1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/sid.h> 27 #include <sys/nbmlock.h> 28 #include <smbsrv/smb_fsops.h> 29 #include <smbsrv/smb_kproto.h> 30 #include <smbsrv/ntstatus.h> 31 #include <smbsrv/ntaccess.h> 32 #include <smbsrv/smb_incl.h> 33 #include <acl/acl_common.h> 34 #include <sys/fcntl.h> 35 #include <sys/flock.h> 36 #include <fs/fs_subr.h> 37 38 extern caller_context_t smb_ct; 39 40 extern int smb_fem_oplock_install(smb_node_t *); 41 extern void smb_fem_oplock_uninstall(smb_node_t *); 42 43 extern int smb_vop_other_opens(vnode_t *, int); 44 45 static int smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, 46 smb_fssd_t *fs_sd); 47 48 /* 49 * The smb_fsop_* functions have knowledge of CIFS semantics. 50 * 51 * The smb_vop_* functions have minimal knowledge of CIFS semantics and 52 * serve as an interface to the VFS layer. 53 * 54 * Hence, smb_request_t and smb_node_t structures should not be passed 55 * from the smb_fsop_* layer to the smb_vop_* layer. 56 * 57 * In general, CIFS service code should only ever call smb_fsop_* 58 * functions directly, and never smb_vop_* functions directly. 59 * 60 * smb_fsop_* functions should call smb_vop_* functions where possible, instead 61 * of their smb_fsop_* counterparts. However, there are times when 62 * this cannot be avoided. 63 */ 64 65 /* 66 * Note: Stream names cannot be mangled. 67 */ 68 69 /* 70 * smb_fsop_amask_to_omode 71 * 72 * Convert the access mask to the open mode (for use 73 * with the VOP_OPEN call). 74 * 75 * Note that opening a file for attribute only access 76 * will also translate into an FREAD or FWRITE open mode 77 * (i.e., it's not just for data). 78 * 79 * This is needed so that opens are tracked appropriately 80 * for oplock processing. 81 */ 82 83 int 84 smb_fsop_amask_to_omode(uint32_t access) 85 { 86 int mode = 0; 87 88 if (access & (FILE_READ_DATA | FILE_EXECUTE | 89 FILE_READ_ATTRIBUTES | FILE_READ_EA)) 90 mode |= FREAD; 91 92 if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA | 93 FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)) 94 mode |= FWRITE; 95 96 if (access & FILE_APPEND_DATA) 97 mode |= FAPPEND; 98 99 return (mode); 100 } 101 102 int 103 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred) 104 { 105 /* 106 * Assuming that the same vnode is returned as we had before. 107 * (I.e., with certain types of files or file systems, a 108 * different vnode might be returned by VOP_OPEN) 109 */ 110 return (smb_vop_open(&node->vp, mode, cred)); 111 } 112 113 void 114 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred) 115 { 116 smb_vop_close(node->vp, mode, cred); 117 } 118 119 int 120 smb_fsop_oplock_install(smb_node_t *node, int mode) 121 { 122 int rc; 123 124 if (smb_vop_other_opens(node->vp, mode)) 125 return (EMFILE); 126 127 if ((rc = smb_fem_oplock_install(node))) 128 return (rc); 129 130 if (smb_vop_other_opens(node->vp, mode)) { 131 (void) smb_fem_oplock_uninstall(node); 132 return (EMFILE); 133 } 134 135 return (0); 136 } 137 138 void 139 smb_fsop_oplock_uninstall(smb_node_t *node) 140 { 141 smb_fem_oplock_uninstall(node); 142 } 143 144 static int 145 smb_fsop_create_with_sd( 146 smb_request_t *sr, 147 cred_t *cr, 148 smb_node_t *dir_snode, 149 char *name, 150 smb_attr_t *attr, 151 smb_node_t **ret_snode, 152 smb_attr_t *ret_attr, 153 smb_fssd_t *fs_sd) 154 { 155 vsecattr_t *vsap; 156 vsecattr_t vsecattr; 157 acl_t *acl, *dacl, *sacl; 158 smb_attr_t set_attr; 159 vnode_t *vp; 160 int aclbsize = 0; /* size of acl list in bytes */ 161 int flags = 0; 162 int rc; 163 boolean_t is_dir; 164 165 ASSERT(fs_sd); 166 167 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 168 flags = SMB_IGNORE_CASE; 169 170 ASSERT(cr); 171 172 is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0); 173 174 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) { 175 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 176 dacl = fs_sd->sd_zdacl; 177 sacl = fs_sd->sd_zsacl; 178 ASSERT(dacl || sacl); 179 if (dacl && sacl) { 180 acl = smb_fsacl_merge(dacl, sacl); 181 } else if (dacl) { 182 acl = dacl; 183 } else { 184 acl = sacl; 185 } 186 187 rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize); 188 189 if (dacl && sacl) 190 acl_free(acl); 191 192 if (rc != 0) 193 return (rc); 194 195 vsap = &vsecattr; 196 } else { 197 vsap = NULL; 198 } 199 200 if (is_dir) { 201 rc = smb_vop_mkdir(dir_snode->vp, name, attr, &vp, 202 flags, cr, vsap); 203 } else { 204 rc = smb_vop_create(dir_snode->vp, name, attr, &vp, 205 flags, cr, vsap); 206 } 207 208 if (vsap != NULL) 209 kmem_free(vsap->vsa_aclentp, aclbsize); 210 211 if (rc != 0) 212 return (rc); 213 214 set_attr.sa_mask = 0; 215 216 /* 217 * Ideally we should be able to specify the owner and owning 218 * group at create time along with the ACL. Since we cannot 219 * do that right now, kcred is passed to smb_vop_setattr so it 220 * doesn't fail due to lack of permission. 221 */ 222 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 223 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 224 set_attr.sa_mask |= SMB_AT_UID; 225 } 226 227 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 228 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 229 set_attr.sa_mask |= SMB_AT_GID; 230 } 231 232 if (set_attr.sa_mask) 233 rc = smb_vop_setattr(vp, NULL, &set_attr, 0, kcred); 234 235 if (rc == 0) { 236 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, 237 name, dir_snode, NULL, ret_attr); 238 239 if (*ret_snode == NULL) { 240 VN_RELE(vp); 241 rc = ENOMEM; 242 } 243 } 244 } else { 245 /* 246 * For filesystems that don't support ACL-on-create, try 247 * to set the specified SD after create, which could actually 248 * fail because of conflicts between inherited security 249 * attributes upon creation and the specified SD. 250 * 251 * Passing kcred to smb_fsop_sdwrite() to overcome this issue. 252 */ 253 254 if (is_dir) { 255 rc = smb_vop_mkdir(dir_snode->vp, name, attr, &vp, 256 flags, cr, NULL); 257 } else { 258 rc = smb_vop_create(dir_snode->vp, name, attr, &vp, 259 flags, cr, NULL); 260 } 261 262 if (rc != 0) 263 return (rc); 264 265 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, 266 name, dir_snode, NULL, ret_attr); 267 268 if (*ret_snode != NULL) { 269 if (!smb_tree_has_feature(sr->tid_tree, 270 SMB_TREE_NFS_MOUNTED)) 271 rc = smb_fsop_sdwrite(sr, kcred, *ret_snode, 272 fs_sd, 1); 273 } else { 274 VN_RELE(vp); 275 rc = ENOMEM; 276 } 277 } 278 279 if (rc != 0) { 280 if (is_dir) 281 (void) smb_vop_rmdir(dir_snode->vp, name, flags, cr); 282 else 283 (void) smb_vop_remove(dir_snode->vp, name, flags, cr); 284 } 285 286 return (rc); 287 } 288 289 /* 290 * smb_fsop_create 291 * 292 * All SMB functions should use this wrapper to ensure that 293 * all the smb_vop_creates are performed with the appropriate credentials. 294 * Please document any direct calls to explain the reason 295 * for avoiding this wrapper. 296 * 297 * It is assumed that a reference exists on snode coming into this routine. 298 * 299 * *ret_snode is returned with a reference upon success. No reference is 300 * taken if an error is returned. 301 */ 302 303 int 304 smb_fsop_create( 305 smb_request_t *sr, 306 cred_t *cr, 307 smb_node_t *dir_snode, 308 char *name, 309 smb_attr_t *attr, 310 smb_node_t **ret_snode, 311 smb_attr_t *ret_attr) 312 { 313 struct open_param *op = &sr->arg.open; 314 smb_node_t *fnode; 315 smb_attr_t file_attr; 316 vnode_t *xattrdirvp; 317 vnode_t *vp; 318 char *longname = NULL; 319 char *namep; 320 char *fname; 321 char *sname; 322 int is_stream; 323 int flags = 0; 324 int rc = 0; 325 smb_fssd_t fs_sd; 326 uint32_t secinfo; 327 uint32_t status; 328 329 ASSERT(cr); 330 ASSERT(dir_snode); 331 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 332 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 333 334 ASSERT(ret_snode); 335 *ret_snode = 0; 336 337 ASSERT(name); 338 if (*name == 0) 339 return (EINVAL); 340 341 ASSERT(sr); 342 ASSERT(sr->tid_tree); 343 344 if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0) 345 return (EACCES); 346 347 if (SMB_TREE_IS_READONLY(sr)) 348 return (EROFS); 349 350 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 351 flags = SMB_IGNORE_CASE; 352 353 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 354 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 355 356 is_stream = smb_stream_parse_name(name, fname, sname); 357 358 if (is_stream) 359 namep = fname; 360 else 361 namep = name; 362 363 if (smb_maybe_mangled_name(namep)) { 364 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 365 366 rc = smb_unmangle_name(sr, cr, dir_snode, namep, longname, 367 MAXNAMELEN, NULL, NULL, 1); 368 369 if ((is_stream == 0) && (rc == 0)) 370 rc = EEXIST; 371 372 if ((is_stream && rc) || 373 ((is_stream == 0) && (rc != ENOENT))) { 374 kmem_free(longname, MAXNAMELEN); 375 kmem_free(fname, MAXNAMELEN); 376 kmem_free(sname, MAXNAMELEN); 377 return (rc); 378 } 379 380 if (is_stream) 381 namep = longname; 382 else 383 kmem_free(longname, MAXNAMELEN); 384 } 385 386 if (is_stream) { 387 /* 388 * Look up the unnamed stream. 389 * 390 * Mangle processing in smb_fsop_lookup() for the unnamed 391 * stream won't be needed (as it was done above), but 392 * it may be needed on any link target (which 393 * smb_fsop_lookup() will provide). 394 */ 395 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 396 sr->tid_tree->t_snode, dir_snode, namep, &fnode, &file_attr, 397 0, 0); 398 399 if (longname) { 400 kmem_free(longname, MAXNAMELEN); 401 namep = NULL; 402 } 403 404 if (rc != 0) { 405 kmem_free(fname, MAXNAMELEN); 406 kmem_free(sname, MAXNAMELEN); 407 return (rc); 408 } 409 410 rc = smb_vop_stream_create(fnode->vp, sname, attr, &vp, 411 &xattrdirvp, flags, cr); 412 413 if (rc != 0) { 414 smb_node_release(fnode); 415 kmem_free(fname, MAXNAMELEN); 416 kmem_free(sname, MAXNAMELEN); 417 return (rc); 418 } 419 420 attr->sa_vattr.va_uid = file_attr.sa_vattr.va_uid; 421 attr->sa_vattr.va_gid = file_attr.sa_vattr.va_gid; 422 attr->sa_mask = SMB_AT_UID | SMB_AT_GID; 423 424 /* 425 * The second parameter of smb_vop_setattr() is set to 426 * NULL, even though an unnamed stream exists. This is 427 * because we want to set the UID and GID on the named 428 * stream in this case for consistency with the (unnamed 429 * stream) file (see comments for smb_vop_setattr()). 430 */ 431 432 rc = smb_vop_setattr(vp, NULL, attr, 0, kcred); 433 434 if (rc != 0) { 435 smb_node_release(fnode); 436 kmem_free(fname, MAXNAMELEN); 437 kmem_free(sname, MAXNAMELEN); 438 return (rc); 439 } 440 441 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 442 vp, sname, ret_attr); 443 444 smb_node_release(fnode); 445 446 if (*ret_snode == NULL) { 447 VN_RELE(xattrdirvp); 448 VN_RELE(vp); 449 kmem_free(fname, MAXNAMELEN); 450 kmem_free(sname, MAXNAMELEN); 451 return (ENOMEM); 452 } 453 } else { 454 if (op->sd) { 455 /* 456 * SD sent by client in Windows format. Needs to be 457 * converted to FS format. No inheritance. 458 */ 459 secinfo = smb_sd_get_secinfo(op->sd); 460 smb_fssd_init(&fs_sd, secinfo, 0); 461 462 status = smb_sd_tofs(op->sd, &fs_sd); 463 if (status == NT_STATUS_SUCCESS) { 464 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 465 name, attr, ret_snode, ret_attr, &fs_sd); 466 } 467 else 468 rc = EINVAL; 469 smb_fssd_term(&fs_sd); 470 } else if (sr->tid_tree->t_acltype == ACE_T) { 471 /* 472 * No incoming SD and filesystem is ZFS 473 * Server applies Windows inheritance rules, 474 * see smb_fsop_sdinherit() comments as to why. 475 */ 476 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0); 477 rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd); 478 if (rc == 0) { 479 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 480 name, attr, ret_snode, ret_attr, &fs_sd); 481 } 482 483 smb_fssd_term(&fs_sd); 484 } else { 485 /* 486 * No incoming SD and filesystem is not ZFS 487 * let the filesystem handles the inheritance. 488 */ 489 rc = smb_vop_create(dir_snode->vp, name, attr, &vp, 490 flags, cr, NULL); 491 492 if (rc == 0) { 493 *ret_snode = smb_node_lookup(sr, op, cr, vp, 494 name, dir_snode, NULL, ret_attr); 495 496 if (*ret_snode == NULL) { 497 VN_RELE(vp); 498 rc = ENOMEM; 499 } 500 } 501 502 } 503 } 504 505 kmem_free(fname, MAXNAMELEN); 506 kmem_free(sname, MAXNAMELEN); 507 return (rc); 508 } 509 510 /* 511 * smb_fsop_mkdir 512 * 513 * All SMB functions should use this wrapper to ensure that 514 * the the calls are performed with the appropriate credentials. 515 * Please document any direct call to explain the reason 516 * for avoiding this wrapper. 517 * 518 * It is assumed that a reference exists on snode coming into this routine. 519 * 520 * *ret_snode is returned with a reference upon success. No reference is 521 * taken if an error is returned. 522 */ 523 int 524 smb_fsop_mkdir( 525 smb_request_t *sr, 526 cred_t *cr, 527 smb_node_t *dir_snode, 528 char *name, 529 smb_attr_t *attr, 530 smb_node_t **ret_snode, 531 smb_attr_t *ret_attr) 532 { 533 struct open_param *op = &sr->arg.open; 534 char *longname; 535 vnode_t *vp; 536 int flags = 0; 537 smb_fssd_t fs_sd; 538 uint32_t secinfo; 539 uint32_t status; 540 int rc; 541 ASSERT(cr); 542 ASSERT(dir_snode); 543 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 544 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 545 546 ASSERT(ret_snode); 547 *ret_snode = 0; 548 549 ASSERT(name); 550 if (*name == 0) 551 return (EINVAL); 552 553 ASSERT(sr); 554 ASSERT(sr->tid_tree); 555 556 if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0) 557 return (EACCES); 558 559 if (SMB_TREE_IS_READONLY(sr)) 560 return (EROFS); 561 562 if (smb_maybe_mangled_name(name)) { 563 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 564 rc = smb_unmangle_name(sr, cr, dir_snode, name, longname, 565 MAXNAMELEN, NULL, NULL, 1); 566 567 kmem_free(longname, MAXNAMELEN); 568 569 /* 570 * If the name passed in by the client has an unmangled 571 * equivalent that is found in the specified directory, 572 * then the mkdir cannot succeed. Return EEXIST. 573 * 574 * Only if ENOENT is returned will a mkdir be attempted. 575 */ 576 577 if (rc == 0) 578 rc = EEXIST; 579 580 if (rc != ENOENT) 581 return (rc); 582 } 583 584 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 585 flags = SMB_IGNORE_CASE; 586 587 if (op->sd) { 588 /* 589 * SD sent by client in Windows format. Needs to be 590 * converted to FS format. No inheritance. 591 */ 592 secinfo = smb_sd_get_secinfo(op->sd); 593 smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR); 594 595 status = smb_sd_tofs(op->sd, &fs_sd); 596 if (status == NT_STATUS_SUCCESS) { 597 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 598 name, attr, ret_snode, ret_attr, &fs_sd); 599 } 600 else 601 rc = EINVAL; 602 smb_fssd_term(&fs_sd); 603 } else if (sr->tid_tree->t_acltype == ACE_T) { 604 /* 605 * No incoming SD and filesystem is ZFS 606 * Server applies Windows inheritance rules, 607 * see smb_fsop_sdinherit() comments as to why. 608 */ 609 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR); 610 rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd); 611 if (rc == 0) { 612 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 613 name, attr, ret_snode, ret_attr, &fs_sd); 614 } 615 616 smb_fssd_term(&fs_sd); 617 618 } else { 619 rc = smb_vop_mkdir(dir_snode->vp, name, attr, &vp, flags, cr, 620 NULL); 621 622 if (rc == 0) { 623 *ret_snode = smb_node_lookup(sr, op, cr, vp, name, 624 dir_snode, NULL, ret_attr); 625 626 if (*ret_snode == NULL) { 627 VN_RELE(vp); 628 rc = ENOMEM; 629 } 630 } 631 } 632 633 return (rc); 634 } 635 636 /* 637 * smb_fsop_remove 638 * 639 * All SMB functions should use this wrapper to ensure that 640 * the the calls are performed with the appropriate credentials. 641 * Please document any direct call to explain the reason 642 * for avoiding this wrapper. 643 * 644 * It is assumed that a reference exists on snode coming into this routine. 645 * 646 * od: This means that the name passed in is an on-disk name. 647 * A null smb_request might be passed to this function. 648 */ 649 650 int 651 smb_fsop_remove( 652 smb_request_t *sr, 653 cred_t *cr, 654 smb_node_t *dir_snode, 655 char *name, 656 int od) 657 { 658 smb_node_t *fnode; 659 smb_attr_t file_attr; 660 char *longname; 661 char *fname; 662 char *sname; 663 int flags = 0; 664 int rc; 665 666 ASSERT(cr); 667 /* 668 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 669 * function is called during the deletion of the node (because of 670 * DELETE_ON_CLOSE). 671 */ 672 ASSERT(dir_snode); 673 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 674 675 if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0) 676 return (EACCES); 677 678 if (SMB_TREE_IS_READONLY(sr)) 679 return (EROFS); 680 681 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 682 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 683 684 /* 685 * If the passed-in name is an on-disk name, 686 * then we need to do a case-sensitive remove. 687 * This is important if the on-disk name 688 * corresponds to a mangled name passed in by 689 * the client. We want to make sure to remove 690 * the exact file specified by the client, 691 * instead of letting the underlying file system 692 * do a remove on the "first match." 693 */ 694 695 if ((od == 0) && SMB_TREE_IS_CASEINSENSITIVE(sr)) 696 flags = SMB_IGNORE_CASE; 697 698 if (dir_snode->flags & NODE_XATTR_DIR) { 699 rc = smb_vop_stream_remove(dir_snode->dir_snode->vp, 700 name, flags, cr); 701 } else if (smb_stream_parse_name(name, fname, sname)) { 702 /* 703 * It is assumed that "name" corresponds to the path 704 * passed in by the client, and no need of suppressing 705 * case-insensitive lookups is needed. 706 */ 707 708 ASSERT(od == 0); 709 710 /* 711 * Look up the unnamed stream (i.e. fname). 712 * Unmangle processing will be done on fname 713 * as well as any link target. 714 */ 715 716 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 717 sr->tid_tree->t_snode, dir_snode, fname, &fnode, &file_attr, 718 0, 0); 719 720 if (rc != 0) { 721 kmem_free(fname, MAXNAMELEN); 722 kmem_free(sname, MAXNAMELEN); 723 return (rc); 724 } 725 726 /* 727 * XXX 728 * Need to find out what permission is required by NTFS 729 * to remove a stream. 730 */ 731 rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr); 732 733 smb_node_release(fnode); 734 } else { 735 rc = smb_vop_remove(dir_snode->vp, name, flags, cr); 736 737 if (rc == ENOENT) { 738 if (smb_maybe_mangled_name(name) == 0) { 739 kmem_free(fname, MAXNAMELEN); 740 kmem_free(sname, MAXNAMELEN); 741 return (rc); 742 } 743 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 744 745 rc = smb_unmangle_name(sr, cr, dir_snode, name, 746 longname, MAXNAMELEN, NULL, NULL, 1); 747 748 if (rc == 0) { 749 /* 750 * We passed "1" as the "od" parameter 751 * to smb_unmangle_name(), such that longname 752 * is the real (case-sensitive) on-disk name. 753 * We make sure we do a remove on this exact 754 * name, as the name was mangled and denotes 755 * a unique file. 756 */ 757 flags &= ~SMB_IGNORE_CASE; 758 rc = smb_vop_remove(dir_snode->vp, longname, 759 flags, cr); 760 } 761 762 kmem_free(longname, MAXNAMELEN); 763 } 764 } 765 766 kmem_free(fname, MAXNAMELEN); 767 kmem_free(sname, MAXNAMELEN); 768 return (rc); 769 } 770 771 /* 772 * smb_fsop_remove_streams 773 * 774 * This function removes a file's streams without removing the 775 * file itself. 776 * 777 * It is assumed that snode is not a link. 778 */ 779 int 780 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode) 781 { 782 struct fs_stream_info stream_info; 783 uint32_t cookie = 0; 784 int flags = 0; 785 int rc; 786 787 ASSERT(sr); 788 ASSERT(cr); 789 ASSERT(fnode); 790 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 791 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 792 793 if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0) 794 return (EACCES); 795 796 if (SMB_TREE_IS_READONLY(sr)) 797 return (EROFS); 798 799 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 800 flags = SMB_IGNORE_CASE; 801 802 for (;;) { 803 rc = smb_vop_stream_readdir(fnode->vp, &cookie, &stream_info, 804 NULL, NULL, flags, cr); 805 806 if ((rc != 0) || (cookie == SMB_EOF)) 807 break; 808 809 (void) smb_vop_stream_remove(fnode->vp, stream_info.name, flags, 810 cr); 811 } 812 return (rc); 813 } 814 815 /* 816 * smb_fsop_rmdir 817 * 818 * All SMB functions should use this wrapper to ensure that 819 * the the calls are performed with the appropriate credentials. 820 * Please document any direct call to explain the reason 821 * for avoiding this wrapper. 822 * 823 * It is assumed that a reference exists on snode coming into this routine. 824 * 825 * od: This means that the name passed in is an on-disk name. 826 */ 827 828 int 829 smb_fsop_rmdir( 830 smb_request_t *sr, 831 cred_t *cr, 832 smb_node_t *dir_snode, 833 char *name, 834 int od) 835 { 836 int rc; 837 int flags = 0; 838 char *longname; 839 840 ASSERT(cr); 841 /* 842 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 843 * function is called during the deletion of the node (because of 844 * DELETE_ON_CLOSE). 845 */ 846 ASSERT(dir_snode); 847 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 848 849 if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0) 850 return (EACCES); 851 852 if (SMB_TREE_IS_READONLY(sr)) 853 return (EROFS); 854 855 /* 856 * If the passed-in name is an on-disk name, 857 * then we need to do a case-sensitive rmdir. 858 * This is important if the on-disk name 859 * corresponds to a mangled name passed in by 860 * the client. We want to make sure to remove 861 * the exact directory specified by the client, 862 * instead of letting the underlying file system 863 * do a rmdir on the "first match." 864 */ 865 866 if ((od == 0) && SMB_TREE_IS_CASEINSENSITIVE(sr)) 867 flags = SMB_IGNORE_CASE; 868 869 rc = smb_vop_rmdir(dir_snode->vp, name, flags, cr); 870 871 if (rc == ENOENT) { 872 if (smb_maybe_mangled_name(name) == 0) 873 return (rc); 874 875 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 876 877 rc = smb_unmangle_name(sr, cr, dir_snode, 878 name, longname, MAXNAMELEN, NULL, 879 NULL, 1); 880 881 if (rc == 0) { 882 /* 883 * We passed "1" as the "od" parameter 884 * to smb_unmangle_name(), such that longname 885 * is the real (case-sensitive) on-disk name. 886 * We make sure we do a rmdir on this exact 887 * name, as the name was mangled and denotes 888 * a unique directory. 889 */ 890 flags &= ~SMB_IGNORE_CASE; 891 rc = smb_vop_rmdir(dir_snode->vp, longname, flags, cr); 892 } 893 894 kmem_free(longname, MAXNAMELEN); 895 } 896 897 return (rc); 898 } 899 900 /* 901 * smb_fsop_getattr 902 * 903 * All SMB functions should use this wrapper to ensure that 904 * the the calls are performed with the appropriate credentials. 905 * Please document any direct call to explain the reason 906 * for avoiding this wrapper. 907 * 908 * It is assumed that a reference exists on snode coming into this routine. 909 */ 910 int 911 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 912 smb_attr_t *attr) 913 { 914 smb_node_t *unnamed_node; 915 vnode_t *unnamed_vp = NULL; 916 uint32_t status; 917 uint32_t access = 0; 918 int flags = 0; 919 int rc; 920 921 ASSERT(cr); 922 ASSERT(snode); 923 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 924 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 925 926 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0) 927 return (EACCES); 928 929 if (sr->fid_ofile) { 930 /* if uid and/or gid is requested */ 931 if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 932 access |= READ_CONTROL; 933 934 /* if anything else is also requested */ 935 if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 936 access |= FILE_READ_ATTRIBUTES; 937 938 status = smb_ofile_access(sr->fid_ofile, cr, access); 939 if (status != NT_STATUS_SUCCESS) 940 return (EACCES); 941 942 if (smb_tree_has_feature(sr->tid_tree, 943 SMB_TREE_ACEMASKONACCESS)) 944 flags = ATTR_NOACLCHECK; 945 } 946 947 unnamed_node = SMB_IS_STREAM(snode); 948 949 if (unnamed_node) { 950 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 951 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 952 unnamed_vp = unnamed_node->vp; 953 } 954 955 rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr); 956 if (rc == 0) 957 snode->attr = *attr; 958 959 return (rc); 960 } 961 962 /* 963 * smb_fsop_readdir 964 * 965 * All SMB functions should use this smb_fsop_readdir wrapper to ensure that 966 * the smb_vop_readdir is performed with the appropriate credentials. 967 * Please document any direct call to smb_vop_readdir to explain the reason 968 * for avoiding this wrapper. 969 * 970 * It is assumed that a reference exists on snode coming into this routine. 971 */ 972 int 973 smb_fsop_readdir( 974 smb_request_t *sr, 975 cred_t *cr, 976 smb_node_t *dir_snode, 977 uint32_t *cookie, 978 char *name, 979 int *namelen, 980 ino64_t *fileid, 981 struct fs_stream_info *stream_info, 982 smb_node_t **ret_snode, 983 smb_attr_t *ret_attr) 984 { 985 smb_node_t *ret_snodep; 986 smb_node_t *fnode; 987 smb_attr_t tmp_attr; 988 vnode_t *xattrdirvp; 989 vnode_t *fvp; 990 vnode_t *vp = NULL; 991 char *od_name; 992 int rc; 993 int flags = 0; 994 995 ASSERT(cr); 996 ASSERT(dir_snode); 997 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 998 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 999 1000 if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0) 1001 return (EACCES); 1002 1003 if (*cookie == SMB_EOF) { 1004 *namelen = 0; 1005 return (0); 1006 } 1007 1008 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1009 flags = SMB_IGNORE_CASE; 1010 1011 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1012 1013 if (stream_info) { 1014 rc = smb_vop_lookup(dir_snode->vp, name, &fvp, od_name, 1015 SMB_FOLLOW_LINKS, sr->tid_tree->t_snode->vp, cr); 1016 1017 if (rc != 0) { 1018 kmem_free(od_name, MAXNAMELEN); 1019 return (rc); 1020 } 1021 1022 fnode = smb_node_lookup(sr, NULL, cr, fvp, od_name, dir_snode, 1023 NULL, ret_attr); 1024 1025 kmem_free(od_name, MAXNAMELEN); 1026 1027 if (fnode == NULL) { 1028 VN_RELE(fvp); 1029 return (ENOMEM); 1030 } 1031 1032 /* 1033 * XXX 1034 * Need to find out what permission(s) NTFS requires for getting 1035 * a file's streams list. 1036 * 1037 * Might have to use kcred. 1038 */ 1039 rc = smb_vop_stream_readdir(fvp, cookie, stream_info, &vp, 1040 &xattrdirvp, flags, cr); 1041 1042 if ((rc != 0) || (*cookie == SMB_EOF)) { 1043 smb_node_release(fnode); 1044 return (rc); 1045 } 1046 1047 ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1048 vp, stream_info->name, &tmp_attr); 1049 1050 smb_node_release(fnode); 1051 1052 if (ret_snodep == NULL) { 1053 VN_RELE(xattrdirvp); 1054 VN_RELE(vp); 1055 return (ENOMEM); 1056 } 1057 1058 stream_info->size = tmp_attr.sa_vattr.va_size; 1059 1060 if (ret_attr) 1061 *ret_attr = tmp_attr; 1062 1063 if (ret_snode) 1064 *ret_snode = ret_snodep; 1065 else 1066 smb_node_release(ret_snodep); 1067 1068 } else { 1069 rc = smb_vop_readdir(dir_snode->vp, cookie, name, namelen, 1070 fileid, &vp, od_name, flags, cr); 1071 1072 if (rc != 0) { 1073 kmem_free(od_name, MAXNAMELEN); 1074 return (rc); 1075 } 1076 1077 if (*namelen) { 1078 ASSERT(vp); 1079 if (ret_attr || ret_snode) { 1080 ret_snodep = smb_node_lookup(sr, NULL, cr, vp, 1081 od_name, dir_snode, NULL, &tmp_attr); 1082 1083 if (ret_snodep == NULL) { 1084 kmem_free(od_name, MAXNAMELEN); 1085 VN_RELE(vp); 1086 return (ENOMEM); 1087 } 1088 1089 if (ret_attr) 1090 *ret_attr = tmp_attr; 1091 1092 if (ret_snode) 1093 *ret_snode = ret_snodep; 1094 else 1095 smb_node_release(ret_snodep); 1096 } 1097 } 1098 1099 kmem_free(od_name, MAXNAMELEN); 1100 } 1101 1102 return (rc); 1103 } 1104 1105 /* 1106 * smb_fsop_getdents 1107 * 1108 * All SMB functions should use this smb_vop_getdents wrapper to ensure that 1109 * the smb_vop_getdents is performed with the appropriate credentials. 1110 * Please document any direct call to smb_vop_getdents to explain the reason 1111 * for avoiding this wrapper. 1112 * 1113 * It is assumed that a reference exists on snode coming into this routine. 1114 */ 1115 /*ARGSUSED*/ 1116 int 1117 smb_fsop_getdents( 1118 struct smb_request *sr, 1119 cred_t *cr, 1120 smb_node_t *dir_snode, 1121 uint32_t *cookie, 1122 uint64_t *verifierp, 1123 int32_t *maxcnt, 1124 char *args, 1125 char *pattern) 1126 { 1127 int flags = 0; 1128 1129 ASSERT(cr); 1130 ASSERT(dir_snode); 1131 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1132 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1133 1134 if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0) 1135 return (EACCES); 1136 1137 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1138 flags = SMB_IGNORE_CASE; 1139 1140 return (smb_vop_getdents(dir_snode, cookie, 0, maxcnt, args, pattern, 1141 flags, sr, cr)); 1142 } 1143 1144 /* 1145 * smb_fsop_rename 1146 * 1147 * All SMB functions should use this smb_vop_rename wrapper to ensure that 1148 * the smb_vop_rename is performed with the appropriate credentials. 1149 * Please document any direct call to smb_vop_rename to explain the reason 1150 * for avoiding this wrapper. 1151 * 1152 * It is assumed that references exist on from_dir_snode and to_dir_snode coming 1153 * into this routine. 1154 */ 1155 int 1156 smb_fsop_rename( 1157 smb_request_t *sr, 1158 cred_t *cr, 1159 smb_node_t *from_dir_snode, 1160 char *from_name, 1161 smb_node_t *to_dir_snode, 1162 char *to_name) 1163 { 1164 smb_node_t *from_snode; 1165 smb_attr_t tmp_attr; 1166 vnode_t *from_vp; 1167 int flags = 0; 1168 int rc; 1169 1170 ASSERT(cr); 1171 ASSERT(from_dir_snode); 1172 ASSERT(from_dir_snode->n_magic == SMB_NODE_MAGIC); 1173 ASSERT(from_dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1174 1175 ASSERT(to_dir_snode); 1176 ASSERT(to_dir_snode->n_magic == SMB_NODE_MAGIC); 1177 ASSERT(to_dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1178 1179 if (SMB_TREE_CONTAINS_NODE(sr, from_dir_snode) == 0) 1180 return (EACCES); 1181 1182 if (SMB_TREE_CONTAINS_NODE(sr, to_dir_snode) == 0) 1183 return (EACCES); 1184 1185 ASSERT(sr); 1186 ASSERT(sr->tid_tree); 1187 if (SMB_TREE_IS_READONLY(sr)) 1188 return (EROFS); 1189 1190 /* 1191 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE 1192 * here. 1193 * 1194 * A case-sensitive rename is always done in this routine 1195 * because we are using the on-disk name from an earlier lookup. 1196 * If a mangled name was passed in by the caller (denoting a 1197 * deterministic lookup), then the exact file must be renamed 1198 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or 1199 * else the underlying file system might return a "first-match" 1200 * on this on-disk name, possibly resulting in the wrong file). 1201 */ 1202 1203 /* 1204 * XXX: Lock required through smb_node_release() below? 1205 */ 1206 1207 rc = smb_vop_lookup(from_dir_snode->vp, from_name, &from_vp, NULL, 0, 1208 NULL, cr); 1209 1210 if (rc != 0) 1211 return (rc); 1212 1213 rc = smb_vop_rename(from_dir_snode->vp, from_name, to_dir_snode->vp, 1214 to_name, flags, cr); 1215 1216 if (rc == 0) { 1217 from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name, 1218 from_dir_snode, NULL, &tmp_attr); 1219 1220 if (from_snode == NULL) { 1221 VN_RELE(from_vp); 1222 return (ENOMEM); 1223 } 1224 1225 (void) smb_node_rename(from_dir_snode, from_snode, to_dir_snode, 1226 to_name); 1227 1228 smb_node_release(from_snode); 1229 } else { 1230 VN_RELE(from_vp); 1231 } 1232 1233 /* XXX: unlock */ 1234 1235 return (rc); 1236 } 1237 1238 /* 1239 * smb_fsop_setattr 1240 * 1241 * All SMB functions should use this wrapper to ensure that 1242 * the the calls are performed with the appropriate credentials. 1243 * Please document any direct call to explain the reason 1244 * for avoiding this wrapper. 1245 * 1246 * It is assumed that a reference exists on snode coming into this routine. 1247 * A null smb_request might be passed to this function. 1248 */ 1249 int 1250 smb_fsop_setattr( 1251 smb_request_t *sr, 1252 cred_t *cr, 1253 smb_node_t *snode, 1254 smb_attr_t *set_attr, 1255 smb_attr_t *ret_attr) 1256 { 1257 smb_node_t *unnamed_node; 1258 vnode_t *unnamed_vp = NULL; 1259 uint32_t status; 1260 uint32_t access; 1261 int rc = 0; 1262 int flags = 0; 1263 uint_t sa_mask; 1264 1265 ASSERT(cr); 1266 ASSERT(snode); 1267 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1268 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1269 1270 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0) 1271 return (EACCES); 1272 1273 if (SMB_TREE_IS_READONLY(sr)) 1274 return (EROFS); 1275 1276 if (sr && (set_attr->sa_mask & SMB_AT_SIZE)) { 1277 if (sr->fid_ofile) { 1278 if (SMB_OFILE_IS_READONLY(sr->fid_ofile)) 1279 return (EACCES); 1280 } else { 1281 if (SMB_PATHFILE_IS_READONLY(sr, snode)) 1282 return (EACCES); 1283 } 1284 } 1285 1286 /* sr could be NULL in some cases */ 1287 if (sr && sr->fid_ofile) { 1288 sa_mask = set_attr->sa_mask; 1289 access = 0; 1290 1291 if (sa_mask & SMB_AT_SIZE) { 1292 access |= FILE_WRITE_DATA; 1293 sa_mask &= ~SMB_AT_SIZE; 1294 } 1295 1296 if (sa_mask & (SMB_AT_UID|SMB_AT_GID)) { 1297 access |= WRITE_OWNER; 1298 sa_mask &= ~(SMB_AT_UID|SMB_AT_GID); 1299 } 1300 1301 if (sa_mask) 1302 access |= FILE_WRITE_ATTRIBUTES; 1303 1304 status = smb_ofile_access(sr->fid_ofile, cr, access); 1305 if (status != NT_STATUS_SUCCESS) 1306 return (EACCES); 1307 1308 if (smb_tree_has_feature(sr->tid_tree, 1309 SMB_TREE_ACEMASKONACCESS)) 1310 flags = ATTR_NOACLCHECK; 1311 } 1312 1313 unnamed_node = SMB_IS_STREAM(snode); 1314 1315 if (unnamed_node) { 1316 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1317 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1318 unnamed_vp = unnamed_node->vp; 1319 } 1320 1321 rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr); 1322 1323 if ((rc == 0) && ret_attr) { 1324 /* 1325 * Use kcred to update the node attr because this 1326 * call is not being made on behalf of the user. 1327 */ 1328 ret_attr->sa_mask = SMB_AT_ALL; 1329 rc = smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, flags, 1330 kcred); 1331 if (rc == 0) 1332 snode->attr = *ret_attr; 1333 } 1334 1335 return (rc); 1336 } 1337 1338 /* 1339 * smb_fsop_read 1340 * 1341 * All SMB functions should use this wrapper to ensure that 1342 * the the calls are performed with the appropriate credentials. 1343 * Please document any direct call to explain the reason 1344 * for avoiding this wrapper. 1345 * 1346 * It is assumed that a reference exists on snode coming into this routine. 1347 */ 1348 int 1349 smb_fsop_read( 1350 struct smb_request *sr, 1351 cred_t *cr, 1352 smb_node_t *snode, 1353 uio_t *uio, 1354 smb_attr_t *ret_attr) 1355 { 1356 smb_node_t *unnamed_node; 1357 vnode_t *unnamed_vp = NULL; 1358 caller_context_t ct; 1359 int svmand; 1360 int rc; 1361 1362 ASSERT(cr); 1363 ASSERT(snode); 1364 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1365 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1366 1367 ASSERT(sr); 1368 ASSERT(sr->fid_ofile); 1369 1370 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA); 1371 if (rc != NT_STATUS_SUCCESS) { 1372 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE); 1373 if (rc != NT_STATUS_SUCCESS) 1374 return (EACCES); 1375 } 1376 1377 unnamed_node = SMB_IS_STREAM(snode); 1378 if (unnamed_node) { 1379 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1380 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1381 unnamed_vp = unnamed_node->vp; 1382 /* 1383 * Streams permission are checked against the unnamed stream, 1384 * but in FS level they have their own permissions. To avoid 1385 * rejection by FS due to lack of permission on the actual 1386 * extended attr kcred is passed for streams. 1387 */ 1388 cr = kcred; 1389 } 1390 1391 smb_node_start_crit(snode, RW_READER); 1392 rc = nbl_svmand(snode->vp, kcred, &svmand); 1393 if (rc) { 1394 smb_node_end_crit(snode); 1395 return (rc); 1396 } 1397 1398 ct = smb_ct; 1399 ct.cc_pid = sr->fid_ofile->f_uniqid; 1400 rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset, 1401 uio->uio_iov->iov_len, svmand, &ct); 1402 1403 if (rc) { 1404 smb_node_end_crit(snode); 1405 return (ERANGE); 1406 } 1407 rc = smb_vop_read(snode->vp, uio, cr); 1408 1409 if (rc == 0 && ret_attr) { 1410 /* 1411 * Use kcred to update the node attr because this 1412 * call is not being made on behalf of the user. 1413 */ 1414 ret_attr->sa_mask = SMB_AT_ALL; 1415 if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1416 kcred) == 0) { 1417 snode->attr = *ret_attr; 1418 } 1419 } 1420 1421 smb_node_end_crit(snode); 1422 1423 return (rc); 1424 } 1425 1426 /* 1427 * smb_fsop_write 1428 * 1429 * This is a wrapper function used for smb_write and smb_write_raw operations. 1430 * 1431 * It is assumed that a reference exists on snode coming into this routine. 1432 */ 1433 int 1434 smb_fsop_write( 1435 smb_request_t *sr, 1436 cred_t *cr, 1437 smb_node_t *snode, 1438 uio_t *uio, 1439 uint32_t *lcount, 1440 smb_attr_t *ret_attr, 1441 int ioflag) 1442 { 1443 smb_node_t *unnamed_node; 1444 vnode_t *unnamed_vp = NULL; 1445 caller_context_t ct; 1446 int svmand; 1447 int rc; 1448 1449 ASSERT(cr); 1450 ASSERT(snode); 1451 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1452 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1453 1454 ASSERT(sr); 1455 ASSERT(sr->tid_tree); 1456 ASSERT(sr->fid_ofile); 1457 1458 if (SMB_TREE_IS_READONLY(sr)) 1459 return (EROFS); 1460 1461 if (SMB_OFILE_IS_READONLY(sr->fid_ofile)) 1462 return (EACCES); 1463 1464 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_WRITE_DATA); 1465 if (rc != NT_STATUS_SUCCESS) { 1466 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_APPEND_DATA); 1467 if (rc != NT_STATUS_SUCCESS) 1468 return (EACCES); 1469 } 1470 1471 unnamed_node = SMB_IS_STREAM(snode); 1472 1473 if (unnamed_node) { 1474 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1475 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1476 unnamed_vp = unnamed_node->vp; 1477 /* 1478 * Streams permission are checked against the unnamed stream, 1479 * but in FS level they have their own permissions. To avoid 1480 * rejection by FS due to lack of permission on the actual 1481 * extended attr kcred is passed for streams. 1482 */ 1483 cr = kcred; 1484 } 1485 1486 smb_node_start_crit(snode, RW_READER); 1487 rc = nbl_svmand(snode->vp, kcred, &svmand); 1488 if (rc) { 1489 smb_node_end_crit(snode); 1490 return (rc); 1491 } 1492 1493 ct = smb_ct; 1494 ct.cc_pid = sr->fid_ofile->f_uniqid; 1495 rc = nbl_lock_conflict(snode->vp, NBL_WRITE, uio->uio_loffset, 1496 uio->uio_iov->iov_len, svmand, &ct); 1497 1498 if (rc) { 1499 smb_node_end_crit(snode); 1500 return (ERANGE); 1501 } 1502 rc = smb_vop_write(snode->vp, uio, ioflag, lcount, cr); 1503 1504 if (rc == 0 && ret_attr) { 1505 /* 1506 * Use kcred to update the node attr because this 1507 * call is not being made on behalf of the user. 1508 */ 1509 ret_attr->sa_mask = SMB_AT_ALL; 1510 if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1511 kcred) == 0) { 1512 snode->attr = *ret_attr; 1513 } 1514 } 1515 1516 smb_node_end_crit(snode); 1517 1518 return (rc); 1519 } 1520 1521 /* 1522 * smb_fsop_statfs 1523 * 1524 * This is a wrapper function used for stat operations. 1525 */ 1526 int 1527 smb_fsop_statfs( 1528 cred_t *cr, 1529 smb_node_t *snode, 1530 struct statvfs64 *statp) 1531 { 1532 ASSERT(cr); 1533 ASSERT(snode); 1534 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1535 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1536 1537 return (smb_vop_statfs(snode->vp, statp, cr)); 1538 } 1539 1540 /* 1541 * smb_fsop_access 1542 * 1543 * Named streams do not have separate permissions from the associated 1544 * unnamed stream. Thus, if node is a named stream, the permissions 1545 * check will be performed on the associated unnamed stream. 1546 * 1547 * However, our named streams do have their own quarantine attribute, 1548 * separate from that on the unnamed stream. If READ or EXECUTE 1549 * access has been requested on a named stream, an additional access 1550 * check is performed on the named stream in case it has been 1551 * quarantined. kcred is used to avoid issues with the permissions 1552 * set on the extended attribute file representing the named stream. 1553 */ 1554 int 1555 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1556 uint32_t faccess) 1557 { 1558 int access = 0; 1559 int error; 1560 vnode_t *dir_vp; 1561 boolean_t acl_check = B_TRUE; 1562 smb_node_t *unnamed_node; 1563 1564 ASSERT(sr); 1565 ASSERT(cr); 1566 ASSERT(snode); 1567 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1568 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1569 1570 if (faccess == 0) 1571 return (NT_STATUS_SUCCESS); 1572 1573 if (SMB_TREE_IS_READONLY(sr)) { 1574 if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA| 1575 FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES| 1576 DELETE|WRITE_DAC|WRITE_OWNER)) { 1577 return (NT_STATUS_ACCESS_DENIED); 1578 } 1579 } 1580 1581 unnamed_node = SMB_IS_STREAM(snode); 1582 if (unnamed_node) { 1583 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1584 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1585 1586 /* 1587 * Perform VREAD access check on the named stream in case it 1588 * is quarantined. kcred is passed to smb_vop_access so it 1589 * doesn't fail due to lack of permission. 1590 */ 1591 if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) { 1592 error = smb_vop_access(snode->vp, VREAD, 1593 0, NULL, kcred); 1594 if (error) 1595 return (NT_STATUS_ACCESS_DENIED); 1596 } 1597 1598 /* 1599 * Streams authorization should be performed against the 1600 * unnamed stream. 1601 */ 1602 snode = unnamed_node; 1603 } 1604 1605 if (faccess & ACCESS_SYSTEM_SECURITY) { 1606 /* 1607 * This permission is required for reading/writing SACL and 1608 * it's not part of DACL. It's only granted via proper 1609 * privileges. 1610 */ 1611 if ((sr->uid_user->u_privileges & 1612 (SMB_USER_PRIV_BACKUP | 1613 SMB_USER_PRIV_RESTORE | 1614 SMB_USER_PRIV_SECURITY)) == 0) 1615 return (NT_STATUS_PRIVILEGE_NOT_HELD); 1616 1617 faccess &= ~ACCESS_SYSTEM_SECURITY; 1618 } 1619 1620 /* Links don't have ACL */ 1621 if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) || 1622 (snode->attr.sa_vattr.va_type == VLNK)) 1623 acl_check = B_FALSE; 1624 1625 if (acl_check) { 1626 dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 1627 error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp, 1628 cr); 1629 } else { 1630 /* 1631 * FS doesn't understand 32-bit mask, need to map 1632 */ 1633 if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA)) 1634 access |= VWRITE; 1635 1636 if (faccess & FILE_READ_DATA) 1637 access |= VREAD; 1638 1639 if (faccess & FILE_EXECUTE) 1640 access |= VEXEC; 1641 1642 error = smb_vop_access(snode->vp, access, 0, NULL, cr); 1643 } 1644 1645 return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS); 1646 } 1647 1648 /* 1649 * smb_fsop_lookup_name() 1650 * 1651 * If name indicates that the file is a stream file, perform 1652 * stream specific lookup, otherwise call smb_fsop_lookup. 1653 * 1654 * Return an error if the looked-up file is in outside the tree. 1655 * (Required when invoked from open path.) 1656 */ 1657 1658 int 1659 smb_fsop_lookup_name( 1660 smb_request_t *sr, 1661 cred_t *cr, 1662 int flags, 1663 smb_node_t *root_node, 1664 smb_node_t *dir_snode, 1665 char *name, 1666 smb_node_t **ret_snode, 1667 smb_attr_t *ret_attr) 1668 { 1669 smb_node_t *fnode; 1670 smb_attr_t file_attr; 1671 vnode_t *xattrdirvp; 1672 vnode_t *vp; 1673 char *od_name; 1674 char *fname; 1675 char *sname; 1676 int rc; 1677 1678 ASSERT(cr); 1679 ASSERT(dir_snode); 1680 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1681 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1682 1683 /* 1684 * The following check is required for streams processing, below 1685 */ 1686 1687 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1688 flags |= SMB_IGNORE_CASE; 1689 1690 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1691 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1692 1693 if (smb_stream_parse_name(name, fname, sname)) { 1694 /* 1695 * Look up the unnamed stream (i.e. fname). 1696 * Unmangle processing will be done on fname 1697 * as well as any link target. 1698 */ 1699 rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, fname, 1700 &fnode, &file_attr, NULL, NULL); 1701 1702 if (rc != 0) { 1703 kmem_free(fname, MAXNAMELEN); 1704 kmem_free(sname, MAXNAMELEN); 1705 return (rc); 1706 } 1707 1708 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1709 1710 /* 1711 * od_name is the on-disk name of the stream, except 1712 * without the prepended stream prefix (SMB_STREAM_PREFIX) 1713 */ 1714 1715 /* 1716 * XXX 1717 * What permissions NTFS requires for stream lookup if any? 1718 */ 1719 rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name, 1720 &xattrdirvp, flags, root_node->vp, cr); 1721 1722 if (rc != 0) { 1723 smb_node_release(fnode); 1724 kmem_free(fname, MAXNAMELEN); 1725 kmem_free(sname, MAXNAMELEN); 1726 kmem_free(od_name, MAXNAMELEN); 1727 return (rc); 1728 } 1729 1730 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1731 vp, od_name, ret_attr); 1732 1733 kmem_free(od_name, MAXNAMELEN); 1734 smb_node_release(fnode); 1735 1736 if (*ret_snode == NULL) { 1737 VN_RELE(xattrdirvp); 1738 VN_RELE(vp); 1739 kmem_free(fname, MAXNAMELEN); 1740 kmem_free(sname, MAXNAMELEN); 1741 return (ENOMEM); 1742 } 1743 } else { 1744 rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, name, 1745 ret_snode, ret_attr, NULL, NULL); 1746 } 1747 1748 if (rc == 0) { 1749 ASSERT(ret_snode); 1750 if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) { 1751 smb_node_release(*ret_snode); 1752 *ret_snode = NULL; 1753 rc = EACCES; 1754 } 1755 } 1756 1757 kmem_free(fname, MAXNAMELEN); 1758 kmem_free(sname, MAXNAMELEN); 1759 1760 return (rc); 1761 } 1762 1763 /* 1764 * smb_fsop_lookup 1765 * 1766 * All SMB functions should use this smb_vop_lookup wrapper to ensure that 1767 * the smb_vop_lookup is performed with the appropriate credentials and using 1768 * case insensitive compares. Please document any direct call to smb_vop_lookup 1769 * to explain the reason for avoiding this wrapper. 1770 * 1771 * It is assumed that a reference exists on dir_snode coming into this routine 1772 * (and that it is safe from deallocation). 1773 * 1774 * Same with the root_node. 1775 * 1776 * *ret_snode is returned with a reference upon success. No reference is 1777 * taken if an error is returned. 1778 * 1779 * Note: The returned ret_snode may be in a child mount. This is ok for 1780 * readdir and getdents. 1781 * 1782 * ret_shortname and ret_name83 must each point to buffers of at least 1783 * SMB_SHORTNAMELEN bytes. 1784 * 1785 * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent 1786 * operations on files not in the parent mount. 1787 */ 1788 int 1789 smb_fsop_lookup( 1790 smb_request_t *sr, 1791 cred_t *cr, 1792 int flags, 1793 smb_node_t *root_node, 1794 smb_node_t *dir_snode, 1795 char *name, 1796 smb_node_t **ret_snode, 1797 smb_attr_t *ret_attr, 1798 char *ret_shortname, 1799 char *ret_name83) 1800 { 1801 smb_node_t *lnk_target_node; 1802 smb_node_t *lnk_dnode; 1803 char *longname; 1804 char *od_name; 1805 vnode_t *vp; 1806 int rc; 1807 1808 ASSERT(cr); 1809 ASSERT(dir_snode); 1810 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1811 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1812 1813 if (name == NULL) 1814 return (EINVAL); 1815 1816 if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0) 1817 return (EACCES); 1818 1819 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1820 flags |= SMB_IGNORE_CASE; 1821 1822 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1823 1824 rc = smb_vop_lookup(dir_snode->vp, name, &vp, od_name, flags, 1825 root_node ? root_node->vp : NULL, cr); 1826 1827 if (rc != 0) { 1828 if (smb_maybe_mangled_name(name) == 0) { 1829 kmem_free(od_name, MAXNAMELEN); 1830 return (rc); 1831 } 1832 1833 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1834 1835 rc = smb_unmangle_name(sr, cr, dir_snode, name, longname, 1836 MAXNAMELEN, ret_shortname, ret_name83, 1); 1837 1838 if (rc != 0) { 1839 kmem_free(od_name, MAXNAMELEN); 1840 kmem_free(longname, MAXNAMELEN); 1841 return (rc); 1842 } 1843 1844 /* 1845 * We passed "1" as the "od" parameter 1846 * to smb_unmangle_name(), such that longname 1847 * is the real (case-sensitive) on-disk name. 1848 * We make sure we do a lookup on this exact 1849 * name, as the name was mangled and denotes 1850 * a unique file. 1851 */ 1852 1853 if (flags & SMB_IGNORE_CASE) 1854 flags &= ~SMB_IGNORE_CASE; 1855 1856 rc = smb_vop_lookup(dir_snode->vp, longname, &vp, od_name, 1857 flags, root_node ? root_node->vp : NULL, cr); 1858 1859 kmem_free(longname, MAXNAMELEN); 1860 1861 if (rc != 0) { 1862 kmem_free(od_name, MAXNAMELEN); 1863 return (rc); 1864 } 1865 } 1866 1867 if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK)) { 1868 1869 rc = smb_pathname(sr, od_name, FOLLOW, root_node, dir_snode, 1870 &lnk_dnode, &lnk_target_node, cr); 1871 1872 if (rc != 0) { 1873 /* 1874 * The link is assumed to be for the last component 1875 * of a path. Hence any ENOTDIR error will be returned 1876 * as ENOENT. 1877 */ 1878 if (rc == ENOTDIR) 1879 rc = ENOENT; 1880 1881 VN_RELE(vp); 1882 kmem_free(od_name, MAXNAMELEN); 1883 return (rc); 1884 } 1885 1886 /* 1887 * Release the original VLNK vnode 1888 */ 1889 1890 VN_RELE(vp); 1891 vp = lnk_target_node->vp; 1892 1893 rc = smb_vop_traverse_check(&vp); 1894 1895 if (rc != 0) { 1896 smb_node_release(lnk_dnode); 1897 smb_node_release(lnk_target_node); 1898 kmem_free(od_name, MAXNAMELEN); 1899 return (rc); 1900 } 1901 1902 /* 1903 * smb_vop_traverse_check() may have returned a different vnode 1904 */ 1905 1906 if (lnk_target_node->vp == vp) { 1907 *ret_snode = lnk_target_node; 1908 *ret_attr = (*ret_snode)->attr; 1909 } else { 1910 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, 1911 lnk_target_node->od_name, lnk_dnode, NULL, 1912 ret_attr); 1913 1914 if (*ret_snode == NULL) { 1915 VN_RELE(vp); 1916 rc = ENOMEM; 1917 } 1918 smb_node_release(lnk_target_node); 1919 } 1920 1921 smb_node_release(lnk_dnode); 1922 1923 } else { 1924 1925 rc = smb_vop_traverse_check(&vp); 1926 if (rc) { 1927 VN_RELE(vp); 1928 kmem_free(od_name, MAXNAMELEN); 1929 return (rc); 1930 } 1931 1932 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name, 1933 dir_snode, NULL, ret_attr); 1934 1935 if (*ret_snode == NULL) { 1936 VN_RELE(vp); 1937 rc = ENOMEM; 1938 } 1939 } 1940 1941 kmem_free(od_name, MAXNAMELEN); 1942 return (rc); 1943 } 1944 1945 /* 1946 * smb_fsop_stream_readdir() 1947 * 1948 * ret_snode and ret_attr are optional parameters (i.e. NULL may be passed in) 1949 * 1950 * This routine will return only NTFS streams. If an NTFS stream is not 1951 * found at the offset specified, the directory will be read until an NTFS 1952 * stream is found or until EOF. 1953 * 1954 * Note: Sanity checks done in caller 1955 * (smb_fsop_readdir(), smb_fsop_remove_streams()) 1956 */ 1957 1958 int 1959 smb_fsop_stream_readdir(smb_request_t *sr, cred_t *cr, smb_node_t *fnode, 1960 uint32_t *cookiep, struct fs_stream_info *stream_info, 1961 smb_node_t **ret_snode, smb_attr_t *ret_attr) 1962 { 1963 smb_node_t *ret_snodep = NULL; 1964 smb_attr_t tmp_attr; 1965 vnode_t *xattrdirvp; 1966 vnode_t *vp; 1967 int rc = 0; 1968 int flags = 0; 1969 1970 /* 1971 * XXX NTFS permission requirements if any? 1972 */ 1973 ASSERT(cr); 1974 ASSERT(fnode); 1975 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 1976 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 1977 1978 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1979 flags = SMB_IGNORE_CASE; 1980 1981 rc = smb_vop_stream_readdir(fnode->vp, cookiep, stream_info, &vp, 1982 &xattrdirvp, flags, cr); 1983 1984 if ((rc != 0) || *cookiep == SMB_EOF) 1985 return (rc); 1986 1987 ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, vp, 1988 stream_info->name, &tmp_attr); 1989 1990 if (ret_snodep == NULL) { 1991 VN_RELE(xattrdirvp); 1992 VN_RELE(vp); 1993 return (ENOMEM); 1994 } 1995 1996 stream_info->size = tmp_attr.sa_vattr.va_size; 1997 1998 if (ret_attr) 1999 *ret_attr = tmp_attr; 2000 2001 if (ret_snode) 2002 *ret_snode = ret_snodep; 2003 else 2004 smb_node_release(ret_snodep); 2005 2006 return (rc); 2007 } 2008 2009 int /*ARGSUSED*/ 2010 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode) 2011 { 2012 ASSERT(cr); 2013 ASSERT(snode); 2014 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2015 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2016 2017 ASSERT(sr); 2018 ASSERT(sr->tid_tree); 2019 if (SMB_TREE_IS_READONLY(sr)) 2020 return (EROFS); 2021 2022 return (smb_vop_commit(snode->vp, cr)); 2023 } 2024 2025 /* 2026 * smb_fsop_aclread 2027 * 2028 * Retrieve filesystem ACL. Depends on requested ACLs in 2029 * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in 2030 * fs_sd. Note that requesting a DACL/SACL doesn't mean that 2031 * the corresponding field in fs_sd should be non-NULL upon 2032 * return, since the target ACL might not contain that type of 2033 * entries. 2034 * 2035 * Returned ACL is always in ACE_T (aka ZFS) format. 2036 * If successful the allocated memory for the ACL should be freed 2037 * using smb_fsacl_free() or smb_fssd_term() 2038 */ 2039 int 2040 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2041 smb_fssd_t *fs_sd) 2042 { 2043 int error = 0; 2044 int flags = 0; 2045 int access = 0; 2046 acl_t *acl; 2047 smb_node_t *unnamed_node; 2048 2049 ASSERT(cr); 2050 2051 if (sr->fid_ofile) { 2052 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2053 access = READ_CONTROL; 2054 2055 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2056 access |= ACCESS_SYSTEM_SECURITY; 2057 2058 error = smb_ofile_access(sr->fid_ofile, cr, access); 2059 if (error != NT_STATUS_SUCCESS) { 2060 return (EACCES); 2061 } 2062 } 2063 2064 unnamed_node = SMB_IS_STREAM(snode); 2065 if (unnamed_node) { 2066 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2067 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2068 /* 2069 * Streams don't have ACL, any read ACL attempt on a stream 2070 * should be performed on the unnamed stream. 2071 */ 2072 snode = unnamed_node; 2073 } 2074 2075 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) 2076 flags = ATTR_NOACLCHECK; 2077 2078 error = smb_vop_acl_read(snode->vp, &acl, flags, 2079 sr->tid_tree->t_acltype, cr); 2080 if (error != 0) { 2081 return (error); 2082 } 2083 2084 error = acl_translate(acl, _ACL_ACE_ENABLED, 2085 (snode->vp->v_type == VDIR), fs_sd->sd_uid, fs_sd->sd_gid); 2086 2087 if (error == 0) { 2088 smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl, 2089 fs_sd->sd_secinfo); 2090 } 2091 2092 acl_free(acl); 2093 return (error); 2094 } 2095 2096 /* 2097 * smb_fsop_aclwrite 2098 * 2099 * Stores the filesystem ACL provided in fs_sd->sd_acl. 2100 */ 2101 int 2102 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2103 smb_fssd_t *fs_sd) 2104 { 2105 int target_flavor; 2106 int error = 0; 2107 int flags = 0; 2108 int access = 0; 2109 acl_t *acl, *dacl, *sacl; 2110 smb_node_t *unnamed_node; 2111 2112 ASSERT(cr); 2113 2114 ASSERT(sr); 2115 ASSERT(sr->tid_tree); 2116 if (SMB_TREE_IS_READONLY(sr)) 2117 return (EROFS); 2118 2119 if (sr->fid_ofile) { 2120 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2121 access = WRITE_DAC; 2122 2123 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2124 access |= ACCESS_SYSTEM_SECURITY; 2125 2126 error = smb_ofile_access(sr->fid_ofile, cr, access); 2127 if (error != NT_STATUS_SUCCESS) 2128 return (EACCES); 2129 } 2130 2131 switch (sr->tid_tree->t_acltype) { 2132 case ACLENT_T: 2133 target_flavor = _ACL_ACLENT_ENABLED; 2134 break; 2135 2136 case ACE_T: 2137 target_flavor = _ACL_ACE_ENABLED; 2138 break; 2139 default: 2140 return (EINVAL); 2141 } 2142 2143 unnamed_node = SMB_IS_STREAM(snode); 2144 if (unnamed_node) { 2145 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2146 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2147 /* 2148 * Streams don't have ACL, any write ACL attempt on a stream 2149 * should be performed on the unnamed stream. 2150 */ 2151 snode = unnamed_node; 2152 } 2153 2154 dacl = fs_sd->sd_zdacl; 2155 sacl = fs_sd->sd_zsacl; 2156 2157 ASSERT(dacl || sacl); 2158 if ((dacl == NULL) && (sacl == NULL)) 2159 return (EINVAL); 2160 2161 if (dacl && sacl) 2162 acl = smb_fsacl_merge(dacl, sacl); 2163 else if (dacl) 2164 acl = dacl; 2165 else 2166 acl = sacl; 2167 2168 error = acl_translate(acl, target_flavor, (snode->vp->v_type == VDIR), 2169 fs_sd->sd_uid, fs_sd->sd_gid); 2170 if (error == 0) { 2171 if (smb_tree_has_feature(sr->tid_tree, 2172 SMB_TREE_ACEMASKONACCESS)) 2173 flags = ATTR_NOACLCHECK; 2174 2175 error = smb_vop_acl_write(snode->vp, acl, flags, cr); 2176 } 2177 2178 if (dacl && sacl) 2179 acl_free(acl); 2180 2181 return (error); 2182 } 2183 2184 acl_type_t 2185 smb_fsop_acltype(smb_node_t *snode) 2186 { 2187 return (smb_vop_acl_type(snode->vp)); 2188 } 2189 2190 /* 2191 * smb_fsop_sdread 2192 * 2193 * Read the requested security descriptor items from filesystem. 2194 * The items are specified in fs_sd->sd_secinfo. 2195 */ 2196 int 2197 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2198 smb_fssd_t *fs_sd) 2199 { 2200 int error = 0; 2201 int getowner = 0; 2202 cred_t *ga_cred; 2203 smb_attr_t attr; 2204 2205 ASSERT(cr); 2206 ASSERT(fs_sd); 2207 2208 /* 2209 * File's uid/gid is fetched in two cases: 2210 * 2211 * 1. it's explicitly requested 2212 * 2213 * 2. target ACL is ACE_T (ZFS ACL). They're needed for 2214 * owner@/group@ entries. In this case kcred should be used 2215 * because uid/gid are fetched on behalf of smb server. 2216 */ 2217 if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) { 2218 getowner = 1; 2219 ga_cred = cr; 2220 } else if (sr->tid_tree->t_acltype == ACE_T) { 2221 getowner = 1; 2222 ga_cred = kcred; 2223 } 2224 2225 if (getowner) { 2226 /* 2227 * Windows require READ_CONTROL to read owner/group SID since 2228 * they're part of Security Descriptor. 2229 * ZFS only requires read_attribute. Need to have a explicit 2230 * access check here. 2231 */ 2232 if (sr->fid_ofile == NULL) { 2233 error = smb_fsop_access(sr, ga_cred, snode, 2234 READ_CONTROL); 2235 if (error) 2236 return (error); 2237 } 2238 2239 attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2240 error = smb_fsop_getattr(sr, ga_cred, snode, &attr); 2241 if (error == 0) { 2242 fs_sd->sd_uid = attr.sa_vattr.va_uid; 2243 fs_sd->sd_gid = attr.sa_vattr.va_gid; 2244 } else { 2245 return (error); 2246 } 2247 } 2248 2249 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2250 error = smb_fsop_aclread(sr, cr, snode, fs_sd); 2251 } 2252 2253 return (error); 2254 } 2255 2256 /* 2257 * smb_fsop_sdmerge 2258 * 2259 * From SMB point of view DACL and SACL are two separate list 2260 * which can be manipulated independently without one affecting 2261 * the other, but entries for both DACL and SACL will end up 2262 * in the same ACL if target filesystem supports ACE_T ACLs. 2263 * 2264 * So, if either DACL or SACL is present in the client set request 2265 * the entries corresponding to the non-present ACL shouldn't 2266 * be touched in the FS ACL. 2267 * 2268 * fs_sd parameter contains DACL and SACL specified by SMB 2269 * client to be set on a file/directory. The client could 2270 * specify both or one of these ACLs (if none is specified 2271 * we don't get this far). When both DACL and SACL are given 2272 * by client the existing ACL should be overwritten. If only 2273 * one of them is specified the entries corresponding to the other 2274 * ACL should not be touched. For example, if only DACL 2275 * is specified in input fs_sd, the function reads audit entries 2276 * of the existing ACL of the file and point fs_sd->sd_zsdacl 2277 * pointer to the fetched SACL, this way when smb_fsop_sdwrite() 2278 * function is called the passed fs_sd would point to the specified 2279 * DACL by client and fetched SACL from filesystem, so the file 2280 * will end up with correct ACL. 2281 */ 2282 static int 2283 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd) 2284 { 2285 smb_fssd_t cur_sd; 2286 int error = 0; 2287 2288 if (sr->tid_tree->t_acltype != ACE_T) 2289 /* Don't bother if target FS doesn't support ACE_T */ 2290 return (0); 2291 2292 if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) { 2293 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 2294 /* 2295 * Don't overwrite existing audit entries 2296 */ 2297 smb_fssd_init(&cur_sd, SMB_SACL_SECINFO, 2298 fs_sd->sd_flags); 2299 2300 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2301 if (error == 0) { 2302 ASSERT(fs_sd->sd_zsacl == NULL); 2303 fs_sd->sd_zsacl = cur_sd.sd_zsacl; 2304 if (fs_sd->sd_zsacl && fs_sd->sd_zdacl) 2305 fs_sd->sd_zsacl->acl_flags = 2306 fs_sd->sd_zdacl->acl_flags; 2307 } 2308 } else { 2309 /* 2310 * Don't overwrite existing access entries 2311 */ 2312 smb_fssd_init(&cur_sd, SMB_DACL_SECINFO, 2313 fs_sd->sd_flags); 2314 2315 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2316 if (error == 0) { 2317 ASSERT(fs_sd->sd_zdacl == NULL); 2318 fs_sd->sd_zdacl = cur_sd.sd_zdacl; 2319 if (fs_sd->sd_zdacl && fs_sd->sd_zsacl) 2320 fs_sd->sd_zdacl->acl_flags = 2321 fs_sd->sd_zsacl->acl_flags; 2322 } 2323 } 2324 2325 if (error) 2326 smb_fssd_term(&cur_sd); 2327 } 2328 2329 return (error); 2330 } 2331 2332 /* 2333 * smb_fsop_sdwrite 2334 * 2335 * Stores the given uid, gid and acl in filesystem. 2336 * Provided items in fs_sd are specified by fs_sd->sd_secinfo. 2337 * 2338 * A SMB security descriptor could contain owner, primary group, 2339 * DACL and SACL. Setting an SD should be atomic but here it has to 2340 * be done via two separate FS operations: VOP_SETATTR and 2341 * VOP_SETSECATTR. Therefore, this function has to simulate the 2342 * atomicity as well as it can. 2343 * 2344 * Get the current uid, gid before setting the new uid/gid 2345 * so if smb_fsop_aclwrite fails they can be restored. root cred is 2346 * used to get currend uid/gid since this operation is performed on 2347 * behalf of the server not the user. 2348 * 2349 * If setting uid/gid fails with EPERM it means that and invalid 2350 * owner has been specified. Callers should translate this to 2351 * STATUS_INVALID_OWNER which is not the normal mapping for EPERM 2352 * in upper layers, so EPERM is mapped to EBADE. 2353 */ 2354 int 2355 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2356 smb_fssd_t *fs_sd, int overwrite) 2357 { 2358 int error = 0; 2359 int access = 0; 2360 smb_attr_t set_attr; 2361 smb_attr_t orig_attr; 2362 2363 ASSERT(cr); 2364 ASSERT(fs_sd); 2365 2366 ASSERT(sr); 2367 ASSERT(sr->tid_tree); 2368 if (SMB_TREE_IS_READONLY(sr)) 2369 return (EROFS); 2370 2371 bzero(&set_attr, sizeof (smb_attr_t)); 2372 2373 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 2374 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 2375 set_attr.sa_mask |= SMB_AT_UID; 2376 access |= WRITE_OWNER; 2377 } 2378 2379 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 2380 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 2381 set_attr.sa_mask |= SMB_AT_GID; 2382 access |= WRITE_OWNER; 2383 } 2384 2385 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2386 access |= WRITE_DAC; 2387 2388 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2389 access |= ACCESS_SYSTEM_SECURITY; 2390 2391 if (sr->fid_ofile) 2392 error = smb_ofile_access(sr->fid_ofile, cr, access); 2393 else 2394 error = smb_fsop_access(sr, cr, snode, access); 2395 2396 if (error) 2397 return (EACCES); 2398 2399 if (set_attr.sa_mask) { 2400 orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2401 error = smb_fsop_getattr(sr, kcred, snode, &orig_attr); 2402 if (error == 0) { 2403 error = smb_fsop_setattr(sr, cr, snode, &set_attr, 2404 NULL); 2405 if (error == EPERM) 2406 error = EBADE; 2407 } 2408 2409 if (error) 2410 return (error); 2411 } 2412 2413 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2414 if (overwrite == 0) { 2415 error = smb_fsop_sdmerge(sr, snode, fs_sd); 2416 if (error) 2417 return (error); 2418 } 2419 2420 error = smb_fsop_aclwrite(sr, cr, snode, fs_sd); 2421 if (error) { 2422 /* 2423 * Revert uid/gid changes if required. 2424 */ 2425 if (set_attr.sa_mask) { 2426 orig_attr.sa_mask = set_attr.sa_mask; 2427 (void) smb_fsop_setattr(sr, kcred, snode, 2428 &orig_attr, NULL); 2429 } 2430 } 2431 } 2432 2433 return (error); 2434 } 2435 2436 /* 2437 * smb_fsop_sdinherit 2438 * 2439 * Inherit the security descriptor from the parent container. 2440 * This function is called after FS has created the file/folder 2441 * so if this doesn't do anything it means FS inheritance is 2442 * in place. 2443 * 2444 * Do inheritance for ZFS internally. 2445 * 2446 * If we want to let ZFS does the inheritance the 2447 * following setting should be true: 2448 * 2449 * - aclinherit = passthrough 2450 * - aclmode = passthrough 2451 * - smbd umask = 0777 2452 * 2453 * This will result in right effective permissions but 2454 * ZFS will always add 6 ACEs for owner, owning group 2455 * and others to be POSIX compliant. This is not what 2456 * Windows clients/users expect, so we decided that CIFS 2457 * implements Windows rules and overwrite whatever ZFS 2458 * comes up with. This way we also don't have to care 2459 * about ZFS aclinherit and aclmode settings. 2460 */ 2461 static int 2462 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd) 2463 { 2464 int is_dir; 2465 acl_t *dacl = NULL; 2466 acl_t *sacl = NULL; 2467 ksid_t *owner_sid; 2468 int error; 2469 2470 ASSERT(fs_sd); 2471 2472 if (sr->tid_tree->t_acltype != ACE_T) { 2473 /* 2474 * No forced inheritance for non-ZFS filesystems. 2475 */ 2476 fs_sd->sd_secinfo = 0; 2477 return (0); 2478 } 2479 2480 2481 /* Fetch parent directory's ACL */ 2482 error = smb_fsop_sdread(sr, kcred, dnode, fs_sd); 2483 if (error) { 2484 return (error); 2485 } 2486 2487 is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR); 2488 owner_sid = crgetsid(sr->user_cr, KSID_OWNER); 2489 ASSERT(owner_sid); 2490 dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO, 2491 owner_sid->ks_id); 2492 sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO, 2493 (uid_t)-1); 2494 2495 if (sacl == NULL) 2496 fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO; 2497 2498 smb_fsacl_free(fs_sd->sd_zdacl); 2499 smb_fsacl_free(fs_sd->sd_zsacl); 2500 2501 fs_sd->sd_zdacl = dacl; 2502 fs_sd->sd_zsacl = sacl; 2503 2504 return (0); 2505 } 2506 2507 /* 2508 * smb_fsop_eaccess 2509 * 2510 * Returns the effective permission of the given credential for the 2511 * specified object. 2512 * 2513 * This is just a workaround. We need VFS/FS support for this. 2514 */ 2515 void 2516 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2517 uint32_t *eaccess) 2518 { 2519 int access = 0; 2520 vnode_t *dir_vp; 2521 smb_node_t *unnamed_node; 2522 2523 ASSERT(cr); 2524 ASSERT(snode); 2525 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2526 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2527 2528 unnamed_node = SMB_IS_STREAM(snode); 2529 if (unnamed_node) { 2530 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2531 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2532 /* 2533 * Streams authorization should be performed against the 2534 * unnamed stream. 2535 */ 2536 snode = unnamed_node; 2537 } 2538 2539 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) { 2540 dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 2541 smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp, 2542 cr); 2543 return; 2544 } 2545 2546 /* 2547 * FS doesn't understand 32-bit mask 2548 */ 2549 smb_vop_eaccess(snode->vp, &access, 0, NULL, cr); 2550 2551 *eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES; 2552 2553 if (access & VREAD) 2554 *eaccess |= FILE_READ_DATA; 2555 2556 if (access & VEXEC) 2557 *eaccess |= FILE_EXECUTE; 2558 2559 if (access & VWRITE) 2560 *eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | 2561 FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD; 2562 } 2563 2564 /* 2565 * smb_fsop_shrlock 2566 * 2567 * For the current open request, check file sharing rules 2568 * against existing opens. 2569 * 2570 * Returns NT_STATUS_SHARING_VIOLATION if there is any 2571 * sharing conflict. Returns NT_STATUS_SUCCESS otherwise. 2572 * 2573 * Full system-wide share reservation synchronization is available 2574 * when the nbmand (non-blocking mandatory) mount option is set 2575 * (i.e. nbl_need_crit() is true) and nbmand critical regions are used. 2576 * This provides synchronization with NFS and local processes. The 2577 * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called 2578 * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well 2579 * as the CIFS rename and delete paths. 2580 * 2581 * The CIFS server will also enter the nbl critical region in the open, 2582 * rename, and delete paths when nbmand is not set. There is limited 2583 * coordination with local and VFS share reservations in this case. 2584 * Note that when the nbmand mount option is not set, the VFS layer 2585 * only processes advisory reservations and the delete mode is not checked. 2586 * 2587 * Whether or not the nbmand mount option is set, intra-CIFS share 2588 * checking is done in the open, delete, and rename paths using a CIFS 2589 * critical region (node->n_share_lock). 2590 */ 2591 2592 uint32_t 2593 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid, 2594 uint32_t desired_access, uint32_t share_access) 2595 { 2596 int rc; 2597 2598 if (node->attr.sa_vattr.va_type == VDIR) 2599 return (NT_STATUS_SUCCESS); 2600 2601 /* Allow access if the request is just for meta data */ 2602 if ((desired_access & FILE_DATA_ALL) == 0) 2603 return (NT_STATUS_SUCCESS); 2604 2605 rc = smb_node_open_check(node, cr, desired_access, share_access); 2606 if (rc) 2607 return (NT_STATUS_SHARING_VIOLATION); 2608 2609 rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access, 2610 cr); 2611 if (rc) 2612 return (NT_STATUS_SHARING_VIOLATION); 2613 2614 return (NT_STATUS_SUCCESS); 2615 } 2616 2617 void 2618 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid) 2619 { 2620 if (node->attr.sa_vattr.va_type == VDIR) 2621 return; 2622 2623 (void) smb_vop_unshrlock(node->vp, uniq_fid, cr); 2624 } 2625 2626 int 2627 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock, 2628 cred_t *cr) 2629 { 2630 flock64_t bf; 2631 int flag = F_REMOTELOCK; 2632 2633 /* 2634 * VOP_FRLOCK() will not be called if: 2635 * 2636 * 1) The lock has a range of zero bytes. The semantics of Windows and 2637 * POSIX are different. In the case of POSIX it asks for the locking 2638 * of all the bytes from the offset provided until the end of the 2639 * file. In the case of Windows a range of zero locks nothing and 2640 * doesn't conflict with any other lock. 2641 * 2642 * 2) The lock rolls over (start + lenght < start). Solaris will assert 2643 * if such a request is submitted. This will not create 2644 * incompatibilities between POSIX and Windows. In the Windows world, 2645 * if a client submits such a lock, the server will not lock any 2646 * bytes. Interestingly if the same lock (same offset and length) is 2647 * resubmitted Windows will consider that there is an overlap and 2648 * the granting rules will then apply. 2649 */ 2650 if ((lock->l_length == 0) || 2651 ((lock->l_start + lock->l_length - 1) < lock->l_start)) 2652 return (0); 2653 2654 bzero(&bf, sizeof (bf)); 2655 2656 if (unlock) { 2657 bf.l_type = F_UNLCK; 2658 } else if (lock->l_type == SMB_LOCK_TYPE_READONLY) { 2659 bf.l_type = F_RDLCK; 2660 flag |= FREAD; 2661 } else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) { 2662 bf.l_type = F_WRLCK; 2663 flag |= FWRITE; 2664 } 2665 2666 bf.l_start = lock->l_start; 2667 bf.l_len = lock->l_length; 2668 bf.l_pid = lock->l_file->f_uniqid; 2669 bf.l_sysid = smb_ct.cc_sysid; 2670 2671 return (smb_vop_frlock(node->vp, cr, flag, &bf)); 2672 } 2673