xref: /illumos-gate/usr/src/uts/common/fs/smbsrv/smb_nt_create_andx.c (revision c5f48fa536d16d8fe59d1bb62faa7eb8e891610c)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2016 Nexenta Systems, Inc.  All rights reserved.
24  */
25 
26 /*
27  * This command is used to create or open a file or directory.
28  */
29 
30 
31 #include <smbsrv/smb_kproto.h>
32 #include <smbsrv/smb_fsops.h>
33 #include <smbsrv/smb_vops.h>
34 
35 int smb_nt_create_enable_extended_response = 1;
36 
37 /*
38  * smb_com_nt_create_andx
39  *
40  * This command is used to create or open a file or directory.
41  *
42  *  Client Request                     Description
43  *  =================================  ==================================
44  *
45  *  UCHAR WordCount;                   Count of parameter words = 24
46  *  UCHAR AndXCommand;                 Secondary command;  0xFF = None
47  *  UCHAR AndXReserved;                Reserved (must be 0)
48  *  USHORT AndXOffset;                 Offset to next command WordCount
49  *  UCHAR Reserved;                    Reserved (must be 0)
50  *  USHORT NameLength;                 Length of Name[] in bytes
51  *  ULONG Flags;                       Create bit set:
52  *                                     0x02 - Request an oplock
53  *                                     0x04 - Request a batch oplock
54  *                                     0x08 - Target of open must be
55  *                                     directory
56  *  ULONG RootDirectoryFid;            If non-zero, open is relative to
57  *                                     this directory
58  *  ACCESS_MASK DesiredAccess;         access desired
59  *  LARGE_INTEGER AllocationSize;      Initial allocation size
60  *  ULONG ExtFileAttributes;           File attributes
61  *  ULONG ShareAccess;                 Type of share access
62  *  ULONG CreateDisposition;           Action to take if file exists or
63  *                                     not
64  *  ULONG CreateOptions;               Options to use if creating a file
65  *  ULONG ImpersonationLevel;          Security QOS information
66  *  UCHAR SecurityFlags;               Security tracking mode flags:
67  *                                     0x1 - SECURITY_CONTEXT_TRACKING
68  *                                     0x2 - SECURITY_EFFECTIVE_ONLY
69  *  USHORT ByteCount;                  Length of byte parameters
70  *  STRING Name[];                     File to open or create
71  *
72  * The DesiredAccess parameter is specified in section 3.7 on  Access Mask
73  * Encoding.
74  *
75  * If no value is specified, it still allows an application to query
76  * attributes without actually accessing the file.
77  *
78  * The ExtFIleAttributes parameter specifies the file attributes and flags
79  * for the file. The parameter's value is the sum of allowed attributes and
80  * flags defined in section 3.11 on  Extended File Attribute Encoding
81  *
82  * The ShareAccess field Specifies how this file can be shared. This
83  * parameter must be some combination of the following values:
84  *
85  * Name              Value      Meaning
86  *                   0          Prevents the file from being shared.
87  * FILE_SHARE_READ   0x00000001 Other open operations can be performed on
88  *                               the file for read access.
89  * FILE_SHARE_WRITE  0x00000002 Other open operations can be performed on
90  *                               the file for write access.
91  * FILE_SHARE_DELETE 0x00000004 Other open operations can be performed on
92  *                               the file for delete access.
93  *
94  * The CreateDisposition parameter can contain one of the following values:
95  *
96  * CREATE_NEW        Creates a new file. The function fails if the
97  *                   specified file already exists.
98  * CREATE_ALWAYS     Creates a new file. The function overwrites the file
99  *                   if it exists.
100  * OPEN_EXISTING     Opens the file. The function fails if the file does
101  *                   not exist.
102  * OPEN_ALWAYS       Opens the file, if it exists. If the file does not
103  *                   exist, act like CREATE_NEW.
104  * TRUNCATE_EXISTING Opens the file. Once opened, the file is truncated so
105  *                   that its size is zero bytes. The calling process must
106  *                   open the file with at least GENERIC_WRITE access. The
107  *                   function fails if the file does not exist.
108  *
109  * The ImpersonationLevel parameter can contain one or more of the
110  * following values:
111  *
112  * SECURITY_ANONYMOUS        Specifies to impersonate the client at the
113  *                           Anonymous impersonation level.
114  * SECURITY_IDENTIFICATION   Specifies to impersonate the client at the
115  *                           Identification impersonation level.
116  * SECURITY_IMPERSONATION    Specifies to impersonate the client at the
117  *                           Impersonation impersonation level.
118  * SECURITY_DELEGATION       Specifies to impersonate the client at the
119  *                           Delegation impersonation level.
120  *
121  * The SecurityFlags parameter can have either of the following two flags
122  * set:
123  *
124  * SECURITY_CONTEXT_TRACKING  Specifies that the security tracking mode is
125  *                            dynamic. If this flag is not specified,
126  *                            Security Tracking Mode is static.
127  * SECURITY_EFFECTIVE_ONLY    Specifies that only the enabled aspects of
128  *                            the client's security context are available
129  *                            to the server. If you do not specify this
130  *                            flag, all aspects of the client's security
131  *                            context are available. This flag allows the
132  *                            client to limit the groups and privileges
133  *                            that a server can use while impersonating the
134  *                            client.
135  *
136  * The response is as follows:
137  *
138  *  Server Response                    Description
139  *  =================================  ==================================
140  *
141  *  UCHAR WordCount;                   Count of parameter words = 26
142  *  UCHAR AndXCommand;  Secondary      0xFF = None
143  *  command;
144  *  UCHAR AndXReserved;                MBZ
145  *  USHORT AndXOffset;                 Offset to next command WordCount
146  *  UCHAR OplockLevel;                 The oplock level granted
147  *                                     0 - No oplock granted
148  *                                     1 - Exclusive oplock granted
149  *                                     2 - Batch oplock granted
150  *                                     3 - Level II oplock granted
151  *  USHORT Fid;                        The file ID
152  *  ULONG CreateAction;                The action taken
153  *  TIME CreationTime;                 The time the file was created
154  *  TIME LastAccessTime;               The time the file was accessed
155  *  TIME LastWriteTime;                The time the file was last written
156  *  TIME ChangeTime;                   The time the file was last changed
157  *  ULONG ExtFileAttributes;           The file attributes
158  *  LARGE_INTEGER AllocationSize;      The number of bytes allocated
159  *  LARGE_INTEGER EndOfFile;           The end of file offset
160  *  USHORT FileType;
161  *  USHORT DeviceState;                state of IPC device (e.g. pipe)
162  *  BOOLEAN Directory;                 TRUE if this is a directory
163  *  USHORT ByteCount;                  = 0
164  *
165  * The following SMBs may follow SMB_COM_NT_CREATE_ANDX:
166  *
167  *    SMB_COM_READ    SMB_COM_READ_ANDX
168  *    SMB_COM_IOCTL
169  */
170 smb_sdrc_t
171 smb_pre_nt_create_andx(smb_request_t *sr)
172 {
173 	struct open_param *op = &sr->arg.open;
174 	uint8_t SecurityFlags;
175 	uint32_t ImpersonationLevel;
176 	uint16_t NameLength;
177 	int rc;
178 
179 	bzero(op, sizeof (sr->arg.open));
180 
181 	rc = smbsr_decode_vwv(sr, "5.wlllqlllllb",
182 	    &NameLength,
183 	    &op->nt_flags,
184 	    &op->rootdirfid,
185 	    &op->desired_access,
186 	    &op->dsize,
187 	    &op->dattr,
188 	    &op->share_access,
189 	    &op->create_disposition,
190 	    &op->create_options,
191 	    &ImpersonationLevel,
192 	    &SecurityFlags);
193 
194 	if (rc == 0) {
195 		if (NameLength == 0) {
196 			op->fqi.fq_path.pn_path = "\\";
197 		} else if (NameLength >= SMB_MAXPATHLEN) {
198 			smbsr_error(sr, NT_STATUS_OBJECT_NAME_INVALID,
199 			    ERRDOS, ERROR_PATH_NOT_FOUND);
200 			rc = -1;
201 		} else {
202 			rc = smbsr_decode_data(sr, "%#u", sr, NameLength,
203 			    &op->fqi.fq_path.pn_path);
204 		}
205 	}
206 
207 	op->op_oplock_level = SMB_OPLOCK_NONE;
208 	if (op->nt_flags & NT_CREATE_FLAG_REQUEST_OPLOCK) {
209 		if (op->nt_flags & NT_CREATE_FLAG_REQUEST_OPBATCH)
210 			op->op_oplock_level = SMB_OPLOCK_BATCH;
211 		else
212 			op->op_oplock_level = SMB_OPLOCK_EXCLUSIVE;
213 	}
214 
215 	DTRACE_SMB_2(op__NtCreateX__start, smb_request_t *, sr,
216 	    struct open_param *, op);
217 
218 	return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR);
219 }
220 
221 void
222 smb_post_nt_create_andx(smb_request_t *sr)
223 {
224 	DTRACE_SMB_1(op__NtCreateX__done, smb_request_t *, sr);
225 
226 	if (sr->arg.open.dir != NULL) {
227 		smb_ofile_release(sr->arg.open.dir);
228 		sr->arg.open.dir = NULL;
229 	}
230 }
231 
232 /*
233  * A lot like smb_nt_transact_create
234  */
235 smb_sdrc_t
236 smb_com_nt_create_andx(struct smb_request *sr)
237 {
238 	struct open_param	*op = &sr->arg.open;
239 	smb_attr_t		*ap = &op->fqi.fq_fattr;
240 	smb_ofile_t		*of;
241 	int			rc;
242 	uint8_t			DirFlag;
243 	uint32_t		status;
244 
245 	if (op->create_options & ~SMB_NTCREATE_VALID_OPTIONS) {
246 		smbsr_error(sr, NT_STATUS_INVALID_PARAMETER,
247 		    ERRDOS, ERROR_INVALID_PARAMETER);
248 		return (SDRC_ERROR);
249 	}
250 
251 	if (op->create_options & FILE_OPEN_BY_FILE_ID) {
252 		smbsr_error(sr, NT_STATUS_NOT_SUPPORTED,
253 		    ERRDOS, ERROR_NOT_SUPPORTED);
254 		return (SDRC_ERROR);
255 	}
256 
257 	if ((op->create_options & FILE_DELETE_ON_CLOSE) &&
258 	    !(op->desired_access & DELETE)) {
259 		smbsr_error(sr, NT_STATUS_INVALID_PARAMETER,
260 		    ERRDOS, ERRbadaccess);
261 		return (SDRC_ERROR);
262 	}
263 
264 	if (op->create_disposition > FILE_MAXIMUM_DISPOSITION) {
265 		smbsr_error(sr, NT_STATUS_INVALID_PARAMETER,
266 		    ERRDOS, ERRbadaccess);
267 		return (SDRC_ERROR);
268 	}
269 
270 	if (op->dattr & FILE_FLAG_WRITE_THROUGH)
271 		op->create_options |= FILE_WRITE_THROUGH;
272 
273 	if (op->dattr & FILE_FLAG_DELETE_ON_CLOSE)
274 		op->create_options |= FILE_DELETE_ON_CLOSE;
275 
276 	if (op->dattr & FILE_FLAG_BACKUP_SEMANTICS)
277 		op->create_options |= FILE_OPEN_FOR_BACKUP_INTENT;
278 
279 	if (op->create_options & FILE_OPEN_FOR_BACKUP_INTENT)
280 		sr->user_cr = smb_user_getprivcred(sr->uid_user);
281 
282 	if (op->rootdirfid == 0) {
283 		op->fqi.fq_dnode = sr->tid_tree->t_snode;
284 	} else {
285 		op->dir = smb_ofile_lookup_by_fid(sr, (uint16_t)op->rootdirfid);
286 		if (op->dir == NULL) {
287 			smbsr_error(sr, NT_STATUS_INVALID_HANDLE,
288 			    ERRDOS, ERRbadfid);
289 			return (SDRC_ERROR);
290 		}
291 		op->fqi.fq_dnode = op->dir->f_node;
292 	}
293 
294 	op->op_oplock_levelII = B_TRUE;
295 
296 	status = smb_common_open(sr);
297 	if (status != NT_STATUS_SUCCESS) {
298 		smbsr_status(sr, status, 0, 0);
299 		return (SDRC_ERROR);
300 	}
301 
302 	/*
303 	 * NB: after the above smb_common_open() success,
304 	 * we have a handle allocated (sr->fid_ofile).
305 	 * If we don't return success, we must close it.
306 	 */
307 	of = sr->fid_ofile;
308 
309 	switch (sr->tid_tree->t_res_type & STYPE_MASK) {
310 	case STYPE_DISKTREE:
311 	case STYPE_PRINTQ:
312 		if (op->create_options & FILE_DELETE_ON_CLOSE)
313 			smb_ofile_set_delete_on_close(of);
314 		DirFlag = smb_node_is_dir(of->f_node) ? 1 : 0;
315 		break;
316 
317 	case STYPE_IPC:
318 		DirFlag = 0;
319 		break;
320 
321 	default:
322 		smbsr_error(sr, NT_STATUS_INVALID_DEVICE_REQUEST,
323 		    ERRDOS, ERROR_INVALID_FUNCTION);
324 		goto errout;
325 	}
326 
327 	if ((op->nt_flags & NT_CREATE_FLAG_EXTENDED_RESPONSE) != 0 &&
328 	    smb_nt_create_enable_extended_response != 0) {
329 		uint32_t MaxAccess = 0;
330 		if (of->f_node != NULL) {
331 			smb_fsop_eaccess(sr, of->f_cr, of->f_node, &MaxAccess);
332 		}
333 		MaxAccess |= of->f_granted_access;
334 
335 		/*
336 		 * Here is a really ugly protocol wart in SMB1:
337 		 *
338 		 * [MS-SMB] Sec. 2.2.4.9.2: Windows-based SMB servers
339 		 * send 50 (0x32) words in the extended response although
340 		 * they set the WordCount field to 0x2A.
341 		 *
342 		 * In other words, THEY LIE!  We really do need to encode
343 		 * 50 words here, but lie and say we encoded 42 words.
344 		 * This means we can't use smbsr_encode_result() to
345 		 * build this response, because the rules it breaks
346 		 * would cause errors in smbsr_check_result().
347 		 *
348 		 * And that's not all (it gets worse...)
349 		 * Because of the bogus word count, some clients will
350 		 * read the byte count from within what should be the
351 		 * fileid field below.  Leave that zero, like Win7.
352 		 *
353 		 * Apparently the only really useful thing in this
354 		 * extended response is MaxAccess.
355 		 */
356 		sr->smb_wct = 50; /* real word count */
357 		sr->smb_bcc = 0;
358 		rc = smb_mbc_encodef(&sr->reply,
359 		    "bb.wbwlTTTTlqqwwb16.qllw",
360 		    42,		/* fake word count (b) */
361 		    sr->andx_com,		/* (b.) */
362 		    0x87,	/* andx offset	   (w) */
363 		    op->op_oplock_level,	/* (b) */
364 		    sr->smb_fid,		/* (w) */
365 		    op->action_taken,		/* (l) */
366 		    &ap->sa_crtime,		/* (T) */
367 		    &ap->sa_vattr.va_atime,	/* (T) */
368 		    &ap->sa_vattr.va_mtime,	/* (T) */
369 		    &ap->sa_vattr.va_ctime,	/* (T) */
370 		    op->dattr & FILE_ATTRIBUTE_MASK, /* (l) */
371 		    ap->sa_allocsz,		/* (q) */
372 		    ap->sa_vattr.va_size,	/* (q) */
373 		    op->ftype,			/* (w) */
374 		    op->devstate,		/* (w) */
375 		    DirFlag,			/* (b) */
376 		    /* volume guid		  (16.) */
377 		    0,	/* file ID (see above)	   (q) */
378 		    MaxAccess,			/* (l) */
379 		    0,		/* guest access	   (l) */
380 		    0);		/* byte count	   (w) */
381 	} else {
382 		rc = smbsr_encode_result(
383 		    sr, 34, 0, "bb.wbwlTTTTlqqwwbw",
384 		    34,		/* word count	   (b) */
385 		    sr->andx_com,		/* (b.) */
386 		    0x67,	/* andx offset	   (w) */
387 		    op->op_oplock_level,	/* (b) */
388 		    sr->smb_fid,		/* (w) */
389 		    op->action_taken,		/* (l) */
390 		    &ap->sa_crtime,		/* (T) */
391 		    &ap->sa_vattr.va_atime,	/* (T) */
392 		    &ap->sa_vattr.va_mtime,	/* (T) */
393 		    &ap->sa_vattr.va_ctime,	/* (T) */
394 		    op->dattr & FILE_ATTRIBUTE_MASK, /* (l) */
395 		    ap->sa_allocsz,		/* (q) */
396 		    ap->sa_vattr.va_size,	/* (q) */
397 		    op->ftype,			/* (w) */
398 		    op->devstate,		/* (w) */
399 		    DirFlag,			/* (b) */
400 		    0);		/* byte count	   (w) */
401 	}
402 
403 	if (rc == 0)
404 		return (SDRC_SUCCESS);
405 
406 errout:
407 	smb_ofile_close(of, 0);
408 	return (SDRC_ERROR);
409 }
410