xref: /titanic_44/usr/src/uts/common/fs/smbsrv/smb_tree.c (revision 82d5eb48a7d00754517c192ba2dd23cb68997b3c)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * General Structures Layout
28  * -------------------------
29  *
30  * This is a simplified diagram showing the relationship between most of the
31  * main structures.
32  *
33  * +-------------------+
34  * |     SMB_INFO      |
35  * +-------------------+
36  *          |
37  *          |
38  *          v
39  * +-------------------+       +-------------------+      +-------------------+
40  * |     SESSION       |<----->|     SESSION       |......|      SESSION      |
41  * +-------------------+       +-------------------+      +-------------------+
42  *          |
43  *          |
44  *          v
45  * +-------------------+       +-------------------+      +-------------------+
46  * |       USER        |<----->|       USER        |......|       USER        |
47  * +-------------------+       +-------------------+      +-------------------+
48  *          |
49  *          |
50  *          v
51  * +-------------------+       +-------------------+      +-------------------+
52  * |       TREE        |<----->|       TREE        |......|       TREE        |
53  * +-------------------+       +-------------------+      +-------------------+
54  *      |         |
55  *      |         |
56  *      |         v
57  *      |     +-------+       +-------+      +-------+
58  *      |     | OFILE |<----->| OFILE |......| OFILE |
59  *      |     +-------+       +-------+      +-------+
60  *      |
61  *      |
62  *      v
63  *  +-------+       +------+      +------+
64  *  | ODIR  |<----->| ODIR |......| ODIR |
65  *  +-------+       +------+      +------+
66  *
67  *
68  * Tree State Machine
69  * ------------------
70  *
71  *    +-----------------------------+	 T0
72  *    |  SMB_TREE_STATE_CONNECTED   |<----------- Creation/Allocation
73  *    +-----------------------------+
74  *		    |
75  *		    | T1
76  *		    |
77  *		    v
78  *    +------------------------------+
79  *    | SMB_TREE_STATE_DISCONNECTING |
80  *    +------------------------------+
81  *		    |
82  *		    | T2
83  *		    |
84  *		    v
85  *    +-----------------------------+    T3
86  *    | SMB_TREE_STATE_DISCONNECTED |----------> Deletion/Free
87  *    +-----------------------------+
88  *
89  * SMB_TREE_STATE_CONNECTED
90  *
91  *    While in this state:
92  *      - The tree is queued in the list of trees of its user.
93  *      - References will be given out if the tree is looked up.
94  *      - Files under that tree can be accessed.
95  *
96  * SMB_TREE_STATE_DISCONNECTING
97  *
98  *    While in this state:
99  *      - The tree is queued in the list of trees of its user.
100  *      - References will not be given out if the tree is looked up.
101  *      - The files and directories open under the tree are being closed.
102  *      - The resources associated with the tree remain.
103  *
104  * SMB_TREE_STATE_DISCONNECTED
105  *
106  *    While in this state:
107  *      - The tree is queued in the list of trees of its user.
108  *      - References will not be given out if the tree is looked up.
109  *      - The tree has no more files and directories opened.
110  *      - The resources associated with the tree remain.
111  *
112  * Transition T0
113  *
114  *    This transition occurs in smb_tree_connect(). A new tree is created and
115  *    added to the list of trees of a user.
116  *
117  * Transition T1
118  *
119  *    This transition occurs in smb_tree_disconnect().
120  *
121  * Transition T2
122  *
123  *    This transition occurs in smb_tree_release(). The resources associated
124  *    with the tree are freed as well as the tree structure. For the transition
125  *    to occur, the tree must be in the SMB_TREE_STATE_DISCONNECTED state and
126  *    the reference count be zero.
127  *
128  * Comments
129  * --------
130  *
131  *    The state machine of the tree structures is controlled by 3 elements:
132  *      - The list of trees of the user it belongs to.
133  *      - The mutex embedded in the structure itself.
134  *      - The reference count.
135  *
136  *    There's a mutex embedded in the tree structure used to protect its fields
137  *    and there's a lock embedded in the list of trees of a user. To
138  *    increment or to decrement the reference count the mutex must be entered.
139  *    To insert the tree into the list of trees of the user and to remove
140  *    the tree from it, the lock must be entered in RW_WRITER mode.
141  *
142  *    Rules of access to a tree structure:
143  *
144  *    1) In order to avoid deadlocks, when both (mutex and lock of the user
145  *       list) have to be entered, the lock must be entered first.
146  *
147  *    2) All actions applied to a tree require a reference count.
148  *
149  *    3) There are 2 ways of getting a reference count: when a tree is
150  *       connected and when a tree is looked up.
151  *
152  *    It should be noted that the reference count of a tree registers the
153  *    number of references to the tree in other structures (such as an smb
154  *    request). The reference count is not incremented in these 2 instances:
155  *
156  *    1) The tree is connected. An tree is anchored by his state. If there's
157  *       no activity involving a tree currently connected, the reference
158  *       count of that tree is zero.
159  *
160  *    2) The tree is queued in the list of trees of the user. The fact of
161  *       being queued in that list is NOT registered by incrementing the
162  *       reference count.
163  */
164 #include <sys/types.h>
165 #include <sys/refstr_impl.h>
166 #include <sys/feature_tests.h>
167 #include <sys/sunddi.h>
168 #include <sys/fsid.h>
169 #include <sys/vfs.h>
170 #include <sys/stat.h>
171 #include <sys/varargs.h>
172 #include <smbsrv/smb_incl.h>
173 #include <smbsrv/lmerr.h>
174 #include <smbsrv/smb_fsops.h>
175 #include <smbsrv/smb_door_svc.h>
176 #include <smbsrv/smb_share.h>
177 #include <sys/pathname.h>
178 
179 int smb_tcon_mute = 0;
180 
181 static smb_tree_t *smb_tree_connect_disk(smb_request_t *, const char *);
182 static smb_tree_t *smb_tree_connect_ipc(smb_request_t *, const char *);
183 static smb_tree_t *smb_tree_alloc(smb_user_t *, const char *, const char *,
184     int32_t, smb_node_t *, uint32_t);
185 static void smb_tree_dealloc(smb_tree_t *);
186 static boolean_t smb_tree_is_connected(smb_tree_t *);
187 static boolean_t smb_tree_is_disconnected(smb_tree_t *);
188 static const char *smb_tree_get_sharename(const char *);
189 static int smb_tree_get_stype(const char *, const char *, int32_t *);
190 static int smb_tree_getattr(smb_node_t *, smb_tree_t *);
191 static void smb_tree_get_volname(vfs_t *, smb_tree_t *);
192 static void smb_tree_get_flags(vfs_t *, smb_tree_t *);
193 static void smb_tree_log(smb_request_t *, const char *, const char *, ...);
194 static void smb_tree_close_odirs(smb_tree_t *, uint16_t);
195 static smb_odir_t *smb_tree_get_odir(smb_tree_t *, smb_odir_t *);
196 
197 /*
198  * Extract the share name and share type and connect as appropriate.
199  * Share names are case insensitive so we map the share name to
200  * lower-case as a convenience for internal processing.
201  */
202 smb_tree_t *
203 smb_tree_connect(smb_request_t *sr)
204 {
205 	char *unc_path = sr->arg.tcon.path;
206 	char *service = sr->arg.tcon.service;
207 	smb_tree_t *tree = NULL;
208 	const char *name;
209 	int32_t stype;
210 
211 	(void) utf8_strlwr(unc_path);
212 
213 	if ((name = smb_tree_get_sharename(unc_path)) == NULL) {
214 		smbsr_error(sr, 0, ERRSRV, ERRinvnetname);
215 		return (NULL);
216 	}
217 
218 	if (smb_tree_get_stype(name, service, &stype) != 0) {
219 		smbsr_error(sr, NT_STATUS_BAD_DEVICE_TYPE,
220 		    ERRDOS, ERROR_BAD_DEV_TYPE);
221 		return (NULL);
222 	}
223 
224 	switch (stype & STYPE_MASK) {
225 	case STYPE_DISKTREE:
226 		tree = smb_tree_connect_disk(sr, name);
227 		break;
228 
229 	case STYPE_IPC:
230 		tree = smb_tree_connect_ipc(sr, name);
231 		break;
232 
233 	default:
234 		smbsr_error(sr, NT_STATUS_BAD_DEVICE_TYPE,
235 		    ERRDOS, ERROR_BAD_DEV_TYPE);
236 		break;
237 	}
238 
239 	return (tree);
240 }
241 
242 /*
243  * Disconnect a tree.
244  */
245 void
246 smb_tree_disconnect(
247     smb_tree_t	*tree)
248 {
249 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
250 
251 	mutex_enter(&tree->t_mutex);
252 	ASSERT(tree->t_refcnt);
253 
254 	if (smb_tree_is_connected(tree)) {
255 		/*
256 		 * Indicate that the disconnect process has started.
257 		 */
258 		tree->t_state = SMB_TREE_STATE_DISCONNECTING;
259 		mutex_exit(&tree->t_mutex);
260 		atomic_dec_32(&tree->t_server->sv_open_trees);
261 
262 		/*
263 		 * The files opened under this tree are closed.
264 		 */
265 		smb_ofile_close_all(tree);
266 		/*
267 		 * The directories opened under this tree are closed.
268 		 */
269 		smb_tree_close_odirs(tree, 0);
270 		mutex_enter(&tree->t_mutex);
271 		tree->t_state = SMB_TREE_STATE_DISCONNECTED;
272 	}
273 
274 	mutex_exit(&tree->t_mutex);
275 }
276 
277 /*
278  * Take a reference on a tree.
279  */
280 boolean_t
281 smb_tree_hold(
282     smb_tree_t		*tree)
283 {
284 	ASSERT(tree);
285 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
286 
287 	mutex_enter(&tree->t_mutex);
288 
289 	if (smb_tree_is_connected(tree)) {
290 		tree->t_refcnt++;
291 		mutex_exit(&tree->t_mutex);
292 		return (B_TRUE);
293 	}
294 
295 	mutex_exit(&tree->t_mutex);
296 	return (B_FALSE);
297 }
298 
299 /*
300  * Release a reference on a tree.  If the tree is disconnected and the
301  * reference count falls to zero, the tree will be deallocated.
302  */
303 void
304 smb_tree_release(
305     smb_tree_t		*tree)
306 {
307 	ASSERT(tree);
308 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
309 
310 	mutex_enter(&tree->t_mutex);
311 	ASSERT(tree->t_refcnt);
312 	tree->t_refcnt--;
313 
314 	if (smb_tree_is_disconnected(tree) && (tree->t_refcnt == 0)) {
315 		mutex_exit(&tree->t_mutex);
316 		smb_tree_dealloc(tree);
317 		return;
318 	}
319 
320 	mutex_exit(&tree->t_mutex);
321 }
322 
323 /*
324  * Close ofiles and odirs that match pid.
325  */
326 void
327 smb_tree_close_pid(
328     smb_tree_t		*tree,
329     uint16_t		pid)
330 {
331 	ASSERT(tree);
332 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
333 
334 	smb_ofile_close_all_by_pid(tree, pid);
335 	smb_tree_close_odirs(tree, pid);
336 }
337 
338 /*
339  * Check whether or not a tree supports the features identified by flags.
340  */
341 boolean_t
342 smb_tree_has_feature(smb_tree_t *tree, uint32_t flags)
343 {
344 	ASSERT(tree);
345 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
346 
347 	return ((tree->t_flags & flags) == flags);
348 }
349 
350 
351 /* *************************** Static Functions ***************************** */
352 #define	SHARES_DIR	".zfs/shares/"
353 static void
354 smb_tree_acl_access(cred_t *cred, const char *sharename, vnode_t *pathvp,
355 		    uint32_t *access)
356 {
357 	int rc;
358 	vfs_t *vfsp;
359 	vnode_t *root = NULL;
360 	vnode_t *sharevp = NULL;
361 	char *sharepath;
362 	struct pathname pnp;
363 	size_t size;
364 
365 	*access = ACE_ALL_PERMS; /* default to full "UNIX" access */
366 
367 	/*
368 	 * Using the vnode of the share path, we then find the root
369 	 * directory of the mounted file system. We will then look to
370 	 * see if there is a .zfs/shares directory and if there is,
371 	 * get the access information from the ACL/ACES values and
372 	 * check against the cred.
373 	 */
374 	vfsp = pathvp->v_vfsp;
375 	if (vfsp != NULL)
376 		rc = VFS_ROOT(vfsp, &root);
377 	else
378 		rc = ENOENT;
379 
380 	if (rc != 0)
381 		return;
382 
383 
384 	/*
385 	 * Find the share object, if there is one. Need to construct
386 	 * the path to the .zfs/shares/<sharename> object and look it
387 	 * up.  root is called held but will be released by
388 	 * lookuppnvp().
389 	 */
390 
391 	size = sizeof (SHARES_DIR) + strlen(sharename) + 1;
392 	sharepath = kmem_alloc(size, KM_SLEEP);
393 	(void) sprintf(sharepath, "%s%s", SHARES_DIR, sharename);
394 
395 	pn_alloc(&pnp);
396 	(void) pn_set(&pnp, sharepath);
397 	rc = lookuppnvp(&pnp, NULL, NO_FOLLOW, NULL,
398 	    &sharevp, rootdir, root, kcred);
399 	pn_free(&pnp);
400 
401 	kmem_free(sharepath, size);
402 
403 	/*
404 	 * Now get the effective access value based on cred and ACL
405 	 * values.
406 	 */
407 
408 	if (rc == 0)
409 		smb_vop_eaccess(sharevp, (int *)access, V_ACE_MASK, NULL, cred);
410 
411 }
412 
413 /*
414  * Connect a share for use with files and directories.
415  */
416 
417 static smb_tree_t *
418 smb_tree_connect_disk(smb_request_t *sr, const char *sharename)
419 {
420 	smb_user_t		*user = sr->uid_user;
421 	smb_node_t		*dir_snode = NULL;
422 	smb_node_t		*snode = NULL;
423 	char			last_component[MAXNAMELEN];
424 	smb_tree_t		*tree;
425 	smb_share_t 		*si;
426 	smb_attr_t		attr;
427 	cred_t			*u_cred;
428 	int			rc;
429 	uint32_t		access = 0; /* read/write is assumed */
430 	uint32_t		hostaccess = ACE_ALL_PERMS;
431 	uint32_t		aclaccess;
432 
433 	ASSERT(user);
434 	u_cred = user->u_cred;
435 	ASSERT(u_cred);
436 
437 	if (user->u_flags & SMB_USER_FLAG_IPC) {
438 		smb_tree_log(sr, sharename, "access denied: IPC only");
439 		smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRSRV, ERRaccess);
440 		return (NULL);
441 	}
442 
443 	si = kmem_zalloc(sizeof (smb_share_t), KM_SLEEP);
444 
445 	if (smb_kshare_getinfo(sr->sr_server->sv_lmshrd, (char *)sharename, si,
446 	    &sr->session->ipaddr) != NERR_Success) {
447 		smb_tree_log(sr, sharename, "share not found");
448 		smbsr_error(sr, 0, ERRSRV, ERRinvnetname);
449 		kmem_free(si, sizeof (smb_share_t));
450 		return (NULL);
451 	}
452 
453 	/*
454 	 * Handle the default administration shares: C$, D$ etc.
455 	 * Only a user with admin rights is allowed to map these
456 	 * shares.
457 	 */
458 	if (si->shr_flags & SMB_SHRF_ADMIN) {
459 		if (!smb_user_is_admin(user)) {
460 			smb_tree_log(sr, sharename, "access denied: not admin");
461 			smbsr_error(sr, NT_STATUS_ACCESS_DENIED,
462 			    ERRSRV, ERRaccess);
463 			kmem_free(si, sizeof (smb_share_t));
464 			return (NULL);
465 		}
466 	}
467 
468 	/*
469 	 * Set up the OptionalSupport for this share.
470 	 */
471 	sr->arg.tcon.optional_support = SMB_SUPPORT_SEARCH_BITS;
472 
473 	switch (si->shr_flags & SMB_SHRF_CSC_MASK) {
474 	case SMB_SHRF_CSC_DISABLED:
475 		sr->arg.tcon.optional_support |= SMB_CSC_CACHE_NONE;
476 		break;
477 	case SMB_SHRF_CSC_AUTO:
478 		sr->arg.tcon.optional_support |= SMB_CSC_CACHE_AUTO_REINT;
479 		break;
480 	case SMB_SHRF_CSC_VDO:
481 		sr->arg.tcon.optional_support |= SMB_CSC_CACHE_VDO;
482 		break;
483 	case SMB_SHRF_CSC_MANUAL:
484 	default:
485 		/*
486 		 * Default to SMB_CSC_CACHE_MANUAL_REINT.
487 		 */
488 		break;
489 	}
490 
491 	access = si->shr_access_value & SMB_SHRF_ACC_ALL;
492 
493 	if (access == SMB_SHRF_ACC_RO) {
494 		hostaccess &= ~ACE_ALL_WRITE_PERMS;
495 	} else if (access == SMB_SHRF_ACC_NONE) {
496 		kmem_free(si, sizeof (smb_share_t));
497 		smb_tree_log(sr, sharename, "access denied: host access");
498 		smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRSRV, ERRaccess);
499 		return (NULL);
500 	}
501 
502 	/*
503 	 * Check that the shared directory exists.
504 	 */
505 	rc = smb_pathname_reduce(sr, u_cred, si->shr_path, 0, 0, &dir_snode,
506 	    last_component);
507 
508 	if (rc == 0) {
509 		rc = smb_fsop_lookup(sr, u_cred, SMB_FOLLOW_LINKS, 0,
510 		    dir_snode, last_component, &snode, &attr, 0, 0);
511 
512 		smb_node_release(dir_snode);
513 	}
514 
515 	if (rc) {
516 		if (snode)
517 			smb_node_release(snode);
518 
519 		smb_tree_log(sr, sharename, "bad path: %s", si->shr_path);
520 		smbsr_error(sr, 0, ERRSRV, ERRinvnetname);
521 		kmem_free(si, sizeof (smb_share_t));
522 		return (NULL);
523 	}
524 
525 	/*
526 	 * Find share level ACL if it exists in the designated
527 	 * location. Needs to be done after finding a valid path but
528 	 * before the tree is allocated.
529 	 */
530 	smb_tree_acl_access(u_cred, sharename, snode->vp, &aclaccess);
531 	/* if an error, then no share file -- default to no ACL */
532 	if (rc == 0) {
533 		/*
534 		 * There need to be some permissions in order to have
535 		 * any access.
536 		 */
537 		if ((aclaccess & ACE_ALL_PERMS) == 0) {
538 			smb_tree_log(sr, sharename, "access denied: share ACL");
539 			smbsr_error(sr, 0, ERRSRV, ERRaccess);
540 			kmem_free(si, sizeof (smb_share_t));
541 			smb_node_release(snode);
542 			return (NULL);
543 		}
544 	}
545 
546 	/*
547 	 * Set tree ACL access to the minimum ACL permissions based on
548 	 * hostaccess (those allowed by host based access) and
549 	 * aclaccess (those from the ACL object for the share). This
550 	 * is done during the alloc.
551 	 */
552 	tree = smb_tree_alloc(user, sharename, si->shr_path, STYPE_DISKTREE,
553 	    snode, hostaccess & aclaccess);
554 
555 	if (tree == NULL)
556 		smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRSRV, ERRaccess);
557 
558 	smb_node_release(snode);
559 	kmem_free(si, sizeof (smb_share_t));
560 	return (tree);
561 }
562 
563 /*
564  * Connect an IPC share for use with named pipes.
565  */
566 static smb_tree_t *
567 smb_tree_connect_ipc(smb_request_t *sr, const char *name)
568 {
569 	smb_user_t *user = sr->uid_user;
570 	smb_tree_t *tree;
571 
572 	ASSERT(user);
573 
574 	if ((user->u_flags & SMB_USER_FLAG_IPC) &&
575 	    sr->sr_cfg->skc_restrict_anon) {
576 		smb_tree_log(sr, name, "access denied: restrict anonymous");
577 		smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRSRV, ERRaccess);
578 		return (NULL);
579 	}
580 
581 	sr->arg.tcon.optional_support = SMB_SUPPORT_SEARCH_BITS;
582 
583 	tree = smb_tree_alloc(user, name, name, STYPE_IPC, NULL, ACE_ALL_PERMS);
584 	if (tree == NULL) {
585 		smb_tree_log(sr, name, "access denied");
586 		smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRSRV, ERRaccess);
587 	}
588 
589 	return (tree);
590 }
591 
592 /*
593  * Allocate a tree.
594  */
595 static smb_tree_t *
596 smb_tree_alloc(
597     smb_user_t		*user,
598     const char		*sharename,
599     const char		*resource,
600     int32_t		stype,
601     smb_node_t		*snode,
602     uint32_t access)
603 {
604 	smb_tree_t	*tree;
605 	uint16_t	tid;
606 
607 	if (smb_idpool_alloc(&user->u_tid_pool, &tid))
608 		return (NULL);
609 
610 	tree = kmem_cache_alloc(user->u_server->si_cache_tree, KM_SLEEP);
611 	bzero(tree, sizeof (smb_tree_t));
612 
613 	if (STYPE_ISDSK(stype)) {
614 		if (smb_tree_getattr(snode, tree) != 0) {
615 			smb_idpool_free(&user->u_tid_pool, tid);
616 			kmem_cache_free(user->u_server->si_cache_tree, tree);
617 			return (NULL);
618 		}
619 	}
620 
621 	if (smb_idpool_constructor(&tree->t_fid_pool)) {
622 		smb_idpool_free(&user->u_tid_pool, tid);
623 		kmem_cache_free(user->u_server->si_cache_tree, tree);
624 		return (NULL);
625 	}
626 
627 	if (smb_idpool_constructor(&tree->t_odid_pool)) {
628 		smb_idpool_destructor(&tree->t_fid_pool);
629 		smb_idpool_free(&user->u_tid_pool, tid);
630 		kmem_cache_free(user->u_server->si_cache_tree, tree);
631 		return (NULL);
632 	}
633 
634 	smb_llist_constructor(&tree->t_ofile_list, sizeof (smb_ofile_t),
635 	    offsetof(smb_ofile_t, f_lnd));
636 
637 	smb_llist_constructor(&tree->t_odir_list, sizeof (smb_odir_t),
638 	    offsetof(smb_odir_t, d_lnd));
639 
640 	(void) strlcpy(tree->t_sharename, sharename,
641 	    sizeof (tree->t_sharename));
642 	(void) strlcpy(tree->t_resource, resource, sizeof (tree->t_resource));
643 
644 	mutex_init(&tree->t_mutex, NULL, MUTEX_DEFAULT, NULL);
645 
646 	tree->t_user = user;
647 	tree->t_session = user->u_session;
648 	tree->t_server = user->u_server;
649 	tree->t_refcnt = 1;
650 	tree->t_tid = tid;
651 	tree->t_res_type = stype;
652 	tree->t_state = SMB_TREE_STATE_CONNECTED;
653 	tree->t_magic = SMB_TREE_MAGIC;
654 	tree->t_access = access;
655 
656 	/* if FS is readonly, enforce that here */
657 	if (tree->t_flags & SMB_TREE_READONLY)
658 		tree->t_access &= ~ACE_ALL_WRITE_PERMS;
659 
660 	if (STYPE_ISDSK(stype)) {
661 		smb_node_ref(snode);
662 		tree->t_snode = snode;
663 		tree->t_acltype = smb_fsop_acltype(snode);
664 	}
665 
666 	smb_llist_enter(&user->u_tree_list, RW_WRITER);
667 	smb_llist_insert_head(&user->u_tree_list, tree);
668 	smb_llist_exit(&user->u_tree_list);
669 	atomic_inc_32(&user->u_session->s_tree_cnt);
670 	atomic_inc_32(&user->u_server->sv_open_trees);
671 
672 	return (tree);
673 }
674 
675 /*
676  * Deallocate a tree: release all resources associated with a tree and
677  * remove the tree from the user's tree list.
678  *
679  * The tree being destroyed must be in the "destroying" state and the
680  * reference count must be zero. This function assumes it's single threaded
681  * i.e. only one thread will attempt to destroy a specific tree, which
682  * should be the case if the tree is in disconnected and has a reference
683  * count of zero.
684  */
685 static void
686 smb_tree_dealloc(smb_tree_t *tree)
687 {
688 	ASSERT(tree);
689 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
690 	ASSERT(tree->t_state == SMB_TREE_STATE_DISCONNECTED);
691 	ASSERT(tree->t_refcnt == 0);
692 
693 	/*
694 	 * Remove the tree from the user's tree list.  This must be done
695 	 * before any resources associated with the tree are released.
696 	 */
697 	smb_llist_enter(&tree->t_user->u_tree_list, RW_WRITER);
698 	smb_llist_remove(&tree->t_user->u_tree_list, tree);
699 	smb_llist_exit(&tree->t_user->u_tree_list);
700 
701 	tree->t_magic = (uint32_t)~SMB_TREE_MAGIC;
702 	smb_idpool_free(&tree->t_user->u_tid_pool, tree->t_tid);
703 	atomic_dec_32(&tree->t_session->s_tree_cnt);
704 
705 	if (tree->t_snode)
706 		smb_node_release(tree->t_snode);
707 
708 	mutex_destroy(&tree->t_mutex);
709 
710 	/*
711 	 * The list of open files and open directories should be empty.
712 	 */
713 	smb_llist_destructor(&tree->t_ofile_list);
714 	smb_llist_destructor(&tree->t_odir_list);
715 	smb_idpool_destructor(&tree->t_fid_pool);
716 	smb_idpool_destructor(&tree->t_odid_pool);
717 	kmem_cache_free(tree->t_server->si_cache_tree, tree);
718 }
719 
720 /*
721  * Determine whether or not a tree is connected.
722  * This function must be called with the tree mutex held.
723  */
724 static boolean_t
725 smb_tree_is_connected(smb_tree_t *tree)
726 {
727 	switch (tree->t_state) {
728 	case SMB_TREE_STATE_CONNECTED:
729 		return (B_TRUE);
730 
731 	case SMB_TREE_STATE_DISCONNECTING:
732 	case SMB_TREE_STATE_DISCONNECTED:
733 		/*
734 		 * The tree exists but being diconnected or destroyed.
735 		 */
736 		return (B_FALSE);
737 
738 	default:
739 		ASSERT(0);
740 		return (B_FALSE);
741 	}
742 }
743 
744 /*
745  * Determine whether or not a tree is disconnected.
746  * This function must be called with the tree mutex held.
747  */
748 static boolean_t
749 smb_tree_is_disconnected(smb_tree_t *tree)
750 {
751 	switch (tree->t_state) {
752 	case SMB_TREE_STATE_DISCONNECTED:
753 		return (B_TRUE);
754 
755 	case SMB_TREE_STATE_CONNECTED:
756 	case SMB_TREE_STATE_DISCONNECTING:
757 		return (B_FALSE);
758 
759 	default:
760 		ASSERT(0);
761 		return (B_FALSE);
762 	}
763 }
764 
765 /*
766  * Return a pointer to the share name within a share resource path.
767  *
768  * The share path may be a Uniform Naming Convention (UNC) string
769  * (\\server\share) or simply the share name.  We validate the UNC
770  * format but we don't look at the server name.
771  */
772 static const char *
773 smb_tree_get_sharename(const char *unc_path)
774 {
775 	const char *sharename = unc_path;
776 
777 	if (sharename[0] == '\\') {
778 		/*
779 		 * Looks like a UNC path, validate the format.
780 		 */
781 		if (sharename[1] != '\\')
782 			return (NULL);
783 
784 		if ((sharename = strchr(sharename+2, '\\')) == NULL)
785 			return (NULL);
786 
787 		++sharename;
788 	} else if (strchr(sharename, '\\') != NULL) {
789 		/*
790 		 * This should be a share name (no embedded \'s).
791 		 */
792 		return (NULL);
793 	}
794 
795 	return (sharename);
796 }
797 
798 /*
799  * Map the service to a resource type.  Valid values for service are:
800  *
801  *	A:      Disk share
802  *	LPT1:   Printer
803  *	IPC     Named pipe
804  *	COMM    Communications device
805  *	?????   Any type of device (wildcard)
806  *
807  * We support IPC and disk shares; anything else is currently treated
808  * as an error.  IPC$ is reserved as the named pipe share.
809  */
810 static int
811 smb_tree_get_stype(const char *sharename, const char *service,
812     int32_t *stype_ret)
813 {
814 	const char *any = "?????";
815 
816 	if ((strcmp(service, any) == 0) || (strcasecmp(service, "IPC") == 0)) {
817 		if (strcasecmp(sharename, "IPC$") == 0) {
818 			*stype_ret = STYPE_IPC;
819 			return (0);
820 		}
821 	}
822 
823 	if ((strcmp(service, any) == 0) || (strcasecmp(service, "A:") == 0)) {
824 		if (strcasecmp(sharename, "IPC$") == 0)
825 			return (-1);
826 
827 		*stype_ret = STYPE_DISKTREE;
828 		return (0);
829 	}
830 
831 	return (-1);
832 }
833 
834 /*
835  * Obtain the tree attributes: volume name, typename and flags.
836  */
837 static int
838 smb_tree_getattr(smb_node_t *node, smb_tree_t *tree)
839 {
840 	vfs_t *vfsp = SMB_NODE_VFS(node);
841 
842 	ASSERT(vfsp);
843 
844 	if (getvfs(&vfsp->vfs_fsid) != vfsp)
845 		return (ESTALE);
846 
847 	smb_tree_get_volname(vfsp, tree);
848 	smb_tree_get_flags(vfsp, tree);
849 
850 	VFS_RELE(vfsp);
851 	return (0);
852 }
853 
854 /*
855  * Extract the volume name.
856  */
857 static void
858 smb_tree_get_volname(vfs_t *vfsp, smb_tree_t *tree)
859 {
860 	refstr_t *vfs_mntpoint;
861 	const char *s;
862 	char *name;
863 
864 	vfs_mntpoint = vfs_getmntpoint(vfsp);
865 
866 	s = vfs_mntpoint->rs_string;
867 	s += strspn(s, "/");
868 	(void) strlcpy(tree->t_volume, s, SMB_VOLNAMELEN);
869 
870 	refstr_rele(vfs_mntpoint);
871 
872 	name = tree->t_volume;
873 	(void) strsep((char **)&name, "/");
874 }
875 
876 /*
877  * Always set ACL support because the VFS will fake ACLs for file systems
878  * that don't support them.
879  *
880  * Some flags are dependent on the typename, which is also set up here.
881  * File system types are hardcoded in uts/common/os/vfs_conf.c.
882  */
883 static void
884 smb_tree_get_flags(vfs_t *vfsp, smb_tree_t *tree)
885 {
886 	uint32_t flags = SMB_TREE_SUPPORTS_ACLS;
887 	char *name;
888 
889 	if (vfsp->vfs_flag & VFS_RDONLY)
890 		flags |= SMB_TREE_READONLY;
891 
892 	if (vfsp->vfs_flag & VFS_XATTR)
893 		flags |= SMB_TREE_STREAMS;
894 
895 	if (vfs_optionisset(vfsp, MNTOPT_NOATIME, NULL))
896 		flags |= SMB_TREE_NO_ATIME;
897 
898 	name = vfssw[vfsp->vfs_fstype].vsw_name;
899 
900 	if (strcmp(name, "tmpfs") == 0)
901 		flags |= SMB_TREE_NO_EXPORT;
902 
903 	if (strncasecmp(name, NFS, sizeof (NFS)) == 0)
904 		flags |= SMB_TREE_NFS_MOUNTED;
905 
906 	(void) strlcpy(tree->t_typename, name, SMB_TYPENAMELEN);
907 	(void) utf8_strupr((char *)tree->t_typename);
908 
909 	if (vfs_has_feature(vfsp, VFSFT_XVATTR))
910 		flags |= SMB_TREE_XVATTR;
911 
912 	if (vfs_has_feature(vfsp, VFSFT_CASEINSENSITIVE))
913 		flags |= SMB_TREE_CASEINSENSITIVE;
914 
915 	if (vfs_has_feature(vfsp, VFSFT_NOCASESENSITIVE))
916 		flags |= SMB_TREE_NO_CASESENSITIVE;
917 
918 	if (vfs_has_feature(vfsp, VFSFT_DIRENTFLAGS))
919 		flags |= SMB_TREE_DIRENTFLAGS;
920 
921 	if (vfs_has_feature(vfsp, VFSFT_ACLONCREATE))
922 		flags |= SMB_TREE_ACLONCREATE;
923 
924 	if (vfs_has_feature(vfsp, VFSFT_ACEMASKONACCESS))
925 		flags |= SMB_TREE_ACEMASKONACCESS;
926 
927 	DTRACE_PROBE1(smb__tree__flags, uint32_t, flags);
928 
929 	tree->t_flags = flags;
930 }
931 
932 /*
933  * Report share access result to syslog.
934  */
935 static void
936 smb_tree_log(smb_request_t *sr, const char *sharename, const char *fmt, ...)
937 {
938 	va_list ap;
939 	char buf[128];
940 	smb_user_t *user = sr->uid_user;
941 
942 	ASSERT(user);
943 
944 	if (smb_tcon_mute)
945 		return;
946 
947 	if ((user->u_name) && (strcasecmp(sharename, "IPC$") == 0)) {
948 		/*
949 		 * Only report normal users, i.e. ignore W2K misuse
950 		 * of the IPC connection by filtering out internal
951 		 * names such as nobody and root.
952 		 */
953 		if ((strcmp(user->u_name, "root") == 0) ||
954 		    (strcmp(user->u_name, "nobody") == 0)) {
955 			return;
956 		}
957 	}
958 
959 	va_start(ap, fmt);
960 	(void) vsnprintf(buf, 128, fmt, ap);
961 	va_end(ap);
962 
963 	cmn_err(CE_NOTE, "smbd[%s\\%s]: %s %s",
964 	    user->u_domain, user->u_name, sharename, buf);
965 }
966 
967 /*
968  * smb_tree_lookup_odir
969  *
970  * Find the specified odir in the tree's list of odirs, and
971  * attempt to obtain a hold on the odir.
972  *
973  * Returns NULL if odir not found or a hold cannot be obtained.
974  */
975 smb_odir_t *
976 smb_tree_lookup_odir(smb_tree_t *tree, uint16_t odid)
977 {
978 	smb_odir_t	*od;
979 	smb_llist_t	*od_list;
980 
981 	ASSERT(tree);
982 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
983 
984 	od_list = &tree->t_odir_list;
985 	smb_llist_enter(od_list, RW_READER);
986 
987 	od = smb_llist_head(od_list);
988 	while (od) {
989 		if (od->d_odid == odid) {
990 			if (!smb_odir_hold(od))
991 				od = NULL;
992 			break;
993 		}
994 		od = smb_llist_next(od_list, od);
995 	}
996 
997 	smb_llist_exit(od_list);
998 	return (od);
999 }
1000 
1001 /*
1002  * smb_tree_get_odir
1003  *
1004  * Find the next open odir in the tree's list of odirs, and obtain
1005  * a hold on it. (A hold can only be obtained on an open odir.)
1006  * If the specified odir is NULL the search starts at the beginning
1007  * of the tree's odir list, otherwise the search starts after the
1008  * specified odir.
1009  */
1010 static smb_odir_t *
1011 smb_tree_get_odir(smb_tree_t *tree, smb_odir_t *od)
1012 {
1013 	smb_llist_t *od_list;
1014 
1015 	ASSERT(tree);
1016 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
1017 
1018 	od_list = &tree->t_odir_list;
1019 	smb_llist_enter(od_list, RW_READER);
1020 
1021 	if (od) {
1022 		ASSERT(od->d_magic == SMB_ODIR_MAGIC);
1023 		od = smb_llist_next(od_list, od);
1024 	} else {
1025 		od = smb_llist_head(od_list);
1026 	}
1027 
1028 	while (od) {
1029 		ASSERT(od->d_magic == SMB_ODIR_MAGIC);
1030 
1031 		if (smb_odir_hold(od))
1032 			break;
1033 		od = smb_llist_next(od_list, od);
1034 	}
1035 
1036 	smb_llist_exit(od_list);
1037 	return (od);
1038 }
1039 
1040 /*
1041  * smb_tree_close_odirs
1042  *
1043  * Close all open odirs in the tree's list which were opened by
1044  * the process identified by pid.
1045  * If pid is zero, close all open odirs in the tree's list.
1046  */
1047 static void
1048 smb_tree_close_odirs(smb_tree_t *tree, uint16_t pid)
1049 {
1050 	smb_odir_t *od, *next_od;
1051 
1052 	ASSERT(tree);
1053 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
1054 
1055 	od = smb_tree_get_odir(tree, NULL);
1056 	while (od) {
1057 		ASSERT(od->d_magic == SMB_ODIR_MAGIC);
1058 		ASSERT(od->d_tree == tree);
1059 
1060 		next_od = smb_tree_get_odir(tree, od);
1061 		if ((pid == 0) || (od->d_opened_by_pid == pid))
1062 				smb_odir_close(od);
1063 		smb_odir_release(od);
1064 
1065 		od = next_od;
1066 	}
1067 }
1068