1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/sid.h> 27 #include <sys/nbmlock.h> 28 #include <smbsrv/smb_fsops.h> 29 #include <smbsrv/smb_kproto.h> 30 #include <smbsrv/ntstatus.h> 31 #include <smbsrv/ntaccess.h> 32 #include <smbsrv/smb_incl.h> 33 #include <acl/acl_common.h> 34 #include <sys/fcntl.h> 35 #include <sys/flock.h> 36 #include <fs/fs_subr.h> 37 38 extern caller_context_t smb_ct; 39 40 extern int smb_fem_oplock_install(smb_node_t *); 41 extern void smb_fem_oplock_uninstall(smb_node_t *); 42 43 extern int smb_vop_other_opens(vnode_t *, int); 44 45 static int smb_fsop_create_stream(smb_request_t *, cred_t *, smb_node_t *, 46 char *, char *, int, smb_attr_t *, smb_node_t **, smb_attr_t *); 47 48 static int smb_fsop_create_file(smb_request_t *, cred_t *, smb_node_t *, 49 char *, int, smb_attr_t *, smb_node_t **, smb_attr_t *); 50 51 static int smb_fsop_create_with_sd(smb_request_t *, cred_t *, smb_node_t *, 52 char *, smb_attr_t *, smb_node_t **, smb_attr_t *, smb_fssd_t *); 53 54 static int smb_fsop_sdinherit(smb_request_t *, smb_node_t *, smb_fssd_t *); 55 56 /* 57 * The smb_fsop_* functions have knowledge of CIFS semantics. 58 * 59 * The smb_vop_* functions have minimal knowledge of CIFS semantics and 60 * serve as an interface to the VFS layer. 61 * 62 * Hence, smb_request_t and smb_node_t structures should not be passed 63 * from the smb_fsop_* layer to the smb_vop_* layer. 64 * 65 * In general, CIFS service code should only ever call smb_fsop_* 66 * functions directly, and never smb_vop_* functions directly. 67 * 68 * smb_fsop_* functions should call smb_vop_* functions where possible, instead 69 * of their smb_fsop_* counterparts. However, there are times when 70 * this cannot be avoided. 71 */ 72 73 /* 74 * Note: Stream names cannot be mangled. 75 */ 76 77 /* 78 * smb_fsop_amask_to_omode 79 * 80 * Convert the access mask to the open mode (for use 81 * with the VOP_OPEN call). 82 * 83 * Note that opening a file for attribute only access 84 * will also translate into an FREAD or FWRITE open mode 85 * (i.e., it's not just for data). 86 * 87 * This is needed so that opens are tracked appropriately 88 * for oplock processing. 89 */ 90 91 int 92 smb_fsop_amask_to_omode(uint32_t access) 93 { 94 int mode = 0; 95 96 if (access & (FILE_READ_DATA | FILE_EXECUTE | 97 FILE_READ_ATTRIBUTES | FILE_READ_EA)) 98 mode |= FREAD; 99 100 if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA | 101 FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)) 102 mode |= FWRITE; 103 104 if (access & FILE_APPEND_DATA) 105 mode |= FAPPEND; 106 107 return (mode); 108 } 109 110 int 111 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred) 112 { 113 /* 114 * Assuming that the same vnode is returned as we had before. 115 * (I.e., with certain types of files or file systems, a 116 * different vnode might be returned by VOP_OPEN) 117 */ 118 return (smb_vop_open(&node->vp, mode, cred)); 119 } 120 121 void 122 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred) 123 { 124 smb_vop_close(node->vp, mode, cred); 125 } 126 127 int 128 smb_fsop_oplock_install(smb_node_t *node, int mode) 129 { 130 int rc; 131 132 if (smb_vop_other_opens(node->vp, mode)) 133 return (EMFILE); 134 135 if ((rc = smb_fem_oplock_install(node))) 136 return (rc); 137 138 if (smb_vop_other_opens(node->vp, mode)) { 139 (void) smb_fem_oplock_uninstall(node); 140 return (EMFILE); 141 } 142 143 return (0); 144 } 145 146 void 147 smb_fsop_oplock_uninstall(smb_node_t *node) 148 { 149 smb_fem_oplock_uninstall(node); 150 } 151 152 static int 153 smb_fsop_create_with_sd(smb_request_t *sr, cred_t *cr, 154 smb_node_t *dnode, char *name, 155 smb_attr_t *attr, smb_node_t **ret_snode, smb_attr_t *ret_attr, 156 smb_fssd_t *fs_sd) 157 { 158 vsecattr_t *vsap; 159 vsecattr_t vsecattr; 160 acl_t *acl, *dacl, *sacl; 161 smb_attr_t set_attr; 162 vnode_t *vp; 163 int aclbsize = 0; /* size of acl list in bytes */ 164 int flags = 0; 165 int rc; 166 boolean_t is_dir; 167 168 ASSERT(fs_sd); 169 170 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 171 flags = SMB_IGNORE_CASE; 172 if (SMB_TREE_SUPPORTS_CATIA(sr)) 173 flags |= SMB_CATIA; 174 175 ASSERT(cr); 176 177 is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0); 178 179 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) { 180 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 181 dacl = fs_sd->sd_zdacl; 182 sacl = fs_sd->sd_zsacl; 183 ASSERT(dacl || sacl); 184 if (dacl && sacl) { 185 acl = smb_fsacl_merge(dacl, sacl); 186 } else if (dacl) { 187 acl = dacl; 188 } else { 189 acl = sacl; 190 } 191 192 rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize); 193 194 if (dacl && sacl) 195 acl_free(acl); 196 197 if (rc != 0) 198 return (rc); 199 200 vsap = &vsecattr; 201 } else { 202 vsap = NULL; 203 } 204 205 /* The tree ACEs may prevent a create */ 206 rc = EACCES; 207 if (is_dir) { 208 if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_SUBDIRECTORY) != 0) 209 rc = smb_vop_mkdir(dnode->vp, name, attr, 210 &vp, flags, cr, vsap); 211 } else { 212 if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_FILE) != 0) 213 rc = smb_vop_create(dnode->vp, name, attr, 214 &vp, flags, cr, vsap); 215 } 216 217 if (vsap != NULL) 218 kmem_free(vsap->vsa_aclentp, aclbsize); 219 220 if (rc != 0) 221 return (rc); 222 223 set_attr.sa_mask = 0; 224 225 /* 226 * Ideally we should be able to specify the owner and owning 227 * group at create time along with the ACL. Since we cannot 228 * do that right now, kcred is passed to smb_vop_setattr so it 229 * doesn't fail due to lack of permission. 230 */ 231 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 232 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 233 set_attr.sa_mask |= SMB_AT_UID; 234 } 235 236 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 237 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 238 set_attr.sa_mask |= SMB_AT_GID; 239 } 240 241 if (set_attr.sa_mask) 242 rc = smb_vop_setattr(vp, NULL, &set_attr, 0, kcred); 243 244 if (rc == 0) { 245 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, 246 name, dnode, NULL, ret_attr); 247 248 if (*ret_snode == NULL) 249 rc = ENOMEM; 250 251 VN_RELE(vp); 252 } 253 } else { 254 /* 255 * For filesystems that don't support ACL-on-create, try 256 * to set the specified SD after create, which could actually 257 * fail because of conflicts between inherited security 258 * attributes upon creation and the specified SD. 259 * 260 * Passing kcred to smb_fsop_sdwrite() to overcome this issue. 261 */ 262 263 if (is_dir) { 264 rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, 265 flags, cr, NULL); 266 } else { 267 rc = smb_vop_create(dnode->vp, name, attr, &vp, 268 flags, cr, NULL); 269 } 270 271 if (rc != 0) 272 return (rc); 273 274 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, 275 name, dnode, NULL, ret_attr); 276 277 if (*ret_snode != NULL) { 278 if (!smb_tree_has_feature(sr->tid_tree, 279 SMB_TREE_NFS_MOUNTED)) 280 rc = smb_fsop_sdwrite(sr, kcred, *ret_snode, 281 fs_sd, 1); 282 } else { 283 rc = ENOMEM; 284 } 285 286 VN_RELE(vp); 287 } 288 289 if (rc != 0) { 290 if (is_dir) 291 (void) smb_vop_rmdir(dnode->vp, name, flags, cr); 292 else 293 (void) smb_vop_remove(dnode->vp, name, flags, cr); 294 } 295 296 return (rc); 297 } 298 299 /* 300 * smb_fsop_create 301 * 302 * All SMB functions should use this wrapper to ensure that 303 * all the smb_vop_creates are performed with the appropriate credentials. 304 * Please document any direct calls to explain the reason for avoiding 305 * this wrapper. 306 * 307 * *ret_snode is returned with a reference upon success. No reference is 308 * taken if an error is returned. 309 */ 310 int 311 smb_fsop_create(smb_request_t *sr, cred_t *cr, 312 smb_node_t *dnode, char *name, 313 smb_attr_t *attr, smb_node_t **ret_snode, smb_attr_t *ret_attr) 314 { 315 int rc = 0; 316 int flags = 0; 317 char *fname, *sname; 318 char *longname = NULL; 319 320 ASSERT(cr); 321 ASSERT(dnode); 322 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 323 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 324 325 ASSERT(ret_snode); 326 *ret_snode = 0; 327 328 ASSERT(name); 329 if (*name == 0) 330 return (EINVAL); 331 332 ASSERT(sr); 333 ASSERT(sr->tid_tree); 334 335 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 336 return (EACCES); 337 338 if (SMB_TREE_IS_READONLY(sr)) 339 return (EROFS); 340 341 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 342 flags = SMB_IGNORE_CASE; 343 if (SMB_TREE_SUPPORTS_CATIA(sr)) 344 flags |= SMB_CATIA; 345 346 if (smb_is_stream_name(name)) { 347 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 348 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 349 smb_stream_parse_name(name, fname, sname); 350 351 rc = smb_fsop_create_stream(sr, cr, dnode, 352 fname, sname, flags, attr, ret_snode, ret_attr); 353 354 kmem_free(fname, MAXNAMELEN); 355 kmem_free(sname, MAXNAMELEN); 356 return (rc); 357 } 358 359 /* Not a named stream */ 360 361 if (smb_maybe_mangled_name(name)) { 362 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 363 rc = smb_unmangle_name(dnode, name, longname, MAXNAMELEN); 364 kmem_free(longname, MAXNAMELEN); 365 366 if (rc == 0) 367 rc = EEXIST; 368 if (rc != ENOENT) 369 return (rc); 370 } 371 372 rc = smb_fsop_create_file(sr, cr, dnode, name, flags, 373 attr, ret_snode, ret_attr); 374 return (rc); 375 376 } 377 378 379 /* 380 * smb_fsop_create_stream 381 * 382 * Create NTFS named stream file (sname) on unnamed stream 383 * file (fname), creating the unnamed stream file if it 384 * doesn't exist. 385 * If we created the unnamed stream file and then creation 386 * of the named stream file fails, we delete the unnamed stream. 387 * Since we use the real file name for the smb_vop_remove we 388 * clear the SMB_IGNORE_CASE flag to ensure a case sensitive 389 * match. 390 * 391 * The second parameter of smb_vop_setattr() is set to 392 * NULL, even though an unnamed stream exists. This is 393 * because we want to set the UID and GID on the named 394 * stream in this case for consistency with the (unnamed 395 * stream) file (see comments for smb_vop_setattr()). 396 */ 397 static int 398 smb_fsop_create_stream(smb_request_t *sr, cred_t *cr, 399 smb_node_t *dnode, char *fname, char *sname, int flags, 400 smb_attr_t *attr, smb_node_t **ret_snode, smb_attr_t *ret_attr) 401 { 402 smb_node_t *fnode; 403 smb_attr_t fattr; 404 vnode_t *xattrdvp; 405 vnode_t *vp; 406 int rc = 0; 407 boolean_t fcreate = B_FALSE; 408 409 /* Look up / create the unnamed stream, fname */ 410 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 411 sr->tid_tree->t_snode, dnode, fname, 412 &fnode, &fattr); 413 if (rc == ENOENT) { 414 fcreate = B_TRUE; 415 rc = smb_fsop_create_file(sr, cr, dnode, fname, flags, 416 attr, &fnode, &fattr); 417 } 418 if (rc != 0) 419 return (rc); 420 421 /* create the named stream, sname */ 422 rc = smb_vop_stream_create(fnode->vp, sname, attr, &vp, 423 &xattrdvp, flags, cr); 424 if (rc != 0) { 425 if (fcreate) { 426 flags &= ~SMB_IGNORE_CASE; 427 (void) smb_vop_remove(dnode->vp, 428 fnode->od_name, flags, cr); 429 } 430 smb_node_release(fnode); 431 return (rc); 432 } 433 434 attr->sa_vattr.va_uid = fattr.sa_vattr.va_uid; 435 attr->sa_vattr.va_gid = fattr.sa_vattr.va_gid; 436 attr->sa_mask = SMB_AT_UID | SMB_AT_GID; 437 438 rc = smb_vop_setattr(vp, NULL, attr, 0, kcred); 439 if (rc != 0) { 440 smb_node_release(fnode); 441 return (rc); 442 } 443 444 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdvp, 445 vp, sname, ret_attr); 446 447 smb_node_release(fnode); 448 VN_RELE(xattrdvp); 449 VN_RELE(vp); 450 451 if (*ret_snode == NULL) 452 rc = ENOMEM; 453 454 return (rc); 455 } 456 457 /* 458 * smb_fsop_create_file 459 */ 460 static int 461 smb_fsop_create_file(smb_request_t *sr, cred_t *cr, 462 smb_node_t *dnode, char *name, int flags, 463 smb_attr_t *attr, smb_node_t **ret_snode, smb_attr_t *ret_attr) 464 { 465 open_param_t *op = &sr->arg.open; 466 vnode_t *vp; 467 smb_fssd_t fs_sd; 468 uint32_t secinfo; 469 uint32_t status; 470 int rc = 0; 471 472 if (op->sd) { 473 /* 474 * SD sent by client in Windows format. Needs to be 475 * converted to FS format. No inheritance. 476 */ 477 secinfo = smb_sd_get_secinfo(op->sd); 478 smb_fssd_init(&fs_sd, secinfo, 0); 479 480 status = smb_sd_tofs(op->sd, &fs_sd); 481 if (status == NT_STATUS_SUCCESS) { 482 rc = smb_fsop_create_with_sd(sr, cr, dnode, 483 name, attr, ret_snode, ret_attr, &fs_sd); 484 } else { 485 rc = EINVAL; 486 } 487 smb_fssd_term(&fs_sd); 488 } else if (sr->tid_tree->t_acltype == ACE_T) { 489 /* 490 * No incoming SD and filesystem is ZFS 491 * Server applies Windows inheritance rules, 492 * see smb_fsop_sdinherit() comments as to why. 493 */ 494 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0); 495 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd); 496 if (rc == 0) { 497 rc = smb_fsop_create_with_sd(sr, cr, dnode, 498 name, attr, ret_snode, ret_attr, &fs_sd); 499 } 500 501 smb_fssd_term(&fs_sd); 502 } else { 503 /* 504 * No incoming SD and filesystem is not ZFS 505 * let the filesystem handles the inheritance. 506 */ 507 rc = smb_vop_create(dnode->vp, name, attr, &vp, 508 flags, cr, NULL); 509 510 if (rc == 0) { 511 *ret_snode = smb_node_lookup(sr, op, cr, vp, 512 name, dnode, NULL, ret_attr); 513 514 if (*ret_snode == NULL) 515 rc = ENOMEM; 516 517 VN_RELE(vp); 518 } 519 520 } 521 return (rc); 522 } 523 524 /* 525 * smb_fsop_mkdir 526 * 527 * All SMB functions should use this wrapper to ensure that 528 * the the calls are performed with the appropriate credentials. 529 * Please document any direct call to explain the reason 530 * for avoiding this wrapper. 531 * 532 * It is assumed that a reference exists on snode coming into this routine. 533 * 534 * *ret_snode is returned with a reference upon success. No reference is 535 * taken if an error is returned. 536 */ 537 int 538 smb_fsop_mkdir( 539 smb_request_t *sr, 540 cred_t *cr, 541 smb_node_t *dnode, 542 char *name, 543 smb_attr_t *attr, 544 smb_node_t **ret_snode, 545 smb_attr_t *ret_attr) 546 { 547 struct open_param *op = &sr->arg.open; 548 char *longname; 549 vnode_t *vp; 550 int flags = 0; 551 smb_fssd_t fs_sd; 552 uint32_t secinfo; 553 uint32_t status; 554 int rc; 555 ASSERT(cr); 556 ASSERT(dnode); 557 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 558 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 559 560 ASSERT(ret_snode); 561 *ret_snode = 0; 562 563 ASSERT(name); 564 if (*name == 0) 565 return (EINVAL); 566 567 ASSERT(sr); 568 ASSERT(sr->tid_tree); 569 570 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 571 return (EACCES); 572 573 if (SMB_TREE_IS_READONLY(sr)) 574 return (EROFS); 575 if (SMB_TREE_SUPPORTS_CATIA(sr)) 576 flags |= SMB_CATIA; 577 578 if (smb_maybe_mangled_name(name)) { 579 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 580 rc = smb_unmangle_name(dnode, name, longname, MAXNAMELEN); 581 kmem_free(longname, MAXNAMELEN); 582 583 /* 584 * If the name passed in by the client has an unmangled 585 * equivalent that is found in the specified directory, 586 * then the mkdir cannot succeed. Return EEXIST. 587 * 588 * Only if ENOENT is returned will a mkdir be attempted. 589 */ 590 591 if (rc == 0) 592 rc = EEXIST; 593 594 if (rc != ENOENT) 595 return (rc); 596 } 597 598 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 599 flags = SMB_IGNORE_CASE; 600 601 if (op->sd) { 602 /* 603 * SD sent by client in Windows format. Needs to be 604 * converted to FS format. No inheritance. 605 */ 606 secinfo = smb_sd_get_secinfo(op->sd); 607 smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR); 608 609 status = smb_sd_tofs(op->sd, &fs_sd); 610 if (status == NT_STATUS_SUCCESS) { 611 rc = smb_fsop_create_with_sd(sr, cr, dnode, 612 name, attr, ret_snode, ret_attr, &fs_sd); 613 } 614 else 615 rc = EINVAL; 616 smb_fssd_term(&fs_sd); 617 } else if (sr->tid_tree->t_acltype == ACE_T) { 618 /* 619 * No incoming SD and filesystem is ZFS 620 * Server applies Windows inheritance rules, 621 * see smb_fsop_sdinherit() comments as to why. 622 */ 623 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR); 624 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd); 625 if (rc == 0) { 626 rc = smb_fsop_create_with_sd(sr, cr, dnode, 627 name, attr, ret_snode, ret_attr, &fs_sd); 628 } 629 630 smb_fssd_term(&fs_sd); 631 632 } else { 633 rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, flags, cr, 634 NULL); 635 636 if (rc == 0) { 637 *ret_snode = smb_node_lookup(sr, op, cr, vp, name, 638 dnode, NULL, ret_attr); 639 640 if (*ret_snode == NULL) 641 rc = ENOMEM; 642 643 VN_RELE(vp); 644 } 645 } 646 647 return (rc); 648 } 649 650 /* 651 * smb_fsop_remove 652 * 653 * All SMB functions should use this wrapper to ensure that 654 * the the calls are performed with the appropriate credentials. 655 * Please document any direct call to explain the reason 656 * for avoiding this wrapper. 657 * 658 * It is assumed that a reference exists on snode coming into this routine. 659 * 660 * A null smb_request might be passed to this function. 661 */ 662 int 663 smb_fsop_remove( 664 smb_request_t *sr, 665 cred_t *cr, 666 smb_node_t *dnode, 667 char *name, 668 uint32_t flags) 669 { 670 smb_node_t *fnode; 671 smb_attr_t file_attr; 672 char *longname; 673 char *fname; 674 char *sname; 675 int rc; 676 677 ASSERT(cr); 678 /* 679 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 680 * function is called during the deletion of the node (because of 681 * DELETE_ON_CLOSE). 682 */ 683 ASSERT(dnode); 684 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 685 686 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 || 687 SMB_TREE_HAS_ACCESS(sr, ACE_DELETE) == 0) 688 return (EACCES); 689 690 if (SMB_TREE_IS_READONLY(sr)) 691 return (EROFS); 692 693 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 694 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 695 696 if (dnode->flags & NODE_XATTR_DIR) { 697 rc = smb_vop_stream_remove(dnode->dir_snode->vp, 698 name, flags, cr); 699 } else if (smb_is_stream_name(name)) { 700 smb_stream_parse_name(name, fname, sname); 701 702 /* 703 * Look up the unnamed stream (i.e. fname). 704 * Unmangle processing will be done on fname 705 * as well as any link target. 706 */ 707 708 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 709 sr->tid_tree->t_snode, dnode, fname, 710 &fnode, &file_attr); 711 712 if (rc != 0) { 713 kmem_free(fname, MAXNAMELEN); 714 kmem_free(sname, MAXNAMELEN); 715 return (rc); 716 } 717 718 /* 719 * XXX 720 * Need to find out what permission is required by NTFS 721 * to remove a stream. 722 */ 723 rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr); 724 725 smb_node_release(fnode); 726 } else { 727 rc = smb_vop_remove(dnode->vp, name, flags, cr); 728 729 if (rc == ENOENT) { 730 if (smb_maybe_mangled_name(name) == 0) { 731 kmem_free(fname, MAXNAMELEN); 732 kmem_free(sname, MAXNAMELEN); 733 return (rc); 734 } 735 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 736 737 rc = smb_unmangle_name(dnode, name, 738 longname, MAXNAMELEN); 739 740 if (rc == 0) { 741 /* 742 * longname is the real (case-sensitive) 743 * on-disk name. 744 * We make sure we do a remove on this exact 745 * name, as the name was mangled and denotes 746 * a unique file. 747 */ 748 flags &= ~SMB_IGNORE_CASE; 749 rc = smb_vop_remove(dnode->vp, longname, 750 flags, cr); 751 } 752 753 kmem_free(longname, MAXNAMELEN); 754 } 755 } 756 757 kmem_free(fname, MAXNAMELEN); 758 kmem_free(sname, MAXNAMELEN); 759 return (rc); 760 } 761 762 /* 763 * smb_fsop_remove_streams 764 * 765 * This function removes a file's streams without removing the 766 * file itself. 767 * 768 * It is assumed that fnode is not a link. 769 */ 770 int 771 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode) 772 { 773 int rc, flags = 0; 774 uint16_t odid; 775 smb_odir_t *od; 776 smb_odirent_t *odirent; 777 boolean_t eos; 778 779 ASSERT(sr); 780 ASSERT(cr); 781 ASSERT(fnode); 782 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 783 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 784 785 if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0) { 786 smbsr_errno(sr, EACCES); 787 return (-1); 788 } 789 790 if (SMB_TREE_IS_READONLY(sr)) { 791 smbsr_errno(sr, EROFS); 792 return (-1); 793 } 794 795 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 796 flags = SMB_IGNORE_CASE; 797 798 if (SMB_TREE_SUPPORTS_CATIA(sr)) 799 flags |= SMB_CATIA; 800 801 if ((odid = smb_odir_openat(sr, fnode)) == 0) { 802 smbsr_errno(sr, ENOENT); 803 return (-1); 804 } 805 806 if ((od = smb_tree_lookup_odir(sr->tid_tree, odid)) == NULL) { 807 smbsr_errno(sr, ENOENT); 808 return (-1); 809 } 810 811 odirent = kmem_alloc(sizeof (smb_odirent_t), KM_SLEEP); 812 for (;;) { 813 rc = smb_odir_read(sr, od, odirent, &eos); 814 if ((rc != 0) || (eos)) 815 break; 816 (void) smb_vop_remove(od->d_dnode->vp, odirent->od_name, 817 flags, cr); 818 } 819 kmem_free(odirent, sizeof (smb_odirent_t)); 820 821 smb_odir_close(od); 822 smb_odir_release(od); 823 return (rc); 824 } 825 826 /* 827 * smb_fsop_rmdir 828 * 829 * All SMB functions should use this wrapper to ensure that 830 * the the calls are performed with the appropriate credentials. 831 * Please document any direct call to explain the reason 832 * for avoiding this wrapper. 833 * 834 * It is assumed that a reference exists on snode coming into this routine. 835 */ 836 int 837 smb_fsop_rmdir( 838 smb_request_t *sr, 839 cred_t *cr, 840 smb_node_t *dnode, 841 char *name, 842 uint32_t flags) 843 { 844 int rc; 845 char *longname; 846 847 ASSERT(cr); 848 /* 849 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 850 * function is called during the deletion of the node (because of 851 * DELETE_ON_CLOSE). 852 */ 853 ASSERT(dnode); 854 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 855 856 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 || 857 SMB_TREE_HAS_ACCESS(sr, ACE_DELETE_CHILD) == 0) 858 return (EACCES); 859 860 if (SMB_TREE_IS_READONLY(sr)) 861 return (EROFS); 862 863 rc = smb_vop_rmdir(dnode->vp, name, flags, cr); 864 865 if (rc == ENOENT) { 866 if (smb_maybe_mangled_name(name) == 0) 867 return (rc); 868 869 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 870 rc = smb_unmangle_name(dnode, name, longname, MAXNAMELEN); 871 872 if (rc == 0) { 873 /* 874 * longname is the real (case-sensitive) 875 * on-disk name. 876 * We make sure we do a rmdir on this exact 877 * name, as the name was mangled and denotes 878 * a unique directory. 879 */ 880 flags &= ~SMB_IGNORE_CASE; 881 rc = smb_vop_rmdir(dnode->vp, longname, flags, cr); 882 } 883 884 kmem_free(longname, MAXNAMELEN); 885 } 886 887 return (rc); 888 } 889 890 /* 891 * smb_fsop_getattr 892 * 893 * All SMB functions should use this wrapper to ensure that 894 * the the calls are performed with the appropriate credentials. 895 * Please document any direct call to explain the reason 896 * for avoiding this wrapper. 897 * 898 * It is assumed that a reference exists on snode coming into this routine. 899 */ 900 int 901 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 902 smb_attr_t *attr) 903 { 904 smb_node_t *unnamed_node; 905 vnode_t *unnamed_vp = NULL; 906 uint32_t status; 907 uint32_t access = 0; 908 int flags = 0; 909 int rc; 910 911 ASSERT(cr); 912 ASSERT(snode); 913 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 914 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 915 916 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0 || 917 SMB_TREE_HAS_ACCESS(sr, ACE_READ_ATTRIBUTES) == 0) 918 return (EACCES); 919 920 if (sr->fid_ofile) { 921 /* if uid and/or gid is requested */ 922 if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 923 access |= READ_CONTROL; 924 925 /* if anything else is also requested */ 926 if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 927 access |= FILE_READ_ATTRIBUTES; 928 929 status = smb_ofile_access(sr->fid_ofile, cr, access); 930 if (status != NT_STATUS_SUCCESS) 931 return (EACCES); 932 933 if (smb_tree_has_feature(sr->tid_tree, 934 SMB_TREE_ACEMASKONACCESS)) 935 flags = ATTR_NOACLCHECK; 936 } 937 938 unnamed_node = SMB_IS_STREAM(snode); 939 940 if (unnamed_node) { 941 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 942 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 943 unnamed_vp = unnamed_node->vp; 944 } 945 946 rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr); 947 if (rc == 0) 948 snode->attr = *attr; 949 950 return (rc); 951 } 952 953 /* 954 * smb_fsop_link 955 * 956 * All SMB functions should use this smb_vop_link wrapper to ensure that 957 * the smb_vop_link is performed with the appropriate credentials. 958 * Please document any direct call to smb_vop_link to explain the reason 959 * for avoiding this wrapper. 960 * 961 * It is assumed that references exist on from_dnode and to_dnode coming 962 * into this routine. 963 */ 964 int 965 smb_fsop_link(smb_request_t *sr, cred_t *cr, smb_node_t *to_dnode, 966 smb_node_t *from_fnode, char *to_name) 967 { 968 char *longname = NULL; 969 int flags = 0; 970 int rc; 971 972 ASSERT(sr); 973 ASSERT(sr->tid_tree); 974 ASSERT(cr); 975 ASSERT(to_dnode); 976 ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC); 977 ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING); 978 ASSERT(from_fnode); 979 ASSERT(from_fnode->n_magic == SMB_NODE_MAGIC); 980 ASSERT(from_fnode->n_state != SMB_NODE_STATE_DESTROYING); 981 982 if (SMB_TREE_CONTAINS_NODE(sr, from_fnode) == 0) 983 return (EACCES); 984 985 if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0) 986 return (EACCES); 987 988 if (SMB_TREE_IS_READONLY(sr)) 989 return (EROFS); 990 991 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 992 flags = SMB_IGNORE_CASE; 993 if (SMB_TREE_SUPPORTS_CATIA(sr)) 994 flags |= SMB_CATIA; 995 996 if (smb_maybe_mangled_name(to_name)) { 997 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 998 rc = smb_unmangle_name(to_dnode, to_name, longname, MAXNAMELEN); 999 kmem_free(longname, MAXNAMELEN); 1000 1001 if (rc == 0) 1002 rc = EEXIST; 1003 if (rc != ENOENT) 1004 return (rc); 1005 } 1006 1007 rc = smb_vop_link(to_dnode->vp, from_fnode->vp, to_name, flags, cr); 1008 return (rc); 1009 } 1010 1011 /* 1012 * smb_fsop_rename 1013 * 1014 * All SMB functions should use this smb_vop_rename wrapper to ensure that 1015 * the smb_vop_rename is performed with the appropriate credentials. 1016 * Please document any direct call to smb_vop_rename to explain the reason 1017 * for avoiding this wrapper. 1018 * 1019 * It is assumed that references exist on from_dnode and to_dnode coming 1020 * into this routine. 1021 */ 1022 int 1023 smb_fsop_rename( 1024 smb_request_t *sr, 1025 cred_t *cr, 1026 smb_node_t *from_dnode, 1027 char *from_name, 1028 smb_node_t *to_dnode, 1029 char *to_name) 1030 { 1031 smb_node_t *from_snode; 1032 smb_attr_t tmp_attr; 1033 vnode_t *from_vp; 1034 int flags = 0, ret_flags; 1035 int rc; 1036 boolean_t isdir; 1037 1038 ASSERT(cr); 1039 ASSERT(from_dnode); 1040 ASSERT(from_dnode->n_magic == SMB_NODE_MAGIC); 1041 ASSERT(from_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1042 1043 ASSERT(to_dnode); 1044 ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC); 1045 ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1046 1047 if (SMB_TREE_CONTAINS_NODE(sr, from_dnode) == 0) 1048 return (EACCES); 1049 1050 if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0) 1051 return (EACCES); 1052 1053 ASSERT(sr); 1054 ASSERT(sr->tid_tree); 1055 if (SMB_TREE_IS_READONLY(sr)) 1056 return (EROFS); 1057 1058 /* 1059 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE 1060 * here. 1061 * 1062 * A case-sensitive rename is always done in this routine 1063 * because we are using the on-disk name from an earlier lookup. 1064 * If a mangled name was passed in by the caller (denoting a 1065 * deterministic lookup), then the exact file must be renamed 1066 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or 1067 * else the underlying file system might return a "first-match" 1068 * on this on-disk name, possibly resulting in the wrong file). 1069 */ 1070 1071 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1072 flags |= SMB_CATIA; 1073 1074 /* 1075 * XXX: Lock required through smb_node_release() below? 1076 */ 1077 1078 rc = smb_vop_lookup(from_dnode->vp, from_name, &from_vp, NULL, 1079 flags, &ret_flags, NULL, cr); 1080 1081 if (rc != 0) 1082 return (rc); 1083 1084 isdir = from_vp->v_type == VDIR; 1085 1086 if ((isdir && SMB_TREE_HAS_ACCESS(sr, 1087 ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY) != 1088 (ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY)) || 1089 (!isdir && SMB_TREE_HAS_ACCESS(sr, ACE_DELETE | ACE_ADD_FILE) != 1090 (ACE_DELETE | ACE_ADD_FILE))) 1091 return (EACCES); 1092 1093 rc = smb_vop_rename(from_dnode->vp, from_name, to_dnode->vp, 1094 to_name, flags, cr); 1095 1096 if (rc == 0) { 1097 from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name, 1098 from_dnode, NULL, &tmp_attr); 1099 1100 if (from_snode == NULL) { 1101 rc = ENOMEM; 1102 } else { 1103 smb_node_rename(from_dnode, from_snode, 1104 to_dnode, to_name); 1105 smb_node_release(from_snode); 1106 } 1107 } 1108 VN_RELE(from_vp); 1109 1110 /* XXX: unlock */ 1111 1112 return (rc); 1113 } 1114 1115 /* 1116 * smb_fsop_setattr 1117 * 1118 * All SMB functions should use this wrapper to ensure that 1119 * the the calls are performed with the appropriate credentials. 1120 * Please document any direct call to explain the reason 1121 * for avoiding this wrapper. 1122 * 1123 * It is assumed that a reference exists on snode coming into this routine. 1124 * A null smb_request might be passed to this function. 1125 */ 1126 int 1127 smb_fsop_setattr( 1128 smb_request_t *sr, 1129 cred_t *cr, 1130 smb_node_t *snode, 1131 smb_attr_t *set_attr, 1132 smb_attr_t *ret_attr) 1133 { 1134 smb_node_t *unnamed_node; 1135 vnode_t *unnamed_vp = NULL; 1136 uint32_t status; 1137 uint32_t access; 1138 int rc = 0; 1139 int flags = 0; 1140 uint_t sa_mask; 1141 1142 ASSERT(cr); 1143 ASSERT(snode); 1144 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1145 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1146 1147 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0) 1148 return (EACCES); 1149 1150 if (SMB_TREE_IS_READONLY(sr)) 1151 return (EROFS); 1152 1153 if (SMB_TREE_HAS_ACCESS(sr, 1154 ACE_WRITE_ATTRIBUTES | ACE_WRITE_NAMED_ATTRS) == 0) 1155 return (EACCES); 1156 1157 if (sr && (set_attr->sa_mask & SMB_AT_SIZE)) { 1158 if (sr->fid_ofile) { 1159 if (SMB_OFILE_IS_READONLY(sr->fid_ofile)) 1160 return (EACCES); 1161 } else { 1162 if (SMB_PATHFILE_IS_READONLY(sr, snode)) 1163 return (EACCES); 1164 } 1165 } 1166 1167 /* sr could be NULL in some cases */ 1168 if (sr && sr->fid_ofile) { 1169 sa_mask = set_attr->sa_mask; 1170 access = 0; 1171 1172 if (sa_mask & SMB_AT_SIZE) { 1173 access |= FILE_WRITE_DATA; 1174 sa_mask &= ~SMB_AT_SIZE; 1175 } 1176 1177 if (sa_mask & (SMB_AT_UID|SMB_AT_GID)) { 1178 access |= WRITE_OWNER; 1179 sa_mask &= ~(SMB_AT_UID|SMB_AT_GID); 1180 } 1181 1182 if (sa_mask) 1183 access |= FILE_WRITE_ATTRIBUTES; 1184 1185 status = smb_ofile_access(sr->fid_ofile, cr, access); 1186 if (status != NT_STATUS_SUCCESS) 1187 return (EACCES); 1188 1189 if (smb_tree_has_feature(sr->tid_tree, 1190 SMB_TREE_ACEMASKONACCESS)) 1191 flags = ATTR_NOACLCHECK; 1192 } 1193 1194 unnamed_node = SMB_IS_STREAM(snode); 1195 1196 if (unnamed_node) { 1197 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1198 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1199 unnamed_vp = unnamed_node->vp; 1200 } 1201 1202 rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr); 1203 1204 if ((rc == 0) && ret_attr) { 1205 /* 1206 * Use kcred to update the node attr because this 1207 * call is not being made on behalf of the user. 1208 */ 1209 ret_attr->sa_mask = SMB_AT_ALL; 1210 rc = smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, flags, 1211 kcred); 1212 if (rc == 0) 1213 snode->attr = *ret_attr; 1214 } 1215 1216 return (rc); 1217 } 1218 1219 /* 1220 * smb_fsop_read 1221 * 1222 * All SMB functions should use this wrapper to ensure that 1223 * the the calls are performed with the appropriate credentials. 1224 * Please document any direct call to explain the reason 1225 * for avoiding this wrapper. 1226 * 1227 * It is assumed that a reference exists on snode coming into this routine. 1228 */ 1229 int 1230 smb_fsop_read( 1231 struct smb_request *sr, 1232 cred_t *cr, 1233 smb_node_t *snode, 1234 uio_t *uio, 1235 smb_attr_t *ret_attr) 1236 { 1237 smb_node_t *unnamed_node; 1238 vnode_t *unnamed_vp = NULL; 1239 caller_context_t ct; 1240 int svmand; 1241 int rc; 1242 1243 ASSERT(cr); 1244 ASSERT(snode); 1245 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1246 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1247 1248 ASSERT(sr); 1249 ASSERT(sr->fid_ofile); 1250 1251 if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_DATA) == 0) 1252 return (EACCES); 1253 1254 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA); 1255 if (rc != NT_STATUS_SUCCESS) { 1256 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE); 1257 if (rc != NT_STATUS_SUCCESS) 1258 return (EACCES); 1259 } 1260 1261 unnamed_node = SMB_IS_STREAM(snode); 1262 if (unnamed_node) { 1263 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1264 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1265 unnamed_vp = unnamed_node->vp; 1266 /* 1267 * Streams permission are checked against the unnamed stream, 1268 * but in FS level they have their own permissions. To avoid 1269 * rejection by FS due to lack of permission on the actual 1270 * extended attr kcred is passed for streams. 1271 */ 1272 cr = kcred; 1273 } 1274 1275 smb_node_start_crit(snode, RW_READER); 1276 rc = nbl_svmand(snode->vp, kcred, &svmand); 1277 if (rc) { 1278 smb_node_end_crit(snode); 1279 return (rc); 1280 } 1281 1282 ct = smb_ct; 1283 ct.cc_pid = sr->fid_ofile->f_uniqid; 1284 rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset, 1285 uio->uio_iov->iov_len, svmand, &ct); 1286 1287 if (rc) { 1288 smb_node_end_crit(snode); 1289 return (ERANGE); 1290 } 1291 rc = smb_vop_read(snode->vp, uio, cr); 1292 1293 if (rc == 0 && ret_attr) { 1294 /* 1295 * Use kcred to update the node attr because this 1296 * call is not being made on behalf of the user. 1297 */ 1298 ret_attr->sa_mask = SMB_AT_ALL; 1299 if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1300 kcred) == 0) { 1301 snode->attr = *ret_attr; 1302 } 1303 } 1304 1305 smb_node_end_crit(snode); 1306 1307 return (rc); 1308 } 1309 1310 /* 1311 * smb_fsop_write 1312 * 1313 * This is a wrapper function used for smb_write and smb_write_raw operations. 1314 * 1315 * It is assumed that a reference exists on snode coming into this routine. 1316 */ 1317 int 1318 smb_fsop_write( 1319 smb_request_t *sr, 1320 cred_t *cr, 1321 smb_node_t *snode, 1322 uio_t *uio, 1323 uint32_t *lcount, 1324 smb_attr_t *ret_attr, 1325 int ioflag) 1326 { 1327 smb_node_t *unnamed_node; 1328 vnode_t *unnamed_vp = NULL; 1329 caller_context_t ct; 1330 int svmand; 1331 int rc; 1332 1333 ASSERT(cr); 1334 ASSERT(snode); 1335 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1336 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1337 1338 ASSERT(sr); 1339 ASSERT(sr->tid_tree); 1340 ASSERT(sr->fid_ofile); 1341 1342 if (SMB_TREE_IS_READONLY(sr)) 1343 return (EROFS); 1344 1345 if (SMB_OFILE_IS_READONLY(sr->fid_ofile) || 1346 SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_DATA | ACE_APPEND_DATA) == 0) 1347 return (EACCES); 1348 1349 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_WRITE_DATA); 1350 if (rc != NT_STATUS_SUCCESS) { 1351 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_APPEND_DATA); 1352 if (rc != NT_STATUS_SUCCESS) 1353 return (EACCES); 1354 } 1355 1356 unnamed_node = SMB_IS_STREAM(snode); 1357 1358 if (unnamed_node) { 1359 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1360 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1361 unnamed_vp = unnamed_node->vp; 1362 /* 1363 * Streams permission are checked against the unnamed stream, 1364 * but in FS level they have their own permissions. To avoid 1365 * rejection by FS due to lack of permission on the actual 1366 * extended attr kcred is passed for streams. 1367 */ 1368 cr = kcred; 1369 } 1370 1371 smb_node_start_crit(snode, RW_READER); 1372 rc = nbl_svmand(snode->vp, kcred, &svmand); 1373 if (rc) { 1374 smb_node_end_crit(snode); 1375 return (rc); 1376 } 1377 1378 ct = smb_ct; 1379 ct.cc_pid = sr->fid_ofile->f_uniqid; 1380 rc = nbl_lock_conflict(snode->vp, NBL_WRITE, uio->uio_loffset, 1381 uio->uio_iov->iov_len, svmand, &ct); 1382 1383 if (rc) { 1384 smb_node_end_crit(snode); 1385 return (ERANGE); 1386 } 1387 rc = smb_vop_write(snode->vp, uio, ioflag, lcount, cr); 1388 1389 if (rc == 0 && ret_attr) { 1390 /* 1391 * Use kcred to update the node attr because this 1392 * call is not being made on behalf of the user. 1393 */ 1394 ret_attr->sa_mask = SMB_AT_ALL; 1395 if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1396 kcred) == 0) { 1397 snode->attr = *ret_attr; 1398 } 1399 } 1400 1401 smb_node_end_crit(snode); 1402 1403 return (rc); 1404 } 1405 1406 /* 1407 * smb_fsop_statfs 1408 * 1409 * This is a wrapper function used for stat operations. 1410 */ 1411 int 1412 smb_fsop_statfs( 1413 cred_t *cr, 1414 smb_node_t *snode, 1415 struct statvfs64 *statp) 1416 { 1417 ASSERT(cr); 1418 ASSERT(snode); 1419 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1420 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1421 1422 return (smb_vop_statfs(snode->vp, statp, cr)); 1423 } 1424 1425 /* 1426 * smb_fsop_access 1427 * 1428 * Named streams do not have separate permissions from the associated 1429 * unnamed stream. Thus, if node is a named stream, the permissions 1430 * check will be performed on the associated unnamed stream. 1431 * 1432 * However, our named streams do have their own quarantine attribute, 1433 * separate from that on the unnamed stream. If READ or EXECUTE 1434 * access has been requested on a named stream, an additional access 1435 * check is performed on the named stream in case it has been 1436 * quarantined. kcred is used to avoid issues with the permissions 1437 * set on the extended attribute file representing the named stream. 1438 */ 1439 int 1440 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1441 uint32_t faccess) 1442 { 1443 int access = 0; 1444 int error; 1445 vnode_t *dir_vp; 1446 boolean_t acl_check = B_TRUE; 1447 smb_node_t *unnamed_node; 1448 1449 ASSERT(sr); 1450 ASSERT(cr); 1451 ASSERT(snode); 1452 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1453 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1454 1455 if (faccess == 0) 1456 return (NT_STATUS_SUCCESS); 1457 1458 if (SMB_TREE_IS_READONLY(sr)) { 1459 if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA| 1460 FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES| 1461 DELETE|WRITE_DAC|WRITE_OWNER)) { 1462 return (NT_STATUS_ACCESS_DENIED); 1463 } 1464 } 1465 1466 unnamed_node = SMB_IS_STREAM(snode); 1467 if (unnamed_node) { 1468 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1469 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1470 1471 /* 1472 * Perform VREAD access check on the named stream in case it 1473 * is quarantined. kcred is passed to smb_vop_access so it 1474 * doesn't fail due to lack of permission. 1475 */ 1476 if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) { 1477 error = smb_vop_access(snode->vp, VREAD, 1478 0, NULL, kcred); 1479 if (error) 1480 return (NT_STATUS_ACCESS_DENIED); 1481 } 1482 1483 /* 1484 * Streams authorization should be performed against the 1485 * unnamed stream. 1486 */ 1487 snode = unnamed_node; 1488 } 1489 1490 if (faccess & ACCESS_SYSTEM_SECURITY) { 1491 /* 1492 * This permission is required for reading/writing SACL and 1493 * it's not part of DACL. It's only granted via proper 1494 * privileges. 1495 */ 1496 if ((sr->uid_user->u_privileges & 1497 (SMB_USER_PRIV_BACKUP | 1498 SMB_USER_PRIV_RESTORE | 1499 SMB_USER_PRIV_SECURITY)) == 0) 1500 return (NT_STATUS_PRIVILEGE_NOT_HELD); 1501 1502 faccess &= ~ACCESS_SYSTEM_SECURITY; 1503 } 1504 1505 /* Links don't have ACL */ 1506 if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) || 1507 (snode->attr.sa_vattr.va_type == VLNK)) 1508 acl_check = B_FALSE; 1509 1510 /* 1511 * Use the most restrictive parts of both faccess and the 1512 * share access. An AND of the two value masks gives us that 1513 * since we've already converted to a mask of what we "can" 1514 * do. 1515 */ 1516 faccess &= sr->tid_tree->t_access; 1517 1518 if (acl_check) { 1519 dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 1520 error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp, 1521 cr); 1522 } else { 1523 /* 1524 * FS doesn't understand 32-bit mask, need to map 1525 */ 1526 if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA)) 1527 access |= VWRITE; 1528 1529 if (faccess & FILE_READ_DATA) 1530 access |= VREAD; 1531 1532 if (faccess & FILE_EXECUTE) 1533 access |= VEXEC; 1534 1535 error = smb_vop_access(snode->vp, access, 0, NULL, cr); 1536 } 1537 1538 return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS); 1539 } 1540 1541 /* 1542 * smb_fsop_lookup_name() 1543 * 1544 * If name indicates that the file is a stream file, perform 1545 * stream specific lookup, otherwise call smb_fsop_lookup. 1546 * 1547 * Return an error if the looked-up file is in outside the tree. 1548 * (Required when invoked from open path.) 1549 */ 1550 1551 int 1552 smb_fsop_lookup_name( 1553 smb_request_t *sr, 1554 cred_t *cr, 1555 int flags, 1556 smb_node_t *root_node, 1557 smb_node_t *dnode, 1558 char *name, 1559 smb_node_t **ret_snode, 1560 smb_attr_t *ret_attr) 1561 { 1562 smb_node_t *fnode; 1563 smb_attr_t file_attr; 1564 vnode_t *xattrdirvp; 1565 vnode_t *vp; 1566 char *od_name; 1567 char *fname; 1568 char *sname; 1569 int rc; 1570 1571 ASSERT(cr); 1572 ASSERT(dnode); 1573 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 1574 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 1575 1576 /* 1577 * The following check is required for streams processing, below 1578 */ 1579 1580 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1581 flags |= SMB_IGNORE_CASE; 1582 1583 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1584 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1585 1586 if (smb_is_stream_name(name)) { 1587 smb_stream_parse_name(name, fname, sname); 1588 1589 /* 1590 * Look up the unnamed stream (i.e. fname). 1591 * Unmangle processing will be done on fname 1592 * as well as any link target. 1593 */ 1594 rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, fname, 1595 &fnode, &file_attr); 1596 1597 if (rc != 0) { 1598 kmem_free(fname, MAXNAMELEN); 1599 kmem_free(sname, MAXNAMELEN); 1600 return (rc); 1601 } 1602 1603 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1604 1605 /* 1606 * od_name is the on-disk name of the stream, except 1607 * without the prepended stream prefix (SMB_STREAM_PREFIX) 1608 */ 1609 1610 /* 1611 * XXX 1612 * What permissions NTFS requires for stream lookup if any? 1613 */ 1614 rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name, 1615 &xattrdirvp, flags, root_node->vp, cr); 1616 1617 if (rc != 0) { 1618 smb_node_release(fnode); 1619 kmem_free(fname, MAXNAMELEN); 1620 kmem_free(sname, MAXNAMELEN); 1621 kmem_free(od_name, MAXNAMELEN); 1622 return (rc); 1623 } 1624 1625 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1626 vp, od_name, ret_attr); 1627 1628 kmem_free(od_name, MAXNAMELEN); 1629 smb_node_release(fnode); 1630 VN_RELE(xattrdirvp); 1631 VN_RELE(vp); 1632 1633 if (*ret_snode == NULL) { 1634 kmem_free(fname, MAXNAMELEN); 1635 kmem_free(sname, MAXNAMELEN); 1636 return (ENOMEM); 1637 } 1638 } else { 1639 rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, name, 1640 ret_snode, ret_attr); 1641 } 1642 1643 if (rc == 0) { 1644 ASSERT(ret_snode); 1645 if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) { 1646 smb_node_release(*ret_snode); 1647 *ret_snode = NULL; 1648 rc = EACCES; 1649 } 1650 } 1651 1652 kmem_free(fname, MAXNAMELEN); 1653 kmem_free(sname, MAXNAMELEN); 1654 1655 return (rc); 1656 } 1657 1658 /* 1659 * smb_fsop_lookup 1660 * 1661 * All SMB functions should use this smb_vop_lookup wrapper to ensure that 1662 * the smb_vop_lookup is performed with the appropriate credentials and using 1663 * case insensitive compares. Please document any direct call to smb_vop_lookup 1664 * to explain the reason for avoiding this wrapper. 1665 * 1666 * It is assumed that a reference exists on dnode coming into this routine 1667 * (and that it is safe from deallocation). 1668 * 1669 * Same with the root_node. 1670 * 1671 * *ret_snode is returned with a reference upon success. No reference is 1672 * taken if an error is returned. 1673 * 1674 * Note: The returned ret_snode may be in a child mount. This is ok for 1675 * readdir. 1676 * 1677 * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent 1678 * operations on files not in the parent mount. 1679 */ 1680 int 1681 smb_fsop_lookup( 1682 smb_request_t *sr, 1683 cred_t *cr, 1684 int flags, 1685 smb_node_t *root_node, 1686 smb_node_t *dnode, 1687 char *name, 1688 smb_node_t **ret_snode, 1689 smb_attr_t *ret_attr) 1690 { 1691 smb_node_t *lnk_target_node; 1692 smb_node_t *lnk_dnode; 1693 char *longname; 1694 char *od_name; 1695 vnode_t *vp; 1696 int rc; 1697 int ret_flags; 1698 1699 ASSERT(cr); 1700 ASSERT(dnode); 1701 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 1702 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 1703 1704 if (name == NULL) 1705 return (EINVAL); 1706 1707 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 1708 return (EACCES); 1709 1710 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1711 flags |= SMB_IGNORE_CASE; 1712 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1713 flags |= SMB_CATIA; 1714 1715 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1716 1717 rc = smb_vop_lookup(dnode->vp, name, &vp, od_name, flags, 1718 &ret_flags, root_node ? root_node->vp : NULL, cr); 1719 1720 if (rc != 0) { 1721 if (smb_maybe_mangled_name(name) == 0) { 1722 kmem_free(od_name, MAXNAMELEN); 1723 return (rc); 1724 } 1725 1726 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1727 rc = smb_unmangle_name(dnode, name, longname, MAXNAMELEN); 1728 if (rc != 0) { 1729 kmem_free(od_name, MAXNAMELEN); 1730 kmem_free(longname, MAXNAMELEN); 1731 return (rc); 1732 } 1733 1734 /* 1735 * longname is the real (case-sensitive) 1736 * on-disk name. 1737 * We make sure we do a lookup on this exact 1738 * name, as the name was mangled and denotes 1739 * a unique file. 1740 */ 1741 1742 if (flags & SMB_IGNORE_CASE) 1743 flags &= ~SMB_IGNORE_CASE; 1744 1745 rc = smb_vop_lookup(dnode->vp, longname, &vp, od_name, 1746 flags, &ret_flags, root_node ? root_node->vp : NULL, cr); 1747 1748 kmem_free(longname, MAXNAMELEN); 1749 1750 if (rc != 0) { 1751 kmem_free(od_name, MAXNAMELEN); 1752 return (rc); 1753 } 1754 } 1755 1756 if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK)) { 1757 1758 rc = smb_pathname(sr, od_name, FOLLOW, root_node, dnode, 1759 &lnk_dnode, &lnk_target_node, cr); 1760 1761 if (rc != 0) { 1762 /* 1763 * The link is assumed to be for the last component 1764 * of a path. Hence any ENOTDIR error will be returned 1765 * as ENOENT. 1766 */ 1767 if (rc == ENOTDIR) 1768 rc = ENOENT; 1769 1770 VN_RELE(vp); 1771 kmem_free(od_name, MAXNAMELEN); 1772 return (rc); 1773 } 1774 1775 /* 1776 * Release the original VLNK vnode 1777 */ 1778 1779 VN_RELE(vp); 1780 vp = lnk_target_node->vp; 1781 1782 rc = smb_vop_traverse_check(&vp); 1783 1784 if (rc != 0) { 1785 smb_node_release(lnk_dnode); 1786 smb_node_release(lnk_target_node); 1787 kmem_free(od_name, MAXNAMELEN); 1788 return (rc); 1789 } 1790 1791 /* 1792 * smb_vop_traverse_check() may have returned a different vnode 1793 */ 1794 1795 if (lnk_target_node->vp == vp) { 1796 *ret_snode = lnk_target_node; 1797 *ret_attr = (*ret_snode)->attr; 1798 } else { 1799 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, 1800 lnk_target_node->od_name, lnk_dnode, NULL, 1801 ret_attr); 1802 VN_RELE(vp); 1803 1804 if (*ret_snode == NULL) 1805 rc = ENOMEM; 1806 smb_node_release(lnk_target_node); 1807 } 1808 1809 smb_node_release(lnk_dnode); 1810 1811 } else { 1812 1813 rc = smb_vop_traverse_check(&vp); 1814 if (rc) { 1815 VN_RELE(vp); 1816 kmem_free(od_name, MAXNAMELEN); 1817 return (rc); 1818 } 1819 1820 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name, 1821 dnode, NULL, ret_attr); 1822 VN_RELE(vp); 1823 1824 if (*ret_snode == NULL) 1825 rc = ENOMEM; 1826 } 1827 1828 kmem_free(od_name, MAXNAMELEN); 1829 return (rc); 1830 } 1831 1832 int /*ARGSUSED*/ 1833 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode) 1834 { 1835 ASSERT(cr); 1836 ASSERT(snode); 1837 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1838 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1839 1840 ASSERT(sr); 1841 ASSERT(sr->tid_tree); 1842 if (SMB_TREE_IS_READONLY(sr)) 1843 return (EROFS); 1844 1845 return (smb_vop_commit(snode->vp, cr)); 1846 } 1847 1848 /* 1849 * smb_fsop_aclread 1850 * 1851 * Retrieve filesystem ACL. Depends on requested ACLs in 1852 * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in 1853 * fs_sd. Note that requesting a DACL/SACL doesn't mean that 1854 * the corresponding field in fs_sd should be non-NULL upon 1855 * return, since the target ACL might not contain that type of 1856 * entries. 1857 * 1858 * Returned ACL is always in ACE_T (aka ZFS) format. 1859 * If successful the allocated memory for the ACL should be freed 1860 * using smb_fsacl_free() or smb_fssd_term() 1861 */ 1862 int 1863 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1864 smb_fssd_t *fs_sd) 1865 { 1866 int error = 0; 1867 int flags = 0; 1868 int access = 0; 1869 acl_t *acl; 1870 smb_node_t *unnamed_node; 1871 1872 ASSERT(cr); 1873 1874 if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_ACL) == 0) 1875 return (EACCES); 1876 1877 if (sr->fid_ofile) { 1878 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 1879 access = READ_CONTROL; 1880 1881 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 1882 access |= ACCESS_SYSTEM_SECURITY; 1883 1884 error = smb_ofile_access(sr->fid_ofile, cr, access); 1885 if (error != NT_STATUS_SUCCESS) { 1886 return (EACCES); 1887 } 1888 } 1889 1890 unnamed_node = SMB_IS_STREAM(snode); 1891 if (unnamed_node) { 1892 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1893 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1894 /* 1895 * Streams don't have ACL, any read ACL attempt on a stream 1896 * should be performed on the unnamed stream. 1897 */ 1898 snode = unnamed_node; 1899 } 1900 1901 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) 1902 flags = ATTR_NOACLCHECK; 1903 1904 error = smb_vop_acl_read(snode->vp, &acl, flags, 1905 sr->tid_tree->t_acltype, cr); 1906 if (error != 0) { 1907 return (error); 1908 } 1909 1910 error = acl_translate(acl, _ACL_ACE_ENABLED, 1911 (snode->vp->v_type == VDIR), fs_sd->sd_uid, fs_sd->sd_gid); 1912 1913 if (error == 0) { 1914 smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl, 1915 fs_sd->sd_secinfo); 1916 } 1917 1918 acl_free(acl); 1919 return (error); 1920 } 1921 1922 /* 1923 * smb_fsop_aclwrite 1924 * 1925 * Stores the filesystem ACL provided in fs_sd->sd_acl. 1926 */ 1927 int 1928 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1929 smb_fssd_t *fs_sd) 1930 { 1931 int target_flavor; 1932 int error = 0; 1933 int flags = 0; 1934 int access = 0; 1935 acl_t *acl, *dacl, *sacl; 1936 smb_node_t *unnamed_node; 1937 1938 ASSERT(cr); 1939 1940 ASSERT(sr); 1941 ASSERT(sr->tid_tree); 1942 if (SMB_TREE_IS_READONLY(sr)) 1943 return (EROFS); 1944 1945 if (SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_ACL) == 0) 1946 return (EACCES); 1947 1948 if (sr->fid_ofile) { 1949 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 1950 access = WRITE_DAC; 1951 1952 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 1953 access |= ACCESS_SYSTEM_SECURITY; 1954 1955 error = smb_ofile_access(sr->fid_ofile, cr, access); 1956 if (error != NT_STATUS_SUCCESS) 1957 return (EACCES); 1958 } 1959 1960 switch (sr->tid_tree->t_acltype) { 1961 case ACLENT_T: 1962 target_flavor = _ACL_ACLENT_ENABLED; 1963 break; 1964 1965 case ACE_T: 1966 target_flavor = _ACL_ACE_ENABLED; 1967 break; 1968 default: 1969 return (EINVAL); 1970 } 1971 1972 unnamed_node = SMB_IS_STREAM(snode); 1973 if (unnamed_node) { 1974 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1975 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1976 /* 1977 * Streams don't have ACL, any write ACL attempt on a stream 1978 * should be performed on the unnamed stream. 1979 */ 1980 snode = unnamed_node; 1981 } 1982 1983 dacl = fs_sd->sd_zdacl; 1984 sacl = fs_sd->sd_zsacl; 1985 1986 ASSERT(dacl || sacl); 1987 if ((dacl == NULL) && (sacl == NULL)) 1988 return (EINVAL); 1989 1990 if (dacl && sacl) 1991 acl = smb_fsacl_merge(dacl, sacl); 1992 else if (dacl) 1993 acl = dacl; 1994 else 1995 acl = sacl; 1996 1997 error = acl_translate(acl, target_flavor, (snode->vp->v_type == VDIR), 1998 fs_sd->sd_uid, fs_sd->sd_gid); 1999 if (error == 0) { 2000 if (smb_tree_has_feature(sr->tid_tree, 2001 SMB_TREE_ACEMASKONACCESS)) 2002 flags = ATTR_NOACLCHECK; 2003 2004 error = smb_vop_acl_write(snode->vp, acl, flags, cr); 2005 } 2006 2007 if (dacl && sacl) 2008 acl_free(acl); 2009 2010 return (error); 2011 } 2012 2013 acl_type_t 2014 smb_fsop_acltype(smb_node_t *snode) 2015 { 2016 return (smb_vop_acl_type(snode->vp)); 2017 } 2018 2019 /* 2020 * smb_fsop_sdread 2021 * 2022 * Read the requested security descriptor items from filesystem. 2023 * The items are specified in fs_sd->sd_secinfo. 2024 */ 2025 int 2026 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2027 smb_fssd_t *fs_sd) 2028 { 2029 int error = 0; 2030 int getowner = 0; 2031 cred_t *ga_cred; 2032 smb_attr_t attr; 2033 2034 ASSERT(cr); 2035 ASSERT(fs_sd); 2036 2037 /* 2038 * File's uid/gid is fetched in two cases: 2039 * 2040 * 1. it's explicitly requested 2041 * 2042 * 2. target ACL is ACE_T (ZFS ACL). They're needed for 2043 * owner@/group@ entries. In this case kcred should be used 2044 * because uid/gid are fetched on behalf of smb server. 2045 */ 2046 if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) { 2047 getowner = 1; 2048 ga_cred = cr; 2049 } else if (sr->tid_tree->t_acltype == ACE_T) { 2050 getowner = 1; 2051 ga_cred = kcred; 2052 } 2053 2054 if (getowner) { 2055 /* 2056 * Windows require READ_CONTROL to read owner/group SID since 2057 * they're part of Security Descriptor. 2058 * ZFS only requires read_attribute. Need to have a explicit 2059 * access check here. 2060 */ 2061 if (sr->fid_ofile == NULL) { 2062 error = smb_fsop_access(sr, ga_cred, snode, 2063 READ_CONTROL); 2064 if (error) 2065 return (EACCES); 2066 } 2067 2068 attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2069 error = smb_fsop_getattr(sr, ga_cred, snode, &attr); 2070 if (error == 0) { 2071 fs_sd->sd_uid = attr.sa_vattr.va_uid; 2072 fs_sd->sd_gid = attr.sa_vattr.va_gid; 2073 } else { 2074 return (error); 2075 } 2076 } 2077 2078 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2079 error = smb_fsop_aclread(sr, cr, snode, fs_sd); 2080 } 2081 2082 return (error); 2083 } 2084 2085 /* 2086 * smb_fsop_sdmerge 2087 * 2088 * From SMB point of view DACL and SACL are two separate list 2089 * which can be manipulated independently without one affecting 2090 * the other, but entries for both DACL and SACL will end up 2091 * in the same ACL if target filesystem supports ACE_T ACLs. 2092 * 2093 * So, if either DACL or SACL is present in the client set request 2094 * the entries corresponding to the non-present ACL shouldn't 2095 * be touched in the FS ACL. 2096 * 2097 * fs_sd parameter contains DACL and SACL specified by SMB 2098 * client to be set on a file/directory. The client could 2099 * specify both or one of these ACLs (if none is specified 2100 * we don't get this far). When both DACL and SACL are given 2101 * by client the existing ACL should be overwritten. If only 2102 * one of them is specified the entries corresponding to the other 2103 * ACL should not be touched. For example, if only DACL 2104 * is specified in input fs_sd, the function reads audit entries 2105 * of the existing ACL of the file and point fs_sd->sd_zsdacl 2106 * pointer to the fetched SACL, this way when smb_fsop_sdwrite() 2107 * function is called the passed fs_sd would point to the specified 2108 * DACL by client and fetched SACL from filesystem, so the file 2109 * will end up with correct ACL. 2110 */ 2111 static int 2112 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd) 2113 { 2114 smb_fssd_t cur_sd; 2115 int error = 0; 2116 2117 if (sr->tid_tree->t_acltype != ACE_T) 2118 /* Don't bother if target FS doesn't support ACE_T */ 2119 return (0); 2120 2121 if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) { 2122 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 2123 /* 2124 * Don't overwrite existing audit entries 2125 */ 2126 smb_fssd_init(&cur_sd, SMB_SACL_SECINFO, 2127 fs_sd->sd_flags); 2128 2129 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2130 if (error == 0) { 2131 ASSERT(fs_sd->sd_zsacl == NULL); 2132 fs_sd->sd_zsacl = cur_sd.sd_zsacl; 2133 if (fs_sd->sd_zsacl && fs_sd->sd_zdacl) 2134 fs_sd->sd_zsacl->acl_flags = 2135 fs_sd->sd_zdacl->acl_flags; 2136 } 2137 } else { 2138 /* 2139 * Don't overwrite existing access entries 2140 */ 2141 smb_fssd_init(&cur_sd, SMB_DACL_SECINFO, 2142 fs_sd->sd_flags); 2143 2144 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2145 if (error == 0) { 2146 ASSERT(fs_sd->sd_zdacl == NULL); 2147 fs_sd->sd_zdacl = cur_sd.sd_zdacl; 2148 if (fs_sd->sd_zdacl && fs_sd->sd_zsacl) 2149 fs_sd->sd_zdacl->acl_flags = 2150 fs_sd->sd_zsacl->acl_flags; 2151 } 2152 } 2153 2154 if (error) 2155 smb_fssd_term(&cur_sd); 2156 } 2157 2158 return (error); 2159 } 2160 2161 /* 2162 * smb_fsop_sdwrite 2163 * 2164 * Stores the given uid, gid and acl in filesystem. 2165 * Provided items in fs_sd are specified by fs_sd->sd_secinfo. 2166 * 2167 * A SMB security descriptor could contain owner, primary group, 2168 * DACL and SACL. Setting an SD should be atomic but here it has to 2169 * be done via two separate FS operations: VOP_SETATTR and 2170 * VOP_SETSECATTR. Therefore, this function has to simulate the 2171 * atomicity as well as it can. 2172 * 2173 * Get the current uid, gid before setting the new uid/gid 2174 * so if smb_fsop_aclwrite fails they can be restored. root cred is 2175 * used to get currend uid/gid since this operation is performed on 2176 * behalf of the server not the user. 2177 * 2178 * If setting uid/gid fails with EPERM it means that and invalid 2179 * owner has been specified. Callers should translate this to 2180 * STATUS_INVALID_OWNER which is not the normal mapping for EPERM 2181 * in upper layers, so EPERM is mapped to EBADE. 2182 */ 2183 int 2184 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2185 smb_fssd_t *fs_sd, int overwrite) 2186 { 2187 int error = 0; 2188 int access = 0; 2189 smb_attr_t set_attr; 2190 smb_attr_t orig_attr; 2191 2192 ASSERT(cr); 2193 ASSERT(fs_sd); 2194 2195 ASSERT(sr); 2196 ASSERT(sr->tid_tree); 2197 if (SMB_TREE_IS_READONLY(sr)) 2198 return (EROFS); 2199 2200 bzero(&set_attr, sizeof (smb_attr_t)); 2201 2202 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 2203 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 2204 set_attr.sa_mask |= SMB_AT_UID; 2205 access |= WRITE_OWNER; 2206 } 2207 2208 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 2209 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 2210 set_attr.sa_mask |= SMB_AT_GID; 2211 access |= WRITE_OWNER; 2212 } 2213 2214 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2215 access |= WRITE_DAC; 2216 2217 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2218 access |= ACCESS_SYSTEM_SECURITY; 2219 2220 if (sr->fid_ofile) 2221 error = smb_ofile_access(sr->fid_ofile, cr, access); 2222 else 2223 error = smb_fsop_access(sr, cr, snode, access); 2224 2225 if (error) 2226 return (EACCES); 2227 2228 if (set_attr.sa_mask) { 2229 orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2230 error = smb_fsop_getattr(sr, kcred, snode, &orig_attr); 2231 if (error == 0) { 2232 error = smb_fsop_setattr(sr, cr, snode, &set_attr, 2233 NULL); 2234 if (error == EPERM) 2235 error = EBADE; 2236 } 2237 2238 if (error) 2239 return (error); 2240 } 2241 2242 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2243 if (overwrite == 0) { 2244 error = smb_fsop_sdmerge(sr, snode, fs_sd); 2245 if (error) 2246 return (error); 2247 } 2248 2249 error = smb_fsop_aclwrite(sr, cr, snode, fs_sd); 2250 if (error) { 2251 /* 2252 * Revert uid/gid changes if required. 2253 */ 2254 if (set_attr.sa_mask) { 2255 orig_attr.sa_mask = set_attr.sa_mask; 2256 (void) smb_fsop_setattr(sr, kcred, snode, 2257 &orig_attr, NULL); 2258 } 2259 } 2260 } 2261 2262 return (error); 2263 } 2264 2265 /* 2266 * smb_fsop_sdinherit 2267 * 2268 * Inherit the security descriptor from the parent container. 2269 * This function is called after FS has created the file/folder 2270 * so if this doesn't do anything it means FS inheritance is 2271 * in place. 2272 * 2273 * Do inheritance for ZFS internally. 2274 * 2275 * If we want to let ZFS does the inheritance the 2276 * following setting should be true: 2277 * 2278 * - aclinherit = passthrough 2279 * - aclmode = passthrough 2280 * - smbd umask = 0777 2281 * 2282 * This will result in right effective permissions but 2283 * ZFS will always add 6 ACEs for owner, owning group 2284 * and others to be POSIX compliant. This is not what 2285 * Windows clients/users expect, so we decided that CIFS 2286 * implements Windows rules and overwrite whatever ZFS 2287 * comes up with. This way we also don't have to care 2288 * about ZFS aclinherit and aclmode settings. 2289 */ 2290 static int 2291 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd) 2292 { 2293 int is_dir; 2294 acl_t *dacl = NULL; 2295 acl_t *sacl = NULL; 2296 ksid_t *owner_sid; 2297 int error; 2298 2299 ASSERT(fs_sd); 2300 2301 if (sr->tid_tree->t_acltype != ACE_T) { 2302 /* 2303 * No forced inheritance for non-ZFS filesystems. 2304 */ 2305 fs_sd->sd_secinfo = 0; 2306 return (0); 2307 } 2308 2309 2310 /* Fetch parent directory's ACL */ 2311 error = smb_fsop_sdread(sr, kcred, dnode, fs_sd); 2312 if (error) { 2313 return (error); 2314 } 2315 2316 is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR); 2317 owner_sid = crgetsid(sr->user_cr, KSID_OWNER); 2318 ASSERT(owner_sid); 2319 dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO, 2320 owner_sid->ks_id); 2321 sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO, 2322 (uid_t)-1); 2323 2324 if (sacl == NULL) 2325 fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO; 2326 2327 smb_fsacl_free(fs_sd->sd_zdacl); 2328 smb_fsacl_free(fs_sd->sd_zsacl); 2329 2330 fs_sd->sd_zdacl = dacl; 2331 fs_sd->sd_zsacl = sacl; 2332 2333 return (0); 2334 } 2335 2336 /* 2337 * smb_fsop_eaccess 2338 * 2339 * Returns the effective permission of the given credential for the 2340 * specified object. 2341 * 2342 * This is just a workaround. We need VFS/FS support for this. 2343 */ 2344 void 2345 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2346 uint32_t *eaccess) 2347 { 2348 int access = 0; 2349 vnode_t *dir_vp; 2350 smb_node_t *unnamed_node; 2351 2352 ASSERT(cr); 2353 ASSERT(snode); 2354 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2355 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2356 2357 unnamed_node = SMB_IS_STREAM(snode); 2358 if (unnamed_node) { 2359 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2360 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2361 /* 2362 * Streams authorization should be performed against the 2363 * unnamed stream. 2364 */ 2365 snode = unnamed_node; 2366 } 2367 2368 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) { 2369 dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 2370 smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp, 2371 cr); 2372 return; 2373 } 2374 2375 /* 2376 * FS doesn't understand 32-bit mask 2377 */ 2378 smb_vop_eaccess(snode->vp, &access, 0, NULL, cr); 2379 access &= sr->tid_tree->t_access; 2380 2381 *eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES; 2382 2383 if (access & VREAD) 2384 *eaccess |= FILE_READ_DATA; 2385 2386 if (access & VEXEC) 2387 *eaccess |= FILE_EXECUTE; 2388 2389 if (access & VWRITE) 2390 *eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | 2391 FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD; 2392 } 2393 2394 /* 2395 * smb_fsop_shrlock 2396 * 2397 * For the current open request, check file sharing rules 2398 * against existing opens. 2399 * 2400 * Returns NT_STATUS_SHARING_VIOLATION if there is any 2401 * sharing conflict. Returns NT_STATUS_SUCCESS otherwise. 2402 * 2403 * Full system-wide share reservation synchronization is available 2404 * when the nbmand (non-blocking mandatory) mount option is set 2405 * (i.e. nbl_need_crit() is true) and nbmand critical regions are used. 2406 * This provides synchronization with NFS and local processes. The 2407 * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called 2408 * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well 2409 * as the CIFS rename and delete paths. 2410 * 2411 * The CIFS server will also enter the nbl critical region in the open, 2412 * rename, and delete paths when nbmand is not set. There is limited 2413 * coordination with local and VFS share reservations in this case. 2414 * Note that when the nbmand mount option is not set, the VFS layer 2415 * only processes advisory reservations and the delete mode is not checked. 2416 * 2417 * Whether or not the nbmand mount option is set, intra-CIFS share 2418 * checking is done in the open, delete, and rename paths using a CIFS 2419 * critical region (node->n_share_lock). 2420 */ 2421 2422 uint32_t 2423 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid, 2424 uint32_t desired_access, uint32_t share_access) 2425 { 2426 int rc; 2427 2428 if (node->attr.sa_vattr.va_type == VDIR) 2429 return (NT_STATUS_SUCCESS); 2430 2431 /* Allow access if the request is just for meta data */ 2432 if ((desired_access & FILE_DATA_ALL) == 0) 2433 return (NT_STATUS_SUCCESS); 2434 2435 rc = smb_node_open_check(node, cr, desired_access, share_access); 2436 if (rc) 2437 return (NT_STATUS_SHARING_VIOLATION); 2438 2439 rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access, 2440 cr); 2441 if (rc) 2442 return (NT_STATUS_SHARING_VIOLATION); 2443 2444 return (NT_STATUS_SUCCESS); 2445 } 2446 2447 void 2448 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid) 2449 { 2450 if (node->attr.sa_vattr.va_type == VDIR) 2451 return; 2452 2453 (void) smb_vop_unshrlock(node->vp, uniq_fid, cr); 2454 } 2455 2456 int 2457 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock, 2458 cred_t *cr) 2459 { 2460 flock64_t bf; 2461 int flag = F_REMOTELOCK; 2462 2463 /* 2464 * VOP_FRLOCK() will not be called if: 2465 * 2466 * 1) The lock has a range of zero bytes. The semantics of Windows and 2467 * POSIX are different. In the case of POSIX it asks for the locking 2468 * of all the bytes from the offset provided until the end of the 2469 * file. In the case of Windows a range of zero locks nothing and 2470 * doesn't conflict with any other lock. 2471 * 2472 * 2) The lock rolls over (start + lenght < start). Solaris will assert 2473 * if such a request is submitted. This will not create 2474 * incompatibilities between POSIX and Windows. In the Windows world, 2475 * if a client submits such a lock, the server will not lock any 2476 * bytes. Interestingly if the same lock (same offset and length) is 2477 * resubmitted Windows will consider that there is an overlap and 2478 * the granting rules will then apply. 2479 */ 2480 if ((lock->l_length == 0) || 2481 ((lock->l_start + lock->l_length - 1) < lock->l_start)) 2482 return (0); 2483 2484 bzero(&bf, sizeof (bf)); 2485 2486 if (unlock) { 2487 bf.l_type = F_UNLCK; 2488 } else if (lock->l_type == SMB_LOCK_TYPE_READONLY) { 2489 bf.l_type = F_RDLCK; 2490 flag |= FREAD; 2491 } else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) { 2492 bf.l_type = F_WRLCK; 2493 flag |= FWRITE; 2494 } 2495 2496 bf.l_start = lock->l_start; 2497 bf.l_len = lock->l_length; 2498 bf.l_pid = lock->l_file->f_uniqid; 2499 bf.l_sysid = smb_ct.cc_sysid; 2500 2501 return (smb_vop_frlock(node->vp, cr, flag, &bf)); 2502 } 2503