc); 1083 } 1084 1085 /* 1086 * smb_fsop_getdents 1087 * 1088 * All SMB functions should use this smb_vop_getdents wrapper to ensure that 1089 * the smb_vop_getdents is performed with the appropriate credentials. 1090 * Please document any direct call to smb_vop_getdents to explain the reason 1091 * for avoiding this wrapper. 1092 * 1093 * It is assumed that a reference exists on snode coming into this routine. 1094 */ 1095 /*ARGSUSED*/ 1096 int 1097 smb_fsop_getdents( 1098 struct smb_request *sr, 1099 cred_t *cr, 1100 smb_node_t *dir_snode, 1101 uint32_t *cookie, 1102 uint64_t *verifierp, 1103 int32_t *maxcnt, 1104 char *args, 1105 char *pattern) 1106 { 1107 caller_context_t ct; 1108 int flags = 0; 1109 1110 ASSERT(cr); 1111 ASSERT(dir_snode); 1112 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1113 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1114 1115 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 1116 return (EACCES); 1117 1118 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1119 flags = SMB_IGNORE_CASE; 1120 1121 smb_get_caller_context(sr, &ct); 1122 1123 return (smb_vop_getdents(dir_snode, cookie, 0, maxcnt, args, pattern, 1124 flags, sr, cr, &ct)); 1125 } 1126 1127 /* 1128 * smb_fsop_rename 1129 * 1130 * All SMB functions should use this smb_vop_rename wrapper to ensure that 1131 * the smb_vop_rename is performed with the appropriate credentials. 1132 * Please document any direct call to smb_vop_rename to explain the reason 1133 * for avoiding this wrapper. 1134 * 1135 * It is assumed that references exist on from_dir_snode and to_dir_snode coming 1136 * into this routine. 1137 */ 1138 int 1139 smb_fsop_rename( 1140 struct smb_request *sr, 1141 cred_t *cr, 1142 smb_node_t *from_dir_snode, 1143 char *from_name, 1144 smb_node_t *to_dir_snode, 1145 char *to_name) 1146 { 1147 smb_node_t *from_snode; 1148 caller_context_t ct; 1149 smb_attr_t tmp_attr; 1150 vnode_t *from_vp; 1151 int flags = 0; 1152 int rc; 1153 1154 ASSERT(cr); 1155 ASSERT(from_dir_snode); 1156 ASSERT(from_dir_snode->n_magic == SMB_NODE_MAGIC); 1157 ASSERT(from_dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1158 1159 ASSERT(to_dir_snode); 1160 ASSERT(to_dir_snode->n_magic == SMB_NODE_MAGIC); 1161 ASSERT(to_dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1162 1163 if (SMB_TREE_ROOT_FS(sr, from_dir_snode) == 0) 1164 return (EACCES); 1165 1166 if (SMB_TREE_ROOT_FS(sr, to_dir_snode) == 0) 1167 return (EACCES); 1168 1169 ASSERT(sr); 1170 ASSERT(sr->tid_tree); 1171 if (SMB_TREE_IS_READ_ONLY(sr)) 1172 return (EROFS); 1173 1174 /* 1175 * Note: There is no need to check SMB_TREE_CASE_INSENSITIVE(sr) 1176 * here. 1177 * 1178 * A case-sensitive rename is always done in this routine 1179 * because we are using the on-disk name from an earlier lookup. 1180 * If a mangled name was passed in by the caller (denoting a 1181 * deterministic lookup), then the exact file must be renamed 1182 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or 1183 * else the underlying file system might return a "first-match" 1184 * on this on-disk name, possibly resulting in the wrong file). 1185 */ 1186 1187 /* 1188 * XXX: Lock required through smb_node_release() below? 1189 */ 1190 1191 smb_get_caller_context(sr, &ct); 1192 1193 rc = smb_vop_lookup(from_dir_snode->vp, from_name, &from_vp, NULL, 0, 1194 NULL, cr, &ct); 1195 1196 if (rc != 0) 1197 return (rc); 1198 1199 rc = smb_vop_rename(from_dir_snode->vp, from_name, to_dir_snode->vp, 1200 to_name, flags, cr, &ct); 1201 1202 if (rc == 0) { 1203 from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name, 1204 from_dir_snode, NULL, &tmp_attr); 1205 1206 if (from_snode == NULL) { 1207 VN_RELE(from_vp); 1208 return (ENOMEM); 1209 } 1210 1211 (void) smb_node_rename(from_dir_snode, from_snode, to_dir_snode, 1212 to_name); 1213 1214 smb_node_release(from_snode); 1215 } else { 1216 VN_RELE(from_vp); 1217 } 1218 1219 /* XXX: unlock */ 1220 1221 return (rc); 1222 } 1223 1224 /* 1225 * smb_fsop_setattr 1226 * 1227 * All SMB functions should use this wrapper to ensure that 1228 * the the calls are performed with the appropriate credentials. 1229 * Please document any direct call to explain the reason 1230 * for avoiding this wrapper. 1231 * 1232 * It is assumed that a reference exists on snode coming into this routine. 1233 * A null smb_request might be passed to this function. 1234 */ 1235 int 1236 smb_fsop_setattr( 1237 smb_request_t *sr, 1238 cred_t *cr, 1239 smb_node_t *snode, 1240 smb_attr_t *set_attr, 1241 smb_attr_t *ret_attr) 1242 { 1243 smb_node_t *unnamed_node; 1244 vnode_t *unnamed_vp = NULL; 1245 caller_context_t ct; 1246 uint32_t status; 1247 uint32_t access = 0; 1248 int rc = 0; 1249 int flags = 0; 1250 boolean_t no_xvattr = B_FALSE; 1251 1252 ASSERT(cr); 1253 ASSERT(snode); 1254 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1255 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1256 1257 if (SMB_TREE_ROOT_FS(sr, snode) == 0) 1258 return (EACCES); 1259 1260 if (SMB_TREE_IS_READ_ONLY(sr)) 1261 return (EROFS); 1262 1263 /* sr could be NULL in some cases */ 1264 if (sr && sr->fid_ofile) { 1265 /* if uid and/or gid is requested */ 1266 if (set_attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 1267 access |= WRITE_OWNER; 1268 1269 /* if anything else is also requested */ 1270 if (set_attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 1271 access |= FILE_WRITE_ATTRIBUTES; 1272 1273 status = smb_ofile_access(sr->fid_ofile, cr, access); 1274 if (status != NT_STATUS_SUCCESS) 1275 return (EACCES); 1276 1277 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 1278 flags = ATTR_NOACLCHECK; 1279 } 1280 1281 smb_get_caller_context(sr, &ct); 1282 1283 unnamed_node = SMB_IS_STREAM(snode); 1284 1285 if (unnamed_node) { 1286 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1287 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1288 unnamed_vp = unnamed_node->vp; 1289 } 1290 if (sr && sr->tid_tree) 1291 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 1292 no_xvattr = B_TRUE; 1293 1294 rc = smb_vop_setattr(snode->vp, unnamed_vp, 1295 set_attr, flags, cr, no_xvattr, &ct); 1296 1297 if ((rc == 0) && ret_attr) { 1298 /* 1299 * This is an operation on behalf of CIFS service (to update 1300 * smb node's attr) not on behalf of the user so it's done 1301 * using kcred and the return value is intentionally ignored. 1302 */ 1303 ret_attr->sa_mask = SMB_AT_ALL; 1304 (void) smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1305 kcred, &ct); 1306 } 1307 1308 return (rc); 1309 } 1310 1311 /* 1312 * smb_fsop_read 1313 * 1314 * All SMB functions should use this wrapper to ensure that 1315 * the the calls are performed with the appropriate credentials. 1316 * Please document any direct call to explain the reason 1317 * for avoiding this wrapper. 1318 * 1319 * It is assumed that a reference exists on snode coming into this routine. 1320 */ 1321 int 1322 smb_fsop_read( 1323 struct smb_request *sr, 1324 cred_t *cr, 1325 smb_node_t *snode, 1326 uio_t *uio, 1327 smb_attr_t *ret_attr) 1328 { 1329 smb_node_t *unnamed_node; 1330 vnode_t *unnamed_vp = NULL; 1331 caller_context_t ct; 1332 int rc; 1333 1334 ASSERT(cr); 1335 ASSERT(snode); 1336 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1337 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1338 1339 ASSERT(sr); 1340 ASSERT(sr->fid_ofile); 1341 1342 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA); 1343 if (rc != NT_STATUS_SUCCESS) { 1344 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE); 1345 if (rc != NT_STATUS_SUCCESS) 1346 return (EACCES); 1347 } 1348 1349 unnamed_node = SMB_IS_STREAM(snode); 1350 if (unnamed_node) { 1351 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1352 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1353 unnamed_vp = unnamed_node->vp; 1354 /* 1355 * Streams permission are checked against the unnamed stream, 1356 * but in FS level they have their own permissions. To avoid 1357 * rejection by FS due to lack of permission on the actual 1358 * extended attr kcred is passed for streams. 1359 */ 1360 cr = kcred; 1361 } 1362 1363 smb_get_caller_context(sr, &ct); 1364 rc = smb_vop_read(snode->vp, uio, cr, &ct); 1365 1366 if (rc == 0) { 1367 /* 1368 * This is an operation on behalf of CIFS service (to update 1369 * smb node's attr) not on behalf of the user so it's done 1370 * using kcred and the return value is intentionally ignored. 1371 */ 1372 ret_attr->sa_mask = SMB_AT_ALL; 1373 (void) smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1374 kcred, &ct); 1375 } 1376 1377 return (rc); 1378 } 1379 1380 /* 1381 * smb_fsop_write 1382 * 1383 * This is a wrapper function used for smb_write and smb_write_raw operations. 1384 * 1385 * It is assumed that a reference exists on snode coming into this routine. 1386 */ 1387 int 1388 smb_fsop_write( 1389 struct smb_request *sr, 1390 cred_t *cr, 1391 smb_node_t *snode, 1392 uio_t *uio, 1393 uint32_t *lcount, 1394 smb_attr_t *ret_attr, 1395 uint32_t *flag) 1396 { 1397 smb_node_t *unnamed_node; 1398 vnode_t *unnamed_vp = NULL; 1399 caller_context_t ct; 1400 int rc; 1401 1402 ASSERT(cr); 1403 ASSERT(snode); 1404 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1405 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1406 1407 ASSERT(sr); 1408 ASSERT(sr->tid_tree); 1409 ASSERT(sr->fid_ofile); 1410 1411 if (SMB_TREE_IS_READ_ONLY(sr)) 1412 return (EROFS); 1413 /* 1414 * XXX what if the file has been opened only with 1415 * FILE_APPEND_DATA? 1416 */ 1417 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_WRITE_DATA); 1418 if (rc != NT_STATUS_SUCCESS) 1419 return (EACCES); 1420 1421 smb_get_caller_context(sr, &ct); 1422 1423 unnamed_node = SMB_IS_STREAM(snode); 1424 1425 if (unnamed_node) { 1426 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1427 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1428 unnamed_vp = unnamed_node->vp; 1429 /* 1430 * Streams permission are checked against the unnamed stream, 1431 * but in FS level they have their own permissions. To avoid 1432 * rejection by FS due to lack of permission on the actual 1433 * extended attr kcred is passed for streams. 1434 */ 1435 cr = kcred; 1436 } 1437 1438 rc = smb_vop_write(snode->vp, uio, flag, lcount, cr, &ct); 1439 1440 if (rc == 0) { 1441 /* 1442 * This is an operation on behalf of CIFS service (to update 1443 * smb node's attr) not on behalf of the user so it's done 1444 * using kcred and the return value is intentionally ignored. 1445 */ 1446 ret_attr->sa_mask = SMB_AT_ALL; 1447 (void) smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1448 kcred, &ct); 1449 } 1450 1451 return (rc); 1452 } 1453 1454 /* 1455 * smb_fsop_statfs 1456 * 1457 * This is a wrapper function used for stat operations. 1458 */ 1459 int 1460 smb_fsop_statfs( 1461 cred_t *cr, 1462 smb_node_t *snode, 1463 struct statvfs64 *statp) 1464 { 1465 ASSERT(cr); 1466 ASSERT(snode); 1467 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1468 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1469 1470 return (smb_vop_statfs(snode->vp, statp, cr)); 1471 } 1472 1473 /* 1474 * smb_fsop_access 1475 */ 1476 int 1477 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1478 uint32_t faccess) 1479 { 1480 int access = 0; 1481 int error; 1482 vnode_t *dir_vp; 1483 boolean_t acl_check = B_TRUE; 1484 smb_node_t *unnamed_node; 1485 1486 ASSERT(cr); 1487 ASSERT(snode); 1488 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1489 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1490 1491 if (faccess == 0) 1492 return (NT_STATUS_SUCCESS); 1493 1494 if (SMB_TREE_IS_READ_ONLY(sr)) { 1495 if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA| 1496 FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES| 1497 DELETE|WRITE_DAC|WRITE_OWNER)) { 1498 return (NT_STATUS_ACCESS_DENIED); 1499 } 1500 } 1501 1502 unnamed_node = SMB_IS_STREAM(snode); 1503 if (unnamed_node) { 1504 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1505 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1506 /* 1507 * Streams authorization should be performed against the 1508 * unnamed stream. 1509 */ 1510 snode = unnamed_node; 1511 } 1512 1513 if (faccess & ACCESS_SYSTEM_SECURITY) { 1514 /* 1515 * This permission is required for reading/writing SACL and 1516 * it's not part of DACL. It's only granted via proper 1517 * privileges. 1518 */ 1519 if ((sr->uid_user->u_privileges & 1520 (SMB_USER_PRIV_BACKUP | 1521 SMB_USER_PRIV_RESTORE | 1522 SMB_USER_PRIV_SECURITY)) == 0) 1523 return (NT_STATUS_PRIVILEGE_NOT_HELD); 1524 1525 faccess &= ~ACCESS_SYSTEM_SECURITY; 1526 } 1527 1528 /* Links don't have ACL */ 1529 if (((sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) == 0) || 1530 (snode->attr.sa_vattr.va_type == VLNK)) 1531 acl_check = B_FALSE; 1532 1533 if (acl_check) { 1534 dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 1535 error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp, 1536 cr); 1537 } else { 1538 /* 1539 * FS doesn't understand 32-bit mask, need to map 1540 */ 1541 if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA)) 1542 access |= VWRITE; 1543 1544 if (faccess & FILE_READ_DATA) 1545 access |= VREAD; 1546 1547 if (faccess & FILE_EXECUTE) 1548 access |= VEXEC; 1549 1550 error = smb_vop_access(snode->vp, access, 0, NULL, cr); 1551 } 1552 1553 return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS); 1554 } 1555 1556 /* 1557 * smb_fsop_lookup_name() 1558 * 1559 * Sanity checks on dir_snode done in smb_fsop_lookup(). 1560 * 1561 * Note: This function is called only from the open path. 1562 * It will check if the file is a stream. 1563 * It will also return an error if the looked-up file is in 1564 * a child mount. 1565 */ 1566 1567 int 1568 smb_fsop_lookup_name( 1569 struct smb_request *sr, 1570 cred_t *cr, 1571 int flags, 1572 smb_node_t *root_node, 1573 smb_node_t *dir_snode, 1574 char *name, 1575 smb_node_t **ret_snode, 1576 smb_attr_t *ret_attr) 1577 { 1578 smb_node_t *fnode; 1579 smb_attr_t file_attr; 1580 caller_context_t ct; 1581 vnode_t *xattrdirvp; 1582 vnode_t *vp; 1583 char *od_name; 1584 char *fname; 1585 char *sname; 1586 int rc; 1587 1588 ASSERT(cr); 1589 ASSERT(dir_snode); 1590 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1591 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1592 1593 /* 1594 * The following check is required for streams processing, below 1595 */ 1596 1597 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1598 flags |= SMB_IGNORE_CASE; 1599 1600 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1601 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1602 1603 if (smb_stream_parse_name(name, fname, sname)) { 1604 /* 1605 * Look up the unnamed stream (i.e. fname). 1606 * Unmangle processing will be done on fname 1607 * as well as any link target. 1608 */ 1609 rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, fname, 1610 &fnode, &file_attr, NULL, NULL); 1611 1612 if (rc != 0) { 1613 kmem_free(fname, MAXNAMELEN); 1614 kmem_free(sname, MAXNAMELEN); 1615 return (rc); 1616 } 1617 1618 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1619 1620 /* 1621 * od_name is the on-disk name of the stream, except 1622 * without the prepended stream prefix (SMB_STREAM_PREFIX) 1623 */ 1624 1625 /* 1626 * XXX 1627 * What permissions NTFS requires for stream lookup if any? 1628 */ 1629 rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name, 1630 &xattrdirvp, flags, root_node->vp, cr, &ct); 1631 1632 if (rc != 0) { 1633 smb_node_release(fnode); 1634 kmem_free(fname, MAXNAMELEN); 1635 kmem_free(sname, MAXNAMELEN); 1636 kmem_free(od_name, MAXNAMELEN); 1637 return (rc); 1638 } 1639 1640 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1641 vp, od_name, ret_attr); 1642 1643 kmem_free(od_name, MAXNAMELEN); 1644 smb_node_release(fnode); 1645 1646 if (*ret_snode == NULL) { 1647 VN_RELE(xattrdirvp); 1648 VN_RELE(vp); 1649 kmem_free(fname, MAXNAMELEN); 1650 kmem_free(sname, MAXNAMELEN); 1651 return (ENOMEM); 1652 } 1653 } else { 1654 rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, name, 1655 ret_snode, ret_attr, NULL, NULL); 1656 } 1657 1658 if (rc == 0) { 1659 ASSERT(ret_snode); 1660 if (SMB_TREE_ROOT_FS(sr, *ret_snode) == 0) { 1661 smb_node_release(*ret_snode); 1662 *ret_snode = NULL; 1663 rc = EACCES; 1664 } 1665 } 1666 1667 kmem_free(fname, MAXNAMELEN); 1668 kmem_free(sname, MAXNAMELEN); 1669 1670 return (rc); 1671 } 1672 1673 /* 1674 * smb_fsop_lookup 1675 * 1676 * All SMB functions should use this smb_vop_lookup wrapper to ensure that 1677 * the smb_vop_lookup is performed with the appropriate credentials and using 1678 * case insensitive compares. Please document any direct call to smb_vop_lookup 1679 * to explain the reason for avoiding this wrapper. 1680 * 1681 * It is assumed that a reference exists on dir_snode coming into this routine 1682 * (and that it is safe from deallocation). 1683 * 1684 * Same with the root_node. 1685 * 1686 * *ret_snode is returned with a reference upon success. No reference is 1687 * taken if an error is returned. 1688 * 1689 * Note: The returned ret_snode may be in a child mount. This is ok for 1690 * readdir and getdents. 1691 * 1692 * Other smb_fsop_* routines will call SMB_TREE_ROOT_FS() to prevent 1693 * operations on files not in the parent mount. 1694 */ 1695 int 1696 smb_fsop_lookup( 1697 struct smb_request *sr, 1698 cred_t *cr, 1699 int flags, 1700 smb_node_t *root_node, 1701 smb_node_t *dir_snode, 1702 char *name, 1703 smb_node_t **ret_snode, 1704 smb_attr_t *ret_attr, 1705 char *ret_shortname, /* Must be at least MANGLE_NAMELEN chars */ 1706 char *ret_name83) /* Must be at least MANGLE_NAMELEN chars */ 1707 { 1708 smb_node_t *lnk_target_node; 1709 smb_node_t *lnk_dnode; 1710 caller_context_t ct; 1711 char *longname; 1712 char *od_name; 1713 vnode_t *vp; 1714 int rc; 1715 1716 ASSERT(cr); 1717 ASSERT(dir_snode); 1718 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1719 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1720 1721 if (name == NULL) 1722 return (EINVAL); 1723 1724 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 1725 return (EACCES); 1726 1727 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1728 flags |= SMB_IGNORE_CASE; 1729 1730 smb_get_caller_context(sr, &ct); 1731 1732 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1733 1734 rc = smb_vop_lookup(dir_snode->vp, name, &vp, od_name, flags, 1735 root_node ? root_node->vp : NULL, cr, &ct); 1736 1737 if (rc != 0) { 1738 if (smb_maybe_mangled_name(name) == 0) { 1739 kmem_free(od_name, MAXNAMELEN); 1740 return (rc); 1741 } 1742 1743 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1744 1745 rc = smb_unmangle_name(sr, cr, dir_snode, name, longname, 1746 MAXNAMELEN, ret_shortname, ret_name83, 1); 1747 1748 if (rc != 0) { 1749 kmem_free(od_name, MAXNAMELEN); 1750 kmem_free(longname, MAXNAMELEN); 1751 return (rc); 1752 } 1753 1754 /* 1755 * We passed "1" as the "od" parameter 1756 * to smb_unmangle_name(), such that longname 1757 * is the real (case-sensitive) on-disk name. 1758 * We make sure we do a lookup on this exact 1759 * name, as the name was mangled and denotes 1760 * a unique file. 1761 */ 1762 1763 if (flags & SMB_IGNORE_CASE) 1764 flags &= ~SMB_IGNORE_CASE; 1765 1766 rc = smb_vop_lookup(dir_snode->vp, longname, &vp, od_name, 1767 flags, root_node ? root_node->vp : NULL, cr, &ct); 1768 1769 kmem_free(longname, MAXNAMELEN); 1770 1771 if (rc != 0) { 1772 kmem_free(od_name, MAXNAMELEN); 1773 return (rc); 1774 } 1775 } 1776 1777 if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK)) { 1778 1779 rc = smb_pathname(sr, od_name, FOLLOW, root_node, dir_snode, 1780 &lnk_dnode, &lnk_target_node, cr); 1781 1782 if (rc != 0) { 1783 /* 1784 * The link is assumed to be for the last component 1785 * of a path. Hence any ENOTDIR error will be returned 1786 * as ENOENT. 1787 */ 1788 if (rc == ENOTDIR) 1789 rc = ENOENT; 1790 1791 VN_RELE(vp); 1792 kmem_free(od_name, MAXNAMELEN); 1793 return (rc); 1794 } 1795 1796 /* 1797 * Release the original VLNK vnode 1798 */ 1799 1800 VN_RELE(vp); 1801 vp = lnk_target_node->vp; 1802 1803 rc = smb_vop_traverse_check(&vp); 1804 1805 if (rc != 0) { 1806 smb_node_release(lnk_dnode); 1807 smb_node_release(lnk_target_node); 1808 kmem_free(od_name, MAXNAMELEN); 1809 return (rc); 1810 } 1811 1812 /* 1813 * smb_vop_traverse_check() may have returned a different vnode 1814 */ 1815 1816 if (lnk_target_node->vp == vp) { 1817 *ret_snode = lnk_target_node; 1818 *ret_attr = (*ret_snode)->attr; 1819 } else { 1820 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, 1821 lnk_target_node->od_name, lnk_dnode, NULL, 1822 ret_attr); 1823 1824 if (*ret_snode == NULL) { 1825 VN_RELE(vp); 1826 rc = ENOMEM; 1827 } 1828 smb_node_release(lnk_target_node); 1829 } 1830 1831 smb_node_release(lnk_dnode); 1832 1833 } else { 1834 1835 rc = smb_vop_traverse_check(&vp); 1836 if (rc) { 1837 VN_RELE(vp); 1838 kmem_free(od_name, MAXNAMELEN); 1839 return (rc); 1840 } 1841 1842 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name, 1843 dir_snode, NULL, ret_attr); 1844 1845 if (*ret_snode == NULL) { 1846 VN_RELE(vp); 1847 rc = ENOMEM; 1848 } 1849 } 1850 1851 kmem_free(od_name, MAXNAMELEN); 1852 return (rc); 1853 } 1854 1855 /* 1856 * smb_fsop_stream_readdir() 1857 * 1858 * ret_snode and ret_attr are optional parameters (i.e. NULL may be passed in) 1859 * 1860 * This routine will return only NTFS streams. If an NTFS stream is not 1861 * found at the offset specified, the directory will be read until an NTFS 1862 * stream is found or until EOF. 1863 * 1864 * Note: Sanity checks done in caller 1865 * (smb_fsop_readdir(), smb_fsop_remove_streams()) 1866 */ 1867 1868 int 1869 smb_fsop_stream_readdir(struct smb_request *sr, cred_t *cr, smb_node_t *fnode, 1870 uint32_t *cookiep, struct fs_stream_info *stream_info, 1871 smb_node_t **ret_snode, smb_attr_t *ret_attr) 1872 { 1873 smb_node_t *ret_snodep = NULL; 1874 caller_context_t ct; 1875 smb_attr_t tmp_attr; 1876 vnode_t *xattrdirvp; 1877 vnode_t *vp; 1878 int rc = 0; 1879 int flags = 0; 1880 1881 /* 1882 * XXX NTFS permission requirements if any? 1883 */ 1884 ASSERT(cr); 1885 ASSERT(fnode); 1886 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 1887 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 1888 1889 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1890 flags = SMB_IGNORE_CASE; 1891 1892 smb_get_caller_context(sr, &ct); 1893 1894 rc = smb_vop_stream_readdir(fnode->vp, cookiep, stream_info, &vp, 1895 &xattrdirvp, flags, cr, &ct); 1896 1897 if ((rc != 0) || *cookiep == SMB_EOF) 1898 return (rc); 1899 1900 ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, vp, 1901 stream_info->name, &tmp_attr); 1902 1903 if (ret_snodep == NULL) { 1904 VN_RELE(xattrdirvp); 1905 VN_RELE(vp); 1906 return (ENOMEM); 1907 } 1908 1909 stream_info->size = tmp_attr.sa_vattr.va_size; 1910 1911 if (ret_attr) 1912 *ret_attr = tmp_attr; 1913 1914 if (ret_snode) 1915 *ret_snode = ret_snodep; 1916 else 1917 smb_node_release(ret_snodep); 1918 1919 return (rc); 1920 } 1921 1922 int /*ARGSUSED*/ 1923 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode) 1924 { 1925 caller_context_t ct; 1926 1927 ASSERT(cr); 1928 ASSERT(snode); 1929 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1930 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1931 1932 ASSERT(sr); 1933 ASSERT(sr->tid_tree); 1934 if (SMB_TREE_IS_READ_ONLY(sr)) 1935 return (EROFS); 1936 1937 smb_get_caller_context(sr, &ct); 1938 1939 return (smb_vop_commit(snode->vp, cr, &ct)); 1940 } 1941 1942 /* 1943 * smb_fsop_aclread 1944 * 1945 * Retrieve filesystem ACL. Depends on requested ACLs in 1946 * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in 1947 * fs_sd. Note that requesting a DACL/SACL doesn't mean that 1948 * the corresponding field in fs_sd should be non-NULL upon 1949 * return, since the target ACL might not contain that type of 1950 * entries. 1951 * 1952 * Returned ACL is always in ACE_T (aka ZFS) format. 1953 * If successful the allocated memory for the ACL should be freed 1954 * using smb_fsacl_free() or smb_fssd_term() 1955 */ 1956 int 1957 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1958 smb_fssd_t *fs_sd) 1959 { 1960 int error = 0; 1961 int flags = 0; 1962 int access = 0; 1963 acl_t *acl; 1964 caller_context_t ct; 1965 smb_node_t *unnamed_node; 1966 1967 ASSERT(cr); 1968 1969 if (sr->fid_ofile) { 1970 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 1971 access = READ_CONTROL; 1972 1973 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 1974 access |= ACCESS_SYSTEM_SECURITY; 1975 1976 error = smb_ofile_access(sr->fid_ofile, cr, access); 1977 if (error != NT_STATUS_SUCCESS) { 1978 return (EACCES); 1979 } 1980 } 1981 1982 unnamed_node = SMB_IS_STREAM(snode); 1983 if (unnamed_node) { 1984 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1985 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1986 /* 1987 * Streams don't have ACL, any read ACL attempt on a stream 1988 * should be performed on the unnamed stream. 1989 */ 1990 snode = unnamed_node; 1991 } 1992 1993 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 1994 flags = ATTR_NOACLCHECK; 1995 1996 smb_get_caller_context(sr, &ct); 1997 error = smb_vop_acl_read(snode->vp, &acl, flags, 1998 sr->tid_tree->t_acltype, cr, &ct); 1999 if (error != 0) { 2000 return (error); 2001 } 2002 2003 error = acl_translate(acl, _ACL_ACE_ENABLED, 2004 (snode->vp->v_type == VDIR), fs_sd->sd_uid, fs_sd->sd_gid); 2005 2006 if (error == 0) { 2007 smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl, 2008 fs_sd->sd_secinfo); 2009 } 2010 2011 acl_free(acl); 2012 return (error); 2013 } 2014 2015 /* 2016 * smb_fsop_aclwrite 2017 * 2018 * Stores the filesystem ACL provided in fs_sd->sd_acl. 2019 */ 2020 int 2021 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2022 smb_fssd_t *fs_sd) 2023 { 2024 int target_flavor; 2025 int error = 0; 2026 int flags = 0; 2027 int access = 0; 2028 caller_context_t ct; 2029 acl_t *acl, *dacl, *sacl; 2030 smb_node_t *unnamed_node; 2031 2032 ASSERT(cr); 2033 2034 ASSERT(sr); 2035 ASSERT(sr->tid_tree); 2036 if (SMB_TREE_IS_READ_ONLY(sr)) 2037 return (EROFS); 2038 2039 if (sr->fid_ofile) { 2040 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2041 access = WRITE_DAC; 2042 2043 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2044 access |= ACCESS_SYSTEM_SECURITY; 2045 2046 error = smb_ofile_access(sr->fid_ofile, cr, access); 2047 if (error != NT_STATUS_SUCCESS) 2048 return (EACCES); 2049 } 2050 2051 switch (sr->tid_tree->t_acltype) { 2052 case ACLENT_T: 2053 target_flavor = _ACL_ACLENT_ENABLED; 2054 break; 2055 2056 case ACE_T: 2057 target_flavor = _ACL_ACE_ENABLED; 2058 break; 2059 default: 2060 return (EINVAL); 2061 } 2062 2063 unnamed_node = SMB_IS_STREAM(snode); 2064 if (unnamed_node) { 2065 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2066 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2067 /* 2068 * Streams don't have ACL, any write ACL attempt on a stream 2069 * should be performed on the unnamed stream. 2070 */ 2071 snode = unnamed_node; 2072 } 2073 2074 dacl = fs_sd->sd_zdacl; 2075 sacl = fs_sd->sd_zsacl; 2076 2077 ASSERT(dacl || sacl); 2078 if ((dacl == NULL) && (sacl == NULL)) 2079 return (EINVAL); 2080 2081 if (dacl && sacl) 2082 acl = smb_fsacl_merge(dacl, sacl); 2083 else if (dacl) 2084 acl = dacl; 2085 else 2086 acl = sacl; 2087 2088 error = acl_translate(acl, target_flavor, (snode->vp->v_type == VDIR), 2089 fs_sd->sd_uid, fs_sd->sd_gid); 2090 if (error == 0) { 2091 smb_get_caller_context(sr, &ct); 2092 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 2093 flags = ATTR_NOACLCHECK; 2094 2095 error = smb_vop_acl_write(snode->vp, acl, flags, cr, &ct); 2096 } 2097 2098 if (dacl && sacl) 2099 acl_free(acl); 2100 2101 return (error); 2102 } 2103 2104 acl_type_t 2105 smb_fsop_acltype(smb_node_t *snode) 2106 { 2107 return (smb_vop_acl_type(snode->vp)); 2108 } 2109 2110 /* 2111 * smb_fsop_sdread 2112 * 2113 * Read the requested security descriptor items from filesystem. 2114 * The items are specified in fs_sd->sd_secinfo. 2115 */ 2116 int 2117 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2118 smb_fssd_t *fs_sd) 2119 { 2120 int error = 0; 2121 int getowner = 0; 2122 cred_t *ga_cred; 2123 smb_attr_t attr; 2124 2125 ASSERT(cr); 2126 ASSERT(fs_sd); 2127 2128 /* 2129 * File's uid/gid is fetched in two cases: 2130 * 2131 * 1. it's explicitly requested 2132 * 2133 * 2. target ACL is ACE_T (ZFS ACL). They're needed for 2134 * owner@/group@ entries. In this case kcred should be used 2135 * because uid/gid are fetched on behalf of smb server. 2136 */ 2137 if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) { 2138 getowner = 1; 2139 ga_cred = cr; 2140 } else if (sr->tid_tree->t_acltype == ACE_T) { 2141 getowner = 1; 2142 ga_cred = kcred; 2143 } 2144 2145 if (getowner) { 2146 /* 2147 * Windows require READ_CONTROL to read owner/group SID since 2148 * they're part of Security Descriptor. 2149 * ZFS only requires read_attribute. Need to have a explicit 2150 * access check here. 2151 */ 2152 if (sr->fid_ofile == NULL) { 2153 error = smb_fsop_access(sr, ga_cred, snode, 2154 READ_CONTROL); 2155 if (error) 2156 return (error); 2157 } 2158 2159 attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2160 error = smb_fsop_getattr(sr, ga_cred, snode, &attr); 2161 if (error == 0) { 2162 fs_sd->sd_uid = attr.sa_vattr.va_uid; 2163 fs_sd->sd_gid = attr.sa_vattr.va_gid; 2164 } else { 2165 return (error); 2166 } 2167 } 2168 2169 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2170 error = smb_fsop_aclread(sr, cr, snode, fs_sd); 2171 } 2172 2173 return (error); 2174 } 2175 2176 /* 2177 * smb_fsop_sdmerge 2178 * 2179 * From SMB point of view DACL and SACL are two separate list 2180 * which can be manipulated independently without one affecting 2181 * the other, but entries for both DACL and SACL will end up 2182 * in the same ACL if target filesystem supports ACE_T ACLs. 2183 * 2184 * So, if either DACL or SACL is present in the client set request 2185 * the entries corresponding to the non-present ACL shouldn't 2186 * be touched in the FS ACL. 2187 * 2188 * fs_sd parameter contains DACL and SACL specified by SMB 2189 * client to be set on a file/directory. The client could 2190 * specify both or one of these ACLs (if none is specified 2191 * we don't get this far). When both DACL and SACL are given 2192 * by client the existing ACL should be overwritten. If only 2193 * one of them is specified the entries corresponding to the other 2194 * ACL should not be touched. For example, if only DACL 2195 * is specified in input fs_sd, the function reads audit entries 2196 * of the existing ACL of the file and point fs_sd->sd_zsdacl 2197 * pointer to the fetched SACL, this way when smb_fsop_sdwrite() 2198 * function is called the passed fs_sd would point to the specified 2199 * DACL by client and fetched SACL from filesystem, so the file 2200 * will end up with correct ACL. 2201 */ 2202 static int 2203 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd) 2204 { 2205 smb_fssd_t cur_sd; 2206 int error = 0; 2207 2208 if (sr->tid_tree->t_acltype != ACE_T) 2209 /* Don't bother if target FS doesn't support ACE_T */ 2210 return (0); 2211 2212 if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) { 2213 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 2214 /* 2215 * Don't overwrite existing audit entries 2216 */ 2217 smb_fssd_init(&cur_sd, SMB_SACL_SECINFO, 2218 fs_sd->sd_flags); 2219 2220 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2221 if (error == 0) { 2222 ASSERT(fs_sd->sd_zsacl == NULL); 2223 fs_sd->sd_zsacl = cur_sd.sd_zsacl; 2224 if (fs_sd->sd_zsacl && fs_sd->sd_zdacl) 2225 fs_sd->sd_zsacl->acl_flags = 2226 fs_sd->sd_zdacl->acl_flags; 2227 } 2228 } else { 2229 /* 2230 * Don't overwrite existing access entries 2231 */ 2232 smb_fssd_init(&cur_sd, SMB_DACL_SECINFO, 2233 fs_sd->sd_flags); 2234 2235 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2236 if (error == 0) { 2237 ASSERT(fs_sd->sd_zdacl == NULL); 2238 fs_sd->sd_zdacl = cur_sd.sd_zdacl; 2239 if (fs_sd->sd_zdacl && fs_sd->sd_zsacl) 2240 fs_sd->sd_zdacl->acl_flags = 2241 fs_sd->sd_zsacl->acl_flags; 2242 } 2243 } 2244 2245 if (error) 2246 smb_fssd_term(&cur_sd); 2247 } 2248 2249 return (error); 2250 } 2251 2252 /* 2253 * smb_fsop_sdwrite 2254 * 2255 * Stores the given uid, gid and acl in filesystem. 2256 * Provided items in fs_sd are specified by fs_sd->sd_secinfo. 2257 * 2258 * A SMB security descriptor could contain owner, primary group, 2259 * DACL and SACL. Setting an SD should be atomic but here it has to 2260 * be done via two separate FS operations: VOP_SETATTR and 2261 * VOP_SETSECATTR. Therefore, this function has to simulate the 2262 * atomicity as well as it can. 2263 */ 2264 int 2265 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2266 smb_fssd_t *fs_sd, int overwrite) 2267 { 2268 int error = 0; 2269 int access = 0; 2270 smb_attr_t set_attr; 2271 smb_attr_t orig_attr; 2272 2273 ASSERT(cr); 2274 ASSERT(fs_sd); 2275 2276 ASSERT(sr); 2277 ASSERT(sr->tid_tree); 2278 if (SMB_TREE_IS_READ_ONLY(sr)) 2279 return (EROFS); 2280 2281 bzero(&set_attr, sizeof (smb_attr_t)); 2282 2283 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 2284 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 2285 set_attr.sa_mask |= SMB_AT_UID; 2286 } 2287 2288 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 2289 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 2290 set_attr.sa_mask |= SMB_AT_GID; 2291 } 2292 2293 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2294 access |= WRITE_DAC; 2295 2296 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2297 access |= ACCESS_SYSTEM_SECURITY; 2298 2299 if (sr->fid_ofile) 2300 error = smb_ofile_access(sr->fid_ofile, cr, access); 2301 else 2302 error = smb_fsop_access(sr, cr, snode, access); 2303 2304 if (error) 2305 return (EACCES); 2306 2307 if (set_attr.sa_mask) { 2308 /* 2309 * Get the current uid, gid so if smb_fsop_aclwrite fails 2310 * we can revert uid, gid changes. 2311 * 2312 * We use root cred here so the operation doesn't fail 2313 * due to lack of permission for the user to read the attrs 2314 */ 2315 2316 orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2317 error = smb_fsop_getattr(sr, kcred, snode, &orig_attr); 2318 if (error == 0) 2319 error = smb_fsop_setattr(sr, cr, snode, &set_attr, 2320 NULL); 2321 2322 if (error) 2323 return (error); 2324 } 2325 2326 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2327 if (overwrite == 0) { 2328 error = smb_fsop_sdmerge(sr, snode, fs_sd); 2329 if (error) 2330 return (error); 2331 } 2332 2333 error = smb_fsop_aclwrite(sr, cr, snode, fs_sd); 2334 if (error) { 2335 /* 2336 * Revert uid/gid changes if required. 2337 */ 2338 if (set_attr.sa_mask) { 2339 orig_attr.sa_mask = set_attr.sa_mask; 2340 (void) smb_fsop_setattr(sr, kcred, snode, 2341 &orig_attr, NULL); 2342 } 2343 } 2344 } 2345 2346 return (error); 2347 } 2348 2349 /* 2350 * smb_fsop_sdinherit 2351 * 2352 * Inherit the security descriptor from the parent container. 2353 * This function is called after FS has created the file/folder 2354 * so if this doesn't do anything it means FS inheritance is 2355 * in place. 2356 * 2357 * Do inheritance for ZFS internally. 2358 * 2359 * If we want to let ZFS does the inheritance the 2360 * following setting should be true: 2361 * 2362 * - aclinherit = passthrough 2363 * - aclmode = passthrough 2364 * - smbd umask = 0777 2365 * 2366 * This will result in right effective permissions but 2367 * ZFS will always add 6 ACEs for owner, owning group 2368 * and others to be POSIX compliant. This is not what 2369 * Windows clients/users expect, so we decided that CIFS 2370 * implements Windows rules and overwrite whatever ZFS 2371 * comes up with. This way we also don't have to care 2372 * about ZFS aclinherit and aclmode settings. 2373 */ 2374 static int 2375 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd) 2376 { 2377 int is_dir; 2378 acl_t *dacl = NULL; 2379 acl_t *sacl = NULL; 2380 ksid_t *owner_sid; 2381 int error; 2382 2383 ASSERT(fs_sd); 2384 2385 if (sr->tid_tree->t_acltype != ACE_T) { 2386 /* 2387 * No forced inheritance for non-ZFS filesystems. 2388 */ 2389 fs_sd->sd_secinfo = 0; 2390 return (0); 2391 } 2392 2393 2394 /* Fetch parent directory's ACL */ 2395 error = smb_fsop_sdread(sr, kcred, dnode, fs_sd); 2396 if (error) { 2397 return (error); 2398 } 2399 2400 is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR); 2401 owner_sid = crgetsid(sr->user_cr, KSID_OWNER); 2402 ASSERT(owner_sid); 2403 dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO, 2404 owner_sid->ks_id); 2405 sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO, 2406 (uid_t)-1); 2407 2408 if (sacl == NULL) 2409 fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO; 2410 2411 smb_fsacl_free(fs_sd->sd_zdacl); 2412 smb_fsacl_free(fs_sd->sd_zsacl); 2413 2414 fs_sd->sd_zdacl = dacl; 2415 fs_sd->sd_zsacl = sacl; 2416 2417 return (0); 2418 } 2419 2420 /* 2421 * smb_fsop_eaccess 2422 * 2423 * Returns the effective permission of the given credential for the 2424 * specified object. 2425 * 2426 * This is just a workaround. We need VFS/FS support for this. 2427 */ 2428 void 2429 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2430 uint32_t *eaccess) 2431 { 2432 int access = 0; 2433 vnode_t *dir_vp; 2434 smb_node_t *unnamed_node; 2435 2436 ASSERT(cr); 2437 ASSERT(snode); 2438 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2439 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2440 2441 unnamed_node = SMB_IS_STREAM(snode); 2442 if (unnamed_node) { 2443 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2444 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2445 /* 2446 * Streams authorization should be performed against the 2447 * unnamed stream. 2448 */ 2449 snode = unnamed_node; 2450 } 2451 2452 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) { 2453 dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 2454 smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp, 2455 cr); 2456 return; 2457 } 2458 2459 /* 2460 * FS doesn't understand 32-bit mask 2461 */ 2462 smb_vop_eaccess(snode->vp, &access, 0, NULL, cr); 2463 2464 *eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES; 2465 2466 if (access & VREAD) 2467 *eaccess |= FILE_READ_DATA; 2468 2469 if (access & VEXEC) 2470 *eaccess |= FILE_EXECUTE; 2471 2472 if (access & VWRITE) 2473 *eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | 2474 FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD; 2475 } 2476 2477 /*ARGSUSED*/ 2478 void 2479 smb_get_caller_context(smb_request_t *sr, caller_context_t *ct) 2480 { 2481 ct->cc_caller_id = smb_caller_id; 2482 ct->cc_pid = 0; /* TBD */ 2483 ct->cc_sysid = 0; /* TBD */ 2484 } 2485