1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/sid.h> 27 #include <sys/nbmlock.h> 28 #include <smbsrv/smb_fsops.h> 29 #include <smbsrv/smb_kproto.h> 30 #include <acl/acl_common.h> 31 #include <sys/fcntl.h> 32 #include <sys/flock.h> 33 #include <fs/fs_subr.h> 34 35 extern caller_context_t smb_ct; 36 37 extern int smb_fem_oplock_install(smb_node_t *); 38 extern void smb_fem_oplock_uninstall(smb_node_t *); 39 40 extern int smb_vop_other_opens(vnode_t *, int); 41 42 static int smb_fsop_create_stream(smb_request_t *, cred_t *, smb_node_t *, 43 char *, char *, int, smb_attr_t *, smb_node_t **); 44 45 static int smb_fsop_create_file(smb_request_t *, cred_t *, smb_node_t *, 46 char *, int, smb_attr_t *, smb_node_t **); 47 48 static int smb_fsop_create_with_sd(smb_request_t *, cred_t *, smb_node_t *, 49 char *, smb_attr_t *, smb_node_t **, smb_fssd_t *); 50 51 static int smb_fsop_sdinherit(smb_request_t *, smb_node_t *, smb_fssd_t *); 52 53 /* 54 * The smb_fsop_* functions have knowledge of CIFS semantics. 55 * 56 * The smb_vop_* functions have minimal knowledge of CIFS semantics and 57 * serve as an interface to the VFS layer. 58 * 59 * Hence, smb_request_t and smb_node_t structures should not be passed 60 * from the smb_fsop_* layer to the smb_vop_* layer. 61 * 62 * In general, CIFS service code should only ever call smb_fsop_* 63 * functions directly, and never smb_vop_* functions directly. 64 * 65 * smb_fsop_* functions should call smb_vop_* functions where possible, instead 66 * of their smb_fsop_* counterparts. However, there are times when 67 * this cannot be avoided. 68 */ 69 70 /* 71 * Note: Stream names cannot be mangled. 72 */ 73 74 /* 75 * smb_fsop_amask_to_omode 76 * 77 * Convert the access mask to the open mode (for use 78 * with the VOP_OPEN call). 79 * 80 * Note that opening a file for attribute only access 81 * will also translate into an FREAD or FWRITE open mode 82 * (i.e., it's not just for data). 83 * 84 * This is needed so that opens are tracked appropriately 85 * for oplock processing. 86 */ 87 88 int 89 smb_fsop_amask_to_omode(uint32_t access) 90 { 91 int mode = 0; 92 93 if (access & (FILE_READ_DATA | FILE_EXECUTE | 94 FILE_READ_ATTRIBUTES | FILE_READ_EA)) 95 mode |= FREAD; 96 97 if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA | 98 FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)) 99 mode |= FWRITE; 100 101 if (access & FILE_APPEND_DATA) 102 mode |= FAPPEND; 103 104 return (mode); 105 } 106 107 int 108 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred) 109 { 110 /* 111 * Assuming that the same vnode is returned as we had before. 112 * (I.e., with certain types of files or file systems, a 113 * different vnode might be returned by VOP_OPEN) 114 */ 115 return (smb_vop_open(&node->vp, mode, cred)); 116 } 117 118 void 119 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred) 120 { 121 smb_vop_close(node->vp, mode, cred); 122 } 123 124 int 125 smb_fsop_oplock_install(smb_node_t *node, int mode) 126 { 127 int rc; 128 129 if (smb_vop_other_opens(node->vp, mode)) 130 return (EMFILE); 131 132 if ((rc = smb_fem_oplock_install(node))) 133 return (rc); 134 135 if (smb_vop_other_opens(node->vp, mode)) { 136 (void) smb_fem_oplock_uninstall(node); 137 return (EMFILE); 138 } 139 140 return (0); 141 } 142 143 void 144 smb_fsop_oplock_uninstall(smb_node_t *node) 145 { 146 smb_fem_oplock_uninstall(node); 147 } 148 149 static int 150 smb_fsop_create_with_sd(smb_request_t *sr, cred_t *cr, 151 smb_node_t *dnode, char *name, 152 smb_attr_t *attr, smb_node_t **ret_snode, smb_fssd_t *fs_sd) 153 { 154 vsecattr_t *vsap; 155 vsecattr_t vsecattr; 156 acl_t *acl, *dacl, *sacl; 157 smb_attr_t set_attr; 158 vnode_t *vp; 159 int aclbsize = 0; /* size of acl list in bytes */ 160 int flags = 0; 161 int rc; 162 boolean_t is_dir; 163 164 ASSERT(fs_sd); 165 166 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 167 flags = SMB_IGNORE_CASE; 168 if (SMB_TREE_SUPPORTS_CATIA(sr)) 169 flags |= SMB_CATIA; 170 171 ASSERT(cr); 172 173 is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0); 174 175 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) { 176 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 177 dacl = fs_sd->sd_zdacl; 178 sacl = fs_sd->sd_zsacl; 179 ASSERT(dacl || sacl); 180 if (dacl && sacl) { 181 acl = smb_fsacl_merge(dacl, sacl); 182 } else if (dacl) { 183 acl = dacl; 184 } else { 185 acl = sacl; 186 } 187 188 rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize); 189 190 if (dacl && sacl) 191 acl_free(acl); 192 193 if (rc != 0) 194 return (rc); 195 196 vsap = &vsecattr; 197 } else { 198 vsap = NULL; 199 } 200 201 /* The tree ACEs may prevent a create */ 202 rc = EACCES; 203 if (is_dir) { 204 if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_SUBDIRECTORY) != 0) 205 rc = smb_vop_mkdir(dnode->vp, name, attr, 206 &vp, flags, cr, vsap); 207 } else { 208 if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_FILE) != 0) 209 rc = smb_vop_create(dnode->vp, name, attr, 210 &vp, flags, cr, vsap); 211 } 212 213 if (vsap != NULL) 214 kmem_free(vsap->vsa_aclentp, aclbsize); 215 216 if (rc != 0) 217 return (rc); 218 219 set_attr.sa_mask = 0; 220 221 /* 222 * Ideally we should be able to specify the owner and owning 223 * group at create time along with the ACL. Since we cannot 224 * do that right now, kcred is passed to smb_vop_setattr so it 225 * doesn't fail due to lack of permission. 226 */ 227 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 228 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 229 set_attr.sa_mask |= SMB_AT_UID; 230 } 231 232 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 233 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 234 set_attr.sa_mask |= SMB_AT_GID; 235 } 236 237 if (set_attr.sa_mask) 238 rc = smb_vop_setattr(vp, NULL, &set_attr, 0, kcred); 239 240 if (rc == 0) { 241 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, 242 name, dnode, NULL); 243 244 if (*ret_snode == NULL) 245 rc = ENOMEM; 246 247 VN_RELE(vp); 248 } 249 } else { 250 /* 251 * For filesystems that don't support ACL-on-create, try 252 * to set the specified SD after create, which could actually 253 * fail because of conflicts between inherited security 254 * attributes upon creation and the specified SD. 255 * 256 * Passing kcred to smb_fsop_sdwrite() to overcome this issue. 257 */ 258 259 if (is_dir) { 260 rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, 261 flags, cr, NULL); 262 } else { 263 rc = smb_vop_create(dnode->vp, name, attr, &vp, 264 flags, cr, NULL); 265 } 266 267 if (rc != 0) 268 return (rc); 269 270 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, 271 name, dnode, NULL); 272 273 if (*ret_snode != NULL) { 274 if (!smb_tree_has_feature(sr->tid_tree, 275 SMB_TREE_NFS_MOUNTED)) 276 rc = smb_fsop_sdwrite(sr, kcred, *ret_snode, 277 fs_sd, 1); 278 } else { 279 rc = ENOMEM; 280 } 281 282 VN_RELE(vp); 283 } 284 285 if (rc != 0) { 286 if (is_dir) 287 (void) smb_vop_rmdir(dnode->vp, name, flags, cr); 288 else 289 (void) smb_vop_remove(dnode->vp, name, flags, cr); 290 } 291 292 return (rc); 293 } 294 295 /* 296 * smb_fsop_create 297 * 298 * All SMB functions should use this wrapper to ensure that 299 * all the smb_vop_creates are performed with the appropriate credentials. 300 * Please document any direct calls to explain the reason for avoiding 301 * this wrapper. 302 * 303 * *ret_snode is returned with a reference upon success. No reference is 304 * taken if an error is returned. 305 */ 306 int 307 smb_fsop_create(smb_request_t *sr, cred_t *cr, smb_node_t *dnode, 308 char *name, smb_attr_t *attr, smb_node_t **ret_snode) 309 { 310 int rc = 0; 311 int flags = 0; 312 char *fname, *sname; 313 char *longname = NULL; 314 315 ASSERT(cr); 316 ASSERT(dnode); 317 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 318 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 319 320 ASSERT(ret_snode); 321 *ret_snode = 0; 322 323 ASSERT(name); 324 if (*name == 0) 325 return (EINVAL); 326 327 ASSERT(sr); 328 ASSERT(sr->tid_tree); 329 330 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 331 return (EACCES); 332 333 if (SMB_TREE_IS_READONLY(sr)) 334 return (EROFS); 335 336 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 337 flags = SMB_IGNORE_CASE; 338 if (SMB_TREE_SUPPORTS_CATIA(sr)) 339 flags |= SMB_CATIA; 340 if (SMB_TREE_SUPPORTS_ABE(sr)) 341 flags |= SMB_ABE; 342 343 if (smb_is_stream_name(name)) { 344 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 345 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 346 smb_stream_parse_name(name, fname, sname); 347 348 rc = smb_fsop_create_stream(sr, cr, dnode, 349 fname, sname, flags, attr, ret_snode); 350 351 kmem_free(fname, MAXNAMELEN); 352 kmem_free(sname, MAXNAMELEN); 353 return (rc); 354 } 355 356 /* Not a named stream */ 357 358 if (smb_maybe_mangled_name(name)) { 359 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 360 rc = smb_unmangle_name(dnode, name, longname, 361 MAXNAMELEN, flags); 362 kmem_free(longname, MAXNAMELEN); 363 364 if (rc == 0) 365 rc = EEXIST; 366 if (rc != ENOENT) 367 return (rc); 368 } 369 370 rc = smb_fsop_create_file(sr, cr, dnode, name, flags, 371 attr, ret_snode); 372 return (rc); 373 374 } 375 376 377 /* 378 * smb_fsop_create_stream 379 * 380 * Create NTFS named stream file (sname) on unnamed stream 381 * file (fname), creating the unnamed stream file if it 382 * doesn't exist. 383 * If we created the unnamed stream file and then creation 384 * of the named stream file fails, we delete the unnamed stream. 385 * Since we use the real file name for the smb_vop_remove we 386 * clear the SMB_IGNORE_CASE flag to ensure a case sensitive 387 * match. 388 * 389 * The second parameter of smb_vop_setattr() is set to 390 * NULL, even though an unnamed stream exists. This is 391 * because we want to set the UID and GID on the named 392 * stream in this case for consistency with the (unnamed 393 * stream) file (see comments for smb_vop_setattr()). 394 */ 395 static int 396 smb_fsop_create_stream(smb_request_t *sr, cred_t *cr, 397 smb_node_t *dnode, char *fname, char *sname, int flags, 398 smb_attr_t *attr, smb_node_t **ret_snode) 399 { 400 smb_node_t *fnode; 401 smb_attr_t fattr; 402 vnode_t *xattrdvp; 403 vnode_t *vp; 404 int rc = 0; 405 boolean_t fcreate = B_FALSE; 406 407 /* Look up / create the unnamed stream, fname */ 408 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 409 sr->tid_tree->t_snode, dnode, fname, &fnode); 410 if (rc == ENOENT) { 411 fcreate = B_TRUE; 412 rc = smb_fsop_create_file(sr, cr, dnode, fname, flags, 413 attr, &fnode); 414 } 415 if (rc != 0) 416 return (rc); 417 418 fattr.sa_mask = SMB_AT_UID | SMB_AT_GID; 419 rc = smb_vop_getattr(fnode->vp, NULL, &fattr, 0, kcred); 420 421 if (rc == 0) { 422 /* create the named stream, sname */ 423 rc = smb_vop_stream_create(fnode->vp, sname, attr, 424 &vp, &xattrdvp, flags, cr); 425 } 426 if (rc != 0) { 427 if (fcreate) { 428 flags &= ~SMB_IGNORE_CASE; 429 (void) smb_vop_remove(dnode->vp, 430 fnode->od_name, flags, cr); 431 } 432 smb_node_release(fnode); 433 return (rc); 434 } 435 436 attr->sa_vattr.va_uid = fattr.sa_vattr.va_uid; 437 attr->sa_vattr.va_gid = fattr.sa_vattr.va_gid; 438 attr->sa_mask = SMB_AT_UID | SMB_AT_GID; 439 440 rc = smb_vop_setattr(vp, NULL, attr, 0, kcred); 441 if (rc != 0) { 442 smb_node_release(fnode); 443 return (rc); 444 } 445 446 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdvp, 447 vp, sname); 448 449 smb_node_release(fnode); 450 VN_RELE(xattrdvp); 451 VN_RELE(vp); 452 453 if (*ret_snode == NULL) 454 rc = ENOMEM; 455 456 /* notify change to the unnamed stream */ 457 if (rc == 0) 458 smb_node_notify_change(dnode); 459 460 return (rc); 461 } 462 463 /* 464 * smb_fsop_create_file 465 */ 466 static int 467 smb_fsop_create_file(smb_request_t *sr, cred_t *cr, 468 smb_node_t *dnode, char *name, int flags, 469 smb_attr_t *attr, smb_node_t **ret_snode) 470 { 471 open_param_t *op = &sr->arg.open; 472 vnode_t *vp; 473 smb_fssd_t fs_sd; 474 uint32_t secinfo; 475 uint32_t status; 476 int rc = 0; 477 478 if (op->sd) { 479 /* 480 * SD sent by client in Windows format. Needs to be 481 * converted to FS format. No inheritance. 482 */ 483 secinfo = smb_sd_get_secinfo(op->sd); 484 smb_fssd_init(&fs_sd, secinfo, 0); 485 486 status = smb_sd_tofs(op->sd, &fs_sd); 487 if (status == NT_STATUS_SUCCESS) { 488 rc = smb_fsop_create_with_sd(sr, cr, dnode, 489 name, attr, ret_snode, &fs_sd); 490 } else { 491 rc = EINVAL; 492 } 493 smb_fssd_term(&fs_sd); 494 } else if (sr->tid_tree->t_acltype == ACE_T) { 495 /* 496 * No incoming SD and filesystem is ZFS 497 * Server applies Windows inheritance rules, 498 * see smb_fsop_sdinherit() comments as to why. 499 */ 500 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0); 501 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd); 502 if (rc == 0) { 503 rc = smb_fsop_create_with_sd(sr, cr, dnode, 504 name, attr, ret_snode, &fs_sd); 505 } 506 507 smb_fssd_term(&fs_sd); 508 } else { 509 /* 510 * No incoming SD and filesystem is not ZFS 511 * let the filesystem handles the inheritance. 512 */ 513 rc = smb_vop_create(dnode->vp, name, attr, &vp, 514 flags, cr, NULL); 515 516 if (rc == 0) { 517 *ret_snode = smb_node_lookup(sr, op, cr, vp, 518 name, dnode, NULL); 519 520 if (*ret_snode == NULL) 521 rc = ENOMEM; 522 523 VN_RELE(vp); 524 } 525 526 } 527 528 if (rc == 0) 529 smb_node_notify_parents(dnode); 530 531 return (rc); 532 } 533 534 /* 535 * smb_fsop_mkdir 536 * 537 * All SMB functions should use this wrapper to ensure that 538 * the the calls are performed with the appropriate credentials. 539 * Please document any direct call to explain the reason 540 * for avoiding this wrapper. 541 * 542 * It is assumed that a reference exists on snode coming into this routine. 543 * 544 * *ret_snode is returned with a reference upon success. No reference is 545 * taken if an error is returned. 546 */ 547 int 548 smb_fsop_mkdir( 549 smb_request_t *sr, 550 cred_t *cr, 551 smb_node_t *dnode, 552 char *name, 553 smb_attr_t *attr, 554 smb_node_t **ret_snode) 555 { 556 struct open_param *op = &sr->arg.open; 557 char *longname; 558 vnode_t *vp; 559 int flags = 0; 560 smb_fssd_t fs_sd; 561 uint32_t secinfo; 562 uint32_t status; 563 int rc; 564 ASSERT(cr); 565 ASSERT(dnode); 566 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 567 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 568 569 ASSERT(ret_snode); 570 *ret_snode = 0; 571 572 ASSERT(name); 573 if (*name == 0) 574 return (EINVAL); 575 576 ASSERT(sr); 577 ASSERT(sr->tid_tree); 578 579 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 580 return (EACCES); 581 582 if (SMB_TREE_IS_READONLY(sr)) 583 return (EROFS); 584 if (SMB_TREE_SUPPORTS_CATIA(sr)) 585 flags |= SMB_CATIA; 586 if (SMB_TREE_SUPPORTS_ABE(sr)) 587 flags |= SMB_ABE; 588 589 if (smb_maybe_mangled_name(name)) { 590 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 591 rc = smb_unmangle_name(dnode, name, longname, 592 MAXNAMELEN, flags); 593 kmem_free(longname, MAXNAMELEN); 594 595 /* 596 * If the name passed in by the client has an unmangled 597 * equivalent that is found in the specified directory, 598 * then the mkdir cannot succeed. Return EEXIST. 599 * 600 * Only if ENOENT is returned will a mkdir be attempted. 601 */ 602 603 if (rc == 0) 604 rc = EEXIST; 605 606 if (rc != ENOENT) 607 return (rc); 608 } 609 610 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 611 flags = SMB_IGNORE_CASE; 612 613 if (op->sd) { 614 /* 615 * SD sent by client in Windows format. Needs to be 616 * converted to FS format. No inheritance. 617 */ 618 secinfo = smb_sd_get_secinfo(op->sd); 619 smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR); 620 621 status = smb_sd_tofs(op->sd, &fs_sd); 622 if (status == NT_STATUS_SUCCESS) { 623 rc = smb_fsop_create_with_sd(sr, cr, dnode, 624 name, attr, ret_snode, &fs_sd); 625 } 626 else 627 rc = EINVAL; 628 smb_fssd_term(&fs_sd); 629 } else if (sr->tid_tree->t_acltype == ACE_T) { 630 /* 631 * No incoming SD and filesystem is ZFS 632 * Server applies Windows inheritance rules, 633 * see smb_fsop_sdinherit() comments as to why. 634 */ 635 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR); 636 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd); 637 if (rc == 0) { 638 rc = smb_fsop_create_with_sd(sr, cr, dnode, 639 name, attr, ret_snode, &fs_sd); 640 } 641 642 smb_fssd_term(&fs_sd); 643 644 } else { 645 rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, flags, cr, 646 NULL); 647 648 if (rc == 0) { 649 *ret_snode = smb_node_lookup(sr, op, cr, vp, name, 650 dnode, NULL); 651 652 if (*ret_snode == NULL) 653 rc = ENOMEM; 654 655 VN_RELE(vp); 656 } 657 } 658 659 if (rc == 0) 660 smb_node_notify_parents(dnode); 661 662 return (rc); 663 } 664 665 /* 666 * smb_fsop_remove 667 * 668 * All SMB functions should use this wrapper to ensure that 669 * the the calls are performed with the appropriate credentials. 670 * Please document any direct call to explain the reason 671 * for avoiding this wrapper. 672 * 673 * It is assumed that a reference exists on snode coming into this routine. 674 * 675 * A null smb_request might be passed to this function. 676 */ 677 int 678 smb_fsop_remove( 679 smb_request_t *sr, 680 cred_t *cr, 681 smb_node_t *dnode, 682 char *name, 683 uint32_t flags) 684 { 685 smb_node_t *fnode; 686 char *longname; 687 char *fname; 688 char *sname; 689 int rc; 690 691 ASSERT(cr); 692 /* 693 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 694 * function is called during the deletion of the node (because of 695 * DELETE_ON_CLOSE). 696 */ 697 ASSERT(dnode); 698 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 699 700 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 || 701 SMB_TREE_HAS_ACCESS(sr, ACE_DELETE) == 0) 702 return (EACCES); 703 704 if (SMB_TREE_IS_READONLY(sr)) 705 return (EROFS); 706 707 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 708 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 709 710 if (dnode->flags & NODE_XATTR_DIR) { 711 fnode = dnode->n_dnode; 712 rc = smb_vop_stream_remove(fnode->vp, name, flags, cr); 713 714 /* notify change to the unnamed stream */ 715 if ((rc == 0) && fnode->n_dnode) 716 smb_node_notify_change(fnode->n_dnode); 717 718 } else if (smb_is_stream_name(name)) { 719 smb_stream_parse_name(name, fname, sname); 720 721 /* 722 * Look up the unnamed stream (i.e. fname). 723 * Unmangle processing will be done on fname 724 * as well as any link target. 725 */ 726 727 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 728 sr->tid_tree->t_snode, dnode, fname, &fnode); 729 730 if (rc != 0) { 731 kmem_free(fname, MAXNAMELEN); 732 kmem_free(sname, MAXNAMELEN); 733 return (rc); 734 } 735 736 /* 737 * XXX 738 * Need to find out what permission is required by NTFS 739 * to remove a stream. 740 */ 741 rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr); 742 743 smb_node_release(fnode); 744 745 /* notify change to the unnamed stream */ 746 if (rc == 0) 747 smb_node_notify_change(dnode); 748 } else { 749 rc = smb_vop_remove(dnode->vp, name, flags, cr); 750 751 if (rc == ENOENT) { 752 if (smb_maybe_mangled_name(name) == 0) { 753 kmem_free(fname, MAXNAMELEN); 754 kmem_free(sname, MAXNAMELEN); 755 return (rc); 756 } 757 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 758 759 if (SMB_TREE_SUPPORTS_ABE(sr)) 760 flags |= SMB_ABE; 761 762 rc = smb_unmangle_name(dnode, name, 763 longname, MAXNAMELEN, flags); 764 765 if (rc == 0) { 766 /* 767 * longname is the real (case-sensitive) 768 * on-disk name. 769 * We make sure we do a remove on this exact 770 * name, as the name was mangled and denotes 771 * a unique file. 772 */ 773 flags &= ~SMB_IGNORE_CASE; 774 rc = smb_vop_remove(dnode->vp, longname, 775 flags, cr); 776 } 777 778 if (rc == 0) 779 smb_node_notify_parents(dnode); 780 781 kmem_free(longname, MAXNAMELEN); 782 } 783 } 784 785 kmem_free(fname, MAXNAMELEN); 786 kmem_free(sname, MAXNAMELEN); 787 788 return (rc); 789 } 790 791 /* 792 * smb_fsop_remove_streams 793 * 794 * This function removes a file's streams without removing the 795 * file itself. 796 * 797 * It is assumed that fnode is not a link. 798 */ 799 int 800 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode) 801 { 802 int rc, flags = 0; 803 uint16_t odid; 804 smb_odir_t *od; 805 smb_odirent_t *odirent; 806 boolean_t eos; 807 808 ASSERT(sr); 809 ASSERT(cr); 810 ASSERT(fnode); 811 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 812 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 813 814 if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0) { 815 smbsr_errno(sr, EACCES); 816 return (-1); 817 } 818 819 if (SMB_TREE_IS_READONLY(sr)) { 820 smbsr_errno(sr, EROFS); 821 return (-1); 822 } 823 824 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 825 flags = SMB_IGNORE_CASE; 826 827 if (SMB_TREE_SUPPORTS_CATIA(sr)) 828 flags |= SMB_CATIA; 829 830 if ((odid = smb_odir_openat(sr, fnode)) == 0) { 831 smbsr_errno(sr, ENOENT); 832 return (-1); 833 } 834 835 if ((od = smb_tree_lookup_odir(sr->tid_tree, odid)) == NULL) { 836 smbsr_errno(sr, ENOENT); 837 return (-1); 838 } 839 840 odirent = kmem_alloc(sizeof (smb_odirent_t), KM_SLEEP); 841 for (;;) { 842 rc = smb_odir_read(sr, od, odirent, &eos); 843 if ((rc != 0) || (eos)) 844 break; 845 (void) smb_vop_remove(od->d_dnode->vp, odirent->od_name, 846 flags, cr); 847 } 848 kmem_free(odirent, sizeof (smb_odirent_t)); 849 850 smb_odir_close(od); 851 smb_odir_release(od); 852 return (rc); 853 } 854 855 /* 856 * smb_fsop_rmdir 857 * 858 * All SMB functions should use this wrapper to ensure that 859 * the the calls are performed with the appropriate credentials. 860 * Please document any direct call to explain the reason 861 * for avoiding this wrapper. 862 * 863 * It is assumed that a reference exists on snode coming into this routine. 864 */ 865 int 866 smb_fsop_rmdir( 867 smb_request_t *sr, 868 cred_t *cr, 869 smb_node_t *dnode, 870 char *name, 871 uint32_t flags) 872 { 873 int rc; 874 char *longname; 875 876 ASSERT(cr); 877 /* 878 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 879 * function is called during the deletion of the node (because of 880 * DELETE_ON_CLOSE). 881 */ 882 ASSERT(dnode); 883 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 884 885 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 || 886 SMB_TREE_HAS_ACCESS(sr, ACE_DELETE_CHILD) == 0) 887 return (EACCES); 888 889 if (SMB_TREE_IS_READONLY(sr)) 890 return (EROFS); 891 892 rc = smb_vop_rmdir(dnode->vp, name, flags, cr); 893 894 if (rc == ENOENT) { 895 if (smb_maybe_mangled_name(name) == 0) 896 return (rc); 897 898 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 899 900 if (SMB_TREE_SUPPORTS_ABE(sr)) 901 flags |= SMB_ABE; 902 rc = smb_unmangle_name(dnode, name, longname, 903 MAXNAMELEN, flags); 904 905 if (rc == 0) { 906 /* 907 * longname is the real (case-sensitive) 908 * on-disk name. 909 * We make sure we do a rmdir on this exact 910 * name, as the name was mangled and denotes 911 * a unique directory. 912 */ 913 flags &= ~SMB_IGNORE_CASE; 914 rc = smb_vop_rmdir(dnode->vp, longname, flags, cr); 915 } 916 917 kmem_free(longname, MAXNAMELEN); 918 } 919 920 if (rc == 0) 921 smb_node_notify_parents(dnode); 922 923 return (rc); 924 } 925 926 /* 927 * smb_fsop_getattr 928 * 929 * All SMB functions should use this wrapper to ensure that 930 * the the calls are performed with the appropriate credentials. 931 * Please document any direct call to explain the reason 932 * for avoiding this wrapper. 933 * 934 * It is assumed that a reference exists on snode coming into this routine. 935 */ 936 int 937 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 938 smb_attr_t *attr) 939 { 940 smb_node_t *unnamed_node; 941 vnode_t *unnamed_vp = NULL; 942 uint32_t status; 943 uint32_t access = 0; 944 int flags = 0; 945 int rc; 946 947 ASSERT(cr); 948 ASSERT(snode); 949 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 950 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 951 952 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0 || 953 SMB_TREE_HAS_ACCESS(sr, ACE_READ_ATTRIBUTES) == 0) 954 return (EACCES); 955 956 /* sr could be NULL in some cases */ 957 if (sr && sr->fid_ofile) { 958 /* if uid and/or gid is requested */ 959 if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 960 access |= READ_CONTROL; 961 962 /* if anything else is also requested */ 963 if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 964 access |= FILE_READ_ATTRIBUTES; 965 966 status = smb_ofile_access(sr->fid_ofile, cr, access); 967 if (status != NT_STATUS_SUCCESS) 968 return (EACCES); 969 970 if (smb_tree_has_feature(sr->tid_tree, 971 SMB_TREE_ACEMASKONACCESS)) 972 flags = ATTR_NOACLCHECK; 973 } 974 975 unnamed_node = SMB_IS_STREAM(snode); 976 977 if (unnamed_node) { 978 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 979 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 980 unnamed_vp = unnamed_node->vp; 981 } 982 983 rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr); 984 985 if ((rc == 0) && smb_node_is_dfslink(snode)) { 986 /* a DFS link should be treated as a directory */ 987 attr->sa_dosattr |= FILE_ATTRIBUTE_DIRECTORY; 988 } 989 990 return (rc); 991 } 992 993 /* 994 * smb_fsop_link 995 * 996 * All SMB functions should use this smb_vop_link wrapper to ensure that 997 * the smb_vop_link is performed with the appropriate credentials. 998 * Please document any direct call to smb_vop_link to explain the reason 999 * for avoiding this wrapper. 1000 * 1001 * It is assumed that references exist on from_dnode and to_dnode coming 1002 * into this routine. 1003 */ 1004 int 1005 smb_fsop_link(smb_request_t *sr, cred_t *cr, smb_node_t *from_fnode, 1006 smb_node_t *to_dnode, char *to_name) 1007 { 1008 char *longname = NULL; 1009 int flags = 0; 1010 int rc; 1011 1012 ASSERT(sr); 1013 ASSERT(sr->tid_tree); 1014 ASSERT(cr); 1015 ASSERT(to_dnode); 1016 ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC); 1017 ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1018 ASSERT(from_fnode); 1019 ASSERT(from_fnode->n_magic == SMB_NODE_MAGIC); 1020 ASSERT(from_fnode->n_state != SMB_NODE_STATE_DESTROYING); 1021 1022 if (SMB_TREE_CONTAINS_NODE(sr, from_fnode) == 0) 1023 return (EACCES); 1024 1025 if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0) 1026 return (EACCES); 1027 1028 if (SMB_TREE_IS_READONLY(sr)) 1029 return (EROFS); 1030 1031 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1032 flags = SMB_IGNORE_CASE; 1033 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1034 flags |= SMB_CATIA; 1035 if (SMB_TREE_SUPPORTS_ABE(sr)) 1036 flags |= SMB_ABE; 1037 1038 if (smb_maybe_mangled_name(to_name)) { 1039 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1040 rc = smb_unmangle_name(to_dnode, to_name, 1041 longname, MAXNAMELEN, flags); 1042 kmem_free(longname, MAXNAMELEN); 1043 1044 if (rc == 0) 1045 rc = EEXIST; 1046 if (rc != ENOENT) 1047 return (rc); 1048 } 1049 1050 rc = smb_vop_link(to_dnode->vp, from_fnode->vp, to_name, flags, cr); 1051 1052 if ((rc == 0) && from_fnode->n_dnode) 1053 smb_node_notify_parents(from_fnode->n_dnode); 1054 1055 return (rc); 1056 } 1057 1058 /* 1059 * smb_fsop_rename 1060 * 1061 * All SMB functions should use this smb_vop_rename wrapper to ensure that 1062 * the smb_vop_rename is performed with the appropriate credentials. 1063 * Please document any direct call to smb_vop_rename to explain the reason 1064 * for avoiding this wrapper. 1065 * 1066 * It is assumed that references exist on from_dnode and to_dnode coming 1067 * into this routine. 1068 */ 1069 int 1070 smb_fsop_rename( 1071 smb_request_t *sr, 1072 cred_t *cr, 1073 smb_node_t *from_dnode, 1074 char *from_name, 1075 smb_node_t *to_dnode, 1076 char *to_name) 1077 { 1078 smb_node_t *from_snode; 1079 smb_attr_t from_attr; 1080 vnode_t *from_vp; 1081 int flags = 0, ret_flags; 1082 int rc; 1083 boolean_t isdir; 1084 1085 ASSERT(cr); 1086 ASSERT(from_dnode); 1087 ASSERT(from_dnode->n_magic == SMB_NODE_MAGIC); 1088 ASSERT(from_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1089 1090 ASSERT(to_dnode); 1091 ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC); 1092 ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1093 1094 if (SMB_TREE_CONTAINS_NODE(sr, from_dnode) == 0) 1095 return (EACCES); 1096 1097 if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0) 1098 return (EACCES); 1099 1100 ASSERT(sr); 1101 ASSERT(sr->tid_tree); 1102 if (SMB_TREE_IS_READONLY(sr)) 1103 return (EROFS); 1104 1105 /* 1106 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE 1107 * here. 1108 * 1109 * A case-sensitive rename is always done in this routine 1110 * because we are using the on-disk name from an earlier lookup. 1111 * If a mangled name was passed in by the caller (denoting a 1112 * deterministic lookup), then the exact file must be renamed 1113 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or 1114 * else the underlying file system might return a "first-match" 1115 * on this on-disk name, possibly resulting in the wrong file). 1116 */ 1117 1118 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1119 flags |= SMB_CATIA; 1120 1121 /* 1122 * XXX: Lock required through smb_node_release() below? 1123 */ 1124 1125 rc = smb_vop_lookup(from_dnode->vp, from_name, &from_vp, NULL, 1126 flags, &ret_flags, NULL, &from_attr, cr); 1127 1128 if (rc != 0) 1129 return (rc); 1130 1131 if (from_attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) { 1132 VN_RELE(from_vp); 1133 return (EACCES); 1134 } 1135 1136 isdir = ((from_attr.sa_dosattr & FILE_ATTRIBUTE_DIRECTORY) != 0); 1137 1138 if ((isdir && SMB_TREE_HAS_ACCESS(sr, 1139 ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY) != 1140 (ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY)) || 1141 (!isdir && SMB_TREE_HAS_ACCESS(sr, ACE_DELETE | ACE_ADD_FILE) != 1142 (ACE_DELETE | ACE_ADD_FILE))) { 1143 VN_RELE(from_vp); 1144 return (EACCES); 1145 } 1146 1147 /* 1148 * SMB checks access on open and retains an access granted 1149 * mask for use while the file is open. ACL changes should 1150 * not affect access to an open file. 1151 * 1152 * If the rename is being performed on an ofile: 1153 * - Check the ofile's access granted mask to see if the 1154 * rename is permitted - requires DELETE access. 1155 * - If the file system does access checking, set the 1156 * ATTR_NOACLCHECK flag to ensure that the file system 1157 * does not check permissions on subsequent calls. 1158 */ 1159 if (sr && sr->fid_ofile) { 1160 rc = smb_ofile_access(sr->fid_ofile, cr, DELETE); 1161 if (rc != NT_STATUS_SUCCESS) { 1162 VN_RELE(from_vp); 1163 return (EACCES); 1164 } 1165 1166 if (smb_tree_has_feature(sr->tid_tree, 1167 SMB_TREE_ACEMASKONACCESS)) 1168 flags = ATTR_NOACLCHECK; 1169 } 1170 1171 rc = smb_vop_rename(from_dnode->vp, from_name, to_dnode->vp, 1172 to_name, flags, cr); 1173 1174 if (rc == 0) { 1175 from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name, 1176 from_dnode, NULL); 1177 1178 if (from_snode == NULL) { 1179 rc = ENOMEM; 1180 } else { 1181 smb_node_rename(from_dnode, from_snode, 1182 to_dnode, to_name); 1183 smb_node_release(from_snode); 1184 } 1185 } 1186 VN_RELE(from_vp); 1187 1188 if (rc == 0) 1189 smb_node_notify_parents(from_dnode); 1190 1191 /* XXX: unlock */ 1192 1193 return (rc); 1194 } 1195 1196 /* 1197 * smb_fsop_setattr 1198 * 1199 * All SMB functions should use this wrapper to ensure that 1200 * the the calls are performed with the appropriate credentials. 1201 * Please document any direct call to explain the reason 1202 * for avoiding this wrapper. 1203 * 1204 * It is assumed that a reference exists on snode coming into 1205 * this function. 1206 * A null smb_request might be passed to this function. 1207 */ 1208 int 1209 smb_fsop_setattr( 1210 smb_request_t *sr, 1211 cred_t *cr, 1212 smb_node_t *snode, 1213 smb_attr_t *set_attr) 1214 { 1215 smb_node_t *unnamed_node; 1216 vnode_t *unnamed_vp = NULL; 1217 uint32_t status; 1218 uint32_t access; 1219 int rc = 0; 1220 int flags = 0; 1221 uint_t sa_mask; 1222 1223 ASSERT(cr); 1224 ASSERT(snode); 1225 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1226 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1227 1228 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0) 1229 return (EACCES); 1230 1231 if (SMB_TREE_IS_READONLY(sr)) 1232 return (EROFS); 1233 1234 if (SMB_TREE_HAS_ACCESS(sr, 1235 ACE_WRITE_ATTRIBUTES | ACE_WRITE_NAMED_ATTRS) == 0) 1236 return (EACCES); 1237 1238 /* 1239 * The file system cannot detect pending READDONLY 1240 * (i.e. if the file has been opened readonly but 1241 * not yet closed) so we need to test READONLY here. 1242 */ 1243 if (sr && (set_attr->sa_mask & SMB_AT_SIZE)) { 1244 if (sr->fid_ofile) { 1245 if (SMB_OFILE_IS_READONLY(sr->fid_ofile)) 1246 return (EACCES); 1247 } else { 1248 if (SMB_PATHFILE_IS_READONLY(sr, snode)) 1249 return (EACCES); 1250 } 1251 } 1252 1253 /* 1254 * SMB checks access on open and retains an access granted 1255 * mask for use while the file is open. ACL changes should 1256 * not affect access to an open file. 1257 * 1258 * If the setattr is being performed on an ofile: 1259 * - Check the ofile's access granted mask to see if the 1260 * setattr is permitted. 1261 * UID, GID - require WRITE_OWNER 1262 * SIZE, ALLOCSZ - require FILE_WRITE_DATA 1263 * all other attributes require FILE_WRITE_ATTRIBUTES 1264 * 1265 * - If the file system does access checking, set the 1266 * ATTR_NOACLCHECK flag to ensure that the file system 1267 * does not check permissions on subsequent calls. 1268 */ 1269 if (sr && sr->fid_ofile) { 1270 sa_mask = set_attr->sa_mask; 1271 access = 0; 1272 1273 if (sa_mask & (SMB_AT_SIZE | SMB_AT_ALLOCSZ)) { 1274 access |= FILE_WRITE_DATA; 1275 sa_mask &= ~(SMB_AT_SIZE | SMB_AT_ALLOCSZ); 1276 } 1277 1278 if (sa_mask & (SMB_AT_UID|SMB_AT_GID)) { 1279 access |= WRITE_OWNER; 1280 sa_mask &= ~(SMB_AT_UID|SMB_AT_GID); 1281 } 1282 1283 if (sa_mask) 1284 access |= FILE_WRITE_ATTRIBUTES; 1285 1286 status = smb_ofile_access(sr->fid_ofile, cr, access); 1287 if (status != NT_STATUS_SUCCESS) 1288 return (EACCES); 1289 1290 if (smb_tree_has_feature(sr->tid_tree, 1291 SMB_TREE_ACEMASKONACCESS)) 1292 flags = ATTR_NOACLCHECK; 1293 } 1294 1295 unnamed_node = SMB_IS_STREAM(snode); 1296 1297 if (unnamed_node) { 1298 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1299 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1300 unnamed_vp = unnamed_node->vp; 1301 } 1302 1303 rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr); 1304 return (rc); 1305 } 1306 1307 /* 1308 * smb_fsop_read 1309 * 1310 * All SMB functions should use this wrapper to ensure that 1311 * the the calls are performed with the appropriate credentials. 1312 * Please document any direct call to explain the reason 1313 * for avoiding this wrapper. 1314 * 1315 * It is assumed that a reference exists on snode coming into this routine. 1316 */ 1317 int 1318 smb_fsop_read(smb_request_t *sr, cred_t *cr, smb_node_t *snode, uio_t *uio) 1319 { 1320 caller_context_t ct; 1321 int svmand; 1322 int rc; 1323 1324 ASSERT(cr); 1325 ASSERT(snode); 1326 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1327 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1328 1329 ASSERT(sr); 1330 ASSERT(sr->fid_ofile); 1331 1332 if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_DATA) == 0) 1333 return (EACCES); 1334 1335 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA); 1336 if ((rc != NT_STATUS_SUCCESS) && 1337 (sr->smb_flg2 & SMB_FLAGS2_READ_IF_EXECUTE)) 1338 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE); 1339 1340 if (rc != NT_STATUS_SUCCESS) 1341 return (EACCES); 1342 1343 /* 1344 * Streams permission are checked against the unnamed stream, 1345 * but in FS level they have their own permissions. To avoid 1346 * rejection by FS due to lack of permission on the actual 1347 * extended attr kcred is passed for streams. 1348 */ 1349 if (SMB_IS_STREAM(snode)) 1350 cr = kcred; 1351 1352 smb_node_start_crit(snode, RW_READER); 1353 rc = nbl_svmand(snode->vp, kcred, &svmand); 1354 if (rc) { 1355 smb_node_end_crit(snode); 1356 return (rc); 1357 } 1358 1359 ct = smb_ct; 1360 ct.cc_pid = sr->fid_ofile->f_uniqid; 1361 rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset, 1362 uio->uio_iov->iov_len, svmand, &ct); 1363 1364 if (rc) { 1365 smb_node_end_crit(snode); 1366 return (ERANGE); 1367 } 1368 1369 rc = smb_vop_read(snode->vp, uio, cr); 1370 smb_node_end_crit(snode); 1371 1372 return (rc); 1373 } 1374 1375 /* 1376 * smb_fsop_write 1377 * 1378 * This is a wrapper function used for smb_write and smb_write_raw operations. 1379 * 1380 * It is assumed that a reference exists on snode coming into this routine. 1381 */ 1382 int 1383 smb_fsop_write( 1384 smb_request_t *sr, 1385 cred_t *cr, 1386 smb_node_t *snode, 1387 uio_t *uio, 1388 uint32_t *lcount, 1389 int ioflag) 1390 { 1391 caller_context_t ct; 1392 int svmand; 1393 int rc; 1394 1395 ASSERT(cr); 1396 ASSERT(snode); 1397 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1398 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1399 1400 ASSERT(sr); 1401 ASSERT(sr->tid_tree); 1402 ASSERT(sr->fid_ofile); 1403 1404 if (SMB_TREE_IS_READONLY(sr)) 1405 return (EROFS); 1406 1407 if (SMB_OFILE_IS_READONLY(sr->fid_ofile) || 1408 SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_DATA | ACE_APPEND_DATA) == 0) 1409 return (EACCES); 1410 1411 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_WRITE_DATA); 1412 if (rc != NT_STATUS_SUCCESS) { 1413 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_APPEND_DATA); 1414 if (rc != NT_STATUS_SUCCESS) 1415 return (EACCES); 1416 } 1417 1418 /* 1419 * Streams permission are checked against the unnamed stream, 1420 * but in FS level they have their own permissions. To avoid 1421 * rejection by FS due to lack of permission on the actual 1422 * extended attr kcred is passed for streams. 1423 */ 1424 if (SMB_IS_STREAM(snode)) 1425 cr = kcred; 1426 1427 smb_node_start_crit(snode, RW_READER); 1428 rc = nbl_svmand(snode->vp, kcred, &svmand); 1429 if (rc) { 1430 smb_node_end_crit(snode); 1431 return (rc); 1432 } 1433 1434 ct = smb_ct; 1435 ct.cc_pid = sr->fid_ofile->f_uniqid; 1436 rc = nbl_lock_conflict(snode->vp, NBL_WRITE, uio->uio_loffset, 1437 uio->uio_iov->iov_len, svmand, &ct); 1438 1439 if (rc) { 1440 smb_node_end_crit(snode); 1441 return (ERANGE); 1442 } 1443 1444 rc = smb_vop_write(snode->vp, uio, ioflag, lcount, cr); 1445 smb_node_end_crit(snode); 1446 1447 return (rc); 1448 } 1449 1450 /* 1451 * smb_fsop_statfs 1452 * 1453 * This is a wrapper function used for stat operations. 1454 */ 1455 int 1456 smb_fsop_statfs( 1457 cred_t *cr, 1458 smb_node_t *snode, 1459 struct statvfs64 *statp) 1460 { 1461 ASSERT(cr); 1462 ASSERT(snode); 1463 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1464 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1465 1466 return (smb_vop_statfs(snode->vp, statp, cr)); 1467 } 1468 1469 /* 1470 * smb_fsop_access 1471 * 1472 * Named streams do not have separate permissions from the associated 1473 * unnamed stream. Thus, if node is a named stream, the permissions 1474 * check will be performed on the associated unnamed stream. 1475 * 1476 * However, our named streams do have their own quarantine attribute, 1477 * separate from that on the unnamed stream. If READ or EXECUTE 1478 * access has been requested on a named stream, an additional access 1479 * check is performed on the named stream in case it has been 1480 * quarantined. kcred is used to avoid issues with the permissions 1481 * set on the extended attribute file representing the named stream. 1482 */ 1483 int 1484 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1485 uint32_t faccess) 1486 { 1487 int access = 0; 1488 int error; 1489 vnode_t *dir_vp; 1490 boolean_t acl_check = B_TRUE; 1491 smb_node_t *unnamed_node; 1492 1493 ASSERT(sr); 1494 ASSERT(cr); 1495 ASSERT(snode); 1496 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1497 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1498 1499 if (faccess == 0) 1500 return (NT_STATUS_SUCCESS); 1501 1502 if (SMB_TREE_IS_READONLY(sr)) { 1503 if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA| 1504 FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES| 1505 DELETE|WRITE_DAC|WRITE_OWNER)) { 1506 return (NT_STATUS_ACCESS_DENIED); 1507 } 1508 } 1509 1510 if (smb_node_is_reparse(snode) && (faccess & DELETE)) 1511 return (NT_STATUS_ACCESS_DENIED); 1512 1513 unnamed_node = SMB_IS_STREAM(snode); 1514 if (unnamed_node) { 1515 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1516 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1517 1518 /* 1519 * Perform VREAD access check on the named stream in case it 1520 * is quarantined. kcred is passed to smb_vop_access so it 1521 * doesn't fail due to lack of permission. 1522 */ 1523 if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) { 1524 error = smb_vop_access(snode->vp, VREAD, 1525 0, NULL, kcred); 1526 if (error) 1527 return (NT_STATUS_ACCESS_DENIED); 1528 } 1529 1530 /* 1531 * Streams authorization should be performed against the 1532 * unnamed stream. 1533 */ 1534 snode = unnamed_node; 1535 } 1536 1537 if (faccess & ACCESS_SYSTEM_SECURITY) { 1538 /* 1539 * This permission is required for reading/writing SACL and 1540 * it's not part of DACL. It's only granted via proper 1541 * privileges. 1542 */ 1543 if ((sr->uid_user->u_privileges & 1544 (SMB_USER_PRIV_BACKUP | 1545 SMB_USER_PRIV_RESTORE | 1546 SMB_USER_PRIV_SECURITY)) == 0) 1547 return (NT_STATUS_PRIVILEGE_NOT_HELD); 1548 1549 faccess &= ~ACCESS_SYSTEM_SECURITY; 1550 } 1551 1552 /* Links don't have ACL */ 1553 if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) || 1554 smb_node_is_symlink(snode)) 1555 acl_check = B_FALSE; 1556 1557 /* 1558 * Use the most restrictive parts of both faccess and the 1559 * share access. An AND of the two value masks gives us that 1560 * since we've already converted to a mask of what we "can" 1561 * do. 1562 */ 1563 faccess &= sr->tid_tree->t_access; 1564 1565 if (acl_check) { 1566 dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL; 1567 error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp, 1568 cr); 1569 } else { 1570 /* 1571 * FS doesn't understand 32-bit mask, need to map 1572 */ 1573 if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA)) 1574 access |= VWRITE; 1575 1576 if (faccess & FILE_READ_DATA) 1577 access |= VREAD; 1578 1579 if (faccess & FILE_EXECUTE) 1580 access |= VEXEC; 1581 1582 error = smb_vop_access(snode->vp, access, 0, NULL, cr); 1583 } 1584 1585 return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS); 1586 } 1587 1588 /* 1589 * smb_fsop_lookup_name() 1590 * 1591 * If name indicates that the file is a stream file, perform 1592 * stream specific lookup, otherwise call smb_fsop_lookup. 1593 * 1594 * Return an error if the looked-up file is in outside the tree. 1595 * (Required when invoked from open path.) 1596 */ 1597 1598 int 1599 smb_fsop_lookup_name( 1600 smb_request_t *sr, 1601 cred_t *cr, 1602 int flags, 1603 smb_node_t *root_node, 1604 smb_node_t *dnode, 1605 char *name, 1606 smb_node_t **ret_snode) 1607 { 1608 smb_node_t *fnode; 1609 vnode_t *xattrdirvp; 1610 vnode_t *vp; 1611 char *od_name; 1612 char *fname; 1613 char *sname; 1614 int rc; 1615 1616 ASSERT(cr); 1617 ASSERT(dnode); 1618 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 1619 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 1620 1621 /* 1622 * The following check is required for streams processing, below 1623 */ 1624 1625 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1626 flags |= SMB_IGNORE_CASE; 1627 1628 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1629 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1630 1631 if (smb_is_stream_name(name)) { 1632 smb_stream_parse_name(name, fname, sname); 1633 1634 /* 1635 * Look up the unnamed stream (i.e. fname). 1636 * Unmangle processing will be done on fname 1637 * as well as any link target. 1638 */ 1639 rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, 1640 fname, &fnode); 1641 1642 if (rc != 0) { 1643 kmem_free(fname, MAXNAMELEN); 1644 kmem_free(sname, MAXNAMELEN); 1645 return (rc); 1646 } 1647 1648 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1649 1650 /* 1651 * od_name is the on-disk name of the stream, except 1652 * without the prepended stream prefix (SMB_STREAM_PREFIX) 1653 */ 1654 1655 /* 1656 * XXX 1657 * What permissions NTFS requires for stream lookup if any? 1658 */ 1659 rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name, 1660 &xattrdirvp, flags, root_node->vp, cr); 1661 1662 if (rc != 0) { 1663 smb_node_release(fnode); 1664 kmem_free(fname, MAXNAMELEN); 1665 kmem_free(sname, MAXNAMELEN); 1666 kmem_free(od_name, MAXNAMELEN); 1667 return (rc); 1668 } 1669 1670 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1671 vp, od_name); 1672 1673 kmem_free(od_name, MAXNAMELEN); 1674 smb_node_release(fnode); 1675 VN_RELE(xattrdirvp); 1676 VN_RELE(vp); 1677 1678 if (*ret_snode == NULL) { 1679 kmem_free(fname, MAXNAMELEN); 1680 kmem_free(sname, MAXNAMELEN); 1681 return (ENOMEM); 1682 } 1683 } else { 1684 rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, name, 1685 ret_snode); 1686 } 1687 1688 if (rc == 0) { 1689 ASSERT(ret_snode); 1690 if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) { 1691 smb_node_release(*ret_snode); 1692 *ret_snode = NULL; 1693 rc = EACCES; 1694 } 1695 } 1696 1697 kmem_free(fname, MAXNAMELEN); 1698 kmem_free(sname, MAXNAMELEN); 1699 1700 return (rc); 1701 } 1702 1703 /* 1704 * smb_fsop_lookup 1705 * 1706 * All SMB functions should use this smb_vop_lookup wrapper to ensure that 1707 * the smb_vop_lookup is performed with the appropriate credentials and using 1708 * case insensitive compares. Please document any direct call to smb_vop_lookup 1709 * to explain the reason for avoiding this wrapper. 1710 * 1711 * It is assumed that a reference exists on dnode coming into this routine 1712 * (and that it is safe from deallocation). 1713 * 1714 * Same with the root_node. 1715 * 1716 * *ret_snode is returned with a reference upon success. No reference is 1717 * taken if an error is returned. 1718 * 1719 * Note: The returned ret_snode may be in a child mount. This is ok for 1720 * readdir. 1721 * 1722 * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent 1723 * operations on files not in the parent mount. 1724 * 1725 * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE): 1726 * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set 1727 * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE 1728 * flag is set in the flags value passed as a parameter, a case insensitive 1729 * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set 1730 * or not). 1731 */ 1732 int 1733 smb_fsop_lookup( 1734 smb_request_t *sr, 1735 cred_t *cr, 1736 int flags, 1737 smb_node_t *root_node, 1738 smb_node_t *dnode, 1739 char *name, 1740 smb_node_t **ret_snode) 1741 { 1742 smb_node_t *lnk_target_node; 1743 smb_node_t *lnk_dnode; 1744 char *longname; 1745 char *od_name; 1746 vnode_t *vp; 1747 int rc; 1748 int ret_flags; 1749 smb_attr_t attr; 1750 1751 ASSERT(cr); 1752 ASSERT(dnode); 1753 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 1754 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 1755 1756 if (name == NULL) 1757 return (EINVAL); 1758 1759 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 1760 return (EACCES); 1761 1762 if (!(flags & SMB_CASE_SENSITIVE)) { 1763 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1764 flags |= SMB_IGNORE_CASE; 1765 } 1766 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1767 flags |= SMB_CATIA; 1768 if (SMB_TREE_SUPPORTS_ABE(sr)) 1769 flags |= SMB_ABE; 1770 1771 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1772 1773 rc = smb_vop_lookup(dnode->vp, name, &vp, od_name, flags, 1774 &ret_flags, root_node ? root_node->vp : NULL, &attr, cr); 1775 1776 if (rc != 0) { 1777 if (smb_maybe_mangled_name(name) == 0) { 1778 kmem_free(od_name, MAXNAMELEN); 1779 return (rc); 1780 } 1781 1782 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1783 rc = smb_unmangle_name(dnode, name, longname, 1784 MAXNAMELEN, flags); 1785 if (rc != 0) { 1786 kmem_free(od_name, MAXNAMELEN); 1787 kmem_free(longname, MAXNAMELEN); 1788 return (rc); 1789 } 1790 1791 /* 1792 * longname is the real (case-sensitive) 1793 * on-disk name. 1794 * We make sure we do a lookup on this exact 1795 * name, as the name was mangled and denotes 1796 * a unique file. 1797 */ 1798 1799 if (flags & SMB_IGNORE_CASE) 1800 flags &= ~SMB_IGNORE_CASE; 1801 1802 rc = smb_vop_lookup(dnode->vp, longname, &vp, od_name, 1803 flags, &ret_flags, root_node ? root_node->vp : NULL, &attr, 1804 cr); 1805 1806 kmem_free(longname, MAXNAMELEN); 1807 1808 if (rc != 0) { 1809 kmem_free(od_name, MAXNAMELEN); 1810 return (rc); 1811 } 1812 } 1813 1814 if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK) && 1815 ((attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) == 0)) { 1816 rc = smb_pathname(sr, od_name, FOLLOW, root_node, dnode, 1817 &lnk_dnode, &lnk_target_node, cr); 1818 1819 if (rc != 0) { 1820 /* 1821 * The link is assumed to be for the last component 1822 * of a path. Hence any ENOTDIR error will be returned 1823 * as ENOENT. 1824 */ 1825 if (rc == ENOTDIR) 1826 rc = ENOENT; 1827 1828 VN_RELE(vp); 1829 kmem_free(od_name, MAXNAMELEN); 1830 return (rc); 1831 } 1832 1833 /* 1834 * Release the original VLNK vnode 1835 */ 1836 1837 VN_RELE(vp); 1838 vp = lnk_target_node->vp; 1839 1840 rc = smb_vop_traverse_check(&vp); 1841 1842 if (rc != 0) { 1843 smb_node_release(lnk_dnode); 1844 smb_node_release(lnk_target_node); 1845 kmem_free(od_name, MAXNAMELEN); 1846 return (rc); 1847 } 1848 1849 /* 1850 * smb_vop_traverse_check() may have returned a different vnode 1851 */ 1852 1853 if (lnk_target_node->vp == vp) { 1854 *ret_snode = lnk_target_node; 1855 } else { 1856 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, 1857 lnk_target_node->od_name, lnk_dnode, NULL); 1858 VN_RELE(vp); 1859 1860 if (*ret_snode == NULL) 1861 rc = ENOMEM; 1862 smb_node_release(lnk_target_node); 1863 } 1864 1865 smb_node_release(lnk_dnode); 1866 1867 } else { 1868 1869 rc = smb_vop_traverse_check(&vp); 1870 if (rc) { 1871 VN_RELE(vp); 1872 kmem_free(od_name, MAXNAMELEN); 1873 return (rc); 1874 } 1875 1876 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name, 1877 dnode, NULL); 1878 VN_RELE(vp); 1879 1880 if (*ret_snode == NULL) 1881 rc = ENOMEM; 1882 } 1883 1884 kmem_free(od_name, MAXNAMELEN); 1885 return (rc); 1886 } 1887 1888 int /*ARGSUSED*/ 1889 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode) 1890 { 1891 ASSERT(cr); 1892 ASSERT(snode); 1893 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1894 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1895 1896 ASSERT(sr); 1897 ASSERT(sr->tid_tree); 1898 if (SMB_TREE_IS_READONLY(sr)) 1899 return (EROFS); 1900 1901 return (smb_vop_commit(snode->vp, cr)); 1902 } 1903 1904 /* 1905 * smb_fsop_aclread 1906 * 1907 * Retrieve filesystem ACL. Depends on requested ACLs in 1908 * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in 1909 * fs_sd. Note that requesting a DACL/SACL doesn't mean that 1910 * the corresponding field in fs_sd should be non-NULL upon 1911 * return, since the target ACL might not contain that type of 1912 * entries. 1913 * 1914 * Returned ACL is always in ACE_T (aka ZFS) format. 1915 * If successful the allocated memory for the ACL should be freed 1916 * using smb_fsacl_free() or smb_fssd_term() 1917 */ 1918 int 1919 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1920 smb_fssd_t *fs_sd) 1921 { 1922 int error = 0; 1923 int flags = 0; 1924 int access = 0; 1925 acl_t *acl; 1926 smb_node_t *unnamed_node; 1927 1928 ASSERT(cr); 1929 1930 if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_ACL) == 0) 1931 return (EACCES); 1932 1933 if (sr->fid_ofile) { 1934 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 1935 access = READ_CONTROL; 1936 1937 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 1938 access |= ACCESS_SYSTEM_SECURITY; 1939 1940 error = smb_ofile_access(sr->fid_ofile, cr, access); 1941 if (error != NT_STATUS_SUCCESS) { 1942 return (EACCES); 1943 } 1944 } 1945 1946 unnamed_node = SMB_IS_STREAM(snode); 1947 if (unnamed_node) { 1948 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1949 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1950 /* 1951 * Streams don't have ACL, any read ACL attempt on a stream 1952 * should be performed on the unnamed stream. 1953 */ 1954 snode = unnamed_node; 1955 } 1956 1957 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) 1958 flags = ATTR_NOACLCHECK; 1959 1960 error = smb_vop_acl_read(snode->vp, &acl, flags, 1961 sr->tid_tree->t_acltype, cr); 1962 if (error != 0) { 1963 return (error); 1964 } 1965 1966 error = acl_translate(acl, _ACL_ACE_ENABLED, 1967 smb_node_is_dir(snode), fs_sd->sd_uid, fs_sd->sd_gid); 1968 1969 if (error == 0) { 1970 smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl, 1971 fs_sd->sd_secinfo); 1972 } 1973 1974 acl_free(acl); 1975 return (error); 1976 } 1977 1978 /* 1979 * smb_fsop_aclwrite 1980 * 1981 * Stores the filesystem ACL provided in fs_sd->sd_acl. 1982 */ 1983 int 1984 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1985 smb_fssd_t *fs_sd) 1986 { 1987 int target_flavor; 1988 int error = 0; 1989 int flags = 0; 1990 int access = 0; 1991 acl_t *acl, *dacl, *sacl; 1992 smb_node_t *unnamed_node; 1993 1994 ASSERT(cr); 1995 1996 ASSERT(sr); 1997 ASSERT(sr->tid_tree); 1998 if (SMB_TREE_IS_READONLY(sr)) 1999 return (EROFS); 2000 2001 if (SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_ACL) == 0) 2002 return (EACCES); 2003 2004 if (sr->fid_ofile) { 2005 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2006 access = WRITE_DAC; 2007 2008 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2009 access |= ACCESS_SYSTEM_SECURITY; 2010 2011 error = smb_ofile_access(sr->fid_ofile, cr, access); 2012 if (error != NT_STATUS_SUCCESS) 2013 return (EACCES); 2014 } 2015 2016 switch (sr->tid_tree->t_acltype) { 2017 case ACLENT_T: 2018 target_flavor = _ACL_ACLENT_ENABLED; 2019 break; 2020 2021 case ACE_T: 2022 target_flavor = _ACL_ACE_ENABLED; 2023 break; 2024 default: 2025 return (EINVAL); 2026 } 2027 2028 unnamed_node = SMB_IS_STREAM(snode); 2029 if (unnamed_node) { 2030 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2031 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2032 /* 2033 * Streams don't have ACL, any write ACL attempt on a stream 2034 * should be performed on the unnamed stream. 2035 */ 2036 snode = unnamed_node; 2037 } 2038 2039 dacl = fs_sd->sd_zdacl; 2040 sacl = fs_sd->sd_zsacl; 2041 2042 ASSERT(dacl || sacl); 2043 if ((dacl == NULL) && (sacl == NULL)) 2044 return (EINVAL); 2045 2046 if (dacl && sacl) 2047 acl = smb_fsacl_merge(dacl, sacl); 2048 else if (dacl) 2049 acl = dacl; 2050 else 2051 acl = sacl; 2052 2053 error = acl_translate(acl, target_flavor, smb_node_is_dir(snode), 2054 fs_sd->sd_uid, fs_sd->sd_gid); 2055 if (error == 0) { 2056 if (smb_tree_has_feature(sr->tid_tree, 2057 SMB_TREE_ACEMASKONACCESS)) 2058 flags = ATTR_NOACLCHECK; 2059 2060 error = smb_vop_acl_write(snode->vp, acl, flags, cr); 2061 } 2062 2063 if (dacl && sacl) 2064 acl_free(acl); 2065 2066 return (error); 2067 } 2068 2069 acl_type_t 2070 smb_fsop_acltype(smb_node_t *snode) 2071 { 2072 return (smb_vop_acl_type(snode->vp)); 2073 } 2074 2075 /* 2076 * smb_fsop_sdread 2077 * 2078 * Read the requested security descriptor items from filesystem. 2079 * The items are specified in fs_sd->sd_secinfo. 2080 */ 2081 int 2082 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2083 smb_fssd_t *fs_sd) 2084 { 2085 int error = 0; 2086 int getowner = 0; 2087 cred_t *ga_cred; 2088 smb_attr_t attr; 2089 2090 ASSERT(cr); 2091 ASSERT(fs_sd); 2092 2093 /* 2094 * File's uid/gid is fetched in two cases: 2095 * 2096 * 1. it's explicitly requested 2097 * 2098 * 2. target ACL is ACE_T (ZFS ACL). They're needed for 2099 * owner@/group@ entries. In this case kcred should be used 2100 * because uid/gid are fetched on behalf of smb server. 2101 */ 2102 if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) { 2103 getowner = 1; 2104 ga_cred = cr; 2105 } else if (sr->tid_tree->t_acltype == ACE_T) { 2106 getowner = 1; 2107 ga_cred = kcred; 2108 } 2109 2110 if (getowner) { 2111 /* 2112 * Windows require READ_CONTROL to read owner/group SID since 2113 * they're part of Security Descriptor. 2114 * ZFS only requires read_attribute. Need to have a explicit 2115 * access check here. 2116 */ 2117 if (sr->fid_ofile == NULL) { 2118 error = smb_fsop_access(sr, ga_cred, snode, 2119 READ_CONTROL); 2120 if (error) 2121 return (EACCES); 2122 } 2123 2124 attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2125 error = smb_fsop_getattr(sr, ga_cred, snode, &attr); 2126 if (error == 0) { 2127 fs_sd->sd_uid = attr.sa_vattr.va_uid; 2128 fs_sd->sd_gid = attr.sa_vattr.va_gid; 2129 } else { 2130 return (error); 2131 } 2132 } 2133 2134 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2135 error = smb_fsop_aclread(sr, cr, snode, fs_sd); 2136 } 2137 2138 return (error); 2139 } 2140 2141 /* 2142 * smb_fsop_sdmerge 2143 * 2144 * From SMB point of view DACL and SACL are two separate list 2145 * which can be manipulated independently without one affecting 2146 * the other, but entries for both DACL and SACL will end up 2147 * in the same ACL if target filesystem supports ACE_T ACLs. 2148 * 2149 * So, if either DACL or SACL is present in the client set request 2150 * the entries corresponding to the non-present ACL shouldn't 2151 * be touched in the FS ACL. 2152 * 2153 * fs_sd parameter contains DACL and SACL specified by SMB 2154 * client to be set on a file/directory. The client could 2155 * specify both or one of these ACLs (if none is specified 2156 * we don't get this far). When both DACL and SACL are given 2157 * by client the existing ACL should be overwritten. If only 2158 * one of them is specified the entries corresponding to the other 2159 * ACL should not be touched. For example, if only DACL 2160 * is specified in input fs_sd, the function reads audit entries 2161 * of the existing ACL of the file and point fs_sd->sd_zsdacl 2162 * pointer to the fetched SACL, this way when smb_fsop_sdwrite() 2163 * function is called the passed fs_sd would point to the specified 2164 * DACL by client and fetched SACL from filesystem, so the file 2165 * will end up with correct ACL. 2166 */ 2167 static int 2168 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd) 2169 { 2170 smb_fssd_t cur_sd; 2171 int error = 0; 2172 2173 if (sr->tid_tree->t_acltype != ACE_T) 2174 /* Don't bother if target FS doesn't support ACE_T */ 2175 return (0); 2176 2177 if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) { 2178 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 2179 /* 2180 * Don't overwrite existing audit entries 2181 */ 2182 smb_fssd_init(&cur_sd, SMB_SACL_SECINFO, 2183 fs_sd->sd_flags); 2184 2185 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2186 if (error == 0) { 2187 ASSERT(fs_sd->sd_zsacl == NULL); 2188 fs_sd->sd_zsacl = cur_sd.sd_zsacl; 2189 if (fs_sd->sd_zsacl && fs_sd->sd_zdacl) 2190 fs_sd->sd_zsacl->acl_flags = 2191 fs_sd->sd_zdacl->acl_flags; 2192 } 2193 } else { 2194 /* 2195 * Don't overwrite existing access entries 2196 */ 2197 smb_fssd_init(&cur_sd, SMB_DACL_SECINFO, 2198 fs_sd->sd_flags); 2199 2200 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2201 if (error == 0) { 2202 ASSERT(fs_sd->sd_zdacl == NULL); 2203 fs_sd->sd_zdacl = cur_sd.sd_zdacl; 2204 if (fs_sd->sd_zdacl && fs_sd->sd_zsacl) 2205 fs_sd->sd_zdacl->acl_flags = 2206 fs_sd->sd_zsacl->acl_flags; 2207 } 2208 } 2209 2210 if (error) 2211 smb_fssd_term(&cur_sd); 2212 } 2213 2214 return (error); 2215 } 2216 2217 /* 2218 * smb_fsop_sdwrite 2219 * 2220 * Stores the given uid, gid and acl in filesystem. 2221 * Provided items in fs_sd are specified by fs_sd->sd_secinfo. 2222 * 2223 * A SMB security descriptor could contain owner, primary group, 2224 * DACL and SACL. Setting an SD should be atomic but here it has to 2225 * be done via two separate FS operations: VOP_SETATTR and 2226 * VOP_SETSECATTR. Therefore, this function has to simulate the 2227 * atomicity as well as it can. 2228 * 2229 * Get the current uid, gid before setting the new uid/gid 2230 * so if smb_fsop_aclwrite fails they can be restored. root cred is 2231 * used to get currend uid/gid since this operation is performed on 2232 * behalf of the server not the user. 2233 * 2234 * If setting uid/gid fails with EPERM it means that and invalid 2235 * owner has been specified. Callers should translate this to 2236 * STATUS_INVALID_OWNER which is not the normal mapping for EPERM 2237 * in upper layers, so EPERM is mapped to EBADE. 2238 */ 2239 int 2240 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2241 smb_fssd_t *fs_sd, int overwrite) 2242 { 2243 int error = 0; 2244 int access = 0; 2245 smb_attr_t set_attr; 2246 smb_attr_t orig_attr; 2247 2248 ASSERT(cr); 2249 ASSERT(fs_sd); 2250 2251 ASSERT(sr); 2252 ASSERT(sr->tid_tree); 2253 if (SMB_TREE_IS_READONLY(sr)) 2254 return (EROFS); 2255 2256 bzero(&set_attr, sizeof (smb_attr_t)); 2257 2258 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 2259 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 2260 set_attr.sa_mask |= SMB_AT_UID; 2261 access |= WRITE_OWNER; 2262 } 2263 2264 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 2265 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 2266 set_attr.sa_mask |= SMB_AT_GID; 2267 access |= WRITE_OWNER; 2268 } 2269 2270 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2271 access |= WRITE_DAC; 2272 2273 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2274 access |= ACCESS_SYSTEM_SECURITY; 2275 2276 if (sr->fid_ofile) 2277 error = smb_ofile_access(sr->fid_ofile, cr, access); 2278 else 2279 error = smb_fsop_access(sr, cr, snode, access); 2280 2281 if (error) 2282 return (EACCES); 2283 2284 if (set_attr.sa_mask) { 2285 orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2286 error = smb_fsop_getattr(sr, kcred, snode, &orig_attr); 2287 if (error == 0) { 2288 error = smb_fsop_setattr(sr, cr, snode, &set_attr); 2289 if (error == EPERM) 2290 error = EBADE; 2291 } 2292 2293 if (error) 2294 return (error); 2295 } 2296 2297 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2298 if (overwrite == 0) { 2299 error = smb_fsop_sdmerge(sr, snode, fs_sd); 2300 if (error) 2301 return (error); 2302 } 2303 2304 error = smb_fsop_aclwrite(sr, cr, snode, fs_sd); 2305 if (error) { 2306 /* 2307 * Revert uid/gid changes if required. 2308 */ 2309 if (set_attr.sa_mask) { 2310 orig_attr.sa_mask = set_attr.sa_mask; 2311 (void) smb_fsop_setattr(sr, kcred, snode, 2312 &orig_attr); 2313 } 2314 } 2315 } 2316 2317 return (error); 2318 } 2319 2320 /* 2321 * smb_fsop_sdinherit 2322 * 2323 * Inherit the security descriptor from the parent container. 2324 * This function is called after FS has created the file/folder 2325 * so if this doesn't do anything it means FS inheritance is 2326 * in place. 2327 * 2328 * Do inheritance for ZFS internally. 2329 * 2330 * If we want to let ZFS does the inheritance the 2331 * following setting should be true: 2332 * 2333 * - aclinherit = passthrough 2334 * - aclmode = passthrough 2335 * - smbd umask = 0777 2336 * 2337 * This will result in right effective permissions but 2338 * ZFS will always add 6 ACEs for owner, owning group 2339 * and others to be POSIX compliant. This is not what 2340 * Windows clients/users expect, so we decided that CIFS 2341 * implements Windows rules and overwrite whatever ZFS 2342 * comes up with. This way we also don't have to care 2343 * about ZFS aclinherit and aclmode settings. 2344 */ 2345 static int 2346 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd) 2347 { 2348 acl_t *dacl = NULL; 2349 acl_t *sacl = NULL; 2350 int is_dir; 2351 int error; 2352 2353 ASSERT(fs_sd); 2354 2355 if (sr->tid_tree->t_acltype != ACE_T) { 2356 /* 2357 * No forced inheritance for non-ZFS filesystems. 2358 */ 2359 fs_sd->sd_secinfo = 0; 2360 return (0); 2361 } 2362 2363 2364 /* Fetch parent directory's ACL */ 2365 error = smb_fsop_sdread(sr, kcred, dnode, fs_sd); 2366 if (error) { 2367 return (error); 2368 } 2369 2370 is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR); 2371 dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO, 2372 sr->user_cr); 2373 sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO, 2374 sr->user_cr); 2375 2376 if (sacl == NULL) 2377 fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO; 2378 2379 smb_fsacl_free(fs_sd->sd_zdacl); 2380 smb_fsacl_free(fs_sd->sd_zsacl); 2381 2382 fs_sd->sd_zdacl = dacl; 2383 fs_sd->sd_zsacl = sacl; 2384 2385 return (0); 2386 } 2387 2388 /* 2389 * smb_fsop_eaccess 2390 * 2391 * Returns the effective permission of the given credential for the 2392 * specified object. 2393 * 2394 * This is just a workaround. We need VFS/FS support for this. 2395 */ 2396 void 2397 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2398 uint32_t *eaccess) 2399 { 2400 int access = 0; 2401 vnode_t *dir_vp; 2402 smb_node_t *unnamed_node; 2403 2404 ASSERT(cr); 2405 ASSERT(snode); 2406 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2407 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2408 2409 unnamed_node = SMB_IS_STREAM(snode); 2410 if (unnamed_node) { 2411 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2412 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2413 /* 2414 * Streams authorization should be performed against the 2415 * unnamed stream. 2416 */ 2417 snode = unnamed_node; 2418 } 2419 2420 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) { 2421 dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL; 2422 smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp, 2423 cr); 2424 return; 2425 } 2426 2427 /* 2428 * FS doesn't understand 32-bit mask 2429 */ 2430 smb_vop_eaccess(snode->vp, &access, 0, NULL, cr); 2431 access &= sr->tid_tree->t_access; 2432 2433 *eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES; 2434 2435 if (access & VREAD) 2436 *eaccess |= FILE_READ_DATA; 2437 2438 if (access & VEXEC) 2439 *eaccess |= FILE_EXECUTE; 2440 2441 if (access & VWRITE) 2442 *eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | 2443 FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD; 2444 } 2445 2446 /* 2447 * smb_fsop_shrlock 2448 * 2449 * For the current open request, check file sharing rules 2450 * against existing opens. 2451 * 2452 * Returns NT_STATUS_SHARING_VIOLATION if there is any 2453 * sharing conflict. Returns NT_STATUS_SUCCESS otherwise. 2454 * 2455 * Full system-wide share reservation synchronization is available 2456 * when the nbmand (non-blocking mandatory) mount option is set 2457 * (i.e. nbl_need_crit() is true) and nbmand critical regions are used. 2458 * This provides synchronization with NFS and local processes. The 2459 * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called 2460 * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well 2461 * as the CIFS rename and delete paths. 2462 * 2463 * The CIFS server will also enter the nbl critical region in the open, 2464 * rename, and delete paths when nbmand is not set. There is limited 2465 * coordination with local and VFS share reservations in this case. 2466 * Note that when the nbmand mount option is not set, the VFS layer 2467 * only processes advisory reservations and the delete mode is not checked. 2468 * 2469 * Whether or not the nbmand mount option is set, intra-CIFS share 2470 * checking is done in the open, delete, and rename paths using a CIFS 2471 * critical region (node->n_share_lock). 2472 */ 2473 uint32_t 2474 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid, 2475 uint32_t desired_access, uint32_t share_access) 2476 { 2477 int rc; 2478 2479 /* Allow access if the request is just for meta data */ 2480 if ((desired_access & FILE_DATA_ALL) == 0) 2481 return (NT_STATUS_SUCCESS); 2482 2483 rc = smb_node_open_check(node, desired_access, share_access); 2484 if (rc) 2485 return (NT_STATUS_SHARING_VIOLATION); 2486 2487 rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access, 2488 cr); 2489 if (rc) 2490 return (NT_STATUS_SHARING_VIOLATION); 2491 2492 return (NT_STATUS_SUCCESS); 2493 } 2494 2495 void 2496 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid) 2497 { 2498 (void) smb_vop_unshrlock(node->vp, uniq_fid, cr); 2499 } 2500 2501 int 2502 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock, 2503 cred_t *cr) 2504 { 2505 flock64_t bf; 2506 int flag = F_REMOTELOCK; 2507 2508 /* 2509 * VOP_FRLOCK() will not be called if: 2510 * 2511 * 1) The lock has a range of zero bytes. The semantics of Windows and 2512 * POSIX are different. In the case of POSIX it asks for the locking 2513 * of all the bytes from the offset provided until the end of the 2514 * file. In the case of Windows a range of zero locks nothing and 2515 * doesn't conflict with any other lock. 2516 * 2517 * 2) The lock rolls over (start + lenght < start). Solaris will assert 2518 * if such a request is submitted. This will not create 2519 * incompatibilities between POSIX and Windows. In the Windows world, 2520 * if a client submits such a lock, the server will not lock any 2521 * bytes. Interestingly if the same lock (same offset and length) is 2522 * resubmitted Windows will consider that there is an overlap and 2523 * the granting rules will then apply. 2524 */ 2525 if ((lock->l_length == 0) || 2526 ((lock->l_start + lock->l_length - 1) < lock->l_start)) 2527 return (0); 2528 2529 bzero(&bf, sizeof (bf)); 2530 2531 if (unlock) { 2532 bf.l_type = F_UNLCK; 2533 } else if (lock->l_type == SMB_LOCK_TYPE_READONLY) { 2534 bf.l_type = F_RDLCK; 2535 flag |= FREAD; 2536 } else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) { 2537 bf.l_type = F_WRLCK; 2538 flag |= FWRITE; 2539 } 2540 2541 bf.l_start = lock->l_start; 2542 bf.l_len = lock->l_length; 2543 bf.l_pid = lock->l_file->f_uniqid; 2544 bf.l_sysid = smb_ct.cc_sysid; 2545 2546 return (smb_vop_frlock(node->vp, cr, flag, &bf)); 2547 } 2548