Print this page
NEX-19378 Access problem with SMB server
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
NEX-19152 MacOS HighSierra Finder crashes...
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-13644 File access audit logging
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
NEX-17779 Creating named streams on existing files is not quite right
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-17289 Minimal SMB 3.0.2 support
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-2807 Restoring previous versions from snapshots doesn't work with nested folders.
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-9808 SMB3 persistent handles
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15069 smtorture smb2.create.blob is failed
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-9808 SMB3 persistent handles
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15069 smtorture smb2.create.blob is failed
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-13653 Obsolete SMB server work-around for ZFS read-only
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-6276 SMB sparse file support
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5844 want SMB2 ioctl FSCTL_SRV_COPYCHUNK
NEX-6124 smb_fsop_read/write should allow file != sr->fid_ofile
NEX-6125 smbtorture invalid response with smb2.ioctl
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-6041 Should pass the smbtorture lock tests
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
NEX-4474 SMB open with access=MAXIMUM_ALLOWED fails after NEX-3232
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
SMB-11 SMB2 message parse & dispatch
SMB-12 SMB2 Negotiate Protocol
SMB-13 SMB2 Session Setup
SMB-14 SMB2 Logoff
SMB-15 SMB2 Tree Connect
SMB-16 SMB2 Tree Disconnect
SMB-17 SMB2 Create
SMB-18 SMB2 Close
SMB-19 SMB2 Flush
SMB-20 SMB2 Read
SMB-21 SMB2 Write
SMB-22 SMB2 Lock/Unlock
SMB-23 SMB2 Ioctl
SMB-24 SMB2 Cancel
SMB-25 SMB2 Echo
SMB-26 SMB2 Query Dir
SMB-27 SMB2 Change Notify
SMB-28 SMB2 Query Info
SMB-29 SMB2 Set Info
SMB-30 SMB2 Oplocks
SMB-53 SMB2 Create Context options
(SMB2 code review cleanup 1, 2, 3)
SMB-58 smbsrv should be immune to its own FEM hooks
SMB-50 User-mode SMB server
Includes work by these authors:
Thomas Keiser <thomas.keiser@nexenta.com>
Albert Lee <trisk@nexenta.com>
SMB-65 SMB server in non-global zones (use zone_kcred())
SMB-63 taskq_create_proc ... TQ_DYNAMIC puts tasks in p0
re #11974 CIFS Share - Tree connect fails from Windows 7 Clients
SUS-172 Excel 2003 warning dialog when re-saving a file
SUS-173 Open fails if the client does not ask for read_attribute permission
re #7815 SMB server delivers old modification time...
re #11215 rb3676 sesctl to SGI JBOD hangs in biowait() with a command stuck in mptsas driver
re #10734 NT Trans. Notify returning too quickly
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/fs/smbsrv/smb_fsops.c
+++ new/usr/src/uts/common/fs/smbsrv/smb_fsops.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 - * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
23 + * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
24 24 */
25 25
26 26 #include <sys/sid.h>
27 27 #include <sys/nbmlock.h>
28 28 #include <smbsrv/smb_fsops.h>
29 29 #include <smbsrv/smb_kproto.h>
30 30 #include <acl/acl_common.h>
31 31 #include <sys/fcntl.h>
32 +#include <sys/filio.h>
32 33 #include <sys/flock.h>
33 34 #include <fs/fs_subr.h>
34 35
35 36 extern caller_context_t smb_ct;
36 37
37 -static int smb_fsop_create_stream(smb_request_t *, cred_t *, smb_node_t *,
38 - char *, char *, int, smb_attr_t *, smb_node_t **);
38 +static int smb_fsop_create_file_with_stream(smb_request_t *, cred_t *,
39 + smb_node_t *, char *, char *, int, smb_attr_t *, smb_node_t **);
39 40
40 41 static int smb_fsop_create_file(smb_request_t *, cred_t *, smb_node_t *,
41 42 char *, int, smb_attr_t *, smb_node_t **);
42 43
43 44 #ifdef _KERNEL
44 45 static int smb_fsop_create_with_sd(smb_request_t *, cred_t *, smb_node_t *,
45 46 char *, smb_attr_t *, smb_node_t **, smb_fssd_t *);
46 47 static int smb_fsop_sdinherit(smb_request_t *, smb_node_t *, smb_fssd_t *);
47 48 #endif /* _KERNEL */
48 49
49 50 /*
50 51 * The smb_fsop_* functions have knowledge of CIFS semantics.
51 52 *
52 53 * The smb_vop_* functions have minimal knowledge of CIFS semantics and
53 54 * serve as an interface to the VFS layer.
54 55 *
55 56 * Hence, smb_request_t and smb_node_t structures should not be passed
56 57 * from the smb_fsop_* layer to the smb_vop_* layer.
57 58 *
58 59 * In general, CIFS service code should only ever call smb_fsop_*
59 60 * functions directly, and never smb_vop_* functions directly.
60 61 *
61 62 * smb_fsop_* functions should call smb_vop_* functions where possible, instead
62 63 * of their smb_fsop_* counterparts. However, there are times when
63 64 * this cannot be avoided.
64 65 */
65 66
66 67 /*
67 68 * Note: Stream names cannot be mangled.
68 69 */
69 70
70 71 /*
71 72 * smb_fsop_amask_to_omode
72 73 *
73 74 * Convert the access mask to the open mode (for use
74 75 * with the VOP_OPEN call).
75 76 *
76 77 * Note that opening a file for attribute only access
77 78 * will also translate into an FREAD or FWRITE open mode
78 79 * (i.e., it's not just for data).
79 80 *
80 81 * This is needed so that opens are tracked appropriately
81 82 * for oplock processing.
82 83 */
83 84
84 85 int
85 86 smb_fsop_amask_to_omode(uint32_t access)
86 87 {
87 88 int mode = 0;
88 89
89 90 if (access & (FILE_READ_DATA | FILE_EXECUTE |
90 91 FILE_READ_ATTRIBUTES | FILE_READ_EA))
91 92 mode |= FREAD;
92 93
93 94 if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA |
94 95 FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA))
95 96 mode |= FWRITE;
96 97
97 98 if (access & FILE_APPEND_DATA)
98 99 mode |= FAPPEND;
99 100
100 101 return (mode);
101 102 }
102 103
103 104 int
104 105 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred)
105 106 {
106 107 /*
107 108 * Assuming that the same vnode is returned as we had before.
108 109 * (I.e., with certain types of files or file systems, a
109 110 * different vnode might be returned by VOP_OPEN)
110 111 */
111 112 return (smb_vop_open(&node->vp, mode, cred));
112 113 }
113 114
114 115 void
115 116 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred)
116 117 {
117 118 smb_vop_close(node->vp, mode, cred);
118 119 }
119 120
120 121 #ifdef _KERNEL
121 122 static int
122 123 smb_fsop_create_with_sd(smb_request_t *sr, cred_t *cr,
123 124 smb_node_t *dnode, char *name,
124 125 smb_attr_t *attr, smb_node_t **ret_snode, smb_fssd_t *fs_sd)
125 126 {
|
↓ open down ↓ |
77 lines elided |
↑ open up ↑ |
126 127 vsecattr_t *vsap;
127 128 vsecattr_t vsecattr;
128 129 smb_attr_t set_attr;
129 130 acl_t *acl, *dacl, *sacl;
130 131 vnode_t *vp;
131 132 cred_t *kcr = zone_kcred();
132 133 int aclbsize = 0; /* size of acl list in bytes */
133 134 int flags = 0;
134 135 int rc;
135 136 boolean_t is_dir;
137 + boolean_t do_audit;
136 138
137 139 ASSERT(fs_sd);
140 + ASSERT(ret_snode != NULL);
138 141
139 142 if (SMB_TREE_IS_CASEINSENSITIVE(sr))
140 143 flags = SMB_IGNORE_CASE;
141 144 if (SMB_TREE_SUPPORTS_CATIA(sr))
142 145 flags |= SMB_CATIA;
143 146
144 147 ASSERT(cr);
145 148
146 149 is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0);
147 150
151 + do_audit = smb_audit_init(sr);
148 152 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) {
149 153 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
150 154 dacl = fs_sd->sd_zdacl;
151 155 sacl = fs_sd->sd_zsacl;
152 156 ASSERT(dacl || sacl);
153 157 if (dacl && sacl) {
154 158 acl = smb_fsacl_merge(dacl, sacl);
155 159 } else if (dacl) {
156 160 acl = dacl;
157 161 } else {
158 162 acl = sacl;
159 163 }
160 164
161 165 rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize);
162 166
163 167 if (dacl && sacl)
164 168 acl_free(acl);
165 169
166 170 if (rc != 0)
167 171 return (rc);
168 172
169 173 vsap = &vsecattr;
170 174 } else {
171 175 vsap = NULL;
172 176 }
173 177
174 178 /* The tree ACEs may prevent a create */
175 179 rc = EACCES;
|
↓ open down ↓ |
18 lines elided |
↑ open up ↑ |
176 180 if (is_dir) {
177 181 if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_SUBDIRECTORY) != 0)
178 182 rc = smb_vop_mkdir(dnode->vp, name, attr,
179 183 &vp, flags, cr, vsap);
180 184 } else {
181 185 if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_FILE) != 0)
182 186 rc = smb_vop_create(dnode->vp, name, attr,
183 187 &vp, flags, cr, vsap);
184 188 }
185 189
190 + if (do_audit) {
191 + smb_audit_fini(sr,
192 + is_dir ? ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE,
193 + dnode, rc == 0);
194 + }
195 +
186 196 if (vsap != NULL)
187 197 kmem_free(vsap->vsa_aclentp, aclbsize);
188 198
189 199 if (rc != 0)
190 200 return (rc);
191 201
192 202 set_attr.sa_mask = 0;
193 203
194 204 /*
195 205 * Ideally we should be able to specify the owner and owning
196 206 * group at create time along with the ACL. Since we cannot
197 207 * do that right now, kcred is passed to smb_vop_setattr so it
198 208 * doesn't fail due to lack of permission.
199 209 */
200 210 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
201 211 set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
202 212 set_attr.sa_mask |= SMB_AT_UID;
203 213 }
204 214
205 215 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
206 216 set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
207 217 set_attr.sa_mask |= SMB_AT_GID;
208 218 }
209 219
210 220 if (set_attr.sa_mask)
211 221 rc = smb_vop_setattr(vp, NULL, &set_attr, 0, kcr);
212 222
213 223 if (rc == 0) {
214 224 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp,
215 225 name, dnode, NULL);
216 226
217 227 if (*ret_snode == NULL)
218 228 rc = ENOMEM;
219 229
220 230 VN_RELE(vp);
221 231 }
222 232 } else {
223 233 /*
224 234 * For filesystems that don't support ACL-on-create, try
225 235 * to set the specified SD after create, which could actually
226 236 * fail because of conflicts between inherited security
227 237 * attributes upon creation and the specified SD.
228 238 *
229 239 * Passing kcred to smb_fsop_sdwrite() to overcome this issue.
|
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
230 240 */
231 241
232 242 if (is_dir) {
233 243 rc = smb_vop_mkdir(dnode->vp, name, attr, &vp,
234 244 flags, cr, NULL);
235 245 } else {
236 246 rc = smb_vop_create(dnode->vp, name, attr, &vp,
237 247 flags, cr, NULL);
238 248 }
239 249
250 + if (do_audit) {
251 + smb_audit_fini(sr,
252 + is_dir ? ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE,
253 + dnode, rc == 0);
254 + }
255 +
240 256 if (rc != 0)
241 257 return (rc);
242 258
243 259 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp,
244 260 name, dnode, NULL);
245 261
246 262 if (*ret_snode != NULL) {
247 263 if (!smb_tree_has_feature(sr->tid_tree,
248 264 SMB_TREE_NFS_MOUNTED))
249 265 rc = smb_fsop_sdwrite(sr, kcr, *ret_snode,
250 266 fs_sd, 1);
251 267 } else {
252 268 rc = ENOMEM;
253 269 }
254 270
255 271 VN_RELE(vp);
256 272 }
257 273
258 274 if (rc != 0) {
259 275 if (is_dir)
260 276 (void) smb_vop_rmdir(dnode->vp, name, flags, cr);
261 277 else
262 278 (void) smb_vop_remove(dnode->vp, name, flags, cr);
263 279 }
264 280
265 281 return (rc);
266 282 }
267 283 #endif /* _KERNEL */
268 284
269 285 /*
270 286 * smb_fsop_create
271 287 *
272 288 * All SMB functions should use this wrapper to ensure that
273 289 * all the smb_vop_creates are performed with the appropriate credentials.
274 290 * Please document any direct calls to explain the reason for avoiding
275 291 * this wrapper.
276 292 *
277 293 * *ret_snode is returned with a reference upon success. No reference is
278 294 * taken if an error is returned.
279 295 */
280 296 int
281 297 smb_fsop_create(smb_request_t *sr, cred_t *cr, smb_node_t *dnode,
282 298 char *name, smb_attr_t *attr, smb_node_t **ret_snode)
283 299 {
284 300 int rc = 0;
285 301 int flags = 0;
286 302 char *fname, *sname;
287 303 char *longname = NULL;
288 304
289 305 ASSERT(cr);
290 306 ASSERT(dnode);
291 307 ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
292 308 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
293 309
294 310 ASSERT(ret_snode);
295 311 *ret_snode = 0;
296 312
297 313 ASSERT(name);
298 314 if (*name == 0)
299 315 return (EINVAL);
300 316
301 317 ASSERT(sr);
302 318 ASSERT(sr->tid_tree);
303 319
304 320 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
305 321 return (EACCES);
306 322
307 323 if (SMB_TREE_IS_READONLY(sr))
308 324 return (EROFS);
309 325
310 326 if (SMB_TREE_IS_CASEINSENSITIVE(sr))
311 327 flags = SMB_IGNORE_CASE;
|
↓ open down ↓ |
62 lines elided |
↑ open up ↑ |
312 328 if (SMB_TREE_SUPPORTS_CATIA(sr))
313 329 flags |= SMB_CATIA;
314 330 if (SMB_TREE_SUPPORTS_ABE(sr))
315 331 flags |= SMB_ABE;
316 332
317 333 if (smb_is_stream_name(name)) {
318 334 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
319 335 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
320 336 smb_stream_parse_name(name, fname, sname);
321 337
322 - rc = smb_fsop_create_stream(sr, cr, dnode,
338 + rc = smb_fsop_create_file_with_stream(sr, cr, dnode,
323 339 fname, sname, flags, attr, ret_snode);
324 340
325 341 kmem_free(fname, MAXNAMELEN);
326 342 kmem_free(sname, MAXNAMELEN);
327 343 return (rc);
328 344 }
329 345
330 346 /* Not a named stream */
331 347
332 348 if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) {
333 349 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
334 350 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
335 351 kmem_free(longname, MAXNAMELEN);
336 352
337 353 if (rc == 0)
338 354 rc = EEXIST;
339 355 if (rc != ENOENT)
340 356 return (rc);
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
341 357 }
342 358
343 359 rc = smb_fsop_create_file(sr, cr, dnode, name, flags,
344 360 attr, ret_snode);
345 361 return (rc);
346 362
347 363 }
348 364
349 365
350 366 /*
351 - * smb_fsop_create_stream
367 + * smb_fsop_create_file_with_stream
352 368 *
353 - * Create NTFS named stream file (sname) on unnamed stream
354 - * file (fname), creating the unnamed stream file if it
369 + * Create named stream (sname) on file (fname), creating the file if it
355 370 * doesn't exist.
356 - * If we created the unnamed stream file and then creation
357 - * of the named stream file fails, we delete the unnamed stream.
371 + * If we created the file and then creation of the named stream fails,
372 + * we delete the file.
358 373 * Since we use the real file name for the smb_vop_remove we
359 374 * clear the SMB_IGNORE_CASE flag to ensure a case sensitive
360 375 * match.
361 376 *
362 - * The second parameter of smb_vop_setattr() is set to
363 - * NULL, even though an unnamed stream exists. This is
364 - * because we want to set the UID and GID on the named
365 - * stream in this case for consistency with the (unnamed
366 - * stream) file (see comments for smb_vop_setattr()).
377 + * Note that some stream "types" are "restricted" and only
378 + * internal callers (cr == kcred) can create those.
367 379 */
368 380 static int
369 -smb_fsop_create_stream(smb_request_t *sr, cred_t *cr,
381 +smb_fsop_create_file_with_stream(smb_request_t *sr, cred_t *cr,
370 382 smb_node_t *dnode, char *fname, char *sname, int flags,
371 383 smb_attr_t *attr, smb_node_t **ret_snode)
372 384 {
373 - smb_attr_t fattr;
374 385 smb_node_t *fnode;
375 - vnode_t *xattrdvp;
376 - vnode_t *vp;
377 386 cred_t *kcr = zone_kcred();
378 387 int rc = 0;
379 388 boolean_t fcreate = B_FALSE;
380 389
390 + ASSERT(ret_snode != NULL);
391 +
392 + if (cr != kcr && smb_strname_restricted(sname))
393 + return (EACCES);
394 +
381 395 /* Look up / create the unnamed stream, fname */
382 396 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
383 397 sr->tid_tree->t_snode, dnode, fname, &fnode);
384 398 if (rc == ENOENT) {
385 399 fcreate = B_TRUE;
386 400 rc = smb_fsop_create_file(sr, cr, dnode, fname, flags,
387 401 attr, &fnode);
388 402 }
389 403 if (rc != 0)
390 404 return (rc);
391 405
392 - fattr.sa_mask = SMB_AT_UID | SMB_AT_GID;
393 - rc = smb_vop_getattr(fnode->vp, NULL, &fattr, 0, kcr);
406 + rc = smb_fsop_create_stream(sr, cr, dnode, fnode, sname, flags, attr,
407 + ret_snode);
394 408
395 - if (rc == 0) {
396 - /* create the named stream, sname */
397 - rc = smb_vop_stream_create(fnode->vp, sname, attr,
398 - &vp, &xattrdvp, flags, cr);
399 - }
400 409 if (rc != 0) {
401 410 if (fcreate) {
402 411 flags &= ~SMB_IGNORE_CASE;
403 412 (void) smb_vop_remove(dnode->vp,
404 413 fnode->od_name, flags, cr);
405 414 }
406 - smb_node_release(fnode);
407 - return (rc);
408 415 }
409 416
417 + smb_node_release(fnode);
418 + return (rc);
419 +}
420 +
421 +/*
422 + * smb_fsop_create_stream
423 + *
424 + * Create named stream (sname) on existing file (fnode).
425 + *
426 + * The second parameter of smb_vop_setattr() is set to
427 + * NULL, even though an unnamed stream exists. This is
428 + * because we want to set the UID and GID on the named
429 + * stream in this case for consistency with the (unnamed
430 + * stream) file (see comments for smb_vop_setattr()).
431 + *
432 + * Note that some stream "types" are "restricted" and only
433 + * internal callers (cr == kcred) can create those.
434 + */
435 +int
436 +smb_fsop_create_stream(smb_request_t *sr, cred_t *cr,
437 + smb_node_t *dnode, smb_node_t *fnode, char *sname, int flags,
438 + smb_attr_t *attr, smb_node_t **ret_snode)
439 +{
440 + smb_attr_t fattr;
441 + vnode_t *xattrdvp;
442 + vnode_t *vp;
443 + cred_t *kcr = zone_kcred();
444 + int rc = 0;
445 +
446 + ASSERT(ret_snode != NULL);
447 +
448 + if (cr != kcr && smb_strname_restricted(sname))
449 + return (EACCES);
450 +
451 + bzero(&fattr, sizeof (fattr));
452 + fattr.sa_mask = SMB_AT_UID | SMB_AT_GID;
453 + rc = smb_vop_getattr(fnode->vp, NULL, &fattr, 0, kcr);
454 +
455 + if (rc == 0) {
456 + /* create the named stream, sname */
457 + rc = smb_vop_stream_create(fnode->vp, sname,
458 + attr, &vp, &xattrdvp, flags, cr);
459 + }
460 + if (rc != 0)
461 + return (rc);
462 +
410 463 attr->sa_vattr.va_uid = fattr.sa_vattr.va_uid;
411 464 attr->sa_vattr.va_gid = fattr.sa_vattr.va_gid;
412 465 attr->sa_mask = SMB_AT_UID | SMB_AT_GID;
413 466
414 467 rc = smb_vop_setattr(vp, NULL, attr, 0, kcr);
415 468 if (rc != 0) {
416 - smb_node_release(fnode);
469 + VN_RELE(xattrdvp);
470 + VN_RELE(vp);
417 471 return (rc);
418 472 }
419 473
420 474 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdvp,
421 475 vp, sname);
422 476
423 - smb_node_release(fnode);
424 477 VN_RELE(xattrdvp);
425 478 VN_RELE(vp);
426 479
427 480 if (*ret_snode == NULL)
428 481 rc = ENOMEM;
429 482
430 483 /* notify change to the unnamed stream */
431 484 if (rc == 0)
432 485 smb_node_notify_change(dnode,
433 - FILE_ACTION_ADDED_STREAM, fname);
486 + FILE_ACTION_ADDED_STREAM, fnode->od_name);
434 487
435 488 return (rc);
436 489 }
437 490
438 491 /*
439 492 * smb_fsop_create_file
440 493 */
441 494 static int
442 495 smb_fsop_create_file(smb_request_t *sr, cred_t *cr,
443 496 smb_node_t *dnode, char *name, int flags,
444 497 smb_attr_t *attr, smb_node_t **ret_snode)
445 498 {
446 499 smb_arg_open_t *op = &sr->sr_open;
447 500 vnode_t *vp;
448 501 int rc;
449 502
503 + ASSERT(ret_snode != NULL);
504 +
450 505 #ifdef _KERNEL
451 506 smb_fssd_t fs_sd;
452 507 uint32_t secinfo;
453 508 uint32_t status;
454 509
455 510 if (op->sd) {
456 511 /*
457 512 * SD sent by client in Windows format. Needs to be
458 513 * converted to FS format. No inheritance.
459 514 */
460 515 secinfo = smb_sd_get_secinfo(op->sd);
461 516 smb_fssd_init(&fs_sd, secinfo, 0);
462 517
463 518 status = smb_sd_tofs(op->sd, &fs_sd);
464 519 if (status == NT_STATUS_SUCCESS) {
465 520 rc = smb_fsop_create_with_sd(sr, cr, dnode,
466 521 name, attr, ret_snode, &fs_sd);
467 522 } else {
468 523 rc = EINVAL;
469 524 }
470 525 smb_fssd_term(&fs_sd);
471 526 } else if (sr->tid_tree->t_acltype == ACE_T) {
472 527 /*
473 528 * No incoming SD and filesystem is ZFS
474 529 * Server applies Windows inheritance rules,
475 530 * see smb_fsop_sdinherit() comments as to why.
476 531 */
477 532 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0);
478 533 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd);
479 534 if (rc == 0) {
480 535 rc = smb_fsop_create_with_sd(sr, cr, dnode,
|
↓ open down ↓ |
21 lines elided |
↑ open up ↑ |
481 536 name, attr, ret_snode, &fs_sd);
482 537 }
483 538
484 539 smb_fssd_term(&fs_sd);
485 540 } else
486 541 #endif /* _KERNEL */
487 542 {
488 543 /*
489 544 * No incoming SD and filesystem is not ZFS
490 545 * let the filesystem handles the inheritance.
546 + *
547 + * fsop_create_with_sd handles auditing in the other cases.
548 + * Handle it explicitly here.
491 549 */
550 + boolean_t do_audit = smb_audit_init(sr);
551 +
492 552 rc = smb_vop_create(dnode->vp, name, attr, &vp,
493 553 flags, cr, NULL);
494 554
555 + if (do_audit) {
556 + smb_audit_fini(sr, ACE_ADD_FILE, dnode, rc == 0);
557 + }
558 +
495 559 if (rc == 0) {
496 560 *ret_snode = smb_node_lookup(sr, op, cr, vp,
497 561 name, dnode, NULL);
498 562
499 563 if (*ret_snode == NULL)
500 564 rc = ENOMEM;
501 565
502 566 VN_RELE(vp);
503 567 }
504 568
505 569 }
506 570
507 571 if (rc == 0)
508 572 smb_node_notify_change(dnode, FILE_ACTION_ADDED, name);
509 573
510 574 return (rc);
511 575 }
512 576
513 577 /*
514 578 * smb_fsop_mkdir
515 579 *
516 580 * All SMB functions should use this wrapper to ensure that
517 581 * the the calls are performed with the appropriate credentials.
518 582 * Please document any direct call to explain the reason
519 583 * for avoiding this wrapper.
520 584 *
521 585 * It is assumed that a reference exists on snode coming into this routine.
522 586 *
523 587 * *ret_snode is returned with a reference upon success. No reference is
524 588 * taken if an error is returned.
525 589 */
526 590 int
527 591 smb_fsop_mkdir(
528 592 smb_request_t *sr,
529 593 cred_t *cr,
530 594 smb_node_t *dnode,
531 595 char *name,
532 596 smb_attr_t *attr,
533 597 smb_node_t **ret_snode)
534 598 {
535 599 struct open_param *op = &sr->arg.open;
536 600 char *longname;
537 601 vnode_t *vp;
538 602 int flags = 0;
539 603 int rc;
540 604
541 605 #ifdef _KERNEL
542 606 smb_fssd_t fs_sd;
543 607 uint32_t secinfo;
544 608 uint32_t status;
545 609 #endif /* _KERNEL */
546 610
547 611 ASSERT(cr);
548 612 ASSERT(dnode);
549 613 ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
550 614 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
551 615
552 616 ASSERT(ret_snode);
553 617 *ret_snode = 0;
554 618
555 619 ASSERT(name);
556 620 if (*name == 0)
557 621 return (EINVAL);
558 622
559 623 ASSERT(sr);
560 624 ASSERT(sr->tid_tree);
561 625
562 626 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
563 627 return (EACCES);
564 628
565 629 if (SMB_TREE_IS_READONLY(sr))
566 630 return (EROFS);
567 631 if (SMB_TREE_SUPPORTS_CATIA(sr))
568 632 flags |= SMB_CATIA;
569 633 if (SMB_TREE_SUPPORTS_ABE(sr))
570 634 flags |= SMB_ABE;
571 635
572 636 if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) {
573 637 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
574 638 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
575 639 kmem_free(longname, MAXNAMELEN);
576 640
577 641 /*
578 642 * If the name passed in by the client has an unmangled
579 643 * equivalent that is found in the specified directory,
580 644 * then the mkdir cannot succeed. Return EEXIST.
581 645 *
582 646 * Only if ENOENT is returned will a mkdir be attempted.
583 647 */
584 648
585 649 if (rc == 0)
586 650 rc = EEXIST;
587 651
588 652 if (rc != ENOENT)
589 653 return (rc);
590 654 }
591 655
592 656 if (SMB_TREE_IS_CASEINSENSITIVE(sr))
593 657 flags = SMB_IGNORE_CASE;
594 658
595 659 #ifdef _KERNEL
596 660 if (op->sd) {
597 661 /*
598 662 * SD sent by client in Windows format. Needs to be
599 663 * converted to FS format. No inheritance.
600 664 */
601 665 secinfo = smb_sd_get_secinfo(op->sd);
602 666 smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR);
603 667
604 668 status = smb_sd_tofs(op->sd, &fs_sd);
605 669 if (status == NT_STATUS_SUCCESS) {
606 670 rc = smb_fsop_create_with_sd(sr, cr, dnode,
607 671 name, attr, ret_snode, &fs_sd);
608 672 }
609 673 else
610 674 rc = EINVAL;
611 675 smb_fssd_term(&fs_sd);
612 676 } else if (sr->tid_tree->t_acltype == ACE_T) {
613 677 /*
614 678 * No incoming SD and filesystem is ZFS
615 679 * Server applies Windows inheritance rules,
616 680 * see smb_fsop_sdinherit() comments as to why.
617 681 */
618 682 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR);
619 683 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd);
|
↓ open down ↓ |
115 lines elided |
↑ open up ↑ |
620 684 if (rc == 0) {
621 685 rc = smb_fsop_create_with_sd(sr, cr, dnode,
622 686 name, attr, ret_snode, &fs_sd);
623 687 }
624 688
625 689 smb_fssd_term(&fs_sd);
626 690
627 691 } else
628 692 #endif /* _KERNEL */
629 693 {
694 + /*
695 + * fsop_create_with_sd handles auditing in the other cases.
696 + * Handle it explicitly here.
697 + */
698 + boolean_t do_audit = smb_audit_init(sr);
699 +
630 700 rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, flags, cr,
631 701 NULL);
632 702
703 + if (do_audit) {
704 + smb_audit_fini(sr, ACE_ADD_SUBDIRECTORY, dnode,
705 + rc == 0);
706 + }
707 +
633 708 if (rc == 0) {
634 709 *ret_snode = smb_node_lookup(sr, op, cr, vp, name,
635 710 dnode, NULL);
636 711
637 712 if (*ret_snode == NULL)
638 713 rc = ENOMEM;
639 714
640 715 VN_RELE(vp);
641 716 }
642 717 }
643 718
644 719 if (rc == 0)
645 720 smb_node_notify_change(dnode, FILE_ACTION_ADDED, name);
646 721
647 722 return (rc);
648 723 }
649 724
650 725 /*
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
651 726 * smb_fsop_remove
652 727 *
653 728 * All SMB functions should use this wrapper to ensure that
654 729 * the the calls are performed with the appropriate credentials.
655 730 * Please document any direct call to explain the reason
656 731 * for avoiding this wrapper.
657 732 *
658 733 * It is assumed that a reference exists on snode coming into this routine.
659 734 *
660 735 * A null smb_request might be passed to this function.
736 + *
737 + * Note that some stream "types" are "restricted" and only
738 + * internal callers (cr == kcred) can remove those.
661 739 */
662 740 int
663 741 smb_fsop_remove(
664 742 smb_request_t *sr,
665 743 cred_t *cr,
666 744 smb_node_t *dnode,
667 745 char *name,
668 746 uint32_t flags)
669 747 {
670 748 smb_node_t *fnode;
671 749 char *longname;
672 750 char *fname;
673 751 char *sname;
674 752 int rc;
675 753
676 754 ASSERT(cr);
677 755 /*
678 756 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
679 757 * function is called during the deletion of the node (because of
680 758 * DELETE_ON_CLOSE).
681 759 */
682 760 ASSERT(dnode);
683 761 ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
684 762
685 763 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 ||
|
↓ open down ↓ |
15 lines elided |
↑ open up ↑ |
686 764 SMB_TREE_HAS_ACCESS(sr, ACE_DELETE) == 0)
687 765 return (EACCES);
688 766
689 767 if (SMB_TREE_IS_READONLY(sr))
690 768 return (EROFS);
691 769
692 770 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
693 771 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
694 772
695 773 if (dnode->flags & NODE_XATTR_DIR) {
774 + if (cr != zone_kcred() && smb_strname_restricted(name)) {
775 + rc = EACCES;
776 + goto out;
777 + }
778 +
696 779 fnode = dnode->n_dnode;
697 780 rc = smb_vop_stream_remove(fnode->vp, name, flags, cr);
698 781
699 782 /* notify change to the unnamed stream */
700 783 if ((rc == 0) && fnode->n_dnode) {
701 784 smb_node_notify_change(fnode->n_dnode,
702 785 FILE_ACTION_REMOVED_STREAM, fnode->od_name);
703 786 }
704 787 } else if (smb_is_stream_name(name)) {
705 788 smb_stream_parse_name(name, fname, sname);
706 789
790 + if (cr != zone_kcred() && smb_strname_restricted(sname)) {
791 + rc = EACCES;
792 + goto out;
793 + }
794 +
707 795 /*
708 796 * Look up the unnamed stream (i.e. fname).
709 797 * Unmangle processing will be done on fname
710 798 * as well as any link target.
711 799 */
712 800
713 801 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
714 802 sr->tid_tree->t_snode, dnode, fname, &fnode);
715 803
716 804 if (rc != 0) {
717 - kmem_free(fname, MAXNAMELEN);
718 - kmem_free(sname, MAXNAMELEN);
719 - return (rc);
805 + goto out;
720 806 }
721 807
722 808 /*
723 809 * XXX
724 810 * Need to find out what permission is required by NTFS
725 811 * to remove a stream.
726 812 */
727 813 rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr);
728 814
729 815 smb_node_release(fnode);
730 816
731 817 /* notify change to the unnamed stream */
|
↓ open down ↓ |
2 lines elided |
↑ open up ↑ |
732 818 if (rc == 0) {
733 819 smb_node_notify_change(dnode,
734 820 FILE_ACTION_REMOVED_STREAM, fname);
735 821 }
736 822 } else {
737 823 rc = smb_vop_remove(dnode->vp, name, flags, cr);
738 824
739 825 if (rc == ENOENT) {
740 826 if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
741 827 !smb_maybe_mangled(name)) {
742 - kmem_free(fname, MAXNAMELEN);
743 - kmem_free(sname, MAXNAMELEN);
744 - return (rc);
828 + goto out;
745 829 }
746 830 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
747 831
748 832 if (SMB_TREE_SUPPORTS_ABE(sr))
749 833 flags |= SMB_ABE;
750 834
751 835 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN,
752 836 flags);
753 837
754 838 if (rc == 0) {
755 839 /*
756 840 * longname is the real (case-sensitive)
757 841 * on-disk name.
758 842 * We make sure we do a remove on this exact
759 843 * name, as the name was mangled and denotes
760 844 * a unique file.
761 845 */
762 846 flags &= ~SMB_IGNORE_CASE;
763 847 rc = smb_vop_remove(dnode->vp, longname,
|
↓ open down ↓ |
9 lines elided |
↑ open up ↑ |
764 848 flags, cr);
765 849 }
766 850 kmem_free(longname, MAXNAMELEN);
767 851 }
768 852 if (rc == 0) {
769 853 smb_node_notify_change(dnode,
770 854 FILE_ACTION_REMOVED, name);
771 855 }
772 856 }
773 857
858 +out:
774 859 kmem_free(fname, MAXNAMELEN);
775 860 kmem_free(sname, MAXNAMELEN);
776 861
777 862 return (rc);
778 863 }
779 864
780 865 /*
781 866 * smb_fsop_remove_streams
782 867 *
783 868 * This function removes a file's streams without removing the
784 869 * file itself.
785 870 *
786 871 * It is assumed that fnode is not a link.
787 872 */
788 873 uint32_t
789 874 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode)
790 875 {
791 876 int rc, flags = 0;
792 877 smb_odir_t *od;
793 878 smb_odirent_t *odirent;
794 879 uint32_t status;
795 880 boolean_t eos;
796 881
797 882 ASSERT(sr);
798 883 ASSERT(cr);
799 884 ASSERT(fnode);
800 885 ASSERT(fnode->n_magic == SMB_NODE_MAGIC);
801 886 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING);
802 887
803 888 if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0)
804 889 return (NT_STATUS_ACCESS_DENIED);
805 890
806 891 if (SMB_TREE_IS_READONLY(sr))
807 892 return (NT_STATUS_ACCESS_DENIED);
808 893
|
↓ open down ↓ |
25 lines elided |
↑ open up ↑ |
809 894 if (SMB_TREE_IS_CASEINSENSITIVE(sr))
810 895 flags = SMB_IGNORE_CASE;
811 896
812 897 if (SMB_TREE_SUPPORTS_CATIA(sr))
813 898 flags |= SMB_CATIA;
814 899
815 900 status = smb_odir_openat(sr, fnode, &od);
816 901 switch (status) {
817 902 case 0:
818 903 break;
904 + case NT_STATUS_OBJECT_NAME_NOT_FOUND:
819 905 case NT_STATUS_NO_SUCH_FILE:
820 906 case NT_STATUS_NOT_SUPPORTED:
821 907 /* No streams to remove. */
822 908 return (0);
823 909 default:
824 910 return (status);
825 911 }
826 912
827 913 odirent = kmem_alloc(sizeof (smb_odirent_t), KM_SLEEP);
828 914 for (;;) {
829 915 rc = smb_odir_read(sr, od, odirent, &eos);
830 916 if ((rc != 0) || (eos))
831 917 break;
832 918 (void) smb_vop_remove(od->d_dnode->vp, odirent->od_name,
833 919 flags, cr);
834 920 }
835 921 kmem_free(odirent, sizeof (smb_odirent_t));
836 922 if (eos && rc == ENOENT)
837 923 rc = 0;
838 924
839 925 smb_odir_close(od);
840 926 smb_odir_release(od);
841 927 if (rc)
842 928 status = smb_errno2status(rc);
843 929 return (status);
844 930 }
845 931
846 932 /*
847 933 * smb_fsop_rmdir
848 934 *
849 935 * All SMB functions should use this wrapper to ensure that
850 936 * the the calls are performed with the appropriate credentials.
851 937 * Please document any direct call to explain the reason
852 938 * for avoiding this wrapper.
853 939 *
854 940 * It is assumed that a reference exists on snode coming into this routine.
855 941 */
856 942 int
857 943 smb_fsop_rmdir(
858 944 smb_request_t *sr,
859 945 cred_t *cr,
860 946 smb_node_t *dnode,
861 947 char *name,
862 948 uint32_t flags)
863 949 {
864 950 int rc;
865 951 char *longname;
866 952
867 953 ASSERT(cr);
868 954 /*
869 955 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
870 956 * function is called during the deletion of the node (because of
871 957 * DELETE_ON_CLOSE).
872 958 */
873 959 ASSERT(dnode);
874 960 ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
875 961
876 962 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 ||
877 963 SMB_TREE_HAS_ACCESS(sr, ACE_DELETE_CHILD) == 0)
878 964 return (EACCES);
879 965
880 966 if (SMB_TREE_IS_READONLY(sr))
881 967 return (EROFS);
882 968
883 969 rc = smb_vop_rmdir(dnode->vp, name, flags, cr);
884 970
885 971 if (rc == ENOENT) {
886 972 if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
887 973 !smb_maybe_mangled(name)) {
888 974 return (rc);
889 975 }
890 976
891 977 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
892 978
893 979 if (SMB_TREE_SUPPORTS_ABE(sr))
894 980 flags |= SMB_ABE;
895 981 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
896 982
897 983 if (rc == 0) {
898 984 /*
899 985 * longname is the real (case-sensitive)
900 986 * on-disk name.
901 987 * We make sure we do a rmdir on this exact
902 988 * name, as the name was mangled and denotes
903 989 * a unique directory.
904 990 */
905 991 flags &= ~SMB_IGNORE_CASE;
906 992 rc = smb_vop_rmdir(dnode->vp, longname, flags, cr);
907 993 }
908 994
909 995 kmem_free(longname, MAXNAMELEN);
910 996 }
911 997
912 998 if (rc == 0)
913 999 smb_node_notify_change(dnode, FILE_ACTION_REMOVED, name);
914 1000
915 1001 return (rc);
916 1002 }
917 1003
918 1004 /*
919 1005 * smb_fsop_getattr
920 1006 *
921 1007 * All SMB functions should use this wrapper to ensure that
922 1008 * the the calls are performed with the appropriate credentials.
923 1009 * Please document any direct call to explain the reason
924 1010 * for avoiding this wrapper.
925 1011 *
926 1012 * It is assumed that a reference exists on snode coming into this routine.
927 1013 */
928 1014 int
929 1015 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
930 1016 smb_attr_t *attr)
931 1017 {
932 1018 smb_node_t *unnamed_node;
933 1019 vnode_t *unnamed_vp = NULL;
934 1020 uint32_t status;
935 1021 uint32_t access = 0;
936 1022 int flags = 0;
937 1023 int rc;
938 1024
939 1025 ASSERT(cr);
940 1026 ASSERT(snode);
941 1027 ASSERT(snode->n_magic == SMB_NODE_MAGIC);
942 1028 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
943 1029
944 1030 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0 ||
945 1031 SMB_TREE_HAS_ACCESS(sr, ACE_READ_ATTRIBUTES) == 0)
946 1032 return (EACCES);
947 1033
948 1034 /* sr could be NULL in some cases */
949 1035 if (sr && sr->fid_ofile) {
950 1036 /* if uid and/or gid is requested */
951 1037 if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID))
952 1038 access |= READ_CONTROL;
953 1039
954 1040 /* if anything else is also requested */
955 1041 if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID))
956 1042 access |= FILE_READ_ATTRIBUTES;
957 1043
958 1044 status = smb_ofile_access(sr->fid_ofile, cr, access);
959 1045 if (status != NT_STATUS_SUCCESS)
960 1046 return (EACCES);
961 1047
962 1048 if (smb_tree_has_feature(sr->tid_tree,
963 1049 SMB_TREE_ACEMASKONACCESS))
964 1050 flags = ATTR_NOACLCHECK;
965 1051 }
966 1052
967 1053 unnamed_node = SMB_IS_STREAM(snode);
968 1054
969 1055 if (unnamed_node) {
970 1056 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
971 1057 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
972 1058 unnamed_vp = unnamed_node->vp;
973 1059 }
974 1060
975 1061 rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr);
976 1062
977 1063 if ((rc == 0) && smb_node_is_dfslink(snode)) {
978 1064 /* a DFS link should be treated as a directory */
979 1065 attr->sa_dosattr |= FILE_ATTRIBUTE_DIRECTORY;
980 1066 }
981 1067
982 1068 return (rc);
983 1069 }
984 1070
985 1071 /*
986 1072 * smb_fsop_link
987 1073 *
988 1074 * All SMB functions should use this smb_vop_link wrapper to ensure that
989 1075 * the smb_vop_link is performed with the appropriate credentials.
990 1076 * Please document any direct call to smb_vop_link to explain the reason
991 1077 * for avoiding this wrapper.
992 1078 *
993 1079 * It is assumed that references exist on from_dnode and to_dnode coming
994 1080 * into this routine.
995 1081 */
996 1082 int
997 1083 smb_fsop_link(smb_request_t *sr, cred_t *cr, smb_node_t *from_fnode,
998 1084 smb_node_t *to_dnode, char *to_name)
999 1085 {
1000 1086 char *longname = NULL;
1001 1087 int flags = 0;
1002 1088 int rc;
1003 1089
1004 1090 ASSERT(sr);
1005 1091 ASSERT(sr->tid_tree);
1006 1092 ASSERT(cr);
1007 1093 ASSERT(to_dnode);
1008 1094 ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC);
1009 1095 ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1010 1096 ASSERT(from_fnode);
1011 1097 ASSERT(from_fnode->n_magic == SMB_NODE_MAGIC);
1012 1098 ASSERT(from_fnode->n_state != SMB_NODE_STATE_DESTROYING);
1013 1099
1014 1100 if (SMB_TREE_CONTAINS_NODE(sr, from_fnode) == 0)
1015 1101 return (EACCES);
1016 1102
1017 1103 if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0)
1018 1104 return (EACCES);
1019 1105
1020 1106 if (SMB_TREE_IS_READONLY(sr))
1021 1107 return (EROFS);
1022 1108
1023 1109 if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1024 1110 flags = SMB_IGNORE_CASE;
1025 1111 if (SMB_TREE_SUPPORTS_CATIA(sr))
1026 1112 flags |= SMB_CATIA;
1027 1113 if (SMB_TREE_SUPPORTS_ABE(sr))
1028 1114 flags |= SMB_ABE;
1029 1115
1030 1116 if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(to_name)) {
1031 1117 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1032 1118 rc = smb_unmangle(to_dnode, to_name, longname,
1033 1119 MAXNAMELEN, flags);
1034 1120 kmem_free(longname, MAXNAMELEN);
1035 1121
1036 1122 if (rc == 0)
1037 1123 rc = EEXIST;
1038 1124 if (rc != ENOENT)
1039 1125 return (rc);
1040 1126 }
1041 1127
1042 1128 rc = smb_vop_link(to_dnode->vp, from_fnode->vp, to_name, flags, cr);
1043 1129
1044 1130 if (rc == 0)
1045 1131 smb_node_notify_change(to_dnode, FILE_ACTION_ADDED, to_name);
1046 1132
1047 1133 return (rc);
1048 1134 }
1049 1135
1050 1136 /*
1051 1137 * smb_fsop_rename
1052 1138 *
1053 1139 * All SMB functions should use this smb_vop_rename wrapper to ensure that
1054 1140 * the smb_vop_rename is performed with the appropriate credentials.
1055 1141 * Please document any direct call to smb_vop_rename to explain the reason
1056 1142 * for avoiding this wrapper.
1057 1143 *
1058 1144 * It is assumed that references exist on from_dnode and to_dnode coming
1059 1145 * into this routine.
1060 1146 */
1061 1147 int
1062 1148 smb_fsop_rename(
1063 1149 smb_request_t *sr,
1064 1150 cred_t *cr,
1065 1151 smb_node_t *from_dnode,
1066 1152 char *from_name,
1067 1153 smb_node_t *to_dnode,
1068 1154 char *to_name)
1069 1155 {
1070 1156 smb_node_t *from_snode;
1071 1157 smb_attr_t from_attr;
1072 1158 vnode_t *from_vp;
1073 1159 int flags = 0, ret_flags;
1074 1160 int rc;
1075 1161 boolean_t isdir;
1076 1162
1077 1163 ASSERT(cr);
1078 1164 ASSERT(from_dnode);
1079 1165 ASSERT(from_dnode->n_magic == SMB_NODE_MAGIC);
1080 1166 ASSERT(from_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1081 1167
1082 1168 ASSERT(to_dnode);
1083 1169 ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC);
1084 1170 ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1085 1171
1086 1172 if (SMB_TREE_CONTAINS_NODE(sr, from_dnode) == 0)
1087 1173 return (EACCES);
1088 1174
1089 1175 if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0)
1090 1176 return (EACCES);
1091 1177
1092 1178 ASSERT(sr);
1093 1179 ASSERT(sr->tid_tree);
1094 1180 if (SMB_TREE_IS_READONLY(sr))
1095 1181 return (EROFS);
1096 1182
1097 1183 /*
1098 1184 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE
1099 1185 * here.
1100 1186 *
1101 1187 * A case-sensitive rename is always done in this routine
1102 1188 * because we are using the on-disk name from an earlier lookup.
1103 1189 * If a mangled name was passed in by the caller (denoting a
1104 1190 * deterministic lookup), then the exact file must be renamed
1105 1191 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or
1106 1192 * else the underlying file system might return a "first-match"
|
↓ open down ↓ |
278 lines elided |
↑ open up ↑ |
1107 1193 * on this on-disk name, possibly resulting in the wrong file).
1108 1194 */
1109 1195
1110 1196 if (SMB_TREE_SUPPORTS_CATIA(sr))
1111 1197 flags |= SMB_CATIA;
1112 1198
1113 1199 /*
1114 1200 * XXX: Lock required through smb_node_release() below?
1115 1201 */
1116 1202
1203 + /*
1204 + * Don't audit the lookup
1205 + */
1206 + smb_audit_save();
1117 1207 rc = smb_vop_lookup(from_dnode->vp, from_name, &from_vp, NULL,
1118 1208 flags, &ret_flags, NULL, &from_attr, cr);
1209 + smb_audit_load();
1119 1210
1120 1211 if (rc != 0)
1121 1212 return (rc);
1122 1213
1123 1214 if (from_attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) {
1124 1215 VN_RELE(from_vp);
1125 1216 return (EACCES);
1126 1217 }
1127 1218
1128 1219 isdir = ((from_attr.sa_dosattr & FILE_ATTRIBUTE_DIRECTORY) != 0);
1129 1220
1130 1221 if ((isdir && SMB_TREE_HAS_ACCESS(sr,
1131 1222 ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY) !=
1132 1223 (ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY)) ||
1133 1224 (!isdir && SMB_TREE_HAS_ACCESS(sr, ACE_DELETE | ACE_ADD_FILE) !=
1134 1225 (ACE_DELETE | ACE_ADD_FILE))) {
1135 1226 VN_RELE(from_vp);
1136 1227 return (EACCES);
1137 1228 }
1138 1229
1139 1230 /*
1140 1231 * SMB checks access on open and retains an access granted
1141 1232 * mask for use while the file is open. ACL changes should
1142 1233 * not affect access to an open file.
1143 1234 *
1144 1235 * If the rename is being performed on an ofile:
1145 1236 * - Check the ofile's access granted mask to see if the
1146 1237 * rename is permitted - requires DELETE access.
1147 1238 * - If the file system does access checking, set the
|
↓ open down ↓ |
19 lines elided |
↑ open up ↑ |
1148 1239 * ATTR_NOACLCHECK flag to ensure that the file system
1149 1240 * does not check permissions on subsequent calls.
1150 1241 */
1151 1242 if (sr && sr->fid_ofile) {
1152 1243 rc = smb_ofile_access(sr->fid_ofile, cr, DELETE);
1153 1244 if (rc != NT_STATUS_SUCCESS) {
1154 1245 VN_RELE(from_vp);
1155 1246 return (EACCES);
1156 1247 }
1157 1248
1249 + /* TODO: rename drops ATTR_NOACLCHECK, so this is a no-op. */
1158 1250 if (smb_tree_has_feature(sr->tid_tree,
1159 1251 SMB_TREE_ACEMASKONACCESS))
1160 1252 flags = ATTR_NOACLCHECK;
1161 1253 }
1162 1254
1163 1255 rc = smb_vop_rename(from_dnode->vp, from_name, to_dnode->vp,
1164 1256 to_name, flags, cr);
1165 1257
1166 1258 if (rc == 0) {
1167 1259 from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name,
1168 1260 from_dnode, NULL);
1169 1261
1170 1262 if (from_snode == NULL) {
1171 1263 rc = ENOMEM;
1172 1264 } else {
1173 1265 smb_node_rename(from_dnode, from_snode,
1174 1266 to_dnode, to_name);
1175 1267 smb_node_release(from_snode);
1176 1268 }
1177 1269 }
1178 1270 VN_RELE(from_vp);
1179 1271
1180 1272 if (rc == 0) {
1181 1273 if (from_dnode == to_dnode) {
1182 1274 smb_node_notify_change(from_dnode,
1183 1275 FILE_ACTION_RENAMED_OLD_NAME, from_name);
1184 1276 smb_node_notify_change(to_dnode,
1185 1277 FILE_ACTION_RENAMED_NEW_NAME, to_name);
1186 1278 } else {
1187 1279 smb_node_notify_change(from_dnode,
1188 1280 FILE_ACTION_REMOVED, from_name);
1189 1281 smb_node_notify_change(to_dnode,
1190 1282 FILE_ACTION_ADDED, to_name);
1191 1283 }
1192 1284 }
1193 1285
1194 1286 /* XXX: unlock */
1195 1287
1196 1288 return (rc);
1197 1289 }
1198 1290
1199 1291 /*
1200 1292 * smb_fsop_setattr
1201 1293 *
1202 1294 * All SMB functions should use this wrapper to ensure that
1203 1295 * the the calls are performed with the appropriate credentials.
1204 1296 * Please document any direct call to explain the reason
1205 1297 * for avoiding this wrapper.
1206 1298 *
1207 1299 * It is assumed that a reference exists on snode coming into
1208 1300 * this function.
1209 1301 * A null smb_request might be passed to this function.
1210 1302 */
1211 1303 int
1212 1304 smb_fsop_setattr(
1213 1305 smb_request_t *sr,
1214 1306 cred_t *cr,
1215 1307 smb_node_t *snode,
1216 1308 smb_attr_t *set_attr)
1217 1309 {
1218 1310 smb_node_t *unnamed_node;
1219 1311 vnode_t *unnamed_vp = NULL;
1220 1312 uint32_t status;
1221 1313 uint32_t access;
1222 1314 int rc = 0;
1223 1315 int flags = 0;
1224 1316 uint_t sa_mask;
1225 1317
1226 1318 ASSERT(cr);
1227 1319 ASSERT(snode);
1228 1320 ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1229 1321 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1230 1322
1231 1323 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0)
|
↓ open down ↓ |
64 lines elided |
↑ open up ↑ |
1232 1324 return (EACCES);
1233 1325
1234 1326 if (SMB_TREE_IS_READONLY(sr))
1235 1327 return (EROFS);
1236 1328
1237 1329 if (SMB_TREE_HAS_ACCESS(sr,
1238 1330 ACE_WRITE_ATTRIBUTES | ACE_WRITE_NAMED_ATTRS) == 0)
1239 1331 return (EACCES);
1240 1332
1241 1333 /*
1242 - * The file system cannot detect pending READDONLY
1243 - * (i.e. if the file has been opened readonly but
1244 - * not yet closed) so we need to test READONLY here.
1245 - *
1246 - * Note that file handle that were opened before the
1247 - * READONLY flag was set in the node (or the FS) are
1248 - * immune to that change, and remain writable.
1249 - */
1250 - if (sr && (set_attr->sa_mask & SMB_AT_SIZE)) {
1251 - if (sr->fid_ofile) {
1252 - if (SMB_OFILE_IS_READONLY(sr->fid_ofile))
1253 - return (EACCES);
1254 - } else {
1255 - if (SMB_PATHFILE_IS_READONLY(sr, snode))
1256 - return (EACCES);
1257 - }
1258 - }
1259 -
1260 - /*
1261 1334 * SMB checks access on open and retains an access granted
1262 1335 * mask for use while the file is open. ACL changes should
1263 1336 * not affect access to an open file.
1264 1337 *
1265 1338 * If the setattr is being performed on an ofile:
1266 1339 * - Check the ofile's access granted mask to see if the
1267 1340 * setattr is permitted.
1268 1341 * UID, GID - require WRITE_OWNER
1269 1342 * SIZE, ALLOCSZ - require FILE_WRITE_DATA
1270 1343 * all other attributes require FILE_WRITE_ATTRIBUTES
1271 1344 *
1272 1345 * - If the file system does access checking, set the
1273 1346 * ATTR_NOACLCHECK flag to ensure that the file system
1274 1347 * does not check permissions on subsequent calls.
1275 1348 */
1276 1349 if (sr && sr->fid_ofile) {
1277 1350 sa_mask = set_attr->sa_mask;
1278 1351 access = 0;
1279 1352
1280 1353 if (sa_mask & (SMB_AT_SIZE | SMB_AT_ALLOCSZ)) {
1281 1354 access |= FILE_WRITE_DATA;
1282 1355 sa_mask &= ~(SMB_AT_SIZE | SMB_AT_ALLOCSZ);
1283 1356 }
1284 1357
1285 1358 if (sa_mask & (SMB_AT_UID|SMB_AT_GID)) {
1286 1359 access |= WRITE_OWNER;
1287 1360 sa_mask &= ~(SMB_AT_UID|SMB_AT_GID);
1288 1361 }
1289 1362
1290 1363 if (sa_mask)
1291 1364 access |= FILE_WRITE_ATTRIBUTES;
1292 1365
1293 1366 status = smb_ofile_access(sr->fid_ofile, cr, access);
1294 1367 if (status != NT_STATUS_SUCCESS)
1295 1368 return (EACCES);
1296 1369
1297 1370 if (smb_tree_has_feature(sr->tid_tree,
1298 1371 SMB_TREE_ACEMASKONACCESS))
1299 1372 flags = ATTR_NOACLCHECK;
1300 1373 }
1301 1374
1302 1375 unnamed_node = SMB_IS_STREAM(snode);
1303 1376
1304 1377 if (unnamed_node) {
1305 1378 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
|
↓ open down ↓ |
35 lines elided |
↑ open up ↑ |
1306 1379 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1307 1380 unnamed_vp = unnamed_node->vp;
1308 1381 }
1309 1382
1310 1383 rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr);
1311 1384 return (rc);
1312 1385 }
1313 1386
1314 1387 /*
1315 1388 * Support for SMB2 setinfo FileValidDataLengthInformation.
1316 - * Free data from the specified offset to EoF.
1317 - *
1318 - * This can effectively truncate data. It truncates the data
1319 - * leaving the file size as it was, leaving zeros after the
1320 - * offset specified here. That is effectively modifying the
1321 - * file content, so for access control this is a write.
1389 + * Free (zero out) data in the range off, off+len
1322 1390 */
1323 1391 int
1324 -smb_fsop_set_data_length(
1392 +smb_fsop_freesp(
1325 1393 smb_request_t *sr,
1326 1394 cred_t *cr,
1327 - smb_node_t *node,
1328 - offset_t end_of_data)
1395 + smb_ofile_t *ofile,
1396 + off64_t off,
1397 + off64_t len)
1329 1398 {
1330 1399 flock64_t flk;
1400 + smb_node_t *node = ofile->f_node;
1331 1401 uint32_t status;
1332 1402 uint32_t access = FILE_WRITE_DATA;
1333 1403 int rc;
1334 1404
1335 1405 ASSERT(cr);
1336 1406 ASSERT(node);
1337 1407 ASSERT(node->n_magic == SMB_NODE_MAGIC);
1338 1408 ASSERT(node->n_state != SMB_NODE_STATE_DESTROYING);
1339 1409
1340 1410 if (SMB_TREE_CONTAINS_NODE(sr, node) == 0)
1341 1411 return (EACCES);
1342 1412
1343 1413 if (SMB_TREE_IS_READONLY(sr))
1344 1414 return (EROFS);
1345 1415
1346 1416 if (SMB_TREE_HAS_ACCESS(sr, access) == 0)
1347 1417 return (EACCES);
1348 1418
1349 1419 /*
1350 - * The file system cannot detect pending READDONLY
1351 - * (i.e. if the file has been opened readonly but
1352 - * not yet closed) so we need to test READONLY here.
1353 - *
1354 - * Note that file handle that were opened before the
1355 - * READONLY flag was set in the node (or the FS) are
1356 - * immune to that change, and remain writable.
1357 - */
1358 - if (sr->fid_ofile) {
1359 - if (SMB_OFILE_IS_READONLY(sr->fid_ofile))
1360 - return (EACCES);
1361 - } else {
1362 - /* This requires an open file. */
1363 - return (EACCES);
1364 - }
1365 -
1366 - /*
1367 1420 * SMB checks access on open and retains an access granted
1368 1421 * mask for use while the file is open. ACL changes should
1369 1422 * not affect access to an open file.
1370 1423 *
1371 1424 * If the setattr is being performed on an ofile:
1372 1425 * - Check the ofile's access granted mask to see if this
1373 1426 * modification should be permitted (FILE_WRITE_DATA)
1374 1427 */
1375 1428 status = smb_ofile_access(sr->fid_ofile, cr, access);
1376 1429 if (status != NT_STATUS_SUCCESS)
1377 1430 return (EACCES);
1378 1431
1379 1432 bzero(&flk, sizeof (flk));
1380 - flk.l_start = end_of_data;
1433 + flk.l_start = off;
1434 + flk.l_len = len;
1381 1435
1382 1436 rc = smb_vop_space(node->vp, F_FREESP, &flk, FWRITE, 0LL, cr);
1383 1437 return (rc);
1384 1438 }
1385 1439
1386 1440 /*
1387 1441 * smb_fsop_read
1388 1442 *
1389 1443 * All SMB functions should use this wrapper to ensure that
1390 1444 * the the calls are performed with the appropriate credentials.
1391 1445 * Please document any direct call to explain the reason
1392 1446 * for avoiding this wrapper.
1393 1447 *
1394 1448 * It is assumed that a reference exists on snode coming into this routine.
1449 + * Note that ofile may be different from sr->fid_ofile, or may be NULL.
1395 1450 */
1396 1451 int
1397 -smb_fsop_read(smb_request_t *sr, cred_t *cr, smb_node_t *snode, uio_t *uio)
1452 +smb_fsop_read(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1453 + smb_ofile_t *ofile, uio_t *uio, int ioflag)
1398 1454 {
1399 1455 caller_context_t ct;
1400 1456 cred_t *kcr = zone_kcred();
1457 + uint32_t amask;
1401 1458 int svmand;
1402 1459 int rc;
1403 1460
1404 1461 ASSERT(cr);
1405 1462 ASSERT(snode);
1406 1463 ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1407 1464 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1408 1465
1409 1466 ASSERT(sr);
1410 - ASSERT(sr->fid_ofile);
1411 1467
1412 - if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_DATA) == 0)
1413 - return (EACCES);
1468 + if (ofile != NULL) {
1469 + /*
1470 + * Check tree access. Not SMB_TREE_HAS_ACCESS
1471 + * because we need to use ofile->f_tree
1472 + */
1473 + if ((ofile->f_tree->t_access & ACE_READ_DATA) == 0)
1474 + return (EACCES);
1414 1475
1415 - rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA);
1416 - if ((rc != NT_STATUS_SUCCESS) &&
1417 - (sr->smb_flg2 & SMB_FLAGS2_READ_IF_EXECUTE))
1418 - rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE);
1476 + /*
1477 + * Check ofile access. Use in-line smb_ofile_access
1478 + * so we can check both amask bits at the same time.
1479 + * If any bit in amask is granted, allow this read.
1480 + */
1481 + amask = FILE_READ_DATA;
1482 + if (sr->smb_flg2 & SMB_FLAGS2_READ_IF_EXECUTE)
1483 + amask |= FILE_EXECUTE;
1484 + if (cr != kcr && (ofile->f_granted_access & amask) == 0)
1485 + return (EACCES);
1486 + }
1419 1487
1420 - if (rc != NT_STATUS_SUCCESS)
1421 - return (EACCES);
1422 -
1423 1488 /*
1424 1489 * Streams permission are checked against the unnamed stream,
1425 1490 * but in FS level they have their own permissions. To avoid
1426 1491 * rejection by FS due to lack of permission on the actual
1427 1492 * extended attr kcred is passed for streams.
1428 1493 */
1429 1494 if (SMB_IS_STREAM(snode))
1430 1495 cr = kcr;
1431 1496
1432 1497 smb_node_start_crit(snode, RW_READER);
1433 1498 rc = nbl_svmand(snode->vp, kcr, &svmand);
1434 1499 if (rc) {
1435 1500 smb_node_end_crit(snode);
1436 1501 return (rc);
1437 1502 }
1438 1503
1439 - ct = smb_ct;
1440 - ct.cc_pid = sr->fid_ofile->f_uniqid;
1441 - rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset,
1442 - uio->uio_iov->iov_len, svmand, &ct);
1443 -
1444 - if (rc) {
1445 - smb_node_end_crit(snode);
1446 - return (ERANGE);
1504 + /*
1505 + * Note: SMB allows a zero-byte read, which should not
1506 + * conflict with any locks. However nbl_lock_conflict
1507 + * takes a zero-byte length as lock to EOF, so we must
1508 + * special case that here.
1509 + */
1510 + if (uio->uio_resid > 0) {
1511 + ct = smb_ct;
1512 + if (ofile != NULL)
1513 + ct.cc_pid = ofile->f_uniqid;
1514 + rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset,
1515 + uio->uio_resid, svmand, &ct);
1516 + if (rc != 0) {
1517 + smb_node_end_crit(snode);
1518 + return (ERANGE);
1519 + }
1447 1520 }
1448 1521
1449 - rc = smb_vop_read(snode->vp, uio, cr);
1522 + rc = smb_vop_read(snode->vp, uio, ioflag, cr);
1450 1523 smb_node_end_crit(snode);
1451 1524
1452 1525 return (rc);
1453 1526 }
1454 1527
1455 1528 /*
1456 1529 * smb_fsop_write
1457 1530 *
1458 - * This is a wrapper function used for smb_write and smb_write_raw operations.
1459 - *
1460 1531 * It is assumed that a reference exists on snode coming into this routine.
1532 + * Note that ofile may be different from sr->fid_ofile, or may be NULL.
1461 1533 */
1462 1534 int
1463 1535 smb_fsop_write(
1464 1536 smb_request_t *sr,
1465 1537 cred_t *cr,
1466 1538 smb_node_t *snode,
1539 + smb_ofile_t *ofile,
1467 1540 uio_t *uio,
1468 1541 uint32_t *lcount,
1469 1542 int ioflag)
1470 1543 {
1471 1544 caller_context_t ct;
1472 1545 smb_attr_t attr;
1546 + cred_t *kcr = zone_kcred();
1473 1547 smb_node_t *u_node;
1474 1548 vnode_t *u_vp = NULL;
1475 - smb_ofile_t *of;
1476 1549 vnode_t *vp;
1477 - cred_t *kcr = zone_kcred();
1550 + uint32_t amask;
1478 1551 int svmand;
1479 1552 int rc;
1480 1553
1481 1554 ASSERT(cr);
1482 1555 ASSERT(snode);
1483 1556 ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1484 1557 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1485 1558
1486 1559 ASSERT(sr);
1487 - ASSERT(sr->tid_tree);
1488 - of = sr->fid_ofile;
1489 1560 vp = snode->vp;
1490 1561
1491 - if (SMB_TREE_IS_READONLY(sr))
1492 - return (EROFS);
1562 + if (ofile != NULL) {
1563 + amask = FILE_WRITE_DATA | FILE_APPEND_DATA;
1493 1564
1494 - if (SMB_OFILE_IS_READONLY(of) ||
1495 - SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_DATA | ACE_APPEND_DATA) == 0)
1496 - return (EACCES);
1565 + /* Check tree access. */
1566 + if ((ofile->f_tree->t_access & amask) == 0)
1567 + return (EROFS);
1497 1568
1498 - rc = smb_ofile_access(of, cr, FILE_WRITE_DATA);
1499 - if (rc != NT_STATUS_SUCCESS) {
1500 - rc = smb_ofile_access(of, cr, FILE_APPEND_DATA);
1501 - if (rc != NT_STATUS_SUCCESS)
1569 + /*
1570 + * Check ofile access. Use in-line smb_ofile_access
1571 + * so we can check both amask bits at the same time.
1572 + * If any bit in amask is granted, allow this write.
1573 + */
1574 + if (cr != kcr && (ofile->f_granted_access & amask) == 0)
1502 1575 return (EACCES);
1503 1576 }
1504 1577
1505 1578 /*
1506 1579 * Streams permission are checked against the unnamed stream,
1507 1580 * but in FS level they have their own permissions. To avoid
1508 1581 * rejection by FS due to lack of permission on the actual
1509 1582 * extended attr kcred is passed for streams.
1510 1583 */
1511 1584 u_node = SMB_IS_STREAM(snode);
1512 1585 if (u_node != NULL) {
1513 1586 ASSERT(u_node->n_magic == SMB_NODE_MAGIC);
1514 1587 ASSERT(u_node->n_state != SMB_NODE_STATE_DESTROYING);
1515 1588 u_vp = u_node->vp;
|
↓ open down ↓ |
4 lines elided |
↑ open up ↑ |
1516 1589 cr = kcr;
1517 1590 }
1518 1591
1519 1592 smb_node_start_crit(snode, RW_WRITER);
1520 1593 rc = nbl_svmand(vp, kcr, &svmand);
1521 1594 if (rc) {
1522 1595 smb_node_end_crit(snode);
1523 1596 return (rc);
1524 1597 }
1525 1598
1526 - ct = smb_ct;
1527 - ct.cc_pid = of->f_uniqid;
1528 - rc = nbl_lock_conflict(vp, NBL_WRITE, uio->uio_loffset,
1529 - uio->uio_iov->iov_len, svmand, &ct);
1530 -
1531 - if (rc) {
1532 - smb_node_end_crit(snode);
1533 - return (ERANGE);
1599 + /*
1600 + * Note: SMB allows a zero-byte write, which should not
1601 + * conflict with any locks. However nbl_lock_conflict
1602 + * takes a zero-byte length as lock to EOF, so we must
1603 + * special case that here.
1604 + */
1605 + if (uio->uio_resid > 0) {
1606 + ct = smb_ct;
1607 + if (ofile != NULL)
1608 + ct.cc_pid = ofile->f_uniqid;
1609 + rc = nbl_lock_conflict(vp, NBL_WRITE, uio->uio_loffset,
1610 + uio->uio_resid, svmand, &ct);
1611 + if (rc != 0) {
1612 + smb_node_end_crit(snode);
1613 + return (ERANGE);
1614 + }
1534 1615 }
1535 1616
1536 1617 rc = smb_vop_write(vp, uio, ioflag, lcount, cr);
1537 1618
1538 1619 /*
1539 1620 * Once the mtime has been set via this ofile, the
1540 1621 * automatic mtime changes from writes via this ofile
1541 1622 * should cease, preserving the mtime that was set.
1542 1623 * See: [MS-FSA] 2.1.5.14 and smb_node_setattr.
1543 1624 *
1544 1625 * The VFS interface does not offer a way to ask it to
1545 1626 * skip the mtime updates, so we simulate the desired
1546 1627 * behavior by re-setting the mtime after writes on a
1547 1628 * handle where the mtime has been set.
1548 1629 */
1549 - if (of->f_pending_attr.sa_mask & SMB_AT_MTIME) {
1550 - bcopy(&of->f_pending_attr, &attr, sizeof (attr));
1630 + if (ofile != NULL &&
1631 + (ofile->f_pending_attr.sa_mask & SMB_AT_MTIME) != 0) {
1632 + bcopy(&ofile->f_pending_attr, &attr, sizeof (attr));
1551 1633 attr.sa_mask = SMB_AT_MTIME;
1552 1634 (void) smb_vop_setattr(vp, u_vp, &attr, 0, kcr);
1553 1635 }
1554 1636
1555 1637 smb_node_end_crit(snode);
1556 1638
1557 1639 return (rc);
1558 1640 }
1559 1641
1560 1642 /*
1643 + * Find the next allocated range starting at or after
1644 + * the offset (*datap), returning the start/end of
1645 + * that range in (*datap, *holep)
1646 + */
1647 +int
1648 +smb_fsop_next_alloc_range(
1649 + cred_t *cr,
1650 + smb_node_t *node,
1651 + off64_t *datap,
1652 + off64_t *holep)
1653 +{
1654 + int err;
1655 +
1656 + err = smb_vop_ioctl(node->vp, _FIO_SEEK_DATA, datap, cr);
1657 + if (err != 0)
1658 + return (err);
1659 +
1660 + *holep = *datap;
1661 + err = smb_vop_ioctl(node->vp, _FIO_SEEK_HOLE, holep, cr);
1662 +
1663 + return (err);
1664 +}
1665 +
1666 +/*
1561 1667 * smb_fsop_statfs
1562 1668 *
1563 1669 * This is a wrapper function used for stat operations.
1564 1670 */
1565 1671 int
1566 1672 smb_fsop_statfs(
1567 1673 cred_t *cr,
1568 1674 smb_node_t *snode,
1569 1675 struct statvfs64 *statp)
1570 1676 {
1571 1677 ASSERT(cr);
1572 1678 ASSERT(snode);
1573 1679 ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1574 1680 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1575 1681
1576 1682 return (smb_vop_statfs(snode->vp, statp, cr));
1577 1683 }
1578 1684
1579 1685 /*
1580 1686 * smb_fsop_access
1581 1687 *
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
1582 1688 * Named streams do not have separate permissions from the associated
1583 1689 * unnamed stream. Thus, if node is a named stream, the permissions
1584 1690 * check will be performed on the associated unnamed stream.
1585 1691 *
1586 1692 * However, our named streams do have their own quarantine attribute,
1587 1693 * separate from that on the unnamed stream. If READ or EXECUTE
1588 1694 * access has been requested on a named stream, an additional access
1589 1695 * check is performed on the named stream in case it has been
1590 1696 * quarantined. kcred is used to avoid issues with the permissions
1591 1697 * set on the extended attribute file representing the named stream.
1698 + *
1699 + * Note that some stream "types" are "restricted" and only
1700 + * internal callers (cr == kcred) can access those.
1592 1701 */
1593 1702 int
1594 1703 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1595 1704 uint32_t faccess)
1596 1705 {
1597 1706 int access = 0;
1598 1707 int error;
1599 1708 vnode_t *dir_vp;
1600 1709 boolean_t acl_check = B_TRUE;
1601 1710 smb_node_t *unnamed_node;
1602 1711
1603 1712 ASSERT(sr);
1604 1713 ASSERT(cr);
1605 1714 ASSERT(snode);
1606 1715 ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1607 1716 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1608 1717
1609 1718 if (SMB_TREE_IS_READONLY(sr)) {
1610 1719 if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA|
1611 1720 FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES|
|
↓ open down ↓ |
10 lines elided |
↑ open up ↑ |
1612 1721 DELETE|WRITE_DAC|WRITE_OWNER)) {
1613 1722 return (NT_STATUS_ACCESS_DENIED);
1614 1723 }
1615 1724 }
1616 1725
1617 1726 if (smb_node_is_reparse(snode) && (faccess & DELETE))
1618 1727 return (NT_STATUS_ACCESS_DENIED);
1619 1728
1620 1729 unnamed_node = SMB_IS_STREAM(snode);
1621 1730 if (unnamed_node) {
1731 + cred_t *kcr = zone_kcred();
1732 +
1622 1733 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1623 1734 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1624 1735
1736 + if (cr != kcr && smb_strname_restricted(snode->od_name))
1737 + return (NT_STATUS_ACCESS_DENIED);
1738 +
1625 1739 /*
1626 1740 * Perform VREAD access check on the named stream in case it
1627 1741 * is quarantined. kcred is passed to smb_vop_access so it
1628 1742 * doesn't fail due to lack of permission.
1629 1743 */
1630 1744 if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) {
1631 1745 error = smb_vop_access(snode->vp, VREAD,
1632 - 0, NULL, zone_kcred());
1746 + 0, NULL, kcr);
1633 1747 if (error)
1634 1748 return (NT_STATUS_ACCESS_DENIED);
1635 1749 }
1636 1750
1637 1751 /*
1638 1752 * Streams authorization should be performed against the
1639 1753 * unnamed stream.
1640 1754 */
1641 1755 snode = unnamed_node;
1642 1756 }
1643 1757
1644 1758 if (faccess & ACCESS_SYSTEM_SECURITY) {
1645 1759 /*
1646 1760 * This permission is required for reading/writing SACL and
1647 1761 * it's not part of DACL. It's only granted via proper
1648 1762 * privileges.
1649 1763 */
1650 1764 if ((sr->uid_user->u_privileges &
1651 1765 (SMB_USER_PRIV_BACKUP |
1652 1766 SMB_USER_PRIV_RESTORE |
1653 1767 SMB_USER_PRIV_SECURITY)) == 0)
1654 1768 return (NT_STATUS_PRIVILEGE_NOT_HELD);
1655 1769
1656 1770 faccess &= ~ACCESS_SYSTEM_SECURITY;
1657 1771 }
1658 1772
1659 1773 /* Links don't have ACL */
1660 1774 if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) ||
1661 1775 smb_node_is_symlink(snode))
1662 1776 acl_check = B_FALSE;
1663 1777
1664 1778 /* Deny access based on the share access mask */
1665 1779
1666 1780 if ((faccess & ~sr->tid_tree->t_access) != 0)
1667 1781 return (NT_STATUS_ACCESS_DENIED);
1668 1782
1669 1783 if (acl_check) {
1670 1784 dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL;
1671 1785 error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp,
1672 1786 cr);
1673 1787 } else {
1674 1788 /*
1675 1789 * FS doesn't understand 32-bit mask, need to map
1676 1790 */
1677 1791 if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA))
1678 1792 access |= VWRITE;
1679 1793
1680 1794 if (faccess & FILE_READ_DATA)
1681 1795 access |= VREAD;
1682 1796
1683 1797 if (faccess & FILE_EXECUTE)
1684 1798 access |= VEXEC;
|
↓ open down ↓ |
42 lines elided |
↑ open up ↑ |
1685 1799
1686 1800 error = smb_vop_access(snode->vp, access, 0, NULL, cr);
1687 1801 }
1688 1802
1689 1803 return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS);
1690 1804 }
1691 1805
1692 1806 /*
1693 1807 * smb_fsop_lookup_name()
1694 1808 *
1809 + * Lookup both the file and stream specified in 'name'.
1695 1810 * If name indicates that the file is a stream file, perform
1696 1811 * stream specific lookup, otherwise call smb_fsop_lookup.
1697 1812 *
1813 + * On success, returns the found node in *ret_snode. This will be either a named
1814 + * or unnamed stream node, depending on the name specified.
1815 + *
1698 1816 * Return an error if the looked-up file is in outside the tree.
1699 1817 * (Required when invoked from open path.)
1700 1818 *
1701 1819 * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1702 1820 * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1703 1821 * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1704 1822 * flag is set in the flags value passed as a parameter, a case insensitive
1705 1823 * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1706 1824 * or not).
1707 1825 */
1708 1826
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
1709 1827 int
1710 1828 smb_fsop_lookup_name(
1711 1829 smb_request_t *sr,
1712 1830 cred_t *cr,
1713 1831 int flags,
1714 1832 smb_node_t *root_node,
1715 1833 smb_node_t *dnode,
1716 1834 char *name,
1717 1835 smb_node_t **ret_snode)
1718 1836 {
1719 - smb_node_t *fnode;
1720 - vnode_t *xattrdirvp;
1721 - vnode_t *vp;
1722 - char *od_name;
1837 + char *sname = NULL;
1838 + int rc;
1839 + smb_node_t *tmp_node;
1840 +
1841 + ASSERT(ret_snode != NULL);
1842 +
1843 + rc = smb_fsop_lookup_file(sr, cr, flags, root_node, dnode, name,
1844 + &sname, ret_snode);
1845 +
1846 + if (rc != 0 || sname == NULL)
1847 + return (rc);
1848 +
1849 + tmp_node = *ret_snode;
1850 + rc = smb_fsop_lookup_stream(sr, cr, flags, root_node, tmp_node, sname,
1851 + ret_snode);
1852 + kmem_free(sname, MAXNAMELEN);
1853 + smb_node_release(tmp_node);
1854 +
1855 + return (rc);
1856 +}
1857 +
1858 +/*
1859 + * smb_fsop_lookup_file()
1860 + *
1861 + * Look up of the file portion of 'name'. If a Stream is specified,
1862 + * return the stream name in 'sname', which this allocates.
1863 + * The caller must free 'sname'.
1864 + *
1865 + * Return an error if the looked-up file is outside the tree.
1866 + * (Required when invoked from open path.)
1867 + *
1868 + * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1869 + * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1870 + * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1871 + * flag is set in the flags value passed as a parameter, a case insensitive
1872 + * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1873 + * or not).
1874 + */
1875 +
1876 +int
1877 +smb_fsop_lookup_file(
1878 + smb_request_t *sr,
1879 + cred_t *cr,
1880 + int flags,
1881 + smb_node_t *root_node,
1882 + smb_node_t *dnode,
1883 + char *name,
1884 + char **sname,
1885 + smb_node_t **ret_snode)
1886 +{
1723 1887 char *fname;
1724 - char *sname;
1725 1888 int rc;
1726 1889
1727 1890 ASSERT(cr);
1728 1891 ASSERT(dnode);
1729 1892 ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
1730 1893 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
1894 + ASSERT(ret_snode != NULL);
1731 1895
1732 1896 /*
1733 1897 * The following check is required for streams processing, below
1734 1898 */
1735 1899
1736 1900 if (!(flags & SMB_CASE_SENSITIVE)) {
1737 1901 if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1738 1902 flags |= SMB_IGNORE_CASE;
1739 1903 }
1740 1904
1741 - fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1742 - sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1743 -
1905 + *sname = NULL;
1744 1906 if (smb_is_stream_name(name)) {
1745 - smb_stream_parse_name(name, fname, sname);
1907 + *sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1908 + fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1909 + smb_stream_parse_name(name, fname, *sname);
1746 1910
1747 1911 /*
1748 1912 * Look up the unnamed stream (i.e. fname).
1749 1913 * Unmangle processing will be done on fname
1750 1914 * as well as any link target.
1751 1915 */
1752 1916 rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode,
1753 - fname, &fnode);
1754 -
1755 - if (rc != 0) {
1756 - kmem_free(fname, MAXNAMELEN);
1757 - kmem_free(sname, MAXNAMELEN);
1758 - return (rc);
1759 - }
1760 -
1761 - od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1762 -
1763 - /*
1764 - * od_name is the on-disk name of the stream, except
1765 - * without the prepended stream prefix (SMB_STREAM_PREFIX)
1766 - */
1767 -
1768 - /*
1769 - * XXX
1770 - * What permissions NTFS requires for stream lookup if any?
1771 - */
1772 - rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name,
1773 - &xattrdirvp, flags, root_node->vp, cr);
1774 -
1775 - if (rc != 0) {
1776 - smb_node_release(fnode);
1777 - kmem_free(fname, MAXNAMELEN);
1778 - kmem_free(sname, MAXNAMELEN);
1779 - kmem_free(od_name, MAXNAMELEN);
1780 - return (rc);
1781 - }
1782 -
1783 - *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp,
1784 - vp, od_name);
1785 -
1786 - kmem_free(od_name, MAXNAMELEN);
1787 - smb_node_release(fnode);
1788 - VN_RELE(xattrdirvp);
1789 - VN_RELE(vp);
1790 -
1791 - if (*ret_snode == NULL) {
1792 - kmem_free(fname, MAXNAMELEN);
1793 - kmem_free(sname, MAXNAMELEN);
1794 - return (ENOMEM);
1795 - }
1917 + fname, ret_snode);
1918 + kmem_free(fname, MAXNAMELEN);
1796 1919 } else {
1797 1920 rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, name,
1798 1921 ret_snode);
1799 1922 }
1800 1923
1801 1924 if (rc == 0) {
1802 1925 ASSERT(ret_snode);
1803 1926 if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) {
1804 1927 smb_node_release(*ret_snode);
1805 1928 *ret_snode = NULL;
1806 1929 rc = EACCES;
1807 1930 }
1808 1931 }
1809 1932
1810 - kmem_free(fname, MAXNAMELEN);
1811 - kmem_free(sname, MAXNAMELEN);
1933 + if (rc != 0 && *sname != NULL) {
1934 + kmem_free(*sname, MAXNAMELEN);
1935 + *sname = NULL;
1936 + }
1937 + return (rc);
1938 +}
1812 1939
1940 +/*
1941 + * smb_fsop_lookup_stream
1942 + *
1943 + * The file exists, see if the stream exists.
1944 + */
1945 +int
1946 +smb_fsop_lookup_stream(
1947 + smb_request_t *sr,
1948 + cred_t *cr,
1949 + int flags,
1950 + smb_node_t *root_node,
1951 + smb_node_t *fnode,
1952 + char *sname,
1953 + smb_node_t **ret_snode)
1954 +{
1955 + char *od_name;
1956 + vnode_t *xattrdirvp;
1957 + vnode_t *vp;
1958 + int rc;
1959 +
1960 + /*
1961 + * The following check is required for streams processing, below
1962 + */
1963 +
1964 + if (!(flags & SMB_CASE_SENSITIVE)) {
1965 + if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1966 + flags |= SMB_IGNORE_CASE;
1967 + }
1968 +
1969 + od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1970 +
1971 + /*
1972 + * od_name is the on-disk name of the stream, except
1973 + * without the prepended stream prefix (SMB_STREAM_PREFIX)
1974 + */
1975 +
1976 + rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name,
1977 + &xattrdirvp, flags, root_node->vp, cr);
1978 +
1979 + if (rc != 0) {
1980 + kmem_free(od_name, MAXNAMELEN);
1981 + return (rc);
1982 + }
1983 +
1984 + *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp,
1985 + vp, od_name);
1986 +
1987 + kmem_free(od_name, MAXNAMELEN);
1988 + VN_RELE(xattrdirvp);
1989 + VN_RELE(vp);
1990 +
1991 + if (*ret_snode == NULL)
1992 + return (ENOMEM);
1993 +
1813 1994 return (rc);
1814 1995 }
1815 1996
1816 1997 /*
1817 1998 * smb_fsop_lookup
1818 1999 *
1819 2000 * All SMB functions should use this smb_vop_lookup wrapper to ensure that
1820 2001 * the smb_vop_lookup is performed with the appropriate credentials and using
1821 2002 * case insensitive compares. Please document any direct call to smb_vop_lookup
1822 2003 * to explain the reason for avoiding this wrapper.
1823 2004 *
1824 2005 * It is assumed that a reference exists on dnode coming into this routine
1825 2006 * (and that it is safe from deallocation).
1826 2007 *
1827 2008 * Same with the root_node.
1828 2009 *
1829 2010 * *ret_snode is returned with a reference upon success. No reference is
1830 2011 * taken if an error is returned.
1831 2012 *
1832 2013 * Note: The returned ret_snode may be in a child mount. This is ok for
1833 2014 * readdir.
1834 2015 *
1835 2016 * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent
1836 2017 * operations on files not in the parent mount.
1837 2018 *
1838 2019 * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1839 2020 * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1840 2021 * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1841 2022 * flag is set in the flags value passed as a parameter, a case insensitive
1842 2023 * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1843 2024 * or not).
1844 2025 */
1845 2026 int
1846 2027 smb_fsop_lookup(
1847 2028 smb_request_t *sr,
1848 2029 cred_t *cr,
1849 2030 int flags,
1850 2031 smb_node_t *root_node,
1851 2032 smb_node_t *dnode,
1852 2033 char *name,
1853 2034 smb_node_t **ret_snode)
1854 2035 {
1855 2036 smb_node_t *lnk_target_node;
1856 2037 smb_node_t *lnk_dnode;
1857 2038 char *longname;
1858 2039 char *od_name;
1859 2040 vnode_t *vp;
1860 2041 int rc;
1861 2042 int ret_flags;
1862 2043 smb_attr_t attr;
1863 2044
1864 2045 ASSERT(cr);
1865 2046 ASSERT(dnode);
1866 2047 ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
1867 2048 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
1868 2049
1869 2050 if (name == NULL)
1870 2051 return (EINVAL);
1871 2052
1872 2053 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
1873 2054 return (EACCES);
|
↓ open down ↓ |
51 lines elided |
↑ open up ↑ |
1874 2055
1875 2056 if (!(flags & SMB_CASE_SENSITIVE)) {
1876 2057 if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1877 2058 flags |= SMB_IGNORE_CASE;
1878 2059 }
1879 2060 if (SMB_TREE_SUPPORTS_CATIA(sr))
1880 2061 flags |= SMB_CATIA;
1881 2062 if (SMB_TREE_SUPPORTS_ABE(sr))
1882 2063 flags |= SMB_ABE;
1883 2064
1884 - od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
2065 + /*
2066 + * Can have "" or "." when opening named streams on a directory.
2067 + */
2068 + if (name[0] == '\0' || (name[0] == '.' && name[1] == '\0')) {
2069 + smb_node_ref(dnode);
2070 + *ret_snode = dnode;
2071 + return (0);
2072 + }
1885 2073
2074 + od_name = kmem_zalloc(MAXNAMELEN, KM_SLEEP);
2075 +
1886 2076 rc = smb_vop_lookup(dnode->vp, name, &vp, od_name, flags,
1887 2077 &ret_flags, root_node ? root_node->vp : NULL, &attr, cr);
1888 2078
1889 2079 if (rc != 0) {
1890 2080 if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
1891 2081 !smb_maybe_mangled(name)) {
1892 2082 kmem_free(od_name, MAXNAMELEN);
1893 2083 return (rc);
1894 2084 }
1895 2085
1896 2086 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1897 2087 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
1898 2088 if (rc != 0) {
1899 2089 kmem_free(od_name, MAXNAMELEN);
1900 2090 kmem_free(longname, MAXNAMELEN);
1901 2091 return (rc);
1902 2092 }
1903 2093
1904 2094 /*
1905 2095 * longname is the real (case-sensitive)
1906 2096 * on-disk name.
1907 2097 * We make sure we do a lookup on this exact
1908 2098 * name, as the name was mangled and denotes
1909 2099 * a unique file.
1910 2100 */
1911 2101
1912 2102 if (flags & SMB_IGNORE_CASE)
1913 2103 flags &= ~SMB_IGNORE_CASE;
1914 2104
1915 2105 rc = smb_vop_lookup(dnode->vp, longname, &vp, od_name,
1916 2106 flags, &ret_flags, root_node ? root_node->vp : NULL, &attr,
1917 2107 cr);
1918 2108
1919 2109 kmem_free(longname, MAXNAMELEN);
|
↓ open down ↓ |
24 lines elided |
↑ open up ↑ |
1920 2110
1921 2111 if (rc != 0) {
1922 2112 kmem_free(od_name, MAXNAMELEN);
1923 2113 return (rc);
1924 2114 }
1925 2115 }
1926 2116
1927 2117 if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK) &&
1928 2118 ((attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) == 0)) {
1929 2119 rc = smb_pathname(sr, od_name, FOLLOW, root_node, dnode,
1930 - &lnk_dnode, &lnk_target_node, cr);
2120 + &lnk_dnode, &lnk_target_node, cr, NULL);
1931 2121
1932 2122 if (rc != 0) {
1933 2123 /*
1934 2124 * The link is assumed to be for the last component
1935 2125 * of a path. Hence any ENOTDIR error will be returned
1936 2126 * as ENOENT.
1937 2127 */
1938 2128 if (rc == ENOTDIR)
1939 2129 rc = ENOENT;
1940 2130
1941 2131 VN_RELE(vp);
1942 2132 kmem_free(od_name, MAXNAMELEN);
1943 2133 return (rc);
1944 2134 }
1945 2135
1946 2136 /*
1947 2137 * Release the original VLNK vnode
1948 2138 */
1949 2139
1950 2140 VN_RELE(vp);
1951 2141 vp = lnk_target_node->vp;
1952 2142
1953 2143 rc = smb_vop_traverse_check(&vp);
1954 2144
1955 2145 if (rc != 0) {
1956 2146 smb_node_release(lnk_dnode);
1957 2147 smb_node_release(lnk_target_node);
1958 2148 kmem_free(od_name, MAXNAMELEN);
1959 2149 return (rc);
1960 2150 }
1961 2151
1962 2152 /*
1963 2153 * smb_vop_traverse_check() may have returned a different vnode
1964 2154 */
1965 2155
1966 2156 if (lnk_target_node->vp == vp) {
1967 2157 *ret_snode = lnk_target_node;
1968 2158 } else {
1969 2159 *ret_snode = smb_node_lookup(sr, NULL, cr, vp,
1970 2160 lnk_target_node->od_name, lnk_dnode, NULL);
1971 2161 VN_RELE(vp);
1972 2162
1973 2163 if (*ret_snode == NULL)
1974 2164 rc = ENOMEM;
1975 2165 smb_node_release(lnk_target_node);
1976 2166 }
1977 2167
1978 2168 smb_node_release(lnk_dnode);
1979 2169
1980 2170 } else {
1981 2171
1982 2172 rc = smb_vop_traverse_check(&vp);
1983 2173 if (rc) {
1984 2174 VN_RELE(vp);
1985 2175 kmem_free(od_name, MAXNAMELEN);
1986 2176 return (rc);
1987 2177 }
1988 2178
1989 2179 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name,
1990 2180 dnode, NULL);
1991 2181 VN_RELE(vp);
1992 2182
1993 2183 if (*ret_snode == NULL)
1994 2184 rc = ENOMEM;
1995 2185 }
1996 2186
1997 2187 kmem_free(od_name, MAXNAMELEN);
1998 2188 return (rc);
1999 2189 }
2000 2190
2001 2191 int /*ARGSUSED*/
2002 2192 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode)
2003 2193 {
2004 2194 ASSERT(cr);
2005 2195 ASSERT(snode);
2006 2196 ASSERT(snode->n_magic == SMB_NODE_MAGIC);
2007 2197 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
2008 2198
2009 2199 ASSERT(sr);
2010 2200 ASSERT(sr->tid_tree);
2011 2201 if (SMB_TREE_IS_READONLY(sr))
2012 2202 return (EROFS);
2013 2203
2014 2204 return (smb_vop_commit(snode->vp, cr));
2015 2205 }
2016 2206
2017 2207 /*
2018 2208 * smb_fsop_aclread
2019 2209 *
2020 2210 * Retrieve filesystem ACL. Depends on requested ACLs in
2021 2211 * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in
2022 2212 * fs_sd. Note that requesting a DACL/SACL doesn't mean that
2023 2213 * the corresponding field in fs_sd should be non-NULL upon
2024 2214 * return, since the target ACL might not contain that type of
2025 2215 * entries.
2026 2216 *
2027 2217 * Returned ACL is always in ACE_T (aka ZFS) format.
2028 2218 * If successful the allocated memory for the ACL should be freed
|
↓ open down ↓ |
88 lines elided |
↑ open up ↑ |
2029 2219 * using smb_fsacl_free() or smb_fssd_term()
2030 2220 */
2031 2221 int
2032 2222 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2033 2223 smb_fssd_t *fs_sd)
2034 2224 {
2035 2225 int error = 0;
2036 2226 int flags = 0;
2037 2227 int access = 0;
2038 2228 acl_t *acl;
2039 - smb_node_t *unnamed_node;
2040 2229
2041 2230 ASSERT(cr);
2042 2231
2232 + /* Can't query security on named streams */
2233 + if (SMB_IS_STREAM(snode) != NULL)
2234 + return (EINVAL);
2235 +
2043 2236 if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_ACL) == 0)
2044 2237 return (EACCES);
2045 2238
2046 2239 if (sr->fid_ofile) {
2047 2240 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2048 2241 access = READ_CONTROL;
2049 2242
2050 2243 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2051 2244 access |= ACCESS_SYSTEM_SECURITY;
2052 2245
2053 2246 error = smb_ofile_access(sr->fid_ofile, cr, access);
2054 2247 if (error != NT_STATUS_SUCCESS) {
2055 2248 return (EACCES);
2056 2249 }
2057 2250 }
2058 2251
2059 - unnamed_node = SMB_IS_STREAM(snode);
2060 - if (unnamed_node) {
2061 - ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2062 - ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2063 - /*
2064 - * Streams don't have ACL, any read ACL attempt on a stream
2065 - * should be performed on the unnamed stream.
2066 - */
2067 - snode = unnamed_node;
2068 - }
2069 2252
2070 2253 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS))
2071 2254 flags = ATTR_NOACLCHECK;
2072 2255
2073 2256 error = smb_vop_acl_read(snode->vp, &acl, flags,
2074 2257 sr->tid_tree->t_acltype, cr);
2075 2258 if (error != 0) {
2076 2259 return (error);
2077 2260 }
2078 2261
2079 2262 error = acl_translate(acl, _ACL_ACE_ENABLED,
2080 2263 smb_node_is_dir(snode), fs_sd->sd_uid, fs_sd->sd_gid);
2081 2264
2082 2265 if (error == 0) {
2083 2266 smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl,
2084 2267 fs_sd->sd_secinfo);
2085 2268 }
2086 2269
2087 2270 acl_free(acl);
2088 2271 return (error);
2089 2272 }
2090 2273
2091 2274 /*
2092 2275 * smb_fsop_aclwrite
2093 2276 *
2094 2277 * Stores the filesystem ACL provided in fs_sd->sd_acl.
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
2095 2278 */
2096 2279 int
2097 2280 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2098 2281 smb_fssd_t *fs_sd)
2099 2282 {
2100 2283 int target_flavor;
2101 2284 int error = 0;
2102 2285 int flags = 0;
2103 2286 int access = 0;
2104 2287 acl_t *acl, *dacl, *sacl;
2105 - smb_node_t *unnamed_node;
2106 2288
2107 2289 ASSERT(cr);
2108 2290
2109 2291 ASSERT(sr);
2110 2292 ASSERT(sr->tid_tree);
2111 2293 if (SMB_TREE_IS_READONLY(sr))
2112 2294 return (EROFS);
2113 2295
2296 + /* Can't set security on named streams */
2297 + if (SMB_IS_STREAM(snode) != NULL)
2298 + return (EINVAL);
2299 +
2114 2300 if (SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_ACL) == 0)
2115 2301 return (EACCES);
2116 2302
2117 2303 if (sr->fid_ofile) {
2118 2304 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2119 2305 access = WRITE_DAC;
2120 2306
2121 2307 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2122 2308 access |= ACCESS_SYSTEM_SECURITY;
2123 2309
2124 2310 error = smb_ofile_access(sr->fid_ofile, cr, access);
2125 2311 if (error != NT_STATUS_SUCCESS)
2126 2312 return (EACCES);
2127 2313 }
2128 2314
2129 2315 switch (sr->tid_tree->t_acltype) {
2130 2316 case ACLENT_T:
|
↓ open down ↓ |
7 lines elided |
↑ open up ↑ |
2131 2317 target_flavor = _ACL_ACLENT_ENABLED;
2132 2318 break;
2133 2319
2134 2320 case ACE_T:
2135 2321 target_flavor = _ACL_ACE_ENABLED;
2136 2322 break;
2137 2323 default:
2138 2324 return (EINVAL);
2139 2325 }
2140 2326
2141 - unnamed_node = SMB_IS_STREAM(snode);
2142 - if (unnamed_node) {
2143 - ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2144 - ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2145 - /*
2146 - * Streams don't have ACL, any write ACL attempt on a stream
2147 - * should be performed on the unnamed stream.
2148 - */
2149 - snode = unnamed_node;
2150 - }
2151 -
2152 2327 dacl = fs_sd->sd_zdacl;
2153 2328 sacl = fs_sd->sd_zsacl;
2154 2329
2155 2330 ASSERT(dacl || sacl);
2156 2331 if ((dacl == NULL) && (sacl == NULL))
2157 2332 return (EINVAL);
2158 2333
2159 2334 if (dacl && sacl)
2160 2335 acl = smb_fsacl_merge(dacl, sacl);
2161 2336 else if (dacl)
2162 2337 acl = dacl;
2163 2338 else
2164 2339 acl = sacl;
2165 2340
2166 2341 error = acl_translate(acl, target_flavor, smb_node_is_dir(snode),
2167 2342 fs_sd->sd_uid, fs_sd->sd_gid);
2168 2343 if (error == 0) {
2169 2344 if (smb_tree_has_feature(sr->tid_tree,
2170 2345 SMB_TREE_ACEMASKONACCESS))
2171 2346 flags = ATTR_NOACLCHECK;
2172 2347
2173 2348 error = smb_vop_acl_write(snode->vp, acl, flags, cr);
2174 2349 }
2175 2350
2176 2351 if (dacl && sacl)
2177 2352 acl_free(acl);
2178 2353
2179 2354 return (error);
2180 2355 }
2181 2356
2182 2357 acl_type_t
2183 2358 smb_fsop_acltype(smb_node_t *snode)
2184 2359 {
2185 2360 return (smb_vop_acl_type(snode->vp));
2186 2361 }
2187 2362
2188 2363 /*
2189 2364 * smb_fsop_sdread
2190 2365 *
2191 2366 * Read the requested security descriptor items from filesystem.
2192 2367 * The items are specified in fs_sd->sd_secinfo.
2193 2368 */
2194 2369 int
2195 2370 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
|
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
2196 2371 smb_fssd_t *fs_sd)
2197 2372 {
2198 2373 int error = 0;
2199 2374 int getowner = 0;
2200 2375 cred_t *ga_cred;
2201 2376 smb_attr_t attr;
2202 2377
2203 2378 ASSERT(cr);
2204 2379 ASSERT(fs_sd);
2205 2380
2381 + /* Can't query security on named streams */
2382 + if (SMB_IS_STREAM(snode) != NULL)
2383 + return (EINVAL);
2384 +
2206 2385 /*
2207 2386 * File's uid/gid is fetched in two cases:
2208 2387 *
2209 2388 * 1. it's explicitly requested
2210 2389 *
2211 2390 * 2. target ACL is ACE_T (ZFS ACL). They're needed for
2212 2391 * owner@/group@ entries. In this case kcred should be used
2213 2392 * because uid/gid are fetched on behalf of smb server.
2214 2393 */
2215 2394 if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) {
2216 2395 getowner = 1;
2217 2396 ga_cred = cr;
2218 2397 } else if (sr->tid_tree->t_acltype == ACE_T) {
2219 2398 getowner = 1;
2220 2399 ga_cred = zone_kcred();
2221 2400 }
2222 2401
2223 2402 if (getowner) {
2224 2403 /*
2225 2404 * Windows require READ_CONTROL to read owner/group SID since
2226 2405 * they're part of Security Descriptor.
2227 2406 * ZFS only requires read_attribute. Need to have a explicit
2228 2407 * access check here.
2229 2408 */
2230 2409 if (sr->fid_ofile == NULL) {
2231 2410 error = smb_fsop_access(sr, ga_cred, snode,
2232 2411 READ_CONTROL);
2233 2412 if (error)
2234 2413 return (EACCES);
2235 2414 }
2236 2415
2237 2416 attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2238 2417 error = smb_fsop_getattr(sr, ga_cred, snode, &attr);
2239 2418 if (error == 0) {
2240 2419 fs_sd->sd_uid = attr.sa_vattr.va_uid;
2241 2420 fs_sd->sd_gid = attr.sa_vattr.va_gid;
2242 2421 } else {
2243 2422 return (error);
2244 2423 }
2245 2424 }
2246 2425
2247 2426 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2248 2427 error = smb_fsop_aclread(sr, cr, snode, fs_sd);
2249 2428 }
2250 2429
2251 2430 return (error);
2252 2431 }
2253 2432
2254 2433 /*
2255 2434 * smb_fsop_sdmerge
2256 2435 *
2257 2436 * From SMB point of view DACL and SACL are two separate list
2258 2437 * which can be manipulated independently without one affecting
2259 2438 * the other, but entries for both DACL and SACL will end up
2260 2439 * in the same ACL if target filesystem supports ACE_T ACLs.
2261 2440 *
2262 2441 * So, if either DACL or SACL is present in the client set request
2263 2442 * the entries corresponding to the non-present ACL shouldn't
2264 2443 * be touched in the FS ACL.
2265 2444 *
2266 2445 * fs_sd parameter contains DACL and SACL specified by SMB
2267 2446 * client to be set on a file/directory. The client could
2268 2447 * specify both or one of these ACLs (if none is specified
2269 2448 * we don't get this far). When both DACL and SACL are given
2270 2449 * by client the existing ACL should be overwritten. If only
2271 2450 * one of them is specified the entries corresponding to the other
2272 2451 * ACL should not be touched. For example, if only DACL
2273 2452 * is specified in input fs_sd, the function reads audit entries
2274 2453 * of the existing ACL of the file and point fs_sd->sd_zsdacl
2275 2454 * pointer to the fetched SACL, this way when smb_fsop_sdwrite()
2276 2455 * function is called the passed fs_sd would point to the specified
2277 2456 * DACL by client and fetched SACL from filesystem, so the file
2278 2457 * will end up with correct ACL.
2279 2458 */
2280 2459 static int
2281 2460 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd)
2282 2461 {
2283 2462 smb_fssd_t cur_sd;
2284 2463 cred_t *kcr = zone_kcred();
2285 2464 int error = 0;
2286 2465
2287 2466 if (sr->tid_tree->t_acltype != ACE_T)
2288 2467 /* Don't bother if target FS doesn't support ACE_T */
2289 2468 return (0);
2290 2469
2291 2470 if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) {
2292 2471 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) {
2293 2472 /*
2294 2473 * Don't overwrite existing audit entries
2295 2474 */
2296 2475 smb_fssd_init(&cur_sd, SMB_SACL_SECINFO,
2297 2476 fs_sd->sd_flags);
2298 2477
2299 2478 error = smb_fsop_sdread(sr, kcr, snode, &cur_sd);
2300 2479 if (error == 0) {
2301 2480 ASSERT(fs_sd->sd_zsacl == NULL);
2302 2481 fs_sd->sd_zsacl = cur_sd.sd_zsacl;
2303 2482 if (fs_sd->sd_zsacl && fs_sd->sd_zdacl)
2304 2483 fs_sd->sd_zsacl->acl_flags =
2305 2484 fs_sd->sd_zdacl->acl_flags;
2306 2485 }
2307 2486 } else {
2308 2487 /*
2309 2488 * Don't overwrite existing access entries
2310 2489 */
2311 2490 smb_fssd_init(&cur_sd, SMB_DACL_SECINFO,
2312 2491 fs_sd->sd_flags);
2313 2492
2314 2493 error = smb_fsop_sdread(sr, kcr, snode, &cur_sd);
2315 2494 if (error == 0) {
2316 2495 ASSERT(fs_sd->sd_zdacl == NULL);
2317 2496 fs_sd->sd_zdacl = cur_sd.sd_zdacl;
2318 2497 if (fs_sd->sd_zdacl && fs_sd->sd_zsacl)
2319 2498 fs_sd->sd_zdacl->acl_flags =
2320 2499 fs_sd->sd_zsacl->acl_flags;
2321 2500 }
2322 2501 }
2323 2502
2324 2503 if (error)
2325 2504 smb_fssd_term(&cur_sd);
2326 2505 }
2327 2506
2328 2507 return (error);
2329 2508 }
2330 2509
2331 2510 /*
2332 2511 * smb_fsop_sdwrite
2333 2512 *
2334 2513 * Stores the given uid, gid and acl in filesystem.
2335 2514 * Provided items in fs_sd are specified by fs_sd->sd_secinfo.
2336 2515 *
2337 2516 * A SMB security descriptor could contain owner, primary group,
2338 2517 * DACL and SACL. Setting an SD should be atomic but here it has to
2339 2518 * be done via two separate FS operations: VOP_SETATTR and
2340 2519 * VOP_SETSECATTR. Therefore, this function has to simulate the
2341 2520 * atomicity as well as it can.
2342 2521 *
2343 2522 * Get the current uid, gid before setting the new uid/gid
2344 2523 * so if smb_fsop_aclwrite fails they can be restored. root cred is
2345 2524 * used to get currend uid/gid since this operation is performed on
2346 2525 * behalf of the server not the user.
2347 2526 *
2348 2527 * If setting uid/gid fails with EPERM it means that and invalid
2349 2528 * owner has been specified. Callers should translate this to
2350 2529 * STATUS_INVALID_OWNER which is not the normal mapping for EPERM
2351 2530 * in upper layers, so EPERM is mapped to EBADE.
2352 2531 */
2353 2532 int
2354 2533 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2355 2534 smb_fssd_t *fs_sd, int overwrite)
2356 2535 {
2357 2536 smb_attr_t set_attr;
2358 2537 smb_attr_t orig_attr;
2359 2538 cred_t *kcr = zone_kcred();
2360 2539 int error = 0;
|
↓ open down ↓ |
145 lines elided |
↑ open up ↑ |
2361 2540 int access = 0;
2362 2541
2363 2542 ASSERT(cr);
2364 2543 ASSERT(fs_sd);
2365 2544
2366 2545 ASSERT(sr);
2367 2546 ASSERT(sr->tid_tree);
2368 2547 if (SMB_TREE_IS_READONLY(sr))
2369 2548 return (EROFS);
2370 2549
2550 + /* Can't set security on named streams */
2551 + if (SMB_IS_STREAM(snode) != NULL)
2552 + return (EINVAL);
2553 +
2371 2554 bzero(&set_attr, sizeof (smb_attr_t));
2372 2555
2373 2556 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
2374 2557 set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
2375 2558 set_attr.sa_mask |= SMB_AT_UID;
2376 2559 access |= WRITE_OWNER;
2377 2560 }
2378 2561
2379 2562 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
2380 2563 set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
2381 2564 set_attr.sa_mask |= SMB_AT_GID;
2382 2565 access |= WRITE_OWNER;
2383 2566 }
2384 2567
2385 2568 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2386 2569 access |= WRITE_DAC;
2387 2570
2388 2571 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2389 2572 access |= ACCESS_SYSTEM_SECURITY;
2390 2573
2391 2574 if (sr->fid_ofile)
2392 2575 error = smb_ofile_access(sr->fid_ofile, cr, access);
2393 2576 else
2394 2577 error = smb_fsop_access(sr, cr, snode, access);
2395 2578
2396 2579 if (error)
2397 2580 return (EACCES);
2398 2581
2399 2582 if (set_attr.sa_mask) {
2400 2583 orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2401 2584 error = smb_fsop_getattr(sr, kcr, snode, &orig_attr);
2402 2585 if (error == 0) {
2403 2586 error = smb_fsop_setattr(sr, cr, snode, &set_attr);
2404 2587 if (error == EPERM)
2405 2588 error = EBADE;
2406 2589 }
2407 2590
2408 2591 if (error)
2409 2592 return (error);
2410 2593 }
2411 2594
2412 2595 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2413 2596 if (overwrite == 0) {
2414 2597 error = smb_fsop_sdmerge(sr, snode, fs_sd);
2415 2598 if (error)
2416 2599 return (error);
2417 2600 }
2418 2601
2419 2602 error = smb_fsop_aclwrite(sr, cr, snode, fs_sd);
2420 2603 if (error) {
2421 2604 /*
2422 2605 * Revert uid/gid changes if required.
2423 2606 */
2424 2607 if (set_attr.sa_mask) {
2425 2608 orig_attr.sa_mask = set_attr.sa_mask;
2426 2609 (void) smb_fsop_setattr(sr, kcr, snode,
2427 2610 &orig_attr);
2428 2611 }
2429 2612 }
2430 2613 }
2431 2614
2432 2615 return (error);
2433 2616 }
2434 2617
2435 2618 #ifdef _KERNEL
2436 2619 /*
2437 2620 * smb_fsop_sdinherit
2438 2621 *
2439 2622 * Inherit the security descriptor from the parent container.
2440 2623 * This function is called after FS has created the file/folder
2441 2624 * so if this doesn't do anything it means FS inheritance is
2442 2625 * in place.
2443 2626 *
2444 2627 * Do inheritance for ZFS internally.
2445 2628 *
2446 2629 * If we want to let ZFS does the inheritance the
2447 2630 * following setting should be true:
2448 2631 *
2449 2632 * - aclinherit = passthrough
2450 2633 * - aclmode = passthrough
2451 2634 * - smbd umask = 0777
2452 2635 *
2453 2636 * This will result in right effective permissions but
2454 2637 * ZFS will always add 6 ACEs for owner, owning group
2455 2638 * and others to be POSIX compliant. This is not what
2456 2639 * Windows clients/users expect, so we decided that CIFS
2457 2640 * implements Windows rules and overwrite whatever ZFS
2458 2641 * comes up with. This way we also don't have to care
2459 2642 * about ZFS aclinherit and aclmode settings.
2460 2643 */
2461 2644 static int
2462 2645 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd)
2463 2646 {
2464 2647 acl_t *dacl = NULL;
2465 2648 acl_t *sacl = NULL;
2466 2649 int is_dir;
2467 2650 int error;
2468 2651
2469 2652 ASSERT(fs_sd);
2470 2653
2471 2654 if (sr->tid_tree->t_acltype != ACE_T) {
2472 2655 /*
2473 2656 * No forced inheritance for non-ZFS filesystems.
2474 2657 */
2475 2658 fs_sd->sd_secinfo = 0;
2476 2659 return (0);
2477 2660 }
2478 2661
2479 2662
2480 2663 /* Fetch parent directory's ACL */
2481 2664 error = smb_fsop_sdread(sr, zone_kcred(), dnode, fs_sd);
2482 2665 if (error) {
2483 2666 return (error);
2484 2667 }
2485 2668
2486 2669 is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR);
2487 2670 dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO,
2488 2671 sr->user_cr);
2489 2672 sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO,
2490 2673 sr->user_cr);
2491 2674
2492 2675 if (sacl == NULL)
2493 2676 fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO;
2494 2677
2495 2678 smb_fsacl_free(fs_sd->sd_zdacl);
2496 2679 smb_fsacl_free(fs_sd->sd_zsacl);
2497 2680
2498 2681 fs_sd->sd_zdacl = dacl;
2499 2682 fs_sd->sd_zsacl = sacl;
2500 2683
2501 2684 return (0);
2502 2685 }
2503 2686 #endif /* _KERNEL */
2504 2687
2505 2688 /*
2506 2689 * smb_fsop_eaccess
2507 2690 *
2508 2691 * Returns the effective permission of the given credential for the
2509 2692 * specified object.
2510 2693 *
2511 2694 * This is just a workaround. We need VFS/FS support for this.
2512 2695 */
2513 2696 void
2514 2697 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2515 2698 uint32_t *eaccess)
2516 2699 {
2517 2700 int access = 0;
2518 2701 vnode_t *dir_vp;
2519 2702 smb_node_t *unnamed_node;
2520 2703
2521 2704 ASSERT(cr);
2522 2705 ASSERT(snode);
2523 2706 ASSERT(snode->n_magic == SMB_NODE_MAGIC);
2524 2707 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
2525 2708
2526 2709 unnamed_node = SMB_IS_STREAM(snode);
2527 2710 if (unnamed_node) {
2528 2711 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2529 2712 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2530 2713 /*
2531 2714 * Streams authorization should be performed against the
2532 2715 * unnamed stream.
2533 2716 */
2534 2717 snode = unnamed_node;
2535 2718 }
2536 2719
2537 2720 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) {
2538 2721 dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL;
2539 2722 smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp,
2540 2723 cr);
2541 2724 return;
2542 2725 }
2543 2726
2544 2727 /*
2545 2728 * FS doesn't understand 32-bit mask
2546 2729 */
2547 2730 smb_vop_eaccess(snode->vp, &access, 0, NULL, cr);
2548 2731 access &= sr->tid_tree->t_access;
2549 2732
2550 2733 *eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES;
|
↓ open down ↓ |
170 lines elided |
↑ open up ↑ |
2551 2734
2552 2735 if (access & VREAD)
2553 2736 *eaccess |= FILE_READ_DATA;
2554 2737
2555 2738 if (access & VEXEC)
2556 2739 *eaccess |= FILE_EXECUTE;
2557 2740
2558 2741 if (access & VWRITE)
2559 2742 *eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES |
2560 2743 FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD;
2744 +
2745 + if (access & (VREAD | VWRITE))
2746 + *eaccess |= SYNCHRONIZE;
2747 +
2748 +#ifdef _FAKE_KERNEL
2749 + /* Should be: if (we are the owner)... */
2750 + if (access & VWRITE)
2751 + *eaccess |= DELETE | WRITE_DAC | WRITE_OWNER;
2752 +#endif
2561 2753 }
2562 2754
2563 2755 /*
2564 2756 * smb_fsop_shrlock
2565 2757 *
2566 2758 * For the current open request, check file sharing rules
2567 2759 * against existing opens.
2568 2760 *
2569 2761 * Returns NT_STATUS_SHARING_VIOLATION if there is any
2570 2762 * sharing conflict. Returns NT_STATUS_SUCCESS otherwise.
2571 2763 *
2572 2764 * Full system-wide share reservation synchronization is available
2573 2765 * when the nbmand (non-blocking mandatory) mount option is set
2574 2766 * (i.e. nbl_need_crit() is true) and nbmand critical regions are used.
2575 2767 * This provides synchronization with NFS and local processes. The
2576 2768 * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called
2577 2769 * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well
2578 2770 * as the CIFS rename and delete paths.
2579 2771 *
2580 2772 * The CIFS server will also enter the nbl critical region in the open,
2581 2773 * rename, and delete paths when nbmand is not set. There is limited
2582 2774 * coordination with local and VFS share reservations in this case.
2583 2775 * Note that when the nbmand mount option is not set, the VFS layer
2584 2776 * only processes advisory reservations and the delete mode is not checked.
2585 2777 *
2586 2778 * Whether or not the nbmand mount option is set, intra-CIFS share
2587 2779 * checking is done in the open, delete, and rename paths using a CIFS
2588 2780 * critical region (node->n_share_lock).
2589 2781 */
2590 2782 uint32_t
2591 2783 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid,
2592 2784 uint32_t desired_access, uint32_t share_access)
2593 2785 {
2594 2786 int rc;
2595 2787
2596 2788 /* Allow access if the request is just for meta data */
2597 2789 if ((desired_access & FILE_DATA_ALL) == 0)
2598 2790 return (NT_STATUS_SUCCESS);
2599 2791
2600 2792 rc = smb_node_open_check(node, desired_access, share_access);
2601 2793 if (rc)
2602 2794 return (NT_STATUS_SHARING_VIOLATION);
2603 2795
2604 2796 rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access,
2605 2797 cr);
2606 2798 if (rc)
2607 2799 return (NT_STATUS_SHARING_VIOLATION);
2608 2800
2609 2801 return (NT_STATUS_SUCCESS);
2610 2802 }
2611 2803
2612 2804 void
2613 2805 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid)
2614 2806 {
2615 2807 (void) smb_vop_unshrlock(node->vp, uniq_fid, cr);
2616 2808 }
2617 2809
2618 2810 int
2619 2811 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock,
2620 2812 cred_t *cr)
2621 2813 {
2622 2814 flock64_t bf;
2623 2815 int flag = F_REMOTELOCK;
2624 2816
2625 2817 /*
2626 2818 * VOP_FRLOCK() will not be called if:
2627 2819 *
2628 2820 * 1) The lock has a range of zero bytes. The semantics of Windows and
2629 2821 * POSIX are different. In the case of POSIX it asks for the locking
2630 2822 * of all the bytes from the offset provided until the end of the
|
↓ open down ↓ |
60 lines elided |
↑ open up ↑ |
2631 2823 * file. In the case of Windows a range of zero locks nothing and
2632 2824 * doesn't conflict with any other lock.
2633 2825 *
2634 2826 * 2) The lock rolls over (start + lenght < start). Solaris will assert
2635 2827 * if such a request is submitted. This will not create
2636 2828 * incompatibilities between POSIX and Windows. In the Windows world,
2637 2829 * if a client submits such a lock, the server will not lock any
2638 2830 * bytes. Interestingly if the same lock (same offset and length) is
2639 2831 * resubmitted Windows will consider that there is an overlap and
2640 2832 * the granting rules will then apply.
2833 + *
2834 + * 3) The SMB-level process IDs (smb_pid) are not passed down to the
2835 + * POSIX level in l_pid because (a) the rules about lock PIDs are
2836 + * different in SMB, and (b) we're putting our ofile f_uniqid in
2837 + * the POSIX l_pid field to segregate locks per SMB ofile.
2838 + * (We're also using a "remote" system ID in l_sysid.)
2839 + * All SMB locking PIDs are handled at the SMB level and
2840 + * not exposed in POSIX locking.
2641 2841 */
2642 2842 if ((lock->l_length == 0) ||
2643 2843 ((lock->l_start + lock->l_length - 1) < lock->l_start))
2644 2844 return (0);
2645 2845
2646 2846 bzero(&bf, sizeof (bf));
2647 2847
2648 2848 if (unlock) {
2649 2849 bf.l_type = F_UNLCK;
2650 2850 } else if (lock->l_type == SMB_LOCK_TYPE_READONLY) {
2651 2851 bf.l_type = F_RDLCK;
2652 2852 flag |= FREAD;
2653 2853 } else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) {
2654 2854 bf.l_type = F_WRLCK;
2655 2855 flag |= FWRITE;
2656 2856 }
2657 2857
2658 2858 bf.l_start = lock->l_start;
2659 2859 bf.l_len = lock->l_length;
2660 2860 bf.l_pid = lock->l_file->f_uniqid;
2661 2861 bf.l_sysid = smb_ct.cc_sysid;
2662 2862
2663 2863 return (smb_vop_frlock(node->vp, cr, flag, &bf));
2664 2864 }
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX