xref: /titanic_50/usr/src/uts/common/fs/smbsrv/smb_fsops.c (revision c536b1f93b31eba539c635a91be8ee2ab0fcb15a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2013 Nexenta Systems, Inc.  All rights reserved.
24  */
25 
26 #include <sys/sid.h>
27 #include <sys/nbmlock.h>
28 #include <smbsrv/smb_fsops.h>
29 #include <smbsrv/smb_kproto.h>
30 #include <acl/acl_common.h>
31 #include <sys/fcntl.h>
32 #include <sys/flock.h>
33 #include <fs/fs_subr.h>
34 
35 extern caller_context_t smb_ct;
36 
37 static int smb_fsop_create_stream(smb_request_t *, cred_t *, smb_node_t *,
38     char *, char *, int, smb_attr_t *, smb_node_t **);
39 
40 static int smb_fsop_create_file(smb_request_t *, cred_t *, smb_node_t *,
41     char *, int, smb_attr_t *, smb_node_t **);
42 
43 static int smb_fsop_create_with_sd(smb_request_t *, cred_t *, smb_node_t *,
44     char *, smb_attr_t *, smb_node_t **, smb_fssd_t *);
45 
46 static int smb_fsop_sdinherit(smb_request_t *, smb_node_t *, smb_fssd_t *);
47 
48 /*
49  * The smb_fsop_* functions have knowledge of CIFS semantics.
50  *
51  * The smb_vop_* functions have minimal knowledge of CIFS semantics and
52  * serve as an interface to the VFS layer.
53  *
54  * Hence, smb_request_t and smb_node_t structures should not be passed
55  * from the smb_fsop_* layer to the smb_vop_* layer.
56  *
57  * In general, CIFS service code should only ever call smb_fsop_*
58  * functions directly, and never smb_vop_* functions directly.
59  *
60  * smb_fsop_* functions should call smb_vop_* functions where possible, instead
61  * of their smb_fsop_* counterparts.  However, there are times when
62  * this cannot be avoided.
63  */
64 
65 /*
66  * Note: Stream names cannot be mangled.
67  */
68 
69 /*
70  * smb_fsop_amask_to_omode
71  *
72  * Convert the access mask to the open mode (for use
73  * with the VOP_OPEN call).
74  *
75  * Note that opening a file for attribute only access
76  * will also translate into an FREAD or FWRITE open mode
77  * (i.e., it's not just for data).
78  *
79  * This is needed so that opens are tracked appropriately
80  * for oplock processing.
81  */
82 
83 int
84 smb_fsop_amask_to_omode(uint32_t access)
85 {
86 	int mode = 0;
87 
88 	if (access & (FILE_READ_DATA | FILE_EXECUTE |
89 	    FILE_READ_ATTRIBUTES | FILE_READ_EA))
90 		mode |= FREAD;
91 
92 	if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA |
93 	    FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA))
94 		mode |= FWRITE;
95 
96 	if (access & FILE_APPEND_DATA)
97 		mode |= FAPPEND;
98 
99 	return (mode);
100 }
101 
102 int
103 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred)
104 {
105 	/*
106 	 * Assuming that the same vnode is returned as we had before.
107 	 * (I.e., with certain types of files or file systems, a
108 	 * different vnode might be returned by VOP_OPEN)
109 	 */
110 	return (smb_vop_open(&node->vp, mode, cred));
111 }
112 
113 void
114 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred)
115 {
116 	smb_vop_close(node->vp, mode, cred);
117 }
118 
119 static int
120 smb_fsop_create_with_sd(smb_request_t *sr, cred_t *cr,
121     smb_node_t *dnode, char *name,
122     smb_attr_t *attr, smb_node_t **ret_snode, smb_fssd_t *fs_sd)
123 {
124 	vsecattr_t *vsap;
125 	vsecattr_t vsecattr;
126 	smb_attr_t set_attr;
127 	acl_t *acl, *dacl, *sacl;
128 	vnode_t *vp;
129 	cred_t *kcr = zone_kcred();
130 	int aclbsize = 0;	/* size of acl list in bytes */
131 	int flags = 0;
132 	int rc;
133 	boolean_t is_dir;
134 
135 	ASSERT(fs_sd);
136 
137 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
138 		flags = SMB_IGNORE_CASE;
139 	if (SMB_TREE_SUPPORTS_CATIA(sr))
140 		flags |= SMB_CATIA;
141 
142 	ASSERT(cr);
143 
144 	is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0);
145 
146 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) {
147 		if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
148 			dacl = fs_sd->sd_zdacl;
149 			sacl = fs_sd->sd_zsacl;
150 			ASSERT(dacl || sacl);
151 			if (dacl && sacl) {
152 				acl = smb_fsacl_merge(dacl, sacl);
153 			} else if (dacl) {
154 				acl = dacl;
155 			} else {
156 				acl = sacl;
157 			}
158 
159 			rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize);
160 
161 			if (dacl && sacl)
162 				acl_free(acl);
163 
164 			if (rc != 0)
165 				return (rc);
166 
167 			vsap = &vsecattr;
168 		} else {
169 			vsap = NULL;
170 		}
171 
172 		/* The tree ACEs may prevent a create */
173 		rc = EACCES;
174 		if (is_dir) {
175 			if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_SUBDIRECTORY) != 0)
176 				rc = smb_vop_mkdir(dnode->vp, name, attr,
177 				    &vp, flags, cr, vsap);
178 		} else {
179 			if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_FILE) != 0)
180 				rc = smb_vop_create(dnode->vp, name, attr,
181 				    &vp, flags, cr, vsap);
182 		}
183 
184 		if (vsap != NULL)
185 			kmem_free(vsap->vsa_aclentp, aclbsize);
186 
187 		if (rc != 0)
188 			return (rc);
189 
190 		set_attr.sa_mask = 0;
191 
192 		/*
193 		 * Ideally we should be able to specify the owner and owning
194 		 * group at create time along with the ACL. Since we cannot
195 		 * do that right now, kcred is passed to smb_vop_setattr so it
196 		 * doesn't fail due to lack of permission.
197 		 */
198 		if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
199 			set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
200 			set_attr.sa_mask |= SMB_AT_UID;
201 		}
202 
203 		if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
204 			set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
205 			set_attr.sa_mask |= SMB_AT_GID;
206 		}
207 
208 		if (set_attr.sa_mask)
209 			rc = smb_vop_setattr(vp, NULL, &set_attr, 0, kcr);
210 
211 		if (rc == 0) {
212 			*ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp,
213 			    name, dnode, NULL);
214 
215 			if (*ret_snode == NULL)
216 				rc = ENOMEM;
217 
218 			VN_RELE(vp);
219 		}
220 	} else {
221 		/*
222 		 * For filesystems that don't support ACL-on-create, try
223 		 * to set the specified SD after create, which could actually
224 		 * fail because of conflicts between inherited security
225 		 * attributes upon creation and the specified SD.
226 		 *
227 		 * Passing kcred to smb_fsop_sdwrite() to overcome this issue.
228 		 */
229 
230 		if (is_dir) {
231 			rc = smb_vop_mkdir(dnode->vp, name, attr, &vp,
232 			    flags, cr, NULL);
233 		} else {
234 			rc = smb_vop_create(dnode->vp, name, attr, &vp,
235 			    flags, cr, NULL);
236 		}
237 
238 		if (rc != 0)
239 			return (rc);
240 
241 		*ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp,
242 		    name, dnode, NULL);
243 
244 		if (*ret_snode != NULL) {
245 			if (!smb_tree_has_feature(sr->tid_tree,
246 			    SMB_TREE_NFS_MOUNTED))
247 				rc = smb_fsop_sdwrite(sr, kcr, *ret_snode,
248 				    fs_sd, 1);
249 		} else {
250 			rc = ENOMEM;
251 		}
252 
253 		VN_RELE(vp);
254 	}
255 
256 	if (rc != 0) {
257 		if (is_dir)
258 			(void) smb_vop_rmdir(dnode->vp, name, flags, cr);
259 		else
260 			(void) smb_vop_remove(dnode->vp, name, flags, cr);
261 	}
262 
263 	return (rc);
264 }
265 
266 /*
267  * smb_fsop_create
268  *
269  * All SMB functions should use this wrapper to ensure that
270  * all the smb_vop_creates are performed with the appropriate credentials.
271  * Please document any direct calls to explain the reason for avoiding
272  * this wrapper.
273  *
274  * *ret_snode is returned with a reference upon success.  No reference is
275  * taken if an error is returned.
276  */
277 int
278 smb_fsop_create(smb_request_t *sr, cred_t *cr, smb_node_t *dnode,
279     char *name, smb_attr_t *attr, smb_node_t **ret_snode)
280 {
281 	int	rc = 0;
282 	int	flags = 0;
283 	char	*fname, *sname;
284 	char	*longname = NULL;
285 
286 	ASSERT(cr);
287 	ASSERT(dnode);
288 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
289 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
290 
291 	ASSERT(ret_snode);
292 	*ret_snode = 0;
293 
294 	ASSERT(name);
295 	if (*name == 0)
296 		return (EINVAL);
297 
298 	ASSERT(sr);
299 	ASSERT(sr->tid_tree);
300 
301 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
302 		return (EACCES);
303 
304 	if (SMB_TREE_IS_READONLY(sr))
305 		return (EROFS);
306 
307 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
308 		flags = SMB_IGNORE_CASE;
309 	if (SMB_TREE_SUPPORTS_CATIA(sr))
310 		flags |= SMB_CATIA;
311 	if (SMB_TREE_SUPPORTS_ABE(sr))
312 		flags |= SMB_ABE;
313 
314 	if (smb_is_stream_name(name)) {
315 		fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
316 		sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
317 		smb_stream_parse_name(name, fname, sname);
318 
319 		rc = smb_fsop_create_stream(sr, cr, dnode,
320 		    fname, sname, flags, attr, ret_snode);
321 
322 		kmem_free(fname, MAXNAMELEN);
323 		kmem_free(sname, MAXNAMELEN);
324 		return (rc);
325 	}
326 
327 	/* Not a named stream */
328 
329 	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) {
330 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
331 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
332 		kmem_free(longname, MAXNAMELEN);
333 
334 		if (rc == 0)
335 			rc = EEXIST;
336 		if (rc != ENOENT)
337 			return (rc);
338 	}
339 
340 	rc = smb_fsop_create_file(sr, cr, dnode, name, flags,
341 	    attr, ret_snode);
342 	return (rc);
343 
344 }
345 
346 
347 /*
348  * smb_fsop_create_stream
349  *
350  * Create NTFS named stream file (sname) on unnamed stream
351  * file (fname), creating the unnamed stream file if it
352  * doesn't exist.
353  * If we created the unnamed stream file and then creation
354  * of the named stream file fails, we delete the unnamed stream.
355  * Since we use the real file name for the smb_vop_remove we
356  * clear the SMB_IGNORE_CASE flag to ensure a case sensitive
357  * match.
358  *
359  * The second parameter of smb_vop_setattr() is set to
360  * NULL, even though an unnamed stream exists.  This is
361  * because we want to set the UID and GID on the named
362  * stream in this case for consistency with the (unnamed
363  * stream) file (see comments for smb_vop_setattr()).
364  */
365 static int
366 smb_fsop_create_stream(smb_request_t *sr, cred_t *cr,
367     smb_node_t *dnode, char *fname, char *sname, int flags,
368     smb_attr_t *attr, smb_node_t **ret_snode)
369 {
370 	smb_attr_t	fattr;
371 	smb_node_t	*fnode;
372 	vnode_t		*xattrdvp;
373 	vnode_t		*vp;
374 	cred_t		*kcr = zone_kcred();
375 	int		rc = 0;
376 	boolean_t	fcreate = B_FALSE;
377 
378 	/* Look up / create the unnamed stream, fname */
379 	rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
380 	    sr->tid_tree->t_snode, dnode, fname, &fnode);
381 	if (rc == ENOENT) {
382 		fcreate = B_TRUE;
383 		rc = smb_fsop_create_file(sr, cr, dnode, fname, flags,
384 		    attr, &fnode);
385 	}
386 	if (rc != 0)
387 		return (rc);
388 
389 	fattr.sa_mask = SMB_AT_UID | SMB_AT_GID;
390 	rc = smb_vop_getattr(fnode->vp, NULL, &fattr, 0, kcr);
391 
392 	if (rc == 0) {
393 		/* create the named stream, sname */
394 		rc = smb_vop_stream_create(fnode->vp, sname, attr,
395 		    &vp, &xattrdvp, flags, cr);
396 	}
397 	if (rc != 0) {
398 		if (fcreate) {
399 			flags &= ~SMB_IGNORE_CASE;
400 			(void) smb_vop_remove(dnode->vp,
401 			    fnode->od_name, flags, cr);
402 		}
403 		smb_node_release(fnode);
404 		return (rc);
405 	}
406 
407 	attr->sa_vattr.va_uid = fattr.sa_vattr.va_uid;
408 	attr->sa_vattr.va_gid = fattr.sa_vattr.va_gid;
409 	attr->sa_mask = SMB_AT_UID | SMB_AT_GID;
410 
411 	rc = smb_vop_setattr(vp, NULL, attr, 0, kcr);
412 	if (rc != 0) {
413 		smb_node_release(fnode);
414 		return (rc);
415 	}
416 
417 	*ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdvp,
418 	    vp, sname);
419 
420 	smb_node_release(fnode);
421 	VN_RELE(xattrdvp);
422 	VN_RELE(vp);
423 
424 	if (*ret_snode == NULL)
425 		rc = ENOMEM;
426 
427 	/* notify change to the unnamed stream */
428 	if (rc == 0)
429 		smb_node_notify_change(dnode,
430 		    FILE_ACTION_ADDED_STREAM, fname);
431 
432 	return (rc);
433 }
434 
435 /*
436  * smb_fsop_create_file
437  */
438 static int
439 smb_fsop_create_file(smb_request_t *sr, cred_t *cr,
440     smb_node_t *dnode, char *name, int flags,
441     smb_attr_t *attr, smb_node_t **ret_snode)
442 {
443 	smb_arg_open_t	*op = &sr->sr_open;
444 	vnode_t		*vp;
445 	smb_fssd_t	fs_sd;
446 	uint32_t	secinfo;
447 	uint32_t	status;
448 	int		rc = 0;
449 
450 	if (op->sd) {
451 		/*
452 		 * SD sent by client in Windows format. Needs to be
453 		 * converted to FS format. No inheritance.
454 		 */
455 		secinfo = smb_sd_get_secinfo(op->sd);
456 		smb_fssd_init(&fs_sd, secinfo, 0);
457 
458 		status = smb_sd_tofs(op->sd, &fs_sd);
459 		if (status == NT_STATUS_SUCCESS) {
460 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
461 			    name, attr, ret_snode, &fs_sd);
462 		} else {
463 			rc = EINVAL;
464 		}
465 		smb_fssd_term(&fs_sd);
466 	} else if (sr->tid_tree->t_acltype == ACE_T) {
467 		/*
468 		 * No incoming SD and filesystem is ZFS
469 		 * Server applies Windows inheritance rules,
470 		 * see smb_fsop_sdinherit() comments as to why.
471 		 */
472 		smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0);
473 		rc = smb_fsop_sdinherit(sr, dnode, &fs_sd);
474 		if (rc == 0) {
475 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
476 			    name, attr, ret_snode, &fs_sd);
477 		}
478 
479 		smb_fssd_term(&fs_sd);
480 	} else {
481 		/*
482 		 * No incoming SD and filesystem is not ZFS
483 		 * let the filesystem handles the inheritance.
484 		 */
485 		rc = smb_vop_create(dnode->vp, name, attr, &vp,
486 		    flags, cr, NULL);
487 
488 		if (rc == 0) {
489 			*ret_snode = smb_node_lookup(sr, op, cr, vp,
490 			    name, dnode, NULL);
491 
492 			if (*ret_snode == NULL)
493 				rc = ENOMEM;
494 
495 			VN_RELE(vp);
496 		}
497 
498 	}
499 
500 	if (rc == 0)
501 		smb_node_notify_parents(dnode);
502 
503 	return (rc);
504 }
505 
506 /*
507  * smb_fsop_mkdir
508  *
509  * All SMB functions should use this wrapper to ensure that
510  * the the calls are performed with the appropriate credentials.
511  * Please document any direct call to explain the reason
512  * for avoiding this wrapper.
513  *
514  * It is assumed that a reference exists on snode coming into this routine.
515  *
516  * *ret_snode is returned with a reference upon success.  No reference is
517  * taken if an error is returned.
518  */
519 int
520 smb_fsop_mkdir(
521     smb_request_t *sr,
522     cred_t *cr,
523     smb_node_t *dnode,
524     char *name,
525     smb_attr_t *attr,
526     smb_node_t **ret_snode)
527 {
528 	struct open_param *op = &sr->arg.open;
529 	char *longname;
530 	vnode_t *vp;
531 	int flags = 0;
532 	smb_fssd_t fs_sd;
533 	uint32_t secinfo;
534 	uint32_t status;
535 	int rc;
536 	ASSERT(cr);
537 	ASSERT(dnode);
538 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
539 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
540 
541 	ASSERT(ret_snode);
542 	*ret_snode = 0;
543 
544 	ASSERT(name);
545 	if (*name == 0)
546 		return (EINVAL);
547 
548 	ASSERT(sr);
549 	ASSERT(sr->tid_tree);
550 
551 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
552 		return (EACCES);
553 
554 	if (SMB_TREE_IS_READONLY(sr))
555 		return (EROFS);
556 	if (SMB_TREE_SUPPORTS_CATIA(sr))
557 		flags |= SMB_CATIA;
558 	if (SMB_TREE_SUPPORTS_ABE(sr))
559 		flags |= SMB_ABE;
560 
561 	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) {
562 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
563 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
564 		kmem_free(longname, MAXNAMELEN);
565 
566 		/*
567 		 * If the name passed in by the client has an unmangled
568 		 * equivalent that is found in the specified directory,
569 		 * then the mkdir cannot succeed.  Return EEXIST.
570 		 *
571 		 * Only if ENOENT is returned will a mkdir be attempted.
572 		 */
573 
574 		if (rc == 0)
575 			rc = EEXIST;
576 
577 		if (rc != ENOENT)
578 			return (rc);
579 	}
580 
581 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
582 		flags = SMB_IGNORE_CASE;
583 
584 	if (op->sd) {
585 		/*
586 		 * SD sent by client in Windows format. Needs to be
587 		 * converted to FS format. No inheritance.
588 		 */
589 		secinfo = smb_sd_get_secinfo(op->sd);
590 		smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR);
591 
592 		status = smb_sd_tofs(op->sd, &fs_sd);
593 		if (status == NT_STATUS_SUCCESS) {
594 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
595 			    name, attr, ret_snode, &fs_sd);
596 		}
597 		else
598 			rc = EINVAL;
599 		smb_fssd_term(&fs_sd);
600 	} else if (sr->tid_tree->t_acltype == ACE_T) {
601 		/*
602 		 * No incoming SD and filesystem is ZFS
603 		 * Server applies Windows inheritance rules,
604 		 * see smb_fsop_sdinherit() comments as to why.
605 		 */
606 		smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR);
607 		rc = smb_fsop_sdinherit(sr, dnode, &fs_sd);
608 		if (rc == 0) {
609 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
610 			    name, attr, ret_snode, &fs_sd);
611 		}
612 
613 		smb_fssd_term(&fs_sd);
614 
615 	} else {
616 		rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, flags, cr,
617 		    NULL);
618 
619 		if (rc == 0) {
620 			*ret_snode = smb_node_lookup(sr, op, cr, vp, name,
621 			    dnode, NULL);
622 
623 			if (*ret_snode == NULL)
624 				rc = ENOMEM;
625 
626 			VN_RELE(vp);
627 		}
628 	}
629 
630 	if (rc == 0)
631 		smb_node_notify_parents(dnode);
632 
633 	return (rc);
634 }
635 
636 /*
637  * smb_fsop_remove
638  *
639  * All SMB functions should use this wrapper to ensure that
640  * the the calls are performed with the appropriate credentials.
641  * Please document any direct call to explain the reason
642  * for avoiding this wrapper.
643  *
644  * It is assumed that a reference exists on snode coming into this routine.
645  *
646  * A null smb_request might be passed to this function.
647  */
648 int
649 smb_fsop_remove(
650     smb_request_t	*sr,
651     cred_t		*cr,
652     smb_node_t		*dnode,
653     char		*name,
654     uint32_t		flags)
655 {
656 	smb_node_t	*fnode;
657 	char		*longname;
658 	char		*fname;
659 	char		*sname;
660 	int		rc;
661 
662 	ASSERT(cr);
663 	/*
664 	 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
665 	 * function is called during the deletion of the node (because of
666 	 * DELETE_ON_CLOSE).
667 	 */
668 	ASSERT(dnode);
669 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
670 
671 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 ||
672 	    SMB_TREE_HAS_ACCESS(sr, ACE_DELETE) == 0)
673 		return (EACCES);
674 
675 	if (SMB_TREE_IS_READONLY(sr))
676 		return (EROFS);
677 
678 	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
679 	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
680 
681 	if (dnode->flags & NODE_XATTR_DIR) {
682 		fnode = dnode->n_dnode;
683 		rc = smb_vop_stream_remove(fnode->vp, name, flags, cr);
684 
685 		/* notify change to the unnamed stream */
686 		if ((rc == 0) && fnode->n_dnode) {
687 			smb_node_notify_change(fnode->n_dnode,
688 			    FILE_ACTION_REMOVED_STREAM, fnode->od_name);
689 		}
690 	} else if (smb_is_stream_name(name)) {
691 		smb_stream_parse_name(name, fname, sname);
692 
693 		/*
694 		 * Look up the unnamed stream (i.e. fname).
695 		 * Unmangle processing will be done on fname
696 		 * as well as any link target.
697 		 */
698 
699 		rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
700 		    sr->tid_tree->t_snode, dnode, fname, &fnode);
701 
702 		if (rc != 0) {
703 			kmem_free(fname, MAXNAMELEN);
704 			kmem_free(sname, MAXNAMELEN);
705 			return (rc);
706 		}
707 
708 		/*
709 		 * XXX
710 		 * Need to find out what permission is required by NTFS
711 		 * to remove a stream.
712 		 */
713 		rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr);
714 
715 		smb_node_release(fnode);
716 
717 		/* notify change to the unnamed stream */
718 		if (rc == 0) {
719 			smb_node_notify_change(dnode,
720 			    FILE_ACTION_REMOVED_STREAM, fname);
721 		}
722 	} else {
723 		rc = smb_vop_remove(dnode->vp, name, flags, cr);
724 
725 		if (rc == ENOENT) {
726 			if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
727 			    !smb_maybe_mangled(name)) {
728 				kmem_free(fname, MAXNAMELEN);
729 				kmem_free(sname, MAXNAMELEN);
730 				return (rc);
731 			}
732 			longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
733 
734 			if (SMB_TREE_SUPPORTS_ABE(sr))
735 				flags |= SMB_ABE;
736 
737 			rc = smb_unmangle(dnode, name, longname, MAXNAMELEN,
738 			    flags);
739 
740 			if (rc == 0) {
741 				/*
742 				 * longname is the real (case-sensitive)
743 				 * on-disk name.
744 				 * We make sure we do a remove on this exact
745 				 * name, as the name was mangled and denotes
746 				 * a unique file.
747 				 */
748 				flags &= ~SMB_IGNORE_CASE;
749 				rc = smb_vop_remove(dnode->vp, longname,
750 				    flags, cr);
751 			}
752 
753 			if (rc == 0)
754 				smb_node_notify_parents(dnode);
755 
756 			kmem_free(longname, MAXNAMELEN);
757 		}
758 	}
759 
760 	kmem_free(fname, MAXNAMELEN);
761 	kmem_free(sname, MAXNAMELEN);
762 
763 	return (rc);
764 }
765 
766 /*
767  * smb_fsop_remove_streams
768  *
769  * This function removes a file's streams without removing the
770  * file itself.
771  *
772  * It is assumed that fnode is not a link.
773  */
774 int
775 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode)
776 {
777 	int rc, flags = 0;
778 	uint16_t odid;
779 	smb_odir_t *od;
780 	smb_odirent_t *odirent;
781 	boolean_t eos;
782 
783 	ASSERT(sr);
784 	ASSERT(cr);
785 	ASSERT(fnode);
786 	ASSERT(fnode->n_magic == SMB_NODE_MAGIC);
787 	ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING);
788 
789 	if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0) {
790 		smbsr_errno(sr, EACCES);
791 		return (-1);
792 	}
793 
794 	if (SMB_TREE_IS_READONLY(sr)) {
795 		smbsr_errno(sr, EROFS);
796 		return (-1);
797 	}
798 
799 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
800 		flags = SMB_IGNORE_CASE;
801 
802 	if (SMB_TREE_SUPPORTS_CATIA(sr))
803 		flags |= SMB_CATIA;
804 
805 	if ((odid = smb_odir_openat(sr, fnode)) == 0) {
806 		smbsr_errno(sr, ENOENT);
807 		return (-1);
808 	}
809 
810 	if ((od = smb_tree_lookup_odir(sr, odid)) == NULL) {
811 		smbsr_errno(sr, ENOENT);
812 		return (-1);
813 	}
814 
815 	odirent = kmem_alloc(sizeof (smb_odirent_t), KM_SLEEP);
816 	for (;;) {
817 		rc = smb_odir_read(sr, od, odirent, &eos);
818 		if ((rc != 0) || (eos))
819 			break;
820 		(void) smb_vop_remove(od->d_dnode->vp, odirent->od_name,
821 		    flags, cr);
822 	}
823 	kmem_free(odirent, sizeof (smb_odirent_t));
824 
825 	smb_odir_close(od);
826 	smb_odir_release(od);
827 	return (rc);
828 }
829 
830 /*
831  * smb_fsop_rmdir
832  *
833  * All SMB functions should use this wrapper to ensure that
834  * the the calls are performed with the appropriate credentials.
835  * Please document any direct call to explain the reason
836  * for avoiding this wrapper.
837  *
838  * It is assumed that a reference exists on snode coming into this routine.
839  */
840 int
841 smb_fsop_rmdir(
842     smb_request_t	*sr,
843     cred_t		*cr,
844     smb_node_t		*dnode,
845     char		*name,
846     uint32_t		flags)
847 {
848 	int		rc;
849 	char		*longname;
850 
851 	ASSERT(cr);
852 	/*
853 	 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
854 	 * function is called during the deletion of the node (because of
855 	 * DELETE_ON_CLOSE).
856 	 */
857 	ASSERT(dnode);
858 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
859 
860 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 ||
861 	    SMB_TREE_HAS_ACCESS(sr, ACE_DELETE_CHILD) == 0)
862 		return (EACCES);
863 
864 	if (SMB_TREE_IS_READONLY(sr))
865 		return (EROFS);
866 
867 	rc = smb_vop_rmdir(dnode->vp, name, flags, cr);
868 
869 	if (rc == ENOENT) {
870 		if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
871 		    !smb_maybe_mangled(name)) {
872 			return (rc);
873 		}
874 
875 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
876 
877 		if (SMB_TREE_SUPPORTS_ABE(sr))
878 			flags |= SMB_ABE;
879 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
880 
881 		if (rc == 0) {
882 			/*
883 			 * longname is the real (case-sensitive)
884 			 * on-disk name.
885 			 * We make sure we do a rmdir on this exact
886 			 * name, as the name was mangled and denotes
887 			 * a unique directory.
888 			 */
889 			flags &= ~SMB_IGNORE_CASE;
890 			rc = smb_vop_rmdir(dnode->vp, longname, flags, cr);
891 		}
892 
893 		kmem_free(longname, MAXNAMELEN);
894 	}
895 
896 	if (rc == 0)
897 		smb_node_notify_parents(dnode);
898 
899 	return (rc);
900 }
901 
902 /*
903  * smb_fsop_getattr
904  *
905  * All SMB functions should use this wrapper to ensure that
906  * the the calls are performed with the appropriate credentials.
907  * Please document any direct call to explain the reason
908  * for avoiding this wrapper.
909  *
910  * It is assumed that a reference exists on snode coming into this routine.
911  */
912 int
913 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
914     smb_attr_t *attr)
915 {
916 	smb_node_t *unnamed_node;
917 	vnode_t *unnamed_vp = NULL;
918 	uint32_t status;
919 	uint32_t access = 0;
920 	int flags = 0;
921 	int rc;
922 
923 	ASSERT(cr);
924 	ASSERT(snode);
925 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
926 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
927 
928 	if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0 ||
929 	    SMB_TREE_HAS_ACCESS(sr, ACE_READ_ATTRIBUTES) == 0)
930 		return (EACCES);
931 
932 	/* sr could be NULL in some cases */
933 	if (sr && sr->fid_ofile) {
934 		/* if uid and/or gid is requested */
935 		if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID))
936 			access |= READ_CONTROL;
937 
938 		/* if anything else is also requested */
939 		if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID))
940 			access |= FILE_READ_ATTRIBUTES;
941 
942 		status = smb_ofile_access(sr->fid_ofile, cr, access);
943 		if (status != NT_STATUS_SUCCESS)
944 			return (EACCES);
945 
946 		if (smb_tree_has_feature(sr->tid_tree,
947 		    SMB_TREE_ACEMASKONACCESS))
948 			flags = ATTR_NOACLCHECK;
949 	}
950 
951 	unnamed_node = SMB_IS_STREAM(snode);
952 
953 	if (unnamed_node) {
954 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
955 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
956 		unnamed_vp = unnamed_node->vp;
957 	}
958 
959 	rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr);
960 
961 	if ((rc == 0) && smb_node_is_dfslink(snode)) {
962 		/* a DFS link should be treated as a directory */
963 		attr->sa_dosattr |= FILE_ATTRIBUTE_DIRECTORY;
964 	}
965 
966 	return (rc);
967 }
968 
969 /*
970  * smb_fsop_link
971  *
972  * All SMB functions should use this smb_vop_link wrapper to ensure that
973  * the smb_vop_link is performed with the appropriate credentials.
974  * Please document any direct call to smb_vop_link to explain the reason
975  * for avoiding this wrapper.
976  *
977  * It is assumed that references exist on from_dnode and to_dnode coming
978  * into this routine.
979  */
980 int
981 smb_fsop_link(smb_request_t *sr, cred_t *cr, smb_node_t *from_fnode,
982     smb_node_t *to_dnode, char *to_name)
983 {
984 	char	*longname = NULL;
985 	int	flags = 0;
986 	int	rc;
987 
988 	ASSERT(sr);
989 	ASSERT(sr->tid_tree);
990 	ASSERT(cr);
991 	ASSERT(to_dnode);
992 	ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC);
993 	ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING);
994 	ASSERT(from_fnode);
995 	ASSERT(from_fnode->n_magic == SMB_NODE_MAGIC);
996 	ASSERT(from_fnode->n_state != SMB_NODE_STATE_DESTROYING);
997 
998 	if (SMB_TREE_CONTAINS_NODE(sr, from_fnode) == 0)
999 		return (EACCES);
1000 
1001 	if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0)
1002 		return (EACCES);
1003 
1004 	if (SMB_TREE_IS_READONLY(sr))
1005 		return (EROFS);
1006 
1007 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1008 		flags = SMB_IGNORE_CASE;
1009 	if (SMB_TREE_SUPPORTS_CATIA(sr))
1010 		flags |= SMB_CATIA;
1011 	if (SMB_TREE_SUPPORTS_ABE(sr))
1012 		flags |= SMB_ABE;
1013 
1014 	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(to_name)) {
1015 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1016 		rc = smb_unmangle(to_dnode, to_name, longname,
1017 		    MAXNAMELEN, flags);
1018 		kmem_free(longname, MAXNAMELEN);
1019 
1020 		if (rc == 0)
1021 			rc = EEXIST;
1022 		if (rc != ENOENT)
1023 			return (rc);
1024 	}
1025 
1026 	rc = smb_vop_link(to_dnode->vp, from_fnode->vp, to_name, flags, cr);
1027 
1028 	if ((rc == 0) && from_fnode->n_dnode)
1029 		smb_node_notify_parents(from_fnode->n_dnode);
1030 
1031 	return (rc);
1032 }
1033 
1034 /*
1035  * smb_fsop_rename
1036  *
1037  * All SMB functions should use this smb_vop_rename wrapper to ensure that
1038  * the smb_vop_rename is performed with the appropriate credentials.
1039  * Please document any direct call to smb_vop_rename to explain the reason
1040  * for avoiding this wrapper.
1041  *
1042  * It is assumed that references exist on from_dnode and to_dnode coming
1043  * into this routine.
1044  */
1045 int
1046 smb_fsop_rename(
1047     smb_request_t *sr,
1048     cred_t *cr,
1049     smb_node_t *from_dnode,
1050     char *from_name,
1051     smb_node_t *to_dnode,
1052     char *to_name)
1053 {
1054 	smb_node_t *from_snode;
1055 	smb_attr_t from_attr;
1056 	vnode_t *from_vp;
1057 	int flags = 0, ret_flags;
1058 	int rc;
1059 	boolean_t isdir;
1060 
1061 	ASSERT(cr);
1062 	ASSERT(from_dnode);
1063 	ASSERT(from_dnode->n_magic == SMB_NODE_MAGIC);
1064 	ASSERT(from_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1065 
1066 	ASSERT(to_dnode);
1067 	ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC);
1068 	ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1069 
1070 	if (SMB_TREE_CONTAINS_NODE(sr, from_dnode) == 0)
1071 		return (EACCES);
1072 
1073 	if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0)
1074 		return (EACCES);
1075 
1076 	ASSERT(sr);
1077 	ASSERT(sr->tid_tree);
1078 	if (SMB_TREE_IS_READONLY(sr))
1079 		return (EROFS);
1080 
1081 	/*
1082 	 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE
1083 	 * here.
1084 	 *
1085 	 * A case-sensitive rename is always done in this routine
1086 	 * because we are using the on-disk name from an earlier lookup.
1087 	 * If a mangled name was passed in by the caller (denoting a
1088 	 * deterministic lookup), then the exact file must be renamed
1089 	 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or
1090 	 * else the underlying file system might return a "first-match"
1091 	 * on this on-disk name, possibly resulting in the wrong file).
1092 	 */
1093 
1094 	if (SMB_TREE_SUPPORTS_CATIA(sr))
1095 		flags |= SMB_CATIA;
1096 
1097 	/*
1098 	 * XXX: Lock required through smb_node_release() below?
1099 	 */
1100 
1101 	rc = smb_vop_lookup(from_dnode->vp, from_name, &from_vp, NULL,
1102 	    flags, &ret_flags, NULL, &from_attr, cr);
1103 
1104 	if (rc != 0)
1105 		return (rc);
1106 
1107 	if (from_attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) {
1108 		VN_RELE(from_vp);
1109 		return (EACCES);
1110 	}
1111 
1112 	isdir = ((from_attr.sa_dosattr & FILE_ATTRIBUTE_DIRECTORY) != 0);
1113 
1114 	if ((isdir && SMB_TREE_HAS_ACCESS(sr,
1115 	    ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY) !=
1116 	    (ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY)) ||
1117 	    (!isdir && SMB_TREE_HAS_ACCESS(sr, ACE_DELETE | ACE_ADD_FILE) !=
1118 	    (ACE_DELETE | ACE_ADD_FILE))) {
1119 		VN_RELE(from_vp);
1120 		return (EACCES);
1121 	}
1122 
1123 	/*
1124 	 * SMB checks access on open and retains an access granted
1125 	 * mask for use while the file is open.  ACL changes should
1126 	 * not affect access to an open file.
1127 	 *
1128 	 * If the rename is being performed on an ofile:
1129 	 * - Check the ofile's access granted mask to see if the
1130 	 *   rename is permitted - requires DELETE access.
1131 	 * - If the file system does access checking, set the
1132 	 *   ATTR_NOACLCHECK flag to ensure that the file system
1133 	 *   does not check permissions on subsequent calls.
1134 	 */
1135 	if (sr && sr->fid_ofile) {
1136 		rc = smb_ofile_access(sr->fid_ofile, cr, DELETE);
1137 		if (rc != NT_STATUS_SUCCESS) {
1138 			VN_RELE(from_vp);
1139 			return (EACCES);
1140 		}
1141 
1142 		if (smb_tree_has_feature(sr->tid_tree,
1143 		    SMB_TREE_ACEMASKONACCESS))
1144 			flags = ATTR_NOACLCHECK;
1145 	}
1146 
1147 	rc = smb_vop_rename(from_dnode->vp, from_name, to_dnode->vp,
1148 	    to_name, flags, cr);
1149 
1150 	if (rc == 0) {
1151 		from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name,
1152 		    from_dnode, NULL);
1153 
1154 		if (from_snode == NULL) {
1155 			rc = ENOMEM;
1156 		} else {
1157 			smb_node_rename(from_dnode, from_snode,
1158 			    to_dnode, to_name);
1159 			smb_node_release(from_snode);
1160 		}
1161 	}
1162 	VN_RELE(from_vp);
1163 
1164 	if (rc == 0)
1165 		smb_node_notify_parents(from_dnode);
1166 
1167 	/* XXX: unlock */
1168 
1169 	return (rc);
1170 }
1171 
1172 /*
1173  * smb_fsop_setattr
1174  *
1175  * All SMB functions should use this wrapper to ensure that
1176  * the the calls are performed with the appropriate credentials.
1177  * Please document any direct call to explain the reason
1178  * for avoiding this wrapper.
1179  *
1180  * It is assumed that a reference exists on snode coming into
1181  * this function.
1182  * A null smb_request might be passed to this function.
1183  */
1184 int
1185 smb_fsop_setattr(
1186     smb_request_t	*sr,
1187     cred_t		*cr,
1188     smb_node_t		*snode,
1189     smb_attr_t		*set_attr)
1190 {
1191 	smb_node_t *unnamed_node;
1192 	vnode_t *unnamed_vp = NULL;
1193 	uint32_t status;
1194 	uint32_t access;
1195 	int rc = 0;
1196 	int flags = 0;
1197 	uint_t sa_mask;
1198 
1199 	ASSERT(cr);
1200 	ASSERT(snode);
1201 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1202 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1203 
1204 	if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0)
1205 		return (EACCES);
1206 
1207 	if (SMB_TREE_IS_READONLY(sr))
1208 		return (EROFS);
1209 
1210 	if (SMB_TREE_HAS_ACCESS(sr,
1211 	    ACE_WRITE_ATTRIBUTES | ACE_WRITE_NAMED_ATTRS) == 0)
1212 		return (EACCES);
1213 
1214 	/*
1215 	 * The file system cannot detect pending READDONLY
1216 	 * (i.e. if the file has been opened readonly but
1217 	 * not yet closed) so we need to test READONLY here.
1218 	 *
1219 	 * Note that file handle that were opened before the
1220 	 * READONLY flag was set in the node (or the FS) are
1221 	 * immune to that change, and remain writable.
1222 	 */
1223 	if (sr && (set_attr->sa_mask & SMB_AT_SIZE)) {
1224 		if (sr->fid_ofile) {
1225 			if (SMB_OFILE_IS_READONLY(sr->fid_ofile))
1226 				return (EACCES);
1227 		} else {
1228 			if (SMB_PATHFILE_IS_READONLY(sr, snode))
1229 				return (EACCES);
1230 		}
1231 	}
1232 
1233 	/*
1234 	 * SMB checks access on open and retains an access granted
1235 	 * mask for use while the file is open.  ACL changes should
1236 	 * not affect access to an open file.
1237 	 *
1238 	 * If the setattr is being performed on an ofile:
1239 	 * - Check the ofile's access granted mask to see if the
1240 	 *   setattr is permitted.
1241 	 *   UID, GID - require WRITE_OWNER
1242 	 *   SIZE, ALLOCSZ - require FILE_WRITE_DATA
1243 	 *   all other attributes require FILE_WRITE_ATTRIBUTES
1244 	 *
1245 	 * - If the file system does access checking, set the
1246 	 *   ATTR_NOACLCHECK flag to ensure that the file system
1247 	 *   does not check permissions on subsequent calls.
1248 	 */
1249 	if (sr && sr->fid_ofile) {
1250 		sa_mask = set_attr->sa_mask;
1251 		access = 0;
1252 
1253 		if (sa_mask & (SMB_AT_SIZE | SMB_AT_ALLOCSZ)) {
1254 			access |= FILE_WRITE_DATA;
1255 			sa_mask &= ~(SMB_AT_SIZE | SMB_AT_ALLOCSZ);
1256 		}
1257 
1258 		if (sa_mask & (SMB_AT_UID|SMB_AT_GID)) {
1259 			access |= WRITE_OWNER;
1260 			sa_mask &= ~(SMB_AT_UID|SMB_AT_GID);
1261 		}
1262 
1263 		if (sa_mask)
1264 			access |= FILE_WRITE_ATTRIBUTES;
1265 
1266 		status = smb_ofile_access(sr->fid_ofile, cr, access);
1267 		if (status != NT_STATUS_SUCCESS)
1268 			return (EACCES);
1269 
1270 		if (smb_tree_has_feature(sr->tid_tree,
1271 		    SMB_TREE_ACEMASKONACCESS))
1272 			flags = ATTR_NOACLCHECK;
1273 	}
1274 
1275 	unnamed_node = SMB_IS_STREAM(snode);
1276 
1277 	if (unnamed_node) {
1278 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1279 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1280 		unnamed_vp = unnamed_node->vp;
1281 	}
1282 
1283 	rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr);
1284 	return (rc);
1285 }
1286 
1287 /*
1288  * smb_fsop_read
1289  *
1290  * All SMB functions should use this wrapper to ensure that
1291  * the the calls are performed with the appropriate credentials.
1292  * Please document any direct call to explain the reason
1293  * for avoiding this wrapper.
1294  *
1295  * It is assumed that a reference exists on snode coming into this routine.
1296  */
1297 int
1298 smb_fsop_read(smb_request_t *sr, cred_t *cr, smb_node_t *snode, uio_t *uio)
1299 {
1300 	caller_context_t ct;
1301 	cred_t *kcr = zone_kcred();
1302 	int svmand;
1303 	int rc;
1304 
1305 	ASSERT(cr);
1306 	ASSERT(snode);
1307 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1308 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1309 
1310 	ASSERT(sr);
1311 	ASSERT(sr->fid_ofile);
1312 
1313 	if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_DATA) == 0)
1314 		return (EACCES);
1315 
1316 	rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA);
1317 	if ((rc != NT_STATUS_SUCCESS) &&
1318 	    (sr->smb_flg2 & SMB_FLAGS2_READ_IF_EXECUTE))
1319 		rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE);
1320 
1321 	if (rc != NT_STATUS_SUCCESS)
1322 		return (EACCES);
1323 
1324 	/*
1325 	 * Streams permission are checked against the unnamed stream,
1326 	 * but in FS level they have their own permissions. To avoid
1327 	 * rejection by FS due to lack of permission on the actual
1328 	 * extended attr kcred is passed for streams.
1329 	 */
1330 	if (SMB_IS_STREAM(snode))
1331 		cr = kcr;
1332 
1333 	smb_node_start_crit(snode, RW_READER);
1334 	rc = nbl_svmand(snode->vp, kcr, &svmand);
1335 	if (rc) {
1336 		smb_node_end_crit(snode);
1337 		return (rc);
1338 	}
1339 
1340 	ct = smb_ct;
1341 	ct.cc_pid = sr->fid_ofile->f_uniqid;
1342 	rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset,
1343 	    uio->uio_iov->iov_len, svmand, &ct);
1344 
1345 	if (rc) {
1346 		smb_node_end_crit(snode);
1347 		return (ERANGE);
1348 	}
1349 
1350 	rc = smb_vop_read(snode->vp, uio, cr);
1351 	smb_node_end_crit(snode);
1352 
1353 	return (rc);
1354 }
1355 
1356 /*
1357  * smb_fsop_write
1358  *
1359  * This is a wrapper function used for smb_write and smb_write_raw operations.
1360  *
1361  * It is assumed that a reference exists on snode coming into this routine.
1362  */
1363 int
1364 smb_fsop_write(
1365     smb_request_t *sr,
1366     cred_t *cr,
1367     smb_node_t *snode,
1368     uio_t *uio,
1369     uint32_t *lcount,
1370     int ioflag)
1371 {
1372 	caller_context_t ct;
1373 	smb_attr_t attr;
1374 	smb_node_t *u_node;
1375 	vnode_t *u_vp = NULL;
1376 	smb_ofile_t *of;
1377 	vnode_t *vp;
1378 	cred_t *kcr = zone_kcred();
1379 	int svmand;
1380 	int rc;
1381 
1382 	ASSERT(cr);
1383 	ASSERT(snode);
1384 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1385 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1386 
1387 	ASSERT(sr);
1388 	ASSERT(sr->tid_tree);
1389 	of = sr->fid_ofile;
1390 	vp = snode->vp;
1391 
1392 	if (SMB_TREE_IS_READONLY(sr))
1393 		return (EROFS);
1394 
1395 	if (SMB_OFILE_IS_READONLY(of) ||
1396 	    SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_DATA | ACE_APPEND_DATA) == 0)
1397 		return (EACCES);
1398 
1399 	rc = smb_ofile_access(of, cr, FILE_WRITE_DATA);
1400 	if (rc != NT_STATUS_SUCCESS) {
1401 		rc = smb_ofile_access(of, cr, FILE_APPEND_DATA);
1402 		if (rc != NT_STATUS_SUCCESS)
1403 			return (EACCES);
1404 	}
1405 
1406 	/*
1407 	 * Streams permission are checked against the unnamed stream,
1408 	 * but in FS level they have their own permissions. To avoid
1409 	 * rejection by FS due to lack of permission on the actual
1410 	 * extended attr kcred is passed for streams.
1411 	 */
1412 	u_node = SMB_IS_STREAM(snode);
1413 	if (u_node != NULL) {
1414 		ASSERT(u_node->n_magic == SMB_NODE_MAGIC);
1415 		ASSERT(u_node->n_state != SMB_NODE_STATE_DESTROYING);
1416 		u_vp = u_node->vp;
1417 		cr = kcr;
1418 	}
1419 
1420 	smb_node_start_crit(snode, RW_WRITER);
1421 	rc = nbl_svmand(vp, kcr, &svmand);
1422 	if (rc) {
1423 		smb_node_end_crit(snode);
1424 		return (rc);
1425 	}
1426 
1427 	ct = smb_ct;
1428 	ct.cc_pid = of->f_uniqid;
1429 	rc = nbl_lock_conflict(vp, NBL_WRITE, uio->uio_loffset,
1430 	    uio->uio_iov->iov_len, svmand, &ct);
1431 
1432 	if (rc) {
1433 		smb_node_end_crit(snode);
1434 		return (ERANGE);
1435 	}
1436 
1437 	rc = smb_vop_write(vp, uio, ioflag, lcount, cr);
1438 
1439 	/*
1440 	 * Once the mtime has been set via this ofile, the
1441 	 * automatic mtime changes from writes via this ofile
1442 	 * should cease, preserving the mtime that was set.
1443 	 * See: [MS-FSA] 2.1.5.14 and smb_node_setattr.
1444 	 *
1445 	 * The VFS interface does not offer a way to ask it to
1446 	 * skip the mtime updates, so we simulate the desired
1447 	 * behavior by re-setting the mtime after writes on a
1448 	 * handle where the mtime has been set.
1449 	 */
1450 	if (of->f_pending_attr.sa_mask & SMB_AT_MTIME) {
1451 		bcopy(&of->f_pending_attr, &attr, sizeof (attr));
1452 		attr.sa_mask = SMB_AT_MTIME;
1453 		(void) smb_vop_setattr(vp, u_vp, &attr, 0, kcr);
1454 	}
1455 
1456 	smb_node_end_crit(snode);
1457 
1458 	return (rc);
1459 }
1460 
1461 /*
1462  * smb_fsop_statfs
1463  *
1464  * This is a wrapper function used for stat operations.
1465  */
1466 int
1467 smb_fsop_statfs(
1468     cred_t *cr,
1469     smb_node_t *snode,
1470     struct statvfs64 *statp)
1471 {
1472 	ASSERT(cr);
1473 	ASSERT(snode);
1474 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1475 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1476 
1477 	return (smb_vop_statfs(snode->vp, statp, cr));
1478 }
1479 
1480 /*
1481  * smb_fsop_access
1482  *
1483  * Named streams do not have separate permissions from the associated
1484  * unnamed stream.  Thus, if node is a named stream, the permissions
1485  * check will be performed on the associated unnamed stream.
1486  *
1487  * However, our named streams do have their own quarantine attribute,
1488  * separate from that on the unnamed stream. If READ or EXECUTE
1489  * access has been requested on a named stream, an additional access
1490  * check is performed on the named stream in case it has been
1491  * quarantined.  kcred is used to avoid issues with the permissions
1492  * set on the extended attribute file representing the named stream.
1493  */
1494 int
1495 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1496     uint32_t faccess)
1497 {
1498 	int access = 0;
1499 	int error;
1500 	vnode_t *dir_vp;
1501 	boolean_t acl_check = B_TRUE;
1502 	smb_node_t *unnamed_node;
1503 
1504 	ASSERT(sr);
1505 	ASSERT(cr);
1506 	ASSERT(snode);
1507 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1508 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1509 
1510 	/* Requests for no access should be denied. */
1511 	if (faccess == 0)
1512 		return (NT_STATUS_ACCESS_DENIED);
1513 
1514 	if (SMB_TREE_IS_READONLY(sr)) {
1515 		if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA|
1516 		    FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES|
1517 		    DELETE|WRITE_DAC|WRITE_OWNER)) {
1518 			return (NT_STATUS_ACCESS_DENIED);
1519 		}
1520 	}
1521 
1522 	if (smb_node_is_reparse(snode) && (faccess & DELETE))
1523 		return (NT_STATUS_ACCESS_DENIED);
1524 
1525 	unnamed_node = SMB_IS_STREAM(snode);
1526 	if (unnamed_node) {
1527 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1528 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1529 
1530 		/*
1531 		 * Perform VREAD access check on the named stream in case it
1532 		 * is quarantined. kcred is passed to smb_vop_access so it
1533 		 * doesn't fail due to lack of permission.
1534 		 */
1535 		if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) {
1536 			error = smb_vop_access(snode->vp, VREAD,
1537 			    0, NULL, zone_kcred());
1538 			if (error)
1539 				return (NT_STATUS_ACCESS_DENIED);
1540 		}
1541 
1542 		/*
1543 		 * Streams authorization should be performed against the
1544 		 * unnamed stream.
1545 		 */
1546 		snode = unnamed_node;
1547 	}
1548 
1549 	if (faccess & ACCESS_SYSTEM_SECURITY) {
1550 		/*
1551 		 * This permission is required for reading/writing SACL and
1552 		 * it's not part of DACL. It's only granted via proper
1553 		 * privileges.
1554 		 */
1555 		if ((sr->uid_user->u_privileges &
1556 		    (SMB_USER_PRIV_BACKUP |
1557 		    SMB_USER_PRIV_RESTORE |
1558 		    SMB_USER_PRIV_SECURITY)) == 0)
1559 			return (NT_STATUS_PRIVILEGE_NOT_HELD);
1560 
1561 		faccess &= ~ACCESS_SYSTEM_SECURITY;
1562 	}
1563 
1564 	/* Links don't have ACL */
1565 	if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) ||
1566 	    smb_node_is_symlink(snode))
1567 		acl_check = B_FALSE;
1568 
1569 	/* Deny access based on the share access mask */
1570 
1571 	if ((faccess & ~sr->tid_tree->t_access) != 0)
1572 		return (NT_STATUS_ACCESS_DENIED);
1573 
1574 	if (acl_check) {
1575 		dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL;
1576 		error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp,
1577 		    cr);
1578 	} else {
1579 		/*
1580 		 * FS doesn't understand 32-bit mask, need to map
1581 		 */
1582 		if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA))
1583 			access |= VWRITE;
1584 
1585 		if (faccess & FILE_READ_DATA)
1586 			access |= VREAD;
1587 
1588 		if (faccess & FILE_EXECUTE)
1589 			access |= VEXEC;
1590 
1591 		error = smb_vop_access(snode->vp, access, 0, NULL, cr);
1592 	}
1593 
1594 	return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS);
1595 }
1596 
1597 /*
1598  * smb_fsop_lookup_name()
1599  *
1600  * If name indicates that the file is a stream file, perform
1601  * stream specific lookup, otherwise call smb_fsop_lookup.
1602  *
1603  * Return an error if the looked-up file is in outside the tree.
1604  * (Required when invoked from open path.)
1605  *
1606  * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1607  * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1608  * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1609  * flag is set in the flags value passed as a parameter, a case insensitive
1610  * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1611  * or not).
1612  */
1613 
1614 int
1615 smb_fsop_lookup_name(
1616     smb_request_t *sr,
1617     cred_t	*cr,
1618     int		flags,
1619     smb_node_t	*root_node,
1620     smb_node_t	*dnode,
1621     char	*name,
1622     smb_node_t	**ret_snode)
1623 {
1624 	smb_node_t	*fnode;
1625 	vnode_t		*xattrdirvp;
1626 	vnode_t		*vp;
1627 	char		*od_name;
1628 	char		*fname;
1629 	char		*sname;
1630 	int		rc;
1631 
1632 	ASSERT(cr);
1633 	ASSERT(dnode);
1634 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
1635 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
1636 
1637 	/*
1638 	 * The following check is required for streams processing, below
1639 	 */
1640 
1641 	if (!(flags & SMB_CASE_SENSITIVE)) {
1642 		if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1643 			flags |= SMB_IGNORE_CASE;
1644 	}
1645 
1646 	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1647 	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1648 
1649 	if (smb_is_stream_name(name)) {
1650 		smb_stream_parse_name(name, fname, sname);
1651 
1652 		/*
1653 		 * Look up the unnamed stream (i.e. fname).
1654 		 * Unmangle processing will be done on fname
1655 		 * as well as any link target.
1656 		 */
1657 		rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode,
1658 		    fname, &fnode);
1659 
1660 		if (rc != 0) {
1661 			kmem_free(fname, MAXNAMELEN);
1662 			kmem_free(sname, MAXNAMELEN);
1663 			return (rc);
1664 		}
1665 
1666 		od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1667 
1668 		/*
1669 		 * od_name is the on-disk name of the stream, except
1670 		 * without the prepended stream prefix (SMB_STREAM_PREFIX)
1671 		 */
1672 
1673 		/*
1674 		 * XXX
1675 		 * What permissions NTFS requires for stream lookup if any?
1676 		 */
1677 		rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name,
1678 		    &xattrdirvp, flags, root_node->vp, cr);
1679 
1680 		if (rc != 0) {
1681 			smb_node_release(fnode);
1682 			kmem_free(fname, MAXNAMELEN);
1683 			kmem_free(sname, MAXNAMELEN);
1684 			kmem_free(od_name, MAXNAMELEN);
1685 			return (rc);
1686 		}
1687 
1688 		*ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp,
1689 		    vp, od_name);
1690 
1691 		kmem_free(od_name, MAXNAMELEN);
1692 		smb_node_release(fnode);
1693 		VN_RELE(xattrdirvp);
1694 		VN_RELE(vp);
1695 
1696 		if (*ret_snode == NULL) {
1697 			kmem_free(fname, MAXNAMELEN);
1698 			kmem_free(sname, MAXNAMELEN);
1699 			return (ENOMEM);
1700 		}
1701 	} else {
1702 		rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, name,
1703 		    ret_snode);
1704 	}
1705 
1706 	if (rc == 0) {
1707 		ASSERT(ret_snode);
1708 		if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) {
1709 			smb_node_release(*ret_snode);
1710 			*ret_snode = NULL;
1711 			rc = EACCES;
1712 		}
1713 	}
1714 
1715 	kmem_free(fname, MAXNAMELEN);
1716 	kmem_free(sname, MAXNAMELEN);
1717 
1718 	return (rc);
1719 }
1720 
1721 /*
1722  * smb_fsop_lookup
1723  *
1724  * All SMB functions should use this smb_vop_lookup wrapper to ensure that
1725  * the smb_vop_lookup is performed with the appropriate credentials and using
1726  * case insensitive compares. Please document any direct call to smb_vop_lookup
1727  * to explain the reason for avoiding this wrapper.
1728  *
1729  * It is assumed that a reference exists on dnode coming into this routine
1730  * (and that it is safe from deallocation).
1731  *
1732  * Same with the root_node.
1733  *
1734  * *ret_snode is returned with a reference upon success.  No reference is
1735  * taken if an error is returned.
1736  *
1737  * Note: The returned ret_snode may be in a child mount.  This is ok for
1738  * readdir.
1739  *
1740  * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent
1741  * operations on files not in the parent mount.
1742  *
1743  * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1744  * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1745  * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1746  * flag is set in the flags value passed as a parameter, a case insensitive
1747  * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1748  * or not).
1749  */
1750 int
1751 smb_fsop_lookup(
1752     smb_request_t *sr,
1753     cred_t	*cr,
1754     int		flags,
1755     smb_node_t	*root_node,
1756     smb_node_t	*dnode,
1757     char	*name,
1758     smb_node_t	**ret_snode)
1759 {
1760 	smb_node_t *lnk_target_node;
1761 	smb_node_t *lnk_dnode;
1762 	char *longname;
1763 	char *od_name;
1764 	vnode_t *vp;
1765 	int rc;
1766 	int ret_flags;
1767 	smb_attr_t attr;
1768 
1769 	ASSERT(cr);
1770 	ASSERT(dnode);
1771 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
1772 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
1773 
1774 	if (name == NULL)
1775 		return (EINVAL);
1776 
1777 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
1778 		return (EACCES);
1779 
1780 	if (!(flags & SMB_CASE_SENSITIVE)) {
1781 		if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1782 			flags |= SMB_IGNORE_CASE;
1783 	}
1784 	if (SMB_TREE_SUPPORTS_CATIA(sr))
1785 		flags |= SMB_CATIA;
1786 	if (SMB_TREE_SUPPORTS_ABE(sr))
1787 		flags |= SMB_ABE;
1788 
1789 	od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1790 
1791 	rc = smb_vop_lookup(dnode->vp, name, &vp, od_name, flags,
1792 	    &ret_flags, root_node ? root_node->vp : NULL, &attr, cr);
1793 
1794 	if (rc != 0) {
1795 		if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
1796 		    !smb_maybe_mangled(name)) {
1797 			kmem_free(od_name, MAXNAMELEN);
1798 			return (rc);
1799 		}
1800 
1801 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1802 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
1803 		if (rc != 0) {
1804 			kmem_free(od_name, MAXNAMELEN);
1805 			kmem_free(longname, MAXNAMELEN);
1806 			return (rc);
1807 		}
1808 
1809 		/*
1810 		 * longname is the real (case-sensitive)
1811 		 * on-disk name.
1812 		 * We make sure we do a lookup on this exact
1813 		 * name, as the name was mangled and denotes
1814 		 * a unique file.
1815 		 */
1816 
1817 		if (flags & SMB_IGNORE_CASE)
1818 			flags &= ~SMB_IGNORE_CASE;
1819 
1820 		rc = smb_vop_lookup(dnode->vp, longname, &vp, od_name,
1821 		    flags, &ret_flags, root_node ? root_node->vp : NULL, &attr,
1822 		    cr);
1823 
1824 		kmem_free(longname, MAXNAMELEN);
1825 
1826 		if (rc != 0) {
1827 			kmem_free(od_name, MAXNAMELEN);
1828 			return (rc);
1829 		}
1830 	}
1831 
1832 	if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK) &&
1833 	    ((attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) == 0)) {
1834 		rc = smb_pathname(sr, od_name, FOLLOW, root_node, dnode,
1835 		    &lnk_dnode, &lnk_target_node, cr);
1836 
1837 		if (rc != 0) {
1838 			/*
1839 			 * The link is assumed to be for the last component
1840 			 * of a path.  Hence any ENOTDIR error will be returned
1841 			 * as ENOENT.
1842 			 */
1843 			if (rc == ENOTDIR)
1844 				rc = ENOENT;
1845 
1846 			VN_RELE(vp);
1847 			kmem_free(od_name, MAXNAMELEN);
1848 			return (rc);
1849 		}
1850 
1851 		/*
1852 		 * Release the original VLNK vnode
1853 		 */
1854 
1855 		VN_RELE(vp);
1856 		vp = lnk_target_node->vp;
1857 
1858 		rc = smb_vop_traverse_check(&vp);
1859 
1860 		if (rc != 0) {
1861 			smb_node_release(lnk_dnode);
1862 			smb_node_release(lnk_target_node);
1863 			kmem_free(od_name, MAXNAMELEN);
1864 			return (rc);
1865 		}
1866 
1867 		/*
1868 		 * smb_vop_traverse_check() may have returned a different vnode
1869 		 */
1870 
1871 		if (lnk_target_node->vp == vp) {
1872 			*ret_snode = lnk_target_node;
1873 		} else {
1874 			*ret_snode = smb_node_lookup(sr, NULL, cr, vp,
1875 			    lnk_target_node->od_name, lnk_dnode, NULL);
1876 			VN_RELE(vp);
1877 
1878 			if (*ret_snode == NULL)
1879 				rc = ENOMEM;
1880 			smb_node_release(lnk_target_node);
1881 		}
1882 
1883 		smb_node_release(lnk_dnode);
1884 
1885 	} else {
1886 
1887 		rc = smb_vop_traverse_check(&vp);
1888 		if (rc) {
1889 			VN_RELE(vp);
1890 			kmem_free(od_name, MAXNAMELEN);
1891 			return (rc);
1892 		}
1893 
1894 		*ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name,
1895 		    dnode, NULL);
1896 		VN_RELE(vp);
1897 
1898 		if (*ret_snode == NULL)
1899 			rc = ENOMEM;
1900 	}
1901 
1902 	kmem_free(od_name, MAXNAMELEN);
1903 	return (rc);
1904 }
1905 
1906 int /*ARGSUSED*/
1907 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode)
1908 {
1909 	ASSERT(cr);
1910 	ASSERT(snode);
1911 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1912 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1913 
1914 	ASSERT(sr);
1915 	ASSERT(sr->tid_tree);
1916 	if (SMB_TREE_IS_READONLY(sr))
1917 		return (EROFS);
1918 
1919 	return (smb_vop_commit(snode->vp, cr));
1920 }
1921 
1922 /*
1923  * smb_fsop_aclread
1924  *
1925  * Retrieve filesystem ACL. Depends on requested ACLs in
1926  * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in
1927  * fs_sd. Note that requesting a DACL/SACL doesn't mean that
1928  * the corresponding field in fs_sd should be non-NULL upon
1929  * return, since the target ACL might not contain that type of
1930  * entries.
1931  *
1932  * Returned ACL is always in ACE_T (aka ZFS) format.
1933  * If successful the allocated memory for the ACL should be freed
1934  * using smb_fsacl_free() or smb_fssd_term()
1935  */
1936 int
1937 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1938     smb_fssd_t *fs_sd)
1939 {
1940 	int error = 0;
1941 	int flags = 0;
1942 	int access = 0;
1943 	acl_t *acl;
1944 	smb_node_t *unnamed_node;
1945 
1946 	ASSERT(cr);
1947 
1948 	if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_ACL) == 0)
1949 		return (EACCES);
1950 
1951 	if (sr->fid_ofile) {
1952 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
1953 			access = READ_CONTROL;
1954 
1955 		if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
1956 			access |= ACCESS_SYSTEM_SECURITY;
1957 
1958 		error = smb_ofile_access(sr->fid_ofile, cr, access);
1959 		if (error != NT_STATUS_SUCCESS) {
1960 			return (EACCES);
1961 		}
1962 	}
1963 
1964 	unnamed_node = SMB_IS_STREAM(snode);
1965 	if (unnamed_node) {
1966 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1967 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1968 		/*
1969 		 * Streams don't have ACL, any read ACL attempt on a stream
1970 		 * should be performed on the unnamed stream.
1971 		 */
1972 		snode = unnamed_node;
1973 	}
1974 
1975 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS))
1976 		flags = ATTR_NOACLCHECK;
1977 
1978 	error = smb_vop_acl_read(snode->vp, &acl, flags,
1979 	    sr->tid_tree->t_acltype, cr);
1980 	if (error != 0) {
1981 		return (error);
1982 	}
1983 
1984 	error = acl_translate(acl, _ACL_ACE_ENABLED,
1985 	    smb_node_is_dir(snode), fs_sd->sd_uid, fs_sd->sd_gid);
1986 
1987 	if (error == 0) {
1988 		smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl,
1989 		    fs_sd->sd_secinfo);
1990 	}
1991 
1992 	acl_free(acl);
1993 	return (error);
1994 }
1995 
1996 /*
1997  * smb_fsop_aclwrite
1998  *
1999  * Stores the filesystem ACL provided in fs_sd->sd_acl.
2000  */
2001 int
2002 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2003     smb_fssd_t *fs_sd)
2004 {
2005 	int target_flavor;
2006 	int error = 0;
2007 	int flags = 0;
2008 	int access = 0;
2009 	acl_t *acl, *dacl, *sacl;
2010 	smb_node_t *unnamed_node;
2011 
2012 	ASSERT(cr);
2013 
2014 	ASSERT(sr);
2015 	ASSERT(sr->tid_tree);
2016 	if (SMB_TREE_IS_READONLY(sr))
2017 		return (EROFS);
2018 
2019 	if (SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_ACL) == 0)
2020 		return (EACCES);
2021 
2022 	if (sr->fid_ofile) {
2023 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2024 			access = WRITE_DAC;
2025 
2026 		if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2027 			access |= ACCESS_SYSTEM_SECURITY;
2028 
2029 		error = smb_ofile_access(sr->fid_ofile, cr, access);
2030 		if (error != NT_STATUS_SUCCESS)
2031 			return (EACCES);
2032 	}
2033 
2034 	switch (sr->tid_tree->t_acltype) {
2035 	case ACLENT_T:
2036 		target_flavor = _ACL_ACLENT_ENABLED;
2037 		break;
2038 
2039 	case ACE_T:
2040 		target_flavor = _ACL_ACE_ENABLED;
2041 		break;
2042 	default:
2043 		return (EINVAL);
2044 	}
2045 
2046 	unnamed_node = SMB_IS_STREAM(snode);
2047 	if (unnamed_node) {
2048 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2049 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2050 		/*
2051 		 * Streams don't have ACL, any write ACL attempt on a stream
2052 		 * should be performed on the unnamed stream.
2053 		 */
2054 		snode = unnamed_node;
2055 	}
2056 
2057 	dacl = fs_sd->sd_zdacl;
2058 	sacl = fs_sd->sd_zsacl;
2059 
2060 	ASSERT(dacl || sacl);
2061 	if ((dacl == NULL) && (sacl == NULL))
2062 		return (EINVAL);
2063 
2064 	if (dacl && sacl)
2065 		acl = smb_fsacl_merge(dacl, sacl);
2066 	else if (dacl)
2067 		acl = dacl;
2068 	else
2069 		acl = sacl;
2070 
2071 	error = acl_translate(acl, target_flavor, smb_node_is_dir(snode),
2072 	    fs_sd->sd_uid, fs_sd->sd_gid);
2073 	if (error == 0) {
2074 		if (smb_tree_has_feature(sr->tid_tree,
2075 		    SMB_TREE_ACEMASKONACCESS))
2076 			flags = ATTR_NOACLCHECK;
2077 
2078 		error = smb_vop_acl_write(snode->vp, acl, flags, cr);
2079 	}
2080 
2081 	if (dacl && sacl)
2082 		acl_free(acl);
2083 
2084 	return (error);
2085 }
2086 
2087 acl_type_t
2088 smb_fsop_acltype(smb_node_t *snode)
2089 {
2090 	return (smb_vop_acl_type(snode->vp));
2091 }
2092 
2093 /*
2094  * smb_fsop_sdread
2095  *
2096  * Read the requested security descriptor items from filesystem.
2097  * The items are specified in fs_sd->sd_secinfo.
2098  */
2099 int
2100 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2101     smb_fssd_t *fs_sd)
2102 {
2103 	int error = 0;
2104 	int getowner = 0;
2105 	cred_t *ga_cred;
2106 	smb_attr_t attr;
2107 
2108 	ASSERT(cr);
2109 	ASSERT(fs_sd);
2110 
2111 	/*
2112 	 * File's uid/gid is fetched in two cases:
2113 	 *
2114 	 * 1. it's explicitly requested
2115 	 *
2116 	 * 2. target ACL is ACE_T (ZFS ACL). They're needed for
2117 	 *    owner@/group@ entries. In this case kcred should be used
2118 	 *    because uid/gid are fetched on behalf of smb server.
2119 	 */
2120 	if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) {
2121 		getowner = 1;
2122 		ga_cred = cr;
2123 	} else if (sr->tid_tree->t_acltype == ACE_T) {
2124 		getowner = 1;
2125 		ga_cred = zone_kcred();
2126 	}
2127 
2128 	if (getowner) {
2129 		/*
2130 		 * Windows require READ_CONTROL to read owner/group SID since
2131 		 * they're part of Security Descriptor.
2132 		 * ZFS only requires read_attribute. Need to have a explicit
2133 		 * access check here.
2134 		 */
2135 		if (sr->fid_ofile == NULL) {
2136 			error = smb_fsop_access(sr, ga_cred, snode,
2137 			    READ_CONTROL);
2138 			if (error)
2139 				return (EACCES);
2140 		}
2141 
2142 		attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2143 		error = smb_fsop_getattr(sr, ga_cred, snode, &attr);
2144 		if (error == 0) {
2145 			fs_sd->sd_uid = attr.sa_vattr.va_uid;
2146 			fs_sd->sd_gid = attr.sa_vattr.va_gid;
2147 		} else {
2148 			return (error);
2149 		}
2150 	}
2151 
2152 	if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2153 		error = smb_fsop_aclread(sr, cr, snode, fs_sd);
2154 	}
2155 
2156 	return (error);
2157 }
2158 
2159 /*
2160  * smb_fsop_sdmerge
2161  *
2162  * From SMB point of view DACL and SACL are two separate list
2163  * which can be manipulated independently without one affecting
2164  * the other, but entries for both DACL and SACL will end up
2165  * in the same ACL if target filesystem supports ACE_T ACLs.
2166  *
2167  * So, if either DACL or SACL is present in the client set request
2168  * the entries corresponding to the non-present ACL shouldn't
2169  * be touched in the FS ACL.
2170  *
2171  * fs_sd parameter contains DACL and SACL specified by SMB
2172  * client to be set on a file/directory. The client could
2173  * specify both or one of these ACLs (if none is specified
2174  * we don't get this far). When both DACL and SACL are given
2175  * by client the existing ACL should be overwritten. If only
2176  * one of them is specified the entries corresponding to the other
2177  * ACL should not be touched. For example, if only DACL
2178  * is specified in input fs_sd, the function reads audit entries
2179  * of the existing ACL of the file and point fs_sd->sd_zsdacl
2180  * pointer to the fetched SACL, this way when smb_fsop_sdwrite()
2181  * function is called the passed fs_sd would point to the specified
2182  * DACL by client and fetched SACL from filesystem, so the file
2183  * will end up with correct ACL.
2184  */
2185 static int
2186 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd)
2187 {
2188 	smb_fssd_t cur_sd;
2189 	cred_t *kcr = zone_kcred();
2190 	int error = 0;
2191 
2192 	if (sr->tid_tree->t_acltype != ACE_T)
2193 		/* Don't bother if target FS doesn't support ACE_T */
2194 		return (0);
2195 
2196 	if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) {
2197 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) {
2198 			/*
2199 			 * Don't overwrite existing audit entries
2200 			 */
2201 			smb_fssd_init(&cur_sd, SMB_SACL_SECINFO,
2202 			    fs_sd->sd_flags);
2203 
2204 			error = smb_fsop_sdread(sr, kcr, snode, &cur_sd);
2205 			if (error == 0) {
2206 				ASSERT(fs_sd->sd_zsacl == NULL);
2207 				fs_sd->sd_zsacl = cur_sd.sd_zsacl;
2208 				if (fs_sd->sd_zsacl && fs_sd->sd_zdacl)
2209 					fs_sd->sd_zsacl->acl_flags =
2210 					    fs_sd->sd_zdacl->acl_flags;
2211 			}
2212 		} else {
2213 			/*
2214 			 * Don't overwrite existing access entries
2215 			 */
2216 			smb_fssd_init(&cur_sd, SMB_DACL_SECINFO,
2217 			    fs_sd->sd_flags);
2218 
2219 			error = smb_fsop_sdread(sr, kcr, snode, &cur_sd);
2220 			if (error == 0) {
2221 				ASSERT(fs_sd->sd_zdacl == NULL);
2222 				fs_sd->sd_zdacl = cur_sd.sd_zdacl;
2223 				if (fs_sd->sd_zdacl && fs_sd->sd_zsacl)
2224 					fs_sd->sd_zdacl->acl_flags =
2225 					    fs_sd->sd_zsacl->acl_flags;
2226 			}
2227 		}
2228 
2229 		if (error)
2230 			smb_fssd_term(&cur_sd);
2231 	}
2232 
2233 	return (error);
2234 }
2235 
2236 /*
2237  * smb_fsop_sdwrite
2238  *
2239  * Stores the given uid, gid and acl in filesystem.
2240  * Provided items in fs_sd are specified by fs_sd->sd_secinfo.
2241  *
2242  * A SMB security descriptor could contain owner, primary group,
2243  * DACL and SACL. Setting an SD should be atomic but here it has to
2244  * be done via two separate FS operations: VOP_SETATTR and
2245  * VOP_SETSECATTR. Therefore, this function has to simulate the
2246  * atomicity as well as it can.
2247  *
2248  * Get the current uid, gid before setting the new uid/gid
2249  * so if smb_fsop_aclwrite fails they can be restored. root cred is
2250  * used to get currend uid/gid since this operation is performed on
2251  * behalf of the server not the user.
2252  *
2253  * If setting uid/gid fails with EPERM it means that and invalid
2254  * owner has been specified. Callers should translate this to
2255  * STATUS_INVALID_OWNER which is not the normal mapping for EPERM
2256  * in upper layers, so EPERM is mapped to EBADE.
2257  */
2258 int
2259 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2260     smb_fssd_t *fs_sd, int overwrite)
2261 {
2262 	smb_attr_t set_attr;
2263 	smb_attr_t orig_attr;
2264 	cred_t *kcr = zone_kcred();
2265 	int error = 0;
2266 	int access = 0;
2267 
2268 	ASSERT(cr);
2269 	ASSERT(fs_sd);
2270 
2271 	ASSERT(sr);
2272 	ASSERT(sr->tid_tree);
2273 	if (SMB_TREE_IS_READONLY(sr))
2274 		return (EROFS);
2275 
2276 	bzero(&set_attr, sizeof (smb_attr_t));
2277 
2278 	if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
2279 		set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
2280 		set_attr.sa_mask |= SMB_AT_UID;
2281 		access |= WRITE_OWNER;
2282 	}
2283 
2284 	if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
2285 		set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
2286 		set_attr.sa_mask |= SMB_AT_GID;
2287 		access |= WRITE_OWNER;
2288 	}
2289 
2290 	if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2291 		access |= WRITE_DAC;
2292 
2293 	if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2294 		access |= ACCESS_SYSTEM_SECURITY;
2295 
2296 	if (sr->fid_ofile)
2297 		error = smb_ofile_access(sr->fid_ofile, cr, access);
2298 	else
2299 		error = smb_fsop_access(sr, cr, snode, access);
2300 
2301 	if (error)
2302 		return (EACCES);
2303 
2304 	if (set_attr.sa_mask) {
2305 		orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2306 		error = smb_fsop_getattr(sr, kcr, snode, &orig_attr);
2307 		if (error == 0) {
2308 			error = smb_fsop_setattr(sr, cr, snode, &set_attr);
2309 			if (error == EPERM)
2310 				error = EBADE;
2311 		}
2312 
2313 		if (error)
2314 			return (error);
2315 	}
2316 
2317 	if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2318 		if (overwrite == 0) {
2319 			error = smb_fsop_sdmerge(sr, snode, fs_sd);
2320 			if (error)
2321 				return (error);
2322 		}
2323 
2324 		error = smb_fsop_aclwrite(sr, cr, snode, fs_sd);
2325 		if (error) {
2326 			/*
2327 			 * Revert uid/gid changes if required.
2328 			 */
2329 			if (set_attr.sa_mask) {
2330 				orig_attr.sa_mask = set_attr.sa_mask;
2331 				(void) smb_fsop_setattr(sr, kcr, snode,
2332 				    &orig_attr);
2333 			}
2334 		}
2335 	}
2336 
2337 	return (error);
2338 }
2339 
2340 /*
2341  * smb_fsop_sdinherit
2342  *
2343  * Inherit the security descriptor from the parent container.
2344  * This function is called after FS has created the file/folder
2345  * so if this doesn't do anything it means FS inheritance is
2346  * in place.
2347  *
2348  * Do inheritance for ZFS internally.
2349  *
2350  * If we want to let ZFS does the inheritance the
2351  * following setting should be true:
2352  *
2353  *  - aclinherit = passthrough
2354  *  - aclmode = passthrough
2355  *  - smbd umask = 0777
2356  *
2357  * This will result in right effective permissions but
2358  * ZFS will always add 6 ACEs for owner, owning group
2359  * and others to be POSIX compliant. This is not what
2360  * Windows clients/users expect, so we decided that CIFS
2361  * implements Windows rules and overwrite whatever ZFS
2362  * comes up with. This way we also don't have to care
2363  * about ZFS aclinherit and aclmode settings.
2364  */
2365 static int
2366 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd)
2367 {
2368 	acl_t *dacl = NULL;
2369 	acl_t *sacl = NULL;
2370 	int is_dir;
2371 	int error;
2372 
2373 	ASSERT(fs_sd);
2374 
2375 	if (sr->tid_tree->t_acltype != ACE_T) {
2376 		/*
2377 		 * No forced inheritance for non-ZFS filesystems.
2378 		 */
2379 		fs_sd->sd_secinfo = 0;
2380 		return (0);
2381 	}
2382 
2383 
2384 	/* Fetch parent directory's ACL */
2385 	error = smb_fsop_sdread(sr, zone_kcred(), dnode, fs_sd);
2386 	if (error) {
2387 		return (error);
2388 	}
2389 
2390 	is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR);
2391 	dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO,
2392 	    sr->user_cr);
2393 	sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO,
2394 	    sr->user_cr);
2395 
2396 	if (sacl == NULL)
2397 		fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO;
2398 
2399 	smb_fsacl_free(fs_sd->sd_zdacl);
2400 	smb_fsacl_free(fs_sd->sd_zsacl);
2401 
2402 	fs_sd->sd_zdacl = dacl;
2403 	fs_sd->sd_zsacl = sacl;
2404 
2405 	return (0);
2406 }
2407 
2408 /*
2409  * smb_fsop_eaccess
2410  *
2411  * Returns the effective permission of the given credential for the
2412  * specified object.
2413  *
2414  * This is just a workaround. We need VFS/FS support for this.
2415  */
2416 void
2417 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2418     uint32_t *eaccess)
2419 {
2420 	int access = 0;
2421 	vnode_t *dir_vp;
2422 	smb_node_t *unnamed_node;
2423 
2424 	ASSERT(cr);
2425 	ASSERT(snode);
2426 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
2427 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
2428 
2429 	unnamed_node = SMB_IS_STREAM(snode);
2430 	if (unnamed_node) {
2431 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2432 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2433 		/*
2434 		 * Streams authorization should be performed against the
2435 		 * unnamed stream.
2436 		 */
2437 		snode = unnamed_node;
2438 	}
2439 
2440 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) {
2441 		dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL;
2442 		smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp,
2443 		    cr);
2444 		return;
2445 	}
2446 
2447 	/*
2448 	 * FS doesn't understand 32-bit mask
2449 	 */
2450 	smb_vop_eaccess(snode->vp, &access, 0, NULL, cr);
2451 	access &= sr->tid_tree->t_access;
2452 
2453 	*eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES;
2454 
2455 	if (access & VREAD)
2456 		*eaccess |= FILE_READ_DATA;
2457 
2458 	if (access & VEXEC)
2459 		*eaccess |= FILE_EXECUTE;
2460 
2461 	if (access & VWRITE)
2462 		*eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES |
2463 		    FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD;
2464 }
2465 
2466 /*
2467  * smb_fsop_shrlock
2468  *
2469  * For the current open request, check file sharing rules
2470  * against existing opens.
2471  *
2472  * Returns NT_STATUS_SHARING_VIOLATION if there is any
2473  * sharing conflict.  Returns NT_STATUS_SUCCESS otherwise.
2474  *
2475  * Full system-wide share reservation synchronization is available
2476  * when the nbmand (non-blocking mandatory) mount option is set
2477  * (i.e. nbl_need_crit() is true) and nbmand critical regions are used.
2478  * This provides synchronization with NFS and local processes.  The
2479  * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called
2480  * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well
2481  * as the CIFS rename and delete paths.
2482  *
2483  * The CIFS server will also enter the nbl critical region in the open,
2484  * rename, and delete paths when nbmand is not set.  There is limited
2485  * coordination with local and VFS share reservations in this case.
2486  * Note that when the nbmand mount option is not set, the VFS layer
2487  * only processes advisory reservations and the delete mode is not checked.
2488  *
2489  * Whether or not the nbmand mount option is set, intra-CIFS share
2490  * checking is done in the open, delete, and rename paths using a CIFS
2491  * critical region (node->n_share_lock).
2492  */
2493 uint32_t
2494 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid,
2495     uint32_t desired_access, uint32_t share_access)
2496 {
2497 	int rc;
2498 
2499 	/* Allow access if the request is just for meta data */
2500 	if ((desired_access & FILE_DATA_ALL) == 0)
2501 		return (NT_STATUS_SUCCESS);
2502 
2503 	rc = smb_node_open_check(node, desired_access, share_access);
2504 	if (rc)
2505 		return (NT_STATUS_SHARING_VIOLATION);
2506 
2507 	rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access,
2508 	    cr);
2509 	if (rc)
2510 		return (NT_STATUS_SHARING_VIOLATION);
2511 
2512 	return (NT_STATUS_SUCCESS);
2513 }
2514 
2515 void
2516 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid)
2517 {
2518 	(void) smb_vop_unshrlock(node->vp, uniq_fid, cr);
2519 }
2520 
2521 int
2522 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock,
2523     cred_t *cr)
2524 {
2525 	flock64_t bf;
2526 	int flag = F_REMOTELOCK;
2527 
2528 	/*
2529 	 * VOP_FRLOCK() will not be called if:
2530 	 *
2531 	 * 1) The lock has a range of zero bytes. The semantics of Windows and
2532 	 *    POSIX are different. In the case of POSIX it asks for the locking
2533 	 *    of all the bytes from the offset provided until the end of the
2534 	 *    file. In the case of Windows a range of zero locks nothing and
2535 	 *    doesn't conflict with any other lock.
2536 	 *
2537 	 * 2) The lock rolls over (start + lenght < start). Solaris will assert
2538 	 *    if such a request is submitted. This will not create
2539 	 *    incompatibilities between POSIX and Windows. In the Windows world,
2540 	 *    if a client submits such a lock, the server will not lock any
2541 	 *    bytes. Interestingly if the same lock (same offset and length) is
2542 	 *    resubmitted Windows will consider that there is an overlap and
2543 	 *    the granting rules will then apply.
2544 	 */
2545 	if ((lock->l_length == 0) ||
2546 	    ((lock->l_start + lock->l_length - 1) < lock->l_start))
2547 		return (0);
2548 
2549 	bzero(&bf, sizeof (bf));
2550 
2551 	if (unlock) {
2552 		bf.l_type = F_UNLCK;
2553 	} else if (lock->l_type == SMB_LOCK_TYPE_READONLY) {
2554 		bf.l_type = F_RDLCK;
2555 		flag |= FREAD;
2556 	} else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) {
2557 		bf.l_type = F_WRLCK;
2558 		flag |= FWRITE;
2559 	}
2560 
2561 	bf.l_start = lock->l_start;
2562 	bf.l_len = lock->l_length;
2563 	bf.l_pid = lock->l_file->f_uniqid;
2564 	bf.l_sysid = smb_ct.cc_sysid;
2565 
2566 	return (smb_vop_frlock(node->vp, cr, flag, &bf));
2567 }
2568