xref: /illumos-gate/usr/src/uts/common/fs/smbsrv/smb_fsops.c (revision b69c34dad3717624ff6b4f32b71014ee05b6a678)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
24  */
25 
26 #include <sys/sid.h>
27 #include <sys/nbmlock.h>
28 #include <smbsrv/smb_fsops.h>
29 #include <smbsrv/smb_kproto.h>
30 #include <acl/acl_common.h>
31 #include <sys/fcntl.h>
32 #include <sys/filio.h>
33 #include <sys/flock.h>
34 #include <fs/fs_subr.h>
35 
36 extern caller_context_t smb_ct;
37 
38 static int smb_fsop_create_stream(smb_request_t *, cred_t *, smb_node_t *,
39     char *, char *, int, smb_attr_t *, smb_node_t **);
40 
41 static int smb_fsop_create_file(smb_request_t *, cred_t *, smb_node_t *,
42     char *, int, smb_attr_t *, smb_node_t **);
43 
44 #ifdef	_KERNEL
45 static int smb_fsop_create_with_sd(smb_request_t *, cred_t *, smb_node_t *,
46     char *, smb_attr_t *, smb_node_t **, smb_fssd_t *);
47 static int smb_fsop_sdinherit(smb_request_t *, smb_node_t *, smb_fssd_t *);
48 #endif	/* _KERNEL */
49 
50 /*
51  * The smb_fsop_* functions have knowledge of CIFS semantics.
52  *
53  * The smb_vop_* functions have minimal knowledge of CIFS semantics and
54  * serve as an interface to the VFS layer.
55  *
56  * Hence, smb_request_t and smb_node_t structures should not be passed
57  * from the smb_fsop_* layer to the smb_vop_* layer.
58  *
59  * In general, CIFS service code should only ever call smb_fsop_*
60  * functions directly, and never smb_vop_* functions directly.
61  *
62  * smb_fsop_* functions should call smb_vop_* functions where possible, instead
63  * of their smb_fsop_* counterparts.  However, there are times when
64  * this cannot be avoided.
65  */
66 
67 /*
68  * Note: Stream names cannot be mangled.
69  */
70 
71 /*
72  * smb_fsop_amask_to_omode
73  *
74  * Convert the access mask to the open mode (for use
75  * with the VOP_OPEN call).
76  *
77  * Note that opening a file for attribute only access
78  * will also translate into an FREAD or FWRITE open mode
79  * (i.e., it's not just for data).
80  *
81  * This is needed so that opens are tracked appropriately
82  * for oplock processing.
83  */
84 
85 int
86 smb_fsop_amask_to_omode(uint32_t access)
87 {
88 	int mode = 0;
89 
90 	if (access & (FILE_READ_DATA | FILE_EXECUTE |
91 	    FILE_READ_ATTRIBUTES | FILE_READ_EA))
92 		mode |= FREAD;
93 
94 	if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA |
95 	    FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA))
96 		mode |= FWRITE;
97 
98 	if (access & FILE_APPEND_DATA)
99 		mode |= FAPPEND;
100 
101 	return (mode);
102 }
103 
104 int
105 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred)
106 {
107 	/*
108 	 * Assuming that the same vnode is returned as we had before.
109 	 * (I.e., with certain types of files or file systems, a
110 	 * different vnode might be returned by VOP_OPEN)
111 	 */
112 	return (smb_vop_open(&node->vp, mode, cred));
113 }
114 
115 void
116 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred)
117 {
118 	smb_vop_close(node->vp, mode, cred);
119 }
120 
121 #ifdef	_KERNEL
122 static int
123 smb_fsop_create_with_sd(smb_request_t *sr, cred_t *cr,
124     smb_node_t *dnode, char *name,
125     smb_attr_t *attr, smb_node_t **ret_snode, smb_fssd_t *fs_sd)
126 {
127 	vsecattr_t *vsap;
128 	vsecattr_t vsecattr;
129 	smb_attr_t set_attr;
130 	acl_t *acl, *dacl, *sacl;
131 	vnode_t *vp;
132 	cred_t *kcr = zone_kcred();
133 	int aclbsize = 0;	/* size of acl list in bytes */
134 	int flags = 0;
135 	int rc;
136 	boolean_t is_dir;
137 
138 	ASSERT(fs_sd);
139 
140 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
141 		flags = SMB_IGNORE_CASE;
142 	if (SMB_TREE_SUPPORTS_CATIA(sr))
143 		flags |= SMB_CATIA;
144 
145 	ASSERT(cr);
146 
147 	is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0);
148 
149 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) {
150 		if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
151 			dacl = fs_sd->sd_zdacl;
152 			sacl = fs_sd->sd_zsacl;
153 			ASSERT(dacl || sacl);
154 			if (dacl && sacl) {
155 				acl = smb_fsacl_merge(dacl, sacl);
156 			} else if (dacl) {
157 				acl = dacl;
158 			} else {
159 				acl = sacl;
160 			}
161 
162 			rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize);
163 
164 			if (dacl && sacl)
165 				acl_free(acl);
166 
167 			if (rc != 0)
168 				return (rc);
169 
170 			vsap = &vsecattr;
171 		} else {
172 			vsap = NULL;
173 		}
174 
175 		/* The tree ACEs may prevent a create */
176 		rc = EACCES;
177 		if (is_dir) {
178 			if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_SUBDIRECTORY) != 0)
179 				rc = smb_vop_mkdir(dnode->vp, name, attr,
180 				    &vp, flags, cr, vsap);
181 		} else {
182 			if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_FILE) != 0)
183 				rc = smb_vop_create(dnode->vp, name, attr,
184 				    &vp, flags, cr, vsap);
185 		}
186 
187 		if (vsap != NULL)
188 			kmem_free(vsap->vsa_aclentp, aclbsize);
189 
190 		if (rc != 0)
191 			return (rc);
192 
193 		set_attr.sa_mask = 0;
194 
195 		/*
196 		 * Ideally we should be able to specify the owner and owning
197 		 * group at create time along with the ACL. Since we cannot
198 		 * do that right now, kcred is passed to smb_vop_setattr so it
199 		 * doesn't fail due to lack of permission.
200 		 */
201 		if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
202 			set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
203 			set_attr.sa_mask |= SMB_AT_UID;
204 		}
205 
206 		if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
207 			set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
208 			set_attr.sa_mask |= SMB_AT_GID;
209 		}
210 
211 		if (set_attr.sa_mask)
212 			rc = smb_vop_setattr(vp, NULL, &set_attr, 0, kcr);
213 
214 		if (rc == 0) {
215 			*ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp,
216 			    name, dnode, NULL);
217 
218 			if (*ret_snode == NULL)
219 				rc = ENOMEM;
220 
221 			VN_RELE(vp);
222 		}
223 	} else {
224 		/*
225 		 * For filesystems that don't support ACL-on-create, try
226 		 * to set the specified SD after create, which could actually
227 		 * fail because of conflicts between inherited security
228 		 * attributes upon creation and the specified SD.
229 		 *
230 		 * Passing kcred to smb_fsop_sdwrite() to overcome this issue.
231 		 */
232 
233 		if (is_dir) {
234 			rc = smb_vop_mkdir(dnode->vp, name, attr, &vp,
235 			    flags, cr, NULL);
236 		} else {
237 			rc = smb_vop_create(dnode->vp, name, attr, &vp,
238 			    flags, cr, NULL);
239 		}
240 
241 		if (rc != 0)
242 			return (rc);
243 
244 		*ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp,
245 		    name, dnode, NULL);
246 
247 		if (*ret_snode != NULL) {
248 			if (!smb_tree_has_feature(sr->tid_tree,
249 			    SMB_TREE_NFS_MOUNTED))
250 				rc = smb_fsop_sdwrite(sr, kcr, *ret_snode,
251 				    fs_sd, 1);
252 		} else {
253 			rc = ENOMEM;
254 		}
255 
256 		VN_RELE(vp);
257 	}
258 
259 	if (rc != 0) {
260 		if (is_dir)
261 			(void) smb_vop_rmdir(dnode->vp, name, flags, cr);
262 		else
263 			(void) smb_vop_remove(dnode->vp, name, flags, cr);
264 	}
265 
266 	return (rc);
267 }
268 #endif	/* _KERNEL */
269 
270 /*
271  * smb_fsop_create
272  *
273  * All SMB functions should use this wrapper to ensure that
274  * all the smb_vop_creates are performed with the appropriate credentials.
275  * Please document any direct calls to explain the reason for avoiding
276  * this wrapper.
277  *
278  * *ret_snode is returned with a reference upon success.  No reference is
279  * taken if an error is returned.
280  */
281 int
282 smb_fsop_create(smb_request_t *sr, cred_t *cr, smb_node_t *dnode,
283     char *name, smb_attr_t *attr, smb_node_t **ret_snode)
284 {
285 	int	rc = 0;
286 	int	flags = 0;
287 	char	*fname, *sname;
288 	char	*longname = NULL;
289 
290 	ASSERT(cr);
291 	ASSERT(dnode);
292 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
293 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
294 
295 	ASSERT(ret_snode);
296 	*ret_snode = 0;
297 
298 	ASSERT(name);
299 	if (*name == 0)
300 		return (EINVAL);
301 
302 	ASSERT(sr);
303 	ASSERT(sr->tid_tree);
304 
305 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
306 		return (EACCES);
307 
308 	if (SMB_TREE_IS_READONLY(sr))
309 		return (EROFS);
310 
311 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
312 		flags = SMB_IGNORE_CASE;
313 	if (SMB_TREE_SUPPORTS_CATIA(sr))
314 		flags |= SMB_CATIA;
315 	if (SMB_TREE_SUPPORTS_ABE(sr))
316 		flags |= SMB_ABE;
317 
318 	if (smb_is_stream_name(name)) {
319 		fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
320 		sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
321 		smb_stream_parse_name(name, fname, sname);
322 
323 		rc = smb_fsop_create_stream(sr, cr, dnode,
324 		    fname, sname, flags, attr, ret_snode);
325 
326 		kmem_free(fname, MAXNAMELEN);
327 		kmem_free(sname, MAXNAMELEN);
328 		return (rc);
329 	}
330 
331 	/* Not a named stream */
332 
333 	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) {
334 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
335 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
336 		kmem_free(longname, MAXNAMELEN);
337 
338 		if (rc == 0)
339 			rc = EEXIST;
340 		if (rc != ENOENT)
341 			return (rc);
342 	}
343 
344 	rc = smb_fsop_create_file(sr, cr, dnode, name, flags,
345 	    attr, ret_snode);
346 	return (rc);
347 
348 }
349 
350 
351 /*
352  * smb_fsop_create_stream
353  *
354  * Create NTFS named stream file (sname) on unnamed stream
355  * file (fname), creating the unnamed stream file if it
356  * doesn't exist.
357  * If we created the unnamed stream file and then creation
358  * of the named stream file fails, we delete the unnamed stream.
359  * Since we use the real file name for the smb_vop_remove we
360  * clear the SMB_IGNORE_CASE flag to ensure a case sensitive
361  * match.
362  *
363  * The second parameter of smb_vop_setattr() is set to
364  * NULL, even though an unnamed stream exists.  This is
365  * because we want to set the UID and GID on the named
366  * stream in this case for consistency with the (unnamed
367  * stream) file (see comments for smb_vop_setattr()).
368  *
369  * Note that some stream "types" are "restricted" and only
370  * internal callers (cr == kcred) can create those.
371  */
372 static int
373 smb_fsop_create_stream(smb_request_t *sr, cred_t *cr,
374     smb_node_t *dnode, char *fname, char *sname, int flags,
375     smb_attr_t *attr, smb_node_t **ret_snode)
376 {
377 	smb_attr_t	fattr;
378 	smb_node_t	*fnode;
379 	vnode_t		*xattrdvp;
380 	vnode_t		*vp;
381 	cred_t		*kcr = zone_kcred();
382 	int		rc = 0;
383 	boolean_t	fcreate = B_FALSE;
384 
385 	if (cr != kcr && smb_strname_restricted(sname))
386 		return (EACCES);
387 
388 	/* Look up / create the unnamed stream, fname */
389 	rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
390 	    sr->tid_tree->t_snode, dnode, fname, &fnode);
391 	if (rc == 0) {
392 		if (smb_fsop_access(sr, sr->user_cr, fnode,
393 		    sr->sr_open.desired_access) != 0)
394 			rc = EACCES;
395 	} else if (rc == ENOENT) {
396 		fcreate = B_TRUE;
397 		rc = smb_fsop_create_file(sr, cr, dnode, fname, flags,
398 		    attr, &fnode);
399 	}
400 	if (rc != 0)
401 		return (rc);
402 
403 	fattr.sa_mask = SMB_AT_UID | SMB_AT_GID;
404 	rc = smb_vop_getattr(fnode->vp, NULL, &fattr, 0, kcr);
405 
406 	if (rc == 0) {
407 		/* create the named stream, sname */
408 		rc = smb_vop_stream_create(fnode->vp, sname, attr,
409 		    &vp, &xattrdvp, flags, cr);
410 	}
411 	if (rc != 0) {
412 		if (fcreate) {
413 			flags &= ~SMB_IGNORE_CASE;
414 			(void) smb_vop_remove(dnode->vp,
415 			    fnode->od_name, flags, cr);
416 		}
417 		smb_node_release(fnode);
418 		return (rc);
419 	}
420 
421 	attr->sa_vattr.va_uid = fattr.sa_vattr.va_uid;
422 	attr->sa_vattr.va_gid = fattr.sa_vattr.va_gid;
423 	attr->sa_mask = SMB_AT_UID | SMB_AT_GID;
424 
425 	rc = smb_vop_setattr(vp, NULL, attr, 0, kcr);
426 	if (rc != 0) {
427 		smb_node_release(fnode);
428 		return (rc);
429 	}
430 
431 	*ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdvp,
432 	    vp, sname);
433 
434 	smb_node_release(fnode);
435 	VN_RELE(xattrdvp);
436 	VN_RELE(vp);
437 
438 	if (*ret_snode == NULL)
439 		rc = ENOMEM;
440 
441 	/* notify change to the unnamed stream */
442 	if (rc == 0)
443 		smb_node_notify_change(dnode,
444 		    FILE_ACTION_ADDED_STREAM, fname);
445 
446 	return (rc);
447 }
448 
449 /*
450  * smb_fsop_create_file
451  */
452 static int
453 smb_fsop_create_file(smb_request_t *sr, cred_t *cr,
454     smb_node_t *dnode, char *name, int flags,
455     smb_attr_t *attr, smb_node_t **ret_snode)
456 {
457 	smb_arg_open_t	*op = &sr->sr_open;
458 	vnode_t		*vp;
459 	int		rc;
460 
461 #ifdef	_KERNEL
462 	smb_fssd_t	fs_sd;
463 	uint32_t	secinfo;
464 	uint32_t	status;
465 
466 	if (op->sd) {
467 		/*
468 		 * SD sent by client in Windows format. Needs to be
469 		 * converted to FS format. No inheritance.
470 		 */
471 		secinfo = smb_sd_get_secinfo(op->sd);
472 		smb_fssd_init(&fs_sd, secinfo, 0);
473 
474 		status = smb_sd_tofs(op->sd, &fs_sd);
475 		if (status == NT_STATUS_SUCCESS) {
476 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
477 			    name, attr, ret_snode, &fs_sd);
478 		} else {
479 			rc = EINVAL;
480 		}
481 		smb_fssd_term(&fs_sd);
482 	} else if (sr->tid_tree->t_acltype == ACE_T) {
483 		/*
484 		 * No incoming SD and filesystem is ZFS
485 		 * Server applies Windows inheritance rules,
486 		 * see smb_fsop_sdinherit() comments as to why.
487 		 */
488 		smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0);
489 		rc = smb_fsop_sdinherit(sr, dnode, &fs_sd);
490 		if (rc == 0) {
491 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
492 			    name, attr, ret_snode, &fs_sd);
493 		}
494 
495 		smb_fssd_term(&fs_sd);
496 	} else
497 #endif	/* _KERNEL */
498 	{
499 		/*
500 		 * No incoming SD and filesystem is not ZFS
501 		 * let the filesystem handles the inheritance.
502 		 */
503 		rc = smb_vop_create(dnode->vp, name, attr, &vp,
504 		    flags, cr, NULL);
505 
506 		if (rc == 0) {
507 			*ret_snode = smb_node_lookup(sr, op, cr, vp,
508 			    name, dnode, NULL);
509 
510 			if (*ret_snode == NULL)
511 				rc = ENOMEM;
512 
513 			VN_RELE(vp);
514 		}
515 
516 	}
517 
518 	if (rc == 0)
519 		smb_node_notify_change(dnode, FILE_ACTION_ADDED, name);
520 
521 	return (rc);
522 }
523 
524 /*
525  * smb_fsop_mkdir
526  *
527  * All SMB functions should use this wrapper to ensure that
528  * the the calls are performed with the appropriate credentials.
529  * Please document any direct call to explain the reason
530  * for avoiding this wrapper.
531  *
532  * It is assumed that a reference exists on snode coming into this routine.
533  *
534  * *ret_snode is returned with a reference upon success.  No reference is
535  * taken if an error is returned.
536  */
537 int
538 smb_fsop_mkdir(
539     smb_request_t *sr,
540     cred_t *cr,
541     smb_node_t *dnode,
542     char *name,
543     smb_attr_t *attr,
544     smb_node_t **ret_snode)
545 {
546 	struct open_param *op = &sr->arg.open;
547 	char *longname;
548 	vnode_t *vp;
549 	int flags = 0;
550 	int rc;
551 
552 #ifdef	_KERNEL
553 	smb_fssd_t fs_sd;
554 	uint32_t secinfo;
555 	uint32_t status;
556 #endif	/* _KERNEL */
557 
558 	ASSERT(cr);
559 	ASSERT(dnode);
560 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
561 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
562 
563 	ASSERT(ret_snode);
564 	*ret_snode = 0;
565 
566 	ASSERT(name);
567 	if (*name == 0)
568 		return (EINVAL);
569 
570 	ASSERT(sr);
571 	ASSERT(sr->tid_tree);
572 
573 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
574 		return (EACCES);
575 
576 	if (SMB_TREE_IS_READONLY(sr))
577 		return (EROFS);
578 	if (SMB_TREE_SUPPORTS_CATIA(sr))
579 		flags |= SMB_CATIA;
580 	if (SMB_TREE_SUPPORTS_ABE(sr))
581 		flags |= SMB_ABE;
582 
583 	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) {
584 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
585 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
586 		kmem_free(longname, MAXNAMELEN);
587 
588 		/*
589 		 * If the name passed in by the client has an unmangled
590 		 * equivalent that is found in the specified directory,
591 		 * then the mkdir cannot succeed.  Return EEXIST.
592 		 *
593 		 * Only if ENOENT is returned will a mkdir be attempted.
594 		 */
595 
596 		if (rc == 0)
597 			rc = EEXIST;
598 
599 		if (rc != ENOENT)
600 			return (rc);
601 	}
602 
603 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
604 		flags = SMB_IGNORE_CASE;
605 
606 #ifdef	_KERNEL
607 	if (op->sd) {
608 		/*
609 		 * SD sent by client in Windows format. Needs to be
610 		 * converted to FS format. No inheritance.
611 		 */
612 		secinfo = smb_sd_get_secinfo(op->sd);
613 		smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR);
614 
615 		status = smb_sd_tofs(op->sd, &fs_sd);
616 		if (status == NT_STATUS_SUCCESS) {
617 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
618 			    name, attr, ret_snode, &fs_sd);
619 		}
620 		else
621 			rc = EINVAL;
622 		smb_fssd_term(&fs_sd);
623 	} else if (sr->tid_tree->t_acltype == ACE_T) {
624 		/*
625 		 * No incoming SD and filesystem is ZFS
626 		 * Server applies Windows inheritance rules,
627 		 * see smb_fsop_sdinherit() comments as to why.
628 		 */
629 		smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR);
630 		rc = smb_fsop_sdinherit(sr, dnode, &fs_sd);
631 		if (rc == 0) {
632 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
633 			    name, attr, ret_snode, &fs_sd);
634 		}
635 
636 		smb_fssd_term(&fs_sd);
637 
638 	} else
639 #endif	/* _KERNEL */
640 	{
641 		rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, flags, cr,
642 		    NULL);
643 
644 		if (rc == 0) {
645 			*ret_snode = smb_node_lookup(sr, op, cr, vp, name,
646 			    dnode, NULL);
647 
648 			if (*ret_snode == NULL)
649 				rc = ENOMEM;
650 
651 			VN_RELE(vp);
652 		}
653 	}
654 
655 	if (rc == 0)
656 		smb_node_notify_change(dnode, FILE_ACTION_ADDED, name);
657 
658 	return (rc);
659 }
660 
661 /*
662  * smb_fsop_remove
663  *
664  * All SMB functions should use this wrapper to ensure that
665  * the the calls are performed with the appropriate credentials.
666  * Please document any direct call to explain the reason
667  * for avoiding this wrapper.
668  *
669  * It is assumed that a reference exists on snode coming into this routine.
670  *
671  * A null smb_request might be passed to this function.
672  *
673  * Note that some stream "types" are "restricted" and only
674  * internal callers (cr == kcred) can remove those.
675  */
676 int
677 smb_fsop_remove(
678     smb_request_t	*sr,
679     cred_t		*cr,
680     smb_node_t		*dnode,
681     char		*name,
682     uint32_t		flags)
683 {
684 	smb_node_t	*fnode;
685 	char		*longname;
686 	char		*fname;
687 	char		*sname;
688 	int		rc;
689 
690 	ASSERT(cr);
691 	/*
692 	 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
693 	 * function is called during the deletion of the node (because of
694 	 * DELETE_ON_CLOSE).
695 	 */
696 	ASSERT(dnode);
697 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
698 
699 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 ||
700 	    SMB_TREE_HAS_ACCESS(sr, ACE_DELETE) == 0)
701 		return (EACCES);
702 
703 	if (SMB_TREE_IS_READONLY(sr))
704 		return (EROFS);
705 
706 	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
707 	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
708 
709 	if (dnode->flags & NODE_XATTR_DIR) {
710 		if (cr != zone_kcred() && smb_strname_restricted(name)) {
711 			rc = EACCES;
712 			goto out;
713 		}
714 
715 		fnode = dnode->n_dnode;
716 		rc = smb_vop_stream_remove(fnode->vp, name, flags, cr);
717 
718 		/* notify change to the unnamed stream */
719 		if ((rc == 0) && fnode->n_dnode) {
720 			smb_node_notify_change(fnode->n_dnode,
721 			    FILE_ACTION_REMOVED_STREAM, fnode->od_name);
722 		}
723 	} else if (smb_is_stream_name(name)) {
724 		smb_stream_parse_name(name, fname, sname);
725 
726 		if (cr != zone_kcred() && smb_strname_restricted(sname)) {
727 			rc = EACCES;
728 			goto out;
729 		}
730 
731 		/*
732 		 * Look up the unnamed stream (i.e. fname).
733 		 * Unmangle processing will be done on fname
734 		 * as well as any link target.
735 		 */
736 
737 		rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
738 		    sr->tid_tree->t_snode, dnode, fname, &fnode);
739 
740 		if (rc != 0) {
741 			goto out;
742 		}
743 
744 		/*
745 		 * XXX
746 		 * Need to find out what permission is required by NTFS
747 		 * to remove a stream.
748 		 */
749 		rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr);
750 
751 		smb_node_release(fnode);
752 
753 		/* notify change to the unnamed stream */
754 		if (rc == 0) {
755 			smb_node_notify_change(dnode,
756 			    FILE_ACTION_REMOVED_STREAM, fname);
757 		}
758 	} else {
759 		rc = smb_vop_remove(dnode->vp, name, flags, cr);
760 
761 		if (rc == ENOENT) {
762 			if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
763 			    !smb_maybe_mangled(name)) {
764 				goto out;
765 			}
766 			longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
767 
768 			if (SMB_TREE_SUPPORTS_ABE(sr))
769 				flags |= SMB_ABE;
770 
771 			rc = smb_unmangle(dnode, name, longname, MAXNAMELEN,
772 			    flags);
773 
774 			if (rc == 0) {
775 				/*
776 				 * longname is the real (case-sensitive)
777 				 * on-disk name.
778 				 * We make sure we do a remove on this exact
779 				 * name, as the name was mangled and denotes
780 				 * a unique file.
781 				 */
782 				flags &= ~SMB_IGNORE_CASE;
783 				rc = smb_vop_remove(dnode->vp, longname,
784 				    flags, cr);
785 			}
786 			kmem_free(longname, MAXNAMELEN);
787 		}
788 		if (rc == 0) {
789 			smb_node_notify_change(dnode,
790 			    FILE_ACTION_REMOVED, name);
791 		}
792 	}
793 
794 out:
795 	kmem_free(fname, MAXNAMELEN);
796 	kmem_free(sname, MAXNAMELEN);
797 
798 	return (rc);
799 }
800 
801 /*
802  * smb_fsop_remove_streams
803  *
804  * This function removes a file's streams without removing the
805  * file itself.
806  *
807  * It is assumed that fnode is not a link.
808  */
809 uint32_t
810 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode)
811 {
812 	int rc, flags = 0;
813 	smb_odir_t *od;
814 	smb_odirent_t *odirent;
815 	uint32_t status;
816 	boolean_t eos;
817 
818 	ASSERT(sr);
819 	ASSERT(cr);
820 	ASSERT(fnode);
821 	ASSERT(fnode->n_magic == SMB_NODE_MAGIC);
822 	ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING);
823 
824 	if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0)
825 		return (NT_STATUS_ACCESS_DENIED);
826 
827 	if (SMB_TREE_IS_READONLY(sr))
828 		return (NT_STATUS_ACCESS_DENIED);
829 
830 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
831 		flags = SMB_IGNORE_CASE;
832 
833 	if (SMB_TREE_SUPPORTS_CATIA(sr))
834 		flags |= SMB_CATIA;
835 
836 	status = smb_odir_openat(sr, fnode, &od);
837 	switch (status) {
838 	case 0:
839 		break;
840 	case NT_STATUS_OBJECT_NAME_NOT_FOUND:
841 	case NT_STATUS_NO_SUCH_FILE:
842 	case NT_STATUS_NOT_SUPPORTED:
843 		/* No streams to remove. */
844 		return (0);
845 	default:
846 		return (status);
847 	}
848 
849 	odirent = kmem_alloc(sizeof (smb_odirent_t), KM_SLEEP);
850 	for (;;) {
851 		rc = smb_odir_read(sr, od, odirent, &eos);
852 		if ((rc != 0) || (eos))
853 			break;
854 		(void) smb_vop_remove(od->d_dnode->vp, odirent->od_name,
855 		    flags, cr);
856 	}
857 	kmem_free(odirent, sizeof (smb_odirent_t));
858 	if (eos && rc == ENOENT)
859 		rc = 0;
860 
861 	smb_odir_close(od);
862 	smb_odir_release(od);
863 	if (rc)
864 		status = smb_errno2status(rc);
865 	return (status);
866 }
867 
868 /*
869  * smb_fsop_rmdir
870  *
871  * All SMB functions should use this wrapper to ensure that
872  * the the calls are performed with the appropriate credentials.
873  * Please document any direct call to explain the reason
874  * for avoiding this wrapper.
875  *
876  * It is assumed that a reference exists on snode coming into this routine.
877  */
878 int
879 smb_fsop_rmdir(
880     smb_request_t	*sr,
881     cred_t		*cr,
882     smb_node_t		*dnode,
883     char		*name,
884     uint32_t		flags)
885 {
886 	int		rc;
887 	char		*longname;
888 
889 	ASSERT(cr);
890 	/*
891 	 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
892 	 * function is called during the deletion of the node (because of
893 	 * DELETE_ON_CLOSE).
894 	 */
895 	ASSERT(dnode);
896 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
897 
898 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 ||
899 	    SMB_TREE_HAS_ACCESS(sr, ACE_DELETE_CHILD) == 0)
900 		return (EACCES);
901 
902 	if (SMB_TREE_IS_READONLY(sr))
903 		return (EROFS);
904 
905 	rc = smb_vop_rmdir(dnode->vp, name, flags, cr);
906 
907 	if (rc == ENOENT) {
908 		if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
909 		    !smb_maybe_mangled(name)) {
910 			return (rc);
911 		}
912 
913 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
914 
915 		if (SMB_TREE_SUPPORTS_ABE(sr))
916 			flags |= SMB_ABE;
917 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
918 
919 		if (rc == 0) {
920 			/*
921 			 * longname is the real (case-sensitive)
922 			 * on-disk name.
923 			 * We make sure we do a rmdir on this exact
924 			 * name, as the name was mangled and denotes
925 			 * a unique directory.
926 			 */
927 			flags &= ~SMB_IGNORE_CASE;
928 			rc = smb_vop_rmdir(dnode->vp, longname, flags, cr);
929 		}
930 
931 		kmem_free(longname, MAXNAMELEN);
932 	}
933 
934 	if (rc == 0)
935 		smb_node_notify_change(dnode, FILE_ACTION_REMOVED, name);
936 
937 	return (rc);
938 }
939 
940 /*
941  * smb_fsop_getattr
942  *
943  * All SMB functions should use this wrapper to ensure that
944  * the the calls are performed with the appropriate credentials.
945  * Please document any direct call to explain the reason
946  * for avoiding this wrapper.
947  *
948  * It is assumed that a reference exists on snode coming into this routine.
949  */
950 int
951 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
952     smb_attr_t *attr)
953 {
954 	smb_node_t *unnamed_node;
955 	vnode_t *unnamed_vp = NULL;
956 	uint32_t status;
957 	uint32_t access = 0;
958 	int flags = 0;
959 	int rc;
960 
961 	ASSERT(cr);
962 	ASSERT(snode);
963 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
964 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
965 
966 	if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0 ||
967 	    SMB_TREE_HAS_ACCESS(sr, ACE_READ_ATTRIBUTES) == 0)
968 		return (EACCES);
969 
970 	/* sr could be NULL in some cases */
971 	if (sr && sr->fid_ofile) {
972 		/* if uid and/or gid is requested */
973 		if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID))
974 			access |= READ_CONTROL;
975 
976 		/* if anything else is also requested */
977 		if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID))
978 			access |= FILE_READ_ATTRIBUTES;
979 
980 		status = smb_ofile_access(sr->fid_ofile, cr, access);
981 		if (status != NT_STATUS_SUCCESS)
982 			return (EACCES);
983 
984 		if (smb_tree_has_feature(sr->tid_tree,
985 		    SMB_TREE_ACEMASKONACCESS))
986 			flags = ATTR_NOACLCHECK;
987 	}
988 
989 	unnamed_node = SMB_IS_STREAM(snode);
990 
991 	if (unnamed_node) {
992 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
993 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
994 		unnamed_vp = unnamed_node->vp;
995 	}
996 
997 	rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr);
998 
999 	if ((rc == 0) && smb_node_is_dfslink(snode)) {
1000 		/* a DFS link should be treated as a directory */
1001 		attr->sa_dosattr |= FILE_ATTRIBUTE_DIRECTORY;
1002 	}
1003 
1004 	return (rc);
1005 }
1006 
1007 /*
1008  * smb_fsop_link
1009  *
1010  * All SMB functions should use this smb_vop_link wrapper to ensure that
1011  * the smb_vop_link is performed with the appropriate credentials.
1012  * Please document any direct call to smb_vop_link to explain the reason
1013  * for avoiding this wrapper.
1014  *
1015  * It is assumed that references exist on from_dnode and to_dnode coming
1016  * into this routine.
1017  */
1018 int
1019 smb_fsop_link(smb_request_t *sr, cred_t *cr, smb_node_t *from_fnode,
1020     smb_node_t *to_dnode, char *to_name)
1021 {
1022 	char	*longname = NULL;
1023 	int	flags = 0;
1024 	int	rc;
1025 
1026 	ASSERT(sr);
1027 	ASSERT(sr->tid_tree);
1028 	ASSERT(cr);
1029 	ASSERT(to_dnode);
1030 	ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC);
1031 	ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1032 	ASSERT(from_fnode);
1033 	ASSERT(from_fnode->n_magic == SMB_NODE_MAGIC);
1034 	ASSERT(from_fnode->n_state != SMB_NODE_STATE_DESTROYING);
1035 
1036 	if (SMB_TREE_CONTAINS_NODE(sr, from_fnode) == 0)
1037 		return (EACCES);
1038 
1039 	if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0)
1040 		return (EACCES);
1041 
1042 	if (SMB_TREE_IS_READONLY(sr))
1043 		return (EROFS);
1044 
1045 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1046 		flags = SMB_IGNORE_CASE;
1047 	if (SMB_TREE_SUPPORTS_CATIA(sr))
1048 		flags |= SMB_CATIA;
1049 	if (SMB_TREE_SUPPORTS_ABE(sr))
1050 		flags |= SMB_ABE;
1051 
1052 	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(to_name)) {
1053 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1054 		rc = smb_unmangle(to_dnode, to_name, longname,
1055 		    MAXNAMELEN, flags);
1056 		kmem_free(longname, MAXNAMELEN);
1057 
1058 		if (rc == 0)
1059 			rc = EEXIST;
1060 		if (rc != ENOENT)
1061 			return (rc);
1062 	}
1063 
1064 	rc = smb_vop_link(to_dnode->vp, from_fnode->vp, to_name, flags, cr);
1065 
1066 	if (rc == 0)
1067 		smb_node_notify_change(to_dnode, FILE_ACTION_ADDED, to_name);
1068 
1069 	return (rc);
1070 }
1071 
1072 /*
1073  * smb_fsop_rename
1074  *
1075  * All SMB functions should use this smb_vop_rename wrapper to ensure that
1076  * the smb_vop_rename is performed with the appropriate credentials.
1077  * Please document any direct call to smb_vop_rename to explain the reason
1078  * for avoiding this wrapper.
1079  *
1080  * It is assumed that references exist on from_dnode and to_dnode coming
1081  * into this routine.
1082  */
1083 int
1084 smb_fsop_rename(
1085     smb_request_t *sr,
1086     cred_t *cr,
1087     smb_node_t *from_dnode,
1088     char *from_name,
1089     smb_node_t *to_dnode,
1090     char *to_name)
1091 {
1092 	smb_node_t *from_snode;
1093 	smb_attr_t from_attr;
1094 	vnode_t *from_vp;
1095 	int flags = 0, ret_flags;
1096 	int rc;
1097 	boolean_t isdir;
1098 
1099 	ASSERT(cr);
1100 	ASSERT(from_dnode);
1101 	ASSERT(from_dnode->n_magic == SMB_NODE_MAGIC);
1102 	ASSERT(from_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1103 
1104 	ASSERT(to_dnode);
1105 	ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC);
1106 	ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1107 
1108 	if (SMB_TREE_CONTAINS_NODE(sr, from_dnode) == 0)
1109 		return (EACCES);
1110 
1111 	if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0)
1112 		return (EACCES);
1113 
1114 	ASSERT(sr);
1115 	ASSERT(sr->tid_tree);
1116 	if (SMB_TREE_IS_READONLY(sr))
1117 		return (EROFS);
1118 
1119 	/*
1120 	 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE
1121 	 * here.
1122 	 *
1123 	 * A case-sensitive rename is always done in this routine
1124 	 * because we are using the on-disk name from an earlier lookup.
1125 	 * If a mangled name was passed in by the caller (denoting a
1126 	 * deterministic lookup), then the exact file must be renamed
1127 	 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or
1128 	 * else the underlying file system might return a "first-match"
1129 	 * on this on-disk name, possibly resulting in the wrong file).
1130 	 */
1131 
1132 	if (SMB_TREE_SUPPORTS_CATIA(sr))
1133 		flags |= SMB_CATIA;
1134 
1135 	/*
1136 	 * XXX: Lock required through smb_node_release() below?
1137 	 */
1138 
1139 	rc = smb_vop_lookup(from_dnode->vp, from_name, &from_vp, NULL,
1140 	    flags, &ret_flags, NULL, &from_attr, cr);
1141 
1142 	if (rc != 0)
1143 		return (rc);
1144 
1145 	if (from_attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) {
1146 		VN_RELE(from_vp);
1147 		return (EACCES);
1148 	}
1149 
1150 	isdir = ((from_attr.sa_dosattr & FILE_ATTRIBUTE_DIRECTORY) != 0);
1151 
1152 	if ((isdir && SMB_TREE_HAS_ACCESS(sr,
1153 	    ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY) !=
1154 	    (ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY)) ||
1155 	    (!isdir && SMB_TREE_HAS_ACCESS(sr, ACE_DELETE | ACE_ADD_FILE) !=
1156 	    (ACE_DELETE | ACE_ADD_FILE))) {
1157 		VN_RELE(from_vp);
1158 		return (EACCES);
1159 	}
1160 
1161 	/*
1162 	 * SMB checks access on open and retains an access granted
1163 	 * mask for use while the file is open.  ACL changes should
1164 	 * not affect access to an open file.
1165 	 *
1166 	 * If the rename is being performed on an ofile:
1167 	 * - Check the ofile's access granted mask to see if the
1168 	 *   rename is permitted - requires DELETE access.
1169 	 * - If the file system does access checking, set the
1170 	 *   ATTR_NOACLCHECK flag to ensure that the file system
1171 	 *   does not check permissions on subsequent calls.
1172 	 */
1173 	if (sr && sr->fid_ofile) {
1174 		rc = smb_ofile_access(sr->fid_ofile, cr, DELETE);
1175 		if (rc != NT_STATUS_SUCCESS) {
1176 			VN_RELE(from_vp);
1177 			return (EACCES);
1178 		}
1179 
1180 		if (smb_tree_has_feature(sr->tid_tree,
1181 		    SMB_TREE_ACEMASKONACCESS))
1182 			flags = ATTR_NOACLCHECK;
1183 	}
1184 
1185 	rc = smb_vop_rename(from_dnode->vp, from_name, to_dnode->vp,
1186 	    to_name, flags, cr);
1187 
1188 	if (rc == 0) {
1189 		from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name,
1190 		    from_dnode, NULL);
1191 
1192 		if (from_snode == NULL) {
1193 			rc = ENOMEM;
1194 		} else {
1195 			smb_node_rename(from_dnode, from_snode,
1196 			    to_dnode, to_name);
1197 			smb_node_release(from_snode);
1198 		}
1199 	}
1200 	VN_RELE(from_vp);
1201 
1202 	if (rc == 0) {
1203 		if (from_dnode == to_dnode) {
1204 			smb_node_notify_change(from_dnode,
1205 			    FILE_ACTION_RENAMED_OLD_NAME, from_name);
1206 			smb_node_notify_change(to_dnode,
1207 			    FILE_ACTION_RENAMED_NEW_NAME, to_name);
1208 		} else {
1209 			smb_node_notify_change(from_dnode,
1210 			    FILE_ACTION_REMOVED, from_name);
1211 			smb_node_notify_change(to_dnode,
1212 			    FILE_ACTION_ADDED, to_name);
1213 		}
1214 	}
1215 
1216 	/* XXX: unlock */
1217 
1218 	return (rc);
1219 }
1220 
1221 /*
1222  * smb_fsop_setattr
1223  *
1224  * All SMB functions should use this wrapper to ensure that
1225  * the the calls are performed with the appropriate credentials.
1226  * Please document any direct call to explain the reason
1227  * for avoiding this wrapper.
1228  *
1229  * It is assumed that a reference exists on snode coming into
1230  * this function.
1231  * A null smb_request might be passed to this function.
1232  */
1233 int
1234 smb_fsop_setattr(
1235     smb_request_t	*sr,
1236     cred_t		*cr,
1237     smb_node_t		*snode,
1238     smb_attr_t		*set_attr)
1239 {
1240 	smb_node_t *unnamed_node;
1241 	vnode_t *unnamed_vp = NULL;
1242 	uint32_t status;
1243 	uint32_t access;
1244 	int rc = 0;
1245 	int flags = 0;
1246 	uint_t sa_mask;
1247 
1248 	ASSERT(cr);
1249 	ASSERT(snode);
1250 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1251 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1252 
1253 	if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0)
1254 		return (EACCES);
1255 
1256 	if (SMB_TREE_IS_READONLY(sr))
1257 		return (EROFS);
1258 
1259 	if (SMB_TREE_HAS_ACCESS(sr,
1260 	    ACE_WRITE_ATTRIBUTES | ACE_WRITE_NAMED_ATTRS) == 0)
1261 		return (EACCES);
1262 
1263 	/*
1264 	 * SMB checks access on open and retains an access granted
1265 	 * mask for use while the file is open.  ACL changes should
1266 	 * not affect access to an open file.
1267 	 *
1268 	 * If the setattr is being performed on an ofile:
1269 	 * - Check the ofile's access granted mask to see if the
1270 	 *   setattr is permitted.
1271 	 *   UID, GID - require WRITE_OWNER
1272 	 *   SIZE, ALLOCSZ - require FILE_WRITE_DATA
1273 	 *   all other attributes require FILE_WRITE_ATTRIBUTES
1274 	 *
1275 	 * - If the file system does access checking, set the
1276 	 *   ATTR_NOACLCHECK flag to ensure that the file system
1277 	 *   does not check permissions on subsequent calls.
1278 	 */
1279 	if (sr && sr->fid_ofile) {
1280 		sa_mask = set_attr->sa_mask;
1281 		access = 0;
1282 
1283 		if (sa_mask & (SMB_AT_SIZE | SMB_AT_ALLOCSZ)) {
1284 			access |= FILE_WRITE_DATA;
1285 			sa_mask &= ~(SMB_AT_SIZE | SMB_AT_ALLOCSZ);
1286 		}
1287 
1288 		if (sa_mask & (SMB_AT_UID|SMB_AT_GID)) {
1289 			access |= WRITE_OWNER;
1290 			sa_mask &= ~(SMB_AT_UID|SMB_AT_GID);
1291 		}
1292 
1293 		if (sa_mask)
1294 			access |= FILE_WRITE_ATTRIBUTES;
1295 
1296 		status = smb_ofile_access(sr->fid_ofile, cr, access);
1297 		if (status != NT_STATUS_SUCCESS)
1298 			return (EACCES);
1299 
1300 		if (smb_tree_has_feature(sr->tid_tree,
1301 		    SMB_TREE_ACEMASKONACCESS))
1302 			flags = ATTR_NOACLCHECK;
1303 	}
1304 
1305 	unnamed_node = SMB_IS_STREAM(snode);
1306 
1307 	if (unnamed_node) {
1308 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1309 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1310 		unnamed_vp = unnamed_node->vp;
1311 	}
1312 
1313 	rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr);
1314 	return (rc);
1315 }
1316 
1317 /*
1318  * Support for SMB2 setinfo FileValidDataLengthInformation.
1319  * Free (zero out) data in the range off, off+len
1320  */
1321 int
1322 smb_fsop_freesp(
1323     smb_request_t	*sr,
1324     cred_t		*cr,
1325     smb_ofile_t		*ofile,
1326     off64_t		off,
1327     off64_t		len)
1328 {
1329 	flock64_t flk;
1330 	smb_node_t *node = ofile->f_node;
1331 	uint32_t status;
1332 	uint32_t access = FILE_WRITE_DATA;
1333 	int rc;
1334 
1335 	ASSERT(cr);
1336 	ASSERT(node);
1337 	ASSERT(node->n_magic == SMB_NODE_MAGIC);
1338 	ASSERT(node->n_state != SMB_NODE_STATE_DESTROYING);
1339 
1340 	if (SMB_TREE_CONTAINS_NODE(sr, node) == 0)
1341 		return (EACCES);
1342 
1343 	if (SMB_TREE_IS_READONLY(sr))
1344 		return (EROFS);
1345 
1346 	if (SMB_TREE_HAS_ACCESS(sr, access) == 0)
1347 		return (EACCES);
1348 
1349 	/*
1350 	 * SMB checks access on open and retains an access granted
1351 	 * mask for use while the file is open.  ACL changes should
1352 	 * not affect access to an open file.
1353 	 *
1354 	 * If the setattr is being performed on an ofile:
1355 	 * - Check the ofile's access granted mask to see if this
1356 	 *   modification should be permitted (FILE_WRITE_DATA)
1357 	 */
1358 	status = smb_ofile_access(sr->fid_ofile, cr, access);
1359 	if (status != NT_STATUS_SUCCESS)
1360 		return (EACCES);
1361 
1362 	bzero(&flk, sizeof (flk));
1363 	flk.l_start = off;
1364 	flk.l_len = len;
1365 
1366 	rc = smb_vop_space(node->vp, F_FREESP, &flk, FWRITE, 0LL, cr);
1367 	return (rc);
1368 }
1369 
1370 /*
1371  * smb_fsop_read
1372  *
1373  * All SMB functions should use this wrapper to ensure that
1374  * the the calls are performed with the appropriate credentials.
1375  * Please document any direct call to explain the reason
1376  * for avoiding this wrapper.
1377  *
1378  * It is assumed that a reference exists on snode coming into this routine.
1379  * Note that ofile may be different from sr->fid_ofile, or may be NULL.
1380  */
1381 int
1382 smb_fsop_read(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1383     smb_ofile_t *ofile, uio_t *uio, int ioflag)
1384 {
1385 	caller_context_t ct;
1386 	cred_t *kcr = zone_kcred();
1387 	uint32_t amask;
1388 	int svmand;
1389 	int rc;
1390 
1391 	ASSERT(cr);
1392 	ASSERT(snode);
1393 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1394 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1395 
1396 	ASSERT(sr);
1397 
1398 	if (ofile != NULL) {
1399 		/*
1400 		 * Check tree access.  Not SMB_TREE_HAS_ACCESS
1401 		 * because we need to use ofile->f_tree
1402 		 */
1403 		if ((ofile->f_tree->t_access & ACE_READ_DATA) == 0)
1404 			return (EACCES);
1405 
1406 		/*
1407 		 * Check ofile access.  Use in-line smb_ofile_access
1408 		 * so we can check both amask bits at the same time.
1409 		 * If any bit in amask is granted, allow this read.
1410 		 */
1411 		amask = FILE_READ_DATA;
1412 		if (sr->smb_flg2 & SMB_FLAGS2_READ_IF_EXECUTE)
1413 			amask |= FILE_EXECUTE;
1414 		if (cr != kcr && (ofile->f_granted_access & amask) == 0)
1415 			return (EACCES);
1416 	}
1417 
1418 	/*
1419 	 * Streams permission are checked against the unnamed stream,
1420 	 * but in FS level they have their own permissions. To avoid
1421 	 * rejection by FS due to lack of permission on the actual
1422 	 * extended attr kcred is passed for streams.
1423 	 */
1424 	if (SMB_IS_STREAM(snode))
1425 		cr = kcr;
1426 
1427 	smb_node_start_crit(snode, RW_READER);
1428 	rc = nbl_svmand(snode->vp, kcr, &svmand);
1429 	if (rc) {
1430 		smb_node_end_crit(snode);
1431 		return (rc);
1432 	}
1433 
1434 	/*
1435 	 * Note: SMB allows a zero-byte read, which should not
1436 	 * conflict with any locks.  However nbl_lock_conflict
1437 	 * takes a zero-byte length as lock to EOF, so we must
1438 	 * special case that here.
1439 	 */
1440 	if (uio->uio_resid > 0) {
1441 		ct = smb_ct;
1442 		if (ofile != NULL)
1443 			ct.cc_pid = ofile->f_uniqid;
1444 		rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset,
1445 		    uio->uio_resid, svmand, &ct);
1446 		if (rc != 0) {
1447 			smb_node_end_crit(snode);
1448 			return (ERANGE);
1449 		}
1450 	}
1451 
1452 	rc = smb_vop_read(snode->vp, uio, ioflag, cr);
1453 	smb_node_end_crit(snode);
1454 
1455 	return (rc);
1456 }
1457 
1458 /*
1459  * smb_fsop_write
1460  *
1461  * It is assumed that a reference exists on snode coming into this routine.
1462  * Note that ofile may be different from sr->fid_ofile, or may be NULL.
1463  */
1464 int
1465 smb_fsop_write(
1466     smb_request_t *sr,
1467     cred_t *cr,
1468     smb_node_t *snode,
1469     smb_ofile_t *ofile,
1470     uio_t *uio,
1471     uint32_t *lcount,
1472     int ioflag)
1473 {
1474 	caller_context_t ct;
1475 	smb_attr_t attr;
1476 	cred_t *kcr = zone_kcred();
1477 	smb_node_t *u_node;
1478 	vnode_t *u_vp = NULL;
1479 	vnode_t *vp;
1480 	uint32_t amask;
1481 	int svmand;
1482 	int rc;
1483 
1484 	ASSERT(cr);
1485 	ASSERT(snode);
1486 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1487 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1488 
1489 	ASSERT(sr);
1490 	vp = snode->vp;
1491 
1492 	if (ofile != NULL) {
1493 		amask = FILE_WRITE_DATA | FILE_APPEND_DATA;
1494 
1495 		/* Check tree access. */
1496 		if ((ofile->f_tree->t_access & amask) == 0)
1497 			return (EROFS);
1498 
1499 		/*
1500 		 * Check ofile access.  Use in-line smb_ofile_access
1501 		 * so we can check both amask bits at the same time.
1502 		 * If any bit in amask is granted, allow this write.
1503 		 */
1504 		if (cr != kcr && (ofile->f_granted_access & amask) == 0)
1505 			return (EACCES);
1506 	}
1507 
1508 	/*
1509 	 * Streams permission are checked against the unnamed stream,
1510 	 * but in FS level they have their own permissions. To avoid
1511 	 * rejection by FS due to lack of permission on the actual
1512 	 * extended attr kcred is passed for streams.
1513 	 */
1514 	u_node = SMB_IS_STREAM(snode);
1515 	if (u_node != NULL) {
1516 		ASSERT(u_node->n_magic == SMB_NODE_MAGIC);
1517 		ASSERT(u_node->n_state != SMB_NODE_STATE_DESTROYING);
1518 		u_vp = u_node->vp;
1519 		cr = kcr;
1520 	}
1521 
1522 	smb_node_start_crit(snode, RW_WRITER);
1523 	rc = nbl_svmand(vp, kcr, &svmand);
1524 	if (rc) {
1525 		smb_node_end_crit(snode);
1526 		return (rc);
1527 	}
1528 
1529 	/*
1530 	 * Note: SMB allows a zero-byte write, which should not
1531 	 * conflict with any locks.  However nbl_lock_conflict
1532 	 * takes a zero-byte length as lock to EOF, so we must
1533 	 * special case that here.
1534 	 */
1535 	if (uio->uio_resid > 0) {
1536 		ct = smb_ct;
1537 		if (ofile != NULL)
1538 			ct.cc_pid = ofile->f_uniqid;
1539 		rc = nbl_lock_conflict(vp, NBL_WRITE, uio->uio_loffset,
1540 		    uio->uio_resid, svmand, &ct);
1541 		if (rc != 0) {
1542 			smb_node_end_crit(snode);
1543 			return (ERANGE);
1544 		}
1545 	}
1546 
1547 	rc = smb_vop_write(vp, uio, ioflag, lcount, cr);
1548 
1549 	/*
1550 	 * Once the mtime has been set via this ofile, the
1551 	 * automatic mtime changes from writes via this ofile
1552 	 * should cease, preserving the mtime that was set.
1553 	 * See: [MS-FSA] 2.1.5.14 and smb_node_setattr.
1554 	 *
1555 	 * The VFS interface does not offer a way to ask it to
1556 	 * skip the mtime updates, so we simulate the desired
1557 	 * behavior by re-setting the mtime after writes on a
1558 	 * handle where the mtime has been set.
1559 	 */
1560 	if (ofile != NULL &&
1561 	    (ofile->f_pending_attr.sa_mask & SMB_AT_MTIME) != 0) {
1562 		bcopy(&ofile->f_pending_attr, &attr, sizeof (attr));
1563 		attr.sa_mask = SMB_AT_MTIME;
1564 		(void) smb_vop_setattr(vp, u_vp, &attr, 0, kcr);
1565 	}
1566 
1567 	smb_node_end_crit(snode);
1568 
1569 	return (rc);
1570 }
1571 
1572 /*
1573  * Find the next allocated range starting at or after
1574  * the offset (*datap), returning the start/end of
1575  * that range in (*datap, *holep)
1576  */
1577 int
1578 smb_fsop_next_alloc_range(
1579     cred_t *cr,
1580     smb_node_t *node,
1581     off64_t *datap,
1582     off64_t *holep)
1583 {
1584 	int err;
1585 
1586 	err = smb_vop_ioctl(node->vp, _FIO_SEEK_DATA, datap, cr);
1587 	if (err != 0)
1588 		return (err);
1589 
1590 	*holep = *datap;
1591 	err = smb_vop_ioctl(node->vp, _FIO_SEEK_HOLE, holep, cr);
1592 
1593 	return (err);
1594 }
1595 
1596 /*
1597  * smb_fsop_statfs
1598  *
1599  * This is a wrapper function used for stat operations.
1600  */
1601 int
1602 smb_fsop_statfs(
1603     cred_t *cr,
1604     smb_node_t *snode,
1605     struct statvfs64 *statp)
1606 {
1607 	ASSERT(cr);
1608 	ASSERT(snode);
1609 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1610 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1611 
1612 	return (smb_vop_statfs(snode->vp, statp, cr));
1613 }
1614 
1615 /*
1616  * smb_fsop_access
1617  *
1618  * Named streams do not have separate permissions from the associated
1619  * unnamed stream.  Thus, if node is a named stream, the permissions
1620  * check will be performed on the associated unnamed stream.
1621  *
1622  * However, our named streams do have their own quarantine attribute,
1623  * separate from that on the unnamed stream. If READ or EXECUTE
1624  * access has been requested on a named stream, an additional access
1625  * check is performed on the named stream in case it has been
1626  * quarantined.  kcred is used to avoid issues with the permissions
1627  * set on the extended attribute file representing the named stream.
1628  *
1629  * Note that some stream "types" are "restricted" and only
1630  * internal callers (cr == kcred) can access those.
1631  */
1632 int
1633 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1634     uint32_t faccess)
1635 {
1636 	int access = 0;
1637 	int error;
1638 	vnode_t *dir_vp;
1639 	boolean_t acl_check = B_TRUE;
1640 	smb_node_t *unnamed_node;
1641 
1642 	ASSERT(sr);
1643 	ASSERT(cr);
1644 	ASSERT(snode);
1645 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1646 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1647 
1648 	if (SMB_TREE_IS_READONLY(sr)) {
1649 		if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA|
1650 		    FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES|
1651 		    DELETE|WRITE_DAC|WRITE_OWNER)) {
1652 			return (NT_STATUS_ACCESS_DENIED);
1653 		}
1654 	}
1655 
1656 	if (smb_node_is_reparse(snode) && (faccess & DELETE))
1657 		return (NT_STATUS_ACCESS_DENIED);
1658 
1659 	unnamed_node = SMB_IS_STREAM(snode);
1660 	if (unnamed_node) {
1661 		cred_t *kcr = zone_kcred();
1662 
1663 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1664 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1665 
1666 		if (cr != kcr && smb_strname_restricted(snode->od_name))
1667 			return (NT_STATUS_ACCESS_DENIED);
1668 
1669 		/*
1670 		 * Perform VREAD access check on the named stream in case it
1671 		 * is quarantined. kcred is passed to smb_vop_access so it
1672 		 * doesn't fail due to lack of permission.
1673 		 */
1674 		if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) {
1675 			error = smb_vop_access(snode->vp, VREAD,
1676 			    0, NULL, kcr);
1677 			if (error)
1678 				return (NT_STATUS_ACCESS_DENIED);
1679 		}
1680 
1681 		/*
1682 		 * Streams authorization should be performed against the
1683 		 * unnamed stream.
1684 		 */
1685 		snode = unnamed_node;
1686 	}
1687 
1688 	if (faccess & ACCESS_SYSTEM_SECURITY) {
1689 		/*
1690 		 * This permission is required for reading/writing SACL and
1691 		 * it's not part of DACL. It's only granted via proper
1692 		 * privileges.
1693 		 */
1694 		if ((sr->uid_user->u_privileges &
1695 		    (SMB_USER_PRIV_BACKUP |
1696 		    SMB_USER_PRIV_RESTORE |
1697 		    SMB_USER_PRIV_SECURITY)) == 0)
1698 			return (NT_STATUS_PRIVILEGE_NOT_HELD);
1699 
1700 		faccess &= ~ACCESS_SYSTEM_SECURITY;
1701 	}
1702 
1703 	/* Links don't have ACL */
1704 	if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) ||
1705 	    smb_node_is_symlink(snode))
1706 		acl_check = B_FALSE;
1707 
1708 	/* Deny access based on the share access mask */
1709 
1710 	if ((faccess & ~sr->tid_tree->t_access) != 0)
1711 		return (NT_STATUS_ACCESS_DENIED);
1712 
1713 	if (acl_check) {
1714 		dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL;
1715 		error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp,
1716 		    cr);
1717 	} else {
1718 		/*
1719 		 * FS doesn't understand 32-bit mask, need to map
1720 		 */
1721 		if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA))
1722 			access |= VWRITE;
1723 
1724 		if (faccess & FILE_READ_DATA)
1725 			access |= VREAD;
1726 
1727 		if (faccess & FILE_EXECUTE)
1728 			access |= VEXEC;
1729 
1730 		error = smb_vop_access(snode->vp, access, 0, NULL, cr);
1731 	}
1732 
1733 	return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS);
1734 }
1735 
1736 /*
1737  * smb_fsop_lookup_name()
1738  *
1739  * If name indicates that the file is a stream file, perform
1740  * stream specific lookup, otherwise call smb_fsop_lookup.
1741  *
1742  * Return an error if the looked-up file is in outside the tree.
1743  * (Required when invoked from open path.)
1744  *
1745  * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1746  * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1747  * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1748  * flag is set in the flags value passed as a parameter, a case insensitive
1749  * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1750  * or not).
1751  */
1752 
1753 int
1754 smb_fsop_lookup_name(
1755     smb_request_t *sr,
1756     cred_t	*cr,
1757     int		flags,
1758     smb_node_t	*root_node,
1759     smb_node_t	*dnode,
1760     char	*name,
1761     smb_node_t	**ret_snode)
1762 {
1763 	smb_node_t	*fnode;
1764 	vnode_t		*xattrdirvp;
1765 	vnode_t		*vp;
1766 	char		*od_name;
1767 	char		*fname;
1768 	char		*sname;
1769 	int		rc;
1770 
1771 	ASSERT(cr);
1772 	ASSERT(dnode);
1773 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
1774 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
1775 
1776 	/*
1777 	 * The following check is required for streams processing, below
1778 	 */
1779 
1780 	if (!(flags & SMB_CASE_SENSITIVE)) {
1781 		if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1782 			flags |= SMB_IGNORE_CASE;
1783 	}
1784 
1785 	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1786 	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1787 
1788 	if (smb_is_stream_name(name)) {
1789 		smb_stream_parse_name(name, fname, sname);
1790 
1791 		/*
1792 		 * Look up the unnamed stream (i.e. fname).
1793 		 * Unmangle processing will be done on fname
1794 		 * as well as any link target.
1795 		 */
1796 		rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode,
1797 		    fname, &fnode);
1798 
1799 		if (rc != 0) {
1800 			kmem_free(fname, MAXNAMELEN);
1801 			kmem_free(sname, MAXNAMELEN);
1802 			return (rc);
1803 		}
1804 
1805 		od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1806 
1807 		/*
1808 		 * od_name is the on-disk name of the stream, except
1809 		 * without the prepended stream prefix (SMB_STREAM_PREFIX)
1810 		 */
1811 
1812 		/*
1813 		 * XXX
1814 		 * What permissions NTFS requires for stream lookup if any?
1815 		 */
1816 		rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name,
1817 		    &xattrdirvp, flags, root_node->vp, cr);
1818 
1819 		if (rc != 0) {
1820 			smb_node_release(fnode);
1821 			kmem_free(fname, MAXNAMELEN);
1822 			kmem_free(sname, MAXNAMELEN);
1823 			kmem_free(od_name, MAXNAMELEN);
1824 			return (rc);
1825 		}
1826 
1827 		*ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp,
1828 		    vp, od_name);
1829 
1830 		kmem_free(od_name, MAXNAMELEN);
1831 		smb_node_release(fnode);
1832 		VN_RELE(xattrdirvp);
1833 		VN_RELE(vp);
1834 
1835 		if (*ret_snode == NULL) {
1836 			kmem_free(fname, MAXNAMELEN);
1837 			kmem_free(sname, MAXNAMELEN);
1838 			return (ENOMEM);
1839 		}
1840 	} else {
1841 		rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, name,
1842 		    ret_snode);
1843 	}
1844 
1845 	if (rc == 0) {
1846 		ASSERT(ret_snode);
1847 		if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) {
1848 			smb_node_release(*ret_snode);
1849 			*ret_snode = NULL;
1850 			rc = EACCES;
1851 		}
1852 	}
1853 
1854 	kmem_free(fname, MAXNAMELEN);
1855 	kmem_free(sname, MAXNAMELEN);
1856 
1857 	return (rc);
1858 }
1859 
1860 /*
1861  * smb_fsop_lookup
1862  *
1863  * All SMB functions should use this smb_vop_lookup wrapper to ensure that
1864  * the smb_vop_lookup is performed with the appropriate credentials and using
1865  * case insensitive compares. Please document any direct call to smb_vop_lookup
1866  * to explain the reason for avoiding this wrapper.
1867  *
1868  * It is assumed that a reference exists on dnode coming into this routine
1869  * (and that it is safe from deallocation).
1870  *
1871  * Same with the root_node.
1872  *
1873  * *ret_snode is returned with a reference upon success.  No reference is
1874  * taken if an error is returned.
1875  *
1876  * Note: The returned ret_snode may be in a child mount.  This is ok for
1877  * readdir.
1878  *
1879  * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent
1880  * operations on files not in the parent mount.
1881  *
1882  * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1883  * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1884  * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1885  * flag is set in the flags value passed as a parameter, a case insensitive
1886  * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1887  * or not).
1888  */
1889 int
1890 smb_fsop_lookup(
1891     smb_request_t *sr,
1892     cred_t	*cr,
1893     int		flags,
1894     smb_node_t	*root_node,
1895     smb_node_t	*dnode,
1896     char	*name,
1897     smb_node_t	**ret_snode)
1898 {
1899 	smb_node_t *lnk_target_node;
1900 	smb_node_t *lnk_dnode;
1901 	char *longname;
1902 	char *od_name;
1903 	vnode_t *vp;
1904 	int rc;
1905 	int ret_flags;
1906 	smb_attr_t attr;
1907 
1908 	ASSERT(cr);
1909 	ASSERT(dnode);
1910 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
1911 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
1912 
1913 	if (name == NULL)
1914 		return (EINVAL);
1915 
1916 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
1917 		return (EACCES);
1918 
1919 	if (!(flags & SMB_CASE_SENSITIVE)) {
1920 		if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1921 			flags |= SMB_IGNORE_CASE;
1922 	}
1923 	if (SMB_TREE_SUPPORTS_CATIA(sr))
1924 		flags |= SMB_CATIA;
1925 	if (SMB_TREE_SUPPORTS_ABE(sr))
1926 		flags |= SMB_ABE;
1927 
1928 	/*
1929 	 * Can have "" or "." when opening named streams on a directory.
1930 	 */
1931 	if (name[0] == '\0' || (name[0] == '.' && name[1] == '\0')) {
1932 		smb_node_ref(dnode);
1933 		*ret_snode = dnode;
1934 		return (0);
1935 	}
1936 
1937 	od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1938 
1939 	rc = smb_vop_lookup(dnode->vp, name, &vp, od_name, flags,
1940 	    &ret_flags, root_node ? root_node->vp : NULL, &attr, cr);
1941 
1942 	if (rc != 0) {
1943 		if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
1944 		    !smb_maybe_mangled(name)) {
1945 			kmem_free(od_name, MAXNAMELEN);
1946 			return (rc);
1947 		}
1948 
1949 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1950 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
1951 		if (rc != 0) {
1952 			kmem_free(od_name, MAXNAMELEN);
1953 			kmem_free(longname, MAXNAMELEN);
1954 			return (rc);
1955 		}
1956 
1957 		/*
1958 		 * longname is the real (case-sensitive)
1959 		 * on-disk name.
1960 		 * We make sure we do a lookup on this exact
1961 		 * name, as the name was mangled and denotes
1962 		 * a unique file.
1963 		 */
1964 
1965 		if (flags & SMB_IGNORE_CASE)
1966 			flags &= ~SMB_IGNORE_CASE;
1967 
1968 		rc = smb_vop_lookup(dnode->vp, longname, &vp, od_name,
1969 		    flags, &ret_flags, root_node ? root_node->vp : NULL, &attr,
1970 		    cr);
1971 
1972 		kmem_free(longname, MAXNAMELEN);
1973 
1974 		if (rc != 0) {
1975 			kmem_free(od_name, MAXNAMELEN);
1976 			return (rc);
1977 		}
1978 	}
1979 
1980 	if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK) &&
1981 	    ((attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) == 0)) {
1982 		rc = smb_pathname(sr, od_name, FOLLOW, root_node, dnode,
1983 		    &lnk_dnode, &lnk_target_node, cr, NULL);
1984 
1985 		if (rc != 0) {
1986 			/*
1987 			 * The link is assumed to be for the last component
1988 			 * of a path.  Hence any ENOTDIR error will be returned
1989 			 * as ENOENT.
1990 			 */
1991 			if (rc == ENOTDIR)
1992 				rc = ENOENT;
1993 
1994 			VN_RELE(vp);
1995 			kmem_free(od_name, MAXNAMELEN);
1996 			return (rc);
1997 		}
1998 
1999 		/*
2000 		 * Release the original VLNK vnode
2001 		 */
2002 
2003 		VN_RELE(vp);
2004 		vp = lnk_target_node->vp;
2005 
2006 		rc = smb_vop_traverse_check(&vp);
2007 
2008 		if (rc != 0) {
2009 			smb_node_release(lnk_dnode);
2010 			smb_node_release(lnk_target_node);
2011 			kmem_free(od_name, MAXNAMELEN);
2012 			return (rc);
2013 		}
2014 
2015 		/*
2016 		 * smb_vop_traverse_check() may have returned a different vnode
2017 		 */
2018 
2019 		if (lnk_target_node->vp == vp) {
2020 			*ret_snode = lnk_target_node;
2021 		} else {
2022 			*ret_snode = smb_node_lookup(sr, NULL, cr, vp,
2023 			    lnk_target_node->od_name, lnk_dnode, NULL);
2024 			VN_RELE(vp);
2025 
2026 			if (*ret_snode == NULL)
2027 				rc = ENOMEM;
2028 			smb_node_release(lnk_target_node);
2029 		}
2030 
2031 		smb_node_release(lnk_dnode);
2032 
2033 	} else {
2034 
2035 		rc = smb_vop_traverse_check(&vp);
2036 		if (rc) {
2037 			VN_RELE(vp);
2038 			kmem_free(od_name, MAXNAMELEN);
2039 			return (rc);
2040 		}
2041 
2042 		*ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name,
2043 		    dnode, NULL);
2044 		VN_RELE(vp);
2045 
2046 		if (*ret_snode == NULL)
2047 			rc = ENOMEM;
2048 	}
2049 
2050 	kmem_free(od_name, MAXNAMELEN);
2051 	return (rc);
2052 }
2053 
2054 int /*ARGSUSED*/
2055 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode)
2056 {
2057 	ASSERT(cr);
2058 	ASSERT(snode);
2059 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
2060 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
2061 
2062 	ASSERT(sr);
2063 	ASSERT(sr->tid_tree);
2064 	if (SMB_TREE_IS_READONLY(sr))
2065 		return (EROFS);
2066 
2067 	return (smb_vop_commit(snode->vp, cr));
2068 }
2069 
2070 /*
2071  * smb_fsop_aclread
2072  *
2073  * Retrieve filesystem ACL. Depends on requested ACLs in
2074  * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in
2075  * fs_sd. Note that requesting a DACL/SACL doesn't mean that
2076  * the corresponding field in fs_sd should be non-NULL upon
2077  * return, since the target ACL might not contain that type of
2078  * entries.
2079  *
2080  * Returned ACL is always in ACE_T (aka ZFS) format.
2081  * If successful the allocated memory for the ACL should be freed
2082  * using smb_fsacl_free() or smb_fssd_term()
2083  */
2084 int
2085 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2086     smb_fssd_t *fs_sd)
2087 {
2088 	int error = 0;
2089 	int flags = 0;
2090 	int access = 0;
2091 	acl_t *acl;
2092 
2093 	ASSERT(cr);
2094 
2095 	/* Can't query security on named streams */
2096 	if (SMB_IS_STREAM(snode) != NULL)
2097 		return (EINVAL);
2098 
2099 	if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_ACL) == 0)
2100 		return (EACCES);
2101 
2102 	if (sr->fid_ofile) {
2103 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2104 			access = READ_CONTROL;
2105 
2106 		if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2107 			access |= ACCESS_SYSTEM_SECURITY;
2108 
2109 		error = smb_ofile_access(sr->fid_ofile, cr, access);
2110 		if (error != NT_STATUS_SUCCESS) {
2111 			return (EACCES);
2112 		}
2113 	}
2114 
2115 
2116 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS))
2117 		flags = ATTR_NOACLCHECK;
2118 
2119 	error = smb_vop_acl_read(snode->vp, &acl, flags,
2120 	    sr->tid_tree->t_acltype, cr);
2121 	if (error != 0) {
2122 		return (error);
2123 	}
2124 
2125 	error = acl_translate(acl, _ACL_ACE_ENABLED,
2126 	    smb_node_is_dir(snode), fs_sd->sd_uid, fs_sd->sd_gid);
2127 
2128 	if (error == 0) {
2129 		smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl,
2130 		    fs_sd->sd_secinfo);
2131 	}
2132 
2133 	acl_free(acl);
2134 	return (error);
2135 }
2136 
2137 /*
2138  * smb_fsop_aclwrite
2139  *
2140  * Stores the filesystem ACL provided in fs_sd->sd_acl.
2141  */
2142 int
2143 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2144     smb_fssd_t *fs_sd)
2145 {
2146 	int target_flavor;
2147 	int error = 0;
2148 	int flags = 0;
2149 	int access = 0;
2150 	acl_t *acl, *dacl, *sacl;
2151 
2152 	ASSERT(cr);
2153 
2154 	ASSERT(sr);
2155 	ASSERT(sr->tid_tree);
2156 	if (SMB_TREE_IS_READONLY(sr))
2157 		return (EROFS);
2158 
2159 	/* Can't set security on named streams */
2160 	if (SMB_IS_STREAM(snode) != NULL)
2161 		return (EINVAL);
2162 
2163 	if (SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_ACL) == 0)
2164 		return (EACCES);
2165 
2166 	if (sr->fid_ofile) {
2167 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2168 			access = WRITE_DAC;
2169 
2170 		if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2171 			access |= ACCESS_SYSTEM_SECURITY;
2172 
2173 		error = smb_ofile_access(sr->fid_ofile, cr, access);
2174 		if (error != NT_STATUS_SUCCESS)
2175 			return (EACCES);
2176 	}
2177 
2178 	switch (sr->tid_tree->t_acltype) {
2179 	case ACLENT_T:
2180 		target_flavor = _ACL_ACLENT_ENABLED;
2181 		break;
2182 
2183 	case ACE_T:
2184 		target_flavor = _ACL_ACE_ENABLED;
2185 		break;
2186 	default:
2187 		return (EINVAL);
2188 	}
2189 
2190 	dacl = fs_sd->sd_zdacl;
2191 	sacl = fs_sd->sd_zsacl;
2192 
2193 	ASSERT(dacl || sacl);
2194 	if ((dacl == NULL) && (sacl == NULL))
2195 		return (EINVAL);
2196 
2197 	if (dacl && sacl)
2198 		acl = smb_fsacl_merge(dacl, sacl);
2199 	else if (dacl)
2200 		acl = dacl;
2201 	else
2202 		acl = sacl;
2203 
2204 	error = acl_translate(acl, target_flavor, smb_node_is_dir(snode),
2205 	    fs_sd->sd_uid, fs_sd->sd_gid);
2206 	if (error == 0) {
2207 		if (smb_tree_has_feature(sr->tid_tree,
2208 		    SMB_TREE_ACEMASKONACCESS))
2209 			flags = ATTR_NOACLCHECK;
2210 
2211 		error = smb_vop_acl_write(snode->vp, acl, flags, cr);
2212 	}
2213 
2214 	if (dacl && sacl)
2215 		acl_free(acl);
2216 
2217 	return (error);
2218 }
2219 
2220 acl_type_t
2221 smb_fsop_acltype(smb_node_t *snode)
2222 {
2223 	return (smb_vop_acl_type(snode->vp));
2224 }
2225 
2226 /*
2227  * smb_fsop_sdread
2228  *
2229  * Read the requested security descriptor items from filesystem.
2230  * The items are specified in fs_sd->sd_secinfo.
2231  */
2232 int
2233 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2234     smb_fssd_t *fs_sd)
2235 {
2236 	int error = 0;
2237 	int getowner = 0;
2238 	cred_t *ga_cred;
2239 	smb_attr_t attr;
2240 
2241 	ASSERT(cr);
2242 	ASSERT(fs_sd);
2243 
2244 	/* Can't query security on named streams */
2245 	if (SMB_IS_STREAM(snode) != NULL)
2246 		return (EINVAL);
2247 
2248 	/*
2249 	 * File's uid/gid is fetched in two cases:
2250 	 *
2251 	 * 1. it's explicitly requested
2252 	 *
2253 	 * 2. target ACL is ACE_T (ZFS ACL). They're needed for
2254 	 *    owner@/group@ entries. In this case kcred should be used
2255 	 *    because uid/gid are fetched on behalf of smb server.
2256 	 */
2257 	if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) {
2258 		getowner = 1;
2259 		ga_cred = cr;
2260 	} else if (sr->tid_tree->t_acltype == ACE_T) {
2261 		getowner = 1;
2262 		ga_cred = zone_kcred();
2263 	}
2264 
2265 	if (getowner) {
2266 		/*
2267 		 * Windows require READ_CONTROL to read owner/group SID since
2268 		 * they're part of Security Descriptor.
2269 		 * ZFS only requires read_attribute. Need to have a explicit
2270 		 * access check here.
2271 		 */
2272 		if (sr->fid_ofile == NULL) {
2273 			error = smb_fsop_access(sr, ga_cred, snode,
2274 			    READ_CONTROL);
2275 			if (error)
2276 				return (EACCES);
2277 		}
2278 
2279 		attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2280 		error = smb_fsop_getattr(sr, ga_cred, snode, &attr);
2281 		if (error == 0) {
2282 			fs_sd->sd_uid = attr.sa_vattr.va_uid;
2283 			fs_sd->sd_gid = attr.sa_vattr.va_gid;
2284 		} else {
2285 			return (error);
2286 		}
2287 	}
2288 
2289 	if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2290 		error = smb_fsop_aclread(sr, cr, snode, fs_sd);
2291 	}
2292 
2293 	return (error);
2294 }
2295 
2296 /*
2297  * smb_fsop_sdmerge
2298  *
2299  * From SMB point of view DACL and SACL are two separate list
2300  * which can be manipulated independently without one affecting
2301  * the other, but entries for both DACL and SACL will end up
2302  * in the same ACL if target filesystem supports ACE_T ACLs.
2303  *
2304  * So, if either DACL or SACL is present in the client set request
2305  * the entries corresponding to the non-present ACL shouldn't
2306  * be touched in the FS ACL.
2307  *
2308  * fs_sd parameter contains DACL and SACL specified by SMB
2309  * client to be set on a file/directory. The client could
2310  * specify both or one of these ACLs (if none is specified
2311  * we don't get this far). When both DACL and SACL are given
2312  * by client the existing ACL should be overwritten. If only
2313  * one of them is specified the entries corresponding to the other
2314  * ACL should not be touched. For example, if only DACL
2315  * is specified in input fs_sd, the function reads audit entries
2316  * of the existing ACL of the file and point fs_sd->sd_zsdacl
2317  * pointer to the fetched SACL, this way when smb_fsop_sdwrite()
2318  * function is called the passed fs_sd would point to the specified
2319  * DACL by client and fetched SACL from filesystem, so the file
2320  * will end up with correct ACL.
2321  */
2322 static int
2323 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd)
2324 {
2325 	smb_fssd_t cur_sd;
2326 	cred_t *kcr = zone_kcred();
2327 	int error = 0;
2328 
2329 	if (sr->tid_tree->t_acltype != ACE_T)
2330 		/* Don't bother if target FS doesn't support ACE_T */
2331 		return (0);
2332 
2333 	if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) {
2334 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) {
2335 			/*
2336 			 * Don't overwrite existing audit entries
2337 			 */
2338 			smb_fssd_init(&cur_sd, SMB_SACL_SECINFO,
2339 			    fs_sd->sd_flags);
2340 
2341 			error = smb_fsop_sdread(sr, kcr, snode, &cur_sd);
2342 			if (error == 0) {
2343 				ASSERT(fs_sd->sd_zsacl == NULL);
2344 				fs_sd->sd_zsacl = cur_sd.sd_zsacl;
2345 				if (fs_sd->sd_zsacl && fs_sd->sd_zdacl)
2346 					fs_sd->sd_zsacl->acl_flags =
2347 					    fs_sd->sd_zdacl->acl_flags;
2348 			}
2349 		} else {
2350 			/*
2351 			 * Don't overwrite existing access entries
2352 			 */
2353 			smb_fssd_init(&cur_sd, SMB_DACL_SECINFO,
2354 			    fs_sd->sd_flags);
2355 
2356 			error = smb_fsop_sdread(sr, kcr, snode, &cur_sd);
2357 			if (error == 0) {
2358 				ASSERT(fs_sd->sd_zdacl == NULL);
2359 				fs_sd->sd_zdacl = cur_sd.sd_zdacl;
2360 				if (fs_sd->sd_zdacl && fs_sd->sd_zsacl)
2361 					fs_sd->sd_zdacl->acl_flags =
2362 					    fs_sd->sd_zsacl->acl_flags;
2363 			}
2364 		}
2365 
2366 		if (error)
2367 			smb_fssd_term(&cur_sd);
2368 	}
2369 
2370 	return (error);
2371 }
2372 
2373 /*
2374  * smb_fsop_sdwrite
2375  *
2376  * Stores the given uid, gid and acl in filesystem.
2377  * Provided items in fs_sd are specified by fs_sd->sd_secinfo.
2378  *
2379  * A SMB security descriptor could contain owner, primary group,
2380  * DACL and SACL. Setting an SD should be atomic but here it has to
2381  * be done via two separate FS operations: VOP_SETATTR and
2382  * VOP_SETSECATTR. Therefore, this function has to simulate the
2383  * atomicity as well as it can.
2384  *
2385  * Get the current uid, gid before setting the new uid/gid
2386  * so if smb_fsop_aclwrite fails they can be restored. root cred is
2387  * used to get currend uid/gid since this operation is performed on
2388  * behalf of the server not the user.
2389  *
2390  * If setting uid/gid fails with EPERM it means that and invalid
2391  * owner has been specified. Callers should translate this to
2392  * STATUS_INVALID_OWNER which is not the normal mapping for EPERM
2393  * in upper layers, so EPERM is mapped to EBADE.
2394  */
2395 int
2396 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2397     smb_fssd_t *fs_sd, int overwrite)
2398 {
2399 	smb_attr_t set_attr;
2400 	smb_attr_t orig_attr;
2401 	cred_t *kcr = zone_kcred();
2402 	int error = 0;
2403 	int access = 0;
2404 
2405 	ASSERT(cr);
2406 	ASSERT(fs_sd);
2407 
2408 	ASSERT(sr);
2409 	ASSERT(sr->tid_tree);
2410 	if (SMB_TREE_IS_READONLY(sr))
2411 		return (EROFS);
2412 
2413 	/* Can't set security on named streams */
2414 	if (SMB_IS_STREAM(snode) != NULL)
2415 		return (EINVAL);
2416 
2417 	bzero(&set_attr, sizeof (smb_attr_t));
2418 
2419 	if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
2420 		set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
2421 		set_attr.sa_mask |= SMB_AT_UID;
2422 		access |= WRITE_OWNER;
2423 	}
2424 
2425 	if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
2426 		set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
2427 		set_attr.sa_mask |= SMB_AT_GID;
2428 		access |= WRITE_OWNER;
2429 	}
2430 
2431 	if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2432 		access |= WRITE_DAC;
2433 
2434 	if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2435 		access |= ACCESS_SYSTEM_SECURITY;
2436 
2437 	if (sr->fid_ofile)
2438 		error = smb_ofile_access(sr->fid_ofile, cr, access);
2439 	else
2440 		error = smb_fsop_access(sr, cr, snode, access);
2441 
2442 	if (error)
2443 		return (EACCES);
2444 
2445 	if (set_attr.sa_mask) {
2446 		orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2447 		error = smb_fsop_getattr(sr, kcr, snode, &orig_attr);
2448 		if (error == 0) {
2449 			error = smb_fsop_setattr(sr, cr, snode, &set_attr);
2450 			if (error == EPERM)
2451 				error = EBADE;
2452 		}
2453 
2454 		if (error)
2455 			return (error);
2456 	}
2457 
2458 	if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2459 		if (overwrite == 0) {
2460 			error = smb_fsop_sdmerge(sr, snode, fs_sd);
2461 			if (error)
2462 				return (error);
2463 		}
2464 
2465 		error = smb_fsop_aclwrite(sr, cr, snode, fs_sd);
2466 		if (error) {
2467 			/*
2468 			 * Revert uid/gid changes if required.
2469 			 */
2470 			if (set_attr.sa_mask) {
2471 				orig_attr.sa_mask = set_attr.sa_mask;
2472 				(void) smb_fsop_setattr(sr, kcr, snode,
2473 				    &orig_attr);
2474 			}
2475 		}
2476 	}
2477 
2478 	return (error);
2479 }
2480 
2481 #ifdef	_KERNEL
2482 /*
2483  * smb_fsop_sdinherit
2484  *
2485  * Inherit the security descriptor from the parent container.
2486  * This function is called after FS has created the file/folder
2487  * so if this doesn't do anything it means FS inheritance is
2488  * in place.
2489  *
2490  * Do inheritance for ZFS internally.
2491  *
2492  * If we want to let ZFS does the inheritance the
2493  * following setting should be true:
2494  *
2495  *  - aclinherit = passthrough
2496  *  - aclmode = passthrough
2497  *  - smbd umask = 0777
2498  *
2499  * This will result in right effective permissions but
2500  * ZFS will always add 6 ACEs for owner, owning group
2501  * and others to be POSIX compliant. This is not what
2502  * Windows clients/users expect, so we decided that CIFS
2503  * implements Windows rules and overwrite whatever ZFS
2504  * comes up with. This way we also don't have to care
2505  * about ZFS aclinherit and aclmode settings.
2506  */
2507 static int
2508 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd)
2509 {
2510 	acl_t *dacl = NULL;
2511 	acl_t *sacl = NULL;
2512 	int is_dir;
2513 	int error;
2514 
2515 	ASSERT(fs_sd);
2516 
2517 	if (sr->tid_tree->t_acltype != ACE_T) {
2518 		/*
2519 		 * No forced inheritance for non-ZFS filesystems.
2520 		 */
2521 		fs_sd->sd_secinfo = 0;
2522 		return (0);
2523 	}
2524 
2525 
2526 	/* Fetch parent directory's ACL */
2527 	error = smb_fsop_sdread(sr, zone_kcred(), dnode, fs_sd);
2528 	if (error) {
2529 		return (error);
2530 	}
2531 
2532 	is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR);
2533 	dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO,
2534 	    sr->user_cr);
2535 	sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO,
2536 	    sr->user_cr);
2537 
2538 	if (sacl == NULL)
2539 		fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO;
2540 
2541 	smb_fsacl_free(fs_sd->sd_zdacl);
2542 	smb_fsacl_free(fs_sd->sd_zsacl);
2543 
2544 	fs_sd->sd_zdacl = dacl;
2545 	fs_sd->sd_zsacl = sacl;
2546 
2547 	return (0);
2548 }
2549 #endif	/* _KERNEL */
2550 
2551 /*
2552  * smb_fsop_eaccess
2553  *
2554  * Returns the effective permission of the given credential for the
2555  * specified object.
2556  *
2557  * This is just a workaround. We need VFS/FS support for this.
2558  */
2559 void
2560 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2561     uint32_t *eaccess)
2562 {
2563 	int access = 0;
2564 	vnode_t *dir_vp;
2565 	smb_node_t *unnamed_node;
2566 
2567 	ASSERT(cr);
2568 	ASSERT(snode);
2569 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
2570 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
2571 
2572 	unnamed_node = SMB_IS_STREAM(snode);
2573 	if (unnamed_node) {
2574 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2575 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2576 		/*
2577 		 * Streams authorization should be performed against the
2578 		 * unnamed stream.
2579 		 */
2580 		snode = unnamed_node;
2581 	}
2582 
2583 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) {
2584 		dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL;
2585 		smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp,
2586 		    cr);
2587 		return;
2588 	}
2589 
2590 	/*
2591 	 * FS doesn't understand 32-bit mask
2592 	 */
2593 	smb_vop_eaccess(snode->vp, &access, 0, NULL, cr);
2594 	access &= sr->tid_tree->t_access;
2595 
2596 	*eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES;
2597 
2598 	if (access & VREAD)
2599 		*eaccess |= FILE_READ_DATA;
2600 
2601 	if (access & VEXEC)
2602 		*eaccess |= FILE_EXECUTE;
2603 
2604 	if (access & VWRITE)
2605 		*eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES |
2606 		    FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD;
2607 
2608 	if (access & (VREAD | VWRITE))
2609 		*eaccess |= SYNCHRONIZE;
2610 
2611 #ifdef	_FAKE_KERNEL
2612 	/* Should be: if (we are the owner)... */
2613 	if (access & VWRITE)
2614 		*eaccess |= DELETE | WRITE_DAC | WRITE_OWNER;
2615 #endif
2616 }
2617 
2618 /*
2619  * smb_fsop_shrlock
2620  *
2621  * For the current open request, check file sharing rules
2622  * against existing opens.
2623  *
2624  * Returns NT_STATUS_SHARING_VIOLATION if there is any
2625  * sharing conflict.  Returns NT_STATUS_SUCCESS otherwise.
2626  *
2627  * Full system-wide share reservation synchronization is available
2628  * when the nbmand (non-blocking mandatory) mount option is set
2629  * (i.e. nbl_need_crit() is true) and nbmand critical regions are used.
2630  * This provides synchronization with NFS and local processes.  The
2631  * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called
2632  * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well
2633  * as the CIFS rename and delete paths.
2634  *
2635  * The CIFS server will also enter the nbl critical region in the open,
2636  * rename, and delete paths when nbmand is not set.  There is limited
2637  * coordination with local and VFS share reservations in this case.
2638  * Note that when the nbmand mount option is not set, the VFS layer
2639  * only processes advisory reservations and the delete mode is not checked.
2640  *
2641  * Whether or not the nbmand mount option is set, intra-CIFS share
2642  * checking is done in the open, delete, and rename paths using a CIFS
2643  * critical region (node->n_share_lock).
2644  */
2645 uint32_t
2646 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid,
2647     uint32_t desired_access, uint32_t share_access)
2648 {
2649 	int rc;
2650 
2651 	/* Allow access if the request is just for meta data */
2652 	if ((desired_access & FILE_DATA_ALL) == 0)
2653 		return (NT_STATUS_SUCCESS);
2654 
2655 	rc = smb_node_open_check(node, desired_access, share_access);
2656 	if (rc)
2657 		return (NT_STATUS_SHARING_VIOLATION);
2658 
2659 	rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access,
2660 	    cr);
2661 	if (rc)
2662 		return (NT_STATUS_SHARING_VIOLATION);
2663 
2664 	return (NT_STATUS_SUCCESS);
2665 }
2666 
2667 void
2668 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid)
2669 {
2670 	(void) smb_vop_unshrlock(node->vp, uniq_fid, cr);
2671 }
2672 
2673 int
2674 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock,
2675     cred_t *cr)
2676 {
2677 	flock64_t bf;
2678 	int flag = F_REMOTELOCK;
2679 
2680 	/*
2681 	 * VOP_FRLOCK() will not be called if:
2682 	 *
2683 	 * 1) The lock has a range of zero bytes. The semantics of Windows and
2684 	 *    POSIX are different. In the case of POSIX it asks for the locking
2685 	 *    of all the bytes from the offset provided until the end of the
2686 	 *    file. In the case of Windows a range of zero locks nothing and
2687 	 *    doesn't conflict with any other lock.
2688 	 *
2689 	 * 2) The lock rolls over (start + lenght < start). Solaris will assert
2690 	 *    if such a request is submitted. This will not create
2691 	 *    incompatibilities between POSIX and Windows. In the Windows world,
2692 	 *    if a client submits such a lock, the server will not lock any
2693 	 *    bytes. Interestingly if the same lock (same offset and length) is
2694 	 *    resubmitted Windows will consider that there is an overlap and
2695 	 *    the granting rules will then apply.
2696 	 *
2697 	 * 3) The SMB-level process IDs (smb_pid) are not passed down to the
2698 	 *    POSIX level in l_pid because (a) the rules about lock PIDs are
2699 	 *    different in SMB, and (b) we're putting our ofile f_uniqid in
2700 	 *    the POSIX l_pid field to segregate locks per SMB ofile.
2701 	 *    (We're also using a "remote" system ID in l_sysid.)
2702 	 *    All SMB locking PIDs are handled at the SMB level and
2703 	 *    not exposed in POSIX locking.
2704 	 */
2705 	if ((lock->l_length == 0) ||
2706 	    ((lock->l_start + lock->l_length - 1) < lock->l_start))
2707 		return (0);
2708 
2709 	bzero(&bf, sizeof (bf));
2710 
2711 	if (unlock) {
2712 		bf.l_type = F_UNLCK;
2713 	} else if (lock->l_type == SMB_LOCK_TYPE_READONLY) {
2714 		bf.l_type = F_RDLCK;
2715 		flag |= FREAD;
2716 	} else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) {
2717 		bf.l_type = F_WRLCK;
2718 		flag |= FWRITE;
2719 	}
2720 
2721 	bf.l_start = lock->l_start;
2722 	bf.l_len = lock->l_length;
2723 	bf.l_pid = lock->l_file->f_uniqid;
2724 	bf.l_sysid = smb_ct.cc_sysid;
2725 
2726 	return (smb_vop_frlock(node->vp, cr, flag, &bf));
2727 }
2728