xref: /titanic_41/usr/src/uts/common/fs/smbsrv/smb_fsops.c (revision a9b5625ad449e28716053a1fd299e7e3271f750d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2013 Nexenta Systems, Inc.  All rights reserved.
24  */
25 
26 #include <sys/sid.h>
27 #include <sys/nbmlock.h>
28 #include <smbsrv/smb_fsops.h>
29 #include <smbsrv/smb_kproto.h>
30 #include <acl/acl_common.h>
31 #include <sys/fcntl.h>
32 #include <sys/flock.h>
33 #include <fs/fs_subr.h>
34 
35 extern caller_context_t smb_ct;
36 
37 static int smb_fsop_create_stream(smb_request_t *, cred_t *, smb_node_t *,
38     char *, char *, int, smb_attr_t *, smb_node_t **);
39 
40 static int smb_fsop_create_file(smb_request_t *, cred_t *, smb_node_t *,
41     char *, int, smb_attr_t *, smb_node_t **);
42 
43 static int smb_fsop_create_with_sd(smb_request_t *, cred_t *, smb_node_t *,
44     char *, smb_attr_t *, smb_node_t **, smb_fssd_t *);
45 
46 static int smb_fsop_sdinherit(smb_request_t *, smb_node_t *, smb_fssd_t *);
47 
48 /*
49  * The smb_fsop_* functions have knowledge of CIFS semantics.
50  *
51  * The smb_vop_* functions have minimal knowledge of CIFS semantics and
52  * serve as an interface to the VFS layer.
53  *
54  * Hence, smb_request_t and smb_node_t structures should not be passed
55  * from the smb_fsop_* layer to the smb_vop_* layer.
56  *
57  * In general, CIFS service code should only ever call smb_fsop_*
58  * functions directly, and never smb_vop_* functions directly.
59  *
60  * smb_fsop_* functions should call smb_vop_* functions where possible, instead
61  * of their smb_fsop_* counterparts.  However, there are times when
62  * this cannot be avoided.
63  */
64 
65 /*
66  * Note: Stream names cannot be mangled.
67  */
68 
69 /*
70  * smb_fsop_amask_to_omode
71  *
72  * Convert the access mask to the open mode (for use
73  * with the VOP_OPEN call).
74  *
75  * Note that opening a file for attribute only access
76  * will also translate into an FREAD or FWRITE open mode
77  * (i.e., it's not just for data).
78  *
79  * This is needed so that opens are tracked appropriately
80  * for oplock processing.
81  */
82 
83 int
84 smb_fsop_amask_to_omode(uint32_t access)
85 {
86 	int mode = 0;
87 
88 	if (access & (FILE_READ_DATA | FILE_EXECUTE |
89 	    FILE_READ_ATTRIBUTES | FILE_READ_EA))
90 		mode |= FREAD;
91 
92 	if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA |
93 	    FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA))
94 		mode |= FWRITE;
95 
96 	if (access & FILE_APPEND_DATA)
97 		mode |= FAPPEND;
98 
99 	return (mode);
100 }
101 
102 int
103 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred)
104 {
105 	/*
106 	 * Assuming that the same vnode is returned as we had before.
107 	 * (I.e., with certain types of files or file systems, a
108 	 * different vnode might be returned by VOP_OPEN)
109 	 */
110 	return (smb_vop_open(&node->vp, mode, cred));
111 }
112 
113 void
114 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred)
115 {
116 	smb_vop_close(node->vp, mode, cred);
117 }
118 
119 static int
120 smb_fsop_create_with_sd(smb_request_t *sr, cred_t *cr,
121     smb_node_t *dnode, char *name,
122     smb_attr_t *attr, smb_node_t **ret_snode, smb_fssd_t *fs_sd)
123 {
124 	vsecattr_t *vsap;
125 	vsecattr_t vsecattr;
126 	acl_t *acl, *dacl, *sacl;
127 	smb_attr_t set_attr;
128 	vnode_t *vp;
129 	int aclbsize = 0;	/* size of acl list in bytes */
130 	int flags = 0;
131 	int rc;
132 	boolean_t is_dir;
133 
134 	ASSERT(fs_sd);
135 
136 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
137 		flags = SMB_IGNORE_CASE;
138 	if (SMB_TREE_SUPPORTS_CATIA(sr))
139 		flags |= SMB_CATIA;
140 
141 	ASSERT(cr);
142 
143 	is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0);
144 
145 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) {
146 		if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
147 			dacl = fs_sd->sd_zdacl;
148 			sacl = fs_sd->sd_zsacl;
149 			ASSERT(dacl || sacl);
150 			if (dacl && sacl) {
151 				acl = smb_fsacl_merge(dacl, sacl);
152 			} else if (dacl) {
153 				acl = dacl;
154 			} else {
155 				acl = sacl;
156 			}
157 
158 			rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize);
159 
160 			if (dacl && sacl)
161 				acl_free(acl);
162 
163 			if (rc != 0)
164 				return (rc);
165 
166 			vsap = &vsecattr;
167 		} else {
168 			vsap = NULL;
169 		}
170 
171 		/* The tree ACEs may prevent a create */
172 		rc = EACCES;
173 		if (is_dir) {
174 			if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_SUBDIRECTORY) != 0)
175 				rc = smb_vop_mkdir(dnode->vp, name, attr,
176 				    &vp, flags, cr, vsap);
177 		} else {
178 			if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_FILE) != 0)
179 				rc = smb_vop_create(dnode->vp, name, attr,
180 				    &vp, flags, cr, vsap);
181 		}
182 
183 		if (vsap != NULL)
184 			kmem_free(vsap->vsa_aclentp, aclbsize);
185 
186 		if (rc != 0)
187 			return (rc);
188 
189 		set_attr.sa_mask = 0;
190 
191 		/*
192 		 * Ideally we should be able to specify the owner and owning
193 		 * group at create time along with the ACL. Since we cannot
194 		 * do that right now, kcred is passed to smb_vop_setattr so it
195 		 * doesn't fail due to lack of permission.
196 		 */
197 		if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
198 			set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
199 			set_attr.sa_mask |= SMB_AT_UID;
200 		}
201 
202 		if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
203 			set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
204 			set_attr.sa_mask |= SMB_AT_GID;
205 		}
206 
207 		if (set_attr.sa_mask)
208 			rc = smb_vop_setattr(vp, NULL, &set_attr, 0, kcred);
209 
210 		if (rc == 0) {
211 			*ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp,
212 			    name, dnode, NULL);
213 
214 			if (*ret_snode == NULL)
215 				rc = ENOMEM;
216 
217 			VN_RELE(vp);
218 		}
219 	} else {
220 		/*
221 		 * For filesystems that don't support ACL-on-create, try
222 		 * to set the specified SD after create, which could actually
223 		 * fail because of conflicts between inherited security
224 		 * attributes upon creation and the specified SD.
225 		 *
226 		 * Passing kcred to smb_fsop_sdwrite() to overcome this issue.
227 		 */
228 
229 		if (is_dir) {
230 			rc = smb_vop_mkdir(dnode->vp, name, attr, &vp,
231 			    flags, cr, NULL);
232 		} else {
233 			rc = smb_vop_create(dnode->vp, name, attr, &vp,
234 			    flags, cr, NULL);
235 		}
236 
237 		if (rc != 0)
238 			return (rc);
239 
240 		*ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp,
241 		    name, dnode, NULL);
242 
243 		if (*ret_snode != NULL) {
244 			if (!smb_tree_has_feature(sr->tid_tree,
245 			    SMB_TREE_NFS_MOUNTED))
246 				rc = smb_fsop_sdwrite(sr, kcred, *ret_snode,
247 				    fs_sd, 1);
248 		} else {
249 			rc = ENOMEM;
250 		}
251 
252 		VN_RELE(vp);
253 	}
254 
255 	if (rc != 0) {
256 		if (is_dir)
257 			(void) smb_vop_rmdir(dnode->vp, name, flags, cr);
258 		else
259 			(void) smb_vop_remove(dnode->vp, name, flags, cr);
260 	}
261 
262 	return (rc);
263 }
264 
265 /*
266  * smb_fsop_create
267  *
268  * All SMB functions should use this wrapper to ensure that
269  * all the smb_vop_creates are performed with the appropriate credentials.
270  * Please document any direct calls to explain the reason for avoiding
271  * this wrapper.
272  *
273  * *ret_snode is returned with a reference upon success.  No reference is
274  * taken if an error is returned.
275  */
276 int
277 smb_fsop_create(smb_request_t *sr, cred_t *cr, smb_node_t *dnode,
278     char *name, smb_attr_t *attr, smb_node_t **ret_snode)
279 {
280 	int	rc = 0;
281 	int	flags = 0;
282 	char	*fname, *sname;
283 	char	*longname = NULL;
284 
285 	ASSERT(cr);
286 	ASSERT(dnode);
287 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
288 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
289 
290 	ASSERT(ret_snode);
291 	*ret_snode = 0;
292 
293 	ASSERT(name);
294 	if (*name == 0)
295 		return (EINVAL);
296 
297 	ASSERT(sr);
298 	ASSERT(sr->tid_tree);
299 
300 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
301 		return (EACCES);
302 
303 	if (SMB_TREE_IS_READONLY(sr))
304 		return (EROFS);
305 
306 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
307 		flags = SMB_IGNORE_CASE;
308 	if (SMB_TREE_SUPPORTS_CATIA(sr))
309 		flags |= SMB_CATIA;
310 	if (SMB_TREE_SUPPORTS_ABE(sr))
311 		flags |= SMB_ABE;
312 
313 	if (smb_is_stream_name(name)) {
314 		fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
315 		sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
316 		smb_stream_parse_name(name, fname, sname);
317 
318 		rc = smb_fsop_create_stream(sr, cr, dnode,
319 		    fname, sname, flags, attr, ret_snode);
320 
321 		kmem_free(fname, MAXNAMELEN);
322 		kmem_free(sname, MAXNAMELEN);
323 		return (rc);
324 	}
325 
326 	/* Not a named stream */
327 
328 	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) {
329 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
330 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
331 		kmem_free(longname, MAXNAMELEN);
332 
333 		if (rc == 0)
334 			rc = EEXIST;
335 		if (rc != ENOENT)
336 			return (rc);
337 	}
338 
339 	rc = smb_fsop_create_file(sr, cr, dnode, name, flags,
340 	    attr, ret_snode);
341 	return (rc);
342 
343 }
344 
345 
346 /*
347  * smb_fsop_create_stream
348  *
349  * Create NTFS named stream file (sname) on unnamed stream
350  * file (fname), creating the unnamed stream file if it
351  * doesn't exist.
352  * If we created the unnamed stream file and then creation
353  * of the named stream file fails, we delete the unnamed stream.
354  * Since we use the real file name for the smb_vop_remove we
355  * clear the SMB_IGNORE_CASE flag to ensure a case sensitive
356  * match.
357  *
358  * The second parameter of smb_vop_setattr() is set to
359  * NULL, even though an unnamed stream exists.  This is
360  * because we want to set the UID and GID on the named
361  * stream in this case for consistency with the (unnamed
362  * stream) file (see comments for smb_vop_setattr()).
363  */
364 static int
365 smb_fsop_create_stream(smb_request_t *sr, cred_t *cr,
366     smb_node_t *dnode, char *fname, char *sname, int flags,
367     smb_attr_t *attr, smb_node_t **ret_snode)
368 {
369 	smb_node_t	*fnode;
370 	smb_attr_t	fattr;
371 	vnode_t		*xattrdvp;
372 	vnode_t		*vp;
373 	int		rc = 0;
374 	boolean_t	fcreate = B_FALSE;
375 
376 	/* Look up / create the unnamed stream, fname */
377 	rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
378 	    sr->tid_tree->t_snode, dnode, fname, &fnode);
379 	if (rc == ENOENT) {
380 		fcreate = B_TRUE;
381 		rc = smb_fsop_create_file(sr, cr, dnode, fname, flags,
382 		    attr, &fnode);
383 	}
384 	if (rc != 0)
385 		return (rc);
386 
387 	fattr.sa_mask = SMB_AT_UID | SMB_AT_GID;
388 	rc = smb_vop_getattr(fnode->vp, NULL, &fattr, 0, kcred);
389 
390 	if (rc == 0) {
391 		/* create the named stream, sname */
392 		rc = smb_vop_stream_create(fnode->vp, sname, attr,
393 		    &vp, &xattrdvp, flags, cr);
394 	}
395 	if (rc != 0) {
396 		if (fcreate) {
397 			flags &= ~SMB_IGNORE_CASE;
398 			(void) smb_vop_remove(dnode->vp,
399 			    fnode->od_name, flags, cr);
400 		}
401 		smb_node_release(fnode);
402 		return (rc);
403 	}
404 
405 	attr->sa_vattr.va_uid = fattr.sa_vattr.va_uid;
406 	attr->sa_vattr.va_gid = fattr.sa_vattr.va_gid;
407 	attr->sa_mask = SMB_AT_UID | SMB_AT_GID;
408 
409 	rc = smb_vop_setattr(vp, NULL, attr, 0, kcred);
410 	if (rc != 0) {
411 		smb_node_release(fnode);
412 		return (rc);
413 	}
414 
415 	*ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdvp,
416 	    vp, sname);
417 
418 	smb_node_release(fnode);
419 	VN_RELE(xattrdvp);
420 	VN_RELE(vp);
421 
422 	if (*ret_snode == NULL)
423 		rc = ENOMEM;
424 
425 	/* notify change to the unnamed stream */
426 	if (rc == 0)
427 		smb_node_notify_change(dnode,
428 		    FILE_ACTION_ADDED_STREAM, fname);
429 
430 	return (rc);
431 }
432 
433 /*
434  * smb_fsop_create_file
435  */
436 static int
437 smb_fsop_create_file(smb_request_t *sr, cred_t *cr,
438     smb_node_t *dnode, char *name, int flags,
439     smb_attr_t *attr, smb_node_t **ret_snode)
440 {
441 	smb_arg_open_t	*op = &sr->sr_open;
442 	vnode_t		*vp;
443 	smb_fssd_t	fs_sd;
444 	uint32_t	secinfo;
445 	uint32_t	status;
446 	int		rc = 0;
447 
448 	if (op->sd) {
449 		/*
450 		 * SD sent by client in Windows format. Needs to be
451 		 * converted to FS format. No inheritance.
452 		 */
453 		secinfo = smb_sd_get_secinfo(op->sd);
454 		smb_fssd_init(&fs_sd, secinfo, 0);
455 
456 		status = smb_sd_tofs(op->sd, &fs_sd);
457 		if (status == NT_STATUS_SUCCESS) {
458 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
459 			    name, attr, ret_snode, &fs_sd);
460 		} else {
461 			rc = EINVAL;
462 		}
463 		smb_fssd_term(&fs_sd);
464 	} else if (sr->tid_tree->t_acltype == ACE_T) {
465 		/*
466 		 * No incoming SD and filesystem is ZFS
467 		 * Server applies Windows inheritance rules,
468 		 * see smb_fsop_sdinherit() comments as to why.
469 		 */
470 		smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0);
471 		rc = smb_fsop_sdinherit(sr, dnode, &fs_sd);
472 		if (rc == 0) {
473 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
474 			    name, attr, ret_snode, &fs_sd);
475 		}
476 
477 		smb_fssd_term(&fs_sd);
478 	} else {
479 		/*
480 		 * No incoming SD and filesystem is not ZFS
481 		 * let the filesystem handles the inheritance.
482 		 */
483 		rc = smb_vop_create(dnode->vp, name, attr, &vp,
484 		    flags, cr, NULL);
485 
486 		if (rc == 0) {
487 			*ret_snode = smb_node_lookup(sr, op, cr, vp,
488 			    name, dnode, NULL);
489 
490 			if (*ret_snode == NULL)
491 				rc = ENOMEM;
492 
493 			VN_RELE(vp);
494 		}
495 
496 	}
497 
498 	if (rc == 0)
499 		smb_node_notify_parents(dnode);
500 
501 	return (rc);
502 }
503 
504 /*
505  * smb_fsop_mkdir
506  *
507  * All SMB functions should use this wrapper to ensure that
508  * the the calls are performed with the appropriate credentials.
509  * Please document any direct call to explain the reason
510  * for avoiding this wrapper.
511  *
512  * It is assumed that a reference exists on snode coming into this routine.
513  *
514  * *ret_snode is returned with a reference upon success.  No reference is
515  * taken if an error is returned.
516  */
517 int
518 smb_fsop_mkdir(
519     smb_request_t *sr,
520     cred_t *cr,
521     smb_node_t *dnode,
522     char *name,
523     smb_attr_t *attr,
524     smb_node_t **ret_snode)
525 {
526 	struct open_param *op = &sr->arg.open;
527 	char *longname;
528 	vnode_t *vp;
529 	int flags = 0;
530 	smb_fssd_t fs_sd;
531 	uint32_t secinfo;
532 	uint32_t status;
533 	int rc;
534 	ASSERT(cr);
535 	ASSERT(dnode);
536 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
537 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
538 
539 	ASSERT(ret_snode);
540 	*ret_snode = 0;
541 
542 	ASSERT(name);
543 	if (*name == 0)
544 		return (EINVAL);
545 
546 	ASSERT(sr);
547 	ASSERT(sr->tid_tree);
548 
549 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
550 		return (EACCES);
551 
552 	if (SMB_TREE_IS_READONLY(sr))
553 		return (EROFS);
554 	if (SMB_TREE_SUPPORTS_CATIA(sr))
555 		flags |= SMB_CATIA;
556 	if (SMB_TREE_SUPPORTS_ABE(sr))
557 		flags |= SMB_ABE;
558 
559 	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) {
560 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
561 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
562 		kmem_free(longname, MAXNAMELEN);
563 
564 		/*
565 		 * If the name passed in by the client has an unmangled
566 		 * equivalent that is found in the specified directory,
567 		 * then the mkdir cannot succeed.  Return EEXIST.
568 		 *
569 		 * Only if ENOENT is returned will a mkdir be attempted.
570 		 */
571 
572 		if (rc == 0)
573 			rc = EEXIST;
574 
575 		if (rc != ENOENT)
576 			return (rc);
577 	}
578 
579 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
580 		flags = SMB_IGNORE_CASE;
581 
582 	if (op->sd) {
583 		/*
584 		 * SD sent by client in Windows format. Needs to be
585 		 * converted to FS format. No inheritance.
586 		 */
587 		secinfo = smb_sd_get_secinfo(op->sd);
588 		smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR);
589 
590 		status = smb_sd_tofs(op->sd, &fs_sd);
591 		if (status == NT_STATUS_SUCCESS) {
592 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
593 			    name, attr, ret_snode, &fs_sd);
594 		}
595 		else
596 			rc = EINVAL;
597 		smb_fssd_term(&fs_sd);
598 	} else if (sr->tid_tree->t_acltype == ACE_T) {
599 		/*
600 		 * No incoming SD and filesystem is ZFS
601 		 * Server applies Windows inheritance rules,
602 		 * see smb_fsop_sdinherit() comments as to why.
603 		 */
604 		smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR);
605 		rc = smb_fsop_sdinherit(sr, dnode, &fs_sd);
606 		if (rc == 0) {
607 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
608 			    name, attr, ret_snode, &fs_sd);
609 		}
610 
611 		smb_fssd_term(&fs_sd);
612 
613 	} else {
614 		rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, flags, cr,
615 		    NULL);
616 
617 		if (rc == 0) {
618 			*ret_snode = smb_node_lookup(sr, op, cr, vp, name,
619 			    dnode, NULL);
620 
621 			if (*ret_snode == NULL)
622 				rc = ENOMEM;
623 
624 			VN_RELE(vp);
625 		}
626 	}
627 
628 	if (rc == 0)
629 		smb_node_notify_parents(dnode);
630 
631 	return (rc);
632 }
633 
634 /*
635  * smb_fsop_remove
636  *
637  * All SMB functions should use this wrapper to ensure that
638  * the the calls are performed with the appropriate credentials.
639  * Please document any direct call to explain the reason
640  * for avoiding this wrapper.
641  *
642  * It is assumed that a reference exists on snode coming into this routine.
643  *
644  * A null smb_request might be passed to this function.
645  */
646 int
647 smb_fsop_remove(
648     smb_request_t	*sr,
649     cred_t		*cr,
650     smb_node_t		*dnode,
651     char		*name,
652     uint32_t		flags)
653 {
654 	smb_node_t	*fnode;
655 	char		*longname;
656 	char		*fname;
657 	char		*sname;
658 	int		rc;
659 
660 	ASSERT(cr);
661 	/*
662 	 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
663 	 * function is called during the deletion of the node (because of
664 	 * DELETE_ON_CLOSE).
665 	 */
666 	ASSERT(dnode);
667 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
668 
669 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 ||
670 	    SMB_TREE_HAS_ACCESS(sr, ACE_DELETE) == 0)
671 		return (EACCES);
672 
673 	if (SMB_TREE_IS_READONLY(sr))
674 		return (EROFS);
675 
676 	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
677 	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
678 
679 	if (dnode->flags & NODE_XATTR_DIR) {
680 		fnode = dnode->n_dnode;
681 		rc = smb_vop_stream_remove(fnode->vp, name, flags, cr);
682 
683 		/* notify change to the unnamed stream */
684 		if ((rc == 0) && fnode->n_dnode) {
685 			smb_node_notify_change(fnode->n_dnode,
686 			    FILE_ACTION_REMOVED_STREAM, fnode->od_name);
687 		}
688 	} else if (smb_is_stream_name(name)) {
689 		smb_stream_parse_name(name, fname, sname);
690 
691 		/*
692 		 * Look up the unnamed stream (i.e. fname).
693 		 * Unmangle processing will be done on fname
694 		 * as well as any link target.
695 		 */
696 
697 		rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
698 		    sr->tid_tree->t_snode, dnode, fname, &fnode);
699 
700 		if (rc != 0) {
701 			kmem_free(fname, MAXNAMELEN);
702 			kmem_free(sname, MAXNAMELEN);
703 			return (rc);
704 		}
705 
706 		/*
707 		 * XXX
708 		 * Need to find out what permission is required by NTFS
709 		 * to remove a stream.
710 		 */
711 		rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr);
712 
713 		smb_node_release(fnode);
714 
715 		/* notify change to the unnamed stream */
716 		if (rc == 0) {
717 			smb_node_notify_change(dnode,
718 			    FILE_ACTION_REMOVED_STREAM, fname);
719 		}
720 	} else {
721 		rc = smb_vop_remove(dnode->vp, name, flags, cr);
722 
723 		if (rc == ENOENT) {
724 			if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
725 			    !smb_maybe_mangled(name)) {
726 				kmem_free(fname, MAXNAMELEN);
727 				kmem_free(sname, MAXNAMELEN);
728 				return (rc);
729 			}
730 			longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
731 
732 			if (SMB_TREE_SUPPORTS_ABE(sr))
733 				flags |= SMB_ABE;
734 
735 			rc = smb_unmangle(dnode, name, longname, MAXNAMELEN,
736 			    flags);
737 
738 			if (rc == 0) {
739 				/*
740 				 * longname is the real (case-sensitive)
741 				 * on-disk name.
742 				 * We make sure we do a remove on this exact
743 				 * name, as the name was mangled and denotes
744 				 * a unique file.
745 				 */
746 				flags &= ~SMB_IGNORE_CASE;
747 				rc = smb_vop_remove(dnode->vp, longname,
748 				    flags, cr);
749 			}
750 
751 			if (rc == 0)
752 				smb_node_notify_parents(dnode);
753 
754 			kmem_free(longname, MAXNAMELEN);
755 		}
756 	}
757 
758 	kmem_free(fname, MAXNAMELEN);
759 	kmem_free(sname, MAXNAMELEN);
760 
761 	return (rc);
762 }
763 
764 /*
765  * smb_fsop_remove_streams
766  *
767  * This function removes a file's streams without removing the
768  * file itself.
769  *
770  * It is assumed that fnode is not a link.
771  */
772 int
773 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode)
774 {
775 	int rc, flags = 0;
776 	uint16_t odid;
777 	smb_odir_t *od;
778 	smb_odirent_t *odirent;
779 	boolean_t eos;
780 
781 	ASSERT(sr);
782 	ASSERT(cr);
783 	ASSERT(fnode);
784 	ASSERT(fnode->n_magic == SMB_NODE_MAGIC);
785 	ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING);
786 
787 	if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0) {
788 		smbsr_errno(sr, EACCES);
789 		return (-1);
790 	}
791 
792 	if (SMB_TREE_IS_READONLY(sr)) {
793 		smbsr_errno(sr, EROFS);
794 		return (-1);
795 	}
796 
797 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
798 		flags = SMB_IGNORE_CASE;
799 
800 	if (SMB_TREE_SUPPORTS_CATIA(sr))
801 		flags |= SMB_CATIA;
802 
803 	if ((odid = smb_odir_openat(sr, fnode)) == 0) {
804 		smbsr_errno(sr, ENOENT);
805 		return (-1);
806 	}
807 
808 	if ((od = smb_tree_lookup_odir(sr->tid_tree, odid)) == NULL) {
809 		smbsr_errno(sr, ENOENT);
810 		return (-1);
811 	}
812 
813 	odirent = kmem_alloc(sizeof (smb_odirent_t), KM_SLEEP);
814 	for (;;) {
815 		rc = smb_odir_read(sr, od, odirent, &eos);
816 		if ((rc != 0) || (eos))
817 			break;
818 		(void) smb_vop_remove(od->d_dnode->vp, odirent->od_name,
819 		    flags, cr);
820 	}
821 	kmem_free(odirent, sizeof (smb_odirent_t));
822 
823 	smb_odir_close(od);
824 	smb_odir_release(od);
825 	return (rc);
826 }
827 
828 /*
829  * smb_fsop_rmdir
830  *
831  * All SMB functions should use this wrapper to ensure that
832  * the the calls are performed with the appropriate credentials.
833  * Please document any direct call to explain the reason
834  * for avoiding this wrapper.
835  *
836  * It is assumed that a reference exists on snode coming into this routine.
837  */
838 int
839 smb_fsop_rmdir(
840     smb_request_t	*sr,
841     cred_t		*cr,
842     smb_node_t		*dnode,
843     char		*name,
844     uint32_t		flags)
845 {
846 	int		rc;
847 	char		*longname;
848 
849 	ASSERT(cr);
850 	/*
851 	 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
852 	 * function is called during the deletion of the node (because of
853 	 * DELETE_ON_CLOSE).
854 	 */
855 	ASSERT(dnode);
856 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
857 
858 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 ||
859 	    SMB_TREE_HAS_ACCESS(sr, ACE_DELETE_CHILD) == 0)
860 		return (EACCES);
861 
862 	if (SMB_TREE_IS_READONLY(sr))
863 		return (EROFS);
864 
865 	rc = smb_vop_rmdir(dnode->vp, name, flags, cr);
866 
867 	if (rc == ENOENT) {
868 		if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
869 		    !smb_maybe_mangled(name)) {
870 			return (rc);
871 		}
872 
873 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
874 
875 		if (SMB_TREE_SUPPORTS_ABE(sr))
876 			flags |= SMB_ABE;
877 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
878 
879 		if (rc == 0) {
880 			/*
881 			 * longname is the real (case-sensitive)
882 			 * on-disk name.
883 			 * We make sure we do a rmdir on this exact
884 			 * name, as the name was mangled and denotes
885 			 * a unique directory.
886 			 */
887 			flags &= ~SMB_IGNORE_CASE;
888 			rc = smb_vop_rmdir(dnode->vp, longname, flags, cr);
889 		}
890 
891 		kmem_free(longname, MAXNAMELEN);
892 	}
893 
894 	if (rc == 0)
895 		smb_node_notify_parents(dnode);
896 
897 	return (rc);
898 }
899 
900 /*
901  * smb_fsop_getattr
902  *
903  * All SMB functions should use this wrapper to ensure that
904  * the the calls are performed with the appropriate credentials.
905  * Please document any direct call to explain the reason
906  * for avoiding this wrapper.
907  *
908  * It is assumed that a reference exists on snode coming into this routine.
909  */
910 int
911 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
912     smb_attr_t *attr)
913 {
914 	smb_node_t *unnamed_node;
915 	vnode_t *unnamed_vp = NULL;
916 	uint32_t status;
917 	uint32_t access = 0;
918 	int flags = 0;
919 	int rc;
920 
921 	ASSERT(cr);
922 	ASSERT(snode);
923 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
924 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
925 
926 	if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0 ||
927 	    SMB_TREE_HAS_ACCESS(sr, ACE_READ_ATTRIBUTES) == 0)
928 		return (EACCES);
929 
930 	/* sr could be NULL in some cases */
931 	if (sr && sr->fid_ofile) {
932 		/* if uid and/or gid is requested */
933 		if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID))
934 			access |= READ_CONTROL;
935 
936 		/* if anything else is also requested */
937 		if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID))
938 			access |= FILE_READ_ATTRIBUTES;
939 
940 		status = smb_ofile_access(sr->fid_ofile, cr, access);
941 		if (status != NT_STATUS_SUCCESS)
942 			return (EACCES);
943 
944 		if (smb_tree_has_feature(sr->tid_tree,
945 		    SMB_TREE_ACEMASKONACCESS))
946 			flags = ATTR_NOACLCHECK;
947 	}
948 
949 	unnamed_node = SMB_IS_STREAM(snode);
950 
951 	if (unnamed_node) {
952 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
953 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
954 		unnamed_vp = unnamed_node->vp;
955 	}
956 
957 	rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr);
958 
959 	if ((rc == 0) && smb_node_is_dfslink(snode)) {
960 		/* a DFS link should be treated as a directory */
961 		attr->sa_dosattr |= FILE_ATTRIBUTE_DIRECTORY;
962 	}
963 
964 	return (rc);
965 }
966 
967 /*
968  * smb_fsop_link
969  *
970  * All SMB functions should use this smb_vop_link wrapper to ensure that
971  * the smb_vop_link is performed with the appropriate credentials.
972  * Please document any direct call to smb_vop_link to explain the reason
973  * for avoiding this wrapper.
974  *
975  * It is assumed that references exist on from_dnode and to_dnode coming
976  * into this routine.
977  */
978 int
979 smb_fsop_link(smb_request_t *sr, cred_t *cr, smb_node_t *from_fnode,
980     smb_node_t *to_dnode, char *to_name)
981 {
982 	char	*longname = NULL;
983 	int	flags = 0;
984 	int	rc;
985 
986 	ASSERT(sr);
987 	ASSERT(sr->tid_tree);
988 	ASSERT(cr);
989 	ASSERT(to_dnode);
990 	ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC);
991 	ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING);
992 	ASSERT(from_fnode);
993 	ASSERT(from_fnode->n_magic == SMB_NODE_MAGIC);
994 	ASSERT(from_fnode->n_state != SMB_NODE_STATE_DESTROYING);
995 
996 	if (SMB_TREE_CONTAINS_NODE(sr, from_fnode) == 0)
997 		return (EACCES);
998 
999 	if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0)
1000 		return (EACCES);
1001 
1002 	if (SMB_TREE_IS_READONLY(sr))
1003 		return (EROFS);
1004 
1005 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1006 		flags = SMB_IGNORE_CASE;
1007 	if (SMB_TREE_SUPPORTS_CATIA(sr))
1008 		flags |= SMB_CATIA;
1009 	if (SMB_TREE_SUPPORTS_ABE(sr))
1010 		flags |= SMB_ABE;
1011 
1012 	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(to_name)) {
1013 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1014 		rc = smb_unmangle(to_dnode, to_name, longname,
1015 		    MAXNAMELEN, flags);
1016 		kmem_free(longname, MAXNAMELEN);
1017 
1018 		if (rc == 0)
1019 			rc = EEXIST;
1020 		if (rc != ENOENT)
1021 			return (rc);
1022 	}
1023 
1024 	rc = smb_vop_link(to_dnode->vp, from_fnode->vp, to_name, flags, cr);
1025 
1026 	if ((rc == 0) && from_fnode->n_dnode)
1027 		smb_node_notify_parents(from_fnode->n_dnode);
1028 
1029 	return (rc);
1030 }
1031 
1032 /*
1033  * smb_fsop_rename
1034  *
1035  * All SMB functions should use this smb_vop_rename wrapper to ensure that
1036  * the smb_vop_rename is performed with the appropriate credentials.
1037  * Please document any direct call to smb_vop_rename to explain the reason
1038  * for avoiding this wrapper.
1039  *
1040  * It is assumed that references exist on from_dnode and to_dnode coming
1041  * into this routine.
1042  */
1043 int
1044 smb_fsop_rename(
1045     smb_request_t *sr,
1046     cred_t *cr,
1047     smb_node_t *from_dnode,
1048     char *from_name,
1049     smb_node_t *to_dnode,
1050     char *to_name)
1051 {
1052 	smb_node_t *from_snode;
1053 	smb_attr_t from_attr;
1054 	vnode_t *from_vp;
1055 	int flags = 0, ret_flags;
1056 	int rc;
1057 	boolean_t isdir;
1058 
1059 	ASSERT(cr);
1060 	ASSERT(from_dnode);
1061 	ASSERT(from_dnode->n_magic == SMB_NODE_MAGIC);
1062 	ASSERT(from_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1063 
1064 	ASSERT(to_dnode);
1065 	ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC);
1066 	ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1067 
1068 	if (SMB_TREE_CONTAINS_NODE(sr, from_dnode) == 0)
1069 		return (EACCES);
1070 
1071 	if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0)
1072 		return (EACCES);
1073 
1074 	ASSERT(sr);
1075 	ASSERT(sr->tid_tree);
1076 	if (SMB_TREE_IS_READONLY(sr))
1077 		return (EROFS);
1078 
1079 	/*
1080 	 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE
1081 	 * here.
1082 	 *
1083 	 * A case-sensitive rename is always done in this routine
1084 	 * because we are using the on-disk name from an earlier lookup.
1085 	 * If a mangled name was passed in by the caller (denoting a
1086 	 * deterministic lookup), then the exact file must be renamed
1087 	 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or
1088 	 * else the underlying file system might return a "first-match"
1089 	 * on this on-disk name, possibly resulting in the wrong file).
1090 	 */
1091 
1092 	if (SMB_TREE_SUPPORTS_CATIA(sr))
1093 		flags |= SMB_CATIA;
1094 
1095 	/*
1096 	 * XXX: Lock required through smb_node_release() below?
1097 	 */
1098 
1099 	rc = smb_vop_lookup(from_dnode->vp, from_name, &from_vp, NULL,
1100 	    flags, &ret_flags, NULL, &from_attr, cr);
1101 
1102 	if (rc != 0)
1103 		return (rc);
1104 
1105 	if (from_attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) {
1106 		VN_RELE(from_vp);
1107 		return (EACCES);
1108 	}
1109 
1110 	isdir = ((from_attr.sa_dosattr & FILE_ATTRIBUTE_DIRECTORY) != 0);
1111 
1112 	if ((isdir && SMB_TREE_HAS_ACCESS(sr,
1113 	    ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY) !=
1114 	    (ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY)) ||
1115 	    (!isdir && SMB_TREE_HAS_ACCESS(sr, ACE_DELETE | ACE_ADD_FILE) !=
1116 	    (ACE_DELETE | ACE_ADD_FILE))) {
1117 		VN_RELE(from_vp);
1118 		return (EACCES);
1119 	}
1120 
1121 	/*
1122 	 * SMB checks access on open and retains an access granted
1123 	 * mask for use while the file is open.  ACL changes should
1124 	 * not affect access to an open file.
1125 	 *
1126 	 * If the rename is being performed on an ofile:
1127 	 * - Check the ofile's access granted mask to see if the
1128 	 *   rename is permitted - requires DELETE access.
1129 	 * - If the file system does access checking, set the
1130 	 *   ATTR_NOACLCHECK flag to ensure that the file system
1131 	 *   does not check permissions on subsequent calls.
1132 	 */
1133 	if (sr && sr->fid_ofile) {
1134 		rc = smb_ofile_access(sr->fid_ofile, cr, DELETE);
1135 		if (rc != NT_STATUS_SUCCESS) {
1136 			VN_RELE(from_vp);
1137 			return (EACCES);
1138 		}
1139 
1140 		if (smb_tree_has_feature(sr->tid_tree,
1141 		    SMB_TREE_ACEMASKONACCESS))
1142 			flags = ATTR_NOACLCHECK;
1143 	}
1144 
1145 	rc = smb_vop_rename(from_dnode->vp, from_name, to_dnode->vp,
1146 	    to_name, flags, cr);
1147 
1148 	if (rc == 0) {
1149 		from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name,
1150 		    from_dnode, NULL);
1151 
1152 		if (from_snode == NULL) {
1153 			rc = ENOMEM;
1154 		} else {
1155 			smb_node_rename(from_dnode, from_snode,
1156 			    to_dnode, to_name);
1157 			smb_node_release(from_snode);
1158 		}
1159 	}
1160 	VN_RELE(from_vp);
1161 
1162 	if (rc == 0)
1163 		smb_node_notify_parents(from_dnode);
1164 
1165 	/* XXX: unlock */
1166 
1167 	return (rc);
1168 }
1169 
1170 /*
1171  * smb_fsop_setattr
1172  *
1173  * All SMB functions should use this wrapper to ensure that
1174  * the the calls are performed with the appropriate credentials.
1175  * Please document any direct call to explain the reason
1176  * for avoiding this wrapper.
1177  *
1178  * It is assumed that a reference exists on snode coming into
1179  * this function.
1180  * A null smb_request might be passed to this function.
1181  */
1182 int
1183 smb_fsop_setattr(
1184     smb_request_t	*sr,
1185     cred_t		*cr,
1186     smb_node_t		*snode,
1187     smb_attr_t		*set_attr)
1188 {
1189 	smb_node_t *unnamed_node;
1190 	vnode_t *unnamed_vp = NULL;
1191 	uint32_t status;
1192 	uint32_t access;
1193 	int rc = 0;
1194 	int flags = 0;
1195 	uint_t sa_mask;
1196 
1197 	ASSERT(cr);
1198 	ASSERT(snode);
1199 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1200 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1201 
1202 	if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0)
1203 		return (EACCES);
1204 
1205 	if (SMB_TREE_IS_READONLY(sr))
1206 		return (EROFS);
1207 
1208 	if (SMB_TREE_HAS_ACCESS(sr,
1209 	    ACE_WRITE_ATTRIBUTES | ACE_WRITE_NAMED_ATTRS) == 0)
1210 		return (EACCES);
1211 
1212 	/*
1213 	 * The file system cannot detect pending READDONLY
1214 	 * (i.e. if the file has been opened readonly but
1215 	 * not yet closed) so we need to test READONLY here.
1216 	 *
1217 	 * Note that file handle that were opened before the
1218 	 * READONLY flag was set in the node (or the FS) are
1219 	 * immune to that change, and remain writable.
1220 	 */
1221 	if (sr && (set_attr->sa_mask & SMB_AT_SIZE)) {
1222 		if (sr->fid_ofile) {
1223 			if (SMB_OFILE_IS_READONLY(sr->fid_ofile))
1224 				return (EACCES);
1225 		} else {
1226 			if (SMB_PATHFILE_IS_READONLY(sr, snode))
1227 				return (EACCES);
1228 		}
1229 	}
1230 
1231 	/*
1232 	 * SMB checks access on open and retains an access granted
1233 	 * mask for use while the file is open.  ACL changes should
1234 	 * not affect access to an open file.
1235 	 *
1236 	 * If the setattr is being performed on an ofile:
1237 	 * - Check the ofile's access granted mask to see if the
1238 	 *   setattr is permitted.
1239 	 *   UID, GID - require WRITE_OWNER
1240 	 *   SIZE, ALLOCSZ - require FILE_WRITE_DATA
1241 	 *   all other attributes require FILE_WRITE_ATTRIBUTES
1242 	 *
1243 	 * - If the file system does access checking, set the
1244 	 *   ATTR_NOACLCHECK flag to ensure that the file system
1245 	 *   does not check permissions on subsequent calls.
1246 	 */
1247 	if (sr && sr->fid_ofile) {
1248 		sa_mask = set_attr->sa_mask;
1249 		access = 0;
1250 
1251 		if (sa_mask & (SMB_AT_SIZE | SMB_AT_ALLOCSZ)) {
1252 			access |= FILE_WRITE_DATA;
1253 			sa_mask &= ~(SMB_AT_SIZE | SMB_AT_ALLOCSZ);
1254 		}
1255 
1256 		if (sa_mask & (SMB_AT_UID|SMB_AT_GID)) {
1257 			access |= WRITE_OWNER;
1258 			sa_mask &= ~(SMB_AT_UID|SMB_AT_GID);
1259 		}
1260 
1261 		if (sa_mask)
1262 			access |= FILE_WRITE_ATTRIBUTES;
1263 
1264 		status = smb_ofile_access(sr->fid_ofile, cr, access);
1265 		if (status != NT_STATUS_SUCCESS)
1266 			return (EACCES);
1267 
1268 		if (smb_tree_has_feature(sr->tid_tree,
1269 		    SMB_TREE_ACEMASKONACCESS))
1270 			flags = ATTR_NOACLCHECK;
1271 	}
1272 
1273 	unnamed_node = SMB_IS_STREAM(snode);
1274 
1275 	if (unnamed_node) {
1276 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1277 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1278 		unnamed_vp = unnamed_node->vp;
1279 	}
1280 
1281 	rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr);
1282 	return (rc);
1283 }
1284 
1285 /*
1286  * smb_fsop_read
1287  *
1288  * All SMB functions should use this wrapper to ensure that
1289  * the the calls are performed with the appropriate credentials.
1290  * Please document any direct call to explain the reason
1291  * for avoiding this wrapper.
1292  *
1293  * It is assumed that a reference exists on snode coming into this routine.
1294  */
1295 int
1296 smb_fsop_read(smb_request_t *sr, cred_t *cr, smb_node_t *snode, uio_t *uio)
1297 {
1298 	caller_context_t ct;
1299 	int svmand;
1300 	int rc;
1301 
1302 	ASSERT(cr);
1303 	ASSERT(snode);
1304 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1305 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1306 
1307 	ASSERT(sr);
1308 	ASSERT(sr->fid_ofile);
1309 
1310 	if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_DATA) == 0)
1311 		return (EACCES);
1312 
1313 	rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA);
1314 	if ((rc != NT_STATUS_SUCCESS) &&
1315 	    (sr->smb_flg2 & SMB_FLAGS2_READ_IF_EXECUTE))
1316 		rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE);
1317 
1318 	if (rc != NT_STATUS_SUCCESS)
1319 		return (EACCES);
1320 
1321 	/*
1322 	 * Streams permission are checked against the unnamed stream,
1323 	 * but in FS level they have their own permissions. To avoid
1324 	 * rejection by FS due to lack of permission on the actual
1325 	 * extended attr kcred is passed for streams.
1326 	 */
1327 	if (SMB_IS_STREAM(snode))
1328 		cr = kcred;
1329 
1330 	smb_node_start_crit(snode, RW_READER);
1331 	rc = nbl_svmand(snode->vp, kcred, &svmand);
1332 	if (rc) {
1333 		smb_node_end_crit(snode);
1334 		return (rc);
1335 	}
1336 
1337 	ct = smb_ct;
1338 	ct.cc_pid = sr->fid_ofile->f_uniqid;
1339 	rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset,
1340 	    uio->uio_iov->iov_len, svmand, &ct);
1341 
1342 	if (rc) {
1343 		smb_node_end_crit(snode);
1344 		return (ERANGE);
1345 	}
1346 
1347 	rc = smb_vop_read(snode->vp, uio, cr);
1348 	smb_node_end_crit(snode);
1349 
1350 	return (rc);
1351 }
1352 
1353 /*
1354  * smb_fsop_write
1355  *
1356  * This is a wrapper function used for smb_write and smb_write_raw operations.
1357  *
1358  * It is assumed that a reference exists on snode coming into this routine.
1359  */
1360 int
1361 smb_fsop_write(
1362     smb_request_t *sr,
1363     cred_t *cr,
1364     smb_node_t *snode,
1365     uio_t *uio,
1366     uint32_t *lcount,
1367     int ioflag)
1368 {
1369 	caller_context_t ct;
1370 	smb_attr_t attr;
1371 	smb_node_t *u_node;
1372 	vnode_t *u_vp = NULL;
1373 	smb_ofile_t *of;
1374 	vnode_t *vp;
1375 	int svmand;
1376 	int rc;
1377 
1378 	ASSERT(cr);
1379 	ASSERT(snode);
1380 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1381 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1382 
1383 	ASSERT(sr);
1384 	ASSERT(sr->tid_tree);
1385 	of = sr->fid_ofile;
1386 	vp = snode->vp;
1387 
1388 	if (SMB_TREE_IS_READONLY(sr))
1389 		return (EROFS);
1390 
1391 	if (SMB_OFILE_IS_READONLY(of) ||
1392 	    SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_DATA | ACE_APPEND_DATA) == 0)
1393 		return (EACCES);
1394 
1395 	rc = smb_ofile_access(of, cr, FILE_WRITE_DATA);
1396 	if (rc != NT_STATUS_SUCCESS) {
1397 		rc = smb_ofile_access(of, cr, FILE_APPEND_DATA);
1398 		if (rc != NT_STATUS_SUCCESS)
1399 			return (EACCES);
1400 	}
1401 
1402 	/*
1403 	 * Streams permission are checked against the unnamed stream,
1404 	 * but in FS level they have their own permissions. To avoid
1405 	 * rejection by FS due to lack of permission on the actual
1406 	 * extended attr kcred is passed for streams.
1407 	 */
1408 	u_node = SMB_IS_STREAM(snode);
1409 	if (u_node != NULL) {
1410 		ASSERT(u_node->n_magic == SMB_NODE_MAGIC);
1411 		ASSERT(u_node->n_state != SMB_NODE_STATE_DESTROYING);
1412 		u_vp = u_node->vp;
1413 		cr = kcred;
1414 	}
1415 
1416 	smb_node_start_crit(snode, RW_WRITER);
1417 	rc = nbl_svmand(vp, kcred, &svmand);
1418 	if (rc) {
1419 		smb_node_end_crit(snode);
1420 		return (rc);
1421 	}
1422 
1423 	ct = smb_ct;
1424 	ct.cc_pid = of->f_uniqid;
1425 	rc = nbl_lock_conflict(vp, NBL_WRITE, uio->uio_loffset,
1426 	    uio->uio_iov->iov_len, svmand, &ct);
1427 
1428 	if (rc) {
1429 		smb_node_end_crit(snode);
1430 		return (ERANGE);
1431 	}
1432 
1433 	rc = smb_vop_write(vp, uio, ioflag, lcount, cr);
1434 
1435 	/*
1436 	 * Once the mtime has been set via this ofile, the
1437 	 * automatic mtime changes from writes via this ofile
1438 	 * should cease, preserving the mtime that was set.
1439 	 * See: [MS-FSA] 2.1.5.14 and smb_node_setattr.
1440 	 *
1441 	 * The VFS interface does not offer a way to ask it to
1442 	 * skip the mtime updates, so we simulate the desired
1443 	 * behavior by re-setting the mtime after writes on a
1444 	 * handle where the mtime has been set.
1445 	 */
1446 	if (of->f_pending_attr.sa_mask & SMB_AT_MTIME) {
1447 		bcopy(&of->f_pending_attr, &attr, sizeof (attr));
1448 		attr.sa_mask = SMB_AT_MTIME;
1449 		(void) smb_vop_setattr(vp, u_vp, &attr, 0, kcred);
1450 	}
1451 
1452 	smb_node_end_crit(snode);
1453 
1454 	return (rc);
1455 }
1456 
1457 /*
1458  * smb_fsop_statfs
1459  *
1460  * This is a wrapper function used for stat operations.
1461  */
1462 int
1463 smb_fsop_statfs(
1464     cred_t *cr,
1465     smb_node_t *snode,
1466     struct statvfs64 *statp)
1467 {
1468 	ASSERT(cr);
1469 	ASSERT(snode);
1470 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1471 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1472 
1473 	return (smb_vop_statfs(snode->vp, statp, cr));
1474 }
1475 
1476 /*
1477  * smb_fsop_access
1478  *
1479  * Named streams do not have separate permissions from the associated
1480  * unnamed stream.  Thus, if node is a named stream, the permissions
1481  * check will be performed on the associated unnamed stream.
1482  *
1483  * However, our named streams do have their own quarantine attribute,
1484  * separate from that on the unnamed stream. If READ or EXECUTE
1485  * access has been requested on a named stream, an additional access
1486  * check is performed on the named stream in case it has been
1487  * quarantined.  kcred is used to avoid issues with the permissions
1488  * set on the extended attribute file representing the named stream.
1489  */
1490 int
1491 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1492     uint32_t faccess)
1493 {
1494 	int access = 0;
1495 	int error;
1496 	vnode_t *dir_vp;
1497 	boolean_t acl_check = B_TRUE;
1498 	smb_node_t *unnamed_node;
1499 
1500 	ASSERT(sr);
1501 	ASSERT(cr);
1502 	ASSERT(snode);
1503 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1504 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1505 
1506 	/* Requests for no access should be denied. */
1507 	if (faccess == 0)
1508 		return (NT_STATUS_ACCESS_DENIED);
1509 
1510 	if (SMB_TREE_IS_READONLY(sr)) {
1511 		if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA|
1512 		    FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES|
1513 		    DELETE|WRITE_DAC|WRITE_OWNER)) {
1514 			return (NT_STATUS_ACCESS_DENIED);
1515 		}
1516 	}
1517 
1518 	if (smb_node_is_reparse(snode) && (faccess & DELETE))
1519 		return (NT_STATUS_ACCESS_DENIED);
1520 
1521 	unnamed_node = SMB_IS_STREAM(snode);
1522 	if (unnamed_node) {
1523 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1524 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1525 
1526 		/*
1527 		 * Perform VREAD access check on the named stream in case it
1528 		 * is quarantined. kcred is passed to smb_vop_access so it
1529 		 * doesn't fail due to lack of permission.
1530 		 */
1531 		if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) {
1532 			error = smb_vop_access(snode->vp, VREAD,
1533 			    0, NULL, kcred);
1534 			if (error)
1535 				return (NT_STATUS_ACCESS_DENIED);
1536 		}
1537 
1538 		/*
1539 		 * Streams authorization should be performed against the
1540 		 * unnamed stream.
1541 		 */
1542 		snode = unnamed_node;
1543 	}
1544 
1545 	if (faccess & ACCESS_SYSTEM_SECURITY) {
1546 		/*
1547 		 * This permission is required for reading/writing SACL and
1548 		 * it's not part of DACL. It's only granted via proper
1549 		 * privileges.
1550 		 */
1551 		if ((sr->uid_user->u_privileges &
1552 		    (SMB_USER_PRIV_BACKUP |
1553 		    SMB_USER_PRIV_RESTORE |
1554 		    SMB_USER_PRIV_SECURITY)) == 0)
1555 			return (NT_STATUS_PRIVILEGE_NOT_HELD);
1556 
1557 		faccess &= ~ACCESS_SYSTEM_SECURITY;
1558 	}
1559 
1560 	/* Links don't have ACL */
1561 	if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) ||
1562 	    smb_node_is_symlink(snode))
1563 		acl_check = B_FALSE;
1564 
1565 	/* Deny access based on the share access mask */
1566 
1567 	if ((faccess & ~sr->tid_tree->t_access) != 0)
1568 		return (NT_STATUS_ACCESS_DENIED);
1569 
1570 	if (acl_check) {
1571 		dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL;
1572 		error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp,
1573 		    cr);
1574 	} else {
1575 		/*
1576 		 * FS doesn't understand 32-bit mask, need to map
1577 		 */
1578 		if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA))
1579 			access |= VWRITE;
1580 
1581 		if (faccess & FILE_READ_DATA)
1582 			access |= VREAD;
1583 
1584 		if (faccess & FILE_EXECUTE)
1585 			access |= VEXEC;
1586 
1587 		error = smb_vop_access(snode->vp, access, 0, NULL, cr);
1588 	}
1589 
1590 	return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS);
1591 }
1592 
1593 /*
1594  * smb_fsop_lookup_name()
1595  *
1596  * If name indicates that the file is a stream file, perform
1597  * stream specific lookup, otherwise call smb_fsop_lookup.
1598  *
1599  * Return an error if the looked-up file is in outside the tree.
1600  * (Required when invoked from open path.)
1601  *
1602  * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1603  * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1604  * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1605  * flag is set in the flags value passed as a parameter, a case insensitive
1606  * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1607  * or not).
1608  */
1609 
1610 int
1611 smb_fsop_lookup_name(
1612     smb_request_t *sr,
1613     cred_t	*cr,
1614     int		flags,
1615     smb_node_t	*root_node,
1616     smb_node_t	*dnode,
1617     char	*name,
1618     smb_node_t	**ret_snode)
1619 {
1620 	smb_node_t	*fnode;
1621 	vnode_t		*xattrdirvp;
1622 	vnode_t		*vp;
1623 	char		*od_name;
1624 	char		*fname;
1625 	char		*sname;
1626 	int		rc;
1627 
1628 	ASSERT(cr);
1629 	ASSERT(dnode);
1630 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
1631 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
1632 
1633 	/*
1634 	 * The following check is required for streams processing, below
1635 	 */
1636 
1637 	if (!(flags & SMB_CASE_SENSITIVE)) {
1638 		if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1639 			flags |= SMB_IGNORE_CASE;
1640 	}
1641 
1642 	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1643 	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1644 
1645 	if (smb_is_stream_name(name)) {
1646 		smb_stream_parse_name(name, fname, sname);
1647 
1648 		/*
1649 		 * Look up the unnamed stream (i.e. fname).
1650 		 * Unmangle processing will be done on fname
1651 		 * as well as any link target.
1652 		 */
1653 		rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode,
1654 		    fname, &fnode);
1655 
1656 		if (rc != 0) {
1657 			kmem_free(fname, MAXNAMELEN);
1658 			kmem_free(sname, MAXNAMELEN);
1659 			return (rc);
1660 		}
1661 
1662 		od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1663 
1664 		/*
1665 		 * od_name is the on-disk name of the stream, except
1666 		 * without the prepended stream prefix (SMB_STREAM_PREFIX)
1667 		 */
1668 
1669 		/*
1670 		 * XXX
1671 		 * What permissions NTFS requires for stream lookup if any?
1672 		 */
1673 		rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name,
1674 		    &xattrdirvp, flags, root_node->vp, cr);
1675 
1676 		if (rc != 0) {
1677 			smb_node_release(fnode);
1678 			kmem_free(fname, MAXNAMELEN);
1679 			kmem_free(sname, MAXNAMELEN);
1680 			kmem_free(od_name, MAXNAMELEN);
1681 			return (rc);
1682 		}
1683 
1684 		*ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp,
1685 		    vp, od_name);
1686 
1687 		kmem_free(od_name, MAXNAMELEN);
1688 		smb_node_release(fnode);
1689 		VN_RELE(xattrdirvp);
1690 		VN_RELE(vp);
1691 
1692 		if (*ret_snode == NULL) {
1693 			kmem_free(fname, MAXNAMELEN);
1694 			kmem_free(sname, MAXNAMELEN);
1695 			return (ENOMEM);
1696 		}
1697 	} else {
1698 		rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, name,
1699 		    ret_snode);
1700 	}
1701 
1702 	if (rc == 0) {
1703 		ASSERT(ret_snode);
1704 		if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) {
1705 			smb_node_release(*ret_snode);
1706 			*ret_snode = NULL;
1707 			rc = EACCES;
1708 		}
1709 	}
1710 
1711 	kmem_free(fname, MAXNAMELEN);
1712 	kmem_free(sname, MAXNAMELEN);
1713 
1714 	return (rc);
1715 }
1716 
1717 /*
1718  * smb_fsop_lookup
1719  *
1720  * All SMB functions should use this smb_vop_lookup wrapper to ensure that
1721  * the smb_vop_lookup is performed with the appropriate credentials and using
1722  * case insensitive compares. Please document any direct call to smb_vop_lookup
1723  * to explain the reason for avoiding this wrapper.
1724  *
1725  * It is assumed that a reference exists on dnode coming into this routine
1726  * (and that it is safe from deallocation).
1727  *
1728  * Same with the root_node.
1729  *
1730  * *ret_snode is returned with a reference upon success.  No reference is
1731  * taken if an error is returned.
1732  *
1733  * Note: The returned ret_snode may be in a child mount.  This is ok for
1734  * readdir.
1735  *
1736  * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent
1737  * operations on files not in the parent mount.
1738  *
1739  * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1740  * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1741  * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1742  * flag is set in the flags value passed as a parameter, a case insensitive
1743  * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1744  * or not).
1745  */
1746 int
1747 smb_fsop_lookup(
1748     smb_request_t *sr,
1749     cred_t	*cr,
1750     int		flags,
1751     smb_node_t	*root_node,
1752     smb_node_t	*dnode,
1753     char	*name,
1754     smb_node_t	**ret_snode)
1755 {
1756 	smb_node_t *lnk_target_node;
1757 	smb_node_t *lnk_dnode;
1758 	char *longname;
1759 	char *od_name;
1760 	vnode_t *vp;
1761 	int rc;
1762 	int ret_flags;
1763 	smb_attr_t attr;
1764 
1765 	ASSERT(cr);
1766 	ASSERT(dnode);
1767 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
1768 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
1769 
1770 	if (name == NULL)
1771 		return (EINVAL);
1772 
1773 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
1774 		return (EACCES);
1775 
1776 	if (!(flags & SMB_CASE_SENSITIVE)) {
1777 		if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1778 			flags |= SMB_IGNORE_CASE;
1779 	}
1780 	if (SMB_TREE_SUPPORTS_CATIA(sr))
1781 		flags |= SMB_CATIA;
1782 	if (SMB_TREE_SUPPORTS_ABE(sr))
1783 		flags |= SMB_ABE;
1784 
1785 	od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1786 
1787 	rc = smb_vop_lookup(dnode->vp, name, &vp, od_name, flags,
1788 	    &ret_flags, root_node ? root_node->vp : NULL, &attr, cr);
1789 
1790 	if (rc != 0) {
1791 		if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
1792 		    !smb_maybe_mangled(name)) {
1793 			kmem_free(od_name, MAXNAMELEN);
1794 			return (rc);
1795 		}
1796 
1797 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1798 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
1799 		if (rc != 0) {
1800 			kmem_free(od_name, MAXNAMELEN);
1801 			kmem_free(longname, MAXNAMELEN);
1802 			return (rc);
1803 		}
1804 
1805 		/*
1806 		 * longname is the real (case-sensitive)
1807 		 * on-disk name.
1808 		 * We make sure we do a lookup on this exact
1809 		 * name, as the name was mangled and denotes
1810 		 * a unique file.
1811 		 */
1812 
1813 		if (flags & SMB_IGNORE_CASE)
1814 			flags &= ~SMB_IGNORE_CASE;
1815 
1816 		rc = smb_vop_lookup(dnode->vp, longname, &vp, od_name,
1817 		    flags, &ret_flags, root_node ? root_node->vp : NULL, &attr,
1818 		    cr);
1819 
1820 		kmem_free(longname, MAXNAMELEN);
1821 
1822 		if (rc != 0) {
1823 			kmem_free(od_name, MAXNAMELEN);
1824 			return (rc);
1825 		}
1826 	}
1827 
1828 	if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK) &&
1829 	    ((attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) == 0)) {
1830 		rc = smb_pathname(sr, od_name, FOLLOW, root_node, dnode,
1831 		    &lnk_dnode, &lnk_target_node, cr);
1832 
1833 		if (rc != 0) {
1834 			/*
1835 			 * The link is assumed to be for the last component
1836 			 * of a path.  Hence any ENOTDIR error will be returned
1837 			 * as ENOENT.
1838 			 */
1839 			if (rc == ENOTDIR)
1840 				rc = ENOENT;
1841 
1842 			VN_RELE(vp);
1843 			kmem_free(od_name, MAXNAMELEN);
1844 			return (rc);
1845 		}
1846 
1847 		/*
1848 		 * Release the original VLNK vnode
1849 		 */
1850 
1851 		VN_RELE(vp);
1852 		vp = lnk_target_node->vp;
1853 
1854 		rc = smb_vop_traverse_check(&vp);
1855 
1856 		if (rc != 0) {
1857 			smb_node_release(lnk_dnode);
1858 			smb_node_release(lnk_target_node);
1859 			kmem_free(od_name, MAXNAMELEN);
1860 			return (rc);
1861 		}
1862 
1863 		/*
1864 		 * smb_vop_traverse_check() may have returned a different vnode
1865 		 */
1866 
1867 		if (lnk_target_node->vp == vp) {
1868 			*ret_snode = lnk_target_node;
1869 		} else {
1870 			*ret_snode = smb_node_lookup(sr, NULL, cr, vp,
1871 			    lnk_target_node->od_name, lnk_dnode, NULL);
1872 			VN_RELE(vp);
1873 
1874 			if (*ret_snode == NULL)
1875 				rc = ENOMEM;
1876 			smb_node_release(lnk_target_node);
1877 		}
1878 
1879 		smb_node_release(lnk_dnode);
1880 
1881 	} else {
1882 
1883 		rc = smb_vop_traverse_check(&vp);
1884 		if (rc) {
1885 			VN_RELE(vp);
1886 			kmem_free(od_name, MAXNAMELEN);
1887 			return (rc);
1888 		}
1889 
1890 		*ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name,
1891 		    dnode, NULL);
1892 		VN_RELE(vp);
1893 
1894 		if (*ret_snode == NULL)
1895 			rc = ENOMEM;
1896 	}
1897 
1898 	kmem_free(od_name, MAXNAMELEN);
1899 	return (rc);
1900 }
1901 
1902 int /*ARGSUSED*/
1903 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode)
1904 {
1905 	ASSERT(cr);
1906 	ASSERT(snode);
1907 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1908 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1909 
1910 	ASSERT(sr);
1911 	ASSERT(sr->tid_tree);
1912 	if (SMB_TREE_IS_READONLY(sr))
1913 		return (EROFS);
1914 
1915 	return (smb_vop_commit(snode->vp, cr));
1916 }
1917 
1918 /*
1919  * smb_fsop_aclread
1920  *
1921  * Retrieve filesystem ACL. Depends on requested ACLs in
1922  * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in
1923  * fs_sd. Note that requesting a DACL/SACL doesn't mean that
1924  * the corresponding field in fs_sd should be non-NULL upon
1925  * return, since the target ACL might not contain that type of
1926  * entries.
1927  *
1928  * Returned ACL is always in ACE_T (aka ZFS) format.
1929  * If successful the allocated memory for the ACL should be freed
1930  * using smb_fsacl_free() or smb_fssd_term()
1931  */
1932 int
1933 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1934     smb_fssd_t *fs_sd)
1935 {
1936 	int error = 0;
1937 	int flags = 0;
1938 	int access = 0;
1939 	acl_t *acl;
1940 	smb_node_t *unnamed_node;
1941 
1942 	ASSERT(cr);
1943 
1944 	if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_ACL) == 0)
1945 		return (EACCES);
1946 
1947 	if (sr->fid_ofile) {
1948 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
1949 			access = READ_CONTROL;
1950 
1951 		if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
1952 			access |= ACCESS_SYSTEM_SECURITY;
1953 
1954 		error = smb_ofile_access(sr->fid_ofile, cr, access);
1955 		if (error != NT_STATUS_SUCCESS) {
1956 			return (EACCES);
1957 		}
1958 	}
1959 
1960 	unnamed_node = SMB_IS_STREAM(snode);
1961 	if (unnamed_node) {
1962 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1963 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1964 		/*
1965 		 * Streams don't have ACL, any read ACL attempt on a stream
1966 		 * should be performed on the unnamed stream.
1967 		 */
1968 		snode = unnamed_node;
1969 	}
1970 
1971 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS))
1972 		flags = ATTR_NOACLCHECK;
1973 
1974 	error = smb_vop_acl_read(snode->vp, &acl, flags,
1975 	    sr->tid_tree->t_acltype, cr);
1976 	if (error != 0) {
1977 		return (error);
1978 	}
1979 
1980 	error = acl_translate(acl, _ACL_ACE_ENABLED,
1981 	    smb_node_is_dir(snode), fs_sd->sd_uid, fs_sd->sd_gid);
1982 
1983 	if (error == 0) {
1984 		smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl,
1985 		    fs_sd->sd_secinfo);
1986 	}
1987 
1988 	acl_free(acl);
1989 	return (error);
1990 }
1991 
1992 /*
1993  * smb_fsop_aclwrite
1994  *
1995  * Stores the filesystem ACL provided in fs_sd->sd_acl.
1996  */
1997 int
1998 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1999     smb_fssd_t *fs_sd)
2000 {
2001 	int target_flavor;
2002 	int error = 0;
2003 	int flags = 0;
2004 	int access = 0;
2005 	acl_t *acl, *dacl, *sacl;
2006 	smb_node_t *unnamed_node;
2007 
2008 	ASSERT(cr);
2009 
2010 	ASSERT(sr);
2011 	ASSERT(sr->tid_tree);
2012 	if (SMB_TREE_IS_READONLY(sr))
2013 		return (EROFS);
2014 
2015 	if (SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_ACL) == 0)
2016 		return (EACCES);
2017 
2018 	if (sr->fid_ofile) {
2019 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2020 			access = WRITE_DAC;
2021 
2022 		if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2023 			access |= ACCESS_SYSTEM_SECURITY;
2024 
2025 		error = smb_ofile_access(sr->fid_ofile, cr, access);
2026 		if (error != NT_STATUS_SUCCESS)
2027 			return (EACCES);
2028 	}
2029 
2030 	switch (sr->tid_tree->t_acltype) {
2031 	case ACLENT_T:
2032 		target_flavor = _ACL_ACLENT_ENABLED;
2033 		break;
2034 
2035 	case ACE_T:
2036 		target_flavor = _ACL_ACE_ENABLED;
2037 		break;
2038 	default:
2039 		return (EINVAL);
2040 	}
2041 
2042 	unnamed_node = SMB_IS_STREAM(snode);
2043 	if (unnamed_node) {
2044 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2045 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2046 		/*
2047 		 * Streams don't have ACL, any write ACL attempt on a stream
2048 		 * should be performed on the unnamed stream.
2049 		 */
2050 		snode = unnamed_node;
2051 	}
2052 
2053 	dacl = fs_sd->sd_zdacl;
2054 	sacl = fs_sd->sd_zsacl;
2055 
2056 	ASSERT(dacl || sacl);
2057 	if ((dacl == NULL) && (sacl == NULL))
2058 		return (EINVAL);
2059 
2060 	if (dacl && sacl)
2061 		acl = smb_fsacl_merge(dacl, sacl);
2062 	else if (dacl)
2063 		acl = dacl;
2064 	else
2065 		acl = sacl;
2066 
2067 	error = acl_translate(acl, target_flavor, smb_node_is_dir(snode),
2068 	    fs_sd->sd_uid, fs_sd->sd_gid);
2069 	if (error == 0) {
2070 		if (smb_tree_has_feature(sr->tid_tree,
2071 		    SMB_TREE_ACEMASKONACCESS))
2072 			flags = ATTR_NOACLCHECK;
2073 
2074 		error = smb_vop_acl_write(snode->vp, acl, flags, cr);
2075 	}
2076 
2077 	if (dacl && sacl)
2078 		acl_free(acl);
2079 
2080 	return (error);
2081 }
2082 
2083 acl_type_t
2084 smb_fsop_acltype(smb_node_t *snode)
2085 {
2086 	return (smb_vop_acl_type(snode->vp));
2087 }
2088 
2089 /*
2090  * smb_fsop_sdread
2091  *
2092  * Read the requested security descriptor items from filesystem.
2093  * The items are specified in fs_sd->sd_secinfo.
2094  */
2095 int
2096 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2097     smb_fssd_t *fs_sd)
2098 {
2099 	int error = 0;
2100 	int getowner = 0;
2101 	cred_t *ga_cred;
2102 	smb_attr_t attr;
2103 
2104 	ASSERT(cr);
2105 	ASSERT(fs_sd);
2106 
2107 	/*
2108 	 * File's uid/gid is fetched in two cases:
2109 	 *
2110 	 * 1. it's explicitly requested
2111 	 *
2112 	 * 2. target ACL is ACE_T (ZFS ACL). They're needed for
2113 	 *    owner@/group@ entries. In this case kcred should be used
2114 	 *    because uid/gid are fetched on behalf of smb server.
2115 	 */
2116 	if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) {
2117 		getowner = 1;
2118 		ga_cred = cr;
2119 	} else if (sr->tid_tree->t_acltype == ACE_T) {
2120 		getowner = 1;
2121 		ga_cred = kcred;
2122 	}
2123 
2124 	if (getowner) {
2125 		/*
2126 		 * Windows require READ_CONTROL to read owner/group SID since
2127 		 * they're part of Security Descriptor.
2128 		 * ZFS only requires read_attribute. Need to have a explicit
2129 		 * access check here.
2130 		 */
2131 		if (sr->fid_ofile == NULL) {
2132 			error = smb_fsop_access(sr, ga_cred, snode,
2133 			    READ_CONTROL);
2134 			if (error)
2135 				return (EACCES);
2136 		}
2137 
2138 		attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2139 		error = smb_fsop_getattr(sr, ga_cred, snode, &attr);
2140 		if (error == 0) {
2141 			fs_sd->sd_uid = attr.sa_vattr.va_uid;
2142 			fs_sd->sd_gid = attr.sa_vattr.va_gid;
2143 		} else {
2144 			return (error);
2145 		}
2146 	}
2147 
2148 	if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2149 		error = smb_fsop_aclread(sr, cr, snode, fs_sd);
2150 	}
2151 
2152 	return (error);
2153 }
2154 
2155 /*
2156  * smb_fsop_sdmerge
2157  *
2158  * From SMB point of view DACL and SACL are two separate list
2159  * which can be manipulated independently without one affecting
2160  * the other, but entries for both DACL and SACL will end up
2161  * in the same ACL if target filesystem supports ACE_T ACLs.
2162  *
2163  * So, if either DACL or SACL is present in the client set request
2164  * the entries corresponding to the non-present ACL shouldn't
2165  * be touched in the FS ACL.
2166  *
2167  * fs_sd parameter contains DACL and SACL specified by SMB
2168  * client to be set on a file/directory. The client could
2169  * specify both or one of these ACLs (if none is specified
2170  * we don't get this far). When both DACL and SACL are given
2171  * by client the existing ACL should be overwritten. If only
2172  * one of them is specified the entries corresponding to the other
2173  * ACL should not be touched. For example, if only DACL
2174  * is specified in input fs_sd, the function reads audit entries
2175  * of the existing ACL of the file and point fs_sd->sd_zsdacl
2176  * pointer to the fetched SACL, this way when smb_fsop_sdwrite()
2177  * function is called the passed fs_sd would point to the specified
2178  * DACL by client and fetched SACL from filesystem, so the file
2179  * will end up with correct ACL.
2180  */
2181 static int
2182 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd)
2183 {
2184 	smb_fssd_t cur_sd;
2185 	int error = 0;
2186 
2187 	if (sr->tid_tree->t_acltype != ACE_T)
2188 		/* Don't bother if target FS doesn't support ACE_T */
2189 		return (0);
2190 
2191 	if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) {
2192 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) {
2193 			/*
2194 			 * Don't overwrite existing audit entries
2195 			 */
2196 			smb_fssd_init(&cur_sd, SMB_SACL_SECINFO,
2197 			    fs_sd->sd_flags);
2198 
2199 			error = smb_fsop_sdread(sr, kcred, snode, &cur_sd);
2200 			if (error == 0) {
2201 				ASSERT(fs_sd->sd_zsacl == NULL);
2202 				fs_sd->sd_zsacl = cur_sd.sd_zsacl;
2203 				if (fs_sd->sd_zsacl && fs_sd->sd_zdacl)
2204 					fs_sd->sd_zsacl->acl_flags =
2205 					    fs_sd->sd_zdacl->acl_flags;
2206 			}
2207 		} else {
2208 			/*
2209 			 * Don't overwrite existing access entries
2210 			 */
2211 			smb_fssd_init(&cur_sd, SMB_DACL_SECINFO,
2212 			    fs_sd->sd_flags);
2213 
2214 			error = smb_fsop_sdread(sr, kcred, snode, &cur_sd);
2215 			if (error == 0) {
2216 				ASSERT(fs_sd->sd_zdacl == NULL);
2217 				fs_sd->sd_zdacl = cur_sd.sd_zdacl;
2218 				if (fs_sd->sd_zdacl && fs_sd->sd_zsacl)
2219 					fs_sd->sd_zdacl->acl_flags =
2220 					    fs_sd->sd_zsacl->acl_flags;
2221 			}
2222 		}
2223 
2224 		if (error)
2225 			smb_fssd_term(&cur_sd);
2226 	}
2227 
2228 	return (error);
2229 }
2230 
2231 /*
2232  * smb_fsop_sdwrite
2233  *
2234  * Stores the given uid, gid and acl in filesystem.
2235  * Provided items in fs_sd are specified by fs_sd->sd_secinfo.
2236  *
2237  * A SMB security descriptor could contain owner, primary group,
2238  * DACL and SACL. Setting an SD should be atomic but here it has to
2239  * be done via two separate FS operations: VOP_SETATTR and
2240  * VOP_SETSECATTR. Therefore, this function has to simulate the
2241  * atomicity as well as it can.
2242  *
2243  * Get the current uid, gid before setting the new uid/gid
2244  * so if smb_fsop_aclwrite fails they can be restored. root cred is
2245  * used to get currend uid/gid since this operation is performed on
2246  * behalf of the server not the user.
2247  *
2248  * If setting uid/gid fails with EPERM it means that and invalid
2249  * owner has been specified. Callers should translate this to
2250  * STATUS_INVALID_OWNER which is not the normal mapping for EPERM
2251  * in upper layers, so EPERM is mapped to EBADE.
2252  */
2253 int
2254 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2255     smb_fssd_t *fs_sd, int overwrite)
2256 {
2257 	int error = 0;
2258 	int access = 0;
2259 	smb_attr_t set_attr;
2260 	smb_attr_t orig_attr;
2261 
2262 	ASSERT(cr);
2263 	ASSERT(fs_sd);
2264 
2265 	ASSERT(sr);
2266 	ASSERT(sr->tid_tree);
2267 	if (SMB_TREE_IS_READONLY(sr))
2268 		return (EROFS);
2269 
2270 	bzero(&set_attr, sizeof (smb_attr_t));
2271 
2272 	if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
2273 		set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
2274 		set_attr.sa_mask |= SMB_AT_UID;
2275 		access |= WRITE_OWNER;
2276 	}
2277 
2278 	if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
2279 		set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
2280 		set_attr.sa_mask |= SMB_AT_GID;
2281 		access |= WRITE_OWNER;
2282 	}
2283 
2284 	if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2285 		access |= WRITE_DAC;
2286 
2287 	if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2288 		access |= ACCESS_SYSTEM_SECURITY;
2289 
2290 	if (sr->fid_ofile)
2291 		error = smb_ofile_access(sr->fid_ofile, cr, access);
2292 	else
2293 		error = smb_fsop_access(sr, cr, snode, access);
2294 
2295 	if (error)
2296 		return (EACCES);
2297 
2298 	if (set_attr.sa_mask) {
2299 		orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2300 		error = smb_fsop_getattr(sr, kcred, snode, &orig_attr);
2301 		if (error == 0) {
2302 			error = smb_fsop_setattr(sr, cr, snode, &set_attr);
2303 			if (error == EPERM)
2304 				error = EBADE;
2305 		}
2306 
2307 		if (error)
2308 			return (error);
2309 	}
2310 
2311 	if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2312 		if (overwrite == 0) {
2313 			error = smb_fsop_sdmerge(sr, snode, fs_sd);
2314 			if (error)
2315 				return (error);
2316 		}
2317 
2318 		error = smb_fsop_aclwrite(sr, cr, snode, fs_sd);
2319 		if (error) {
2320 			/*
2321 			 * Revert uid/gid changes if required.
2322 			 */
2323 			if (set_attr.sa_mask) {
2324 				orig_attr.sa_mask = set_attr.sa_mask;
2325 				(void) smb_fsop_setattr(sr, kcred, snode,
2326 				    &orig_attr);
2327 			}
2328 		}
2329 	}
2330 
2331 	return (error);
2332 }
2333 
2334 /*
2335  * smb_fsop_sdinherit
2336  *
2337  * Inherit the security descriptor from the parent container.
2338  * This function is called after FS has created the file/folder
2339  * so if this doesn't do anything it means FS inheritance is
2340  * in place.
2341  *
2342  * Do inheritance for ZFS internally.
2343  *
2344  * If we want to let ZFS does the inheritance the
2345  * following setting should be true:
2346  *
2347  *  - aclinherit = passthrough
2348  *  - aclmode = passthrough
2349  *  - smbd umask = 0777
2350  *
2351  * This will result in right effective permissions but
2352  * ZFS will always add 6 ACEs for owner, owning group
2353  * and others to be POSIX compliant. This is not what
2354  * Windows clients/users expect, so we decided that CIFS
2355  * implements Windows rules and overwrite whatever ZFS
2356  * comes up with. This way we also don't have to care
2357  * about ZFS aclinherit and aclmode settings.
2358  */
2359 static int
2360 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd)
2361 {
2362 	acl_t *dacl = NULL;
2363 	acl_t *sacl = NULL;
2364 	int is_dir;
2365 	int error;
2366 
2367 	ASSERT(fs_sd);
2368 
2369 	if (sr->tid_tree->t_acltype != ACE_T) {
2370 		/*
2371 		 * No forced inheritance for non-ZFS filesystems.
2372 		 */
2373 		fs_sd->sd_secinfo = 0;
2374 		return (0);
2375 	}
2376 
2377 
2378 	/* Fetch parent directory's ACL */
2379 	error = smb_fsop_sdread(sr, kcred, dnode, fs_sd);
2380 	if (error) {
2381 		return (error);
2382 	}
2383 
2384 	is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR);
2385 	dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO,
2386 	    sr->user_cr);
2387 	sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO,
2388 	    sr->user_cr);
2389 
2390 	if (sacl == NULL)
2391 		fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO;
2392 
2393 	smb_fsacl_free(fs_sd->sd_zdacl);
2394 	smb_fsacl_free(fs_sd->sd_zsacl);
2395 
2396 	fs_sd->sd_zdacl = dacl;
2397 	fs_sd->sd_zsacl = sacl;
2398 
2399 	return (0);
2400 }
2401 
2402 /*
2403  * smb_fsop_eaccess
2404  *
2405  * Returns the effective permission of the given credential for the
2406  * specified object.
2407  *
2408  * This is just a workaround. We need VFS/FS support for this.
2409  */
2410 void
2411 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2412     uint32_t *eaccess)
2413 {
2414 	int access = 0;
2415 	vnode_t *dir_vp;
2416 	smb_node_t *unnamed_node;
2417 
2418 	ASSERT(cr);
2419 	ASSERT(snode);
2420 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
2421 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
2422 
2423 	unnamed_node = SMB_IS_STREAM(snode);
2424 	if (unnamed_node) {
2425 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2426 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2427 		/*
2428 		 * Streams authorization should be performed against the
2429 		 * unnamed stream.
2430 		 */
2431 		snode = unnamed_node;
2432 	}
2433 
2434 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) {
2435 		dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL;
2436 		smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp,
2437 		    cr);
2438 		return;
2439 	}
2440 
2441 	/*
2442 	 * FS doesn't understand 32-bit mask
2443 	 */
2444 	smb_vop_eaccess(snode->vp, &access, 0, NULL, cr);
2445 	access &= sr->tid_tree->t_access;
2446 
2447 	*eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES;
2448 
2449 	if (access & VREAD)
2450 		*eaccess |= FILE_READ_DATA;
2451 
2452 	if (access & VEXEC)
2453 		*eaccess |= FILE_EXECUTE;
2454 
2455 	if (access & VWRITE)
2456 		*eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES |
2457 		    FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD;
2458 }
2459 
2460 /*
2461  * smb_fsop_shrlock
2462  *
2463  * For the current open request, check file sharing rules
2464  * against existing opens.
2465  *
2466  * Returns NT_STATUS_SHARING_VIOLATION if there is any
2467  * sharing conflict.  Returns NT_STATUS_SUCCESS otherwise.
2468  *
2469  * Full system-wide share reservation synchronization is available
2470  * when the nbmand (non-blocking mandatory) mount option is set
2471  * (i.e. nbl_need_crit() is true) and nbmand critical regions are used.
2472  * This provides synchronization with NFS and local processes.  The
2473  * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called
2474  * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well
2475  * as the CIFS rename and delete paths.
2476  *
2477  * The CIFS server will also enter the nbl critical region in the open,
2478  * rename, and delete paths when nbmand is not set.  There is limited
2479  * coordination with local and VFS share reservations in this case.
2480  * Note that when the nbmand mount option is not set, the VFS layer
2481  * only processes advisory reservations and the delete mode is not checked.
2482  *
2483  * Whether or not the nbmand mount option is set, intra-CIFS share
2484  * checking is done in the open, delete, and rename paths using a CIFS
2485  * critical region (node->n_share_lock).
2486  */
2487 uint32_t
2488 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid,
2489     uint32_t desired_access, uint32_t share_access)
2490 {
2491 	int rc;
2492 
2493 	/* Allow access if the request is just for meta data */
2494 	if ((desired_access & FILE_DATA_ALL) == 0)
2495 		return (NT_STATUS_SUCCESS);
2496 
2497 	rc = smb_node_open_check(node, desired_access, share_access);
2498 	if (rc)
2499 		return (NT_STATUS_SHARING_VIOLATION);
2500 
2501 	rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access,
2502 	    cr);
2503 	if (rc)
2504 		return (NT_STATUS_SHARING_VIOLATION);
2505 
2506 	return (NT_STATUS_SUCCESS);
2507 }
2508 
2509 void
2510 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid)
2511 {
2512 	(void) smb_vop_unshrlock(node->vp, uniq_fid, cr);
2513 }
2514 
2515 int
2516 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock,
2517     cred_t *cr)
2518 {
2519 	flock64_t bf;
2520 	int flag = F_REMOTELOCK;
2521 
2522 	/*
2523 	 * VOP_FRLOCK() will not be called if:
2524 	 *
2525 	 * 1) The lock has a range of zero bytes. The semantics of Windows and
2526 	 *    POSIX are different. In the case of POSIX it asks for the locking
2527 	 *    of all the bytes from the offset provided until the end of the
2528 	 *    file. In the case of Windows a range of zero locks nothing and
2529 	 *    doesn't conflict with any other lock.
2530 	 *
2531 	 * 2) The lock rolls over (start + lenght < start). Solaris will assert
2532 	 *    if such a request is submitted. This will not create
2533 	 *    incompatibilities between POSIX and Windows. In the Windows world,
2534 	 *    if a client submits such a lock, the server will not lock any
2535 	 *    bytes. Interestingly if the same lock (same offset and length) is
2536 	 *    resubmitted Windows will consider that there is an overlap and
2537 	 *    the granting rules will then apply.
2538 	 */
2539 	if ((lock->l_length == 0) ||
2540 	    ((lock->l_start + lock->l_length - 1) < lock->l_start))
2541 		return (0);
2542 
2543 	bzero(&bf, sizeof (bf));
2544 
2545 	if (unlock) {
2546 		bf.l_type = F_UNLCK;
2547 	} else if (lock->l_type == SMB_LOCK_TYPE_READONLY) {
2548 		bf.l_type = F_RDLCK;
2549 		flag |= FREAD;
2550 	} else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) {
2551 		bf.l_type = F_WRLCK;
2552 		flag |= FWRITE;
2553 	}
2554 
2555 	bf.l_start = lock->l_start;
2556 	bf.l_len = lock->l_length;
2557 	bf.l_pid = lock->l_file->f_uniqid;
2558 	bf.l_sysid = smb_ct.cc_sysid;
2559 
2560 	return (smb_vop_frlock(node->vp, cr, flag, &bf));
2561 }
2562