xref: /titanic_52/usr/src/uts/common/fs/smbsrv/smb_fsops.c (revision e61a481d2b9ca0c0f387e11b15dcabfc982bb464)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"@(#)smb_fsops.c	1.16	08/08/07 SMI"
27 
28 #include <sys/sid.h>
29 #include <sys/nbmlock.h>
30 #include <smbsrv/smb_fsops.h>
31 #include <smbsrv/smb_kproto.h>
32 #include <smbsrv/ntstatus.h>
33 #include <smbsrv/ntaccess.h>
34 #include <smbsrv/smb_incl.h>
35 #include <acl/acl_common.h>
36 #include <sys/fcntl.h>
37 #include <sys/flock.h>
38 #include <fs/fs_subr.h>
39 
40 extern caller_context_t smb_ct;
41 
42 extern int smb_fem_oplock_install(smb_node_t *);
43 extern void smb_fem_oplock_uninstall(smb_node_t *);
44 
45 extern int smb_vop_other_opens(vnode_t *, int);
46 
47 static int smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode,
48     smb_fssd_t *fs_sd);
49 
50 /*
51  * The smb_fsop_* functions have knowledge of CIFS semantics.
52  *
53  * The smb_vop_* functions have minimal knowledge of CIFS semantics and
54  * serve as an interface to the VFS layer.
55  *
56  * Hence, smb_request_t and smb_node_t structures should not be passed
57  * from the smb_fsop_* layer to the smb_vop_* layer.
58  *
59  * In general, CIFS service code should only ever call smb_fsop_*
60  * functions directly, and never smb_vop_* functions directly.
61  *
62  * smb_fsop_* functions should call smb_vop_* functions where possible, instead
63  * of their smb_fsop_* counterparts.  However, there are times when
64  * this cannot be avoided.
65  */
66 
67 /*
68  * Note: Stream names cannot be mangled.
69  */
70 
71 /*
72  * smb_fsop_amask_to_omode
73  *
74  * Convert the access mask to the open mode (for use
75  * with the VOP_OPEN call).
76  *
77  * Note that opening a file for attribute only access
78  * will also translate into an FREAD or FWRITE open mode
79  * (i.e., it's not just for data).
80  *
81  * This is needed so that opens are tracked appropriately
82  * for oplock processing.
83  */
84 
85 int
86 smb_fsop_amask_to_omode(uint32_t access)
87 {
88 	int mode = 0;
89 
90 	if (access & (FILE_READ_DATA | FILE_EXECUTE |
91 	    FILE_READ_ATTRIBUTES | FILE_READ_EA))
92 		mode |= FREAD;
93 
94 	if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA |
95 	    FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA))
96 		mode |= FWRITE;
97 
98 	if (access & FILE_APPEND_DATA)
99 		mode |= FAPPEND;
100 
101 	return (mode);
102 }
103 
104 int
105 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred)
106 {
107 	/*
108 	 * Assuming that the same vnode is returned as we had before.
109 	 * (I.e., with certain types of files or file systems, a
110 	 * different vnode might be returned by VOP_OPEN)
111 	 */
112 	return (smb_vop_open(&node->vp, mode, cred));
113 }
114 
115 void
116 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred)
117 {
118 	smb_vop_close(node->vp, mode, cred);
119 }
120 
121 int
122 smb_fsop_oplock_install(smb_node_t *node, int mode)
123 {
124 	int rc;
125 
126 	if (smb_vop_other_opens(node->vp, mode))
127 		return (EMFILE);
128 
129 	if ((rc = smb_fem_oplock_install(node)))
130 		return (rc);
131 
132 	if (smb_vop_other_opens(node->vp, mode)) {
133 		(void) smb_fem_oplock_uninstall(node);
134 		return (EMFILE);
135 	}
136 
137 	return (0);
138 }
139 
140 void
141 smb_fsop_oplock_uninstall(smb_node_t *node)
142 {
143 	smb_fem_oplock_uninstall(node);
144 }
145 
146 static int
147 smb_fsop_create_with_sd(
148 	smb_request_t *sr,
149 	cred_t *cr,
150 	smb_node_t *snode,
151 	char *name,
152 	smb_attr_t *attr,
153 	smb_node_t **ret_snode,
154 	smb_attr_t *ret_attr,
155 	smb_fssd_t *fs_sd)
156 {
157 	vsecattr_t *vsap;
158 	vsecattr_t vsecattr;
159 	acl_t *acl, *dacl, *sacl;
160 	smb_attr_t set_attr;
161 	vnode_t *vp;
162 	int aclbsize = 0;	/* size of acl list in bytes */
163 	int flags = 0;
164 	int is_dir;
165 	int rc;
166 	boolean_t no_xvattr = B_FALSE;
167 
168 	ASSERT(fs_sd);
169 
170 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
171 		flags = SMB_IGNORE_CASE;
172 
173 	ASSERT(cr);
174 
175 	is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0);
176 
177 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) {
178 		if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
179 			dacl = fs_sd->sd_zdacl;
180 			sacl = fs_sd->sd_zsacl;
181 			ASSERT(dacl || sacl);
182 			if (dacl && sacl) {
183 				acl = smb_fsacl_merge(dacl, sacl);
184 			} else if (dacl) {
185 				acl = dacl;
186 			} else {
187 				acl = sacl;
188 			}
189 
190 			rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize);
191 
192 			if (dacl && sacl)
193 				acl_free(acl);
194 
195 			if (rc)
196 				return (rc);
197 
198 			vsap = &vsecattr;
199 		}
200 		else
201 			vsap = NULL;
202 
203 		if (is_dir) {
204 			rc = smb_vop_mkdir(snode->vp, name, attr, &vp, flags,
205 			    cr, vsap);
206 		} else {
207 			rc = smb_vop_create(snode->vp, name, attr, &vp, flags,
208 			    cr, vsap);
209 		}
210 
211 		if (vsap != NULL)
212 			kmem_free(vsap->vsa_aclentp, aclbsize);
213 
214 		if (rc != 0)
215 			return (rc);
216 
217 		set_attr.sa_mask = 0;
218 
219 		/*
220 		 * Ideally we should be able to specify the owner and owning
221 		 * group at create time along with the ACL. Since we cannot
222 		 * do that right now, kcred is passed to smb_vop_setattr so it
223 		 * doesn't fail due to lack of permission.
224 		 */
225 		if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
226 			set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
227 			set_attr.sa_mask |= SMB_AT_UID;
228 		}
229 
230 		if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
231 			set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
232 			set_attr.sa_mask |= SMB_AT_GID;
233 		}
234 
235 		if (set_attr.sa_mask) {
236 			if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_UFS))
237 				no_xvattr = B_TRUE;
238 			rc = smb_vop_setattr(snode->vp, NULL, &set_attr,
239 			    0, kcred, no_xvattr);
240 		}
241 
242 	} else {
243 		/*
244 		 * For filesystems that don't support ACL-on-create, try
245 		 * to set the specified SD after create, which could actually
246 		 * fail because of conflicts between inherited security
247 		 * attributes upon creation and the specified SD.
248 		 *
249 		 * Passing kcred to smb_fsop_sdwrite() to overcome this issue.
250 		 */
251 
252 		if (is_dir) {
253 			rc = smb_vop_mkdir(snode->vp, name, attr, &vp, flags,
254 			    cr, NULL);
255 		} else {
256 			rc = smb_vop_create(snode->vp, name, attr, &vp, flags,
257 			    cr, NULL);
258 		}
259 
260 		if (rc != 0)
261 			return (rc);
262 
263 		if (!smb_tree_has_feature(sr->tid_tree, SMB_TREE_NFS_MOUNTED))
264 			rc = smb_fsop_sdwrite(sr, kcred, snode, fs_sd, 1);
265 	}
266 
267 	if (rc == 0) {
268 		*ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, name,
269 		    snode, NULL, ret_attr);
270 
271 		if (*ret_snode == NULL) {
272 			VN_RELE(vp);
273 			rc = ENOMEM;
274 		}
275 	}
276 
277 	if (rc != 0) {
278 		if (is_dir) {
279 			(void) smb_vop_rmdir(snode->vp, name, flags, cr);
280 		} else {
281 			(void) smb_vop_remove(snode->vp, name, flags, cr);
282 		}
283 	}
284 
285 	return (rc);
286 }
287 
288 /*
289  * smb_fsop_create
290  *
291  * All SMB functions should use this wrapper to ensure that
292  * all the smb_vop_creates are performed with the appropriate credentials.
293  * Please document any direct calls to explain the reason
294  * for avoiding this wrapper.
295  *
296  * It is assumed that a reference exists on snode coming into this routine.
297  *
298  * *ret_snode is returned with a reference upon success.  No reference is
299  * taken if an error is returned.
300  */
301 
302 int
303 smb_fsop_create(
304     smb_request_t	*sr,
305     cred_t		*cr,
306     smb_node_t		*dir_snode,
307     char		*name,
308     smb_attr_t		*attr,
309     smb_node_t		**ret_snode,
310     smb_attr_t		*ret_attr)
311 {
312 	struct open_param *op = &sr->arg.open;
313 	boolean_t	no_xvattr = B_FALSE;
314 	smb_node_t	*fnode;
315 	smb_attr_t	file_attr;
316 	vnode_t		*xattrdirvp;
317 	vnode_t		*vp;
318 	char		*longname = NULL;
319 	char		*namep;
320 	char		*fname;
321 	char		*sname;
322 	int		is_stream;
323 	int		flags = 0;
324 	int		rc = 0;
325 	smb_fssd_t	fs_sd;
326 	uint32_t	secinfo;
327 	uint32_t	status;
328 
329 	ASSERT(cr);
330 	ASSERT(dir_snode);
331 	ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC);
332 	ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING);
333 
334 	ASSERT(ret_snode);
335 	*ret_snode = 0;
336 
337 	ASSERT(name);
338 	if (*name == 0)
339 		return (EINVAL);
340 
341 	ASSERT(sr);
342 	ASSERT(sr->tid_tree);
343 
344 	if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0)
345 		return (EACCES);
346 
347 	if (SMB_TREE_IS_READONLY(sr))
348 		return (EROFS);
349 
350 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
351 		flags = SMB_IGNORE_CASE;
352 
353 	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
354 	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
355 
356 	is_stream = smb_stream_parse_name(name, fname, sname);
357 
358 	if (is_stream)
359 		namep = fname;
360 	else
361 		namep = name;
362 
363 	if (smb_maybe_mangled_name(namep)) {
364 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
365 
366 		rc = smb_unmangle_name(sr, cr, dir_snode, namep, longname,
367 		    MAXNAMELEN, NULL, NULL, 1);
368 
369 		if ((is_stream == 0) && (rc == 0))
370 			rc = EEXIST;
371 
372 		if ((is_stream && rc) ||
373 		    ((is_stream == 0) && (rc != ENOENT))) {
374 			kmem_free(longname, MAXNAMELEN);
375 			kmem_free(fname, MAXNAMELEN);
376 			kmem_free(sname, MAXNAMELEN);
377 			return (rc);
378 		}
379 
380 		if (is_stream)
381 			namep = longname;
382 		else
383 			kmem_free(longname, MAXNAMELEN);
384 	}
385 
386 	if (is_stream) {
387 		/*
388 		 * Look up the unnamed stream.
389 		 *
390 		 * Mangle processing in smb_fsop_lookup() for the unnamed
391 		 * stream won't be needed (as it was done above), but
392 		 * it may be needed on any link target (which
393 		 * smb_fsop_lookup() will provide).
394 		 */
395 		rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
396 		    sr->tid_tree->t_snode, dir_snode, namep, &fnode, &file_attr,
397 		    0, 0);
398 
399 		if (longname) {
400 			kmem_free(longname, MAXNAMELEN);
401 			namep = NULL;
402 		}
403 
404 		if (rc != 0) {
405 			kmem_free(fname, MAXNAMELEN);
406 			kmem_free(sname, MAXNAMELEN);
407 			return (rc);
408 		}
409 
410 		rc = smb_vop_stream_create(fnode->vp, sname, attr, &vp,
411 		    &xattrdirvp, flags, cr);
412 
413 		if (rc != 0) {
414 			smb_node_release(fnode);
415 			kmem_free(fname, MAXNAMELEN);
416 			kmem_free(sname, MAXNAMELEN);
417 			return (rc);
418 		}
419 
420 		if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_UFS))
421 			no_xvattr = B_TRUE;
422 
423 		attr->sa_vattr.va_uid = file_attr.sa_vattr.va_uid;
424 		attr->sa_vattr.va_gid = file_attr.sa_vattr.va_gid;
425 		attr->sa_mask = SMB_AT_UID | SMB_AT_GID;
426 
427 		/*
428 		 * The second parameter of smb_vop_setattr() is set to
429 		 * NULL, even though an unnamed stream exists.  This is
430 		 * because we want to set the UID and GID on the named
431 		 * stream in this case for consistency with the (unnamed
432 		 * stream) file (see comments for smb_vop_setattr()).
433 		 */
434 
435 		rc = smb_vop_setattr(vp, NULL, attr, 0, kcred, no_xvattr);
436 
437 		if (rc != 0) {
438 			smb_node_release(fnode);
439 			kmem_free(fname, MAXNAMELEN);
440 			kmem_free(sname, MAXNAMELEN);
441 			return (rc);
442 		}
443 
444 		*ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp,
445 		    vp, sname, ret_attr);
446 
447 		smb_node_release(fnode);
448 
449 		if (*ret_snode == NULL) {
450 			VN_RELE(xattrdirvp);
451 			VN_RELE(vp);
452 			kmem_free(fname, MAXNAMELEN);
453 			kmem_free(sname, MAXNAMELEN);
454 			return (ENOMEM);
455 		}
456 	} else {
457 		if (op->sd) {
458 			/*
459 			 * SD sent by client in Windows format. Needs to be
460 			 * converted to FS format. No inheritance.
461 			 */
462 			secinfo = smb_sd_get_secinfo(op->sd);
463 			smb_fssd_init(&fs_sd, secinfo, 0);
464 
465 			status = smb_sd_tofs(op->sd, &fs_sd);
466 			if (status == NT_STATUS_SUCCESS) {
467 				rc = smb_fsop_create_with_sd(sr, cr, dir_snode,
468 				    name, attr, ret_snode, ret_attr, &fs_sd);
469 			}
470 			else
471 				rc = EINVAL;
472 			smb_fssd_term(&fs_sd);
473 		} else if (sr->tid_tree->t_acltype == ACE_T) {
474 			/*
475 			 * No incoming SD and filesystem is ZFS
476 			 * Server applies Windows inheritance rules,
477 			 * see smb_fsop_sdinherit() comments as to why.
478 			 */
479 			smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0);
480 			rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd);
481 			if (rc == 0) {
482 				rc = smb_fsop_create_with_sd(sr, cr, dir_snode,
483 				    name, attr, ret_snode, ret_attr, &fs_sd);
484 			}
485 
486 			smb_fssd_term(&fs_sd);
487 		} else {
488 			/*
489 			 * No incoming SD and filesystem is not ZFS
490 			 * let the filesystem handles the inheritance.
491 			 */
492 			rc = smb_vop_create(dir_snode->vp, name, attr, &vp,
493 			    flags, cr, NULL);
494 
495 			if (rc == 0) {
496 				*ret_snode = smb_node_lookup(sr, op, cr, vp,
497 				    name, dir_snode, NULL, ret_attr);
498 
499 				if (*ret_snode == NULL) {
500 					VN_RELE(vp);
501 					rc = ENOMEM;
502 				}
503 			}
504 
505 		}
506 	}
507 
508 	kmem_free(fname, MAXNAMELEN);
509 	kmem_free(sname, MAXNAMELEN);
510 	return (rc);
511 }
512 
513 /*
514  * smb_fsop_mkdir
515  *
516  * All SMB functions should use this wrapper to ensure that
517  * the the calls are performed with the appropriate credentials.
518  * Please document any direct call to explain the reason
519  * for avoiding this wrapper.
520  *
521  * It is assumed that a reference exists on snode coming into this routine.
522  *
523  * *ret_snode is returned with a reference upon success.  No reference is
524  * taken if an error is returned.
525  */
526 int
527 smb_fsop_mkdir(
528     smb_request_t *sr,
529     cred_t *cr,
530     smb_node_t *dir_snode,
531     char *name,
532     smb_attr_t *attr,
533     smb_node_t **ret_snode,
534     smb_attr_t *ret_attr)
535 {
536 	struct open_param *op = &sr->arg.open;
537 	char *longname;
538 	vnode_t *vp;
539 	int flags = 0;
540 	smb_fssd_t fs_sd;
541 	uint32_t secinfo;
542 	uint32_t status;
543 	int rc;
544 	ASSERT(cr);
545 	ASSERT(dir_snode);
546 	ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC);
547 	ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING);
548 
549 	ASSERT(ret_snode);
550 	*ret_snode = 0;
551 
552 	ASSERT(name);
553 	if (*name == 0)
554 		return (EINVAL);
555 
556 	ASSERT(sr);
557 	ASSERT(sr->tid_tree);
558 
559 	if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0)
560 		return (EACCES);
561 
562 	if (SMB_TREE_IS_READONLY(sr))
563 		return (EROFS);
564 
565 	if (smb_maybe_mangled_name(name)) {
566 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
567 		rc = smb_unmangle_name(sr, cr, dir_snode, name, longname,
568 		    MAXNAMELEN, NULL, NULL, 1);
569 
570 		kmem_free(longname, MAXNAMELEN);
571 
572 		/*
573 		 * If the name passed in by the client has an unmangled
574 		 * equivalent that is found in the specified directory,
575 		 * then the mkdir cannot succeed.  Return EEXIST.
576 		 *
577 		 * Only if ENOENT is returned will a mkdir be attempted.
578 		 */
579 
580 		if (rc == 0)
581 			rc = EEXIST;
582 
583 		if (rc != ENOENT)
584 			return (rc);
585 	}
586 
587 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
588 		flags = SMB_IGNORE_CASE;
589 
590 	if (op->sd) {
591 		/*
592 		 * SD sent by client in Windows format. Needs to be
593 		 * converted to FS format. No inheritance.
594 		 */
595 		secinfo = smb_sd_get_secinfo(op->sd);
596 		smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR);
597 
598 		status = smb_sd_tofs(op->sd, &fs_sd);
599 		if (status == NT_STATUS_SUCCESS) {
600 			rc = smb_fsop_create_with_sd(sr, cr, dir_snode,
601 			    name, attr, ret_snode, ret_attr, &fs_sd);
602 		}
603 		else
604 			rc = EINVAL;
605 		smb_fssd_term(&fs_sd);
606 	} else if (sr->tid_tree->t_acltype == ACE_T) {
607 		/*
608 		 * No incoming SD and filesystem is ZFS
609 		 * Server applies Windows inheritance rules,
610 		 * see smb_fsop_sdinherit() comments as to why.
611 		 */
612 		smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR);
613 		rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd);
614 		if (rc == 0) {
615 			rc = smb_fsop_create_with_sd(sr, cr, dir_snode,
616 			    name, attr, ret_snode, ret_attr, &fs_sd);
617 		}
618 
619 		smb_fssd_term(&fs_sd);
620 
621 	} else {
622 		rc = smb_vop_mkdir(dir_snode->vp, name, attr, &vp, flags, cr,
623 		    NULL);
624 
625 		if (rc == 0) {
626 			*ret_snode = smb_node_lookup(sr, op, cr, vp, name,
627 			    dir_snode, NULL, ret_attr);
628 
629 			if (*ret_snode == NULL) {
630 				VN_RELE(vp);
631 				rc = ENOMEM;
632 			}
633 		}
634 	}
635 
636 	return (rc);
637 }
638 
639 /*
640  * smb_fsop_remove
641  *
642  * All SMB functions should use this wrapper to ensure that
643  * the the calls are performed with the appropriate credentials.
644  * Please document any direct call to explain the reason
645  * for avoiding this wrapper.
646  *
647  * It is assumed that a reference exists on snode coming into this routine.
648  *
649  * od: This means that the name passed in is an on-disk name.
650  * A null smb_request might be passed to this function.
651  */
652 
653 int
654 smb_fsop_remove(
655     smb_request_t	*sr,
656     cred_t		*cr,
657     smb_node_t		*dir_snode,
658     char		*name,
659     int			od)
660 {
661 	smb_node_t	*fnode;
662 	smb_attr_t	file_attr;
663 	char		*longname;
664 	char		*fname;
665 	char		*sname;
666 	int		flags = 0;
667 	int		rc;
668 
669 	ASSERT(cr);
670 	/*
671 	 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
672 	 * function is called during the deletion of the node (because of
673 	 * DELETE_ON_CLOSE).
674 	 */
675 	ASSERT(dir_snode);
676 	ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC);
677 
678 	if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0)
679 		return (EACCES);
680 
681 	if (SMB_TREE_IS_READONLY(sr))
682 		return (EROFS);
683 
684 	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
685 	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
686 
687 	/*
688 	 * If the passed-in name is an on-disk name,
689 	 * then we need to do a case-sensitive remove.
690 	 * This is important if the on-disk name
691 	 * corresponds to a mangled name passed in by
692 	 * the client.  We want to make sure to remove
693 	 * the exact file specified by the client,
694 	 * instead of letting the underlying file system
695 	 * do a remove on the "first match."
696 	 */
697 
698 	if ((od == 0) && SMB_TREE_IS_CASEINSENSITIVE(sr))
699 		flags = SMB_IGNORE_CASE;
700 
701 	if (dir_snode->flags & NODE_XATTR_DIR) {
702 		rc = smb_vop_stream_remove(dir_snode->dir_snode->vp,
703 		    name, flags, cr);
704 	} else if (smb_stream_parse_name(name, fname, sname)) {
705 		/*
706 		 * It is assumed that "name" corresponds to the path
707 		 * passed in by the client, and no need of suppressing
708 		 * case-insensitive lookups is needed.
709 		 */
710 
711 		ASSERT(od == 0);
712 
713 		/*
714 		 * Look up the unnamed stream (i.e. fname).
715 		 * Unmangle processing will be done on fname
716 		 * as well as any link target.
717 		 */
718 
719 		rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
720 		    sr->tid_tree->t_snode, dir_snode, fname, &fnode, &file_attr,
721 		    0, 0);
722 
723 		if (rc != 0) {
724 			kmem_free(fname, MAXNAMELEN);
725 			kmem_free(sname, MAXNAMELEN);
726 			return (rc);
727 		}
728 
729 		/*
730 		 * XXX
731 		 * Need to find out what permission is required by NTFS
732 		 * to remove a stream.
733 		 */
734 		rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr);
735 
736 		smb_node_release(fnode);
737 	} else {
738 		rc = smb_vop_remove(dir_snode->vp, name, flags, cr);
739 
740 		if (rc == ENOENT) {
741 			if (smb_maybe_mangled_name(name) == 0) {
742 				kmem_free(fname, MAXNAMELEN);
743 				kmem_free(sname, MAXNAMELEN);
744 				return (rc);
745 			}
746 			longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
747 
748 			rc = smb_unmangle_name(sr, cr, dir_snode, name,
749 			    longname, MAXNAMELEN, NULL, NULL, 1);
750 
751 			if (rc == 0) {
752 				/*
753 				 * We passed "1" as the "od" parameter
754 				 * to smb_unmangle_name(), such that longname
755 				 * is the real (case-sensitive) on-disk name.
756 				 * We make sure we do a remove on this exact
757 				 * name, as the name was mangled and denotes
758 				 * a unique file.
759 				 */
760 				flags &= ~SMB_IGNORE_CASE;
761 				rc = smb_vop_remove(dir_snode->vp, longname,
762 				    flags, cr);
763 			}
764 
765 			kmem_free(longname, MAXNAMELEN);
766 		}
767 	}
768 
769 	kmem_free(fname, MAXNAMELEN);
770 	kmem_free(sname, MAXNAMELEN);
771 	return (rc);
772 }
773 
774 /*
775  * smb_fsop_remove_streams
776  *
777  * This function removes a file's streams without removing the
778  * file itself.
779  *
780  * It is assumed that snode is not a link.
781  */
782 int
783 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode)
784 {
785 	struct fs_stream_info stream_info;
786 	uint32_t cookie = 0;
787 	int flags = 0;
788 	int rc;
789 
790 	ASSERT(sr);
791 	ASSERT(cr);
792 	ASSERT(fnode);
793 	ASSERT(fnode->n_magic == SMB_NODE_MAGIC);
794 	ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING);
795 
796 	if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0)
797 		return (EACCES);
798 
799 	if (SMB_TREE_IS_READONLY(sr))
800 		return (EROFS);
801 
802 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
803 		flags = SMB_IGNORE_CASE;
804 
805 	for (;;) {
806 		rc = smb_vop_stream_readdir(fnode->vp, &cookie, &stream_info,
807 		    NULL, NULL, flags, cr);
808 
809 		if ((rc != 0) || (cookie == SMB_EOF))
810 			break;
811 
812 		(void) smb_vop_stream_remove(fnode->vp, stream_info.name, flags,
813 		    cr);
814 	}
815 	return (rc);
816 }
817 
818 /*
819  * smb_fsop_rmdir
820  *
821  * All SMB functions should use this wrapper to ensure that
822  * the the calls are performed with the appropriate credentials.
823  * Please document any direct call to explain the reason
824  * for avoiding this wrapper.
825  *
826  * It is assumed that a reference exists on snode coming into this routine.
827  *
828  * od: This means that the name passed in is an on-disk name.
829  */
830 
831 int
832 smb_fsop_rmdir(
833     smb_request_t	*sr,
834     cred_t		*cr,
835     smb_node_t		*dir_snode,
836     char		*name,
837     int			od)
838 {
839 	int		rc;
840 	int		flags = 0;
841 	char		*longname;
842 
843 	ASSERT(cr);
844 	/*
845 	 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
846 	 * function is called during the deletion of the node (because of
847 	 * DELETE_ON_CLOSE).
848 	 */
849 	ASSERT(dir_snode);
850 	ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC);
851 
852 	if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0)
853 		return (EACCES);
854 
855 	if (SMB_TREE_IS_READONLY(sr))
856 		return (EROFS);
857 
858 	/*
859 	 * If the passed-in name is an on-disk name,
860 	 * then we need to do a case-sensitive rmdir.
861 	 * This is important if the on-disk name
862 	 * corresponds to a mangled name passed in by
863 	 * the client.  We want to make sure to remove
864 	 * the exact directory specified by the client,
865 	 * instead of letting the underlying file system
866 	 * do a rmdir on the "first match."
867 	 */
868 
869 	if ((od == 0) && SMB_TREE_IS_CASEINSENSITIVE(sr))
870 		flags = SMB_IGNORE_CASE;
871 
872 	rc = smb_vop_rmdir(dir_snode->vp, name, flags, cr);
873 
874 	if (rc == ENOENT) {
875 		if (smb_maybe_mangled_name(name) == 0)
876 			return (rc);
877 
878 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
879 
880 		rc = smb_unmangle_name(sr, cr, dir_snode,
881 		    name, longname, MAXNAMELEN, NULL,
882 		    NULL, 1);
883 
884 		if (rc == 0) {
885 			/*
886 			 * We passed "1" as the "od" parameter
887 			 * to smb_unmangle_name(), such that longname
888 			 * is the real (case-sensitive) on-disk name.
889 			 * We make sure we do a rmdir on this exact
890 			 * name, as the name was mangled and denotes
891 			 * a unique directory.
892 			 */
893 			flags &= ~SMB_IGNORE_CASE;
894 			rc = smb_vop_rmdir(dir_snode->vp, longname, flags, cr);
895 		}
896 
897 		kmem_free(longname, MAXNAMELEN);
898 	}
899 
900 	return (rc);
901 }
902 
903 /*
904  * smb_fsop_getattr
905  *
906  * All SMB functions should use this wrapper to ensure that
907  * the the calls are performed with the appropriate credentials.
908  * Please document any direct call to explain the reason
909  * for avoiding this wrapper.
910  *
911  * It is assumed that a reference exists on snode coming into this routine.
912  */
913 int
914 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
915     smb_attr_t *attr)
916 {
917 	smb_node_t *unnamed_node;
918 	vnode_t *unnamed_vp = NULL;
919 	uint32_t status;
920 	uint32_t access = 0;
921 	int flags = 0;
922 	int rc;
923 
924 	ASSERT(cr);
925 	ASSERT(snode);
926 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
927 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
928 
929 	if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0)
930 		return (EACCES);
931 
932 	if (sr->fid_ofile) {
933 		/* if uid and/or gid is requested */
934 		if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID))
935 			access |= READ_CONTROL;
936 
937 		/* if anything else is also requested */
938 		if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID))
939 			access |= FILE_READ_ATTRIBUTES;
940 
941 		status = smb_ofile_access(sr->fid_ofile, cr, access);
942 		if (status != NT_STATUS_SUCCESS)
943 			return (EACCES);
944 
945 		if (smb_tree_has_feature(sr->tid_tree,
946 		    SMB_TREE_ACEMASKONACCESS))
947 			flags = ATTR_NOACLCHECK;
948 	}
949 
950 	unnamed_node = SMB_IS_STREAM(snode);
951 
952 	if (unnamed_node) {
953 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
954 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
955 		unnamed_vp = unnamed_node->vp;
956 	}
957 
958 	rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr);
959 	if (rc == 0)
960 		snode->attr = *attr;
961 
962 	return (rc);
963 }
964 
965 /*
966  * smb_fsop_readdir
967  *
968  * All SMB functions should use this smb_fsop_readdir wrapper to ensure that
969  * the smb_vop_readdir is performed with the appropriate credentials.
970  * Please document any direct call to smb_vop_readdir to explain the reason
971  * for avoiding this wrapper.
972  *
973  * It is assumed that a reference exists on snode coming into this routine.
974  */
975 int
976 smb_fsop_readdir(
977     smb_request_t *sr,
978     cred_t *cr,
979     smb_node_t *dir_snode,
980     uint32_t *cookie,
981     char *name,
982     int *namelen,
983     ino64_t *fileid,
984     struct fs_stream_info *stream_info,
985     smb_node_t **ret_snode,
986     smb_attr_t *ret_attr)
987 {
988 	smb_node_t	*ret_snodep;
989 	smb_node_t	*fnode;
990 	smb_attr_t	tmp_attr;
991 	vnode_t		*xattrdirvp;
992 	vnode_t		*fvp;
993 	vnode_t		*vp = NULL;
994 	char		*od_name;
995 	int		rc;
996 	int		flags = 0;
997 
998 	ASSERT(cr);
999 	ASSERT(dir_snode);
1000 	ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC);
1001 	ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING);
1002 
1003 	if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0)
1004 		return (EACCES);
1005 
1006 	if (*cookie == SMB_EOF) {
1007 		*namelen = 0;
1008 		return (0);
1009 	}
1010 
1011 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1012 		flags = SMB_IGNORE_CASE;
1013 
1014 	od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1015 
1016 	if (stream_info) {
1017 		rc = smb_vop_lookup(dir_snode->vp, name, &fvp, od_name,
1018 		    SMB_FOLLOW_LINKS, sr->tid_tree->t_snode->vp, cr);
1019 
1020 		if (rc != 0) {
1021 			kmem_free(od_name, MAXNAMELEN);
1022 			return (rc);
1023 		}
1024 
1025 		fnode = smb_node_lookup(sr, NULL, cr, fvp, od_name, dir_snode,
1026 		    NULL, ret_attr);
1027 
1028 		kmem_free(od_name, MAXNAMELEN);
1029 
1030 		if (fnode == NULL) {
1031 			VN_RELE(fvp);
1032 			return (ENOMEM);
1033 		}
1034 
1035 		/*
1036 		 * XXX
1037 		 * Need to find out what permission(s) NTFS requires for getting
1038 		 * a file's streams list.
1039 		 *
1040 		 * Might have to use kcred.
1041 		 */
1042 		rc = smb_vop_stream_readdir(fvp, cookie, stream_info, &vp,
1043 		    &xattrdirvp, flags, cr);
1044 
1045 		if ((rc != 0) || (*cookie == SMB_EOF)) {
1046 			smb_node_release(fnode);
1047 			return (rc);
1048 		}
1049 
1050 		ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp,
1051 		    vp, stream_info->name, &tmp_attr);
1052 
1053 		smb_node_release(fnode);
1054 
1055 		if (ret_snodep == NULL) {
1056 			VN_RELE(xattrdirvp);
1057 			VN_RELE(vp);
1058 			return (ENOMEM);
1059 		}
1060 
1061 		stream_info->size = tmp_attr.sa_vattr.va_size;
1062 
1063 		if (ret_attr)
1064 			*ret_attr = tmp_attr;
1065 
1066 		if (ret_snode)
1067 			*ret_snode = ret_snodep;
1068 		else
1069 			smb_node_release(ret_snodep);
1070 
1071 	} else {
1072 		rc = smb_vop_readdir(dir_snode->vp, cookie, name, namelen,
1073 		    fileid, &vp, od_name, flags, cr);
1074 
1075 		if (rc != 0) {
1076 			kmem_free(od_name, MAXNAMELEN);
1077 			return (rc);
1078 		}
1079 
1080 		if (*namelen) {
1081 			ASSERT(vp);
1082 			if (ret_attr || ret_snode) {
1083 				ret_snodep = smb_node_lookup(sr, NULL, cr, vp,
1084 				    od_name, dir_snode, NULL, &tmp_attr);
1085 
1086 				if (ret_snodep == NULL) {
1087 					kmem_free(od_name, MAXNAMELEN);
1088 					VN_RELE(vp);
1089 					return (ENOMEM);
1090 				}
1091 
1092 				if (ret_attr)
1093 					*ret_attr = tmp_attr;
1094 
1095 				if (ret_snode)
1096 					*ret_snode = ret_snodep;
1097 				else
1098 					smb_node_release(ret_snodep);
1099 			}
1100 		}
1101 
1102 		kmem_free(od_name, MAXNAMELEN);
1103 	}
1104 
1105 	return (rc);
1106 }
1107 
1108 /*
1109  * smb_fsop_getdents
1110  *
1111  * All SMB functions should use this smb_vop_getdents wrapper to ensure that
1112  * the smb_vop_getdents is performed with the appropriate credentials.
1113  * Please document any direct call to smb_vop_getdents to explain the reason
1114  * for avoiding this wrapper.
1115  *
1116  * It is assumed that a reference exists on snode coming into this routine.
1117  */
1118 /*ARGSUSED*/
1119 int
1120 smb_fsop_getdents(
1121     struct smb_request *sr,
1122     cred_t *cr,
1123     smb_node_t *dir_snode,
1124     uint32_t *cookie,
1125     uint64_t *verifierp,
1126     int32_t	*maxcnt,
1127     char *args,
1128     char *pattern)
1129 {
1130 	int flags = 0;
1131 
1132 	ASSERT(cr);
1133 	ASSERT(dir_snode);
1134 	ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC);
1135 	ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING);
1136 
1137 	if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0)
1138 		return (EACCES);
1139 
1140 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1141 		flags = SMB_IGNORE_CASE;
1142 
1143 	return (smb_vop_getdents(dir_snode, cookie, 0, maxcnt, args, pattern,
1144 	    flags, sr, cr));
1145 }
1146 
1147 /*
1148  * smb_fsop_rename
1149  *
1150  * All SMB functions should use this smb_vop_rename wrapper to ensure that
1151  * the smb_vop_rename is performed with the appropriate credentials.
1152  * Please document any direct call to smb_vop_rename to explain the reason
1153  * for avoiding this wrapper.
1154  *
1155  * It is assumed that references exist on from_dir_snode and to_dir_snode coming
1156  * into this routine.
1157  */
1158 int
1159 smb_fsop_rename(
1160     smb_request_t *sr,
1161     cred_t *cr,
1162     smb_node_t *from_dir_snode,
1163     char *from_name,
1164     smb_node_t *to_dir_snode,
1165     char *to_name)
1166 {
1167 	smb_node_t *from_snode;
1168 	smb_attr_t tmp_attr;
1169 	vnode_t *from_vp;
1170 	int flags = 0;
1171 	int rc;
1172 
1173 	ASSERT(cr);
1174 	ASSERT(from_dir_snode);
1175 	ASSERT(from_dir_snode->n_magic == SMB_NODE_MAGIC);
1176 	ASSERT(from_dir_snode->n_state != SMB_NODE_STATE_DESTROYING);
1177 
1178 	ASSERT(to_dir_snode);
1179 	ASSERT(to_dir_snode->n_magic == SMB_NODE_MAGIC);
1180 	ASSERT(to_dir_snode->n_state != SMB_NODE_STATE_DESTROYING);
1181 
1182 	if (SMB_TREE_CONTAINS_NODE(sr, from_dir_snode) == 0)
1183 		return (EACCES);
1184 
1185 	if (SMB_TREE_CONTAINS_NODE(sr, to_dir_snode) == 0)
1186 		return (EACCES);
1187 
1188 	ASSERT(sr);
1189 	ASSERT(sr->tid_tree);
1190 	if (SMB_TREE_IS_READONLY(sr))
1191 		return (EROFS);
1192 
1193 	/*
1194 	 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE
1195 	 * here.
1196 	 *
1197 	 * A case-sensitive rename is always done in this routine
1198 	 * because we are using the on-disk name from an earlier lookup.
1199 	 * If a mangled name was passed in by the caller (denoting a
1200 	 * deterministic lookup), then the exact file must be renamed
1201 	 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or
1202 	 * else the underlying file system might return a "first-match"
1203 	 * on this on-disk name, possibly resulting in the wrong file).
1204 	 */
1205 
1206 	/*
1207 	 * XXX: Lock required through smb_node_release() below?
1208 	 */
1209 
1210 	rc = smb_vop_lookup(from_dir_snode->vp, from_name, &from_vp, NULL, 0,
1211 	    NULL, cr);
1212 
1213 	if (rc != 0)
1214 		return (rc);
1215 
1216 	rc = smb_vop_rename(from_dir_snode->vp, from_name, to_dir_snode->vp,
1217 	    to_name, flags, cr);
1218 
1219 	if (rc == 0) {
1220 		from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name,
1221 		    from_dir_snode, NULL, &tmp_attr);
1222 
1223 		if (from_snode == NULL) {
1224 			VN_RELE(from_vp);
1225 			return (ENOMEM);
1226 		}
1227 
1228 		(void) smb_node_rename(from_dir_snode, from_snode, to_dir_snode,
1229 		    to_name);
1230 
1231 		smb_node_release(from_snode);
1232 	} else {
1233 		VN_RELE(from_vp);
1234 	}
1235 
1236 	/* XXX: unlock */
1237 
1238 	return (rc);
1239 }
1240 
1241 /*
1242  * smb_fsop_setattr
1243  *
1244  * All SMB functions should use this wrapper to ensure that
1245  * the the calls are performed with the appropriate credentials.
1246  * Please document any direct call to explain the reason
1247  * for avoiding this wrapper.
1248  *
1249  * It is assumed that a reference exists on snode coming into this routine.
1250  * A null smb_request might be passed to this function.
1251  */
1252 int
1253 smb_fsop_setattr(
1254     smb_request_t	*sr,
1255     cred_t		*cr,
1256     smb_node_t		*snode,
1257     smb_attr_t		*set_attr,
1258     smb_attr_t		*ret_attr)
1259 {
1260 	smb_node_t *unnamed_node;
1261 	vnode_t *unnamed_vp = NULL;
1262 	uint32_t status;
1263 	uint32_t access = 0;
1264 	int rc = 0;
1265 	int flags = 0;
1266 	boolean_t no_xvattr = B_FALSE;
1267 
1268 	ASSERT(cr);
1269 	ASSERT(snode);
1270 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1271 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1272 
1273 	if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0)
1274 		return (EACCES);
1275 
1276 	if (SMB_TREE_IS_READONLY(sr))
1277 		return (EROFS);
1278 
1279 	if (sr && (set_attr->sa_mask & SMB_AT_SIZE)) {
1280 		if (sr->fid_ofile) {
1281 			if (SMB_OFILE_IS_READONLY(sr->fid_ofile))
1282 				return (EACCES);
1283 		} else {
1284 			if (SMB_PATHFILE_IS_READONLY(sr, snode))
1285 				return (EACCES);
1286 		}
1287 	}
1288 
1289 	/* sr could be NULL in some cases */
1290 	if (sr && sr->fid_ofile) {
1291 
1292 		/* if uid and/or gid is requested */
1293 		if (set_attr->sa_mask & (SMB_AT_UID|SMB_AT_GID))
1294 			access |= WRITE_OWNER;
1295 
1296 		/* if anything else is also requested */
1297 		if (set_attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID))
1298 			access |= FILE_WRITE_ATTRIBUTES;
1299 
1300 		status = smb_ofile_access(sr->fid_ofile, cr, access);
1301 		if (status != NT_STATUS_SUCCESS)
1302 			return (EACCES);
1303 
1304 		if (smb_tree_has_feature(sr->tid_tree,
1305 		    SMB_TREE_ACEMASKONACCESS))
1306 			flags = ATTR_NOACLCHECK;
1307 	}
1308 
1309 	unnamed_node = SMB_IS_STREAM(snode);
1310 
1311 	if (unnamed_node) {
1312 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1313 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1314 		unnamed_vp = unnamed_node->vp;
1315 	}
1316 	if (sr && sr->tid_tree)
1317 		if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_UFS))
1318 			no_xvattr = B_TRUE;
1319 
1320 	rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr,
1321 	    no_xvattr);
1322 
1323 	if ((rc == 0) && ret_attr) {
1324 		/*
1325 		 * Use kcred to update the node attr because this
1326 		 * call is not being made on behalf of the user.
1327 		 */
1328 		ret_attr->sa_mask = SMB_AT_ALL;
1329 		rc = smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, flags,
1330 		    kcred);
1331 		if (rc == 0)
1332 			snode->attr = *ret_attr;
1333 	}
1334 
1335 	return (rc);
1336 }
1337 
1338 /*
1339  * smb_fsop_read
1340  *
1341  * All SMB functions should use this wrapper to ensure that
1342  * the the calls are performed with the appropriate credentials.
1343  * Please document any direct call to explain the reason
1344  * for avoiding this wrapper.
1345  *
1346  * It is assumed that a reference exists on snode coming into this routine.
1347  */
1348 int
1349 smb_fsop_read(
1350     struct smb_request *sr,
1351     cred_t *cr,
1352     smb_node_t *snode,
1353     uio_t *uio,
1354     smb_attr_t *ret_attr)
1355 {
1356 	smb_node_t *unnamed_node;
1357 	vnode_t *unnamed_vp = NULL;
1358 	caller_context_t ct;
1359 	int svmand;
1360 	int rc;
1361 
1362 	ASSERT(cr);
1363 	ASSERT(snode);
1364 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1365 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1366 
1367 	ASSERT(sr);
1368 	ASSERT(sr->fid_ofile);
1369 
1370 	rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA);
1371 	if (rc != NT_STATUS_SUCCESS) {
1372 		rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE);
1373 		if (rc != NT_STATUS_SUCCESS)
1374 			return (EACCES);
1375 	}
1376 
1377 	unnamed_node = SMB_IS_STREAM(snode);
1378 	if (unnamed_node) {
1379 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1380 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1381 		unnamed_vp = unnamed_node->vp;
1382 		/*
1383 		 * Streams permission are checked against the unnamed stream,
1384 		 * but in FS level they have their own permissions. To avoid
1385 		 * rejection by FS due to lack of permission on the actual
1386 		 * extended attr kcred is passed for streams.
1387 		 */
1388 		cr = kcred;
1389 	}
1390 
1391 	smb_node_start_crit(snode, RW_READER);
1392 	rc = nbl_svmand(snode->vp, kcred, &svmand);
1393 	if (rc) {
1394 		smb_node_end_crit(snode);
1395 		return (rc);
1396 	}
1397 
1398 	ct = smb_ct;
1399 	ct.cc_pid = sr->fid_ofile->f_uniqid;
1400 	rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset,
1401 	    uio->uio_iov->iov_len, svmand, &ct);
1402 
1403 	if (rc) {
1404 		smb_node_end_crit(snode);
1405 		return (ERANGE);
1406 	}
1407 	rc = smb_vop_read(snode->vp, uio, cr);
1408 
1409 	if (rc == 0 && ret_attr) {
1410 		/*
1411 		 * Use kcred to update the node attr because this
1412 		 * call is not being made on behalf of the user.
1413 		 */
1414 		ret_attr->sa_mask = SMB_AT_ALL;
1415 		if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0,
1416 		    kcred) == 0) {
1417 			snode->attr = *ret_attr;
1418 		}
1419 	}
1420 
1421 	smb_node_end_crit(snode);
1422 
1423 	return (rc);
1424 }
1425 
1426 /*
1427  * smb_fsop_write
1428  *
1429  * This is a wrapper function used for smb_write and smb_write_raw operations.
1430  *
1431  * It is assumed that a reference exists on snode coming into this routine.
1432  */
1433 int
1434 smb_fsop_write(
1435     smb_request_t *sr,
1436     cred_t *cr,
1437     smb_node_t *snode,
1438     uio_t *uio,
1439     uint32_t *lcount,
1440     smb_attr_t *ret_attr,
1441     int ioflag)
1442 {
1443 	smb_node_t *unnamed_node;
1444 	vnode_t *unnamed_vp = NULL;
1445 	caller_context_t ct;
1446 	int svmand;
1447 	int rc;
1448 
1449 	ASSERT(cr);
1450 	ASSERT(snode);
1451 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1452 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1453 
1454 	ASSERT(sr);
1455 	ASSERT(sr->tid_tree);
1456 	ASSERT(sr->fid_ofile);
1457 
1458 	if (SMB_TREE_IS_READONLY(sr))
1459 		return (EROFS);
1460 
1461 	if (SMB_OFILE_IS_READONLY(sr->fid_ofile))
1462 		return (EACCES);
1463 
1464 	rc = smb_ofile_access(sr->fid_ofile, cr, FILE_WRITE_DATA);
1465 	if (rc != NT_STATUS_SUCCESS) {
1466 		rc = smb_ofile_access(sr->fid_ofile, cr, FILE_APPEND_DATA);
1467 		if (rc != NT_STATUS_SUCCESS)
1468 			return (EACCES);
1469 	}
1470 
1471 	unnamed_node = SMB_IS_STREAM(snode);
1472 
1473 	if (unnamed_node) {
1474 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1475 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1476 		unnamed_vp = unnamed_node->vp;
1477 		/*
1478 		 * Streams permission are checked against the unnamed stream,
1479 		 * but in FS level they have their own permissions. To avoid
1480 		 * rejection by FS due to lack of permission on the actual
1481 		 * extended attr kcred is passed for streams.
1482 		 */
1483 		cr = kcred;
1484 	}
1485 
1486 	smb_node_start_crit(snode, RW_READER);
1487 	rc = nbl_svmand(snode->vp, kcred, &svmand);
1488 	if (rc) {
1489 		smb_node_end_crit(snode);
1490 		return (rc);
1491 	}
1492 
1493 	ct = smb_ct;
1494 	ct.cc_pid = sr->fid_ofile->f_uniqid;
1495 	rc = nbl_lock_conflict(snode->vp, NBL_WRITE, uio->uio_loffset,
1496 	    uio->uio_iov->iov_len, svmand, &ct);
1497 
1498 	if (rc) {
1499 		smb_node_end_crit(snode);
1500 		return (ERANGE);
1501 	}
1502 	rc = smb_vop_write(snode->vp, uio, ioflag, lcount, cr);
1503 
1504 	if (rc == 0 && ret_attr) {
1505 		/*
1506 		 * Use kcred to update the node attr because this
1507 		 * call is not being made on behalf of the user.
1508 		 */
1509 		ret_attr->sa_mask = SMB_AT_ALL;
1510 		if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0,
1511 		    kcred) == 0) {
1512 			snode->attr = *ret_attr;
1513 		}
1514 	}
1515 
1516 	smb_node_end_crit(snode);
1517 
1518 	return (rc);
1519 }
1520 
1521 /*
1522  * smb_fsop_statfs
1523  *
1524  * This is a wrapper function used for stat operations.
1525  */
1526 int
1527 smb_fsop_statfs(
1528     cred_t *cr,
1529     smb_node_t *snode,
1530     struct statvfs64 *statp)
1531 {
1532 	ASSERT(cr);
1533 	ASSERT(snode);
1534 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1535 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1536 
1537 	return (smb_vop_statfs(snode->vp, statp, cr));
1538 }
1539 
1540 /*
1541  * smb_fsop_access
1542  *
1543  * Named streams do not have separate permissions from the associated
1544  * unnamed stream.  Thus, if node is a named stream, the permissions
1545  * check will be performed on the associated unnamed stream.
1546  *
1547  * However, our named streams do have their own quarantine attribute,
1548  * separate from that on the unnamed stream. If READ or EXECUTE
1549  * access has been requested on a named stream, an additional access
1550  * check is performed on the named stream in case it has been
1551  * quarantined.  kcred is used to avoid issues with the permissions
1552  * set on the extended attribute file representing the named stream.
1553  */
1554 int
1555 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1556     uint32_t faccess)
1557 {
1558 	int access = 0;
1559 	int error;
1560 	vnode_t *dir_vp;
1561 	boolean_t acl_check = B_TRUE;
1562 	smb_node_t *unnamed_node;
1563 
1564 	ASSERT(sr);
1565 	ASSERT(cr);
1566 	ASSERT(snode);
1567 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1568 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1569 
1570 	if (faccess == 0)
1571 		return (NT_STATUS_SUCCESS);
1572 
1573 	if (SMB_TREE_IS_READONLY(sr)) {
1574 		if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA|
1575 		    FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES|
1576 		    DELETE|WRITE_DAC|WRITE_OWNER)) {
1577 			return (NT_STATUS_ACCESS_DENIED);
1578 		}
1579 	}
1580 
1581 	unnamed_node = SMB_IS_STREAM(snode);
1582 	if (unnamed_node) {
1583 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1584 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1585 
1586 		/*
1587 		 * Perform VREAD access check on the named stream in case it
1588 		 * is quarantined. kcred is passed to smb_vop_access so it
1589 		 * doesn't fail due to lack of permission.
1590 		 */
1591 		if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) {
1592 			error = smb_vop_access(snode->vp, VREAD,
1593 			    0, NULL, kcred);
1594 			if (error)
1595 				return (NT_STATUS_ACCESS_DENIED);
1596 		}
1597 
1598 		/*
1599 		 * Streams authorization should be performed against the
1600 		 * unnamed stream.
1601 		 */
1602 		snode = unnamed_node;
1603 	}
1604 
1605 	if (faccess & ACCESS_SYSTEM_SECURITY) {
1606 		/*
1607 		 * This permission is required for reading/writing SACL and
1608 		 * it's not part of DACL. It's only granted via proper
1609 		 * privileges.
1610 		 */
1611 		if ((sr->uid_user->u_privileges &
1612 		    (SMB_USER_PRIV_BACKUP |
1613 		    SMB_USER_PRIV_RESTORE |
1614 		    SMB_USER_PRIV_SECURITY)) == 0)
1615 			return (NT_STATUS_PRIVILEGE_NOT_HELD);
1616 
1617 		faccess &= ~ACCESS_SYSTEM_SECURITY;
1618 	}
1619 
1620 	/* Links don't have ACL */
1621 	if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) ||
1622 	    (snode->attr.sa_vattr.va_type == VLNK))
1623 		acl_check = B_FALSE;
1624 
1625 	if (acl_check) {
1626 		dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL;
1627 		error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp,
1628 		    cr);
1629 	} else {
1630 		/*
1631 		 * FS doesn't understand 32-bit mask, need to map
1632 		 */
1633 		if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA))
1634 			access |= VWRITE;
1635 
1636 		if (faccess & FILE_READ_DATA)
1637 			access |= VREAD;
1638 
1639 		if (faccess & FILE_EXECUTE)
1640 			access |= VEXEC;
1641 
1642 		error = smb_vop_access(snode->vp, access, 0, NULL, cr);
1643 	}
1644 
1645 	return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS);
1646 }
1647 
1648 /*
1649  * smb_fsop_lookup_name()
1650  *
1651  * Sanity checks on dir_snode done in smb_fsop_lookup().
1652  *
1653  * Note: This function is called only from the open path.
1654  * It will check if the file is a stream.
1655  * It will also return an error if the looked-up file is in
1656  * a child mount.
1657  */
1658 
1659 int
1660 smb_fsop_lookup_name(
1661     smb_request_t *sr,
1662     cred_t	*cr,
1663     int		flags,
1664     smb_node_t	*root_node,
1665     smb_node_t	*dir_snode,
1666     char	*name,
1667     smb_node_t	**ret_snode,
1668     smb_attr_t	*ret_attr)
1669 {
1670 	smb_node_t	*fnode;
1671 	smb_attr_t	file_attr;
1672 	vnode_t		*xattrdirvp;
1673 	vnode_t		*vp;
1674 	char		*od_name;
1675 	char		*fname;
1676 	char		*sname;
1677 	int		rc;
1678 
1679 	ASSERT(cr);
1680 	ASSERT(dir_snode);
1681 	ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC);
1682 	ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING);
1683 
1684 	/*
1685 	 * The following check is required for streams processing, below
1686 	 */
1687 
1688 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1689 		flags |= SMB_IGNORE_CASE;
1690 
1691 	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1692 	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1693 
1694 	if (smb_stream_parse_name(name, fname, sname)) {
1695 		/*
1696 		 * Look up the unnamed stream (i.e. fname).
1697 		 * Unmangle processing will be done on fname
1698 		 * as well as any link target.
1699 		 */
1700 		rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, fname,
1701 		    &fnode, &file_attr, NULL, NULL);
1702 
1703 		if (rc != 0) {
1704 			kmem_free(fname, MAXNAMELEN);
1705 			kmem_free(sname, MAXNAMELEN);
1706 			return (rc);
1707 		}
1708 
1709 		od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1710 
1711 		/*
1712 		 * od_name is the on-disk name of the stream, except
1713 		 * without the prepended stream prefix (SMB_STREAM_PREFIX)
1714 		 */
1715 
1716 		/*
1717 		 * XXX
1718 		 * What permissions NTFS requires for stream lookup if any?
1719 		 */
1720 		rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name,
1721 		    &xattrdirvp, flags, root_node->vp, cr);
1722 
1723 		if (rc != 0) {
1724 			smb_node_release(fnode);
1725 			kmem_free(fname, MAXNAMELEN);
1726 			kmem_free(sname, MAXNAMELEN);
1727 			kmem_free(od_name, MAXNAMELEN);
1728 			return (rc);
1729 		}
1730 
1731 		*ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp,
1732 		    vp, od_name, ret_attr);
1733 
1734 		kmem_free(od_name, MAXNAMELEN);
1735 		smb_node_release(fnode);
1736 
1737 		if (*ret_snode == NULL) {
1738 			VN_RELE(xattrdirvp);
1739 			VN_RELE(vp);
1740 			kmem_free(fname, MAXNAMELEN);
1741 			kmem_free(sname, MAXNAMELEN);
1742 			return (ENOMEM);
1743 		}
1744 	} else {
1745 		rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, name,
1746 		    ret_snode, ret_attr, NULL, NULL);
1747 	}
1748 
1749 	if (rc == 0) {
1750 		ASSERT(ret_snode);
1751 		if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) {
1752 			smb_node_release(*ret_snode);
1753 			*ret_snode = NULL;
1754 			rc = EACCES;
1755 		}
1756 	}
1757 
1758 	kmem_free(fname, MAXNAMELEN);
1759 	kmem_free(sname, MAXNAMELEN);
1760 
1761 	return (rc);
1762 }
1763 
1764 /*
1765  * smb_fsop_lookup
1766  *
1767  * All SMB functions should use this smb_vop_lookup wrapper to ensure that
1768  * the smb_vop_lookup is performed with the appropriate credentials and using
1769  * case insensitive compares. Please document any direct call to smb_vop_lookup
1770  * to explain the reason for avoiding this wrapper.
1771  *
1772  * It is assumed that a reference exists on dir_snode coming into this routine
1773  * (and that it is safe from deallocation).
1774  *
1775  * Same with the root_node.
1776  *
1777  * *ret_snode is returned with a reference upon success.  No reference is
1778  * taken if an error is returned.
1779  *
1780  * Note: The returned ret_snode may be in a child mount.  This is ok for
1781  * readdir and getdents.
1782  *
1783  * ret_shortname and ret_name83 must each point to buffers of at least
1784  * SMB_SHORTNAMELEN bytes.
1785  *
1786  * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent
1787  * operations on files not in the parent mount.
1788  */
1789 int
1790 smb_fsop_lookup(
1791     smb_request_t *sr,
1792     cred_t	*cr,
1793     int		flags,
1794     smb_node_t	*root_node,
1795     smb_node_t	*dir_snode,
1796     char	*name,
1797     smb_node_t	**ret_snode,
1798     smb_attr_t	*ret_attr,
1799     char	*ret_shortname,
1800     char	*ret_name83)
1801 {
1802 	smb_node_t *lnk_target_node;
1803 	smb_node_t *lnk_dnode;
1804 	char *longname;
1805 	char *od_name;
1806 	vnode_t *vp;
1807 	int rc;
1808 
1809 	ASSERT(cr);
1810 	ASSERT(dir_snode);
1811 	ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC);
1812 	ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING);
1813 
1814 	if (name == NULL)
1815 		return (EINVAL);
1816 
1817 	if (SMB_TREE_CONTAINS_NODE(sr, dir_snode) == 0)
1818 		return (EACCES);
1819 
1820 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1821 		flags |= SMB_IGNORE_CASE;
1822 
1823 	od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1824 
1825 	rc = smb_vop_lookup(dir_snode->vp, name, &vp, od_name, flags,
1826 	    root_node ? root_node->vp : NULL, cr);
1827 
1828 	if (rc != 0) {
1829 		if (smb_maybe_mangled_name(name) == 0) {
1830 			kmem_free(od_name, MAXNAMELEN);
1831 			return (rc);
1832 		}
1833 
1834 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1835 
1836 		rc = smb_unmangle_name(sr, cr, dir_snode, name, longname,
1837 		    MAXNAMELEN, ret_shortname, ret_name83, 1);
1838 
1839 		if (rc != 0) {
1840 			kmem_free(od_name, MAXNAMELEN);
1841 			kmem_free(longname, MAXNAMELEN);
1842 			return (rc);
1843 		}
1844 
1845 		/*
1846 		 * We passed "1" as the "od" parameter
1847 		 * to smb_unmangle_name(), such that longname
1848 		 * is the real (case-sensitive) on-disk name.
1849 		 * We make sure we do a lookup on this exact
1850 		 * name, as the name was mangled and denotes
1851 		 * a unique file.
1852 		 */
1853 
1854 		if (flags & SMB_IGNORE_CASE)
1855 			flags &= ~SMB_IGNORE_CASE;
1856 
1857 		rc = smb_vop_lookup(dir_snode->vp, longname, &vp, od_name,
1858 		    flags, root_node ? root_node->vp : NULL, cr);
1859 
1860 		kmem_free(longname, MAXNAMELEN);
1861 
1862 		if (rc != 0) {
1863 			kmem_free(od_name, MAXNAMELEN);
1864 			return (rc);
1865 		}
1866 	}
1867 
1868 	if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK)) {
1869 
1870 		rc = smb_pathname(sr, od_name, FOLLOW, root_node, dir_snode,
1871 		    &lnk_dnode, &lnk_target_node, cr);
1872 
1873 		if (rc != 0) {
1874 			/*
1875 			 * The link is assumed to be for the last component
1876 			 * of a path.  Hence any ENOTDIR error will be returned
1877 			 * as ENOENT.
1878 			 */
1879 			if (rc == ENOTDIR)
1880 				rc = ENOENT;
1881 
1882 			VN_RELE(vp);
1883 			kmem_free(od_name, MAXNAMELEN);
1884 			return (rc);
1885 		}
1886 
1887 		/*
1888 		 * Release the original VLNK vnode
1889 		 */
1890 
1891 		VN_RELE(vp);
1892 		vp = lnk_target_node->vp;
1893 
1894 		rc = smb_vop_traverse_check(&vp);
1895 
1896 		if (rc != 0) {
1897 			smb_node_release(lnk_dnode);
1898 			smb_node_release(lnk_target_node);
1899 			kmem_free(od_name, MAXNAMELEN);
1900 			return (rc);
1901 		}
1902 
1903 		/*
1904 		 * smb_vop_traverse_check() may have returned a different vnode
1905 		 */
1906 
1907 		if (lnk_target_node->vp == vp) {
1908 			*ret_snode = lnk_target_node;
1909 			*ret_attr = (*ret_snode)->attr;
1910 		} else {
1911 			*ret_snode = smb_node_lookup(sr, NULL, cr, vp,
1912 			    lnk_target_node->od_name, lnk_dnode, NULL,
1913 			    ret_attr);
1914 
1915 			if (*ret_snode == NULL) {
1916 				VN_RELE(vp);
1917 				rc = ENOMEM;
1918 			}
1919 			smb_node_release(lnk_target_node);
1920 		}
1921 
1922 		smb_node_release(lnk_dnode);
1923 
1924 	} else {
1925 
1926 		rc = smb_vop_traverse_check(&vp);
1927 		if (rc) {
1928 			VN_RELE(vp);
1929 			kmem_free(od_name, MAXNAMELEN);
1930 			return (rc);
1931 		}
1932 
1933 		*ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name,
1934 		    dir_snode, NULL, ret_attr);
1935 
1936 		if (*ret_snode == NULL) {
1937 			VN_RELE(vp);
1938 			rc = ENOMEM;
1939 		}
1940 	}
1941 
1942 	kmem_free(od_name, MAXNAMELEN);
1943 	return (rc);
1944 }
1945 
1946 /*
1947  * smb_fsop_stream_readdir()
1948  *
1949  * ret_snode and ret_attr are optional parameters (i.e. NULL may be passed in)
1950  *
1951  * This routine will return only NTFS streams.  If an NTFS stream is not
1952  * found at the offset specified, the directory will be read until an NTFS
1953  * stream is found or until EOF.
1954  *
1955  * Note: Sanity checks done in caller
1956  * (smb_fsop_readdir(), smb_fsop_remove_streams())
1957  */
1958 
1959 int
1960 smb_fsop_stream_readdir(smb_request_t *sr, cred_t *cr, smb_node_t *fnode,
1961     uint32_t *cookiep, struct fs_stream_info *stream_info,
1962     smb_node_t **ret_snode, smb_attr_t *ret_attr)
1963 {
1964 	smb_node_t *ret_snodep = NULL;
1965 	smb_attr_t tmp_attr;
1966 	vnode_t *xattrdirvp;
1967 	vnode_t *vp;
1968 	int rc = 0;
1969 	int flags = 0;
1970 
1971 	/*
1972 	 * XXX NTFS permission requirements if any?
1973 	 */
1974 	ASSERT(cr);
1975 	ASSERT(fnode);
1976 	ASSERT(fnode->n_magic == SMB_NODE_MAGIC);
1977 	ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING);
1978 
1979 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1980 		flags = SMB_IGNORE_CASE;
1981 
1982 	rc = smb_vop_stream_readdir(fnode->vp, cookiep, stream_info, &vp,
1983 	    &xattrdirvp, flags, cr);
1984 
1985 	if ((rc != 0) || *cookiep == SMB_EOF)
1986 		return (rc);
1987 
1988 	ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, vp,
1989 	    stream_info->name, &tmp_attr);
1990 
1991 	if (ret_snodep == NULL) {
1992 		VN_RELE(xattrdirvp);
1993 		VN_RELE(vp);
1994 		return (ENOMEM);
1995 	}
1996 
1997 	stream_info->size = tmp_attr.sa_vattr.va_size;
1998 
1999 	if (ret_attr)
2000 		*ret_attr = tmp_attr;
2001 
2002 	if (ret_snode)
2003 		*ret_snode = ret_snodep;
2004 	else
2005 		smb_node_release(ret_snodep);
2006 
2007 	return (rc);
2008 }
2009 
2010 int /*ARGSUSED*/
2011 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode)
2012 {
2013 	ASSERT(cr);
2014 	ASSERT(snode);
2015 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
2016 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
2017 
2018 	ASSERT(sr);
2019 	ASSERT(sr->tid_tree);
2020 	if (SMB_TREE_IS_READONLY(sr))
2021 		return (EROFS);
2022 
2023 	return (smb_vop_commit(snode->vp, cr));
2024 }
2025 
2026 /*
2027  * smb_fsop_aclread
2028  *
2029  * Retrieve filesystem ACL. Depends on requested ACLs in
2030  * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in
2031  * fs_sd. Note that requesting a DACL/SACL doesn't mean that
2032  * the corresponding field in fs_sd should be non-NULL upon
2033  * return, since the target ACL might not contain that type of
2034  * entries.
2035  *
2036  * Returned ACL is always in ACE_T (aka ZFS) format.
2037  * If successful the allocated memory for the ACL should be freed
2038  * using smb_fsacl_free() or smb_fssd_term()
2039  */
2040 int
2041 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2042     smb_fssd_t *fs_sd)
2043 {
2044 	int error = 0;
2045 	int flags = 0;
2046 	int access = 0;
2047 	acl_t *acl;
2048 	smb_node_t *unnamed_node;
2049 
2050 	ASSERT(cr);
2051 
2052 	if (sr->fid_ofile) {
2053 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2054 			access = READ_CONTROL;
2055 
2056 		if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2057 			access |= ACCESS_SYSTEM_SECURITY;
2058 
2059 		error = smb_ofile_access(sr->fid_ofile, cr, access);
2060 		if (error != NT_STATUS_SUCCESS) {
2061 			return (EACCES);
2062 		}
2063 	}
2064 
2065 	unnamed_node = SMB_IS_STREAM(snode);
2066 	if (unnamed_node) {
2067 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2068 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2069 		/*
2070 		 * Streams don't have ACL, any read ACL attempt on a stream
2071 		 * should be performed on the unnamed stream.
2072 		 */
2073 		snode = unnamed_node;
2074 	}
2075 
2076 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS))
2077 		flags = ATTR_NOACLCHECK;
2078 
2079 	error = smb_vop_acl_read(snode->vp, &acl, flags,
2080 	    sr->tid_tree->t_acltype, cr);
2081 	if (error != 0) {
2082 		return (error);
2083 	}
2084 
2085 	error = acl_translate(acl, _ACL_ACE_ENABLED,
2086 	    (snode->vp->v_type == VDIR), fs_sd->sd_uid, fs_sd->sd_gid);
2087 
2088 	if (error == 0) {
2089 		smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl,
2090 		    fs_sd->sd_secinfo);
2091 	}
2092 
2093 	acl_free(acl);
2094 	return (error);
2095 }
2096 
2097 /*
2098  * smb_fsop_aclwrite
2099  *
2100  * Stores the filesystem ACL provided in fs_sd->sd_acl.
2101  */
2102 int
2103 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2104     smb_fssd_t *fs_sd)
2105 {
2106 	int target_flavor;
2107 	int error = 0;
2108 	int flags = 0;
2109 	int access = 0;
2110 	acl_t *acl, *dacl, *sacl;
2111 	smb_node_t *unnamed_node;
2112 
2113 	ASSERT(cr);
2114 
2115 	ASSERT(sr);
2116 	ASSERT(sr->tid_tree);
2117 	if (SMB_TREE_IS_READONLY(sr))
2118 		return (EROFS);
2119 
2120 	if (sr->fid_ofile) {
2121 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2122 			access = WRITE_DAC;
2123 
2124 		if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2125 			access |= ACCESS_SYSTEM_SECURITY;
2126 
2127 		error = smb_ofile_access(sr->fid_ofile, cr, access);
2128 		if (error != NT_STATUS_SUCCESS)
2129 			return (EACCES);
2130 	}
2131 
2132 	switch (sr->tid_tree->t_acltype) {
2133 	case ACLENT_T:
2134 		target_flavor = _ACL_ACLENT_ENABLED;
2135 		break;
2136 
2137 	case ACE_T:
2138 		target_flavor = _ACL_ACE_ENABLED;
2139 		break;
2140 	default:
2141 		return (EINVAL);
2142 	}
2143 
2144 	unnamed_node = SMB_IS_STREAM(snode);
2145 	if (unnamed_node) {
2146 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2147 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2148 		/*
2149 		 * Streams don't have ACL, any write ACL attempt on a stream
2150 		 * should be performed on the unnamed stream.
2151 		 */
2152 		snode = unnamed_node;
2153 	}
2154 
2155 	dacl = fs_sd->sd_zdacl;
2156 	sacl = fs_sd->sd_zsacl;
2157 
2158 	ASSERT(dacl || sacl);
2159 	if ((dacl == NULL) && (sacl == NULL))
2160 		return (EINVAL);
2161 
2162 	if (dacl && sacl)
2163 		acl = smb_fsacl_merge(dacl, sacl);
2164 	else if (dacl)
2165 		acl = dacl;
2166 	else
2167 		acl = sacl;
2168 
2169 	error = acl_translate(acl, target_flavor, (snode->vp->v_type == VDIR),
2170 	    fs_sd->sd_uid, fs_sd->sd_gid);
2171 	if (error == 0) {
2172 		if (smb_tree_has_feature(sr->tid_tree,
2173 		    SMB_TREE_ACEMASKONACCESS))
2174 			flags = ATTR_NOACLCHECK;
2175 
2176 		error = smb_vop_acl_write(snode->vp, acl, flags, cr);
2177 	}
2178 
2179 	if (dacl && sacl)
2180 		acl_free(acl);
2181 
2182 	return (error);
2183 }
2184 
2185 acl_type_t
2186 smb_fsop_acltype(smb_node_t *snode)
2187 {
2188 	return (smb_vop_acl_type(snode->vp));
2189 }
2190 
2191 /*
2192  * smb_fsop_sdread
2193  *
2194  * Read the requested security descriptor items from filesystem.
2195  * The items are specified in fs_sd->sd_secinfo.
2196  */
2197 int
2198 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2199     smb_fssd_t *fs_sd)
2200 {
2201 	int error = 0;
2202 	int getowner = 0;
2203 	cred_t *ga_cred;
2204 	smb_attr_t attr;
2205 
2206 	ASSERT(cr);
2207 	ASSERT(fs_sd);
2208 
2209 	/*
2210 	 * File's uid/gid is fetched in two cases:
2211 	 *
2212 	 * 1. it's explicitly requested
2213 	 *
2214 	 * 2. target ACL is ACE_T (ZFS ACL). They're needed for
2215 	 *    owner@/group@ entries. In this case kcred should be used
2216 	 *    because uid/gid are fetched on behalf of smb server.
2217 	 */
2218 	if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) {
2219 		getowner = 1;
2220 		ga_cred = cr;
2221 	} else if (sr->tid_tree->t_acltype == ACE_T) {
2222 		getowner = 1;
2223 		ga_cred = kcred;
2224 	}
2225 
2226 	if (getowner) {
2227 		/*
2228 		 * Windows require READ_CONTROL to read owner/group SID since
2229 		 * they're part of Security Descriptor.
2230 		 * ZFS only requires read_attribute. Need to have a explicit
2231 		 * access check here.
2232 		 */
2233 		if (sr->fid_ofile == NULL) {
2234 			error = smb_fsop_access(sr, ga_cred, snode,
2235 			    READ_CONTROL);
2236 			if (error)
2237 				return (error);
2238 		}
2239 
2240 		attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2241 		error = smb_fsop_getattr(sr, ga_cred, snode, &attr);
2242 		if (error == 0) {
2243 			fs_sd->sd_uid = attr.sa_vattr.va_uid;
2244 			fs_sd->sd_gid = attr.sa_vattr.va_gid;
2245 		} else {
2246 			return (error);
2247 		}
2248 	}
2249 
2250 	if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2251 		error = smb_fsop_aclread(sr, cr, snode, fs_sd);
2252 	}
2253 
2254 	return (error);
2255 }
2256 
2257 /*
2258  * smb_fsop_sdmerge
2259  *
2260  * From SMB point of view DACL and SACL are two separate list
2261  * which can be manipulated independently without one affecting
2262  * the other, but entries for both DACL and SACL will end up
2263  * in the same ACL if target filesystem supports ACE_T ACLs.
2264  *
2265  * So, if either DACL or SACL is present in the client set request
2266  * the entries corresponding to the non-present ACL shouldn't
2267  * be touched in the FS ACL.
2268  *
2269  * fs_sd parameter contains DACL and SACL specified by SMB
2270  * client to be set on a file/directory. The client could
2271  * specify both or one of these ACLs (if none is specified
2272  * we don't get this far). When both DACL and SACL are given
2273  * by client the existing ACL should be overwritten. If only
2274  * one of them is specified the entries corresponding to the other
2275  * ACL should not be touched. For example, if only DACL
2276  * is specified in input fs_sd, the function reads audit entries
2277  * of the existing ACL of the file and point fs_sd->sd_zsdacl
2278  * pointer to the fetched SACL, this way when smb_fsop_sdwrite()
2279  * function is called the passed fs_sd would point to the specified
2280  * DACL by client and fetched SACL from filesystem, so the file
2281  * will end up with correct ACL.
2282  */
2283 static int
2284 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd)
2285 {
2286 	smb_fssd_t cur_sd;
2287 	int error = 0;
2288 
2289 	if (sr->tid_tree->t_acltype != ACE_T)
2290 		/* Don't bother if target FS doesn't support ACE_T */
2291 		return (0);
2292 
2293 	if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) {
2294 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) {
2295 			/*
2296 			 * Don't overwrite existing audit entries
2297 			 */
2298 			smb_fssd_init(&cur_sd, SMB_SACL_SECINFO,
2299 			    fs_sd->sd_flags);
2300 
2301 			error = smb_fsop_sdread(sr, kcred, snode, &cur_sd);
2302 			if (error == 0) {
2303 				ASSERT(fs_sd->sd_zsacl == NULL);
2304 				fs_sd->sd_zsacl = cur_sd.sd_zsacl;
2305 				if (fs_sd->sd_zsacl && fs_sd->sd_zdacl)
2306 					fs_sd->sd_zsacl->acl_flags =
2307 					    fs_sd->sd_zdacl->acl_flags;
2308 			}
2309 		} else {
2310 			/*
2311 			 * Don't overwrite existing access entries
2312 			 */
2313 			smb_fssd_init(&cur_sd, SMB_DACL_SECINFO,
2314 			    fs_sd->sd_flags);
2315 
2316 			error = smb_fsop_sdread(sr, kcred, snode, &cur_sd);
2317 			if (error == 0) {
2318 				ASSERT(fs_sd->sd_zdacl == NULL);
2319 				fs_sd->sd_zdacl = cur_sd.sd_zdacl;
2320 				if (fs_sd->sd_zdacl && fs_sd->sd_zsacl)
2321 					fs_sd->sd_zdacl->acl_flags =
2322 					    fs_sd->sd_zsacl->acl_flags;
2323 			}
2324 		}
2325 
2326 		if (error)
2327 			smb_fssd_term(&cur_sd);
2328 	}
2329 
2330 	return (error);
2331 }
2332 
2333 /*
2334  * smb_fsop_sdwrite
2335  *
2336  * Stores the given uid, gid and acl in filesystem.
2337  * Provided items in fs_sd are specified by fs_sd->sd_secinfo.
2338  *
2339  * A SMB security descriptor could contain owner, primary group,
2340  * DACL and SACL. Setting an SD should be atomic but here it has to
2341  * be done via two separate FS operations: VOP_SETATTR and
2342  * VOP_SETSECATTR. Therefore, this function has to simulate the
2343  * atomicity as well as it can.
2344  */
2345 int
2346 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2347     smb_fssd_t *fs_sd, int overwrite)
2348 {
2349 	int error = 0;
2350 	int access = 0;
2351 	smb_attr_t set_attr;
2352 	smb_attr_t orig_attr;
2353 
2354 	ASSERT(cr);
2355 	ASSERT(fs_sd);
2356 
2357 	ASSERT(sr);
2358 	ASSERT(sr->tid_tree);
2359 	if (SMB_TREE_IS_READONLY(sr))
2360 		return (EROFS);
2361 
2362 	bzero(&set_attr, sizeof (smb_attr_t));
2363 
2364 	if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
2365 		set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
2366 		set_attr.sa_mask |= SMB_AT_UID;
2367 	}
2368 
2369 	if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
2370 		set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
2371 		set_attr.sa_mask |= SMB_AT_GID;
2372 	}
2373 
2374 	if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2375 		access |= WRITE_DAC;
2376 
2377 	if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2378 		access |= ACCESS_SYSTEM_SECURITY;
2379 
2380 	if (sr->fid_ofile)
2381 		error = smb_ofile_access(sr->fid_ofile, cr, access);
2382 	else
2383 		error = smb_fsop_access(sr, cr, snode, access);
2384 
2385 	if (error)
2386 		return (EACCES);
2387 
2388 	if (set_attr.sa_mask) {
2389 		/*
2390 		 * Get the current uid, gid so if smb_fsop_aclwrite fails
2391 		 * we can revert uid, gid changes.
2392 		 *
2393 		 * We use root cred here so the operation doesn't fail
2394 		 * due to lack of permission for the user to read the attrs
2395 		 */
2396 
2397 		orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2398 		error = smb_fsop_getattr(sr, kcred, snode, &orig_attr);
2399 		if (error == 0)
2400 			error = smb_fsop_setattr(sr, cr, snode, &set_attr,
2401 			    NULL);
2402 
2403 		if (error)
2404 			return (error);
2405 	}
2406 
2407 	if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2408 		if (overwrite == 0) {
2409 			error = smb_fsop_sdmerge(sr, snode, fs_sd);
2410 			if (error)
2411 				return (error);
2412 		}
2413 
2414 		error = smb_fsop_aclwrite(sr, cr, snode, fs_sd);
2415 		if (error) {
2416 			/*
2417 			 * Revert uid/gid changes if required.
2418 			 */
2419 			if (set_attr.sa_mask) {
2420 				orig_attr.sa_mask = set_attr.sa_mask;
2421 				(void) smb_fsop_setattr(sr, kcred, snode,
2422 				    &orig_attr, NULL);
2423 			}
2424 		}
2425 	}
2426 
2427 	return (error);
2428 }
2429 
2430 /*
2431  * smb_fsop_sdinherit
2432  *
2433  * Inherit the security descriptor from the parent container.
2434  * This function is called after FS has created the file/folder
2435  * so if this doesn't do anything it means FS inheritance is
2436  * in place.
2437  *
2438  * Do inheritance for ZFS internally.
2439  *
2440  * If we want to let ZFS does the inheritance the
2441  * following setting should be true:
2442  *
2443  *  - aclinherit = passthrough
2444  *  - aclmode = passthrough
2445  *  - smbd umask = 0777
2446  *
2447  * This will result in right effective permissions but
2448  * ZFS will always add 6 ACEs for owner, owning group
2449  * and others to be POSIX compliant. This is not what
2450  * Windows clients/users expect, so we decided that CIFS
2451  * implements Windows rules and overwrite whatever ZFS
2452  * comes up with. This way we also don't have to care
2453  * about ZFS aclinherit and aclmode settings.
2454  */
2455 static int
2456 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd)
2457 {
2458 	int is_dir;
2459 	acl_t *dacl = NULL;
2460 	acl_t *sacl = NULL;
2461 	ksid_t *owner_sid;
2462 	int error;
2463 
2464 	ASSERT(fs_sd);
2465 
2466 	if (sr->tid_tree->t_acltype != ACE_T) {
2467 		/*
2468 		 * No forced inheritance for non-ZFS filesystems.
2469 		 */
2470 		fs_sd->sd_secinfo = 0;
2471 		return (0);
2472 	}
2473 
2474 
2475 	/* Fetch parent directory's ACL */
2476 	error = smb_fsop_sdread(sr, kcred, dnode, fs_sd);
2477 	if (error) {
2478 		return (error);
2479 	}
2480 
2481 	is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR);
2482 	owner_sid = crgetsid(sr->user_cr, KSID_OWNER);
2483 	ASSERT(owner_sid);
2484 	dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO,
2485 	    owner_sid->ks_id);
2486 	sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO,
2487 	    (uid_t)-1);
2488 
2489 	if (sacl == NULL)
2490 		fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO;
2491 
2492 	smb_fsacl_free(fs_sd->sd_zdacl);
2493 	smb_fsacl_free(fs_sd->sd_zsacl);
2494 
2495 	fs_sd->sd_zdacl = dacl;
2496 	fs_sd->sd_zsacl = sacl;
2497 
2498 	return (0);
2499 }
2500 
2501 /*
2502  * smb_fsop_eaccess
2503  *
2504  * Returns the effective permission of the given credential for the
2505  * specified object.
2506  *
2507  * This is just a workaround. We need VFS/FS support for this.
2508  */
2509 void
2510 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2511     uint32_t *eaccess)
2512 {
2513 	int access = 0;
2514 	vnode_t *dir_vp;
2515 	smb_node_t *unnamed_node;
2516 
2517 	ASSERT(cr);
2518 	ASSERT(snode);
2519 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
2520 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
2521 
2522 	unnamed_node = SMB_IS_STREAM(snode);
2523 	if (unnamed_node) {
2524 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2525 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2526 		/*
2527 		 * Streams authorization should be performed against the
2528 		 * unnamed stream.
2529 		 */
2530 		snode = unnamed_node;
2531 	}
2532 
2533 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) {
2534 		dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL;
2535 		smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp,
2536 		    cr);
2537 		return;
2538 	}
2539 
2540 	/*
2541 	 * FS doesn't understand 32-bit mask
2542 	 */
2543 	smb_vop_eaccess(snode->vp, &access, 0, NULL, cr);
2544 
2545 	*eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES;
2546 
2547 	if (access & VREAD)
2548 		*eaccess |= FILE_READ_DATA;
2549 
2550 	if (access & VEXEC)
2551 		*eaccess |= FILE_EXECUTE;
2552 
2553 	if (access & VWRITE)
2554 		*eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES |
2555 		    FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD;
2556 }
2557 
2558 /*
2559  * smb_fsop_shrlock
2560  *
2561  * For the current open request, check file sharing rules
2562  * against existing opens.
2563  *
2564  * Returns NT_STATUS_SHARING_VIOLATION if there is any
2565  * sharing conflict.  Returns NT_STATUS_SUCCESS otherwise.
2566  *
2567  * Full system-wide share reservation synchronization is available
2568  * when the nbmand (non-blocking mandatory) mount option is set
2569  * (i.e. nbl_need_crit() is true) and nbmand critical regions are used.
2570  * This provides synchronization with NFS and local processes.  The
2571  * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called
2572  * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well
2573  * as the CIFS rename and delete paths.
2574  *
2575  * The CIFS server will also enter the nbl critical region in the open,
2576  * rename, and delete paths when nbmand is not set.  There is limited
2577  * coordination with local and VFS share reservations in this case.
2578  * Note that when the nbmand mount option is not set, the VFS layer
2579  * only processes advisory reservations and the delete mode is not checked.
2580  *
2581  * Whether or not the nbmand mount option is set, intra-CIFS share
2582  * checking is done in the open, delete, and rename paths using a CIFS
2583  * critical region (node->n_share_lock).
2584  */
2585 
2586 uint32_t
2587 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid,
2588     uint32_t desired_access, uint32_t share_access)
2589 {
2590 	int rc;
2591 
2592 	if (node->attr.sa_vattr.va_type == VDIR)
2593 		return (NT_STATUS_SUCCESS);
2594 
2595 	/* Allow access if the request is just for meta data */
2596 	if ((desired_access & FILE_DATA_ALL) == 0)
2597 		return (NT_STATUS_SUCCESS);
2598 
2599 	rc = smb_node_open_check(node, cr, desired_access, share_access);
2600 	if (rc)
2601 		return (NT_STATUS_SHARING_VIOLATION);
2602 
2603 	rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access,
2604 	    cr);
2605 	if (rc)
2606 		return (NT_STATUS_SHARING_VIOLATION);
2607 
2608 	return (NT_STATUS_SUCCESS);
2609 }
2610 
2611 void
2612 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid)
2613 {
2614 	if (node->attr.sa_vattr.va_type == VDIR)
2615 		return;
2616 
2617 	(void) smb_vop_unshrlock(node->vp, uniq_fid, cr);
2618 }
2619 
2620 int
2621 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock,
2622     cred_t *cr)
2623 {
2624 	flock64_t bf;
2625 	int flag = F_REMOTELOCK;
2626 
2627 	/*
2628 	 * VOP_FRLOCK() will not be called if:
2629 	 *
2630 	 * 1) The lock has a range of zero bytes. The semantics of Windows and
2631 	 *    POSIX are different. In the case of POSIX it asks for the locking
2632 	 *    of all the bytes from the offset provided until the end of the
2633 	 *    file. In the case of Windows a range of zero locks nothing and
2634 	 *    doesn't conflict with any other lock.
2635 	 *
2636 	 * 2) The lock rolls over (start + lenght < start). Solaris will assert
2637 	 *    if such a request is submitted. This will not create
2638 	 *    incompatibilities between POSIX and Windows. In the Windows world,
2639 	 *    if a client submits such a lock, the server will not lock any
2640 	 *    bytes. Interestingly if the same lock (same offset and length) is
2641 	 *    resubmitted Windows will consider that there is an overlap and
2642 	 *    the granting rules will then apply.
2643 	 */
2644 	if ((lock->l_length == 0) ||
2645 	    ((lock->l_start + lock->l_length - 1) < lock->l_start))
2646 		return (0);
2647 
2648 	bzero(&bf, sizeof (bf));
2649 
2650 	if (unlock) {
2651 		bf.l_type = F_UNLCK;
2652 	} else if (lock->l_type == SMB_LOCK_TYPE_READONLY) {
2653 		bf.l_type = F_RDLCK;
2654 		flag |= FREAD;
2655 	} else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) {
2656 		bf.l_type = F_WRLCK;
2657 		flag |= FWRITE;
2658 	}
2659 
2660 	bf.l_start = lock->l_start;
2661 	bf.l_len = lock->l_length;
2662 	bf.l_pid = lock->l_file->f_uniqid;
2663 	bf.l_sysid = smb_ct.cc_sysid;
2664 
2665 	return (smb_vop_frlock(node->vp, cr, flag, &bf));
2666 }
2667