diff options
Diffstat (limited to 'usr/src/uts/common')
| -rw-r--r-- | usr/src/uts/common/fs/smbsrv/smb2_durable.c | 6 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/smbsrv/smb_fsops.c | 9 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/smbsrv/smb_odir.c | 23 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/smbsrv/smb_query_fileinfo.c | 8 | ||||
| -rw-r--r-- | usr/src/uts/common/inet/ip/ip.c | 16 | ||||
| -rw-r--r-- | usr/src/uts/common/smbsrv/smb_kproto.h | 5 | ||||
| -rw-r--r-- | usr/src/uts/common/smbsrv/smb_ktypes.h | 3 |
7 files changed, 49 insertions, 21 deletions
diff --git a/usr/src/uts/common/fs/smbsrv/smb2_durable.c b/usr/src/uts/common/fs/smbsrv/smb2_durable.c index c783cd9659..190a7ca6cc 100644 --- a/usr/src/uts/common/fs/smbsrv/smb2_durable.c +++ b/usr/src/uts/common/fs/smbsrv/smb2_durable.c @@ -10,7 +10,7 @@ */ /* - * Copyright 2020 Tintri by DDN, Inc. All rights reserved. + * Copyright 2017-2022 Tintri by DDN, Inc. All rights reserved. */ /* @@ -350,8 +350,8 @@ smb2_dh_import_share(void *arg) * Open the ext. attr dir under the share root and * import CA handles for this share. */ - if (smb_odir_openat(sr, snode, &od) != 0) { - cmn_err(CE_NOTE, "Share [%s] CA import, no xattr dir?", + if (smb_odir_openat(sr, snode, &od, B_FALSE) != 0) { + cmn_err(CE_NOTE, "!Share [%s] CA import, no xattr dir?", shr->shr_name); goto out; } diff --git a/usr/src/uts/common/fs/smbsrv/smb_fsops.c b/usr/src/uts/common/fs/smbsrv/smb_fsops.c index ef58f15fa8..4247c399f3 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_fsops.c +++ b/usr/src/uts/common/fs/smbsrv/smb_fsops.c @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2012-2021 Tintri by DDN, Inc. All rights reserved. + * Copyright 2012-2022 Tintri by DDN, Inc. All rights reserved. * Copyright 2022 RackTop Systems, Inc. */ @@ -886,7 +886,12 @@ smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode) if (SMB_TREE_SUPPORTS_CATIA(sr)) flags |= SMB_CATIA; - status = smb_odir_openat(sr, fnode, &od); + /* + * NB: There aren't currently any restricted streams that could be + * removed by this function. If there ever are, be careful to exclude + * any restricted streams that we DON'T want to remove. + */ + status = smb_odir_openat(sr, fnode, &od, B_FALSE); switch (status) { case 0: break; diff --git a/usr/src/uts/common/fs/smbsrv/smb_odir.c b/usr/src/uts/common/fs/smbsrv/smb_odir.c index d2f56b47b0..24d9beae94 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_odir.c +++ b/usr/src/uts/common/fs/smbsrv/smb_odir.c @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2018 Nexenta Systems, Inc. All rights reserved. + * Copyright 2022 Tintri by DDN, Inc. All rights reserved. */ /* @@ -277,7 +277,7 @@ static void smb_odir_delete(void *); */ uint32_t smb_odir_openpath(smb_request_t *sr, char *path, uint16_t sattr, - uint32_t flags, smb_odir_t **odp) + uint32_t flags, smb_odir_t **odp) { int rc; smb_tree_t *tree; @@ -338,7 +338,7 @@ smb_odir_openpath(smb_request_t *sr, char *path, uint16_t sattr, */ uint32_t smb_odir_openfh(smb_request_t *sr, const char *pattern, uint16_t sattr, - smb_odir_t **odp) + smb_odir_t **odp) { smb_ofile_t *of = sr->fid_ofile; @@ -365,7 +365,8 @@ smb_odir_openfh(smb_request_t *sr, const char *pattern, uint16_t sattr, * NT status */ uint32_t -smb_odir_openat(smb_request_t *sr, smb_node_t *unode, smb_odir_t **odp) +smb_odir_openat(smb_request_t *sr, smb_node_t *unode, smb_odir_t **odp, + boolean_t restricted) { char pattern[SMB_STREAM_PREFIX_LEN + 2]; vnode_t *xattr_dvp; @@ -401,6 +402,10 @@ smb_odir_openat(smb_request_t *sr, smb_node_t *unode, smb_odir_t **odp) *odp = smb_odir_create(sr, xattr_dnode, pattern, SMB_SEARCH_ATTRIBUTES, 0, cr); + /* Causes restricted stream names to be hidden from the caller */ + if (restricted) + (*odp)->d_flags |= SMB_ODIR_FLAG_RESTRICTED; + smb_node_release(xattr_dnode); return (0); } @@ -724,6 +729,14 @@ smb_odir_read_streaminfo(smb_request_t *sr, smb_odir_t *od, continue; } + /* + * Hide streams that would be restricted if the caller + * is also restricted. + */ + if ((od->d_flags & SMB_ODIR_FLAG_RESTRICTED) != 0 && + smb_strname_restricted(odirent->od_name)) + continue; + rc = smb_fsop_lookup(sr, od->d_cred, 0, od->d_tree->t_snode, od->d_dnode, odirent->od_name, &fnode); if (rc == 0) { @@ -896,7 +909,7 @@ smb_odir_resume_at(smb_odir_t *od, smb_odir_resume_t *resume) */ static smb_odir_t * smb_odir_create(smb_request_t *sr, smb_node_t *dnode, - const char *pattern, uint16_t sattr, uint16_t odid, cred_t *cr) + const char *pattern, uint16_t sattr, uint16_t odid, cred_t *cr) { smb_odir_t *od; smb_tree_t *tree; diff --git a/usr/src/uts/common/fs/smbsrv/smb_query_fileinfo.c b/usr/src/uts/common/fs/smbsrv/smb_query_fileinfo.c index cfa3ab4aca..6baef805aa 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_query_fileinfo.c +++ b/usr/src/uts/common/fs/smbsrv/smb_query_fileinfo.c @@ -21,7 +21,7 @@ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2017 Nexenta Systems, Inc. All rights reserved. + * Copyright 2022 Tintri by DDN, Inc. All rights reserved. */ #include <smbsrv/smb_kproto.h> @@ -616,7 +616,7 @@ smb_query_encode_response(smb_request_t *sr, smb_xa_t *xa, */ uint32_t smb_query_stream_info(smb_request_t *sr, mbuf_chain_t *mbc, - smb_queryinfo_t *qinfo) + smb_queryinfo_t *qinfo) { char *stream_name; uint32_t next_offset; @@ -646,7 +646,7 @@ smb_query_stream_info(smb_request_t *sr, mbuf_chain_t *mbc, datasz = attr->sa_vattr.va_size; allocsz = attr->sa_allocsz; - status = smb_odir_openat(sr, fnode, &od); + status = smb_odir_openat(sr, fnode, &od, B_TRUE); switch (status) { case 0: break; @@ -759,7 +759,7 @@ smb_query_stream_info(smb_request_t *sr, mbuf_chain_t *mbc, */ static boolean_t smb_stream_fits(smb_request_t *sr, mbuf_chain_t *mbc, - char *name, uint32_t offset) + char *name, uint32_t offset) { uint32_t len, pad; diff --git a/usr/src/uts/common/inet/ip/ip.c b/usr/src/uts/common/inet/ip/ip.c index 274bf9b2eb..704f152bb9 100644 --- a/usr/src/uts/common/inet/ip/ip.c +++ b/usr/src/uts/common/inet/ip/ip.c @@ -26,6 +26,7 @@ * Copyright (c) 2016 by Delphix. All rights reserved. * Copyright 2020 OmniOS Community Edition (OmniOSce) Association. * Copyright 2021 Joyent, Inc. + * Copyright 2022 Oxide Computer Company */ #include <sys/types.h> @@ -3750,10 +3751,17 @@ ip_get_pmtu(ip_xmit_attr_t *ixa) pmtu = IP_MAXPACKET; /* - * Decide whether whether IPv4 sets DF - * For IPv6 "no DF" means to use the 1280 mtu - */ - if (ixa->ixa_flags & IXAF_PMTU_DISCOVERY) { + * We need to determine if it is acceptable to set DF for IPv4 or not + * and for IPv6 if we need to use the minimum MTU. If a connection has + * opted into path MTU discovery, then we can use 'DF' in IPv4 and do + * not have to constrain ourselves to the IPv6 minimum MTU. There is a + * second consideration here: IXAF_DONTFRAG. This is set as a result of + * someone setting the IP_DONTFRAG or IPV6_DONTFRAG socket option. In + * such a case, it is acceptable to set DF for IPv4 and to use a larger + * MTU. Note, the actual MTU is constrained by the ill_t later on in + * this function. + */ + if (ixa->ixa_flags & (IXAF_PMTU_DISCOVERY | IXAF_DONTFRAG)) { ixa->ixa_flags |= IXAF_PMTU_IPV4_DF; } else { ixa->ixa_flags &= ~IXAF_PMTU_IPV4_DF; diff --git a/usr/src/uts/common/smbsrv/smb_kproto.h b/usr/src/uts/common/smbsrv/smb_kproto.h index f61b9aa9a2..76f88c06cb 100644 --- a/usr/src/uts/common/smbsrv/smb_kproto.h +++ b/usr/src/uts/common/smbsrv/smb_kproto.h @@ -22,7 +22,7 @@ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2016 Syneto S.R.L. All rights reserved. - * Copyright 2019 Nexenta by DDN, Inc. All rights reserved. + * Copyright 2011-2022 Tintri by DDN, Inc. All rights reserved. */ /* @@ -698,7 +698,8 @@ uint32_t smb_odir_openpath(smb_request_t *, char *, uint16_t, uint32_t, smb_odir_t **); uint32_t smb_odir_openfh(smb_request_t *, const char *, uint16_t, smb_odir_t **); -uint32_t smb_odir_openat(smb_request_t *, smb_node_t *, smb_odir_t **); +uint32_t smb_odir_openat(smb_request_t *, smb_node_t *, smb_odir_t **, + boolean_t); void smb_odir_reopen(smb_odir_t *, const char *, uint16_t); void smb_odir_close(smb_odir_t *); boolean_t smb_odir_hold(smb_odir_t *); diff --git a/usr/src/uts/common/smbsrv/smb_ktypes.h b/usr/src/uts/common/smbsrv/smb_ktypes.h index a220faef6b..9896a1baf2 100644 --- a/usr/src/uts/common/smbsrv/smb_ktypes.h +++ b/usr/src/uts/common/smbsrv/smb_ktypes.h @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2011-2020 Tintri by DDN, Inc. All rights reserved. + * Copyright 2011-2022 Tintri by DDN, Inc. All rights reserved. * Copyright 2022 RackTop Systems, Inc. */ @@ -1227,6 +1227,7 @@ typedef struct smb_tree { #define SMB_ODIR_FLAG_CATIA 0x0010 #define SMB_ODIR_FLAG_ABE 0x0020 #define SMB_ODIR_FLAG_SHORTNAMES 0x0040 +#define SMB_ODIR_FLAG_RESTRICTED 0x0080 typedef enum { SMB_ODIR_STATE_OPEN = 0, |