xref: /titanic_50/usr/src/uts/common/fs/smbsrv/smb_tree.c (revision 3ed4a803a4d4b35e2773c194c9a6f4977687b542)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * General Structures Layout
28  * -------------------------
29  *
30  * This is a simplified diagram showing the relationship between most of the
31  * main structures.
32  *
33  * +-------------------+
34  * |     SMB_INFO      |
35  * +-------------------+
36  *          |
37  *          |
38  *          v
39  * +-------------------+       +-------------------+      +-------------------+
40  * |     SESSION       |<----->|     SESSION       |......|      SESSION      |
41  * +-------------------+       +-------------------+      +-------------------+
42  *          |
43  *          |
44  *          v
45  * +-------------------+       +-------------------+      +-------------------+
46  * |       USER        |<----->|       USER        |......|       USER        |
47  * +-------------------+       +-------------------+      +-------------------+
48  *          |
49  *          |
50  *          v
51  * +-------------------+       +-------------------+      +-------------------+
52  * |       TREE        |<----->|       TREE        |......|       TREE        |
53  * +-------------------+       +-------------------+      +-------------------+
54  *      |         |
55  *      |         |
56  *      |         v
57  *      |     +-------+       +-------+      +-------+
58  *      |     | OFILE |<----->| OFILE |......| OFILE |
59  *      |     +-------+       +-------+      +-------+
60  *      |
61  *      |
62  *      v
63  *  +-------+       +------+      +------+
64  *  | ODIR  |<----->| ODIR |......| ODIR |
65  *  +-------+       +------+      +------+
66  *
67  *
68  * Tree State Machine
69  * ------------------
70  *
71  *    +-----------------------------+	 T0
72  *    |  SMB_TREE_STATE_CONNECTED   |<----------- Creation/Allocation
73  *    +-----------------------------+
74  *		    |
75  *		    | T1
76  *		    |
77  *		    v
78  *    +------------------------------+
79  *    | SMB_TREE_STATE_DISCONNECTING |
80  *    +------------------------------+
81  *		    |
82  *		    | T2
83  *		    |
84  *		    v
85  *    +-----------------------------+    T3
86  *    | SMB_TREE_STATE_DISCONNECTED |----------> Deletion/Free
87  *    +-----------------------------+
88  *
89  * SMB_TREE_STATE_CONNECTED
90  *
91  *    While in this state:
92  *      - The tree is queued in the list of trees of its user.
93  *      - References will be given out if the tree is looked up.
94  *      - Files under that tree can be accessed.
95  *
96  * SMB_TREE_STATE_DISCONNECTING
97  *
98  *    While in this state:
99  *      - The tree is queued in the list of trees of its user.
100  *      - References will not be given out if the tree is looked up.
101  *      - The files and directories open under the tree are being closed.
102  *      - The resources associated with the tree remain.
103  *
104  * SMB_TREE_STATE_DISCONNECTED
105  *
106  *    While in this state:
107  *      - The tree is queued in the list of trees of its user.
108  *      - References will not be given out if the tree is looked up.
109  *      - The tree has no more files and directories opened.
110  *      - The resources associated with the tree remain.
111  *
112  * Transition T0
113  *
114  *    This transition occurs in smb_tree_connect(). A new tree is created and
115  *    added to the list of trees of a user.
116  *
117  * Transition T1
118  *
119  *    This transition occurs in smb_tree_disconnect().
120  *
121  * Transition T2
122  *
123  *    This transition occurs in smb_tree_release(). The resources associated
124  *    with the tree are freed as well as the tree structure. For the transition
125  *    to occur, the tree must be in the SMB_TREE_STATE_DISCONNECTED state and
126  *    the reference count be zero.
127  *
128  * Comments
129  * --------
130  *
131  *    The state machine of the tree structures is controlled by 3 elements:
132  *      - The list of trees of the user it belongs to.
133  *      - The mutex embedded in the structure itself.
134  *      - The reference count.
135  *
136  *    There's a mutex embedded in the tree structure used to protect its fields
137  *    and there's a lock embedded in the list of trees of a user. To
138  *    increment or to decrement the reference count the mutex must be entered.
139  *    To insert the tree into the list of trees of the user and to remove
140  *    the tree from it, the lock must be entered in RW_WRITER mode.
141  *
142  *    Rules of access to a tree structure:
143  *
144  *    1) In order to avoid deadlocks, when both (mutex and lock of the user
145  *       list) have to be entered, the lock must be entered first.
146  *
147  *    2) All actions applied to a tree require a reference count.
148  *
149  *    3) There are 2 ways of getting a reference count: when a tree is
150  *       connected and when a tree is looked up.
151  *
152  *    It should be noted that the reference count of a tree registers the
153  *    number of references to the tree in other structures (such as an smb
154  *    request). The reference count is not incremented in these 2 instances:
155  *
156  *    1) The tree is connected. An tree is anchored by his state. If there's
157  *       no activity involving a tree currently connected, the reference
158  *       count of that tree is zero.
159  *
160  *    2) The tree is queued in the list of trees of the user. The fact of
161  *       being queued in that list is NOT registered by incrementing the
162  *       reference count.
163  */
164 #include <sys/types.h>
165 #include <sys/refstr_impl.h>
166 #include <sys/feature_tests.h>
167 #include <sys/sunddi.h>
168 #include <sys/fsid.h>
169 #include <sys/vfs.h>
170 #include <sys/stat.h>
171 #include <sys/varargs.h>
172 #include <smbsrv/smb_incl.h>
173 #include <smbsrv/lmerr.h>
174 #include <smbsrv/smb_fsops.h>
175 #include <smbsrv/smb_door_svc.h>
176 #include <smbsrv/smb_share.h>
177 #include <sys/pathname.h>
178 
179 int smb_tcon_mute = 0;
180 
181 static smb_tree_t *smb_tree_connect_disk(smb_request_t *, const char *);
182 static smb_tree_t *smb_tree_connect_ipc(smb_request_t *, const char *);
183 static smb_tree_t *smb_tree_alloc(smb_user_t *, const char *, const char *,
184     int32_t, smb_node_t *, uint32_t);
185 static void smb_tree_dealloc(smb_tree_t *);
186 static boolean_t smb_tree_is_connected(smb_tree_t *);
187 static boolean_t smb_tree_is_disconnected(smb_tree_t *);
188 static const char *smb_tree_get_sharename(const char *);
189 static int smb_tree_get_stype(const char *, const char *, int32_t *);
190 static int smb_tree_getattr(smb_node_t *, smb_tree_t *);
191 static void smb_tree_get_volname(vfs_t *, smb_tree_t *);
192 static void smb_tree_get_flags(vfs_t *, smb_tree_t *);
193 static void smb_tree_log(smb_request_t *, const char *, const char *, ...);
194 static void smb_tree_close_odirs(smb_tree_t *, uint16_t);
195 static smb_odir_t *smb_tree_get_odir(smb_tree_t *, smb_odir_t *);
196 
197 /*
198  * Extract the share name and share type and connect as appropriate.
199  * Share names are case insensitive so we map the share name to
200  * lower-case as a convenience for internal processing.
201  */
202 smb_tree_t *
203 smb_tree_connect(smb_request_t *sr)
204 {
205 	char *unc_path = sr->arg.tcon.path;
206 	char *service = sr->arg.tcon.service;
207 	smb_tree_t *tree = NULL;
208 	const char *name;
209 	int32_t stype;
210 
211 	(void) utf8_strlwr(unc_path);
212 
213 	if ((name = smb_tree_get_sharename(unc_path)) == NULL) {
214 		smbsr_error(sr, 0, ERRSRV, ERRinvnetname);
215 		return (NULL);
216 	}
217 
218 	if (smb_tree_get_stype(name, service, &stype) != 0) {
219 		smbsr_error(sr, NT_STATUS_BAD_DEVICE_TYPE,
220 		    ERRDOS, ERROR_BAD_DEV_TYPE);
221 		return (NULL);
222 	}
223 
224 	switch (stype & STYPE_MASK) {
225 	case STYPE_DISKTREE:
226 		tree = smb_tree_connect_disk(sr, name);
227 		break;
228 
229 	case STYPE_IPC:
230 		tree = smb_tree_connect_ipc(sr, name);
231 		break;
232 
233 	default:
234 		smbsr_error(sr, NT_STATUS_BAD_DEVICE_TYPE,
235 		    ERRDOS, ERROR_BAD_DEV_TYPE);
236 		break;
237 	}
238 
239 	return (tree);
240 }
241 
242 /*
243  * Disconnect a tree.
244  */
245 void
246 smb_tree_disconnect(
247     smb_tree_t	*tree)
248 {
249 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
250 
251 	mutex_enter(&tree->t_mutex);
252 	ASSERT(tree->t_refcnt);
253 
254 	if (smb_tree_is_connected(tree)) {
255 		/*
256 		 * Indicate that the disconnect process has started.
257 		 */
258 		tree->t_state = SMB_TREE_STATE_DISCONNECTING;
259 		mutex_exit(&tree->t_mutex);
260 		atomic_dec_32(&tree->t_server->sv_open_trees);
261 
262 		/*
263 		 * The files opened under this tree are closed.
264 		 */
265 		smb_ofile_close_all(tree);
266 		/*
267 		 * The directories opened under this tree are closed.
268 		 */
269 		smb_tree_close_odirs(tree, 0);
270 		mutex_enter(&tree->t_mutex);
271 		tree->t_state = SMB_TREE_STATE_DISCONNECTED;
272 	}
273 
274 	mutex_exit(&tree->t_mutex);
275 }
276 
277 /*
278  * Take a reference on a tree.
279  */
280 boolean_t
281 smb_tree_hold(
282     smb_tree_t		*tree)
283 {
284 	ASSERT(tree);
285 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
286 
287 	mutex_enter(&tree->t_mutex);
288 
289 	if (smb_tree_is_connected(tree)) {
290 		tree->t_refcnt++;
291 		mutex_exit(&tree->t_mutex);
292 		return (B_TRUE);
293 	}
294 
295 	mutex_exit(&tree->t_mutex);
296 	return (B_FALSE);
297 }
298 
299 /*
300  * Release a reference on a tree.  If the tree is disconnected and the
301  * reference count falls to zero, the tree will be deallocated.
302  */
303 void
304 smb_tree_release(
305     smb_tree_t		*tree)
306 {
307 	ASSERT(tree);
308 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
309 
310 	mutex_enter(&tree->t_mutex);
311 	ASSERT(tree->t_refcnt);
312 	tree->t_refcnt--;
313 
314 	if (smb_tree_is_disconnected(tree) && (tree->t_refcnt == 0)) {
315 		mutex_exit(&tree->t_mutex);
316 		smb_tree_dealloc(tree);
317 		return;
318 	}
319 
320 	mutex_exit(&tree->t_mutex);
321 }
322 
323 /*
324  * Close ofiles and odirs that match pid.
325  */
326 void
327 smb_tree_close_pid(
328     smb_tree_t		*tree,
329     uint16_t		pid)
330 {
331 	ASSERT(tree);
332 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
333 
334 	smb_ofile_close_all_by_pid(tree, pid);
335 	smb_tree_close_odirs(tree, pid);
336 }
337 
338 /*
339  * Check whether or not a tree supports the features identified by flags.
340  */
341 boolean_t
342 smb_tree_has_feature(smb_tree_t *tree, uint32_t flags)
343 {
344 	ASSERT(tree);
345 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
346 
347 	return ((tree->t_flags & flags) == flags);
348 }
349 
350 
351 /* *************************** Static Functions ***************************** */
352 #define	SHARES_DIR	".zfs/shares/"
353 static void
354 smb_tree_acl_access(cred_t *cred, const char *sharename, vnode_t *pathvp,
355 		    uint32_t *access)
356 {
357 	int rc;
358 	vfs_t *vfsp;
359 	vnode_t *root = NULL;
360 	vnode_t *sharevp = NULL;
361 	char *sharepath;
362 	struct pathname pnp;
363 	size_t size;
364 
365 	*access = ACE_ALL_PERMS; /* default to full "UNIX" access */
366 
367 	/*
368 	 * Using the vnode of the share path, we then find the root
369 	 * directory of the mounted file system. We will then look to
370 	 * see if there is a .zfs/shares directory and if there is,
371 	 * get the access information from the ACL/ACES values and
372 	 * check against the cred.
373 	 */
374 	vfsp = pathvp->v_vfsp;
375 	if (vfsp != NULL)
376 		rc = VFS_ROOT(vfsp, &root);
377 	else
378 		rc = ENOENT;
379 
380 	if (rc != 0)
381 		return;
382 
383 
384 	/*
385 	 * Find the share object, if there is one. Need to construct
386 	 * the path to the .zfs/shares/<sharename> object and look it
387 	 * up.  root is called held but will be released by
388 	 * lookuppnvp().
389 	 */
390 
391 	size = sizeof (SHARES_DIR) + strlen(sharename) + 1;
392 	sharepath = kmem_alloc(size, KM_SLEEP);
393 	(void) sprintf(sharepath, "%s%s", SHARES_DIR, sharename);
394 
395 	pn_alloc(&pnp);
396 	(void) pn_set(&pnp, sharepath);
397 	rc = lookuppnvp(&pnp, NULL, NO_FOLLOW, NULL,
398 	    &sharevp, rootdir, root, kcred);
399 	pn_free(&pnp);
400 
401 	kmem_free(sharepath, size);
402 
403 	/*
404 	 * Now get the effective access value based on cred and ACL
405 	 * values.
406 	 */
407 
408 	if (rc == 0)
409 		smb_vop_eaccess(sharevp, (int *)access, V_ACE_MASK, NULL, cred);
410 
411 }
412 
413 /*
414  * Connect a share for use with files and directories.
415  */
416 
417 static smb_tree_t *
418 smb_tree_connect_disk(smb_request_t *sr, const char *sharename)
419 {
420 	smb_user_t		*user = sr->uid_user;
421 	smb_node_t		*dir_snode = NULL;
422 	smb_node_t		*snode = NULL;
423 	char			last_component[MAXNAMELEN];
424 	smb_tree_t		*tree;
425 	smb_share_t 		*si;
426 	smb_attr_t		attr;
427 	cred_t			*u_cred;
428 	int			rc;
429 	uint32_t		access = 0; /* read/write is assumed */
430 	uint32_t		hostaccess = ACE_ALL_PERMS;
431 	uint32_t		aclaccess;
432 
433 	ASSERT(user);
434 	u_cred = user->u_cred;
435 	ASSERT(u_cred);
436 
437 	if (user->u_flags & SMB_USER_FLAG_IPC) {
438 		smb_tree_log(sr, sharename, "access denied: IPC only");
439 		smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRSRV, ERRaccess);
440 		return (NULL);
441 	}
442 
443 	si = kmem_zalloc(sizeof (smb_share_t), KM_SLEEP);
444 
445 	if (smb_kshare_getinfo(sr->sr_server->sv_lmshrd, (char *)sharename, si,
446 	    &sr->session->ipaddr) != NERR_Success) {
447 		smb_tree_log(sr, sharename, "share not found");
448 		smbsr_error(sr, 0, ERRSRV, ERRinvnetname);
449 		kmem_free(si, sizeof (smb_share_t));
450 		return (NULL);
451 	}
452 
453 	/*
454 	 * Handle the default administration shares: C$, D$ etc.
455 	 * Only a user with admin rights is allowed to map these
456 	 * shares.
457 	 */
458 	if (si->shr_flags & SMB_SHRF_ADMIN) {
459 		if (!smb_user_is_admin(user)) {
460 			smb_tree_log(sr, sharename, "access denied: not admin");
461 			smbsr_error(sr, NT_STATUS_ACCESS_DENIED,
462 			    ERRSRV, ERRaccess);
463 			kmem_free(si, sizeof (smb_share_t));
464 			return (NULL);
465 		}
466 	}
467 
468 	/*
469 	 * Set up the OptionalSupport for this share.
470 	 */
471 	sr->arg.tcon.optional_support = SMB_SUPPORT_SEARCH_BITS;
472 
473 	switch (si->shr_flags & SMB_SHRF_CSC_MASK) {
474 	case SMB_SHRF_CSC_DISABLED:
475 		sr->arg.tcon.optional_support |= SMB_CSC_CACHE_NONE;
476 		break;
477 	case SMB_SHRF_CSC_AUTO:
478 		sr->arg.tcon.optional_support |= SMB_CSC_CACHE_AUTO_REINT;
479 		break;
480 	case SMB_SHRF_CSC_VDO:
481 		sr->arg.tcon.optional_support |= SMB_CSC_CACHE_VDO;
482 		break;
483 	case SMB_SHRF_CSC_MANUAL:
484 	default:
485 		/*
486 		 * Default to SMB_CSC_CACHE_MANUAL_REINT.
487 		 */
488 		break;
489 	}
490 
491 	access = si->shr_access_value & SMB_SHRF_ACC_ALL;
492 
493 	if (access == SMB_SHRF_ACC_RO) {
494 		hostaccess &= ~ACE_ALL_WRITE_PERMS;
495 	} else if (access == SMB_SHRF_ACC_NONE) {
496 		kmem_free(si, sizeof (smb_share_t));
497 		smb_tree_log(sr, sharename, "access denied: host access");
498 		smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRSRV, ERRaccess);
499 		return (NULL);
500 	}
501 
502 	/*
503 	 * Check that the shared directory exists.
504 	 */
505 	rc = smb_pathname_reduce(sr, u_cred, si->shr_path, 0, 0, &dir_snode,
506 	    last_component);
507 
508 	if (rc == 0) {
509 		rc = smb_fsop_lookup(sr, u_cred, SMB_FOLLOW_LINKS, 0,
510 		    dir_snode, last_component, &snode, &attr, 0, 0);
511 
512 		smb_node_release(dir_snode);
513 	}
514 
515 	if (rc) {
516 		if (snode)
517 			smb_node_release(snode);
518 
519 		smb_tree_log(sr, sharename, "bad path: %s", si->shr_path);
520 		smbsr_error(sr, 0, ERRSRV, ERRinvnetname);
521 		kmem_free(si, sizeof (smb_share_t));
522 		return (NULL);
523 	}
524 
525 	/*
526 	 * Find share level ACL if it exists in the designated
527 	 * location. Needs to be done after finding a valid path but
528 	 * before the tree is allocated.
529 	 */
530 	smb_tree_acl_access(u_cred, sharename, snode->vp, &aclaccess);
531 	/* if an error, then no share file -- default to no ACL */
532 	if (rc == 0) {
533 		/*
534 		 * There need to be some permissions in order to have
535 		 * any access.
536 		 */
537 		if ((aclaccess & ACE_ALL_PERMS) == 0) {
538 			smb_tree_log(sr, sharename, "access denied: share ACL");
539 			smbsr_error(sr, 0, ERRSRV, ERRaccess);
540 			kmem_free(si, sizeof (smb_share_t));
541 			smb_node_release(snode);
542 			return (NULL);
543 		}
544 	}
545 
546 	/*
547 	 * Set tree ACL access to the minimum ACL permissions based on
548 	 * hostaccess (those allowed by host based access) and
549 	 * aclaccess (those from the ACL object for the share). This
550 	 * is done during the alloc.
551 	 */
552 
553 	tree = smb_tree_alloc(user, sharename, si->shr_path, STYPE_DISKTREE,
554 	    snode, hostaccess & aclaccess);
555 
556 	if (tree == NULL)
557 		smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRSRV, ERRaccess);
558 
559 	smb_node_release(snode);
560 	kmem_free(si, sizeof (smb_share_t));
561 	return (tree);
562 }
563 
564 /*
565  * Connect an IPC share for use with named pipes.
566  */
567 static smb_tree_t *
568 smb_tree_connect_ipc(smb_request_t *sr, const char *name)
569 {
570 	smb_user_t *user = sr->uid_user;
571 	smb_tree_t *tree;
572 
573 	ASSERT(user);
574 
575 	if ((user->u_flags & SMB_USER_FLAG_IPC) &&
576 	    sr->sr_cfg->skc_restrict_anon) {
577 		smb_tree_log(sr, name, "access denied: restrict anonymous");
578 		smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRSRV, ERRaccess);
579 		return (NULL);
580 	}
581 
582 	sr->arg.tcon.optional_support = SMB_SUPPORT_SEARCH_BITS;
583 
584 	tree = smb_tree_alloc(user, name, name, STYPE_IPC, NULL, ACE_ALL_PERMS);
585 	if (tree == NULL) {
586 		smb_tree_log(sr, name, "access denied");
587 		smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRSRV, ERRaccess);
588 	}
589 
590 	return (tree);
591 }
592 
593 /*
594  * Allocate a tree.
595  */
596 static smb_tree_t *
597 smb_tree_alloc(
598     smb_user_t		*user,
599     const char		*sharename,
600     const char		*resource,
601     int32_t		stype,
602     smb_node_t		*snode,
603     uint32_t access)
604 {
605 	smb_tree_t	*tree;
606 	uint16_t	tid;
607 
608 	if (smb_idpool_alloc(&user->u_tid_pool, &tid))
609 		return (NULL);
610 
611 	tree = kmem_cache_alloc(user->u_server->si_cache_tree, KM_SLEEP);
612 	bzero(tree, sizeof (smb_tree_t));
613 
614 	if (STYPE_ISDSK(stype)) {
615 		if (smb_tree_getattr(snode, tree) != 0) {
616 			smb_idpool_free(&user->u_tid_pool, tid);
617 			kmem_cache_free(user->u_server->si_cache_tree, tree);
618 			return (NULL);
619 		}
620 	}
621 
622 	if (smb_idpool_constructor(&tree->t_fid_pool)) {
623 		smb_idpool_free(&user->u_tid_pool, tid);
624 		kmem_cache_free(user->u_server->si_cache_tree, tree);
625 		return (NULL);
626 	}
627 
628 	if (smb_idpool_constructor(&tree->t_odid_pool)) {
629 		smb_idpool_destructor(&tree->t_fid_pool);
630 		smb_idpool_free(&user->u_tid_pool, tid);
631 		kmem_cache_free(user->u_server->si_cache_tree, tree);
632 		return (NULL);
633 	}
634 
635 	smb_llist_constructor(&tree->t_ofile_list, sizeof (smb_ofile_t),
636 	    offsetof(smb_ofile_t, f_lnd));
637 
638 	smb_llist_constructor(&tree->t_odir_list, sizeof (smb_odir_t),
639 	    offsetof(smb_odir_t, d_lnd));
640 
641 	(void) strlcpy(tree->t_sharename, sharename,
642 	    sizeof (tree->t_sharename));
643 	(void) strlcpy(tree->t_resource, resource, sizeof (tree->t_resource));
644 
645 	mutex_init(&tree->t_mutex, NULL, MUTEX_DEFAULT, NULL);
646 
647 	tree->t_user = user;
648 	tree->t_session = user->u_session;
649 	tree->t_server = user->u_server;
650 	tree->t_refcnt = 1;
651 	tree->t_tid = tid;
652 	tree->t_res_type = stype;
653 	tree->t_state = SMB_TREE_STATE_CONNECTED;
654 	tree->t_magic = SMB_TREE_MAGIC;
655 	tree->t_access = access;
656 
657 	/* if FS is readonly, enforce that here */
658 	if (tree->t_flags & SMB_TREE_READONLY)
659 		tree->t_access &= ~ACE_ALL_WRITE_PERMS;
660 
661 	if (STYPE_ISDSK(stype)) {
662 		smb_node_ref(snode);
663 		tree->t_snode = snode;
664 		tree->t_acltype = smb_fsop_acltype(snode);
665 	}
666 
667 	smb_llist_enter(&user->u_tree_list, RW_WRITER);
668 	smb_llist_insert_head(&user->u_tree_list, tree);
669 	smb_llist_exit(&user->u_tree_list);
670 	atomic_inc_32(&user->u_session->s_tree_cnt);
671 	atomic_inc_32(&user->u_server->sv_open_trees);
672 
673 	return (tree);
674 }
675 
676 /*
677  * Deallocate a tree: release all resources associated with a tree and
678  * remove the tree from the user's tree list.
679  *
680  * The tree being destroyed must be in the "destroying" state and the
681  * reference count must be zero. This function assumes it's single threaded
682  * i.e. only one thread will attempt to destroy a specific tree, which
683  * should be the case if the tree is in disconnected and has a reference
684  * count of zero.
685  */
686 static void
687 smb_tree_dealloc(smb_tree_t *tree)
688 {
689 	ASSERT(tree);
690 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
691 	ASSERT(tree->t_state == SMB_TREE_STATE_DISCONNECTED);
692 	ASSERT(tree->t_refcnt == 0);
693 
694 	/*
695 	 * Remove the tree from the user's tree list.  This must be done
696 	 * before any resources associated with the tree are released.
697 	 */
698 	smb_llist_enter(&tree->t_user->u_tree_list, RW_WRITER);
699 	smb_llist_remove(&tree->t_user->u_tree_list, tree);
700 	smb_llist_exit(&tree->t_user->u_tree_list);
701 
702 	tree->t_magic = (uint32_t)~SMB_TREE_MAGIC;
703 	smb_idpool_free(&tree->t_user->u_tid_pool, tree->t_tid);
704 	atomic_dec_32(&tree->t_session->s_tree_cnt);
705 
706 	if (tree->t_snode)
707 		smb_node_release(tree->t_snode);
708 
709 	mutex_destroy(&tree->t_mutex);
710 
711 	/*
712 	 * The list of open files and open directories should be empty.
713 	 */
714 	smb_llist_destructor(&tree->t_ofile_list);
715 	smb_llist_destructor(&tree->t_odir_list);
716 	smb_idpool_destructor(&tree->t_fid_pool);
717 	smb_idpool_destructor(&tree->t_odid_pool);
718 	kmem_cache_free(tree->t_server->si_cache_tree, tree);
719 }
720 
721 /*
722  * Determine whether or not a tree is connected.
723  * This function must be called with the tree mutex held.
724  */
725 static boolean_t
726 smb_tree_is_connected(smb_tree_t *tree)
727 {
728 	switch (tree->t_state) {
729 	case SMB_TREE_STATE_CONNECTED:
730 		return (B_TRUE);
731 
732 	case SMB_TREE_STATE_DISCONNECTING:
733 	case SMB_TREE_STATE_DISCONNECTED:
734 		/*
735 		 * The tree exists but being diconnected or destroyed.
736 		 */
737 		return (B_FALSE);
738 
739 	default:
740 		ASSERT(0);
741 		return (B_FALSE);
742 	}
743 }
744 
745 /*
746  * Determine whether or not a tree is disconnected.
747  * This function must be called with the tree mutex held.
748  */
749 static boolean_t
750 smb_tree_is_disconnected(smb_tree_t *tree)
751 {
752 	switch (tree->t_state) {
753 	case SMB_TREE_STATE_DISCONNECTED:
754 		return (B_TRUE);
755 
756 	case SMB_TREE_STATE_CONNECTED:
757 	case SMB_TREE_STATE_DISCONNECTING:
758 		return (B_FALSE);
759 
760 	default:
761 		ASSERT(0);
762 		return (B_FALSE);
763 	}
764 }
765 
766 /*
767  * Return a pointer to the share name within a share resource path.
768  *
769  * The share path may be a Uniform Naming Convention (UNC) string
770  * (\\server\share) or simply the share name.  We validate the UNC
771  * format but we don't look at the server name.
772  */
773 static const char *
774 smb_tree_get_sharename(const char *unc_path)
775 {
776 	const char *sharename = unc_path;
777 
778 	if (sharename[0] == '\\') {
779 		/*
780 		 * Looks like a UNC path, validate the format.
781 		 */
782 		if (sharename[1] != '\\')
783 			return (NULL);
784 
785 		if ((sharename = strchr(sharename+2, '\\')) == NULL)
786 			return (NULL);
787 
788 		++sharename;
789 	} else if (strchr(sharename, '\\') != NULL) {
790 		/*
791 		 * This should be a share name (no embedded \'s).
792 		 */
793 		return (NULL);
794 	}
795 
796 	return (sharename);
797 }
798 
799 /*
800  * Map the service to a resource type.  Valid values for service are:
801  *
802  *	A:      Disk share
803  *	LPT1:   Printer
804  *	IPC     Named pipe
805  *	COMM    Communications device
806  *	?????   Any type of device (wildcard)
807  *
808  * We support IPC and disk shares; anything else is currently treated
809  * as an error.  IPC$ is reserved as the named pipe share.
810  */
811 static int
812 smb_tree_get_stype(const char *sharename, const char *service,
813     int32_t *stype_ret)
814 {
815 	const char *any = "?????";
816 
817 	if ((strcmp(service, any) == 0) || (strcasecmp(service, "IPC") == 0)) {
818 		if (strcasecmp(sharename, "IPC$") == 0) {
819 			*stype_ret = STYPE_IPC;
820 			return (0);
821 		}
822 	}
823 
824 	if ((strcmp(service, any) == 0) || (strcasecmp(service, "A:") == 0)) {
825 		if (strcasecmp(sharename, "IPC$") == 0)
826 			return (-1);
827 
828 		*stype_ret = STYPE_DISKTREE;
829 		return (0);
830 	}
831 
832 	return (-1);
833 }
834 
835 /*
836  * Obtain the tree attributes: volume name, typename and flags.
837  */
838 static int
839 smb_tree_getattr(smb_node_t *node, smb_tree_t *tree)
840 {
841 	vfs_t *vfsp = SMB_NODE_VFS(node);
842 
843 	ASSERT(vfsp);
844 
845 	if (getvfs(&vfsp->vfs_fsid) != vfsp)
846 		return (ESTALE);
847 
848 	smb_tree_get_volname(vfsp, tree);
849 	smb_tree_get_flags(vfsp, tree);
850 
851 	VFS_RELE(vfsp);
852 	return (0);
853 }
854 
855 /*
856  * Extract the volume name.
857  */
858 static void
859 smb_tree_get_volname(vfs_t *vfsp, smb_tree_t *tree)
860 {
861 	refstr_t *vfs_mntpoint;
862 	const char *s;
863 	char *name;
864 
865 	vfs_mntpoint = vfs_getmntpoint(vfsp);
866 
867 	s = vfs_mntpoint->rs_string;
868 	s += strspn(s, "/");
869 	(void) strlcpy(tree->t_volume, s, SMB_VOLNAMELEN);
870 
871 	refstr_rele(vfs_mntpoint);
872 
873 	name = tree->t_volume;
874 	(void) strsep((char **)&name, "/");
875 }
876 
877 /*
878  * Always set ACL support because the VFS will fake ACLs for file systems
879  * that don't support them.
880  *
881  * Some flags are dependent on the typename, which is also set up here.
882  * File system types are hardcoded in uts/common/os/vfs_conf.c.
883  */
884 static void
885 smb_tree_get_flags(vfs_t *vfsp, smb_tree_t *tree)
886 {
887 	typedef struct smb_mtype {
888 		char		*mt_name;
889 		size_t		mt_namelen;
890 		uint32_t	mt_flags;
891 	} smb_mtype_t;
892 
893 	static smb_mtype_t smb_mtype[] = {
894 		{ "zfs",	3,	SMB_TREE_UNICODE_ON_DISK },
895 		{ "ufs",	3,	SMB_TREE_UNICODE_ON_DISK },
896 		{ "nfs",	3,	SMB_TREE_NFS_MOUNTED },
897 		{ "tmpfs",	5,	SMB_TREE_NO_EXPORT }
898 	};
899 	smb_mtype_t	*mtype;
900 	char		*name;
901 	uint32_t	flags = SMB_TREE_SUPPORTS_ACLS;
902 	int		i;
903 
904 	if (vfsp->vfs_flag & VFS_RDONLY)
905 		flags |= SMB_TREE_READONLY;
906 
907 	if (vfsp->vfs_flag & VFS_XATTR)
908 		flags |= SMB_TREE_STREAMS;
909 
910 	if (vfs_optionisset(vfsp, MNTOPT_NOATIME, NULL))
911 		flags |= SMB_TREE_NO_ATIME;
912 
913 	name = vfssw[vfsp->vfs_fstype].vsw_name;
914 
915 	for (i = 0; i < sizeof (smb_mtype) / sizeof (smb_mtype[0]); ++i) {
916 		mtype = &smb_mtype[i];
917 		if (strncasecmp(name, mtype->mt_name, mtype->mt_namelen) == 0)
918 			flags |= mtype->mt_flags;
919 	}
920 
921 	(void) strlcpy(tree->t_typename, name, SMB_TYPENAMELEN);
922 	(void) utf8_strupr((char *)tree->t_typename);
923 
924 	if (vfs_has_feature(vfsp, VFSFT_XVATTR))
925 		flags |= SMB_TREE_XVATTR;
926 
927 	if (vfs_has_feature(vfsp, VFSFT_CASEINSENSITIVE))
928 		flags |= SMB_TREE_CASEINSENSITIVE;
929 
930 	if (vfs_has_feature(vfsp, VFSFT_NOCASESENSITIVE))
931 		flags |= SMB_TREE_NO_CASESENSITIVE;
932 
933 	if (vfs_has_feature(vfsp, VFSFT_DIRENTFLAGS))
934 		flags |= SMB_TREE_DIRENTFLAGS;
935 
936 	if (vfs_has_feature(vfsp, VFSFT_ACLONCREATE))
937 		flags |= SMB_TREE_ACLONCREATE;
938 
939 	if (vfs_has_feature(vfsp, VFSFT_ACEMASKONACCESS))
940 		flags |= SMB_TREE_ACEMASKONACCESS;
941 
942 	DTRACE_PROBE2(smb__tree__flags, uint32_t, flags, char *, name);
943 
944 
945 	tree->t_flags = flags;
946 }
947 
948 /*
949  * Report share access result to syslog.
950  */
951 static void
952 smb_tree_log(smb_request_t *sr, const char *sharename, const char *fmt, ...)
953 {
954 	va_list ap;
955 	char buf[128];
956 	smb_user_t *user = sr->uid_user;
957 
958 	ASSERT(user);
959 
960 	if (smb_tcon_mute)
961 		return;
962 
963 	if ((user->u_name) && (strcasecmp(sharename, "IPC$") == 0)) {
964 		/*
965 		 * Only report normal users, i.e. ignore W2K misuse
966 		 * of the IPC connection by filtering out internal
967 		 * names such as nobody and root.
968 		 */
969 		if ((strcmp(user->u_name, "root") == 0) ||
970 		    (strcmp(user->u_name, "nobody") == 0)) {
971 			return;
972 		}
973 	}
974 
975 	va_start(ap, fmt);
976 	(void) vsnprintf(buf, 128, fmt, ap);
977 	va_end(ap);
978 
979 	cmn_err(CE_NOTE, "smbd[%s\\%s]: %s %s",
980 	    user->u_domain, user->u_name, sharename, buf);
981 }
982 
983 /*
984  * smb_tree_lookup_odir
985  *
986  * Find the specified odir in the tree's list of odirs, and
987  * attempt to obtain a hold on the odir.
988  *
989  * Returns NULL if odir not found or a hold cannot be obtained.
990  */
991 smb_odir_t *
992 smb_tree_lookup_odir(smb_tree_t *tree, uint16_t odid)
993 {
994 	smb_odir_t	*od;
995 	smb_llist_t	*od_list;
996 
997 	ASSERT(tree);
998 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
999 
1000 	od_list = &tree->t_odir_list;
1001 	smb_llist_enter(od_list, RW_READER);
1002 
1003 	od = smb_llist_head(od_list);
1004 	while (od) {
1005 		if (od->d_odid == odid) {
1006 			if (!smb_odir_hold(od))
1007 				od = NULL;
1008 			break;
1009 		}
1010 		od = smb_llist_next(od_list, od);
1011 	}
1012 
1013 	smb_llist_exit(od_list);
1014 	return (od);
1015 }
1016 
1017 /*
1018  * smb_tree_get_odir
1019  *
1020  * Find the next open odir in the tree's list of odirs, and obtain
1021  * a hold on it. (A hold can only be obtained on an open odir.)
1022  * If the specified odir is NULL the search starts at the beginning
1023  * of the tree's odir list, otherwise the search starts after the
1024  * specified odir.
1025  */
1026 static smb_odir_t *
1027 smb_tree_get_odir(smb_tree_t *tree, smb_odir_t *od)
1028 {
1029 	smb_llist_t *od_list;
1030 
1031 	ASSERT(tree);
1032 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
1033 
1034 	od_list = &tree->t_odir_list;
1035 	smb_llist_enter(od_list, RW_READER);
1036 
1037 	if (od) {
1038 		ASSERT(od->d_magic == SMB_ODIR_MAGIC);
1039 		od = smb_llist_next(od_list, od);
1040 	} else {
1041 		od = smb_llist_head(od_list);
1042 	}
1043 
1044 	while (od) {
1045 		ASSERT(od->d_magic == SMB_ODIR_MAGIC);
1046 
1047 		if (smb_odir_hold(od))
1048 			break;
1049 		od = smb_llist_next(od_list, od);
1050 	}
1051 
1052 	smb_llist_exit(od_list);
1053 	return (od);
1054 }
1055 
1056 /*
1057  * smb_tree_close_odirs
1058  *
1059  * Close all open odirs in the tree's list which were opened by
1060  * the process identified by pid.
1061  * If pid is zero, close all open odirs in the tree's list.
1062  */
1063 static void
1064 smb_tree_close_odirs(smb_tree_t *tree, uint16_t pid)
1065 {
1066 	smb_odir_t *od, *next_od;
1067 
1068 	ASSERT(tree);
1069 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
1070 
1071 	od = smb_tree_get_odir(tree, NULL);
1072 	while (od) {
1073 		ASSERT(od->d_magic == SMB_ODIR_MAGIC);
1074 		ASSERT(od->d_tree == tree);
1075 
1076 		next_od = smb_tree_get_odir(tree, od);
1077 		if ((pid == 0) || (od->d_opened_by_pid == pid))
1078 				smb_odir_close(od);
1079 		smb_odir_release(od);
1080 
1081 		od = next_od;
1082 	}
1083 }
1084