15331Samw /* 25331Samw * CDDL HEADER START 35331Samw * 45331Samw * The contents of this file are subject to the terms of the 55331Samw * Common Development and Distribution License (the "License"). 65331Samw * You may not use this file except in compliance with the License. 75331Samw * 85331Samw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 95331Samw * or http://www.opensolaris.org/os/licensing. 105331Samw * See the License for the specific language governing permissions 115331Samw * and limitations under the License. 125331Samw * 135331Samw * When distributing Covered Code, include this CDDL HEADER in each 145331Samw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 155331Samw * If applicable, add the following below this CDDL HEADER, with the 165331Samw * fields enclosed by brackets "[]" replaced with your own identifying 175331Samw * information: Portions Copyright [yyyy] [name of copyright owner] 185331Samw * 195331Samw * CDDL HEADER END 205331Samw */ 215331Samw /* 225772Sas200622 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 235331Samw * Use is subject to license terms. 245331Samw */ 255331Samw 265331Samw #pragma ident "%Z%%M% %I% %E% SMI" 275331Samw 285331Samw #include <sys/sid.h> 295772Sas200622 #include <sys/nbmlock.h> 305331Samw #include <smbsrv/smb_fsops.h> 315521Sas200622 #include <smbsrv/smb_kproto.h> 325521Sas200622 #include <smbsrv/ntstatus.h> 335521Sas200622 #include <smbsrv/ntaccess.h> 345772Sas200622 #include <smbsrv/smb_incl.h> 355331Samw #include <acl/acl_common.h> 365772Sas200622 #include <sys/fcntl.h> 375772Sas200622 #include <sys/flock.h> 385772Sas200622 #include <fs/fs_subr.h> 395331Samw 406139Sjb150015 extern caller_context_t smb_ct; 416139Sjb150015 426600Sas200622 extern int smb_fem_oplock_install(smb_node_t *); 436600Sas200622 extern void smb_fem_oplock_uninstall(smb_node_t *); 446600Sas200622 456600Sas200622 extern int smb_vop_other_opens(vnode_t *, int); 466600Sas200622 475331Samw static int smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, 485331Samw smb_fssd_t *fs_sd); 495331Samw 505331Samw /* 515331Samw * The smb_fsop_* functions have knowledge of CIFS semantics. 525331Samw * 535331Samw * The smb_vop_* functions have minimal knowledge of CIFS semantics and 545331Samw * serve as an interface to the VFS layer. 555331Samw * 565331Samw * Hence, smb_request_t and smb_node_t structures should not be passed 575331Samw * from the smb_fsop_* layer to the smb_vop_* layer. 585331Samw * 595331Samw * In general, CIFS service code should only ever call smb_fsop_* 605331Samw * functions directly, and never smb_vop_* functions directly. 615331Samw * 625331Samw * smb_fsop_* functions should call smb_vop_* functions where possible, instead 635331Samw * of their smb_fsop_* counterparts. However, there are times when 645331Samw * this cannot be avoided. 655331Samw */ 665331Samw 675331Samw /* 685331Samw * Note: Stream names cannot be mangled. 695331Samw */ 705331Samw 716600Sas200622 /* 726600Sas200622 * smb_fsop_amask_to_omode 736600Sas200622 * 746600Sas200622 * Convert the access mask to the open mode (for use 756600Sas200622 * with the VOP_OPEN call). 766600Sas200622 * 776600Sas200622 * Note that opening a file for attribute only access 786600Sas200622 * will also translate into an FREAD or FWRITE open mode 796600Sas200622 * (i.e., it's not just for data). 806600Sas200622 * 816600Sas200622 * This is needed so that opens are tracked appropriately 826600Sas200622 * for oplock processing. 836600Sas200622 */ 846600Sas200622 855331Samw int 866600Sas200622 smb_fsop_amask_to_omode(uint32_t access) 875331Samw { 886600Sas200622 int mode = 0; 896600Sas200622 906600Sas200622 if (access & (FILE_READ_DATA | FILE_EXECUTE | 916600Sas200622 FILE_READ_ATTRIBUTES | FILE_READ_EA)) 926600Sas200622 mode |= FREAD; 936600Sas200622 946600Sas200622 if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA | 956600Sas200622 FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)) 966600Sas200622 mode |= FWRITE; 976600Sas200622 986600Sas200622 if (access & FILE_APPEND_DATA) 996600Sas200622 mode |= FAPPEND; 1006600Sas200622 1016600Sas200622 return (mode); 1025331Samw } 1035331Samw 1045331Samw int 1056600Sas200622 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred) 1065331Samw { 1076600Sas200622 /* 1086600Sas200622 * Assuming that the same vnode is returned as we had before. 1096600Sas200622 * (I.e., with certain types of files or file systems, a 1106600Sas200622 * different vnode might be returned by VOP_OPEN) 1116600Sas200622 */ 1126600Sas200622 return (smb_vop_open(&node->vp, mode, cred)); 1135331Samw } 1145331Samw 1156600Sas200622 int 1166600Sas200622 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred) 1176600Sas200622 { 1186600Sas200622 return (smb_vop_close(node->vp, mode, cred)); 1196600Sas200622 } 1206600Sas200622 1216600Sas200622 int 1226600Sas200622 smb_fsop_oplock_install(smb_node_t *node, int mode) 1235331Samw { 1246600Sas200622 int rc; 1256600Sas200622 1266600Sas200622 if (smb_vop_other_opens(node->vp, mode)) 1276600Sas200622 return (EMFILE); 1286600Sas200622 1296600Sas200622 if ((rc = smb_fem_oplock_install(node))) 1306600Sas200622 return (rc); 1316600Sas200622 1326600Sas200622 if (smb_vop_other_opens(node->vp, mode)) { 1336600Sas200622 (void) smb_fem_oplock_uninstall(node); 1346600Sas200622 return (EMFILE); 1356600Sas200622 } 1366600Sas200622 1376600Sas200622 return (0); 1386600Sas200622 } 1396600Sas200622 1406600Sas200622 void 1416600Sas200622 smb_fsop_oplock_uninstall(smb_node_t *node) 1426600Sas200622 { 1436600Sas200622 smb_fem_oplock_uninstall(node); 1445331Samw } 1455331Samw 1465331Samw static int 1475331Samw smb_fsop_create_with_sd( 1486139Sjb150015 smb_request_t *sr, 1495331Samw cred_t *cr, 1505331Samw smb_node_t *snode, 1515331Samw char *name, 1525331Samw smb_attr_t *attr, 1535331Samw smb_node_t **ret_snode, 1545331Samw smb_attr_t *ret_attr, 1555331Samw smb_fssd_t *fs_sd) 1565331Samw { 1575331Samw vsecattr_t *vsap; 1585331Samw vsecattr_t vsecattr; 1595331Samw acl_t *acl, *dacl, *sacl; 1605331Samw smb_attr_t set_attr; 1615331Samw vnode_t *vp; 1625331Samw int aclbsize = 0; /* size of acl list in bytes */ 1635331Samw int flags = 0; 1645331Samw int is_dir; 1655331Samw int rc; 1665521Sas200622 boolean_t no_xvattr = B_FALSE; 1675331Samw 1685331Samw ASSERT(fs_sd); 1695331Samw 1705331Samw if (SMB_TREE_CASE_INSENSITIVE(sr)) 1715331Samw flags = SMB_IGNORE_CASE; 1725331Samw 1735331Samw ASSERT(cr); 1745331Samw 1755331Samw is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0); 1765331Samw 1775331Samw if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACLONCREATE) { 1785331Samw if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 1795331Samw dacl = fs_sd->sd_zdacl; 1805331Samw sacl = fs_sd->sd_zsacl; 1815331Samw ASSERT(dacl || sacl); 1825331Samw if (dacl && sacl) { 1835521Sas200622 acl = smb_fsacl_merge(dacl, sacl); 1845331Samw } else if (dacl) { 1855331Samw acl = dacl; 1865331Samw } else { 1875331Samw acl = sacl; 1885331Samw } 1895331Samw 1905521Sas200622 rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize); 1915331Samw 1925331Samw if (dacl && sacl) 1935331Samw acl_free(acl); 1945331Samw 1955331Samw if (rc) 1965331Samw return (rc); 1975331Samw 1985331Samw vsap = &vsecattr; 1995331Samw } 2005331Samw else 2015331Samw vsap = NULL; 2025331Samw 2035331Samw if (is_dir) { 2045331Samw rc = smb_vop_mkdir(snode->vp, name, attr, &vp, flags, 2055772Sas200622 cr, vsap); 2065331Samw } else { 2075331Samw rc = smb_vop_create(snode->vp, name, attr, &vp, flags, 2085772Sas200622 cr, vsap); 2095331Samw } 2105331Samw 2115331Samw if (vsap != NULL) 2125331Samw kmem_free(vsap->vsa_aclentp, aclbsize); 2135331Samw 2145331Samw if (rc != 0) 2155331Samw return (rc); 2165331Samw 2175331Samw set_attr.sa_mask = 0; 2185331Samw 2195331Samw /* 2205331Samw * Ideally we should be able to specify the owner and owning 2215331Samw * group at create time along with the ACL. Since we cannot 2225331Samw * do that right now, kcred is passed to smb_vop_setattr so it 2235331Samw * doesn't fail due to lack of permission. 2245331Samw */ 2255331Samw if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 2265331Samw set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 2275331Samw set_attr.sa_mask |= SMB_AT_UID; 2285331Samw } 2295331Samw 2305331Samw if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 2315331Samw set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 2325331Samw set_attr.sa_mask |= SMB_AT_GID; 2335331Samw } 2345331Samw 2355331Samw if (set_attr.sa_mask) { 2365521Sas200622 if (sr && sr->tid_tree) 2375521Sas200622 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 2385521Sas200622 no_xvattr = B_TRUE; 2395331Samw rc = smb_vop_setattr(snode->vp, NULL, &set_attr, 2405772Sas200622 0, kcred, no_xvattr); 2415331Samw } 2425331Samw 2435331Samw } else { 2445331Samw /* 2455331Samw * For filesystems that don't support ACL-on-create, try 2465331Samw * to set the specified SD after create, which could actually 2475331Samw * fail because of conflicts between inherited security 2485331Samw * attributes upon creation and the specified SD. 2495331Samw * 2505331Samw * Passing kcred to smb_fsop_sdwrite() to overcome this issue. 2515331Samw */ 2525331Samw 2535331Samw if (is_dir) { 2545331Samw rc = smb_vop_mkdir(snode->vp, name, attr, &vp, flags, 2555772Sas200622 cr, NULL); 2565331Samw } else { 2575331Samw rc = smb_vop_create(snode->vp, name, attr, &vp, flags, 2585772Sas200622 cr, NULL); 2595331Samw } 2605331Samw 2615521Sas200622 if (rc != 0) 2625521Sas200622 return (rc); 2635521Sas200622 2645521Sas200622 if ((sr->tid_tree->t_flags & SMB_TREE_FLAG_NFS_MOUNTED) == 0) 2655331Samw rc = smb_fsop_sdwrite(sr, kcred, snode, fs_sd, 1); 2665331Samw } 2675331Samw 2685331Samw if (rc == 0) { 2695331Samw *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, name, 2705331Samw snode, NULL, ret_attr); 2715331Samw 2725331Samw if (*ret_snode == NULL) { 2735331Samw VN_RELE(vp); 2745331Samw rc = ENOMEM; 2755331Samw } 2765331Samw } 2775331Samw 2785521Sas200622 if (rc != 0) { 2795521Sas200622 if (is_dir) { 2805772Sas200622 (void) smb_vop_rmdir(snode->vp, name, flags, cr); 2815521Sas200622 } else { 2825772Sas200622 (void) smb_vop_remove(snode->vp, name, flags, cr); 2835521Sas200622 } 2845521Sas200622 } 2855521Sas200622 2865331Samw return (rc); 2875331Samw } 2885331Samw 2895331Samw /* 2905331Samw * smb_fsop_create 2915331Samw * 2925331Samw * All SMB functions should use this wrapper to ensure that 2935331Samw * all the smb_vop_creates are performed with the appropriate credentials. 2945331Samw * Please document any direct calls to explain the reason 2955331Samw * for avoiding this wrapper. 2965331Samw * 2975331Samw * It is assumed that a reference exists on snode coming into this routine. 2985331Samw * 2995331Samw * *ret_snode is returned with a reference upon success. No reference is 3005331Samw * taken if an error is returned. 3015331Samw */ 3025331Samw 3035331Samw int 3045331Samw smb_fsop_create( 3056139Sjb150015 smb_request_t *sr, 3066139Sjb150015 cred_t *cr, 3076139Sjb150015 smb_node_t *dir_snode, 3086139Sjb150015 char *name, 3096139Sjb150015 smb_attr_t *attr, 3106139Sjb150015 smb_node_t **ret_snode, 3116139Sjb150015 smb_attr_t *ret_attr) 3125331Samw { 3135331Samw struct open_param *op = &sr->arg.open; 3146139Sjb150015 boolean_t no_xvattr = B_FALSE; 3156139Sjb150015 smb_node_t *fnode; 3166139Sjb150015 smb_attr_t file_attr; 3176139Sjb150015 vnode_t *xattrdirvp; 3186139Sjb150015 vnode_t *vp; 3196139Sjb150015 char *longname = NULL; 3206139Sjb150015 char *namep; 3216139Sjb150015 char *fname; 3226139Sjb150015 char *sname; 3236139Sjb150015 int is_stream; 3246139Sjb150015 int flags = 0; 3256139Sjb150015 int rc = 0; 3266139Sjb150015 smb_fssd_t fs_sd; 3276139Sjb150015 uint32_t secinfo; 3286139Sjb150015 uint32_t status; 3295331Samw 3305331Samw ASSERT(cr); 3315331Samw ASSERT(dir_snode); 3325331Samw ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 3335331Samw ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 3345331Samw 3355331Samw ASSERT(ret_snode); 3365331Samw *ret_snode = 0; 3375331Samw 3385331Samw ASSERT(name); 3395331Samw if (*name == 0) 3405331Samw return (EINVAL); 3415331Samw 3425331Samw if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 3435331Samw return (EACCES); 3445331Samw 3455331Samw ASSERT(sr); 3465331Samw ASSERT(sr->tid_tree); 3475331Samw if (SMB_TREE_IS_READ_ONLY(sr)) 3485331Samw return (EROFS); 3495331Samw 3505331Samw if (SMB_TREE_CASE_INSENSITIVE(sr)) 3515331Samw flags = SMB_IGNORE_CASE; 3525331Samw 3535331Samw fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 3545331Samw sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 3555331Samw 3565331Samw is_stream = smb_stream_parse_name(name, fname, sname); 3575331Samw 3585331Samw if (is_stream) 3595331Samw namep = fname; 3605331Samw else 3615331Samw namep = name; 3625331Samw 3635331Samw if (smb_maybe_mangled_name(namep)) { 3645331Samw longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 3655331Samw 3665331Samw rc = smb_unmangle_name(sr, cr, dir_snode, namep, longname, 3675331Samw MAXNAMELEN, NULL, NULL, 1); 3685331Samw 3695331Samw if ((is_stream == 0) && (rc == 0)) 3705331Samw rc = EEXIST; 3715331Samw 3725331Samw if ((is_stream && rc) || 3735331Samw ((is_stream == 0) && (rc != ENOENT))) { 3745331Samw kmem_free(longname, MAXNAMELEN); 3755331Samw kmem_free(fname, MAXNAMELEN); 3765331Samw kmem_free(sname, MAXNAMELEN); 3775331Samw return (rc); 3785331Samw } 3795331Samw 3805331Samw if (is_stream) 3815331Samw namep = longname; 3825331Samw else 3835331Samw kmem_free(longname, MAXNAMELEN); 3845331Samw } 3855331Samw 3865331Samw if (is_stream) { 3875331Samw /* 3885331Samw * Look up the unnamed stream. 3895331Samw * 3905331Samw * Mangle processing in smb_fsop_lookup() for the unnamed 3915331Samw * stream won't be needed (as it was done above), but 3925331Samw * it may be needed on any link target (which 3935331Samw * smb_fsop_lookup() will provide). 3945331Samw */ 3955331Samw rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 3965331Samw sr->tid_tree->t_snode, dir_snode, namep, &fnode, &file_attr, 3975331Samw 0, 0); 3985331Samw 3995331Samw if (longname) { 4005331Samw kmem_free(longname, MAXNAMELEN); 4015331Samw namep = NULL; 4025331Samw } 4035331Samw 4045331Samw if (rc != 0) { 4055331Samw kmem_free(fname, MAXNAMELEN); 4065331Samw kmem_free(sname, MAXNAMELEN); 4075331Samw return (rc); 4085331Samw } 4095331Samw 4105331Samw rc = smb_vop_stream_create(fnode->vp, sname, attr, &vp, 4115772Sas200622 &xattrdirvp, flags, cr); 4125331Samw 4135331Samw if (rc != 0) { 4145331Samw smb_node_release(fnode); 4155331Samw kmem_free(fname, MAXNAMELEN); 4165331Samw kmem_free(sname, MAXNAMELEN); 4175331Samw return (rc); 4185331Samw } 4195331Samw 4206030Sjb150015 if (sr && sr->tid_tree) 4216030Sjb150015 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 4226030Sjb150015 no_xvattr = B_TRUE; 4236030Sjb150015 4246030Sjb150015 attr->sa_vattr.va_uid = file_attr.sa_vattr.va_uid; 4256030Sjb150015 attr->sa_vattr.va_gid = file_attr.sa_vattr.va_gid; 4266030Sjb150015 attr->sa_mask = SMB_AT_UID | SMB_AT_GID; 4276030Sjb150015 4286030Sjb150015 /* 4296030Sjb150015 * The second parameter of smb_vop_setattr() is set to 4306030Sjb150015 * NULL, even though an unnamed stream exists. This is 4316030Sjb150015 * because we want to set the UID and GID on the named 4326030Sjb150015 * stream in this case for consistency with the (unnamed 4336030Sjb150015 * stream) file (see comments for smb_vop_setattr()). 4346030Sjb150015 */ 4356030Sjb150015 4366030Sjb150015 rc = smb_vop_setattr(vp, NULL, attr, 0, kcred, no_xvattr); 4376030Sjb150015 4386030Sjb150015 if (rc != 0) { 4396030Sjb150015 smb_node_release(fnode); 4406030Sjb150015 kmem_free(fname, MAXNAMELEN); 4416030Sjb150015 kmem_free(sname, MAXNAMELEN); 4426030Sjb150015 return (rc); 4436030Sjb150015 } 4446030Sjb150015 4455331Samw *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 4465331Samw vp, sname, ret_attr); 4475331Samw 4485331Samw smb_node_release(fnode); 4495331Samw 4505331Samw if (*ret_snode == NULL) { 4515331Samw VN_RELE(xattrdirvp); 4525331Samw VN_RELE(vp); 4535331Samw kmem_free(fname, MAXNAMELEN); 4545331Samw kmem_free(sname, MAXNAMELEN); 4555331Samw return (ENOMEM); 4565331Samw } 4575331Samw } else { 4585521Sas200622 if (op->sd) { 4595331Samw /* 4605331Samw * SD sent by client in Windows format. Needs to be 4615331Samw * converted to FS format. No inheritance. 4625331Samw */ 4635521Sas200622 secinfo = smb_sd_get_secinfo(op->sd); 4645521Sas200622 smb_fssd_init(&fs_sd, secinfo, 0); 4655521Sas200622 4665521Sas200622 status = smb_sd_tofs(op->sd, &fs_sd); 4675331Samw if (status == NT_STATUS_SUCCESS) { 4685331Samw rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 4695331Samw name, attr, ret_snode, ret_attr, &fs_sd); 4705331Samw } 4715331Samw else 4725331Samw rc = EINVAL; 4735521Sas200622 smb_fssd_term(&fs_sd); 4745331Samw } else if (sr->tid_tree->t_acltype == ACE_T) { 4755331Samw /* 4765331Samw * No incoming SD and filesystem is ZFS 4775331Samw * Server applies Windows inheritance rules, 4785331Samw * see smb_fsop_sdinherit() comments as to why. 4795331Samw */ 4805521Sas200622 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0); 4815331Samw rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd); 4825331Samw if (rc == 0) { 4835331Samw rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 4845331Samw name, attr, ret_snode, ret_attr, &fs_sd); 4855331Samw } 4865331Samw 4875521Sas200622 smb_fssd_term(&fs_sd); 4885331Samw } else { 4895331Samw /* 4905331Samw * No incoming SD and filesystem is not ZFS 4915331Samw * let the filesystem handles the inheritance. 4925331Samw */ 4935331Samw rc = smb_vop_create(dir_snode->vp, name, attr, &vp, 4945772Sas200622 flags, cr, NULL); 4955331Samw 4965331Samw if (rc == 0) { 4975331Samw *ret_snode = smb_node_lookup(sr, op, cr, vp, 4985331Samw name, dir_snode, NULL, ret_attr); 4995331Samw 5005331Samw if (*ret_snode == NULL) { 5015331Samw VN_RELE(vp); 5025331Samw rc = ENOMEM; 5035331Samw } 5045331Samw } 5055331Samw 5065331Samw } 5075331Samw } 5085331Samw 5095331Samw kmem_free(fname, MAXNAMELEN); 5105331Samw kmem_free(sname, MAXNAMELEN); 5115331Samw return (rc); 5125331Samw } 5135331Samw 5145331Samw /* 5155331Samw * smb_fsop_mkdir 5165331Samw * 5175331Samw * All SMB functions should use this wrapper to ensure that 5185331Samw * the the calls are performed with the appropriate credentials. 5195331Samw * Please document any direct call to explain the reason 5205331Samw * for avoiding this wrapper. 5215331Samw * 5225331Samw * It is assumed that a reference exists on snode coming into this routine. 5235331Samw * 5245331Samw * *ret_snode is returned with a reference upon success. No reference is 5255331Samw * taken if an error is returned. 5265331Samw */ 5275331Samw int 5285331Samw smb_fsop_mkdir( 5296139Sjb150015 smb_request_t *sr, 5305331Samw cred_t *cr, 5315331Samw smb_node_t *dir_snode, 5325331Samw char *name, 5335331Samw smb_attr_t *attr, 5345331Samw smb_node_t **ret_snode, 5355331Samw smb_attr_t *ret_attr) 5365331Samw { 5375331Samw struct open_param *op = &sr->arg.open; 5385331Samw char *longname; 5395331Samw vnode_t *vp; 5405331Samw int flags = 0; 5415331Samw smb_fssd_t fs_sd; 5425331Samw uint32_t secinfo; 5435331Samw uint32_t status; 5445331Samw int rc; 5455331Samw ASSERT(cr); 5465331Samw ASSERT(dir_snode); 5475331Samw ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 5485331Samw ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 5495331Samw 5505331Samw ASSERT(ret_snode); 5515331Samw *ret_snode = 0; 5525331Samw 5535331Samw ASSERT(name); 5545331Samw if (*name == 0) 5555331Samw return (EINVAL); 5565331Samw 5575331Samw if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 5585331Samw return (EACCES); 5595331Samw 5605331Samw ASSERT(sr); 5615331Samw ASSERT(sr->tid_tree); 5625331Samw if (SMB_TREE_IS_READ_ONLY(sr)) 5635331Samw return (EROFS); 5645331Samw 5655331Samw if (smb_maybe_mangled_name(name)) { 5665331Samw longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 5675331Samw rc = smb_unmangle_name(sr, cr, dir_snode, name, longname, 5685331Samw MAXNAMELEN, NULL, NULL, 1); 5695331Samw 5705331Samw kmem_free(longname, MAXNAMELEN); 5715331Samw 5725331Samw /* 5735331Samw * If the name passed in by the client has an unmangled 5745331Samw * equivalent that is found in the specified directory, 5755331Samw * then the mkdir cannot succeed. Return EEXIST. 5765331Samw * 5775331Samw * Only if ENOENT is returned will a mkdir be attempted. 5785331Samw */ 5795331Samw 5805331Samw if (rc == 0) 5815331Samw rc = EEXIST; 5825331Samw 5835331Samw if (rc != ENOENT) 5845331Samw return (rc); 5855331Samw } 5865331Samw 5875331Samw if (SMB_TREE_CASE_INSENSITIVE(sr)) 5885331Samw flags = SMB_IGNORE_CASE; 5895331Samw 5905521Sas200622 if (op->sd) { 5915331Samw /* 5925331Samw * SD sent by client in Windows format. Needs to be 5935331Samw * converted to FS format. No inheritance. 5945331Samw */ 5955521Sas200622 secinfo = smb_sd_get_secinfo(op->sd); 5965521Sas200622 smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR); 5975521Sas200622 5985521Sas200622 status = smb_sd_tofs(op->sd, &fs_sd); 5995331Samw if (status == NT_STATUS_SUCCESS) { 6005331Samw rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 6015331Samw name, attr, ret_snode, ret_attr, &fs_sd); 6025331Samw } 6035331Samw else 6045331Samw rc = EINVAL; 6055521Sas200622 smb_fssd_term(&fs_sd); 6065331Samw } else if (sr->tid_tree->t_acltype == ACE_T) { 6075331Samw /* 6085331Samw * No incoming SD and filesystem is ZFS 6095331Samw * Server applies Windows inheritance rules, 6105331Samw * see smb_fsop_sdinherit() comments as to why. 6115331Samw */ 6125521Sas200622 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR); 6135331Samw rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd); 6145331Samw if (rc == 0) { 6155331Samw rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 6165331Samw name, attr, ret_snode, ret_attr, &fs_sd); 6175331Samw } 6185331Samw 6195521Sas200622 smb_fssd_term(&fs_sd); 6205331Samw 6215331Samw } else { 6225331Samw rc = smb_vop_mkdir(dir_snode->vp, name, attr, &vp, flags, cr, 6235772Sas200622 NULL); 6245331Samw 6255331Samw if (rc == 0) { 6265331Samw *ret_snode = smb_node_lookup(sr, op, cr, vp, name, 6275331Samw dir_snode, NULL, ret_attr); 6285331Samw 6295331Samw if (*ret_snode == NULL) { 6305331Samw VN_RELE(vp); 6315331Samw rc = ENOMEM; 6325331Samw } 6335331Samw } 6345331Samw } 6355331Samw 6365331Samw return (rc); 6375331Samw } 6385331Samw 6395331Samw /* 6405331Samw * smb_fsop_remove 6415331Samw * 6425331Samw * All SMB functions should use this wrapper to ensure that 6435331Samw * the the calls are performed with the appropriate credentials. 6445331Samw * Please document any direct call to explain the reason 6455331Samw * for avoiding this wrapper. 6465331Samw * 6475331Samw * It is assumed that a reference exists on snode coming into this routine. 6485331Samw * 6495331Samw * od: This means that the name passed in is an on-disk name. 6505331Samw * A null smb_request might be passed to this function. 6515331Samw */ 6525331Samw 6535331Samw int 6545331Samw smb_fsop_remove( 6556139Sjb150015 smb_request_t *sr, 6566139Sjb150015 cred_t *cr, 6576139Sjb150015 smb_node_t *dir_snode, 6586139Sjb150015 char *name, 6596139Sjb150015 int od) 6605331Samw { 6616139Sjb150015 smb_node_t *fnode; 6626139Sjb150015 smb_attr_t file_attr; 6636139Sjb150015 char *longname; 6646139Sjb150015 char *fname; 6656139Sjb150015 char *sname; 6666139Sjb150015 int flags = 0; 6676139Sjb150015 int rc; 6685331Samw 6695331Samw ASSERT(cr); 6705331Samw /* 6715331Samw * The state of the node could be SMB_NODE_STATE_DESTROYING if this 6725331Samw * function is called during the deletion of the node (because of 6735331Samw * DELETE_ON_CLOSE). 6745331Samw */ 6755331Samw ASSERT(dir_snode); 6765331Samw ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 6775331Samw 6785331Samw if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 6795331Samw return (EACCES); 6805331Samw 6815331Samw if (SMB_TREE_IS_READ_ONLY(sr)) 6825331Samw return (EROFS); 6835331Samw 6845331Samw fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 6855331Samw sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 6865331Samw 6875967Scp160787 /* 6885967Scp160787 * If the passed-in name is an on-disk name, 6895967Scp160787 * then we need to do a case-sensitive remove. 6905967Scp160787 * This is important if the on-disk name 6915967Scp160787 * corresponds to a mangled name passed in by 6925967Scp160787 * the client. We want to make sure to remove 6935967Scp160787 * the exact file specified by the client, 6945967Scp160787 * instead of letting the underlying file system 6955967Scp160787 * do a remove on the "first match." 6965967Scp160787 */ 6975967Scp160787 6985967Scp160787 if ((od == 0) && SMB_TREE_CASE_INSENSITIVE(sr)) 6995967Scp160787 flags = SMB_IGNORE_CASE; 7005967Scp160787 7015967Scp160787 if (dir_snode->flags & NODE_XATTR_DIR) { 7025967Scp160787 rc = smb_vop_stream_remove(dir_snode->dir_snode->vp, 7035967Scp160787 name, flags, cr); 7045967Scp160787 } else if (smb_stream_parse_name(name, fname, sname)) { 7055967Scp160787 /* 7065967Scp160787 * It is assumed that "name" corresponds to the path 7075967Scp160787 * passed in by the client, and no need of suppressing 7085967Scp160787 * case-insensitive lookups is needed. 7095967Scp160787 */ 7105331Samw 7115331Samw ASSERT(od == 0); 7125331Samw 7135331Samw /* 7145331Samw * Look up the unnamed stream (i.e. fname). 7155331Samw * Unmangle processing will be done on fname 7165331Samw * as well as any link target. 7175331Samw */ 7185331Samw 7195331Samw rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 7205331Samw sr->tid_tree->t_snode, dir_snode, fname, &fnode, &file_attr, 7215331Samw 0, 0); 7225331Samw 7235331Samw if (rc != 0) { 7245331Samw kmem_free(fname, MAXNAMELEN); 7255331Samw kmem_free(sname, MAXNAMELEN); 7265331Samw return (rc); 7275331Samw } 7285331Samw 7295331Samw /* 7305331Samw * XXX 7315331Samw * Need to find out what permission is required by NTFS 7325331Samw * to remove a stream. 7335331Samw */ 7345772Sas200622 rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr); 7355331Samw 7365331Samw smb_node_release(fnode); 7375331Samw } else { 7385772Sas200622 rc = smb_vop_remove(dir_snode->vp, name, flags, cr); 7395331Samw 7405331Samw if (rc == ENOENT) { 7415331Samw if (smb_maybe_mangled_name(name) == 0) { 7425331Samw kmem_free(fname, MAXNAMELEN); 7435331Samw kmem_free(sname, MAXNAMELEN); 7445331Samw return (rc); 7455331Samw } 7465331Samw longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 7475331Samw 7485331Samw rc = smb_unmangle_name(sr, cr, dir_snode, name, 7495331Samw longname, MAXNAMELEN, NULL, NULL, 1); 7505331Samw 7515331Samw if (rc == 0) { 7525331Samw /* 7535331Samw * We passed "1" as the "od" parameter 7545331Samw * to smb_unmangle_name(), such that longname 7555331Samw * is the real (case-sensitive) on-disk name. 7565331Samw * We make sure we do a remove on this exact 7575331Samw * name, as the name was mangled and denotes 7585331Samw * a unique file. 7595331Samw */ 7605331Samw flags &= ~SMB_IGNORE_CASE; 7615331Samw rc = smb_vop_remove(dir_snode->vp, longname, 7625772Sas200622 flags, cr); 7635331Samw } 7645331Samw 7655331Samw kmem_free(longname, MAXNAMELEN); 7665331Samw } 7675331Samw } 7685331Samw 7695331Samw kmem_free(fname, MAXNAMELEN); 7705331Samw kmem_free(sname, MAXNAMELEN); 7715331Samw return (rc); 7725331Samw } 7735331Samw 7745331Samw /* 7755331Samw * smb_fsop_remove_streams 7765331Samw * 7775331Samw * This function removes a file's streams without removing the 7785331Samw * file itself. 7795331Samw * 7805331Samw * It is assumed that snode is not a link. 7815331Samw */ 7825331Samw int 7836139Sjb150015 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode) 7845331Samw { 7855331Samw struct fs_stream_info stream_info; 7865331Samw uint32_t cookie = 0; 7875331Samw int flags = 0; 7885331Samw int rc; 7895331Samw 7905331Samw ASSERT(cr); 7915331Samw ASSERT(fnode); 7925331Samw ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 7935331Samw ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 7945331Samw 7955331Samw if (SMB_TREE_ROOT_FS(sr, fnode) == 0) 7965331Samw return (EACCES); 7975331Samw 7985331Samw if (SMB_TREE_IS_READ_ONLY(sr)) 7995331Samw return (EROFS); 8005331Samw 8015331Samw if (SMB_TREE_CASE_INSENSITIVE(sr)) 8025331Samw flags = SMB_IGNORE_CASE; 8035331Samw 8045331Samw for (;;) { 8055331Samw rc = smb_vop_stream_readdir(fnode->vp, &cookie, &stream_info, 8065772Sas200622 NULL, NULL, flags, cr); 8075331Samw 8085331Samw if ((rc != 0) || (cookie == SMB_EOF)) 8095331Samw break; 8105331Samw 8115331Samw (void) smb_vop_stream_remove(fnode->vp, stream_info.name, flags, 8125772Sas200622 cr); 8135331Samw } 8145331Samw return (rc); 8155331Samw } 8165331Samw 8175331Samw /* 8185331Samw * smb_fsop_rmdir 8195331Samw * 8205331Samw * All SMB functions should use this wrapper to ensure that 8215331Samw * the the calls are performed with the appropriate credentials. 8225331Samw * Please document any direct call to explain the reason 8235331Samw * for avoiding this wrapper. 8245331Samw * 8255331Samw * It is assumed that a reference exists on snode coming into this routine. 8265331Samw * 8275331Samw * od: This means that the name passed in is an on-disk name. 8285331Samw */ 8295331Samw 8305331Samw int 8315331Samw smb_fsop_rmdir( 8326139Sjb150015 smb_request_t *sr, 8336139Sjb150015 cred_t *cr, 8346139Sjb150015 smb_node_t *dir_snode, 8356139Sjb150015 char *name, 8366139Sjb150015 int od) 8375331Samw { 8386139Sjb150015 int rc; 8396139Sjb150015 int flags = 0; 8406139Sjb150015 char *longname; 8415331Samw 8425331Samw ASSERT(cr); 8435331Samw /* 8445331Samw * The state of the node could be SMB_NODE_STATE_DESTROYING if this 8455331Samw * function is called during the deletion of the node (because of 8465331Samw * DELETE_ON_CLOSE). 8475331Samw */ 8485331Samw ASSERT(dir_snode); 8495331Samw ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 8505331Samw 8515331Samw if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 8525331Samw return (EACCES); 8535331Samw 8545331Samw if (SMB_TREE_IS_READ_ONLY(sr)) 8555331Samw return (EROFS); 8565331Samw 8575331Samw /* 8585331Samw * If the passed-in name is an on-disk name, 8595331Samw * then we need to do a case-sensitive rmdir. 8605331Samw * This is important if the on-disk name 8615331Samw * corresponds to a mangled name passed in by 8625331Samw * the client. We want to make sure to remove 8635331Samw * the exact directory specified by the client, 8645331Samw * instead of letting the underlying file system 8655331Samw * do a rmdir on the "first match." 8665331Samw */ 8675331Samw 8685331Samw if ((od == 0) && SMB_TREE_CASE_INSENSITIVE(sr)) 8695331Samw flags = SMB_IGNORE_CASE; 8705331Samw 8715772Sas200622 rc = smb_vop_rmdir(dir_snode->vp, name, flags, cr); 8725331Samw 8735331Samw if (rc == ENOENT) { 8745331Samw if (smb_maybe_mangled_name(name) == 0) 8755331Samw return (rc); 8765331Samw 8775331Samw longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 8785331Samw 8795331Samw rc = smb_unmangle_name(sr, cr, dir_snode, 8805331Samw name, longname, MAXNAMELEN, NULL, 8815331Samw NULL, 1); 8825331Samw 8835331Samw if (rc == 0) { 8845331Samw /* 8855331Samw * We passed "1" as the "od" parameter 8865331Samw * to smb_unmangle_name(), such that longname 8875331Samw * is the real (case-sensitive) on-disk name. 8885331Samw * We make sure we do a rmdir on this exact 8895331Samw * name, as the name was mangled and denotes 8905331Samw * a unique directory. 8915331Samw */ 8925331Samw flags &= ~SMB_IGNORE_CASE; 8935772Sas200622 rc = smb_vop_rmdir(dir_snode->vp, longname, flags, cr); 8945331Samw } 8955331Samw 8965331Samw kmem_free(longname, MAXNAMELEN); 8975331Samw } 8985331Samw 8995331Samw return (rc); 9005331Samw } 9015331Samw 9025331Samw /* 9035331Samw * smb_fsop_getattr 9045331Samw * 9055331Samw * All SMB functions should use this wrapper to ensure that 9065331Samw * the the calls are performed with the appropriate credentials. 9075331Samw * Please document any direct call to explain the reason 9085331Samw * for avoiding this wrapper. 9095331Samw * 9105331Samw * It is assumed that a reference exists on snode coming into this routine. 9115331Samw */ 9125331Samw int 9136139Sjb150015 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 9145331Samw smb_attr_t *attr) 9155331Samw { 9165331Samw smb_node_t *unnamed_node; 9175331Samw vnode_t *unnamed_vp = NULL; 9185331Samw uint32_t status; 9195331Samw uint32_t access = 0; 9205331Samw int flags = 0; 9215772Sas200622 int rc; 9225331Samw 9235331Samw ASSERT(cr); 9245331Samw ASSERT(snode); 9255331Samw ASSERT(snode->n_magic == SMB_NODE_MAGIC); 9265331Samw ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 9275331Samw 9285331Samw if (SMB_TREE_ROOT_FS(sr, snode) == 0) 9295331Samw return (EACCES); 9305331Samw 9315331Samw if (sr->fid_ofile) { 9325331Samw /* if uid and/or gid is requested */ 9335331Samw if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 9345331Samw access |= READ_CONTROL; 9355331Samw 9365331Samw /* if anything else is also requested */ 9375331Samw if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 9385331Samw access |= FILE_READ_ATTRIBUTES; 9395331Samw 9405331Samw status = smb_ofile_access(sr->fid_ofile, cr, access); 9415331Samw if (status != NT_STATUS_SUCCESS) 9425331Samw return (EACCES); 9435331Samw 9445331Samw if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 9455331Samw flags = ATTR_NOACLCHECK; 9465331Samw } 9475331Samw 9485331Samw unnamed_node = SMB_IS_STREAM(snode); 9495331Samw 9505331Samw if (unnamed_node) { 9515331Samw ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 9525331Samw ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 9535331Samw unnamed_vp = unnamed_node->vp; 9545331Samw } 9555331Samw 9565772Sas200622 rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr); 9575772Sas200622 if (rc == 0) 9585772Sas200622 snode->attr = *attr; 9595772Sas200622 9605772Sas200622 return (rc); 9615331Samw } 9625331Samw 9635331Samw /* 9645331Samw * smb_fsop_readdir 9655331Samw * 9665331Samw * All SMB functions should use this smb_fsop_readdir wrapper to ensure that 9675331Samw * the smb_vop_readdir is performed with the appropriate credentials. 9685331Samw * Please document any direct call to smb_vop_readdir to explain the reason 9695331Samw * for avoiding this wrapper. 9705331Samw * 9715331Samw * It is assumed that a reference exists on snode coming into this routine. 9725331Samw */ 9735331Samw int 9745331Samw smb_fsop_readdir( 9756139Sjb150015 smb_request_t *sr, 9765331Samw cred_t *cr, 9775331Samw smb_node_t *dir_snode, 9785331Samw uint32_t *cookie, 9795331Samw char *name, 9805331Samw int *namelen, 9815331Samw ino64_t *fileid, 9825331Samw struct fs_stream_info *stream_info, 9835331Samw smb_node_t **ret_snode, 9845331Samw smb_attr_t *ret_attr) 9855331Samw { 9866139Sjb150015 smb_node_t *ret_snodep; 9876139Sjb150015 smb_node_t *fnode; 9886139Sjb150015 smb_attr_t tmp_attr; 9896139Sjb150015 vnode_t *xattrdirvp; 9906139Sjb150015 vnode_t *fvp; 9916139Sjb150015 vnode_t *vp = NULL; 9926139Sjb150015 char *od_name; 9936139Sjb150015 int rc; 9946139Sjb150015 int flags = 0; 9955331Samw 9965331Samw ASSERT(cr); 9975331Samw ASSERT(dir_snode); 9985331Samw ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 9995331Samw ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 10005331Samw 10015331Samw if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 10025331Samw return (EACCES); 10035331Samw 10045331Samw if (*cookie == SMB_EOF) { 10055331Samw *namelen = 0; 10065331Samw return (0); 10075331Samw } 10085331Samw 10095331Samw if (SMB_TREE_CASE_INSENSITIVE(sr)) 10105331Samw flags = SMB_IGNORE_CASE; 10115331Samw 10125331Samw od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 10135331Samw 10145331Samw if (stream_info) { 10155331Samw rc = smb_vop_lookup(dir_snode->vp, name, &fvp, od_name, 10165772Sas200622 SMB_FOLLOW_LINKS, sr->tid_tree->t_snode->vp, cr); 10175331Samw 10185331Samw if (rc != 0) { 10195331Samw kmem_free(od_name, MAXNAMELEN); 10205331Samw return (rc); 10215331Samw } 10225331Samw 10235331Samw fnode = smb_node_lookup(sr, NULL, cr, fvp, od_name, dir_snode, 10245331Samw NULL, ret_attr); 10255331Samw 10265331Samw kmem_free(od_name, MAXNAMELEN); 10275331Samw 10285331Samw if (fnode == NULL) { 10295331Samw VN_RELE(fvp); 10305331Samw return (ENOMEM); 10315331Samw } 10325331Samw 10335331Samw /* 10345331Samw * XXX 10355331Samw * Need to find out what permission(s) NTFS requires for getting 10365331Samw * a file's streams list. 10375331Samw * 10385331Samw * Might have to use kcred. 10395331Samw */ 10405331Samw rc = smb_vop_stream_readdir(fvp, cookie, stream_info, &vp, 10415772Sas200622 &xattrdirvp, flags, cr); 10425331Samw 10435331Samw if ((rc != 0) || (*cookie == SMB_EOF)) { 10445331Samw smb_node_release(fnode); 10455331Samw return (rc); 10465331Samw } 10475331Samw 10485331Samw ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 10495331Samw vp, stream_info->name, &tmp_attr); 10505331Samw 10515331Samw smb_node_release(fnode); 10525331Samw 10535331Samw if (ret_snodep == NULL) { 10545331Samw VN_RELE(xattrdirvp); 10555331Samw VN_RELE(vp); 10565331Samw return (ENOMEM); 10575331Samw } 10585331Samw 10595331Samw stream_info->size = tmp_attr.sa_vattr.va_size; 10605331Samw 10615331Samw if (ret_attr) 10625331Samw *ret_attr = tmp_attr; 10635331Samw 10645331Samw if (ret_snode) 10655331Samw *ret_snode = ret_snodep; 10665331Samw else 10675331Samw smb_node_release(ret_snodep); 10685331Samw 10695331Samw } else { 10705331Samw rc = smb_vop_readdir(dir_snode->vp, cookie, name, namelen, 10715772Sas200622 fileid, &vp, od_name, flags, cr); 10725331Samw 10735331Samw if (rc != 0) { 10745331Samw kmem_free(od_name, MAXNAMELEN); 10755331Samw return (rc); 10765331Samw } 10775331Samw 10785331Samw if (*namelen) { 10795331Samw ASSERT(vp); 10805331Samw if (ret_attr || ret_snode) { 10815331Samw ret_snodep = smb_node_lookup(sr, NULL, cr, vp, 10825331Samw od_name, dir_snode, NULL, &tmp_attr); 10835331Samw 10845331Samw if (ret_snodep == NULL) { 10855331Samw kmem_free(od_name, MAXNAMELEN); 10865331Samw VN_RELE(vp); 10875331Samw return (ENOMEM); 10885331Samw } 10895331Samw 10905331Samw if (ret_attr) 10915331Samw *ret_attr = tmp_attr; 10925331Samw 10935331Samw if (ret_snode) 10945331Samw *ret_snode = ret_snodep; 10955331Samw else 10965331Samw smb_node_release(ret_snodep); 10975331Samw } 10985331Samw } 10995331Samw 11005331Samw kmem_free(od_name, MAXNAMELEN); 11015331Samw } 11025331Samw 11035331Samw return (rc); 11045331Samw } 11055331Samw 11065331Samw /* 11075331Samw * smb_fsop_getdents 11085331Samw * 11095331Samw * All SMB functions should use this smb_vop_getdents wrapper to ensure that 11105331Samw * the smb_vop_getdents is performed with the appropriate credentials. 11115331Samw * Please document any direct call to smb_vop_getdents to explain the reason 11125331Samw * for avoiding this wrapper. 11135331Samw * 11145331Samw * It is assumed that a reference exists on snode coming into this routine. 11155331Samw */ 11165331Samw /*ARGSUSED*/ 11175331Samw int 11185331Samw smb_fsop_getdents( 11195331Samw struct smb_request *sr, 11205331Samw cred_t *cr, 11215331Samw smb_node_t *dir_snode, 11225331Samw uint32_t *cookie, 11235331Samw uint64_t *verifierp, 11245331Samw int32_t *maxcnt, 11255331Samw char *args, 11265331Samw char *pattern) 11275331Samw { 11285331Samw int flags = 0; 11295331Samw 11305331Samw ASSERT(cr); 11315331Samw ASSERT(dir_snode); 11325331Samw ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 11335331Samw ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 11345331Samw 11355331Samw if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 11365331Samw return (EACCES); 11375331Samw 11385331Samw if (SMB_TREE_CASE_INSENSITIVE(sr)) 11395331Samw flags = SMB_IGNORE_CASE; 11405331Samw 11415331Samw return (smb_vop_getdents(dir_snode, cookie, 0, maxcnt, args, pattern, 11425772Sas200622 flags, sr, cr)); 11435331Samw } 11445331Samw 11455331Samw /* 11465331Samw * smb_fsop_rename 11475331Samw * 11485331Samw * All SMB functions should use this smb_vop_rename wrapper to ensure that 11495331Samw * the smb_vop_rename is performed with the appropriate credentials. 11505331Samw * Please document any direct call to smb_vop_rename to explain the reason 11515331Samw * for avoiding this wrapper. 11525331Samw * 11535331Samw * It is assumed that references exist on from_dir_snode and to_dir_snode coming 11545331Samw * into this routine. 11555331Samw */ 11565331Samw int 11575331Samw smb_fsop_rename( 11586139Sjb150015 smb_request_t *sr, 11595331Samw cred_t *cr, 11605331Samw smb_node_t *from_dir_snode, 11615331Samw char *from_name, 11625331Samw smb_node_t *to_dir_snode, 11635331Samw char *to_name) 11645331Samw { 11655331Samw smb_node_t *from_snode; 11665331Samw smb_attr_t tmp_attr; 11675331Samw vnode_t *from_vp; 11685331Samw int flags = 0; 11695331Samw int rc; 11705331Samw 11715331Samw ASSERT(cr); 11725331Samw ASSERT(from_dir_snode); 11735331Samw ASSERT(from_dir_snode->n_magic == SMB_NODE_MAGIC); 11745331Samw ASSERT(from_dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 11755331Samw 11765331Samw ASSERT(to_dir_snode); 11775331Samw ASSERT(to_dir_snode->n_magic == SMB_NODE_MAGIC); 11785331Samw ASSERT(to_dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 11795331Samw 11805331Samw if (SMB_TREE_ROOT_FS(sr, from_dir_snode) == 0) 11815331Samw return (EACCES); 11825331Samw 11835331Samw if (SMB_TREE_ROOT_FS(sr, to_dir_snode) == 0) 11845331Samw return (EACCES); 11855331Samw 11865331Samw ASSERT(sr); 11875331Samw ASSERT(sr->tid_tree); 11885331Samw if (SMB_TREE_IS_READ_ONLY(sr)) 11895331Samw return (EROFS); 11905331Samw 11915331Samw /* 11925331Samw * Note: There is no need to check SMB_TREE_CASE_INSENSITIVE(sr) 11935331Samw * here. 11945331Samw * 11955331Samw * A case-sensitive rename is always done in this routine 11965331Samw * because we are using the on-disk name from an earlier lookup. 11975331Samw * If a mangled name was passed in by the caller (denoting a 11985331Samw * deterministic lookup), then the exact file must be renamed 11995331Samw * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or 12005331Samw * else the underlying file system might return a "first-match" 12015331Samw * on this on-disk name, possibly resulting in the wrong file). 12025331Samw */ 12035331Samw 12045331Samw /* 12055331Samw * XXX: Lock required through smb_node_release() below? 12065331Samw */ 12075331Samw 12085331Samw rc = smb_vop_lookup(from_dir_snode->vp, from_name, &from_vp, NULL, 0, 12095772Sas200622 NULL, cr); 12105331Samw 12115331Samw if (rc != 0) 12125331Samw return (rc); 12135331Samw 12145331Samw rc = smb_vop_rename(from_dir_snode->vp, from_name, to_dir_snode->vp, 12155772Sas200622 to_name, flags, cr); 12165331Samw 12175331Samw if (rc == 0) { 12185331Samw from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name, 12195331Samw from_dir_snode, NULL, &tmp_attr); 12205331Samw 12215331Samw if (from_snode == NULL) { 12225331Samw VN_RELE(from_vp); 12235331Samw return (ENOMEM); 12245331Samw } 12255331Samw 12265331Samw (void) smb_node_rename(from_dir_snode, from_snode, to_dir_snode, 12275331Samw to_name); 12285331Samw 12295331Samw smb_node_release(from_snode); 12305331Samw } else { 12315331Samw VN_RELE(from_vp); 12325331Samw } 12335331Samw 12345331Samw /* XXX: unlock */ 12355331Samw 12365331Samw return (rc); 12375331Samw } 12385331Samw 12395331Samw /* 12405331Samw * smb_fsop_setattr 12415331Samw * 12425331Samw * All SMB functions should use this wrapper to ensure that 12435331Samw * the the calls are performed with the appropriate credentials. 12445331Samw * Please document any direct call to explain the reason 12455331Samw * for avoiding this wrapper. 12465331Samw * 12475331Samw * It is assumed that a reference exists on snode coming into this routine. 12485331Samw * A null smb_request might be passed to this function. 12495331Samw */ 12505331Samw int 12515331Samw smb_fsop_setattr( 12526139Sjb150015 smb_request_t *sr, 12536139Sjb150015 cred_t *cr, 12546139Sjb150015 smb_node_t *snode, 12556139Sjb150015 smb_attr_t *set_attr, 12566139Sjb150015 smb_attr_t *ret_attr) 12575331Samw { 12585331Samw smb_node_t *unnamed_node; 12595331Samw vnode_t *unnamed_vp = NULL; 12605331Samw uint32_t status; 12615331Samw uint32_t access = 0; 12625331Samw int rc = 0; 12635331Samw int flags = 0; 12645521Sas200622 boolean_t no_xvattr = B_FALSE; 12655331Samw 12665331Samw ASSERT(cr); 12675331Samw ASSERT(snode); 12685331Samw ASSERT(snode->n_magic == SMB_NODE_MAGIC); 12695331Samw ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 12705331Samw 12715331Samw if (SMB_TREE_ROOT_FS(sr, snode) == 0) 12725331Samw return (EACCES); 12735331Samw 12745331Samw if (SMB_TREE_IS_READ_ONLY(sr)) 12755331Samw return (EROFS); 12765331Samw 12775331Samw /* sr could be NULL in some cases */ 12785331Samw if (sr && sr->fid_ofile) { 12795331Samw /* if uid and/or gid is requested */ 12805331Samw if (set_attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 12815331Samw access |= WRITE_OWNER; 12825331Samw 12835331Samw /* if anything else is also requested */ 12845331Samw if (set_attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 12855331Samw access |= FILE_WRITE_ATTRIBUTES; 12865331Samw 12875331Samw status = smb_ofile_access(sr->fid_ofile, cr, access); 12885331Samw if (status != NT_STATUS_SUCCESS) 12895331Samw return (EACCES); 12905331Samw 12915331Samw if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 12925331Samw flags = ATTR_NOACLCHECK; 12935331Samw } 12945331Samw 12955331Samw unnamed_node = SMB_IS_STREAM(snode); 12965331Samw 12975331Samw if (unnamed_node) { 12985331Samw ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 12995331Samw ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 13005331Samw unnamed_vp = unnamed_node->vp; 13015331Samw } 13025521Sas200622 if (sr && sr->tid_tree) 13035521Sas200622 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 13045521Sas200622 no_xvattr = B_TRUE; 13055521Sas200622 13065772Sas200622 rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr, 13075772Sas200622 no_xvattr); 13085331Samw 13095331Samw if ((rc == 0) && ret_attr) { 13105331Samw /* 13115772Sas200622 * Use kcred to update the node attr because this 13125772Sas200622 * call is not being made on behalf of the user. 13135331Samw */ 13145331Samw ret_attr->sa_mask = SMB_AT_ALL; 13155772Sas200622 rc = smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, kcred); 13165772Sas200622 if (rc == 0) 13175772Sas200622 snode->attr = *ret_attr; 13185331Samw } 13195331Samw 13205331Samw return (rc); 13215331Samw } 13225331Samw 13235331Samw /* 13245331Samw * smb_fsop_read 13255331Samw * 13265331Samw * All SMB functions should use this wrapper to ensure that 13275331Samw * the the calls are performed with the appropriate credentials. 13285331Samw * Please document any direct call to explain the reason 13295331Samw * for avoiding this wrapper. 13305331Samw * 13315331Samw * It is assumed that a reference exists on snode coming into this routine. 13325331Samw */ 13335331Samw int 13345331Samw smb_fsop_read( 13355331Samw struct smb_request *sr, 13365331Samw cred_t *cr, 13375331Samw smb_node_t *snode, 13385331Samw uio_t *uio, 13395331Samw smb_attr_t *ret_attr) 13405331Samw { 13415331Samw smb_node_t *unnamed_node; 13425331Samw vnode_t *unnamed_vp = NULL; 13435772Sas200622 int svmand; 13445331Samw int rc; 13455331Samw 13465331Samw ASSERT(cr); 13475331Samw ASSERT(snode); 13485331Samw ASSERT(snode->n_magic == SMB_NODE_MAGIC); 13495331Samw ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 13505331Samw 13515331Samw ASSERT(sr); 13525331Samw ASSERT(sr->fid_ofile); 13535331Samw 13545331Samw rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA); 13555331Samw if (rc != NT_STATUS_SUCCESS) { 13565331Samw rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE); 13575331Samw if (rc != NT_STATUS_SUCCESS) 13585331Samw return (EACCES); 13595331Samw } 13605331Samw 13615331Samw unnamed_node = SMB_IS_STREAM(snode); 13625331Samw if (unnamed_node) { 13635331Samw ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 13645331Samw ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 13655331Samw unnamed_vp = unnamed_node->vp; 13665331Samw /* 13675331Samw * Streams permission are checked against the unnamed stream, 13685331Samw * but in FS level they have their own permissions. To avoid 13695331Samw * rejection by FS due to lack of permission on the actual 13705331Samw * extended attr kcred is passed for streams. 13715331Samw */ 13725331Samw cr = kcred; 13735331Samw } 13745331Samw 13755772Sas200622 smb_node_start_crit(snode, RW_READER); 13765772Sas200622 rc = nbl_svmand(snode->vp, cr, &svmand); 13775772Sas200622 if (rc) { 13785772Sas200622 smb_node_end_crit(snode); 13795772Sas200622 return (rc); 13805772Sas200622 } 13815772Sas200622 13825772Sas200622 rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset, 13835772Sas200622 uio->uio_iov->iov_len, svmand, &smb_ct); 13845772Sas200622 13855772Sas200622 if (rc) { 13865772Sas200622 smb_node_end_crit(snode); 13876432Sas200622 return (ERANGE); 13885772Sas200622 } 13895772Sas200622 rc = smb_vop_read(snode->vp, uio, cr); 13905772Sas200622 13915772Sas200622 if (rc == 0 && ret_attr) { 13925331Samw /* 13935772Sas200622 * Use kcred to update the node attr because this 13945772Sas200622 * call is not being made on behalf of the user. 13955331Samw */ 13965331Samw ret_attr->sa_mask = SMB_AT_ALL; 13975772Sas200622 if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 13985772Sas200622 kcred) == 0) { 13995772Sas200622 snode->attr = *ret_attr; 14005772Sas200622 } 14015331Samw } 14025331Samw 14035772Sas200622 smb_node_end_crit(snode); 14045772Sas200622 14055331Samw return (rc); 14065331Samw } 14075331Samw 14085331Samw /* 14095331Samw * smb_fsop_write 14105331Samw * 14115331Samw * This is a wrapper function used for smb_write and smb_write_raw operations. 14125331Samw * 14135331Samw * It is assumed that a reference exists on snode coming into this routine. 14145331Samw */ 14155331Samw int 14165331Samw smb_fsop_write( 14176139Sjb150015 smb_request_t *sr, 14185331Samw cred_t *cr, 14195331Samw smb_node_t *snode, 14205331Samw uio_t *uio, 14215331Samw uint32_t *lcount, 14225331Samw smb_attr_t *ret_attr, 14235331Samw uint32_t *flag) 14245331Samw { 14255331Samw smb_node_t *unnamed_node; 14265331Samw vnode_t *unnamed_vp = NULL; 14275772Sas200622 int svmand; 14285331Samw int rc; 14295331Samw 14305331Samw ASSERT(cr); 14315331Samw ASSERT(snode); 14325331Samw ASSERT(snode->n_magic == SMB_NODE_MAGIC); 14335331Samw ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 14345331Samw 14355331Samw ASSERT(sr); 14365331Samw ASSERT(sr->tid_tree); 14375331Samw ASSERT(sr->fid_ofile); 14385331Samw 14395331Samw if (SMB_TREE_IS_READ_ONLY(sr)) 14405331Samw return (EROFS); 14415772Sas200622 14425331Samw rc = smb_ofile_access(sr->fid_ofile, cr, FILE_WRITE_DATA); 14435772Sas200622 if (rc != NT_STATUS_SUCCESS) { 14445772Sas200622 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_APPEND_DATA); 14455772Sas200622 if (rc != NT_STATUS_SUCCESS) 14465772Sas200622 return (EACCES); 14475772Sas200622 } 14485331Samw 14495331Samw unnamed_node = SMB_IS_STREAM(snode); 14505331Samw 14515331Samw if (unnamed_node) { 14525331Samw ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 14535331Samw ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 14545331Samw unnamed_vp = unnamed_node->vp; 14555331Samw /* 14565331Samw * Streams permission are checked against the unnamed stream, 14575331Samw * but in FS level they have their own permissions. To avoid 14585331Samw * rejection by FS due to lack of permission on the actual 14595331Samw * extended attr kcred is passed for streams. 14605331Samw */ 14615331Samw cr = kcred; 14625331Samw } 14635331Samw 14645772Sas200622 smb_node_start_crit(snode, RW_READER); 14655772Sas200622 rc = nbl_svmand(snode->vp, cr, &svmand); 14665772Sas200622 if (rc) { 14675772Sas200622 smb_node_end_crit(snode); 14685772Sas200622 return (rc); 14695772Sas200622 } 14705772Sas200622 rc = nbl_lock_conflict(snode->vp, NBL_WRITE, uio->uio_loffset, 14715772Sas200622 uio->uio_iov->iov_len, svmand, &smb_ct); 14725772Sas200622 14735772Sas200622 if (rc) { 14745772Sas200622 smb_node_end_crit(snode); 14756432Sas200622 return (ERANGE); 14765772Sas200622 } 14775772Sas200622 rc = smb_vop_write(snode->vp, uio, flag, lcount, cr); 14785772Sas200622 14795772Sas200622 if (rc == 0 && ret_attr) { 14805331Samw /* 14815772Sas200622 * Use kcred to update the node attr because this 14825772Sas200622 * call is not being made on behalf of the user. 14835331Samw */ 14845331Samw ret_attr->sa_mask = SMB_AT_ALL; 14855772Sas200622 if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 14865772Sas200622 kcred) == 0) { 14875772Sas200622 snode->attr = *ret_attr; 14885772Sas200622 } 14895331Samw } 14905331Samw 14915772Sas200622 smb_node_end_crit(snode); 14925772Sas200622 14935331Samw return (rc); 14945331Samw } 14955331Samw 14965331Samw /* 14975331Samw * smb_fsop_statfs 14985331Samw * 14995331Samw * This is a wrapper function used for stat operations. 15005331Samw */ 15015331Samw int 15025331Samw smb_fsop_statfs( 15035331Samw cred_t *cr, 15045331Samw smb_node_t *snode, 15055331Samw struct statvfs64 *statp) 15065331Samw { 15075331Samw ASSERT(cr); 15085331Samw ASSERT(snode); 15095331Samw ASSERT(snode->n_magic == SMB_NODE_MAGIC); 15105331Samw ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 15115331Samw 15125331Samw return (smb_vop_statfs(snode->vp, statp, cr)); 15135331Samw } 15145331Samw 15155331Samw /* 15165331Samw * smb_fsop_access 15176700Sjm199354 * 15186700Sjm199354 * Named streams do not have separate permissions from the associated 15196700Sjm199354 * unnamed stream. Thus, if node is a named stream, the permissions 15206700Sjm199354 * check will be performed on the associated unnamed stream. 15216700Sjm199354 * 15226700Sjm199354 * However, our named streams do have their own quarantine attribute, 15236700Sjm199354 * separate from that on the unnamed stream. If READ or EXECUTE 15246700Sjm199354 * access has been requested on a named stream, an additional access 15256700Sjm199354 * check is performed on the named stream in case it has been 15266700Sjm199354 * quarantined. kcred is used to avoid issues with the permissions 15276700Sjm199354 * set on the extended attribute file representing the named stream. 15285331Samw */ 15295331Samw int 15305331Samw smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 15315331Samw uint32_t faccess) 15325331Samw { 15335331Samw int access = 0; 15345331Samw int error; 15355331Samw vnode_t *dir_vp; 15365331Samw boolean_t acl_check = B_TRUE; 15375331Samw smb_node_t *unnamed_node; 15385331Samw 15395331Samw ASSERT(cr); 15405331Samw ASSERT(snode); 15415331Samw ASSERT(snode->n_magic == SMB_NODE_MAGIC); 15425331Samw ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 15435331Samw 15445331Samw if (faccess == 0) 15455331Samw return (NT_STATUS_SUCCESS); 15465331Samw 15475331Samw if (SMB_TREE_IS_READ_ONLY(sr)) { 15485331Samw if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA| 15495331Samw FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES| 15505331Samw DELETE|WRITE_DAC|WRITE_OWNER)) { 15515331Samw return (NT_STATUS_ACCESS_DENIED); 15525331Samw } 15535331Samw } 15545331Samw 15555331Samw unnamed_node = SMB_IS_STREAM(snode); 15565331Samw if (unnamed_node) { 15575331Samw ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 15585331Samw ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 15596700Sjm199354 15606700Sjm199354 /* 15616700Sjm199354 * Perform VREAD access check on the named stream in case it 15626700Sjm199354 * is quarantined. kcred is passed to smb_vop_access so it 15636700Sjm199354 * doesn't fail due to lack of permission. 15646700Sjm199354 */ 15656700Sjm199354 if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) { 15666700Sjm199354 error = smb_vop_access(snode->vp, VREAD, 15676700Sjm199354 0, NULL, kcred); 15686700Sjm199354 if (error) 15696700Sjm199354 return (NT_STATUS_ACCESS_DENIED); 15706700Sjm199354 } 15716700Sjm199354 15725331Samw /* 15735331Samw * Streams authorization should be performed against the 15745331Samw * unnamed stream. 15755331Samw */ 15765331Samw snode = unnamed_node; 15775331Samw } 15785331Samw 15795331Samw if (faccess & ACCESS_SYSTEM_SECURITY) { 15805331Samw /* 15815331Samw * This permission is required for reading/writing SACL and 15825331Samw * it's not part of DACL. It's only granted via proper 15835331Samw * privileges. 15845331Samw */ 15855331Samw if ((sr->uid_user->u_privileges & 15865331Samw (SMB_USER_PRIV_BACKUP | 15875331Samw SMB_USER_PRIV_RESTORE | 15885331Samw SMB_USER_PRIV_SECURITY)) == 0) 15895331Samw return (NT_STATUS_PRIVILEGE_NOT_HELD); 15905331Samw 15915331Samw faccess &= ~ACCESS_SYSTEM_SECURITY; 15925331Samw } 15935331Samw 15945331Samw /* Links don't have ACL */ 15955331Samw if (((sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) == 0) || 15965331Samw (snode->attr.sa_vattr.va_type == VLNK)) 15975331Samw acl_check = B_FALSE; 15985331Samw 15995331Samw if (acl_check) { 16005331Samw dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 16015331Samw error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp, 16025331Samw cr); 16035331Samw } else { 16045331Samw /* 16055331Samw * FS doesn't understand 32-bit mask, need to map 16065331Samw */ 16075331Samw if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA)) 16085331Samw access |= VWRITE; 16095331Samw 16105331Samw if (faccess & FILE_READ_DATA) 16115331Samw access |= VREAD; 16125331Samw 16135331Samw if (faccess & FILE_EXECUTE) 16145331Samw access |= VEXEC; 16155331Samw 16165331Samw error = smb_vop_access(snode->vp, access, 0, NULL, cr); 16175331Samw } 16185331Samw 16195331Samw return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS); 16205331Samw } 16215331Samw 16225331Samw /* 16235331Samw * smb_fsop_lookup_name() 16245331Samw * 16255331Samw * Sanity checks on dir_snode done in smb_fsop_lookup(). 16265331Samw * 16275331Samw * Note: This function is called only from the open path. 16285331Samw * It will check if the file is a stream. 16295331Samw * It will also return an error if the looked-up file is in 16305331Samw * a child mount. 16315331Samw */ 16325331Samw 16335331Samw int 16345331Samw smb_fsop_lookup_name( 16356139Sjb150015 smb_request_t *sr, 16365331Samw cred_t *cr, 16375331Samw int flags, 16385331Samw smb_node_t *root_node, 16395331Samw smb_node_t *dir_snode, 16405331Samw char *name, 16415331Samw smb_node_t **ret_snode, 16425331Samw smb_attr_t *ret_attr) 16435331Samw { 16446139Sjb150015 smb_node_t *fnode; 16456139Sjb150015 smb_attr_t file_attr; 16466139Sjb150015 vnode_t *xattrdirvp; 16476139Sjb150015 vnode_t *vp; 16486139Sjb150015 char *od_name; 16496139Sjb150015 char *fname; 16506139Sjb150015 char *sname; 16516139Sjb150015 int rc; 16525331Samw 16535331Samw ASSERT(cr); 16545331Samw ASSERT(dir_snode); 16555331Samw ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 16565331Samw ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 16575331Samw 16585331Samw /* 16595331Samw * The following check is required for streams processing, below 16605331Samw */ 16615331Samw 16625331Samw if (SMB_TREE_CASE_INSENSITIVE(sr)) 16635331Samw flags |= SMB_IGNORE_CASE; 16645331Samw 16655331Samw fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 16665331Samw sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 16675331Samw 16685331Samw if (smb_stream_parse_name(name, fname, sname)) { 16695331Samw /* 16705331Samw * Look up the unnamed stream (i.e. fname). 16715331Samw * Unmangle processing will be done on fname 16725331Samw * as well as any link target. 16735331Samw */ 16745331Samw rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, fname, 16755331Samw &fnode, &file_attr, NULL, NULL); 16765331Samw 16775331Samw if (rc != 0) { 16785331Samw kmem_free(fname, MAXNAMELEN); 16795331Samw kmem_free(sname, MAXNAMELEN); 16805331Samw return (rc); 16815331Samw } 16825331Samw 16835331Samw od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 16845331Samw 16855331Samw /* 16865331Samw * od_name is the on-disk name of the stream, except 16875331Samw * without the prepended stream prefix (SMB_STREAM_PREFIX) 16885331Samw */ 16895331Samw 16905331Samw /* 16915331Samw * XXX 16925331Samw * What permissions NTFS requires for stream lookup if any? 16935331Samw */ 16945331Samw rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name, 16955772Sas200622 &xattrdirvp, flags, root_node->vp, cr); 16965331Samw 16975331Samw if (rc != 0) { 16985331Samw smb_node_release(fnode); 16995331Samw kmem_free(fname, MAXNAMELEN); 17005331Samw kmem_free(sname, MAXNAMELEN); 17015331Samw kmem_free(od_name, MAXNAMELEN); 17025331Samw return (rc); 17035331Samw } 17045331Samw 17055331Samw *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 17065331Samw vp, od_name, ret_attr); 17075331Samw 17085331Samw kmem_free(od_name, MAXNAMELEN); 17095331Samw smb_node_release(fnode); 17105331Samw 17115331Samw if (*ret_snode == NULL) { 17125331Samw VN_RELE(xattrdirvp); 17135331Samw VN_RELE(vp); 17145331Samw kmem_free(fname, MAXNAMELEN); 17155331Samw kmem_free(sname, MAXNAMELEN); 17165331Samw return (ENOMEM); 17175331Samw } 17185331Samw } else { 17195331Samw rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, name, 17205331Samw ret_snode, ret_attr, NULL, NULL); 17215331Samw } 17225331Samw 17235331Samw if (rc == 0) { 17245331Samw ASSERT(ret_snode); 17255331Samw if (SMB_TREE_ROOT_FS(sr, *ret_snode) == 0) { 17265331Samw smb_node_release(*ret_snode); 17275331Samw *ret_snode = NULL; 17285331Samw rc = EACCES; 17295331Samw } 17305331Samw } 17315331Samw 17325331Samw kmem_free(fname, MAXNAMELEN); 17335331Samw kmem_free(sname, MAXNAMELEN); 17345331Samw 17355331Samw return (rc); 17365331Samw } 17375331Samw 17385331Samw /* 17395331Samw * smb_fsop_lookup 17405331Samw * 17415331Samw * All SMB functions should use this smb_vop_lookup wrapper to ensure that 17425331Samw * the smb_vop_lookup is performed with the appropriate credentials and using 17435331Samw * case insensitive compares. Please document any direct call to smb_vop_lookup 17445331Samw * to explain the reason for avoiding this wrapper. 17455331Samw * 17465331Samw * It is assumed that a reference exists on dir_snode coming into this routine 17475331Samw * (and that it is safe from deallocation). 17485331Samw * 17495331Samw * Same with the root_node. 17505331Samw * 17515331Samw * *ret_snode is returned with a reference upon success. No reference is 17525331Samw * taken if an error is returned. 17535331Samw * 17545331Samw * Note: The returned ret_snode may be in a child mount. This is ok for 17555331Samw * readdir and getdents. 17565331Samw * 17575331Samw * Other smb_fsop_* routines will call SMB_TREE_ROOT_FS() to prevent 17585331Samw * operations on files not in the parent mount. 17595331Samw */ 17605331Samw int 17615331Samw smb_fsop_lookup( 17626139Sjb150015 smb_request_t *sr, 17635331Samw cred_t *cr, 17645331Samw int flags, 17655331Samw smb_node_t *root_node, 17665331Samw smb_node_t *dir_snode, 17675331Samw char *name, 17685331Samw smb_node_t **ret_snode, 17695331Samw smb_attr_t *ret_attr, 17705331Samw char *ret_shortname, /* Must be at least MANGLE_NAMELEN chars */ 17715331Samw char *ret_name83) /* Must be at least MANGLE_NAMELEN chars */ 17725331Samw { 17735331Samw smb_node_t *lnk_target_node; 17745331Samw smb_node_t *lnk_dnode; 17755331Samw char *longname; 17765331Samw char *od_name; 17775331Samw vnode_t *vp; 17785331Samw int rc; 17795331Samw 17805331Samw ASSERT(cr); 17815331Samw ASSERT(dir_snode); 17825331Samw ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 17835331Samw ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 17845331Samw 17855331Samw if (name == NULL) 17865331Samw return (EINVAL); 17875331Samw 17885331Samw if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 17895331Samw return (EACCES); 17905331Samw 17915331Samw if (SMB_TREE_CASE_INSENSITIVE(sr)) 17925331Samw flags |= SMB_IGNORE_CASE; 17935331Samw 17945331Samw od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 17955331Samw 17965331Samw rc = smb_vop_lookup(dir_snode->vp, name, &vp, od_name, flags, 17975772Sas200622 root_node ? root_node->vp : NULL, cr); 17985331Samw 17995331Samw if (rc != 0) { 18005331Samw if (smb_maybe_mangled_name(name) == 0) { 18015331Samw kmem_free(od_name, MAXNAMELEN); 18025331Samw return (rc); 18035331Samw } 18045331Samw 18055331Samw longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 18065331Samw 18075331Samw rc = smb_unmangle_name(sr, cr, dir_snode, name, longname, 18085331Samw MAXNAMELEN, ret_shortname, ret_name83, 1); 18095331Samw 18105331Samw if (rc != 0) { 18115331Samw kmem_free(od_name, MAXNAMELEN); 18125331Samw kmem_free(longname, MAXNAMELEN); 18135331Samw return (rc); 18145331Samw } 18155331Samw 18165331Samw /* 18175331Samw * We passed "1" as the "od" parameter 18185331Samw * to smb_unmangle_name(), such that longname 18195331Samw * is the real (case-sensitive) on-disk name. 18205331Samw * We make sure we do a lookup on this exact 18215331Samw * name, as the name was mangled and denotes 18225331Samw * a unique file. 18235331Samw */ 18245331Samw 18255331Samw if (flags & SMB_IGNORE_CASE) 18265331Samw flags &= ~SMB_IGNORE_CASE; 18275331Samw 18285331Samw rc = smb_vop_lookup(dir_snode->vp, longname, &vp, od_name, 18295772Sas200622 flags, root_node ? root_node->vp : NULL, cr); 18305331Samw 18315331Samw kmem_free(longname, MAXNAMELEN); 18325331Samw 18335331Samw if (rc != 0) { 18345331Samw kmem_free(od_name, MAXNAMELEN); 18355331Samw return (rc); 18365331Samw } 18375331Samw } 18385331Samw 18395331Samw if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK)) { 18405331Samw 18415331Samw rc = smb_pathname(sr, od_name, FOLLOW, root_node, dir_snode, 18425331Samw &lnk_dnode, &lnk_target_node, cr); 18435331Samw 18445331Samw if (rc != 0) { 18455331Samw /* 18465331Samw * The link is assumed to be for the last component 18475331Samw * of a path. Hence any ENOTDIR error will be returned 18485331Samw * as ENOENT. 18495331Samw */ 18505331Samw if (rc == ENOTDIR) 18515331Samw rc = ENOENT; 18525331Samw 18535331Samw VN_RELE(vp); 18545331Samw kmem_free(od_name, MAXNAMELEN); 18555331Samw return (rc); 18565331Samw } 18575331Samw 18585331Samw /* 18595331Samw * Release the original VLNK vnode 18605331Samw */ 18615331Samw 18625331Samw VN_RELE(vp); 18635331Samw vp = lnk_target_node->vp; 18645331Samw 18655331Samw rc = smb_vop_traverse_check(&vp); 18665331Samw 18675331Samw if (rc != 0) { 18685331Samw smb_node_release(lnk_dnode); 18695331Samw smb_node_release(lnk_target_node); 18705331Samw kmem_free(od_name, MAXNAMELEN); 18715331Samw return (rc); 18725331Samw } 18735331Samw 18745331Samw /* 18755331Samw * smb_vop_traverse_check() may have returned a different vnode 18765331Samw */ 18775331Samw 18785331Samw if (lnk_target_node->vp == vp) { 18795331Samw *ret_snode = lnk_target_node; 18805331Samw *ret_attr = (*ret_snode)->attr; 18815331Samw } else { 18825331Samw *ret_snode = smb_node_lookup(sr, NULL, cr, vp, 18835331Samw lnk_target_node->od_name, lnk_dnode, NULL, 18845331Samw ret_attr); 18855331Samw 18865331Samw if (*ret_snode == NULL) { 18875331Samw VN_RELE(vp); 18885331Samw rc = ENOMEM; 18895331Samw } 18905331Samw smb_node_release(lnk_target_node); 18915331Samw } 18925331Samw 18935331Samw smb_node_release(lnk_dnode); 18945331Samw 18955331Samw } else { 18965331Samw 18975331Samw rc = smb_vop_traverse_check(&vp); 18985331Samw if (rc) { 18995331Samw VN_RELE(vp); 19005331Samw kmem_free(od_name, MAXNAMELEN); 19015331Samw return (rc); 19025331Samw } 19035331Samw 19045331Samw *ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name, 19055331Samw dir_snode, NULL, ret_attr); 19065331Samw 19075331Samw if (*ret_snode == NULL) { 19085331Samw VN_RELE(vp); 19095331Samw rc = ENOMEM; 19105331Samw } 19115331Samw } 19125331Samw 19135331Samw kmem_free(od_name, MAXNAMELEN); 19145331Samw return (rc); 19155331Samw } 19165331Samw 19175331Samw /* 19185331Samw * smb_fsop_stream_readdir() 19195331Samw * 19205331Samw * ret_snode and ret_attr are optional parameters (i.e. NULL may be passed in) 19215331Samw * 19225331Samw * This routine will return only NTFS streams. If an NTFS stream is not 19235331Samw * found at the offset specified, the directory will be read until an NTFS 19245331Samw * stream is found or until EOF. 19255331Samw * 19265331Samw * Note: Sanity checks done in caller 19275331Samw * (smb_fsop_readdir(), smb_fsop_remove_streams()) 19285331Samw */ 19295331Samw 19305331Samw int 19316139Sjb150015 smb_fsop_stream_readdir(smb_request_t *sr, cred_t *cr, smb_node_t *fnode, 19325331Samw uint32_t *cookiep, struct fs_stream_info *stream_info, 19335331Samw smb_node_t **ret_snode, smb_attr_t *ret_attr) 19345331Samw { 19355331Samw smb_node_t *ret_snodep = NULL; 19365331Samw smb_attr_t tmp_attr; 19375331Samw vnode_t *xattrdirvp; 19385331Samw vnode_t *vp; 19395331Samw int rc = 0; 19405331Samw int flags = 0; 19415331Samw 19425331Samw /* 19435331Samw * XXX NTFS permission requirements if any? 19445331Samw */ 19455331Samw ASSERT(cr); 19465331Samw ASSERT(fnode); 19475331Samw ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 19485331Samw ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 19495331Samw 19505331Samw if (SMB_TREE_CASE_INSENSITIVE(sr)) 19515331Samw flags = SMB_IGNORE_CASE; 19525331Samw 19535331Samw rc = smb_vop_stream_readdir(fnode->vp, cookiep, stream_info, &vp, 19545772Sas200622 &xattrdirvp, flags, cr); 19555331Samw 19565331Samw if ((rc != 0) || *cookiep == SMB_EOF) 19575331Samw return (rc); 19585331Samw 19595331Samw ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, vp, 19605331Samw stream_info->name, &tmp_attr); 19615331Samw 19625331Samw if (ret_snodep == NULL) { 19635331Samw VN_RELE(xattrdirvp); 19645331Samw VN_RELE(vp); 19655331Samw return (ENOMEM); 19665331Samw } 19675331Samw 19685331Samw stream_info->size = tmp_attr.sa_vattr.va_size; 19695331Samw 19705331Samw if (ret_attr) 19715331Samw *ret_attr = tmp_attr; 19725331Samw 19735331Samw if (ret_snode) 19745331Samw *ret_snode = ret_snodep; 19755331Samw else 19765331Samw smb_node_release(ret_snodep); 19775331Samw 19785331Samw return (rc); 19795331Samw } 19805331Samw 19815331Samw int /*ARGSUSED*/ 19825331Samw smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode) 19835331Samw { 19845331Samw ASSERT(cr); 19855331Samw ASSERT(snode); 19865331Samw ASSERT(snode->n_magic == SMB_NODE_MAGIC); 19875331Samw ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 19885331Samw 19895331Samw ASSERT(sr); 19905331Samw ASSERT(sr->tid_tree); 19915331Samw if (SMB_TREE_IS_READ_ONLY(sr)) 19925331Samw return (EROFS); 19935331Samw 19945772Sas200622 return (smb_vop_commit(snode->vp, cr)); 19955331Samw } 19965331Samw 19975331Samw /* 19985331Samw * smb_fsop_aclread 19995331Samw * 20005331Samw * Retrieve filesystem ACL. Depends on requested ACLs in 20015331Samw * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in 20025331Samw * fs_sd. Note that requesting a DACL/SACL doesn't mean that 20035331Samw * the corresponding field in fs_sd should be non-NULL upon 20045331Samw * return, since the target ACL might not contain that type of 20055331Samw * entries. 20065331Samw * 20075331Samw * Returned ACL is always in ACE_T (aka ZFS) format. 20085331Samw * If successful the allocated memory for the ACL should be freed 20095521Sas200622 * using smb_fsacl_free() or smb_fssd_term() 20105331Samw */ 20115331Samw int 20125331Samw smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 20135331Samw smb_fssd_t *fs_sd) 20145331Samw { 20155331Samw int error = 0; 20165331Samw int flags = 0; 20175331Samw int access = 0; 20185331Samw acl_t *acl; 20195331Samw smb_node_t *unnamed_node; 20205331Samw 20215331Samw ASSERT(cr); 20225331Samw 20235331Samw if (sr->fid_ofile) { 20245331Samw if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 20255331Samw access = READ_CONTROL; 20265331Samw 20275331Samw if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 20285331Samw access |= ACCESS_SYSTEM_SECURITY; 20295331Samw 20305331Samw error = smb_ofile_access(sr->fid_ofile, cr, access); 20315331Samw if (error != NT_STATUS_SUCCESS) { 20325331Samw return (EACCES); 20335331Samw } 20345331Samw } 20355331Samw 20365331Samw unnamed_node = SMB_IS_STREAM(snode); 20375331Samw if (unnamed_node) { 20385331Samw ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 20395331Samw ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 20405331Samw /* 20415331Samw * Streams don't have ACL, any read ACL attempt on a stream 20425331Samw * should be performed on the unnamed stream. 20435331Samw */ 20445331Samw snode = unnamed_node; 20455331Samw } 20465331Samw 20475331Samw if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 20485331Samw flags = ATTR_NOACLCHECK; 20495331Samw 20505331Samw error = smb_vop_acl_read(snode->vp, &acl, flags, 20515772Sas200622 sr->tid_tree->t_acltype, cr); 20525331Samw if (error != 0) { 20535331Samw return (error); 20545331Samw } 20555331Samw 20565331Samw error = acl_translate(acl, _ACL_ACE_ENABLED, 20575331Samw (snode->vp->v_type == VDIR), fs_sd->sd_uid, fs_sd->sd_gid); 20585331Samw 20595331Samw if (error == 0) { 20605521Sas200622 smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl, 20615331Samw fs_sd->sd_secinfo); 20625331Samw } 20635331Samw 20645331Samw acl_free(acl); 20655331Samw return (error); 20665331Samw } 20675331Samw 20685331Samw /* 20695331Samw * smb_fsop_aclwrite 20705331Samw * 20715331Samw * Stores the filesystem ACL provided in fs_sd->sd_acl. 20725331Samw */ 20735331Samw int 20745331Samw smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 20755331Samw smb_fssd_t *fs_sd) 20765331Samw { 20775331Samw int target_flavor; 20785331Samw int error = 0; 20795331Samw int flags = 0; 20805331Samw int access = 0; 20815331Samw acl_t *acl, *dacl, *sacl; 20825331Samw smb_node_t *unnamed_node; 20835331Samw 20845331Samw ASSERT(cr); 20855331Samw 20865331Samw ASSERT(sr); 20875331Samw ASSERT(sr->tid_tree); 20885331Samw if (SMB_TREE_IS_READ_ONLY(sr)) 20895331Samw return (EROFS); 20905331Samw 20915331Samw if (sr->fid_ofile) { 20925331Samw if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 20935331Samw access = WRITE_DAC; 20945331Samw 20955331Samw if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 20965331Samw access |= ACCESS_SYSTEM_SECURITY; 20975331Samw 20985331Samw error = smb_ofile_access(sr->fid_ofile, cr, access); 20995331Samw if (error != NT_STATUS_SUCCESS) 21005331Samw return (EACCES); 21015331Samw } 21025331Samw 21035331Samw switch (sr->tid_tree->t_acltype) { 21045331Samw case ACLENT_T: 21055331Samw target_flavor = _ACL_ACLENT_ENABLED; 21065331Samw break; 21075331Samw 21085331Samw case ACE_T: 21095331Samw target_flavor = _ACL_ACE_ENABLED; 21105331Samw break; 21115331Samw default: 21125331Samw return (EINVAL); 21135331Samw } 21145331Samw 21155331Samw unnamed_node = SMB_IS_STREAM(snode); 21165331Samw if (unnamed_node) { 21175331Samw ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 21185331Samw ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 21195331Samw /* 21205331Samw * Streams don't have ACL, any write ACL attempt on a stream 21215331Samw * should be performed on the unnamed stream. 21225331Samw */ 21235331Samw snode = unnamed_node; 21245331Samw } 21255331Samw 21265331Samw dacl = fs_sd->sd_zdacl; 21275331Samw sacl = fs_sd->sd_zsacl; 21285331Samw 21295331Samw ASSERT(dacl || sacl); 21305331Samw if ((dacl == NULL) && (sacl == NULL)) 21315331Samw return (EINVAL); 21325331Samw 21335331Samw if (dacl && sacl) 21345521Sas200622 acl = smb_fsacl_merge(dacl, sacl); 21355331Samw else if (dacl) 21365331Samw acl = dacl; 21375331Samw else 21385331Samw acl = sacl; 21395331Samw 21405331Samw error = acl_translate(acl, target_flavor, (snode->vp->v_type == VDIR), 21415331Samw fs_sd->sd_uid, fs_sd->sd_gid); 21425331Samw if (error == 0) { 21435331Samw if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 21445331Samw flags = ATTR_NOACLCHECK; 21455331Samw 21465772Sas200622 error = smb_vop_acl_write(snode->vp, acl, flags, cr); 21475331Samw } 21485331Samw 21495331Samw if (dacl && sacl) 21505331Samw acl_free(acl); 21515331Samw 21525331Samw return (error); 21535331Samw } 21545331Samw 21555331Samw acl_type_t 21565331Samw smb_fsop_acltype(smb_node_t *snode) 21575331Samw { 21585331Samw return (smb_vop_acl_type(snode->vp)); 21595331Samw } 21605331Samw 21615331Samw /* 21625331Samw * smb_fsop_sdread 21635331Samw * 21645331Samw * Read the requested security descriptor items from filesystem. 21655331Samw * The items are specified in fs_sd->sd_secinfo. 21665331Samw */ 21675331Samw int 21685331Samw smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 21695331Samw smb_fssd_t *fs_sd) 21705331Samw { 21715331Samw int error = 0; 21725331Samw int getowner = 0; 21735331Samw cred_t *ga_cred; 21745331Samw smb_attr_t attr; 21755331Samw 21765331Samw ASSERT(cr); 21775331Samw ASSERT(fs_sd); 21785331Samw 21795331Samw /* 21805331Samw * File's uid/gid is fetched in two cases: 21815331Samw * 21825331Samw * 1. it's explicitly requested 21835331Samw * 21845331Samw * 2. target ACL is ACE_T (ZFS ACL). They're needed for 21855331Samw * owner@/group@ entries. In this case kcred should be used 21865331Samw * because uid/gid are fetched on behalf of smb server. 21875331Samw */ 21885331Samw if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) { 21895331Samw getowner = 1; 21905331Samw ga_cred = cr; 21915331Samw } else if (sr->tid_tree->t_acltype == ACE_T) { 21925331Samw getowner = 1; 21935331Samw ga_cred = kcred; 21945331Samw } 21955331Samw 21965331Samw if (getowner) { 21975331Samw /* 21985331Samw * Windows require READ_CONTROL to read owner/group SID since 21995331Samw * they're part of Security Descriptor. 22005331Samw * ZFS only requires read_attribute. Need to have a explicit 22015331Samw * access check here. 22025331Samw */ 22035331Samw if (sr->fid_ofile == NULL) { 22045331Samw error = smb_fsop_access(sr, ga_cred, snode, 22055331Samw READ_CONTROL); 22065331Samw if (error) 22075331Samw return (error); 22085331Samw } 22095331Samw 22105331Samw attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 22115331Samw error = smb_fsop_getattr(sr, ga_cred, snode, &attr); 22125331Samw if (error == 0) { 22135331Samw fs_sd->sd_uid = attr.sa_vattr.va_uid; 22145331Samw fs_sd->sd_gid = attr.sa_vattr.va_gid; 22155331Samw } else { 22165331Samw return (error); 22175331Samw } 22185331Samw } 22195331Samw 22205331Samw if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 22215331Samw error = smb_fsop_aclread(sr, cr, snode, fs_sd); 22225331Samw } 22235331Samw 22245331Samw return (error); 22255331Samw } 22265331Samw 22275331Samw /* 22285331Samw * smb_fsop_sdmerge 22295331Samw * 22305331Samw * From SMB point of view DACL and SACL are two separate list 22315331Samw * which can be manipulated independently without one affecting 22325331Samw * the other, but entries for both DACL and SACL will end up 22335331Samw * in the same ACL if target filesystem supports ACE_T ACLs. 22345331Samw * 22355331Samw * So, if either DACL or SACL is present in the client set request 22365331Samw * the entries corresponding to the non-present ACL shouldn't 22375331Samw * be touched in the FS ACL. 22385331Samw * 22395331Samw * fs_sd parameter contains DACL and SACL specified by SMB 22405331Samw * client to be set on a file/directory. The client could 22415331Samw * specify both or one of these ACLs (if none is specified 22425331Samw * we don't get this far). When both DACL and SACL are given 22435331Samw * by client the existing ACL should be overwritten. If only 22445331Samw * one of them is specified the entries corresponding to the other 22455331Samw * ACL should not be touched. For example, if only DACL 22465331Samw * is specified in input fs_sd, the function reads audit entries 22475331Samw * of the existing ACL of the file and point fs_sd->sd_zsdacl 22485331Samw * pointer to the fetched SACL, this way when smb_fsop_sdwrite() 22495331Samw * function is called the passed fs_sd would point to the specified 22505331Samw * DACL by client and fetched SACL from filesystem, so the file 22515331Samw * will end up with correct ACL. 22525331Samw */ 22535331Samw static int 22545331Samw smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd) 22555331Samw { 22565331Samw smb_fssd_t cur_sd; 22575331Samw int error = 0; 22585331Samw 22595331Samw if (sr->tid_tree->t_acltype != ACE_T) 22605331Samw /* Don't bother if target FS doesn't support ACE_T */ 22615331Samw return (0); 22625331Samw 22635331Samw if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) { 22645331Samw if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 22655331Samw /* 22665331Samw * Don't overwrite existing audit entries 22675331Samw */ 22685521Sas200622 smb_fssd_init(&cur_sd, SMB_SACL_SECINFO, 22695331Samw fs_sd->sd_flags); 22705331Samw 22715331Samw error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 22725331Samw if (error == 0) { 22735331Samw ASSERT(fs_sd->sd_zsacl == NULL); 22745331Samw fs_sd->sd_zsacl = cur_sd.sd_zsacl; 22755331Samw if (fs_sd->sd_zsacl && fs_sd->sd_zdacl) 22765331Samw fs_sd->sd_zsacl->acl_flags = 22775331Samw fs_sd->sd_zdacl->acl_flags; 22785331Samw } 22795331Samw } else { 22805331Samw /* 22815331Samw * Don't overwrite existing access entries 22825331Samw */ 22835521Sas200622 smb_fssd_init(&cur_sd, SMB_DACL_SECINFO, 22845331Samw fs_sd->sd_flags); 22855331Samw 22865331Samw error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 22875331Samw if (error == 0) { 22885331Samw ASSERT(fs_sd->sd_zdacl == NULL); 22895331Samw fs_sd->sd_zdacl = cur_sd.sd_zdacl; 22905331Samw if (fs_sd->sd_zdacl && fs_sd->sd_zsacl) 22915331Samw fs_sd->sd_zdacl->acl_flags = 22925331Samw fs_sd->sd_zsacl->acl_flags; 22935331Samw } 22945331Samw } 22955331Samw 22965331Samw if (error) 22975521Sas200622 smb_fssd_term(&cur_sd); 22985331Samw } 22995331Samw 23005331Samw return (error); 23015331Samw } 23025331Samw 23035331Samw /* 23045331Samw * smb_fsop_sdwrite 23055331Samw * 23065331Samw * Stores the given uid, gid and acl in filesystem. 23075331Samw * Provided items in fs_sd are specified by fs_sd->sd_secinfo. 23085331Samw * 23095331Samw * A SMB security descriptor could contain owner, primary group, 23105331Samw * DACL and SACL. Setting an SD should be atomic but here it has to 23115331Samw * be done via two separate FS operations: VOP_SETATTR and 23125331Samw * VOP_SETSECATTR. Therefore, this function has to simulate the 23135331Samw * atomicity as well as it can. 23145331Samw */ 23155331Samw int 23165331Samw smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 23175331Samw smb_fssd_t *fs_sd, int overwrite) 23185331Samw { 23195331Samw int error = 0; 23205331Samw int access = 0; 23215331Samw smb_attr_t set_attr; 23225331Samw smb_attr_t orig_attr; 23235331Samw 23245331Samw ASSERT(cr); 23255331Samw ASSERT(fs_sd); 23265331Samw 23275331Samw ASSERT(sr); 23285331Samw ASSERT(sr->tid_tree); 23295331Samw if (SMB_TREE_IS_READ_ONLY(sr)) 23305331Samw return (EROFS); 23315331Samw 23325331Samw bzero(&set_attr, sizeof (smb_attr_t)); 23335331Samw 23345331Samw if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 23355331Samw set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 23365331Samw set_attr.sa_mask |= SMB_AT_UID; 23375331Samw } 23385331Samw 23395331Samw if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 23405331Samw set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 23415331Samw set_attr.sa_mask |= SMB_AT_GID; 23425331Samw } 23435331Samw 23445331Samw if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 23455331Samw access |= WRITE_DAC; 23465331Samw 23475331Samw if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 23485331Samw access |= ACCESS_SYSTEM_SECURITY; 23495331Samw 23505331Samw if (sr->fid_ofile) 23515331Samw error = smb_ofile_access(sr->fid_ofile, cr, access); 23525331Samw else 23535331Samw error = smb_fsop_access(sr, cr, snode, access); 23545331Samw 23555331Samw if (error) 23565331Samw return (EACCES); 23575331Samw 23585331Samw if (set_attr.sa_mask) { 23595331Samw /* 23605331Samw * Get the current uid, gid so if smb_fsop_aclwrite fails 23615331Samw * we can revert uid, gid changes. 23625331Samw * 23635331Samw * We use root cred here so the operation doesn't fail 23645331Samw * due to lack of permission for the user to read the attrs 23655331Samw */ 23665331Samw 23675331Samw orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 23685331Samw error = smb_fsop_getattr(sr, kcred, snode, &orig_attr); 23695331Samw if (error == 0) 23705331Samw error = smb_fsop_setattr(sr, cr, snode, &set_attr, 23715331Samw NULL); 23725331Samw 23735331Samw if (error) 23745331Samw return (error); 23755331Samw } 23765331Samw 23775331Samw if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 23785331Samw if (overwrite == 0) { 23795331Samw error = smb_fsop_sdmerge(sr, snode, fs_sd); 23805331Samw if (error) 23815331Samw return (error); 23825331Samw } 23835331Samw 23845331Samw error = smb_fsop_aclwrite(sr, cr, snode, fs_sd); 23855331Samw if (error) { 23865331Samw /* 23875331Samw * Revert uid/gid changes if required. 23885331Samw */ 23895331Samw if (set_attr.sa_mask) { 23905331Samw orig_attr.sa_mask = set_attr.sa_mask; 23915331Samw (void) smb_fsop_setattr(sr, kcred, snode, 23925331Samw &orig_attr, NULL); 23935331Samw } 23945331Samw } 23955331Samw } 23965331Samw 23975331Samw return (error); 23985331Samw } 23995331Samw 24005331Samw /* 24015331Samw * smb_fsop_sdinherit 24025331Samw * 24035331Samw * Inherit the security descriptor from the parent container. 24045331Samw * This function is called after FS has created the file/folder 24055331Samw * so if this doesn't do anything it means FS inheritance is 24065331Samw * in place. 24075331Samw * 24085331Samw * Do inheritance for ZFS internally. 24095331Samw * 24105331Samw * If we want to let ZFS does the inheritance the 24115331Samw * following setting should be true: 24125331Samw * 24135331Samw * - aclinherit = passthrough 24145331Samw * - aclmode = passthrough 24155331Samw * - smbd umask = 0777 24165331Samw * 24175331Samw * This will result in right effective permissions but 24185331Samw * ZFS will always add 6 ACEs for owner, owning group 24195331Samw * and others to be POSIX compliant. This is not what 24205331Samw * Windows clients/users expect, so we decided that CIFS 24215331Samw * implements Windows rules and overwrite whatever ZFS 24225331Samw * comes up with. This way we also don't have to care 24235331Samw * about ZFS aclinherit and aclmode settings. 24245331Samw */ 24255331Samw static int 24265331Samw smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd) 24275331Samw { 24285331Samw int is_dir; 24295521Sas200622 acl_t *dacl = NULL; 24305521Sas200622 acl_t *sacl = NULL; 24315331Samw ksid_t *owner_sid; 24325331Samw int error; 24335331Samw 24345331Samw ASSERT(fs_sd); 24355331Samw 24365331Samw if (sr->tid_tree->t_acltype != ACE_T) { 24375331Samw /* 24385331Samw * No forced inheritance for non-ZFS filesystems. 24395331Samw */ 24405331Samw fs_sd->sd_secinfo = 0; 24415331Samw return (0); 24425331Samw } 24435331Samw 24445331Samw 24455331Samw /* Fetch parent directory's ACL */ 24465331Samw error = smb_fsop_sdread(sr, kcred, dnode, fs_sd); 24475331Samw if (error) { 24485331Samw return (error); 24495331Samw } 24505331Samw 24515331Samw is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR); 24525331Samw owner_sid = crgetsid(sr->user_cr, KSID_OWNER); 24535331Samw ASSERT(owner_sid); 24545521Sas200622 dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO, 24555331Samw owner_sid->ks_id); 24565521Sas200622 sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO, 24575331Samw (uid_t)-1); 24585331Samw 24595521Sas200622 if (sacl == NULL) 24605521Sas200622 fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO; 24615521Sas200622 24625521Sas200622 smb_fsacl_free(fs_sd->sd_zdacl); 24635521Sas200622 smb_fsacl_free(fs_sd->sd_zsacl); 24645331Samw 24655331Samw fs_sd->sd_zdacl = dacl; 24665331Samw fs_sd->sd_zsacl = sacl; 24675331Samw 24685331Samw return (0); 24695331Samw } 24705331Samw 24715331Samw /* 24725331Samw * smb_fsop_eaccess 24735331Samw * 24745331Samw * Returns the effective permission of the given credential for the 24755331Samw * specified object. 24765331Samw * 24775331Samw * This is just a workaround. We need VFS/FS support for this. 24785331Samw */ 24795331Samw void 24805331Samw smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 24815331Samw uint32_t *eaccess) 24825331Samw { 24835331Samw int access = 0; 24845331Samw vnode_t *dir_vp; 24855331Samw smb_node_t *unnamed_node; 24865331Samw 24875331Samw ASSERT(cr); 24885331Samw ASSERT(snode); 24895331Samw ASSERT(snode->n_magic == SMB_NODE_MAGIC); 24905331Samw ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 24915331Samw 24925331Samw unnamed_node = SMB_IS_STREAM(snode); 24935331Samw if (unnamed_node) { 24945331Samw ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 24955331Samw ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 24965331Samw /* 24975331Samw * Streams authorization should be performed against the 24985331Samw * unnamed stream. 24995331Samw */ 25005331Samw snode = unnamed_node; 25015331Samw } 25025331Samw 25035331Samw if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) { 25045331Samw dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 25055331Samw smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp, 25065331Samw cr); 25075331Samw return; 25085331Samw } 25095331Samw 25105331Samw /* 25115331Samw * FS doesn't understand 32-bit mask 25125331Samw */ 25135331Samw smb_vop_eaccess(snode->vp, &access, 0, NULL, cr); 25145331Samw 25155331Samw *eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES; 25165331Samw 25175331Samw if (access & VREAD) 25185331Samw *eaccess |= FILE_READ_DATA; 25195331Samw 25205331Samw if (access & VEXEC) 25215331Samw *eaccess |= FILE_EXECUTE; 25225331Samw 25235331Samw if (access & VWRITE) 25245331Samw *eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | 25255331Samw FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD; 25265331Samw } 25275521Sas200622 25285772Sas200622 /* 25295772Sas200622 * smb_fsop_shrlock 25305772Sas200622 * 25315772Sas200622 * For the current open request, check file sharing rules 25325772Sas200622 * against existing opens. 25335772Sas200622 * 25345772Sas200622 * Returns NT_STATUS_SHARING_VIOLATION if there is any 25355772Sas200622 * sharing conflict. Returns NT_STATUS_SUCCESS otherwise. 25365772Sas200622 * 25375772Sas200622 * Full system-wide share reservation synchronization is available 25385772Sas200622 * when the nbmand (non-blocking mandatory) mount option is set 25395772Sas200622 * (i.e. nbl_need_crit() is true) and nbmand critical regions are used. 25405772Sas200622 * This provides synchronization with NFS and local processes. The 25415772Sas200622 * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called 25425772Sas200622 * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well 25435772Sas200622 * as the CIFS rename and delete paths. 25445772Sas200622 * 25455772Sas200622 * The CIFS server will also enter the nbl critical region in the open, 25465772Sas200622 * rename, and delete paths when nbmand is not set. There is limited 25475772Sas200622 * coordination with local and VFS share reservations in this case. 25485772Sas200622 * Note that when the nbmand mount option is not set, the VFS layer 25495772Sas200622 * only processes advisory reservations and the delete mode is not checked. 25505772Sas200622 * 25515772Sas200622 * Whether or not the nbmand mount option is set, intra-CIFS share 25525772Sas200622 * checking is done in the open, delete, and rename paths using a CIFS 25535772Sas200622 * critical region (node->n_share_lock). 25545772Sas200622 */ 25555772Sas200622 25565772Sas200622 uint32_t 25576139Sjb150015 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid, 25585772Sas200622 uint32_t desired_access, uint32_t share_access) 25595772Sas200622 { 25605772Sas200622 int rc; 25615772Sas200622 25625772Sas200622 if (node->attr.sa_vattr.va_type == VDIR) 25635772Sas200622 return (NT_STATUS_SUCCESS); 25645772Sas200622 25655772Sas200622 /* Allow access if the request is just for meta data */ 25665772Sas200622 if ((desired_access & FILE_DATA_ALL) == 0) 25675772Sas200622 return (NT_STATUS_SUCCESS); 25685772Sas200622 25695772Sas200622 rc = smb_node_open_check(node, cr, desired_access, share_access); 25705772Sas200622 if (rc) 25715772Sas200622 return (NT_STATUS_SHARING_VIOLATION); 25725772Sas200622 25735772Sas200622 rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access, 25745772Sas200622 cr); 25755772Sas200622 if (rc) 25765772Sas200622 return (NT_STATUS_SHARING_VIOLATION); 25775772Sas200622 25785772Sas200622 return (NT_STATUS_SUCCESS); 25795772Sas200622 } 25805772Sas200622 25815521Sas200622 void 25825772Sas200622 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid) 25835521Sas200622 { 25845772Sas200622 if (node->attr.sa_vattr.va_type == VDIR) 25855772Sas200622 return; 25865772Sas200622 25875772Sas200622 (void) smb_vop_unshrlock(node->vp, uniq_fid, cr); 25885772Sas200622 } 25896600Sas200622 25906600Sas200622 int 25916600Sas200622 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock, 25926600Sas200622 cred_t *cr) 25936600Sas200622 { 25946600Sas200622 flock64_t bf; 25956600Sas200622 int flag = F_REMOTELOCK; 25966600Sas200622 2597*6771Sjb150015 /* 2598*6771Sjb150015 * VOP_FRLOCK() will not be called if: 2599*6771Sjb150015 * 2600*6771Sjb150015 * 1) The lock has a range of zero bytes. The semantics of Windows and 2601*6771Sjb150015 * POSIX are different. In the case of POSIX it asks for the locking 2602*6771Sjb150015 * of all the bytes from the offset provided until the end of the 2603*6771Sjb150015 * file. In the case of Windows a range of zero locks nothing and 2604*6771Sjb150015 * doesn't conflict with any other lock. 2605*6771Sjb150015 * 2606*6771Sjb150015 * 2) The lock rolls over (start + lenght < start). Solaris will assert 2607*6771Sjb150015 * if such a request is submitted. This will not create 2608*6771Sjb150015 * incompatibilities between POSIX and Windows. In the Windows world, 2609*6771Sjb150015 * if a client submits such a lock, the server will not lock any 2610*6771Sjb150015 * bytes. Interestingly if the same lock (same offset and length) is 2611*6771Sjb150015 * resubmitted Windows will consider that there is an overlap and 2612*6771Sjb150015 * the granting rules will then apply. 2613*6771Sjb150015 */ 2614*6771Sjb150015 if ((lock->l_length == 0) || 2615*6771Sjb150015 ((lock->l_start + lock->l_length - 1) < lock->l_start)) 2616*6771Sjb150015 return (0); 2617*6771Sjb150015 26186600Sas200622 bzero(&bf, sizeof (bf)); 26196600Sas200622 26206600Sas200622 if (unlock) { 26216600Sas200622 bf.l_type = F_UNLCK; 26226600Sas200622 } else if (lock->l_type == SMB_LOCK_TYPE_READONLY) { 26236600Sas200622 bf.l_type = F_RDLCK; 26246600Sas200622 flag |= FREAD; 26256600Sas200622 } else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) { 26266600Sas200622 bf.l_type = F_WRLCK; 26276600Sas200622 flag |= FWRITE; 26286600Sas200622 } 26296600Sas200622 26306600Sas200622 bf.l_start = lock->l_start; 26316600Sas200622 bf.l_len = lock->l_length; 26326600Sas200622 bf.l_pid = IGN_PID; 26336600Sas200622 bf.l_sysid = smb_ct.cc_sysid; 26346600Sas200622 26356600Sas200622 return (smb_vop_frlock(node->vp, cr, flag, &bf)); 26366600Sas200622 } 2637