smb_common_open.c revision a90cf9f29973990687fa61de9f1f6ea22e924e40
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2015 Nexenta Systems, Inc. All rights reserved.
*/
/*
* This module provides the common open functionality to the various
* open and create SMB interface functions.
*/
#include <smbsrv/smb_kproto.h>
#include <smbsrv/smb_fsops.h>
extern uint32_t smb_is_executable(char *);
static void smb_delete_new_object(smb_request_t *);
/*
* smb_access_generic_to_file
*
* Search MSDN for IoCreateFile to see following mapping.
*
* GENERIC_READ STANDARD_RIGHTS_READ, FILE_READ_DATA,
* FILE_READ_ATTRIBUTES and FILE_READ_EA
*
* GENERIC_WRITE STANDARD_RIGHTS_WRITE, FILE_WRITE_DATA,
* FILE_WRITE_ATTRIBUTES, FILE_WRITE_EA, and FILE_APPEND_DATA
*
* GENERIC_EXECUTE STANDARD_RIGHTS_EXECUTE, SYNCHRONIZE, and FILE_EXECUTE.
*/
static uint32_t
{
if (desired_access & GENERIC_ALL)
return (FILE_ALL_ACCESS & ~SYNCHRONIZE);
if (desired_access & GENERIC_EXECUTE) {
}
if (desired_access & GENERIC_WRITE) {
}
if (desired_access & GENERIC_READ) {
}
return (access | desired_access);
}
/*
* smb_omode_to_amask
*
* This function converts open modes used by Open and Open AndX
* commands to desired access bits used by NT Create AndX command.
*/
{
switch (desired_access & SMB_DA_ACCESS_MASK) {
case SMB_DA_ACCESS_READ:
return (FILE_GENERIC_READ);
case SMB_DA_ACCESS_WRITE:
return (FILE_GENERIC_WRITE);
case SMB_DA_ACCESS_READ_WRITE:
return (FILE_GENERIC_READ | FILE_GENERIC_WRITE);
case SMB_DA_ACCESS_EXECUTE:
return (FILE_GENERIC_EXECUTE);
default:
return (FILE_GENERIC_ALL);
}
}
/*
* smb_denymode_to_sharemode
*
* This function converts deny modes used by Open and Open AndX
* commands to share access bits used by NT Create AndX command.
*/
{
switch (desired_access & SMB_DA_SHARE_MASK) {
if (smb_is_executable(fname))
return (FILE_SHARE_READ | FILE_SHARE_WRITE);
return (FILE_SHARE_ALL);
case SMB_DA_SHARE_EXCLUSIVE:
return (FILE_SHARE_NONE);
case SMB_DA_SHARE_DENY_WRITE:
return (FILE_SHARE_READ);
case SMB_DA_SHARE_DENY_READ:
return (FILE_SHARE_WRITE);
case SMB_DA_SHARE_DENY_NONE:
default:
return (FILE_SHARE_READ | FILE_SHARE_WRITE);
}
}
/*
* smb_ofun_to_crdisposition
*
* This function converts open function values used by Open and Open AndX
* commands to create disposition values used by NT Create AndX command.
*/
{
{
{ -1, FILE_CREATE },
{ FILE_OPEN, FILE_OPEN_IF },
};
if (row == 3)
return (FILE_MAXIMUM_DISPOSITION + 1);
}
/*
* Retry opens to avoid spurious sharing violations, due to timing
* issues between closes and opens. The client that already has the
* file open may be in the process of closing it.
*/
{
int count;
if (count != 0)
if (status != NT_STATUS_SHARING_VIOLATION)
break;
}
if (status == NT_STATUS_NO_SUCH_FILE)
return (status);
}
/*
* smb_open_subr
*
* Notes on write-through behaviour. It looks like pre-LM0.12 versions
* of the protocol specify the write-through mode when a file is opened,
* (SmbOpen, SmbOpenAndX) so the write calls (SmbWrite, SmbWriteAndClose,
* SmbWriteAndUnlock) don't need to contain a write-through flag.
*
* With LM0.12, the open calls (SmbCreateAndX, SmbNtTransactCreate)
* don't indicate which write-through mode to use. Instead the write
* calls (SmbWriteAndX, SmbWriteRaw) specify the mode on a per call
* basis.
*
* We don't care which open call was used to get us here, we just need
* to ensure that the write-through mode flag is copied from the open
* parameters to the node. We test the omode write-through flag in all
* write functions.
*
* This function returns NT status codes.
*
* The following rules apply when processing a file open request:
*
* - Oplocks must be broken prior to share checking as the break may
* cause other clients to close the file, which would affect sharing
* checks.
*
* - Share checks must take place prior to access checks for correct
* Windows semantics and to prevent unnecessary NFS delegation recalls.
*
* - Oplocks must be acquired after open to ensure the correct
* synchronization with NFS delegation and FEM installation.
*
* DOS readonly bit rules
*
* using the original create fid, even though the file will appear as readonly
* to all other fids and via a CIFS getattr call.
* The readonly bit therefore cannot be set in the filesystem until the file
* is closed (smb_ofile_close). It is accounted for via ofile and node flags.
*
* readonly will be successful regardless of whether a creator of a readonly
* file has an open fid (and has the special privilege mentioned in #1,
* above). I.e., the creator of a readonly fid holding that fid will no longer
* have a special privilege.
*
* 3. The DOS readonly bit affects only data and some metadata.
* The following metadata can be changed regardless of the readonly bit:
* - security descriptors
* - DOS attributes
* - timestamps
*
* In the current implementation, the file size cannot be changed (except for
* the exceptions in #1 and #2, above).
*
*
* DOS attribute rules
*
* These rules are specific to creating / opening files and directories.
* How the attribute value (specifically ZERO or FILE_ATTRIBUTE_NORMAL)
* should be interpreted may differ in other requests.
*
* - An attribute value equal to ZERO or FILE_ATTRIBUTE_NORMAL means that the
* file's attributes should be cleared.
* - If FILE_ATTRIBUTE_NORMAL is specified with any other attributes,
* FILE_ATTRIBUTE_NORMAL is ignored.
*
* 1. Creating a new file
* - The request attributes + FILE_ATTRIBUTE_ARCHIVE are applied to the file.
*
* 2. Creating a new directory
* - The request attributes + FILE_ATTRIBUTE_DIRECTORY are applied to the file.
* - FILE_ATTRIBUTE_ARCHIVE does not get set.
*
* 3. Overwriting an existing file
* - the request attributes are used as search attributes. If the existing
* file does not meet the search criteria access is denied.
* - otherwise, applies attributes + FILE_ATTRIBUTE_ARCHIVE.
*
* 4. Opening an existing file or directory
* The request attributes are ignored.
*/
static uint32_t
{
int rc;
int max_requested = 0;
int is_dir;
int lookup_flags = SMB_FOLLOW_LINKS;
/*
* If the object being created or opened is a directory
* the Disposition parameter must be one of FILE_CREATE,
* FILE_OPEN, or FILE_OPEN_IF
*/
if (is_dir) {
return (NT_STATUS_INVALID_PARAMETER);
}
}
max_requested = 1;
}
return (NT_STATUS_TOO_MANY_OPENED_FILES);
}
/* This must be NULL at this point */
case STYPE_DISKTREE:
case STYPE_PRINTQ:
break;
case STYPE_IPC:
/*
* Security descriptors for pipes are not implemented,
* so just setup a reasonable access mask.
*/
/*
* Limit the number of open pipe instances.
*/
return (status);
}
/*
* No further processing for IPC, we need to either
* raise an exception or return success here.
*/
uniq_fid = SMB_UNIQ_FID();
return (status);
default:
return (NT_STATUS_BAD_DEVICE_TYPE);
}
return (NT_STATUS_OBJECT_PATH_INVALID);
}
if (is_dir) {
} else {
}
/*
* if no path or filename are specified the stream should be
* created on cur_node
*/
/*
* Can't currently handle a stream on the tree root.
* If a stream is being opened return "not found", otherwise
* return "access denied".
*/
return (NT_STATUS_OBJECT_NAME_NOT_FOUND);
}
return (NT_STATUS_ACCESS_DENIED);
}
} else {
if (rc != 0) {
return (smb_errno2status(rc));
}
}
/*
* If the access mask has only DELETE set (ignore
* FILE_READ_ATTRIBUTES), then assume that this
* is a request to delete the link (if a link)
* and do not follow links. Otherwise, follow
* the link to the target.
*/
if (rc == 0) {
/*
* Need the DOS attributes below, where we
* check the search attributes (sattr).
*/
if (rc != 0) {
return (NT_STATUS_INTERNAL_ERROR);
}
rc = 0;
} else {
return (smb_errno2status(rc));
}
/*
* The uniq_fid is a CIFS-server-wide unique identifier for an ofile
* which is used to uniquely identify open instances for the
* VFS share reservation and POSIX locks.
*/
uniq_fid = SMB_UNIQ_FID();
if (last_comp_found) {
!smb_node_is_symlink(node)) {
return (NT_STATUS_ACCESS_DENIED);
}
/*
* Reject this request if either:
* - the target IS a directory and the client requires that
* it must NOT be (required by Lotus Notes)
* - the target is NOT a directory and client requires that
* it MUST be.
*/
if (smb_node_is_dir(node)) {
return (NT_STATUS_FILE_IS_A_DIRECTORY);
}
} else {
return (NT_STATUS_NOT_A_DIRECTORY);
}
}
/*
* No more open should be accepted when "Delete on close"
* flag is set.
*/
return (NT_STATUS_DELETE_PENDING);
}
/*
* Specified file already exists so the operation should fail.
*/
return (NT_STATUS_OBJECT_NAME_COLLISION);
}
/*
* Windows seems to check read-only access before file
* sharing check.
*
* Check to see if the file is currently readonly (irrespective
* of whether this open will make it readonly).
*/
/* Files data only */
if (!smb_node_is_dir(node)) {
FILE_APPEND_DATA)) {
return (NT_STATUS_ACCESS_DENIED);
}
}
}
return (NT_STATUS_ACCESS_DENIED);
}
if (smb_node_is_dir(node)) {
return (NT_STATUS_ACCESS_DENIED);
}
}
/* MS-FSA 2.1.5.1.2 */
op->desired_access);
if (status != NT_STATUS_SUCCESS) {
/* SMB1 specific? NT_STATUS_PRIVILEGE_NOT_HELD */
if (status == NT_STATUS_PRIVILEGE_NOT_HELD) {
return (status);
} else {
return (NT_STATUS_ACCESS_DENIED);
}
}
if (max_requested) {
}
/*
* According to MS "dochelp" mail in Mar 2015, any handle
* on which read or write access is granted implicitly
* gets "read attributes", even if it was not requested.
* This avoids unexpected access failures later that
* would happen if these were not granted.
*/
}
/*
* Oplock break is done prior to sharing checks as the break
* may cause other clients to close the file which would
* affect the sharing checks. This may block, so set the
* file opening count before oplock stuff.
*/
/*
* Check for sharing violations
*/
if (status == NT_STATUS_SHARING_VIOLATION) {
return (status);
}
/*
* Go ahead with modifications as necessary.
*/
switch (op->create_disposition) {
case FILE_SUPERSEDE:
case FILE_OVERWRITE_IF:
case FILE_OVERWRITE:
/* Don't apply readonly bit until smb_ofile_close */
}
/*
* Truncate the file data here.
* We set alloc_size = op->dsize later,
* after we have an ofile. See:
* smb_set_open_attributes
*/
if (rc != 0) {
return (smb_errno2status(rc));
}
/*
* If file is being replaced, remove existing streams
*/
if (SMB_IS_STREAM(node) == 0) {
if (status != 0) {
uniq_fid);
return (status);
}
}
break;
default:
/*
* FILE_OPEN or FILE_OPEN_IF.
*/
/*
* Ignore any user-specified alloc_size for
* existing files, to avoid truncation in
* smb_set_open_attributes
*/
break;
}
} else {
/* Last component was not found. */
if (is_dir == 0)
return (NT_STATUS_OBJECT_NAME_NOT_FOUND);
}
return (NT_STATUS_OBJECT_NAME_INVALID);
}
/*
* lock the parent dir node in case another create
* request to the same parent directory comes in.
*/
/* Don't apply readonly bit until smb_ofile_close */
}
}
if (is_dir == 0) {
/*
* We set alloc_size = op->dsize later,
* after we have an ofile. See:
* smb_set_open_attributes
*/
if (rc != 0) {
return (smb_errno2status(rc));
}
if (status == NT_STATUS_SHARING_VIOLATION) {
return (status);
}
} else {
if (rc != 0) {
return (smb_errno2status(rc));
}
}
if (max_requested) {
}
/*
* We created created this object (we own it) so
* even if that was not requested. This avoids
* unexpected access failures later that would
* happen if these were not granted.
*/
}
&err);
}
/*
* We might have blocked in smb_ofile_open long enough so a
* tree disconnect might have happened. In that case, we've
* just added an ofile to a tree that's disconnecting, and
* need to undo that to avoid interfering with tear-down of
* the tree connection.
*/
if (status == NT_STATUS_SUCCESS &&
}
/*
* This MUST be done after ofile creation, so that explicitly
* set timestamps can be remembered on the ofile, and the
* readonly flag will be stored "pending" on the node.
*/
if (status == NT_STATUS_SUCCESS) {
}
}
if (status == NT_STATUS_SUCCESS) {
/*
* We've already done access checks above,
* and want this call to succeed even when
* !(desired_access & FILE_READ_ATTRIBUTES),
* so pass kcred here.
*/
if (rc != 0) {
}
}
/*
* smb_fsop_unshrlock is a no-op if node is a directory
* smb_fsop_unshrlock is done in smb_ofile_close
*/
if (status != NT_STATUS_SUCCESS) {
} else {
smb_ofile_close(of, 0);
}
if (created)
if (created)
return (status);
}
/*
* Propagate the write-through mode from the open params
* to the node: see the notes in the function header.
*/
/*
* Set up the fileid and dosattr in open_param for response
*/
/*
* Set up the file type in open_param for the response
*/
if (smb_node_is_file(node)) {
} else {
/* directory or symlink */
}
if (created)
return (NT_STATUS_SUCCESS);
}
/*
* smb_open_oplock_break
*
* If the node has an ofile opened with share access none,
* (smb_node_share_check = FALSE) only break BATCH oplock.
* Otherwise:
* If overwriting, break to SMB_OPLOCK_NONE, else
* If opening for anything other than attribute access,
* break oplock to LEVEL_II.
*/
static void
{
if (!smb_node_share_check(node))
if (smb_open_overwrite(op)) {
} else if (!smb_open_attr_only(op)) {
}
}
/*
* smb_open_attr_only
*
* Determine if file is being opened for attribute access only.
* This is used to determine whether it is necessary to break
* existing oplocks on the file.
*/
static boolean_t
{
return (B_TRUE);
}
return (B_FALSE);
}
static boolean_t
{
return (B_TRUE);
}
return (B_FALSE);
}
/*
* smb_set_open_attributes
*
* Last write time:
* - If the last_write time specified in the open params is not 0 or -1,
* use it as file's mtime. This will be considered an explicitly set
* timestamps, not reset by subsequent writes.
*
* DOS attributes
* - If we created_readonly, we now store the real DOS attributes
* (including the readonly bit) so subsequent opens will see it.
*
* Both are stored "pending" rather than in the file system.
*
* Returns: errno
*/
static int
{
int rc = 0;
if (op->created_readonly) {
}
}
}
/*
* Used to have code here to set mtime, ctime, atime
* when the open op->create_disposition is any of:
* FILE_SUPERSEDE, FILE_OVERWRITE_IF, FILE_OVERWRITE.
* We know that in those cases we will have set the
* file size, in which case the file system will
* update those times, so we don't have to.
*
* However, keep track of the fact that we modified
* the file via this handle, so we can do the evil,
* gratuitious mtime update on close that Windows
* clients appear to expect.
*/
return (rc);
}
/*
* This function is used to delete a newly created object (file or
* directory) if an error occurs after creation of the object.
*/
static void
{
flags |= SMB_IGNORE_CASE;
if (SMB_TREE_SUPPORTS_CATIA(sr))
else
}