1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/sid.h> 29 #include <sys/nbmlock.h> 30 #include <smbsrv/smb_fsops.h> 31 #include <smbsrv/smb_kproto.h> 32 #include <smbsrv/ntstatus.h> 33 #include <smbsrv/ntaccess.h> 34 #include <smbsrv/smb_incl.h> 35 #include <acl/acl_common.h> 36 #include <sys/fcntl.h> 37 #include <sys/flock.h> 38 #include <fs/fs_subr.h> 39 40 extern caller_context_t smb_ct; 41 42 static int smb_fsop_amask_to_omode(uint32_t granted_access); 43 static int smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, 44 smb_fssd_t *fs_sd); 45 46 static callb_cpr_t *smb_fsop_frlock_callback(flk_cb_when_t when, void *error); 47 48 /* 49 * The smb_fsop_* functions have knowledge of CIFS semantics. 50 * 51 * The smb_vop_* functions have minimal knowledge of CIFS semantics and 52 * serve as an interface to the VFS layer. 53 * 54 * Hence, smb_request_t and smb_node_t structures should not be passed 55 * from the smb_fsop_* layer to the smb_vop_* layer. 56 * 57 * In general, CIFS service code should only ever call smb_fsop_* 58 * functions directly, and never smb_vop_* functions directly. 59 * 60 * smb_fsop_* functions should call smb_vop_* functions where possible, instead 61 * of their smb_fsop_* counterparts. However, there are times when 62 * this cannot be avoided. 63 */ 64 65 /* 66 * Note: Stream names cannot be mangled. 67 */ 68 69 int 70 smb_fsop_open(smb_ofile_t *of) 71 { 72 int mode; 73 74 mode = smb_fsop_amask_to_omode(of->f_granted_access); 75 76 /* 77 * Assuming that same vnode is returned as we had before 78 * (i.e. no special vnodes) 79 */ 80 return (smb_vop_open(&of->f_node->vp, mode, of->f_cr)); 81 } 82 83 int 84 smb_fsop_close(smb_ofile_t *of) 85 { 86 int mode; 87 88 mode = smb_fsop_amask_to_omode(of->f_granted_access); 89 90 return (smb_vop_close(of->f_node->vp, mode, of->f_cr)); 91 } 92 93 static int 94 smb_fsop_amask_to_omode(uint32_t granted_access) 95 { 96 int mode = 0; 97 98 if (granted_access & (ACE_READ_DATA | ACE_EXECUTE)) 99 mode |= FREAD; 100 101 if (granted_access & (ACE_WRITE_DATA | ACE_APPEND_DATA)) 102 mode |= FWRITE; 103 104 if (granted_access & ACE_APPEND_DATA) 105 mode |= FAPPEND; 106 107 return (mode); 108 } 109 110 static int 111 smb_fsop_create_with_sd( 112 smb_request_t *sr, 113 cred_t *cr, 114 smb_node_t *snode, 115 char *name, 116 smb_attr_t *attr, 117 smb_node_t **ret_snode, 118 smb_attr_t *ret_attr, 119 smb_fssd_t *fs_sd) 120 { 121 vsecattr_t *vsap; 122 vsecattr_t vsecattr; 123 acl_t *acl, *dacl, *sacl; 124 smb_attr_t set_attr; 125 vnode_t *vp; 126 int aclbsize = 0; /* size of acl list in bytes */ 127 int flags = 0; 128 int is_dir; 129 int rc; 130 boolean_t no_xvattr = B_FALSE; 131 132 ASSERT(fs_sd); 133 134 if (SMB_TREE_CASE_INSENSITIVE(sr)) 135 flags = SMB_IGNORE_CASE; 136 137 ASSERT(cr); 138 139 is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0); 140 141 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACLONCREATE) { 142 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 143 dacl = fs_sd->sd_zdacl; 144 sacl = fs_sd->sd_zsacl; 145 ASSERT(dacl || sacl); 146 if (dacl && sacl) { 147 acl = smb_fsacl_merge(dacl, sacl); 148 } else if (dacl) { 149 acl = dacl; 150 } else { 151 acl = sacl; 152 } 153 154 rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize); 155 156 if (dacl && sacl) 157 acl_free(acl); 158 159 if (rc) 160 return (rc); 161 162 vsap = &vsecattr; 163 } 164 else 165 vsap = NULL; 166 167 if (is_dir) { 168 rc = smb_vop_mkdir(snode->vp, name, attr, &vp, flags, 169 cr, vsap); 170 } else { 171 rc = smb_vop_create(snode->vp, name, attr, &vp, flags, 172 cr, vsap); 173 } 174 175 if (vsap != NULL) 176 kmem_free(vsap->vsa_aclentp, aclbsize); 177 178 if (rc != 0) 179 return (rc); 180 181 set_attr.sa_mask = 0; 182 183 /* 184 * Ideally we should be able to specify the owner and owning 185 * group at create time along with the ACL. Since we cannot 186 * do that right now, kcred is passed to smb_vop_setattr so it 187 * doesn't fail due to lack of permission. 188 */ 189 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 190 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 191 set_attr.sa_mask |= SMB_AT_UID; 192 } 193 194 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 195 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 196 set_attr.sa_mask |= SMB_AT_GID; 197 } 198 199 if (set_attr.sa_mask) { 200 if (sr && sr->tid_tree) 201 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 202 no_xvattr = B_TRUE; 203 rc = smb_vop_setattr(snode->vp, NULL, &set_attr, 204 0, kcred, no_xvattr); 205 } 206 207 } else { 208 /* 209 * For filesystems that don't support ACL-on-create, try 210 * to set the specified SD after create, which could actually 211 * fail because of conflicts between inherited security 212 * attributes upon creation and the specified SD. 213 * 214 * Passing kcred to smb_fsop_sdwrite() to overcome this issue. 215 */ 216 217 if (is_dir) { 218 rc = smb_vop_mkdir(snode->vp, name, attr, &vp, flags, 219 cr, NULL); 220 } else { 221 rc = smb_vop_create(snode->vp, name, attr, &vp, flags, 222 cr, NULL); 223 } 224 225 if (rc != 0) 226 return (rc); 227 228 if ((sr->tid_tree->t_flags & SMB_TREE_FLAG_NFS_MOUNTED) == 0) 229 rc = smb_fsop_sdwrite(sr, kcred, snode, fs_sd, 1); 230 } 231 232 if (rc == 0) { 233 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, name, 234 snode, NULL, ret_attr); 235 236 if (*ret_snode == NULL) { 237 VN_RELE(vp); 238 rc = ENOMEM; 239 } 240 } 241 242 if (rc != 0) { 243 if (is_dir) { 244 (void) smb_vop_rmdir(snode->vp, name, flags, cr); 245 } else { 246 (void) smb_vop_remove(snode->vp, name, flags, cr); 247 } 248 } 249 250 return (rc); 251 } 252 253 254 /* 255 * smb_fsop_create 256 * 257 * All SMB functions should use this wrapper to ensure that 258 * all the smb_vop_creates are performed with the appropriate credentials. 259 * Please document any direct calls to explain the reason 260 * for avoiding this wrapper. 261 * 262 * It is assumed that a reference exists on snode coming into this routine. 263 * 264 * *ret_snode is returned with a reference upon success. No reference is 265 * taken if an error is returned. 266 */ 267 268 int 269 smb_fsop_create( 270 smb_request_t *sr, 271 cred_t *cr, 272 smb_node_t *dir_snode, 273 char *name, 274 smb_attr_t *attr, 275 smb_node_t **ret_snode, 276 smb_attr_t *ret_attr) 277 { 278 struct open_param *op = &sr->arg.open; 279 boolean_t no_xvattr = B_FALSE; 280 smb_node_t *fnode; 281 smb_attr_t file_attr; 282 vnode_t *xattrdirvp; 283 vnode_t *vp; 284 char *longname = NULL; 285 char *namep; 286 char *fname; 287 char *sname; 288 int is_stream; 289 int flags = 0; 290 int rc = 0; 291 smb_fssd_t fs_sd; 292 uint32_t secinfo; 293 uint32_t status; 294 295 ASSERT(cr); 296 ASSERT(dir_snode); 297 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 298 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 299 300 ASSERT(ret_snode); 301 *ret_snode = 0; 302 303 ASSERT(name); 304 if (*name == 0) 305 return (EINVAL); 306 307 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 308 return (EACCES); 309 310 ASSERT(sr); 311 ASSERT(sr->tid_tree); 312 if (SMB_TREE_IS_READ_ONLY(sr)) 313 return (EROFS); 314 315 if (SMB_TREE_CASE_INSENSITIVE(sr)) 316 flags = SMB_IGNORE_CASE; 317 318 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 319 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 320 321 is_stream = smb_stream_parse_name(name, fname, sname); 322 323 if (is_stream) 324 namep = fname; 325 else 326 namep = name; 327 328 if (smb_maybe_mangled_name(namep)) { 329 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 330 331 rc = smb_unmangle_name(sr, cr, dir_snode, namep, longname, 332 MAXNAMELEN, NULL, NULL, 1); 333 334 if ((is_stream == 0) && (rc == 0)) 335 rc = EEXIST; 336 337 if ((is_stream && rc) || 338 ((is_stream == 0) && (rc != ENOENT))) { 339 kmem_free(longname, MAXNAMELEN); 340 kmem_free(fname, MAXNAMELEN); 341 kmem_free(sname, MAXNAMELEN); 342 return (rc); 343 } 344 345 if (is_stream) 346 namep = longname; 347 else 348 kmem_free(longname, MAXNAMELEN); 349 } 350 351 if (is_stream) { 352 /* 353 * Look up the unnamed stream. 354 * 355 * Mangle processing in smb_fsop_lookup() for the unnamed 356 * stream won't be needed (as it was done above), but 357 * it may be needed on any link target (which 358 * smb_fsop_lookup() will provide). 359 */ 360 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 361 sr->tid_tree->t_snode, dir_snode, namep, &fnode, &file_attr, 362 0, 0); 363 364 if (longname) { 365 kmem_free(longname, MAXNAMELEN); 366 namep = NULL; 367 } 368 369 if (rc != 0) { 370 kmem_free(fname, MAXNAMELEN); 371 kmem_free(sname, MAXNAMELEN); 372 return (rc); 373 } 374 375 rc = smb_vop_stream_create(fnode->vp, sname, attr, &vp, 376 &xattrdirvp, flags, cr); 377 378 if (rc != 0) { 379 smb_node_release(fnode); 380 kmem_free(fname, MAXNAMELEN); 381 kmem_free(sname, MAXNAMELEN); 382 return (rc); 383 } 384 385 if (sr && sr->tid_tree) 386 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 387 no_xvattr = B_TRUE; 388 389 attr->sa_vattr.va_uid = file_attr.sa_vattr.va_uid; 390 attr->sa_vattr.va_gid = file_attr.sa_vattr.va_gid; 391 attr->sa_mask = SMB_AT_UID | SMB_AT_GID; 392 393 /* 394 * The second parameter of smb_vop_setattr() is set to 395 * NULL, even though an unnamed stream exists. This is 396 * because we want to set the UID and GID on the named 397 * stream in this case for consistency with the (unnamed 398 * stream) file (see comments for smb_vop_setattr()). 399 */ 400 401 rc = smb_vop_setattr(vp, NULL, attr, 0, kcred, no_xvattr); 402 403 if (rc != 0) { 404 smb_node_release(fnode); 405 kmem_free(fname, MAXNAMELEN); 406 kmem_free(sname, MAXNAMELEN); 407 return (rc); 408 } 409 410 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 411 vp, sname, ret_attr); 412 413 smb_node_release(fnode); 414 415 if (*ret_snode == NULL) { 416 VN_RELE(xattrdirvp); 417 VN_RELE(vp); 418 kmem_free(fname, MAXNAMELEN); 419 kmem_free(sname, MAXNAMELEN); 420 return (ENOMEM); 421 } 422 } else { 423 if (op->sd) { 424 /* 425 * SD sent by client in Windows format. Needs to be 426 * converted to FS format. No inheritance. 427 */ 428 secinfo = smb_sd_get_secinfo(op->sd); 429 smb_fssd_init(&fs_sd, secinfo, 0); 430 431 status = smb_sd_tofs(op->sd, &fs_sd); 432 if (status == NT_STATUS_SUCCESS) { 433 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 434 name, attr, ret_snode, ret_attr, &fs_sd); 435 } 436 else 437 rc = EINVAL; 438 smb_fssd_term(&fs_sd); 439 } else if (sr->tid_tree->t_acltype == ACE_T) { 440 /* 441 * No incoming SD and filesystem is ZFS 442 * Server applies Windows inheritance rules, 443 * see smb_fsop_sdinherit() comments as to why. 444 */ 445 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0); 446 rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd); 447 if (rc == 0) { 448 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 449 name, attr, ret_snode, ret_attr, &fs_sd); 450 } 451 452 smb_fssd_term(&fs_sd); 453 } else { 454 /* 455 * No incoming SD and filesystem is not ZFS 456 * let the filesystem handles the inheritance. 457 */ 458 rc = smb_vop_create(dir_snode->vp, name, attr, &vp, 459 flags, cr, NULL); 460 461 if (rc == 0) { 462 *ret_snode = smb_node_lookup(sr, op, cr, vp, 463 name, dir_snode, NULL, ret_attr); 464 465 if (*ret_snode == NULL) { 466 VN_RELE(vp); 467 rc = ENOMEM; 468 } 469 } 470 471 } 472 } 473 474 kmem_free(fname, MAXNAMELEN); 475 kmem_free(sname, MAXNAMELEN); 476 return (rc); 477 } 478 479 /* 480 * smb_fsop_mkdir 481 * 482 * All SMB functions should use this wrapper to ensure that 483 * the the calls are performed with the appropriate credentials. 484 * Please document any direct call to explain the reason 485 * for avoiding this wrapper. 486 * 487 * It is assumed that a reference exists on snode coming into this routine. 488 * 489 * *ret_snode is returned with a reference upon success. No reference is 490 * taken if an error is returned. 491 */ 492 int 493 smb_fsop_mkdir( 494 smb_request_t *sr, 495 cred_t *cr, 496 smb_node_t *dir_snode, 497 char *name, 498 smb_attr_t *attr, 499 smb_node_t **ret_snode, 500 smb_attr_t *ret_attr) 501 { 502 struct open_param *op = &sr->arg.open; 503 char *longname; 504 vnode_t *vp; 505 int flags = 0; 506 smb_fssd_t fs_sd; 507 uint32_t secinfo; 508 uint32_t status; 509 int rc; 510 ASSERT(cr); 511 ASSERT(dir_snode); 512 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 513 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 514 515 ASSERT(ret_snode); 516 *ret_snode = 0; 517 518 ASSERT(name); 519 if (*name == 0) 520 return (EINVAL); 521 522 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 523 return (EACCES); 524 525 ASSERT(sr); 526 ASSERT(sr->tid_tree); 527 if (SMB_TREE_IS_READ_ONLY(sr)) 528 return (EROFS); 529 530 if (smb_maybe_mangled_name(name)) { 531 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 532 rc = smb_unmangle_name(sr, cr, dir_snode, name, longname, 533 MAXNAMELEN, NULL, NULL, 1); 534 535 kmem_free(longname, MAXNAMELEN); 536 537 /* 538 * If the name passed in by the client has an unmangled 539 * equivalent that is found in the specified directory, 540 * then the mkdir cannot succeed. Return EEXIST. 541 * 542 * Only if ENOENT is returned will a mkdir be attempted. 543 */ 544 545 if (rc == 0) 546 rc = EEXIST; 547 548 if (rc != ENOENT) 549 return (rc); 550 } 551 552 if (SMB_TREE_CASE_INSENSITIVE(sr)) 553 flags = SMB_IGNORE_CASE; 554 555 if (op->sd) { 556 /* 557 * SD sent by client in Windows format. Needs to be 558 * converted to FS format. No inheritance. 559 */ 560 secinfo = smb_sd_get_secinfo(op->sd); 561 smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR); 562 563 status = smb_sd_tofs(op->sd, &fs_sd); 564 if (status == NT_STATUS_SUCCESS) { 565 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 566 name, attr, ret_snode, ret_attr, &fs_sd); 567 } 568 else 569 rc = EINVAL; 570 smb_fssd_term(&fs_sd); 571 } else if (sr->tid_tree->t_acltype == ACE_T) { 572 /* 573 * No incoming SD and filesystem is ZFS 574 * Server applies Windows inheritance rules, 575 * see smb_fsop_sdinherit() comments as to why. 576 */ 577 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR); 578 rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd); 579 if (rc == 0) { 580 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 581 name, attr, ret_snode, ret_attr, &fs_sd); 582 } 583 584 smb_fssd_term(&fs_sd); 585 586 } else { 587 rc = smb_vop_mkdir(dir_snode->vp, name, attr, &vp, flags, cr, 588 NULL); 589 590 if (rc == 0) { 591 *ret_snode = smb_node_lookup(sr, op, cr, vp, name, 592 dir_snode, NULL, ret_attr); 593 594 if (*ret_snode == NULL) { 595 VN_RELE(vp); 596 rc = ENOMEM; 597 } 598 } 599 } 600 601 return (rc); 602 } 603 604 /* 605 * smb_fsop_remove 606 * 607 * All SMB functions should use this wrapper to ensure that 608 * the the calls are performed with the appropriate credentials. 609 * Please document any direct call to explain the reason 610 * for avoiding this wrapper. 611 * 612 * It is assumed that a reference exists on snode coming into this routine. 613 * 614 * od: This means that the name passed in is an on-disk name. 615 * A null smb_request might be passed to this function. 616 */ 617 618 int 619 smb_fsop_remove( 620 smb_request_t *sr, 621 cred_t *cr, 622 smb_node_t *dir_snode, 623 char *name, 624 int od) 625 { 626 smb_node_t *fnode; 627 smb_attr_t file_attr; 628 char *longname; 629 char *fname; 630 char *sname; 631 int flags = 0; 632 int rc; 633 634 ASSERT(cr); 635 /* 636 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 637 * function is called during the deletion of the node (because of 638 * DELETE_ON_CLOSE). 639 */ 640 ASSERT(dir_snode); 641 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 642 643 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 644 return (EACCES); 645 646 if (SMB_TREE_IS_READ_ONLY(sr)) 647 return (EROFS); 648 649 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 650 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 651 652 /* 653 * If the passed-in name is an on-disk name, 654 * then we need to do a case-sensitive remove. 655 * This is important if the on-disk name 656 * corresponds to a mangled name passed in by 657 * the client. We want to make sure to remove 658 * the exact file specified by the client, 659 * instead of letting the underlying file system 660 * do a remove on the "first match." 661 */ 662 663 if ((od == 0) && SMB_TREE_CASE_INSENSITIVE(sr)) 664 flags = SMB_IGNORE_CASE; 665 666 if (dir_snode->flags & NODE_XATTR_DIR) { 667 rc = smb_vop_stream_remove(dir_snode->dir_snode->vp, 668 name, flags, cr); 669 } else if (smb_stream_parse_name(name, fname, sname)) { 670 /* 671 * It is assumed that "name" corresponds to the path 672 * passed in by the client, and no need of suppressing 673 * case-insensitive lookups is needed. 674 */ 675 676 ASSERT(od == 0); 677 678 /* 679 * Look up the unnamed stream (i.e. fname). 680 * Unmangle processing will be done on fname 681 * as well as any link target. 682 */ 683 684 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 685 sr->tid_tree->t_snode, dir_snode, fname, &fnode, &file_attr, 686 0, 0); 687 688 if (rc != 0) { 689 kmem_free(fname, MAXNAMELEN); 690 kmem_free(sname, MAXNAMELEN); 691 return (rc); 692 } 693 694 /* 695 * XXX 696 * Need to find out what permission is required by NTFS 697 * to remove a stream. 698 */ 699 rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr); 700 701 smb_node_release(fnode); 702 } else { 703 rc = smb_vop_remove(dir_snode->vp, name, flags, cr); 704 705 if (rc == ENOENT) { 706 if (smb_maybe_mangled_name(name) == 0) { 707 kmem_free(fname, MAXNAMELEN); 708 kmem_free(sname, MAXNAMELEN); 709 return (rc); 710 } 711 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 712 713 rc = smb_unmangle_name(sr, cr, dir_snode, name, 714 longname, MAXNAMELEN, NULL, NULL, 1); 715 716 if (rc == 0) { 717 /* 718 * We passed "1" as the "od" parameter 719 * to smb_unmangle_name(), such that longname 720 * is the real (case-sensitive) on-disk name. 721 * We make sure we do a remove on this exact 722 * name, as the name was mangled and denotes 723 * a unique file. 724 */ 725 flags &= ~SMB_IGNORE_CASE; 726 rc = smb_vop_remove(dir_snode->vp, longname, 727 flags, cr); 728 } 729 730 kmem_free(longname, MAXNAMELEN); 731 } 732 } 733 734 kmem_free(fname, MAXNAMELEN); 735 kmem_free(sname, MAXNAMELEN); 736 return (rc); 737 } 738 739 /* 740 * smb_fsop_remove_streams 741 * 742 * This function removes a file's streams without removing the 743 * file itself. 744 * 745 * It is assumed that snode is not a link. 746 */ 747 int 748 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode) 749 { 750 struct fs_stream_info stream_info; 751 uint32_t cookie = 0; 752 int flags = 0; 753 int rc; 754 755 ASSERT(cr); 756 ASSERT(fnode); 757 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 758 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 759 760 if (SMB_TREE_ROOT_FS(sr, fnode) == 0) 761 return (EACCES); 762 763 if (SMB_TREE_IS_READ_ONLY(sr)) 764 return (EROFS); 765 766 if (SMB_TREE_CASE_INSENSITIVE(sr)) 767 flags = SMB_IGNORE_CASE; 768 769 for (;;) { 770 rc = smb_vop_stream_readdir(fnode->vp, &cookie, &stream_info, 771 NULL, NULL, flags, cr); 772 773 if ((rc != 0) || (cookie == SMB_EOF)) 774 break; 775 776 (void) smb_vop_stream_remove(fnode->vp, stream_info.name, flags, 777 cr); 778 } 779 return (rc); 780 } 781 782 /* 783 * smb_fsop_rmdir 784 * 785 * All SMB functions should use this wrapper to ensure that 786 * the the calls are performed with the appropriate credentials. 787 * Please document any direct call to explain the reason 788 * for avoiding this wrapper. 789 * 790 * It is assumed that a reference exists on snode coming into this routine. 791 * 792 * od: This means that the name passed in is an on-disk name. 793 */ 794 795 int 796 smb_fsop_rmdir( 797 smb_request_t *sr, 798 cred_t *cr, 799 smb_node_t *dir_snode, 800 char *name, 801 int od) 802 { 803 int rc; 804 int flags = 0; 805 char *longname; 806 807 ASSERT(cr); 808 /* 809 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 810 * function is called during the deletion of the node (because of 811 * DELETE_ON_CLOSE). 812 */ 813 ASSERT(dir_snode); 814 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 815 816 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 817 return (EACCES); 818 819 if (SMB_TREE_IS_READ_ONLY(sr)) 820 return (EROFS); 821 822 /* 823 * If the passed-in name is an on-disk name, 824 * then we need to do a case-sensitive rmdir. 825 * This is important if the on-disk name 826 * corresponds to a mangled name passed in by 827 * the client. We want to make sure to remove 828 * the exact directory specified by the client, 829 * instead of letting the underlying file system 830 * do a rmdir on the "first match." 831 */ 832 833 if ((od == 0) && SMB_TREE_CASE_INSENSITIVE(sr)) 834 flags = SMB_IGNORE_CASE; 835 836 rc = smb_vop_rmdir(dir_snode->vp, name, flags, cr); 837 838 if (rc == ENOENT) { 839 if (smb_maybe_mangled_name(name) == 0) 840 return (rc); 841 842 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 843 844 rc = smb_unmangle_name(sr, cr, dir_snode, 845 name, longname, MAXNAMELEN, NULL, 846 NULL, 1); 847 848 if (rc == 0) { 849 /* 850 * We passed "1" as the "od" parameter 851 * to smb_unmangle_name(), such that longname 852 * is the real (case-sensitive) on-disk name. 853 * We make sure we do a rmdir on this exact 854 * name, as the name was mangled and denotes 855 * a unique directory. 856 */ 857 flags &= ~SMB_IGNORE_CASE; 858 rc = smb_vop_rmdir(dir_snode->vp, longname, flags, cr); 859 } 860 861 kmem_free(longname, MAXNAMELEN); 862 } 863 864 return (rc); 865 } 866 867 /* 868 * smb_fsop_getattr 869 * 870 * All SMB functions should use this wrapper to ensure that 871 * the the calls are performed with the appropriate credentials. 872 * Please document any direct call to explain the reason 873 * for avoiding this wrapper. 874 * 875 * It is assumed that a reference exists on snode coming into this routine. 876 */ 877 int 878 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 879 smb_attr_t *attr) 880 { 881 smb_node_t *unnamed_node; 882 vnode_t *unnamed_vp = NULL; 883 uint32_t status; 884 uint32_t access = 0; 885 int flags = 0; 886 int rc; 887 888 ASSERT(cr); 889 ASSERT(snode); 890 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 891 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 892 893 if (SMB_TREE_ROOT_FS(sr, snode) == 0) 894 return (EACCES); 895 896 if (sr->fid_ofile) { 897 /* if uid and/or gid is requested */ 898 if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 899 access |= READ_CONTROL; 900 901 /* if anything else is also requested */ 902 if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 903 access |= FILE_READ_ATTRIBUTES; 904 905 status = smb_ofile_access(sr->fid_ofile, cr, access); 906 if (status != NT_STATUS_SUCCESS) 907 return (EACCES); 908 909 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 910 flags = ATTR_NOACLCHECK; 911 } 912 913 unnamed_node = SMB_IS_STREAM(snode); 914 915 if (unnamed_node) { 916 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 917 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 918 unnamed_vp = unnamed_node->vp; 919 } 920 921 rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr); 922 if (rc == 0) 923 snode->attr = *attr; 924 925 return (rc); 926 } 927 928 /* 929 * smb_fsop_readdir 930 * 931 * All SMB functions should use this smb_fsop_readdir wrapper to ensure that 932 * the smb_vop_readdir is performed with the appropriate credentials. 933 * Please document any direct call to smb_vop_readdir to explain the reason 934 * for avoiding this wrapper. 935 * 936 * It is assumed that a reference exists on snode coming into this routine. 937 */ 938 int 939 smb_fsop_readdir( 940 smb_request_t *sr, 941 cred_t *cr, 942 smb_node_t *dir_snode, 943 uint32_t *cookie, 944 char *name, 945 int *namelen, 946 ino64_t *fileid, 947 struct fs_stream_info *stream_info, 948 smb_node_t **ret_snode, 949 smb_attr_t *ret_attr) 950 { 951 smb_node_t *ret_snodep; 952 smb_node_t *fnode; 953 smb_attr_t tmp_attr; 954 vnode_t *xattrdirvp; 955 vnode_t *fvp; 956 vnode_t *vp = NULL; 957 char *od_name; 958 int rc; 959 int flags = 0; 960 961 ASSERT(cr); 962 ASSERT(dir_snode); 963 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 964 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 965 966 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 967 return (EACCES); 968 969 if (*cookie == SMB_EOF) { 970 *namelen = 0; 971 return (0); 972 } 973 974 if (SMB_TREE_CASE_INSENSITIVE(sr)) 975 flags = SMB_IGNORE_CASE; 976 977 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 978 979 if (stream_info) { 980 rc = smb_vop_lookup(dir_snode->vp, name, &fvp, od_name, 981 SMB_FOLLOW_LINKS, sr->tid_tree->t_snode->vp, cr); 982 983 if (rc != 0) { 984 kmem_free(od_name, MAXNAMELEN); 985 return (rc); 986 } 987 988 fnode = smb_node_lookup(sr, NULL, cr, fvp, od_name, dir_snode, 989 NULL, ret_attr); 990 991 kmem_free(od_name, MAXNAMELEN); 992 993 if (fnode == NULL) { 994 VN_RELE(fvp); 995 return (ENOMEM); 996 } 997 998 /* 999 * XXX 1000 * Need to find out what permission(s) NTFS requires for getting 1001 * a file's streams list. 1002 * 1003 * Might have to use kcred. 1004 */ 1005 rc = smb_vop_stream_readdir(fvp, cookie, stream_info, &vp, 1006 &xattrdirvp, flags, cr); 1007 1008 if ((rc != 0) || (*cookie == SMB_EOF)) { 1009 smb_node_release(fnode); 1010 return (rc); 1011 } 1012 1013 ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1014 vp, stream_info->name, &tmp_attr); 1015 1016 smb_node_release(fnode); 1017 1018 if (ret_snodep == NULL) { 1019 VN_RELE(xattrdirvp); 1020 VN_RELE(vp); 1021 return (ENOMEM); 1022 } 1023 1024 stream_info->size = tmp_attr.sa_vattr.va_size; 1025 1026 if (ret_attr) 1027 *ret_attr = tmp_attr; 1028 1029 if (ret_snode) 1030 *ret_snode = ret_snodep; 1031 else 1032 smb_node_release(ret_snodep); 1033 1034 } else { 1035 rc = smb_vop_readdir(dir_snode->vp, cookie, name, namelen, 1036 fileid, &vp, od_name, flags, cr); 1037 1038 if (rc != 0) { 1039 kmem_free(od_name, MAXNAMELEN); 1040 return (rc); 1041 } 1042 1043 if (*namelen) { 1044 ASSERT(vp); 1045 if (ret_attr || ret_snode) { 1046 ret_snodep = smb_node_lookup(sr, NULL, cr, vp, 1047 od_name, dir_snode, NULL, &tmp_attr); 1048 1049 if (ret_snodep == NULL) { 1050 kmem_free(od_name, MAXNAMELEN); 1051 VN_RELE(vp); 1052 return (ENOMEM); 1053 } 1054 1055 if (ret_attr) 1056 *ret_attr = tmp_attr; 1057 1058 if (ret_snode) 1059 *ret_snode = ret_snodep; 1060 else 1061 smb_node_release(ret_snodep); 1062 } 1063 } 1064 1065 kmem_free(od_name, MAXNAMELEN); 1066 } 1067 1068 return (rc); 1069 } 1070 1071 /* 1072 * smb_fsop_getdents 1073 * 1074 * All SMB functions should use this smb_vop_getdents wrapper to ensure that 1075 * the smb_vop_getdents is performed with the appropriate credentials. 1076 * Please document any direct call to smb_vop_getdents to explain the reason 1077 * for avoiding this wrapper. 1078 * 1079 * It is assumed that a reference exists on snode coming into this routine. 1080 */ 1081 /*ARGSUSED*/ 1082 int 1083 smb_fsop_getdents( 1084 struct smb_request *sr, 1085 cred_t *cr, 1086 smb_node_t *dir_snode, 1087 uint32_t *cookie, 1088 uint64_t *verifierp, 1089 int32_t *maxcnt, 1090 char *args, 1091 char *pattern) 1092 { 1093 int flags = 0; 1094 1095 ASSERT(cr); 1096 ASSERT(dir_snode); 1097 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1098 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1099 1100 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 1101 return (EACCES); 1102 1103 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1104 flags = SMB_IGNORE_CASE; 1105 1106 return (smb_vop_getdents(dir_snode, cookie, 0, maxcnt, args, pattern, 1107 flags, sr, cr)); 1108 } 1109 1110 /* 1111 * smb_fsop_rename 1112 * 1113 * All SMB functions should use this smb_vop_rename wrapper to ensure that 1114 * the smb_vop_rename is performed with the appropriate credentials. 1115 * Please document any direct call to smb_vop_rename to explain the reason 1116 * for avoiding this wrapper. 1117 * 1118 * It is assumed that references exist on from_dir_snode and to_dir_snode coming 1119 * into this routine. 1120 */ 1121 int 1122 smb_fsop_rename( 1123 smb_request_t *sr, 1124 cred_t *cr, 1125 smb_node_t *from_dir_snode, 1126 char *from_name, 1127 smb_node_t *to_dir_snode, 1128 char *to_name) 1129 { 1130 smb_node_t *from_snode; 1131 smb_attr_t tmp_attr; 1132 vnode_t *from_vp; 1133 int flags = 0; 1134 int rc; 1135 1136 ASSERT(cr); 1137 ASSERT(from_dir_snode); 1138 ASSERT(from_dir_snode->n_magic == SMB_NODE_MAGIC); 1139 ASSERT(from_dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1140 1141 ASSERT(to_dir_snode); 1142 ASSERT(to_dir_snode->n_magic == SMB_NODE_MAGIC); 1143 ASSERT(to_dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1144 1145 if (SMB_TREE_ROOT_FS(sr, from_dir_snode) == 0) 1146 return (EACCES); 1147 1148 if (SMB_TREE_ROOT_FS(sr, to_dir_snode) == 0) 1149 return (EACCES); 1150 1151 ASSERT(sr); 1152 ASSERT(sr->tid_tree); 1153 if (SMB_TREE_IS_READ_ONLY(sr)) 1154 return (EROFS); 1155 1156 /* 1157 * Note: There is no need to check SMB_TREE_CASE_INSENSITIVE(sr) 1158 * here. 1159 * 1160 * A case-sensitive rename is always done in this routine 1161 * because we are using the on-disk name from an earlier lookup. 1162 * If a mangled name was passed in by the caller (denoting a 1163 * deterministic lookup), then the exact file must be renamed 1164 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or 1165 * else the underlying file system might return a "first-match" 1166 * on this on-disk name, possibly resulting in the wrong file). 1167 */ 1168 1169 /* 1170 * XXX: Lock required through smb_node_release() below? 1171 */ 1172 1173 rc = smb_vop_lookup(from_dir_snode->vp, from_name, &from_vp, NULL, 0, 1174 NULL, cr); 1175 1176 if (rc != 0) 1177 return (rc); 1178 1179 rc = smb_vop_rename(from_dir_snode->vp, from_name, to_dir_snode->vp, 1180 to_name, flags, cr); 1181 1182 if (rc == 0) { 1183 from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name, 1184 from_dir_snode, NULL, &tmp_attr); 1185 1186 if (from_snode == NULL) { 1187 VN_RELE(from_vp); 1188 return (ENOMEM); 1189 } 1190 1191 (void) smb_node_rename(from_dir_snode, from_snode, to_dir_snode, 1192 to_name); 1193 1194 smb_node_release(from_snode); 1195 } else { 1196 VN_RELE(from_vp); 1197 } 1198 1199 /* XXX: unlock */ 1200 1201 return (rc); 1202 } 1203 1204 /* 1205 * smb_fsop_setattr 1206 * 1207 * All SMB functions should use this wrapper to ensure that 1208 * the the calls are performed with the appropriate credentials. 1209 * Please document any direct call to explain the reason 1210 * for avoiding this wrapper. 1211 * 1212 * It is assumed that a reference exists on snode coming into this routine. 1213 * A null smb_request might be passed to this function. 1214 */ 1215 int 1216 smb_fsop_setattr( 1217 smb_request_t *sr, 1218 cred_t *cr, 1219 smb_node_t *snode, 1220 smb_attr_t *set_attr, 1221 smb_attr_t *ret_attr) 1222 { 1223 smb_node_t *unnamed_node; 1224 vnode_t *unnamed_vp = NULL; 1225 uint32_t status; 1226 uint32_t access = 0; 1227 int rc = 0; 1228 int flags = 0; 1229 boolean_t no_xvattr = B_FALSE; 1230 1231 ASSERT(cr); 1232 ASSERT(snode); 1233 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1234 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1235 1236 if (SMB_TREE_ROOT_FS(sr, snode) == 0) 1237 return (EACCES); 1238 1239 if (SMB_TREE_IS_READ_ONLY(sr)) 1240 return (EROFS); 1241 1242 /* sr could be NULL in some cases */ 1243 if (sr && sr->fid_ofile) { 1244 /* if uid and/or gid is requested */ 1245 if (set_attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 1246 access |= WRITE_OWNER; 1247 1248 /* if anything else is also requested */ 1249 if (set_attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 1250 access |= FILE_WRITE_ATTRIBUTES; 1251 1252 status = smb_ofile_access(sr->fid_ofile, cr, access); 1253 if (status != NT_STATUS_SUCCESS) 1254 return (EACCES); 1255 1256 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 1257 flags = ATTR_NOACLCHECK; 1258 } 1259 1260 unnamed_node = SMB_IS_STREAM(snode); 1261 1262 if (unnamed_node) { 1263 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1264 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1265 unnamed_vp = unnamed_node->vp; 1266 } 1267 if (sr && sr->tid_tree) 1268 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 1269 no_xvattr = B_TRUE; 1270 1271 rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr, 1272 no_xvattr); 1273 1274 if ((rc == 0) && ret_attr) { 1275 /* 1276 * Use kcred to update the node attr because this 1277 * call is not being made on behalf of the user. 1278 */ 1279 ret_attr->sa_mask = SMB_AT_ALL; 1280 rc = smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, kcred); 1281 if (rc == 0) 1282 snode->attr = *ret_attr; 1283 } 1284 1285 return (rc); 1286 } 1287 1288 /* 1289 * smb_fsop_read 1290 * 1291 * All SMB functions should use this wrapper to ensure that 1292 * the the calls are performed with the appropriate credentials. 1293 * Please document any direct call to explain the reason 1294 * for avoiding this wrapper. 1295 * 1296 * It is assumed that a reference exists on snode coming into this routine. 1297 */ 1298 int 1299 smb_fsop_read( 1300 struct smb_request *sr, 1301 cred_t *cr, 1302 smb_node_t *snode, 1303 uio_t *uio, 1304 smb_attr_t *ret_attr) 1305 { 1306 smb_node_t *unnamed_node; 1307 vnode_t *unnamed_vp = NULL; 1308 int svmand; 1309 int rc; 1310 1311 ASSERT(cr); 1312 ASSERT(snode); 1313 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1314 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1315 1316 ASSERT(sr); 1317 ASSERT(sr->fid_ofile); 1318 1319 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA); 1320 if (rc != NT_STATUS_SUCCESS) { 1321 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE); 1322 if (rc != NT_STATUS_SUCCESS) 1323 return (EACCES); 1324 } 1325 1326 unnamed_node = SMB_IS_STREAM(snode); 1327 if (unnamed_node) { 1328 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1329 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1330 unnamed_vp = unnamed_node->vp; 1331 /* 1332 * Streams permission are checked against the unnamed stream, 1333 * but in FS level they have their own permissions. To avoid 1334 * rejection by FS due to lack of permission on the actual 1335 * extended attr kcred is passed for streams. 1336 */ 1337 cr = kcred; 1338 } 1339 1340 smb_node_start_crit(snode, RW_READER); 1341 rc = nbl_svmand(snode->vp, cr, &svmand); 1342 if (rc) { 1343 smb_node_end_crit(snode); 1344 return (rc); 1345 } 1346 1347 rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset, 1348 uio->uio_iov->iov_len, svmand, &smb_ct); 1349 1350 if (rc) { 1351 smb_node_end_crit(snode); 1352 return (rc); 1353 } 1354 rc = smb_vop_read(snode->vp, uio, cr); 1355 1356 if (rc == 0 && ret_attr) { 1357 /* 1358 * Use kcred to update the node attr because this 1359 * call is not being made on behalf of the user. 1360 */ 1361 ret_attr->sa_mask = SMB_AT_ALL; 1362 if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1363 kcred) == 0) { 1364 snode->attr = *ret_attr; 1365 } 1366 } 1367 1368 smb_node_end_crit(snode); 1369 1370 return (rc); 1371 } 1372 1373 /* 1374 * smb_fsop_write 1375 * 1376 * This is a wrapper function used for smb_write and smb_write_raw operations. 1377 * 1378 * It is assumed that a reference exists on snode coming into this routine. 1379 */ 1380 int 1381 smb_fsop_write( 1382 smb_request_t *sr, 1383 cred_t *cr, 1384 smb_node_t *snode, 1385 uio_t *uio, 1386 uint32_t *lcount, 1387 smb_attr_t *ret_attr, 1388 uint32_t *flag) 1389 { 1390 smb_node_t *unnamed_node; 1391 vnode_t *unnamed_vp = NULL; 1392 int svmand; 1393 int rc; 1394 1395 ASSERT(cr); 1396 ASSERT(snode); 1397 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1398 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1399 1400 ASSERT(sr); 1401 ASSERT(sr->tid_tree); 1402 ASSERT(sr->fid_ofile); 1403 1404 if (SMB_TREE_IS_READ_ONLY(sr)) 1405 return (EROFS); 1406 1407 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_WRITE_DATA); 1408 if (rc != NT_STATUS_SUCCESS) { 1409 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_APPEND_DATA); 1410 if (rc != NT_STATUS_SUCCESS) 1411 return (EACCES); 1412 } 1413 1414 unnamed_node = SMB_IS_STREAM(snode); 1415 1416 if (unnamed_node) { 1417 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1418 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1419 unnamed_vp = unnamed_node->vp; 1420 /* 1421 * Streams permission are checked against the unnamed stream, 1422 * but in FS level they have their own permissions. To avoid 1423 * rejection by FS due to lack of permission on the actual 1424 * extended attr kcred is passed for streams. 1425 */ 1426 cr = kcred; 1427 } 1428 1429 smb_node_start_crit(snode, RW_READER); 1430 rc = nbl_svmand(snode->vp, cr, &svmand); 1431 if (rc) { 1432 smb_node_end_crit(snode); 1433 return (rc); 1434 } 1435 rc = nbl_lock_conflict(snode->vp, NBL_WRITE, uio->uio_loffset, 1436 uio->uio_iov->iov_len, svmand, &smb_ct); 1437 1438 if (rc) { 1439 smb_node_end_crit(snode); 1440 return (rc); 1441 } 1442 rc = smb_vop_write(snode->vp, uio, flag, lcount, cr); 1443 1444 if (rc == 0 && ret_attr) { 1445 /* 1446 * Use kcred to update the node attr because this 1447 * call is not being made on behalf of the user. 1448 */ 1449 ret_attr->sa_mask = SMB_AT_ALL; 1450 if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1451 kcred) == 0) { 1452 snode->attr = *ret_attr; 1453 } 1454 } 1455 1456 smb_node_end_crit(snode); 1457 1458 return (rc); 1459 } 1460 1461 /* 1462 * smb_fsop_statfs 1463 * 1464 * This is a wrapper function used for stat operations. 1465 */ 1466 int 1467 smb_fsop_statfs( 1468 cred_t *cr, 1469 smb_node_t *snode, 1470 struct statvfs64 *statp) 1471 { 1472 ASSERT(cr); 1473 ASSERT(snode); 1474 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1475 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1476 1477 return (smb_vop_statfs(snode->vp, statp, cr)); 1478 } 1479 1480 /* 1481 * smb_fsop_access 1482 */ 1483 int 1484 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1485 uint32_t faccess) 1486 { 1487 int access = 0; 1488 int error; 1489 vnode_t *dir_vp; 1490 boolean_t acl_check = B_TRUE; 1491 smb_node_t *unnamed_node; 1492 1493 ASSERT(cr); 1494 ASSERT(snode); 1495 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1496 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1497 1498 if (faccess == 0) 1499 return (NT_STATUS_SUCCESS); 1500 1501 if (SMB_TREE_IS_READ_ONLY(sr)) { 1502 if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA| 1503 FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES| 1504 DELETE|WRITE_DAC|WRITE_OWNER)) { 1505 return (NT_STATUS_ACCESS_DENIED); 1506 } 1507 } 1508 1509 unnamed_node = SMB_IS_STREAM(snode); 1510 if (unnamed_node) { 1511 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1512 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1513 /* 1514 * Streams authorization should be performed against the 1515 * unnamed stream. 1516 */ 1517 snode = unnamed_node; 1518 } 1519 1520 if (faccess & ACCESS_SYSTEM_SECURITY) { 1521 /* 1522 * This permission is required for reading/writing SACL and 1523 * it's not part of DACL. It's only granted via proper 1524 * privileges. 1525 */ 1526 if ((sr->uid_user->u_privileges & 1527 (SMB_USER_PRIV_BACKUP | 1528 SMB_USER_PRIV_RESTORE | 1529 SMB_USER_PRIV_SECURITY)) == 0) 1530 return (NT_STATUS_PRIVILEGE_NOT_HELD); 1531 1532 faccess &= ~ACCESS_SYSTEM_SECURITY; 1533 } 1534 1535 /* Links don't have ACL */ 1536 if (((sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) == 0) || 1537 (snode->attr.sa_vattr.va_type == VLNK)) 1538 acl_check = B_FALSE; 1539 1540 if (acl_check) { 1541 dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 1542 error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp, 1543 cr); 1544 } else { 1545 /* 1546 * FS doesn't understand 32-bit mask, need to map 1547 */ 1548 if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA)) 1549 access |= VWRITE; 1550 1551 if (faccess & FILE_READ_DATA) 1552 access |= VREAD; 1553 1554 if (faccess & FILE_EXECUTE) 1555 access |= VEXEC; 1556 1557 error = smb_vop_access(snode->vp, access, 0, NULL, cr); 1558 } 1559 1560 return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS); 1561 } 1562 1563 /* 1564 * smb_fsop_lookup_name() 1565 * 1566 * Sanity checks on dir_snode done in smb_fsop_lookup(). 1567 * 1568 * Note: This function is called only from the open path. 1569 * It will check if the file is a stream. 1570 * It will also return an error if the looked-up file is in 1571 * a child mount. 1572 */ 1573 1574 int 1575 smb_fsop_lookup_name( 1576 smb_request_t *sr, 1577 cred_t *cr, 1578 int flags, 1579 smb_node_t *root_node, 1580 smb_node_t *dir_snode, 1581 char *name, 1582 smb_node_t **ret_snode, 1583 smb_attr_t *ret_attr) 1584 { 1585 smb_node_t *fnode; 1586 smb_attr_t file_attr; 1587 vnode_t *xattrdirvp; 1588 vnode_t *vp; 1589 char *od_name; 1590 char *fname; 1591 char *sname; 1592 int rc; 1593 1594 ASSERT(cr); 1595 ASSERT(dir_snode); 1596 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1597 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1598 1599 /* 1600 * The following check is required for streams processing, below 1601 */ 1602 1603 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1604 flags |= SMB_IGNORE_CASE; 1605 1606 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1607 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1608 1609 if (smb_stream_parse_name(name, fname, sname)) { 1610 /* 1611 * Look up the unnamed stream (i.e. fname). 1612 * Unmangle processing will be done on fname 1613 * as well as any link target. 1614 */ 1615 rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, fname, 1616 &fnode, &file_attr, NULL, NULL); 1617 1618 if (rc != 0) { 1619 kmem_free(fname, MAXNAMELEN); 1620 kmem_free(sname, MAXNAMELEN); 1621 return (rc); 1622 } 1623 1624 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1625 1626 /* 1627 * od_name is the on-disk name of the stream, except 1628 * without the prepended stream prefix (SMB_STREAM_PREFIX) 1629 */ 1630 1631 /* 1632 * XXX 1633 * What permissions NTFS requires for stream lookup if any? 1634 */ 1635 rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name, 1636 &xattrdirvp, flags, root_node->vp, cr); 1637 1638 if (rc != 0) { 1639 smb_node_release(fnode); 1640 kmem_free(fname, MAXNAMELEN); 1641 kmem_free(sname, MAXNAMELEN); 1642 kmem_free(od_name, MAXNAMELEN); 1643 return (rc); 1644 } 1645 1646 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1647 vp, od_name, ret_attr); 1648 1649 kmem_free(od_name, MAXNAMELEN); 1650 smb_node_release(fnode); 1651 1652 if (*ret_snode == NULL) { 1653 VN_RELE(xattrdirvp); 1654 VN_RELE(vp); 1655 kmem_free(fname, MAXNAMELEN); 1656 kmem_free(sname, MAXNAMELEN); 1657 return (ENOMEM); 1658 } 1659 } else { 1660 rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, name, 1661 ret_snode, ret_attr, NULL, NULL); 1662 } 1663 1664 if (rc == 0) { 1665 ASSERT(ret_snode); 1666 if (SMB_TREE_ROOT_FS(sr, *ret_snode) == 0) { 1667 smb_node_release(*ret_snode); 1668 *ret_snode = NULL; 1669 rc = EACCES; 1670 } 1671 } 1672 1673 kmem_free(fname, MAXNAMELEN); 1674 kmem_free(sname, MAXNAMELEN); 1675 1676 return (rc); 1677 } 1678 1679 /* 1680 * smb_fsop_lookup 1681 * 1682 * All SMB functions should use this smb_vop_lookup wrapper to ensure that 1683 * the smb_vop_lookup is performed with the appropriate credentials and using 1684 * case insensitive compares. Please document any direct call to smb_vop_lookup 1685 * to explain the reason for avoiding this wrapper. 1686 * 1687 * It is assumed that a reference exists on dir_snode coming into this routine 1688 * (and that it is safe from deallocation). 1689 * 1690 * Same with the root_node. 1691 * 1692 * *ret_snode is returned with a reference upon success. No reference is 1693 * taken if an error is returned. 1694 * 1695 * Note: The returned ret_snode may be in a child mount. This is ok for 1696 * readdir and getdents. 1697 * 1698 * Other smb_fsop_* routines will call SMB_TREE_ROOT_FS() to prevent 1699 * operations on files not in the parent mount. 1700 */ 1701 int 1702 smb_fsop_lookup( 1703 smb_request_t *sr, 1704 cred_t *cr, 1705 int flags, 1706 smb_node_t *root_node, 1707 smb_node_t *dir_snode, 1708 char *name, 1709 smb_node_t **ret_snode, 1710 smb_attr_t *ret_attr, 1711 char *ret_shortname, /* Must be at least MANGLE_NAMELEN chars */ 1712 char *ret_name83) /* Must be at least MANGLE_NAMELEN chars */ 1713 { 1714 smb_node_t *lnk_target_node; 1715 smb_node_t *lnk_dnode; 1716 char *longname; 1717 char *od_name; 1718 vnode_t *vp; 1719 int rc; 1720 1721 ASSERT(cr); 1722 ASSERT(dir_snode); 1723 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1724 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1725 1726 if (name == NULL) 1727 return (EINVAL); 1728 1729 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 1730 return (EACCES); 1731 1732 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1733 flags |= SMB_IGNORE_CASE; 1734 1735 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1736 1737 rc = smb_vop_lookup(dir_snode->vp, name, &vp, od_name, flags, 1738 root_node ? root_node->vp : NULL, cr); 1739 1740 if (rc != 0) { 1741 if (smb_maybe_mangled_name(name) == 0) { 1742 kmem_free(od_name, MAXNAMELEN); 1743 return (rc); 1744 } 1745 1746 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1747 1748 rc = smb_unmangle_name(sr, cr, dir_snode, name, longname, 1749 MAXNAMELEN, ret_shortname, ret_name83, 1); 1750 1751 if (rc != 0) { 1752 kmem_free(od_name, MAXNAMELEN); 1753 kmem_free(longname, MAXNAMELEN); 1754 return (rc); 1755 } 1756 1757 /* 1758 * We passed "1" as the "od" parameter 1759 * to smb_unmangle_name(), such that longname 1760 * is the real (case-sensitive) on-disk name. 1761 * We make sure we do a lookup on this exact 1762 * name, as the name was mangled and denotes 1763 * a unique file. 1764 */ 1765 1766 if (flags & SMB_IGNORE_CASE) 1767 flags &= ~SMB_IGNORE_CASE; 1768 1769 rc = smb_vop_lookup(dir_snode->vp, longname, &vp, od_name, 1770 flags, root_node ? root_node->vp : NULL, cr); 1771 1772 kmem_free(longname, MAXNAMELEN); 1773 1774 if (rc != 0) { 1775 kmem_free(od_name, MAXNAMELEN); 1776 return (rc); 1777 } 1778 } 1779 1780 if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK)) { 1781 1782 rc = smb_pathname(sr, od_name, FOLLOW, root_node, dir_snode, 1783 &lnk_dnode, &lnk_target_node, cr); 1784 1785 if (rc != 0) { 1786 /* 1787 * The link is assumed to be for the last component 1788 * of a path. Hence any ENOTDIR error will be returned 1789 * as ENOENT. 1790 */ 1791 if (rc == ENOTDIR) 1792 rc = ENOENT; 1793 1794 VN_RELE(vp); 1795 kmem_free(od_name, MAXNAMELEN); 1796 return (rc); 1797 } 1798 1799 /* 1800 * Release the original VLNK vnode 1801 */ 1802 1803 VN_RELE(vp); 1804 vp = lnk_target_node->vp; 1805 1806 rc = smb_vop_traverse_check(&vp); 1807 1808 if (rc != 0) { 1809 smb_node_release(lnk_dnode); 1810 smb_node_release(lnk_target_node); 1811 kmem_free(od_name, MAXNAMELEN); 1812 return (rc); 1813 } 1814 1815 /* 1816 * smb_vop_traverse_check() may have returned a different vnode 1817 */ 1818 1819 if (lnk_target_node->vp == vp) { 1820 *ret_snode = lnk_target_node; 1821 *ret_attr = (*ret_snode)->attr; 1822 } else { 1823 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, 1824 lnk_target_node->od_name, lnk_dnode, NULL, 1825 ret_attr); 1826 1827 if (*ret_snode == NULL) { 1828 VN_RELE(vp); 1829 rc = ENOMEM; 1830 } 1831 smb_node_release(lnk_target_node); 1832 } 1833 1834 smb_node_release(lnk_dnode); 1835 1836 } else { 1837 1838 rc = smb_vop_traverse_check(&vp); 1839 if (rc) { 1840 VN_RELE(vp); 1841 kmem_free(od_name, MAXNAMELEN); 1842 return (rc); 1843 } 1844 1845 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name, 1846 dir_snode, NULL, ret_attr); 1847 1848 if (*ret_snode == NULL) { 1849 VN_RELE(vp); 1850 rc = ENOMEM; 1851 } 1852 } 1853 1854 kmem_free(od_name, MAXNAMELEN); 1855 return (rc); 1856 } 1857 1858 /* 1859 * smb_fsop_stream_readdir() 1860 * 1861 * ret_snode and ret_attr are optional parameters (i.e. NULL may be passed in) 1862 * 1863 * This routine will return only NTFS streams. If an NTFS stream is not 1864 * found at the offset specified, the directory will be read until an NTFS 1865 * stream is found or until EOF. 1866 * 1867 * Note: Sanity checks done in caller 1868 * (smb_fsop_readdir(), smb_fsop_remove_streams()) 1869 */ 1870 1871 int 1872 smb_fsop_stream_readdir(smb_request_t *sr, cred_t *cr, smb_node_t *fnode, 1873 uint32_t *cookiep, struct fs_stream_info *stream_info, 1874 smb_node_t **ret_snode, smb_attr_t *ret_attr) 1875 { 1876 smb_node_t *ret_snodep = NULL; 1877 smb_attr_t tmp_attr; 1878 vnode_t *xattrdirvp; 1879 vnode_t *vp; 1880 int rc = 0; 1881 int flags = 0; 1882 1883 /* 1884 * XXX NTFS permission requirements if any? 1885 */ 1886 ASSERT(cr); 1887 ASSERT(fnode); 1888 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 1889 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 1890 1891 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1892 flags = SMB_IGNORE_CASE; 1893 1894 rc = smb_vop_stream_readdir(fnode->vp, cookiep, stream_info, &vp, 1895 &xattrdirvp, flags, cr); 1896 1897 if ((rc != 0) || *cookiep == SMB_EOF) 1898 return (rc); 1899 1900 ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, vp, 1901 stream_info->name, &tmp_attr); 1902 1903 if (ret_snodep == NULL) { 1904 VN_RELE(xattrdirvp); 1905 VN_RELE(vp); 1906 return (ENOMEM); 1907 } 1908 1909 stream_info->size = tmp_attr.sa_vattr.va_size; 1910 1911 if (ret_attr) 1912 *ret_attr = tmp_attr; 1913 1914 if (ret_snode) 1915 *ret_snode = ret_snodep; 1916 else 1917 smb_node_release(ret_snodep); 1918 1919 return (rc); 1920 } 1921 1922 int /*ARGSUSED*/ 1923 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode) 1924 { 1925 ASSERT(cr); 1926 ASSERT(snode); 1927 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1928 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1929 1930 ASSERT(sr); 1931 ASSERT(sr->tid_tree); 1932 if (SMB_TREE_IS_READ_ONLY(sr)) 1933 return (EROFS); 1934 1935 return (smb_vop_commit(snode->vp, cr)); 1936 } 1937 1938 /* 1939 * smb_fsop_aclread 1940 * 1941 * Retrieve filesystem ACL. Depends on requested ACLs in 1942 * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in 1943 * fs_sd. Note that requesting a DACL/SACL doesn't mean that 1944 * the corresponding field in fs_sd should be non-NULL upon 1945 * return, since the target ACL might not contain that type of 1946 * entries. 1947 * 1948 * Returned ACL is always in ACE_T (aka ZFS) format. 1949 * If successful the allocated memory for the ACL should be freed 1950 * using smb_fsacl_free() or smb_fssd_term() 1951 */ 1952 int 1953 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1954 smb_fssd_t *fs_sd) 1955 { 1956 int error = 0; 1957 int flags = 0; 1958 int access = 0; 1959 acl_t *acl; 1960 smb_node_t *unnamed_node; 1961 1962 ASSERT(cr); 1963 1964 if (sr->fid_ofile) { 1965 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 1966 access = READ_CONTROL; 1967 1968 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 1969 access |= ACCESS_SYSTEM_SECURITY; 1970 1971 error = smb_ofile_access(sr->fid_ofile, cr, access); 1972 if (error != NT_STATUS_SUCCESS) { 1973 return (EACCES); 1974 } 1975 } 1976 1977 unnamed_node = SMB_IS_STREAM(snode); 1978 if (unnamed_node) { 1979 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1980 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1981 /* 1982 * Streams don't have ACL, any read ACL attempt on a stream 1983 * should be performed on the unnamed stream. 1984 */ 1985 snode = unnamed_node; 1986 } 1987 1988 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 1989 flags = ATTR_NOACLCHECK; 1990 1991 error = smb_vop_acl_read(snode->vp, &acl, flags, 1992 sr->tid_tree->t_acltype, cr); 1993 if (error != 0) { 1994 return (error); 1995 } 1996 1997 error = acl_translate(acl, _ACL_ACE_ENABLED, 1998 (snode->vp->v_type == VDIR), fs_sd->sd_uid, fs_sd->sd_gid); 1999 2000 if (error == 0) { 2001 smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl, 2002 fs_sd->sd_secinfo); 2003 } 2004 2005 acl_free(acl); 2006 return (error); 2007 } 2008 2009 /* 2010 * smb_fsop_aclwrite 2011 * 2012 * Stores the filesystem ACL provided in fs_sd->sd_acl. 2013 */ 2014 int 2015 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2016 smb_fssd_t *fs_sd) 2017 { 2018 int target_flavor; 2019 int error = 0; 2020 int flags = 0; 2021 int access = 0; 2022 acl_t *acl, *dacl, *sacl; 2023 smb_node_t *unnamed_node; 2024 2025 ASSERT(cr); 2026 2027 ASSERT(sr); 2028 ASSERT(sr->tid_tree); 2029 if (SMB_TREE_IS_READ_ONLY(sr)) 2030 return (EROFS); 2031 2032 if (sr->fid_ofile) { 2033 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2034 access = WRITE_DAC; 2035 2036 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2037 access |= ACCESS_SYSTEM_SECURITY; 2038 2039 error = smb_ofile_access(sr->fid_ofile, cr, access); 2040 if (error != NT_STATUS_SUCCESS) 2041 return (EACCES); 2042 } 2043 2044 switch (sr->tid_tree->t_acltype) { 2045 case ACLENT_T: 2046 target_flavor = _ACL_ACLENT_ENABLED; 2047 break; 2048 2049 case ACE_T: 2050 target_flavor = _ACL_ACE_ENABLED; 2051 break; 2052 default: 2053 return (EINVAL); 2054 } 2055 2056 unnamed_node = SMB_IS_STREAM(snode); 2057 if (unnamed_node) { 2058 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2059 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2060 /* 2061 * Streams don't have ACL, any write ACL attempt on a stream 2062 * should be performed on the unnamed stream. 2063 */ 2064 snode = unnamed_node; 2065 } 2066 2067 dacl = fs_sd->sd_zdacl; 2068 sacl = fs_sd->sd_zsacl; 2069 2070 ASSERT(dacl || sacl); 2071 if ((dacl == NULL) && (sacl == NULL)) 2072 return (EINVAL); 2073 2074 if (dacl && sacl) 2075 acl = smb_fsacl_merge(dacl, sacl); 2076 else if (dacl) 2077 acl = dacl; 2078 else 2079 acl = sacl; 2080 2081 error = acl_translate(acl, target_flavor, (snode->vp->v_type == VDIR), 2082 fs_sd->sd_uid, fs_sd->sd_gid); 2083 if (error == 0) { 2084 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 2085 flags = ATTR_NOACLCHECK; 2086 2087 error = smb_vop_acl_write(snode->vp, acl, flags, cr); 2088 } 2089 2090 if (dacl && sacl) 2091 acl_free(acl); 2092 2093 return (error); 2094 } 2095 2096 acl_type_t 2097 smb_fsop_acltype(smb_node_t *snode) 2098 { 2099 return (smb_vop_acl_type(snode->vp)); 2100 } 2101 2102 /* 2103 * smb_fsop_sdread 2104 * 2105 * Read the requested security descriptor items from filesystem. 2106 * The items are specified in fs_sd->sd_secinfo. 2107 */ 2108 int 2109 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2110 smb_fssd_t *fs_sd) 2111 { 2112 int error = 0; 2113 int getowner = 0; 2114 cred_t *ga_cred; 2115 smb_attr_t attr; 2116 2117 ASSERT(cr); 2118 ASSERT(fs_sd); 2119 2120 /* 2121 * File's uid/gid is fetched in two cases: 2122 * 2123 * 1. it's explicitly requested 2124 * 2125 * 2. target ACL is ACE_T (ZFS ACL). They're needed for 2126 * owner@/group@ entries. In this case kcred should be used 2127 * because uid/gid are fetched on behalf of smb server. 2128 */ 2129 if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) { 2130 getowner = 1; 2131 ga_cred = cr; 2132 } else if (sr->tid_tree->t_acltype == ACE_T) { 2133 getowner = 1; 2134 ga_cred = kcred; 2135 } 2136 2137 if (getowner) { 2138 /* 2139 * Windows require READ_CONTROL to read owner/group SID since 2140 * they're part of Security Descriptor. 2141 * ZFS only requires read_attribute. Need to have a explicit 2142 * access check here. 2143 */ 2144 if (sr->fid_ofile == NULL) { 2145 error = smb_fsop_access(sr, ga_cred, snode, 2146 READ_CONTROL); 2147 if (error) 2148 return (error); 2149 } 2150 2151 attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2152 error = smb_fsop_getattr(sr, ga_cred, snode, &attr); 2153 if (error == 0) { 2154 fs_sd->sd_uid = attr.sa_vattr.va_uid; 2155 fs_sd->sd_gid = attr.sa_vattr.va_gid; 2156 } else { 2157 return (error); 2158 } 2159 } 2160 2161 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2162 error = smb_fsop_aclread(sr, cr, snode, fs_sd); 2163 } 2164 2165 return (error); 2166 } 2167 2168 /* 2169 * smb_fsop_sdmerge 2170 * 2171 * From SMB point of view DACL and SACL are two separate list 2172 * which can be manipulated independently without one affecting 2173 * the other, but entries for both DACL and SACL will end up 2174 * in the same ACL if target filesystem supports ACE_T ACLs. 2175 * 2176 * So, if either DACL or SACL is present in the client set request 2177 * the entries corresponding to the non-present ACL shouldn't 2178 * be touched in the FS ACL. 2179 * 2180 * fs_sd parameter contains DACL and SACL specified by SMB 2181 * client to be set on a file/directory. The client could 2182 * specify both or one of these ACLs (if none is specified 2183 * we don't get this far). When both DACL and SACL are given 2184 * by client the existing ACL should be overwritten. If only 2185 * one of them is specified the entries corresponding to the other 2186 * ACL should not be touched. For example, if only DACL 2187 * is specified in input fs_sd, the function reads audit entries 2188 * of the existing ACL of the file and point fs_sd->sd_zsdacl 2189 * pointer to the fetched SACL, this way when smb_fsop_sdwrite() 2190 * function is called the passed fs_sd would point to the specified 2191 * DACL by client and fetched SACL from filesystem, so the file 2192 * will end up with correct ACL. 2193 */ 2194 static int 2195 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd) 2196 { 2197 smb_fssd_t cur_sd; 2198 int error = 0; 2199 2200 if (sr->tid_tree->t_acltype != ACE_T) 2201 /* Don't bother if target FS doesn't support ACE_T */ 2202 return (0); 2203 2204 if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) { 2205 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 2206 /* 2207 * Don't overwrite existing audit entries 2208 */ 2209 smb_fssd_init(&cur_sd, SMB_SACL_SECINFO, 2210 fs_sd->sd_flags); 2211 2212 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2213 if (error == 0) { 2214 ASSERT(fs_sd->sd_zsacl == NULL); 2215 fs_sd->sd_zsacl = cur_sd.sd_zsacl; 2216 if (fs_sd->sd_zsacl && fs_sd->sd_zdacl) 2217 fs_sd->sd_zsacl->acl_flags = 2218 fs_sd->sd_zdacl->acl_flags; 2219 } 2220 } else { 2221 /* 2222 * Don't overwrite existing access entries 2223 */ 2224 smb_fssd_init(&cur_sd, SMB_DACL_SECINFO, 2225 fs_sd->sd_flags); 2226 2227 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2228 if (error == 0) { 2229 ASSERT(fs_sd->sd_zdacl == NULL); 2230 fs_sd->sd_zdacl = cur_sd.sd_zdacl; 2231 if (fs_sd->sd_zdacl && fs_sd->sd_zsacl) 2232 fs_sd->sd_zdacl->acl_flags = 2233 fs_sd->sd_zsacl->acl_flags; 2234 } 2235 } 2236 2237 if (error) 2238 smb_fssd_term(&cur_sd); 2239 } 2240 2241 return (error); 2242 } 2243 2244 /* 2245 * smb_fsop_sdwrite 2246 * 2247 * Stores the given uid, gid and acl in filesystem. 2248 * Provided items in fs_sd are specified by fs_sd->sd_secinfo. 2249 * 2250 * A SMB security descriptor could contain owner, primary group, 2251 * DACL and SACL. Setting an SD should be atomic but here it has to 2252 * be done via two separate FS operations: VOP_SETATTR and 2253 * VOP_SETSECATTR. Therefore, this function has to simulate the 2254 * atomicity as well as it can. 2255 */ 2256 int 2257 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2258 smb_fssd_t *fs_sd, int overwrite) 2259 { 2260 int error = 0; 2261 int access = 0; 2262 smb_attr_t set_attr; 2263 smb_attr_t orig_attr; 2264 2265 ASSERT(cr); 2266 ASSERT(fs_sd); 2267 2268 ASSERT(sr); 2269 ASSERT(sr->tid_tree); 2270 if (SMB_TREE_IS_READ_ONLY(sr)) 2271 return (EROFS); 2272 2273 bzero(&set_attr, sizeof (smb_attr_t)); 2274 2275 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 2276 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 2277 set_attr.sa_mask |= SMB_AT_UID; 2278 } 2279 2280 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 2281 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 2282 set_attr.sa_mask |= SMB_AT_GID; 2283 } 2284 2285 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2286 access |= WRITE_DAC; 2287 2288 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2289 access |= ACCESS_SYSTEM_SECURITY; 2290 2291 if (sr->fid_ofile) 2292 error = smb_ofile_access(sr->fid_ofile, cr, access); 2293 else 2294 error = smb_fsop_access(sr, cr, snode, access); 2295 2296 if (error) 2297 return (EACCES); 2298 2299 if (set_attr.sa_mask) { 2300 /* 2301 * Get the current uid, gid so if smb_fsop_aclwrite fails 2302 * we can revert uid, gid changes. 2303 * 2304 * We use root cred here so the operation doesn't fail 2305 * due to lack of permission for the user to read the attrs 2306 */ 2307 2308 orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2309 error = smb_fsop_getattr(sr, kcred, snode, &orig_attr); 2310 if (error == 0) 2311 error = smb_fsop_setattr(sr, cr, snode, &set_attr, 2312 NULL); 2313 2314 if (error) 2315 return (error); 2316 } 2317 2318 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2319 if (overwrite == 0) { 2320 error = smb_fsop_sdmerge(sr, snode, fs_sd); 2321 if (error) 2322 return (error); 2323 } 2324 2325 error = smb_fsop_aclwrite(sr, cr, snode, fs_sd); 2326 if (error) { 2327 /* 2328 * Revert uid/gid changes if required. 2329 */ 2330 if (set_attr.sa_mask) { 2331 orig_attr.sa_mask = set_attr.sa_mask; 2332 (void) smb_fsop_setattr(sr, kcred, snode, 2333 &orig_attr, NULL); 2334 } 2335 } 2336 } 2337 2338 return (error); 2339 } 2340 2341 /* 2342 * smb_fsop_sdinherit 2343 * 2344 * Inherit the security descriptor from the parent container. 2345 * This function is called after FS has created the file/folder 2346 * so if this doesn't do anything it means FS inheritance is 2347 * in place. 2348 * 2349 * Do inheritance for ZFS internally. 2350 * 2351 * If we want to let ZFS does the inheritance the 2352 * following setting should be true: 2353 * 2354 * - aclinherit = passthrough 2355 * - aclmode = passthrough 2356 * - smbd umask = 0777 2357 * 2358 * This will result in right effective permissions but 2359 * ZFS will always add 6 ACEs for owner, owning group 2360 * and others to be POSIX compliant. This is not what 2361 * Windows clients/users expect, so we decided that CIFS 2362 * implements Windows rules and overwrite whatever ZFS 2363 * comes up with. This way we also don't have to care 2364 * about ZFS aclinherit and aclmode settings. 2365 */ 2366 static int 2367 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd) 2368 { 2369 int is_dir; 2370 acl_t *dacl = NULL; 2371 acl_t *sacl = NULL; 2372 ksid_t *owner_sid; 2373 int error; 2374 2375 ASSERT(fs_sd); 2376 2377 if (sr->tid_tree->t_acltype != ACE_T) { 2378 /* 2379 * No forced inheritance for non-ZFS filesystems. 2380 */ 2381 fs_sd->sd_secinfo = 0; 2382 return (0); 2383 } 2384 2385 2386 /* Fetch parent directory's ACL */ 2387 error = smb_fsop_sdread(sr, kcred, dnode, fs_sd); 2388 if (error) { 2389 return (error); 2390 } 2391 2392 is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR); 2393 owner_sid = crgetsid(sr->user_cr, KSID_OWNER); 2394 ASSERT(owner_sid); 2395 dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO, 2396 owner_sid->ks_id); 2397 sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO, 2398 (uid_t)-1); 2399 2400 if (sacl == NULL) 2401 fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO; 2402 2403 smb_fsacl_free(fs_sd->sd_zdacl); 2404 smb_fsacl_free(fs_sd->sd_zsacl); 2405 2406 fs_sd->sd_zdacl = dacl; 2407 fs_sd->sd_zsacl = sacl; 2408 2409 return (0); 2410 } 2411 2412 /* 2413 * smb_fsop_eaccess 2414 * 2415 * Returns the effective permission of the given credential for the 2416 * specified object. 2417 * 2418 * This is just a workaround. We need VFS/FS support for this. 2419 */ 2420 void 2421 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2422 uint32_t *eaccess) 2423 { 2424 int access = 0; 2425 vnode_t *dir_vp; 2426 smb_node_t *unnamed_node; 2427 2428 ASSERT(cr); 2429 ASSERT(snode); 2430 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2431 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2432 2433 unnamed_node = SMB_IS_STREAM(snode); 2434 if (unnamed_node) { 2435 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2436 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2437 /* 2438 * Streams authorization should be performed against the 2439 * unnamed stream. 2440 */ 2441 snode = unnamed_node; 2442 } 2443 2444 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) { 2445 dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 2446 smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp, 2447 cr); 2448 return; 2449 } 2450 2451 /* 2452 * FS doesn't understand 32-bit mask 2453 */ 2454 smb_vop_eaccess(snode->vp, &access, 0, NULL, cr); 2455 2456 *eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES; 2457 2458 if (access & VREAD) 2459 *eaccess |= FILE_READ_DATA; 2460 2461 if (access & VEXEC) 2462 *eaccess |= FILE_EXECUTE; 2463 2464 if (access & VWRITE) 2465 *eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | 2466 FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD; 2467 } 2468 2469 /* 2470 * smb_fsop_shrlock 2471 * 2472 * For the current open request, check file sharing rules 2473 * against existing opens. 2474 * 2475 * Returns NT_STATUS_SHARING_VIOLATION if there is any 2476 * sharing conflict. Returns NT_STATUS_SUCCESS otherwise. 2477 * 2478 * Full system-wide share reservation synchronization is available 2479 * when the nbmand (non-blocking mandatory) mount option is set 2480 * (i.e. nbl_need_crit() is true) and nbmand critical regions are used. 2481 * This provides synchronization with NFS and local processes. The 2482 * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called 2483 * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well 2484 * as the CIFS rename and delete paths. 2485 * 2486 * The CIFS server will also enter the nbl critical region in the open, 2487 * rename, and delete paths when nbmand is not set. There is limited 2488 * coordination with local and VFS share reservations in this case. 2489 * Note that when the nbmand mount option is not set, the VFS layer 2490 * only processes advisory reservations and the delete mode is not checked. 2491 * 2492 * Whether or not the nbmand mount option is set, intra-CIFS share 2493 * checking is done in the open, delete, and rename paths using a CIFS 2494 * critical region (node->n_share_lock). 2495 */ 2496 2497 uint32_t 2498 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid, 2499 uint32_t desired_access, uint32_t share_access) 2500 { 2501 int rc; 2502 2503 if (node->attr.sa_vattr.va_type == VDIR) 2504 return (NT_STATUS_SUCCESS); 2505 2506 /* Allow access if the request is just for meta data */ 2507 if ((desired_access & FILE_DATA_ALL) == 0) 2508 return (NT_STATUS_SUCCESS); 2509 2510 rc = smb_node_open_check(node, cr, desired_access, share_access); 2511 if (rc) 2512 return (NT_STATUS_SHARING_VIOLATION); 2513 2514 rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access, 2515 cr); 2516 if (rc) 2517 return (NT_STATUS_SHARING_VIOLATION); 2518 2519 return (NT_STATUS_SUCCESS); 2520 } 2521 2522 void 2523 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid) 2524 { 2525 if (node->attr.sa_vattr.va_type == VDIR) 2526 return; 2527 2528 (void) smb_vop_unshrlock(node->vp, uniq_fid, cr); 2529 } 2530 2531 /* 2532 * smb_fsop_frlock_callback 2533 * 2534 * smb wrapper function for fs_frlock 2535 * this should never happen, as we are not attempting 2536 * to set Mandatory Locks, cmd = F_SETLK_NBMAND 2537 * 2538 */ 2539 2540 static callb_cpr_t * 2541 /* ARGSUSED */ 2542 smb_fsop_frlock_callback(flk_cb_when_t when, void *error) 2543 { 2544 return (0); 2545 } 2546 2547 /* 2548 * smb_fs_frlock 2549 * 2550 * smb wrapper function for fs_frlock 2551 */ 2552 2553 int 2554 smb_fsop_frlock(smb_request_t *sr, smb_node_t *node, smb_lock_t *lock, 2555 boolean_t unlock) 2556 { 2557 vnode_t *vp; 2558 flock64_t bf; 2559 cred_t *cr; 2560 int cmd; 2561 flk_callback_t flk_cb; 2562 offset_t offset = 0; 2563 int flag; 2564 int error; 2565 int i; 2566 2567 flk_init_callback(&flk_cb, smb_fsop_frlock_callback, &error); 2568 cr = sr->user_cr; 2569 vp = node->vp; 2570 cmd = F_SETLK; 2571 2572 if (unlock == B_TRUE) { 2573 bf.l_type = F_UNLCK; 2574 flag = 0; 2575 } else if (lock->l_type == SMB_LOCK_TYPE_READONLY) { 2576 bf.l_type = F_RDLCK; 2577 flag = FREAD; 2578 } else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) { 2579 bf.l_type = F_WRLCK; 2580 flag = FWRITE; 2581 } 2582 2583 bf.l_start = lock->l_start; 2584 bf.l_len = lock->l_length; 2585 bf.l_whence = 0; /* SEEK_SET */ 2586 bf.l_pid = lock->l_pid; 2587 bf.l_sysid = 0; 2588 2589 for (i = 0; i < 4; i++) 2590 bf.l_pad[i] = 0; 2591 2592 error = fs_frlock(vp, cmd, &bf, flag, offset, &flk_cb, cr, &smb_ct); 2593 return (error); 2594 } 2595