Print this page
Build provider 3rd arg from smb_request_t
hacking...
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/fs/smbsrv/smb_nt_create_andx.c
+++ new/usr/src/uts/common/fs/smbsrv/smb_nt_create_andx.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
24 24 */
25 25
26 26 /*
27 27 * This command is used to create or open a file or directory.
28 28 */
29 29
30 30
31 31 #include <smbsrv/smb_kproto.h>
32 32 #include <smbsrv/smb_fsops.h>
33 33 #include <smbsrv/smb_vops.h>
34 34
35 35 int smb_nt_create_enable_extended_response = 1;
36 36
37 37 /*
38 38 * smb_com_nt_create_andx
39 39 *
40 40 * This command is used to create or open a file or directory.
41 41 *
42 42 * Client Request Description
43 43 * ================================= ==================================
44 44 *
45 45 * UCHAR WordCount; Count of parameter words = 24
46 46 * UCHAR AndXCommand; Secondary command; 0xFF = None
47 47 * UCHAR AndXReserved; Reserved (must be 0)
48 48 * USHORT AndXOffset; Offset to next command WordCount
49 49 * UCHAR Reserved; Reserved (must be 0)
50 50 * USHORT NameLength; Length of Name[] in bytes
51 51 * ULONG Flags; Create bit set:
52 52 * 0x02 - Request an oplock
53 53 * 0x04 - Request a batch oplock
54 54 * 0x08 - Target of open must be
55 55 * directory
56 56 * ULONG RootDirectoryFid; If non-zero, open is relative to
57 57 * this directory
58 58 * ACCESS_MASK DesiredAccess; access desired
59 59 * LARGE_INTEGER AllocationSize; Initial allocation size
60 60 * ULONG ExtFileAttributes; File attributes
61 61 * ULONG ShareAccess; Type of share access
62 62 * ULONG CreateDisposition; Action to take if file exists or
63 63 * not
64 64 * ULONG CreateOptions; Options to use if creating a file
65 65 * ULONG ImpersonationLevel; Security QOS information
66 66 * UCHAR SecurityFlags; Security tracking mode flags:
67 67 * 0x1 - SECURITY_CONTEXT_TRACKING
68 68 * 0x2 - SECURITY_EFFECTIVE_ONLY
69 69 * USHORT ByteCount; Length of byte parameters
70 70 * STRING Name[]; File to open or create
71 71 *
72 72 * The DesiredAccess parameter is specified in section 3.7 on Access Mask
73 73 * Encoding.
74 74 *
75 75 * If no value is specified, it still allows an application to query
76 76 * attributes without actually accessing the file.
77 77 *
78 78 * The ExtFIleAttributes parameter specifies the file attributes and flags
79 79 * for the file. The parameter's value is the sum of allowed attributes and
80 80 * flags defined in section 3.11 on Extended File Attribute Encoding
81 81 *
82 82 * The ShareAccess field Specifies how this file can be shared. This
83 83 * parameter must be some combination of the following values:
84 84 *
85 85 * Name Value Meaning
86 86 * 0 Prevents the file from being shared.
87 87 * FILE_SHARE_READ 0x00000001 Other open operations can be performed on
88 88 * the file for read access.
89 89 * FILE_SHARE_WRITE 0x00000002 Other open operations can be performed on
90 90 * the file for write access.
91 91 * FILE_SHARE_DELETE 0x00000004 Other open operations can be performed on
92 92 * the file for delete access.
93 93 *
94 94 * The CreateDisposition parameter can contain one of the following values:
95 95 *
96 96 * CREATE_NEW Creates a new file. The function fails if the
97 97 * specified file already exists.
98 98 * CREATE_ALWAYS Creates a new file. The function overwrites the file
99 99 * if it exists.
100 100 * OPEN_EXISTING Opens the file. The function fails if the file does
101 101 * not exist.
102 102 * OPEN_ALWAYS Opens the file, if it exists. If the file does not
103 103 * exist, act like CREATE_NEW.
104 104 * TRUNCATE_EXISTING Opens the file. Once opened, the file is truncated so
105 105 * that its size is zero bytes. The calling process must
106 106 * open the file with at least GENERIC_WRITE access. The
107 107 * function fails if the file does not exist.
108 108 *
109 109 * The ImpersonationLevel parameter can contain one or more of the
110 110 * following values:
111 111 *
112 112 * SECURITY_ANONYMOUS Specifies to impersonate the client at the
113 113 * Anonymous impersonation level.
114 114 * SECURITY_IDENTIFICATION Specifies to impersonate the client at the
115 115 * Identification impersonation level.
116 116 * SECURITY_IMPERSONATION Specifies to impersonate the client at the
117 117 * Impersonation impersonation level.
118 118 * SECURITY_DELEGATION Specifies to impersonate the client at the
119 119 * Delegation impersonation level.
120 120 *
121 121 * The SecurityFlags parameter can have either of the following two flags
122 122 * set:
123 123 *
124 124 * SECURITY_CONTEXT_TRACKING Specifies that the security tracking mode is
125 125 * dynamic. If this flag is not specified,
126 126 * Security Tracking Mode is static.
127 127 * SECURITY_EFFECTIVE_ONLY Specifies that only the enabled aspects of
128 128 * the client's security context are available
129 129 * to the server. If you do not specify this
130 130 * flag, all aspects of the client's security
131 131 * context are available. This flag allows the
132 132 * client to limit the groups and privileges
133 133 * that a server can use while impersonating the
134 134 * client.
135 135 *
136 136 * The response is as follows:
137 137 *
138 138 * Server Response Description
139 139 * ================================= ==================================
140 140 *
141 141 * UCHAR WordCount; Count of parameter words = 26
142 142 * UCHAR AndXCommand; Secondary 0xFF = None
143 143 * command;
144 144 * UCHAR AndXReserved; MBZ
145 145 * USHORT AndXOffset; Offset to next command WordCount
146 146 * UCHAR OplockLevel; The oplock level granted
147 147 * 0 - No oplock granted
148 148 * 1 - Exclusive oplock granted
149 149 * 2 - Batch oplock granted
150 150 * 3 - Level II oplock granted
151 151 * USHORT Fid; The file ID
152 152 * ULONG CreateAction; The action taken
153 153 * TIME CreationTime; The time the file was created
154 154 * TIME LastAccessTime; The time the file was accessed
155 155 * TIME LastWriteTime; The time the file was last written
156 156 * TIME ChangeTime; The time the file was last changed
157 157 * ULONG ExtFileAttributes; The file attributes
158 158 * LARGE_INTEGER AllocationSize; The number of bytes allocated
159 159 * LARGE_INTEGER EndOfFile; The end of file offset
160 160 * USHORT FileType;
161 161 * USHORT DeviceState; state of IPC device (e.g. pipe)
162 162 * BOOLEAN Directory; TRUE if this is a directory
163 163 * USHORT ByteCount; = 0
164 164 *
165 165 * The following SMBs may follow SMB_COM_NT_CREATE_ANDX:
166 166 *
167 167 * SMB_COM_READ SMB_COM_READ_ANDX
168 168 * SMB_COM_IOCTL
169 169 */
170 170 smb_sdrc_t
171 171 smb_pre_nt_create_andx(smb_request_t *sr)
172 172 {
173 173 struct open_param *op = &sr->arg.open;
174 174 uint8_t SecurityFlags;
175 175 uint32_t ImpersonationLevel;
176 176 uint16_t NameLength;
177 177 int rc;
178 178
179 179 bzero(op, sizeof (sr->arg.open));
180 180
181 181 rc = smbsr_decode_vwv(sr, "5.wlllqlllllb",
182 182 &NameLength,
183 183 &op->nt_flags,
184 184 &op->rootdirfid,
185 185 &op->desired_access,
186 186 &op->dsize,
187 187 &op->dattr,
188 188 &op->share_access,
189 189 &op->create_disposition,
190 190 &op->create_options,
191 191 &ImpersonationLevel,
192 192 &SecurityFlags);
193 193
194 194 if (rc == 0) {
195 195 if (NameLength == 0) {
196 196 op->fqi.fq_path.pn_path = "\\";
197 197 } else if (NameLength >= SMB_MAXPATHLEN) {
198 198 smbsr_error(sr, NT_STATUS_OBJECT_NAME_INVALID,
199 199 ERRDOS, ERROR_PATH_NOT_FOUND);
200 200 rc = -1;
201 201 } else {
202 202 rc = smbsr_decode_data(sr, "%#u", sr, NameLength,
203 203 &op->fqi.fq_path.pn_path);
204 204 }
|
↓ open down ↓ |
204 lines elided |
↑ open up ↑ |
205 205 }
206 206
207 207 op->op_oplock_level = SMB_OPLOCK_NONE;
208 208 if (op->nt_flags & NT_CREATE_FLAG_REQUEST_OPLOCK) {
209 209 if (op->nt_flags & NT_CREATE_FLAG_REQUEST_OPBATCH)
210 210 op->op_oplock_level = SMB_OPLOCK_BATCH;
211 211 else
212 212 op->op_oplock_level = SMB_OPLOCK_EXCLUSIVE;
213 213 }
214 214
215 - DTRACE_SMB_2(op__NtCreateX__start, smb_request_t *, sr,
216 - struct open_param *, op);
215 + DTRACE_SMB_1(op__NtCreateX__start, smb_request_t *, sr); /* arg.open */
217 216
218 217 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR);
219 218 }
220 219
221 220 void
222 221 smb_post_nt_create_andx(smb_request_t *sr)
223 222 {
224 223 DTRACE_SMB_1(op__NtCreateX__done, smb_request_t *, sr);
225 224
226 225 if (sr->arg.open.dir != NULL) {
227 226 smb_ofile_release(sr->arg.open.dir);
228 227 sr->arg.open.dir = NULL;
229 228 }
230 229 }
231 230
232 231 /*
233 232 * A lot like smb_nt_transact_create
234 233 */
235 234 smb_sdrc_t
236 235 smb_com_nt_create_andx(struct smb_request *sr)
237 236 {
238 237 struct open_param *op = &sr->arg.open;
239 238 smb_attr_t *ap = &op->fqi.fq_fattr;
240 239 smb_ofile_t *of;
241 240 int rc;
242 241 uint8_t DirFlag;
243 242 uint32_t status;
244 243
245 244 if (op->create_options & ~SMB_NTCREATE_VALID_OPTIONS) {
246 245 smbsr_error(sr, NT_STATUS_INVALID_PARAMETER,
247 246 ERRDOS, ERROR_INVALID_PARAMETER);
248 247 return (SDRC_ERROR);
249 248 }
250 249
251 250 if (op->create_options & FILE_OPEN_BY_FILE_ID) {
252 251 smbsr_error(sr, NT_STATUS_NOT_SUPPORTED,
253 252 ERRDOS, ERROR_NOT_SUPPORTED);
254 253 return (SDRC_ERROR);
255 254 }
256 255
257 256 if ((op->create_options & FILE_DELETE_ON_CLOSE) &&
258 257 !(op->desired_access & DELETE)) {
259 258 smbsr_error(sr, NT_STATUS_INVALID_PARAMETER,
260 259 ERRDOS, ERRbadaccess);
261 260 return (SDRC_ERROR);
262 261 }
263 262
264 263 if (op->create_disposition > FILE_MAXIMUM_DISPOSITION) {
265 264 smbsr_error(sr, NT_STATUS_INVALID_PARAMETER,
266 265 ERRDOS, ERRbadaccess);
267 266 return (SDRC_ERROR);
268 267 }
269 268
270 269 if (op->dattr & FILE_FLAG_WRITE_THROUGH)
271 270 op->create_options |= FILE_WRITE_THROUGH;
272 271
273 272 if (op->dattr & FILE_FLAG_DELETE_ON_CLOSE)
274 273 op->create_options |= FILE_DELETE_ON_CLOSE;
275 274
276 275 if (op->dattr & FILE_FLAG_BACKUP_SEMANTICS)
277 276 op->create_options |= FILE_OPEN_FOR_BACKUP_INTENT;
278 277
279 278 if (op->create_options & FILE_OPEN_FOR_BACKUP_INTENT)
280 279 sr->user_cr = smb_user_getprivcred(sr->uid_user);
281 280
282 281 if (op->rootdirfid == 0) {
283 282 op->fqi.fq_dnode = sr->tid_tree->t_snode;
284 283 } else {
285 284 op->dir = smb_ofile_lookup_by_fid(sr, (uint16_t)op->rootdirfid);
286 285 if (op->dir == NULL) {
287 286 smbsr_error(sr, NT_STATUS_INVALID_HANDLE,
288 287 ERRDOS, ERRbadfid);
289 288 return (SDRC_ERROR);
290 289 }
291 290 op->fqi.fq_dnode = op->dir->f_node;
292 291 }
293 292
294 293 op->op_oplock_levelII = B_TRUE;
295 294
296 295 status = smb_common_open(sr);
297 296 if (status != NT_STATUS_SUCCESS) {
298 297 smbsr_status(sr, status, 0, 0);
299 298 return (SDRC_ERROR);
300 299 }
301 300
302 301 /*
303 302 * NB: after the above smb_common_open() success,
304 303 * we have a handle allocated (sr->fid_ofile).
305 304 * If we don't return success, we must close it.
306 305 */
307 306 of = sr->fid_ofile;
308 307
309 308 switch (sr->tid_tree->t_res_type & STYPE_MASK) {
310 309 case STYPE_DISKTREE:
311 310 case STYPE_PRINTQ:
312 311 if (op->create_options & FILE_DELETE_ON_CLOSE)
313 312 smb_ofile_set_delete_on_close(of);
314 313 DirFlag = smb_node_is_dir(of->f_node) ? 1 : 0;
315 314 break;
316 315
317 316 case STYPE_IPC:
318 317 DirFlag = 0;
319 318 break;
320 319
321 320 default:
322 321 smbsr_error(sr, NT_STATUS_INVALID_DEVICE_REQUEST,
323 322 ERRDOS, ERROR_INVALID_FUNCTION);
324 323 goto errout;
325 324 }
326 325
327 326 if ((op->nt_flags & NT_CREATE_FLAG_EXTENDED_RESPONSE) != 0 &&
328 327 smb_nt_create_enable_extended_response != 0) {
329 328 uint32_t MaxAccess = 0;
330 329 if (of->f_node != NULL) {
331 330 smb_fsop_eaccess(sr, of->f_cr, of->f_node, &MaxAccess);
332 331 }
333 332 MaxAccess |= of->f_granted_access;
334 333
335 334 /*
336 335 * Here is a really ugly protocol wart in SMB1:
337 336 *
338 337 * [MS-SMB] Sec. 2.2.4.9.2: Windows-based SMB servers
339 338 * send 50 (0x32) words in the extended response although
340 339 * they set the WordCount field to 0x2A.
341 340 *
342 341 * In other words, THEY LIE! We really do need to encode
343 342 * 50 words here, but lie and say we encoded 42 words.
344 343 * This means we can't use smbsr_encode_result() to
345 344 * build this response, because the rules it breaks
346 345 * would cause errors in smbsr_check_result().
347 346 */
348 347 sr->smb_wct = 50; /* real word count */
349 348 sr->smb_bcc = 0;
350 349 rc = smb_mbc_encodef(&sr->reply,
351 350 "bb.wbwlTTTTlqqwwb16.qllw",
352 351 42, /* fake word count (b) */
353 352 sr->andx_com, /* (b.) */
354 353 0x87, /* andx offset (w) */
355 354 op->op_oplock_level, /* (b) */
356 355 sr->smb_fid, /* (w) */
357 356 op->action_taken, /* (l) */
358 357 &ap->sa_crtime, /* (T) */
359 358 &ap->sa_vattr.va_atime, /* (T) */
360 359 &ap->sa_vattr.va_mtime, /* (T) */
361 360 &ap->sa_vattr.va_ctime, /* (T) */
362 361 op->dattr & FILE_ATTRIBUTE_MASK, /* (l) */
363 362 ap->sa_allocsz, /* (q) */
364 363 ap->sa_vattr.va_size, /* (q) */
365 364 op->ftype, /* (w) */
366 365 op->devstate, /* (w) */
367 366 DirFlag, /* (b) */
368 367 /* volume guid (16.) */
369 368 op->fileid, /* (q) */
370 369 MaxAccess, /* (l) */
371 370 0, /* guest access (l) */
372 371 0); /* byte count (w) */
373 372 } else {
374 373 rc = smbsr_encode_result(
375 374 sr, 34, 0, "bb.wbwlTTTTlqqwwbw",
376 375 34, /* word count (b) */
377 376 sr->andx_com, /* (b.) */
378 377 0x67, /* andx offset (w) */
379 378 op->op_oplock_level, /* (b) */
380 379 sr->smb_fid, /* (w) */
381 380 op->action_taken, /* (l) */
382 381 &ap->sa_crtime, /* (T) */
383 382 &ap->sa_vattr.va_atime, /* (T) */
384 383 &ap->sa_vattr.va_mtime, /* (T) */
385 384 &ap->sa_vattr.va_ctime, /* (T) */
386 385 op->dattr & FILE_ATTRIBUTE_MASK, /* (l) */
387 386 ap->sa_allocsz, /* (q) */
388 387 ap->sa_vattr.va_size, /* (q) */
389 388 op->ftype, /* (w) */
390 389 op->devstate, /* (w) */
391 390 DirFlag, /* (b) */
392 391 0); /* byte count (w) */
393 392 }
394 393
395 394 if (rc == 0)
396 395 return (SDRC_SUCCESS);
397 396
398 397 errout:
399 398 smb_ofile_close(of, 0);
400 399 return (SDRC_ERROR);
401 400 }
|
↓ open down ↓ |
175 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX