xref: /titanic_52/usr/src/uts/common/fs/smbsrv/smb_ofile.c (revision c3d26abc9ee97b4f60233556aadeb57e0bd30bb9)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
24  */
25 
26 /*
27  * General Structures Layout
28  * -------------------------
29  *
30  * This is a simplified diagram showing the relationship between most of the
31  * main structures.
32  *
33  * +-------------------+
34  * |     SMB_INFO      |
35  * +-------------------+
36  *          |
37  *          |
38  *          v
39  * +-------------------+       +-------------------+      +-------------------+
40  * |     SESSION       |<----->|     SESSION       |......|      SESSION      |
41  * +-------------------+       +-------------------+      +-------------------+
42  *   |          |
43  *   |          |
44  *   |          v
45  *   |  +-------------------+     +-------------------+   +-------------------+
46  *   |  |       USER        |<--->|       USER        |...|       USER        |
47  *   |  +-------------------+     +-------------------+   +-------------------+
48  *   |
49  *   |
50  *   v
51  * +-------------------+       +-------------------+      +-------------------+
52  * |       TREE        |<----->|       TREE        |......|       TREE        |
53  * +-------------------+       +-------------------+      +-------------------+
54  *      |         |
55  *      |         |
56  *      |         v
57  *      |     +-------+       +-------+      +-------+
58  *      |     | OFILE |<----->| OFILE |......| OFILE |
59  *      |     +-------+       +-------+      +-------+
60  *      |
61  *      |
62  *      v
63  *  +-------+       +------+      +------+
64  *  | ODIR  |<----->| ODIR |......| ODIR |
65  *  +-------+       +------+      +------+
66  *
67  *
68  * Ofile State Machine
69  * ------------------
70  *
71  *    +-------------------------+	 T0
72  *    |  SMB_OFILE_STATE_OPEN   |<----------- Creation/Allocation
73  *    +-------------------------+
74  *		    |
75  *		    | T1
76  *		    |
77  *		    v
78  *    +-------------------------+
79  *    | SMB_OFILE_STATE_CLOSING |
80  *    +-------------------------+
81  *		    |
82  *		    | T2
83  *		    |
84  *		    v
85  *    +-------------------------+    T3
86  *    | SMB_OFILE_STATE_CLOSED  |----------> Deletion/Free
87  *    +-------------------------+
88  *
89  * SMB_OFILE_STATE_OPEN
90  *
91  *    While in this state:
92  *      - The ofile is queued in the list of ofiles of its tree.
93  *      - References will be given out if the ofile is looked up.
94  *
95  * SMB_OFILE_STATE_CLOSING
96  *
97  *    While in this state:
98  *      - The ofile is queued in the list of ofiles of its tree.
99  *      - References will not be given out if the ofile is looked up.
100  *      - The file is closed and the locks held are being released.
101  *      - The resources associated with the ofile remain.
102  *
103  * SMB_OFILE_STATE_CLOSED
104  *
105  *    While in this state:
106  *      - The ofile is queued in the list of ofiles of its tree.
107  *      - References will not be given out if the ofile is looked up.
108  *      - The resources associated with the ofile remain.
109  *
110  * Transition T0
111  *
112  *    This transition occurs in smb_ofile_open(). A new ofile is created and
113  *    added to the list of ofiles of a tree.
114  *
115  * Transition T1
116  *
117  *    This transition occurs in smb_ofile_close().
118  *
119  * Transition T2
120  *
121  *    This transition occurs in smb_ofile_release(). The resources associated
122  *    with the ofile are freed as well as the ofile structure. For the
123  *    transition to occur, the ofile must be in the SMB_OFILE_STATE_CLOSED
124  *    state and the reference count be zero.
125  *
126  * Comments
127  * --------
128  *
129  *    The state machine of the ofile structures is controlled by 3 elements:
130  *      - The list of ofiles of the tree it belongs to.
131  *      - The mutex embedded in the structure itself.
132  *      - The reference count.
133  *
134  *    There's a mutex embedded in the ofile structure used to protect its fields
135  *    and there's a lock embedded in the list of ofiles of a tree. To
136  *    increment or to decrement the reference count the mutex must be entered.
137  *    To insert the ofile into the list of ofiles of the tree and to remove
138  *    the ofile from it, the lock must be entered in RW_WRITER mode.
139  *
140  *    Rules of access to a ofile structure:
141  *
142  *    1) In order to avoid deadlocks, when both (mutex and lock of the ofile
143  *       list) have to be entered, the lock must be entered first.
144  *
145  *    2) All actions applied to an ofile require a reference count.
146  *
147  *    3) There are 2 ways of getting a reference count. One is when the ofile
148  *       is opened. The other one when the ofile is looked up. This translates
149  *       into 2 functions: smb_ofile_open() and smb_ofile_lookup_by_fid().
150  *
151  *    It should be noted that the reference count of an ofile registers the
152  *    number of references to the ofile in other structures (such as an smb
153  *    request). The reference count is not incremented in these 2 instances:
154  *
155  *    1) The ofile is open. An ofile is anchored by his state. If there's
156  *       no activity involving an ofile currently open, the reference count
157  *       of that ofile is zero.
158  *
159  *    2) The ofile is queued in the list of ofiles of its tree. The fact of
160  *       being queued in that list is NOT registered by incrementing the
161  *       reference count.
162  */
163 #include <smbsrv/smb_kproto.h>
164 #include <smbsrv/smb_fsops.h>
165 
166 static boolean_t smb_ofile_is_open_locked(smb_ofile_t *);
167 static smb_ofile_t *smb_ofile_close_and_next(smb_ofile_t *);
168 static int smb_ofile_netinfo_encode(smb_ofile_t *, uint8_t *, size_t,
169     uint32_t *);
170 static int smb_ofile_netinfo_init(smb_ofile_t *, smb_netfileinfo_t *);
171 static void smb_ofile_netinfo_fini(smb_netfileinfo_t *);
172 
173 /*
174  * smb_ofile_open
175  */
176 smb_ofile_t *
177 smb_ofile_open(
178     smb_request_t	*sr,
179     smb_node_t		*node,
180     struct open_param	*op,
181     uint16_t		ftype,
182     uint32_t		uniqid,
183     smb_error_t		*err)
184 {
185 	smb_tree_t	*tree = sr->tid_tree;
186 	smb_ofile_t	*of;
187 	uint16_t	fid;
188 	smb_attr_t	attr;
189 	int		rc;
190 	enum errstates { EMPTY, FIDALLOC, CRHELD, MUTEXINIT };
191 	enum errstates	state = EMPTY;
192 
193 	if (smb_idpool_alloc(&tree->t_fid_pool, &fid)) {
194 		err->status = NT_STATUS_TOO_MANY_OPENED_FILES;
195 		err->errcls = ERRDOS;
196 		err->errcode = ERROR_TOO_MANY_OPEN_FILES;
197 		return (NULL);
198 	}
199 	state = FIDALLOC;
200 
201 	of = kmem_cache_alloc(smb_cache_ofile, KM_SLEEP);
202 	bzero(of, sizeof (smb_ofile_t));
203 	of->f_magic = SMB_OFILE_MAGIC;
204 	of->f_refcnt = 1;
205 	of->f_fid = fid;
206 	of->f_uniqid = uniqid;
207 	of->f_opened_by_pid = sr->smb_pid;
208 	of->f_granted_access = op->desired_access;
209 	of->f_share_access = op->share_access;
210 	of->f_create_options = op->create_options;
211 	of->f_cr = (op->create_options & FILE_OPEN_FOR_BACKUP_INTENT) ?
212 	    smb_user_getprivcred(sr->uid_user) : sr->uid_user->u_cred;
213 	crhold(of->f_cr);
214 	state = CRHELD;
215 	of->f_ftype = ftype;
216 	of->f_server = tree->t_server;
217 	of->f_session = tree->t_session;
218 	/*
219 	 * grab a ref for of->f_user
220 	 * released in smb_ofile_delete()
221 	 */
222 	smb_user_hold_internal(sr->uid_user);
223 	of->f_user = sr->uid_user;
224 	of->f_tree = tree;
225 	of->f_node = node;
226 
227 	mutex_init(&of->f_mutex, NULL, MUTEX_DEFAULT, NULL);
228 	state = MUTEXINIT;
229 	of->f_state = SMB_OFILE_STATE_OPEN;
230 
231 	if (ftype == SMB_FTYPE_MESG_PIPE) {
232 		/* See smb_opipe_open. */
233 		of->f_pipe = op->pipe;
234 		smb_server_inc_pipes(of->f_server);
235 	} else {
236 		ASSERT(ftype == SMB_FTYPE_DISK); /* Regular file, not a pipe */
237 		ASSERT(node);
238 
239 		/*
240 		 * Note that the common open path often adds bits like
241 		 * READ_CONTROL, so the logic "is this open exec-only"
242 		 * needs to look at only the FILE_DATA_ALL bits.
243 		 */
244 		if ((of->f_granted_access & FILE_DATA_ALL) == FILE_EXECUTE)
245 			of->f_flags |= SMB_OFLAGS_EXECONLY;
246 
247 		bzero(&attr, sizeof (smb_attr_t));
248 		attr.sa_mask = SMB_AT_UID | SMB_AT_DOSATTR;
249 		rc = smb_node_getattr(NULL, node, of->f_cr, NULL, &attr);
250 		if (rc != 0) {
251 			err->status = NT_STATUS_INTERNAL_ERROR;
252 			err->errcls = ERRDOS;
253 			err->errcode = ERROR_INTERNAL_ERROR;
254 			goto errout;
255 		}
256 		if (crgetuid(of->f_cr) == attr.sa_vattr.va_uid) {
257 			/*
258 			 * Add this bit for the file's owner even if it's not
259 			 * specified in the request (Windows behavior).
260 			 */
261 			of->f_granted_access |= FILE_READ_ATTRIBUTES;
262 		}
263 
264 		if (smb_node_is_file(node)) {
265 			of->f_mode =
266 			    smb_fsop_amask_to_omode(of->f_granted_access);
267 			if (smb_fsop_open(node, of->f_mode, of->f_cr) != 0) {
268 				err->status = NT_STATUS_ACCESS_DENIED;
269 				err->errcls = ERRDOS;
270 				err->errcode = ERROR_ACCESS_DENIED;
271 				goto errout;
272 			}
273 		}
274 
275 		if (tree->t_flags & SMB_TREE_READONLY)
276 			of->f_flags |= SMB_OFLAGS_READONLY;
277 
278 		/*
279 		 * Note that if we created_readonly, that
280 		 * will _not_ yet show in attr.sa_dosattr
281 		 * so creating a readonly file gives the
282 		 * caller a writable handle as it should.
283 		 */
284 		if (attr.sa_dosattr & FILE_ATTRIBUTE_READONLY)
285 			of->f_flags |= SMB_OFLAGS_READONLY;
286 
287 		smb_node_inc_open_ofiles(node);
288 		smb_node_add_ofile(node, of);
289 		smb_node_ref(node);
290 		smb_server_inc_files(of->f_server);
291 	}
292 	smb_llist_enter(&tree->t_ofile_list, RW_WRITER);
293 	smb_llist_insert_tail(&tree->t_ofile_list, of);
294 	smb_llist_exit(&tree->t_ofile_list);
295 	atomic_inc_32(&tree->t_open_files);
296 	atomic_inc_32(&of->f_session->s_file_cnt);
297 	return (of);
298 
299 errout:
300 	switch (state) {
301 	case MUTEXINIT:
302 		mutex_destroy(&of->f_mutex);
303 		smb_user_release(of->f_user);
304 		/*FALLTHROUGH*/
305 	case CRHELD:
306 		crfree(of->f_cr);
307 		of->f_magic = 0;
308 		kmem_cache_free(smb_cache_ofile, of);
309 		/*FALLTHROUGH*/
310 	case FIDALLOC:
311 		smb_idpool_free(&tree->t_fid_pool, fid);
312 		/*FALLTHROUGH*/
313 	case EMPTY:
314 		break;
315 	}
316 	return (NULL);
317 }
318 
319 /*
320  * smb_ofile_close
321  */
322 void
323 smb_ofile_close(smb_ofile_t *of, int32_t mtime_sec)
324 {
325 	smb_attr_t *pa;
326 	timestruc_t now;
327 	uint32_t flags = 0;
328 
329 	SMB_OFILE_VALID(of);
330 
331 	mutex_enter(&of->f_mutex);
332 	ASSERT(of->f_refcnt);
333 	if (of->f_state != SMB_OFILE_STATE_OPEN) {
334 		mutex_exit(&of->f_mutex);
335 		return;
336 	}
337 	of->f_state = SMB_OFILE_STATE_CLOSING;
338 	mutex_exit(&of->f_mutex);
339 
340 	switch (of->f_ftype) {
341 	case SMB_FTYPE_BYTE_PIPE:
342 	case SMB_FTYPE_MESG_PIPE:
343 		smb_opipe_close(of);
344 		smb_server_dec_pipes(of->f_server);
345 		break;
346 
347 	case SMB_FTYPE_DISK:
348 	case SMB_FTYPE_PRINTER:
349 		/*
350 		 * In here we make changes to of->f_pending_attr
351 		 * while not holding of->f_mutex.  This is OK
352 		 * because we've changed f_state to CLOSING,
353 		 * so no more threads will take this path.
354 		 */
355 		pa = &of->f_pending_attr;
356 		if (mtime_sec != 0) {
357 			pa->sa_vattr.va_mtime.tv_sec = mtime_sec;
358 			pa->sa_mask |= SMB_AT_MTIME;
359 		}
360 
361 		/*
362 		 * If we have ever modified data via this handle
363 		 * (write or truncate) and if the mtime was not
364 		 * set via this handle, update the mtime again
365 		 * during the close.  Windows expects this.
366 		 * [ MS-FSA 2.1.5.4 "Update Timestamps" ]
367 		 */
368 		if (of->f_written &&
369 		    (pa->sa_mask & SMB_AT_MTIME) == 0) {
370 			pa->sa_mask |= SMB_AT_MTIME;
371 			gethrestime(&now);
372 			pa->sa_vattr.va_mtime = now;
373 		}
374 
375 		if (of->f_flags & SMB_OFLAGS_SET_DELETE_ON_CLOSE) {
376 			if (smb_tree_has_feature(of->f_tree,
377 			    SMB_TREE_CATIA)) {
378 				flags |= SMB_CATIA;
379 			}
380 			(void) smb_node_set_delete_on_close(of->f_node,
381 			    of->f_cr, flags);
382 		}
383 		smb_fsop_unshrlock(of->f_cr, of->f_node, of->f_uniqid);
384 		smb_node_destroy_lock_by_ofile(of->f_node, of);
385 
386 		if (smb_node_is_file(of->f_node)) {
387 			(void) smb_fsop_close(of->f_node, of->f_mode,
388 			    of->f_cr);
389 			smb_oplock_release(of->f_node, of);
390 		} else {
391 			/*
392 			 * If there was an odir, close it.
393 			 */
394 			if (of->f_odir != NULL)
395 				smb_odir_close(of->f_odir);
396 		}
397 		if (smb_node_dec_open_ofiles(of->f_node) == 0) {
398 			/*
399 			 * Last close. The f_pending_attr has
400 			 * only times (atime,ctime,mtime) so
401 			 * we can borrow it to commit the
402 			 * n_pending_dosattr from the node.
403 			 */
404 			pa->sa_dosattr =
405 			    of->f_node->n_pending_dosattr;
406 			if (pa->sa_dosattr != 0)
407 				pa->sa_mask |= SMB_AT_DOSATTR;
408 			/* Let's leave this zero when not in use. */
409 			of->f_node->n_allocsz = 0;
410 		}
411 		if (pa->sa_mask != 0) {
412 			/*
413 			 * Commit any pending attributes from
414 			 * the ofile we're closing.  Note that
415 			 * we pass NULL as the ofile to setattr
416 			 * so it will write to the file system
417 			 * and not keep anything on the ofile.
418 			 * This clears n_pending_dosattr if
419 			 * there are no opens, otherwise the
420 			 * dosattr will be pending again.
421 			 */
422 			(void) smb_node_setattr(NULL, of->f_node,
423 			    of->f_cr, NULL, pa);
424 		}
425 
426 		/*
427 		 * Cancel any notify change requests that
428 		 * may be using this open instance.
429 		 */
430 		if (of->f_node->n_fcn.fcn_count)
431 			smb_notify_file_closed(of);
432 
433 		smb_server_dec_files(of->f_server);
434 		break;
435 	}
436 	atomic_dec_32(&of->f_tree->t_open_files);
437 
438 	mutex_enter(&of->f_mutex);
439 	ASSERT(of->f_refcnt);
440 	ASSERT(of->f_state == SMB_OFILE_STATE_CLOSING);
441 	of->f_state = SMB_OFILE_STATE_CLOSED;
442 	mutex_exit(&of->f_mutex);
443 }
444 
445 /*
446  * smb_ofile_close_all
447  *
448  *
449  */
450 void
451 smb_ofile_close_all(
452     smb_tree_t		*tree)
453 {
454 	smb_ofile_t	*of;
455 
456 	ASSERT(tree);
457 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
458 
459 	smb_llist_enter(&tree->t_ofile_list, RW_READER);
460 	of = smb_llist_head(&tree->t_ofile_list);
461 	while (of) {
462 		ASSERT(of->f_magic == SMB_OFILE_MAGIC);
463 		ASSERT(of->f_tree == tree);
464 		of = smb_ofile_close_and_next(of);
465 	}
466 	smb_llist_exit(&tree->t_ofile_list);
467 }
468 
469 /*
470  * smb_ofiles_close_by_pid
471  *
472  *
473  */
474 void
475 smb_ofile_close_all_by_pid(
476     smb_tree_t		*tree,
477     uint16_t		pid)
478 {
479 	smb_ofile_t	*of;
480 
481 	ASSERT(tree);
482 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
483 
484 	smb_llist_enter(&tree->t_ofile_list, RW_READER);
485 	of = smb_llist_head(&tree->t_ofile_list);
486 	while (of) {
487 		ASSERT(of->f_magic == SMB_OFILE_MAGIC);
488 		ASSERT(of->f_tree == tree);
489 		if (of->f_opened_by_pid == pid) {
490 			of = smb_ofile_close_and_next(of);
491 		} else {
492 			of = smb_llist_next(&tree->t_ofile_list, of);
493 		}
494 	}
495 	smb_llist_exit(&tree->t_ofile_list);
496 }
497 
498 /*
499  * If the enumeration request is for ofile data, handle it here.
500  * Otherwise, return.
501  *
502  * This function should be called with a hold on the ofile.
503  */
504 int
505 smb_ofile_enum(smb_ofile_t *of, smb_svcenum_t *svcenum)
506 {
507 	uint8_t *pb;
508 	uint_t nbytes;
509 	int rc;
510 
511 	ASSERT(of);
512 	ASSERT(of->f_magic == SMB_OFILE_MAGIC);
513 	ASSERT(of->f_refcnt);
514 
515 	if (svcenum->se_type != SMB_SVCENUM_TYPE_FILE)
516 		return (0);
517 
518 	if (svcenum->se_nskip > 0) {
519 		svcenum->se_nskip--;
520 		return (0);
521 	}
522 
523 	if (svcenum->se_nitems >= svcenum->se_nlimit) {
524 		svcenum->se_nitems = svcenum->se_nlimit;
525 		return (0);
526 	}
527 
528 	pb = &svcenum->se_buf[svcenum->se_bused];
529 
530 	rc = smb_ofile_netinfo_encode(of, pb, svcenum->se_bavail,
531 	    &nbytes);
532 	if (rc == 0) {
533 		svcenum->se_bavail -= nbytes;
534 		svcenum->se_bused += nbytes;
535 		svcenum->se_nitems++;
536 	}
537 
538 	return (rc);
539 }
540 
541 /*
542  * Take a reference on an open file.
543  */
544 boolean_t
545 smb_ofile_hold(smb_ofile_t *of)
546 {
547 	ASSERT(of);
548 	ASSERT(of->f_magic == SMB_OFILE_MAGIC);
549 
550 	mutex_enter(&of->f_mutex);
551 
552 	if (of->f_state != SMB_OFILE_STATE_OPEN) {
553 		mutex_exit(&of->f_mutex);
554 		return (B_FALSE);
555 	}
556 	of->f_refcnt++;
557 
558 	mutex_exit(&of->f_mutex);
559 	return (B_TRUE);
560 }
561 
562 /*
563  * Release a reference on a file.  If the reference count falls to
564  * zero and the file has been closed, post the object for deletion.
565  * Object deletion is deferred to avoid modifying a list while an
566  * iteration may be in progress.
567  */
568 void
569 smb_ofile_release(smb_ofile_t *of)
570 {
571 	SMB_OFILE_VALID(of);
572 
573 	mutex_enter(&of->f_mutex);
574 	ASSERT(of->f_refcnt);
575 	of->f_refcnt--;
576 	switch (of->f_state) {
577 	case SMB_OFILE_STATE_OPEN:
578 	case SMB_OFILE_STATE_CLOSING:
579 		break;
580 
581 	case SMB_OFILE_STATE_CLOSED:
582 		if (of->f_refcnt == 0)
583 			smb_tree_post_ofile(of->f_tree, of);
584 		break;
585 
586 	default:
587 		ASSERT(0);
588 		break;
589 	}
590 	mutex_exit(&of->f_mutex);
591 }
592 
593 /*
594  * smb_ofile_request_complete
595  *
596  * During oplock acquisition, all other oplock requests on the node
597  * are blocked until the acquire request completes and the response
598  * is on the wire.
599  * Call smb_oplock_broadcast to notify the node that the request
600  * has completed.
601  *
602  * THIS MECHANISM RELIES ON THE FACT THAT THE OFILE IS NOT REMOVED
603  * FROM THE SR UNTIL REQUEST COMPLETION (when the sr is destroyed)
604  */
605 void
606 smb_ofile_request_complete(smb_ofile_t *of)
607 {
608 	SMB_OFILE_VALID(of);
609 
610 	switch (of->f_ftype) {
611 	case SMB_FTYPE_DISK:
612 		ASSERT(of->f_node);
613 		smb_oplock_broadcast(of->f_node);
614 		break;
615 	case SMB_FTYPE_MESG_PIPE:
616 		break;
617 	default:
618 		break;
619 	}
620 }
621 
622 /*
623  * smb_ofile_lookup_by_fid
624  *
625  * Find the open file whose fid matches the one specified in the request.
626  * If we can't find the fid or the shares (trees) don't match, we have a
627  * bad fid.
628  */
629 smb_ofile_t *
630 smb_ofile_lookup_by_fid(
631     smb_request_t	*sr,
632     uint16_t		fid)
633 {
634 	smb_tree_t	*tree = sr->tid_tree;
635 	smb_llist_t	*of_list;
636 	smb_ofile_t	*of;
637 
638 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
639 
640 	of_list = &tree->t_ofile_list;
641 
642 	smb_llist_enter(of_list, RW_READER);
643 	of = smb_llist_head(of_list);
644 	while (of) {
645 		ASSERT(of->f_magic == SMB_OFILE_MAGIC);
646 		ASSERT(of->f_tree == tree);
647 		if (of->f_fid == fid)
648 			break;
649 		of = smb_llist_next(of_list, of);
650 	}
651 	if (of == NULL)
652 		goto out;
653 
654 	/*
655 	 * Only allow use of a given FID with the same UID that
656 	 * was used to open it.  MS-CIFS 3.3.5.14
657 	 */
658 	if (of->f_user != sr->uid_user) {
659 		of = NULL;
660 		goto out;
661 	}
662 
663 	mutex_enter(&of->f_mutex);
664 	if (of->f_state != SMB_OFILE_STATE_OPEN) {
665 		mutex_exit(&of->f_mutex);
666 		of = NULL;
667 		goto out;
668 	}
669 	of->f_refcnt++;
670 	mutex_exit(&of->f_mutex);
671 
672 out:
673 	smb_llist_exit(of_list);
674 	return (of);
675 }
676 
677 /*
678  * smb_ofile_lookup_by_uniqid
679  *
680  * Find the open file whose uniqid matches the one specified in the request.
681  */
682 smb_ofile_t *
683 smb_ofile_lookup_by_uniqid(smb_tree_t *tree, uint32_t uniqid)
684 {
685 	smb_llist_t	*of_list;
686 	smb_ofile_t	*of;
687 
688 	ASSERT(tree->t_magic == SMB_TREE_MAGIC);
689 
690 	of_list = &tree->t_ofile_list;
691 	smb_llist_enter(of_list, RW_READER);
692 	of = smb_llist_head(of_list);
693 
694 	while (of) {
695 		ASSERT(of->f_magic == SMB_OFILE_MAGIC);
696 		ASSERT(of->f_tree == tree);
697 
698 		if (of->f_uniqid == uniqid) {
699 			if (smb_ofile_hold(of)) {
700 				smb_llist_exit(of_list);
701 				return (of);
702 			}
703 		}
704 
705 		of = smb_llist_next(of_list, of);
706 	}
707 
708 	smb_llist_exit(of_list);
709 	return (NULL);
710 }
711 
712 /*
713  * Disallow NetFileClose on certain ofiles to avoid side-effects.
714  * Closing a tree root is not allowed: use NetSessionDel or NetShareDel.
715  * Closing SRVSVC connections is not allowed because this NetFileClose
716  * request may depend on this ofile.
717  */
718 boolean_t
719 smb_ofile_disallow_fclose(smb_ofile_t *of)
720 {
721 	ASSERT(of);
722 	ASSERT(of->f_magic == SMB_OFILE_MAGIC);
723 	ASSERT(of->f_refcnt);
724 
725 	switch (of->f_ftype) {
726 	case SMB_FTYPE_DISK:
727 		ASSERT(of->f_tree);
728 		return (of->f_node == of->f_tree->t_snode);
729 
730 	case SMB_FTYPE_MESG_PIPE:
731 		ASSERT(of->f_pipe);
732 		if (smb_strcasecmp(of->f_pipe->p_name, "SRVSVC", 0) == 0)
733 			return (B_TRUE);
734 		break;
735 	default:
736 		break;
737 	}
738 
739 	return (B_FALSE);
740 }
741 
742 /*
743  * smb_ofile_set_flags
744  *
745  * Return value:
746  *
747  *	Current flags value
748  *
749  */
750 void
751 smb_ofile_set_flags(
752     smb_ofile_t		*of,
753     uint32_t		flags)
754 {
755 	ASSERT(of);
756 	ASSERT(of->f_magic == SMB_OFILE_MAGIC);
757 	ASSERT(of->f_refcnt);
758 
759 	mutex_enter(&of->f_mutex);
760 	of->f_flags |= flags;
761 	mutex_exit(&of->f_mutex);
762 }
763 
764 /*
765  * smb_ofile_seek
766  *
767  * Return value:
768  *
769  *	0		Success
770  *	EINVAL		Unknown mode
771  *	EOVERFLOW	offset too big
772  *
773  */
774 int
775 smb_ofile_seek(
776     smb_ofile_t		*of,
777     ushort_t		mode,
778     int32_t		off,
779     uint32_t		*retoff)
780 {
781 	u_offset_t	newoff = 0;
782 	int		rc = 0;
783 	smb_attr_t	attr;
784 
785 	ASSERT(of);
786 	ASSERT(of->f_magic == SMB_OFILE_MAGIC);
787 	ASSERT(of->f_refcnt);
788 
789 	mutex_enter(&of->f_mutex);
790 	switch (mode) {
791 	case SMB_SEEK_SET:
792 		if (off < 0)
793 			newoff = 0;
794 		else
795 			newoff = (u_offset_t)off;
796 		break;
797 
798 	case SMB_SEEK_CUR:
799 		if (off < 0 && (-off) > of->f_seek_pos)
800 			newoff = 0;
801 		else
802 			newoff = of->f_seek_pos + (u_offset_t)off;
803 		break;
804 
805 	case SMB_SEEK_END:
806 		bzero(&attr, sizeof (smb_attr_t));
807 		attr.sa_mask |= SMB_AT_SIZE;
808 		rc = smb_fsop_getattr(NULL, zone_kcred(), of->f_node, &attr);
809 		if (rc != 0) {
810 			mutex_exit(&of->f_mutex);
811 			return (rc);
812 		}
813 		if (off < 0 && (-off) > attr.sa_vattr.va_size)
814 			newoff = 0;
815 		else
816 			newoff = attr.sa_vattr.va_size + (u_offset_t)off;
817 		break;
818 
819 	default:
820 		mutex_exit(&of->f_mutex);
821 		return (EINVAL);
822 	}
823 
824 	/*
825 	 * See comments at the beginning of smb_seek.c.
826 	 * If the offset is greater than UINT_MAX, we will return an error.
827 	 */
828 
829 	if (newoff > UINT_MAX) {
830 		rc = EOVERFLOW;
831 	} else {
832 		of->f_seek_pos = newoff;
833 		*retoff = (uint32_t)newoff;
834 	}
835 	mutex_exit(&of->f_mutex);
836 	return (rc);
837 }
838 
839 /*
840  * smb_ofile_is_open
841  */
842 boolean_t
843 smb_ofile_is_open(smb_ofile_t *of)
844 {
845 	boolean_t	rc;
846 
847 	SMB_OFILE_VALID(of);
848 
849 	mutex_enter(&of->f_mutex);
850 	rc = smb_ofile_is_open_locked(of);
851 	mutex_exit(&of->f_mutex);
852 	return (rc);
853 }
854 
855 /* *************************** Static Functions ***************************** */
856 
857 /*
858  * Determine whether or not an ofile is open.
859  * This function must be called with the mutex held.
860  */
861 static boolean_t
862 smb_ofile_is_open_locked(smb_ofile_t *of)
863 {
864 	switch (of->f_state) {
865 	case SMB_OFILE_STATE_OPEN:
866 		return (B_TRUE);
867 
868 	case SMB_OFILE_STATE_CLOSING:
869 	case SMB_OFILE_STATE_CLOSED:
870 		return (B_FALSE);
871 
872 	default:
873 		ASSERT(0);
874 		return (B_FALSE);
875 	}
876 }
877 
878 /*
879  * This function closes the file passed in (if appropriate) and returns the
880  * next open file in the list of open files of the tree of the open file passed
881  * in. It requires that the list of open files of the tree be entered in
882  * RW_READER mode before being called.
883  */
884 static smb_ofile_t *
885 smb_ofile_close_and_next(smb_ofile_t *of)
886 {
887 	smb_ofile_t	*next_of;
888 	smb_tree_t	*tree;
889 
890 	ASSERT(of);
891 	ASSERT(of->f_magic == SMB_OFILE_MAGIC);
892 
893 	mutex_enter(&of->f_mutex);
894 	switch (of->f_state) {
895 	case SMB_OFILE_STATE_OPEN:
896 		/* The file is still open. */
897 		of->f_refcnt++;
898 		ASSERT(of->f_refcnt);
899 		tree = of->f_tree;
900 		mutex_exit(&of->f_mutex);
901 		smb_llist_exit(&of->f_tree->t_ofile_list);
902 		smb_ofile_close(of, 0);
903 		smb_ofile_release(of);
904 		smb_llist_enter(&tree->t_ofile_list, RW_READER);
905 		next_of = smb_llist_head(&tree->t_ofile_list);
906 		break;
907 	case SMB_OFILE_STATE_CLOSING:
908 	case SMB_OFILE_STATE_CLOSED:
909 		/*
910 		 * The ofile exists but is closed or
911 		 * in the process being closed.
912 		 */
913 		mutex_exit(&of->f_mutex);
914 		next_of = smb_llist_next(&of->f_tree->t_ofile_list, of);
915 		break;
916 	default:
917 		ASSERT(0);
918 		mutex_exit(&of->f_mutex);
919 		next_of = smb_llist_next(&of->f_tree->t_ofile_list, of);
920 		break;
921 	}
922 	return (next_of);
923 }
924 
925 /*
926  * Delete an ofile.
927  *
928  * Remove the ofile from the tree list before freeing resources
929  * associated with the ofile.
930  */
931 void
932 smb_ofile_delete(void *arg)
933 {
934 	smb_tree_t	*tree;
935 	smb_ofile_t	*of = (smb_ofile_t *)arg;
936 
937 	SMB_OFILE_VALID(of);
938 	ASSERT(of->f_refcnt == 0);
939 	ASSERT(of->f_state == SMB_OFILE_STATE_CLOSED);
940 	ASSERT(!SMB_OFILE_OPLOCK_GRANTED(of));
941 
942 	tree = of->f_tree;
943 	smb_llist_enter(&tree->t_ofile_list, RW_WRITER);
944 	smb_llist_remove(&tree->t_ofile_list, of);
945 	smb_idpool_free(&tree->t_fid_pool, of->f_fid);
946 	atomic_dec_32(&tree->t_session->s_file_cnt);
947 	smb_llist_exit(&tree->t_ofile_list);
948 
949 	mutex_enter(&of->f_mutex);
950 	mutex_exit(&of->f_mutex);
951 
952 	switch (of->f_ftype) {
953 	case SMB_FTYPE_BYTE_PIPE:
954 	case SMB_FTYPE_MESG_PIPE:
955 		smb_opipe_dealloc(of->f_pipe);
956 		of->f_pipe = NULL;
957 		break;
958 	case SMB_FTYPE_DISK:
959 		if (of->f_odir != NULL)
960 			smb_odir_release(of->f_odir);
961 		smb_node_rem_ofile(of->f_node, of);
962 		smb_node_release(of->f_node);
963 		break;
964 	default:
965 		ASSERT(!"f_ftype");
966 		break;
967 	}
968 
969 	of->f_magic = (uint32_t)~SMB_OFILE_MAGIC;
970 	mutex_destroy(&of->f_mutex);
971 	crfree(of->f_cr);
972 	smb_user_release(of->f_user);
973 	kmem_cache_free(smb_cache_ofile, of);
974 }
975 
976 /*
977  * smb_ofile_access
978  *
979  * This function will check to see if the access requested is granted.
980  * Returns NT status codes.
981  */
982 uint32_t
983 smb_ofile_access(smb_ofile_t *of, cred_t *cr, uint32_t access)
984 {
985 
986 	if ((of == NULL) || (cr == zone_kcred()))
987 		return (NT_STATUS_SUCCESS);
988 
989 	/*
990 	 * If the request is for something
991 	 * I don't grant it is an error
992 	 */
993 	if (~(of->f_granted_access) & access) {
994 		if (!(of->f_granted_access & ACCESS_SYSTEM_SECURITY) &&
995 		    (access & ACCESS_SYSTEM_SECURITY)) {
996 			return (NT_STATUS_PRIVILEGE_NOT_HELD);
997 		}
998 		return (NT_STATUS_ACCESS_DENIED);
999 	}
1000 
1001 	return (NT_STATUS_SUCCESS);
1002 }
1003 
1004 /*
1005  * smb_ofile_share_check
1006  *
1007  * Check if ofile was opened with share access NONE (0).
1008  * Returns: B_TRUE  - share access non-zero
1009  *          B_FALSE - share access NONE
1010  */
1011 boolean_t
1012 smb_ofile_share_check(smb_ofile_t *of)
1013 {
1014 	return (!SMB_DENY_ALL(of->f_share_access));
1015 }
1016 
1017 /*
1018  * check file sharing rules for current open request
1019  * against existing open instances of the same file
1020  *
1021  * Returns NT_STATUS_SHARING_VIOLATION if there is any
1022  * sharing conflict, otherwise returns NT_STATUS_SUCCESS.
1023  */
1024 uint32_t
1025 smb_ofile_open_check(smb_ofile_t *of, uint32_t desired_access,
1026     uint32_t share_access)
1027 {
1028 	ASSERT(of->f_magic == SMB_OFILE_MAGIC);
1029 
1030 	mutex_enter(&of->f_mutex);
1031 
1032 	if (of->f_state != SMB_OFILE_STATE_OPEN) {
1033 		mutex_exit(&of->f_mutex);
1034 		return (NT_STATUS_INVALID_HANDLE);
1035 	}
1036 
1037 	/* if it's just meta data */
1038 	if ((of->f_granted_access & FILE_DATA_ALL) == 0) {
1039 		mutex_exit(&of->f_mutex);
1040 		return (NT_STATUS_SUCCESS);
1041 	}
1042 
1043 	/*
1044 	 * Check requested share access against the
1045 	 * open granted (desired) access
1046 	 */
1047 	if (SMB_DENY_DELETE(share_access) && (of->f_granted_access & DELETE)) {
1048 		mutex_exit(&of->f_mutex);
1049 		return (NT_STATUS_SHARING_VIOLATION);
1050 	}
1051 
1052 	if (SMB_DENY_READ(share_access) &&
1053 	    (of->f_granted_access & (FILE_READ_DATA | FILE_EXECUTE))) {
1054 		mutex_exit(&of->f_mutex);
1055 		return (NT_STATUS_SHARING_VIOLATION);
1056 	}
1057 
1058 	if (SMB_DENY_WRITE(share_access) &&
1059 	    (of->f_granted_access & (FILE_WRITE_DATA | FILE_APPEND_DATA))) {
1060 		mutex_exit(&of->f_mutex);
1061 		return (NT_STATUS_SHARING_VIOLATION);
1062 	}
1063 
1064 	/* check requested desired access against the open share access */
1065 	if (SMB_DENY_DELETE(of->f_share_access) && (desired_access & DELETE)) {
1066 		mutex_exit(&of->f_mutex);
1067 		return (NT_STATUS_SHARING_VIOLATION);
1068 	}
1069 
1070 	if (SMB_DENY_READ(of->f_share_access) &&
1071 	    (desired_access & (FILE_READ_DATA | FILE_EXECUTE))) {
1072 		mutex_exit(&of->f_mutex);
1073 		return (NT_STATUS_SHARING_VIOLATION);
1074 	}
1075 
1076 	if (SMB_DENY_WRITE(of->f_share_access) &&
1077 	    (desired_access & (FILE_WRITE_DATA | FILE_APPEND_DATA))) {
1078 		mutex_exit(&of->f_mutex);
1079 		return (NT_STATUS_SHARING_VIOLATION);
1080 	}
1081 
1082 	mutex_exit(&of->f_mutex);
1083 	return (NT_STATUS_SUCCESS);
1084 }
1085 
1086 /*
1087  * smb_ofile_rename_check
1088  *
1089  * An open file can be renamed if
1090  *
1091  *  1. isn't opened for data writing or deleting
1092  *
1093  *  2. Opened with "Deny Delete" share mode
1094  *         But not opened for data reading or executing
1095  *         (opened for accessing meta data)
1096  */
1097 
1098 uint32_t
1099 smb_ofile_rename_check(smb_ofile_t *of)
1100 {
1101 	ASSERT(of->f_magic == SMB_OFILE_MAGIC);
1102 
1103 	mutex_enter(&of->f_mutex);
1104 
1105 	if (of->f_state != SMB_OFILE_STATE_OPEN) {
1106 		mutex_exit(&of->f_mutex);
1107 		return (NT_STATUS_INVALID_HANDLE);
1108 	}
1109 
1110 	if (of->f_granted_access &
1111 	    (FILE_WRITE_DATA | FILE_APPEND_DATA | DELETE)) {
1112 		mutex_exit(&of->f_mutex);
1113 		return (NT_STATUS_SHARING_VIOLATION);
1114 	}
1115 
1116 	if ((of->f_share_access & FILE_SHARE_DELETE) == 0) {
1117 		if (of->f_granted_access &
1118 		    (FILE_READ_DATA | FILE_EXECUTE)) {
1119 			mutex_exit(&of->f_mutex);
1120 			return (NT_STATUS_SHARING_VIOLATION);
1121 		}
1122 	}
1123 
1124 	mutex_exit(&of->f_mutex);
1125 	return (NT_STATUS_SUCCESS);
1126 }
1127 
1128 /*
1129  * smb_ofile_delete_check
1130  *
1131  * An open file can be deleted only if opened for
1132  * accessing meta data. Share modes aren't important
1133  * in this case.
1134  *
1135  * NOTE: there is another mechanism for deleting an
1136  * open file that NT clients usually use.
1137  * That's setting "Delete on close" flag for an open
1138  * file.  In this way the file will be deleted after
1139  * last close. This flag can be set by SmbTrans2SetFileInfo
1140  * with FILE_DISPOSITION_INFO information level.
1141  * For setting this flag, the file should be opened by
1142  * DELETE access in the FID that is passed in the Trans2
1143  * request.
1144  */
1145 
1146 uint32_t
1147 smb_ofile_delete_check(smb_ofile_t *of)
1148 {
1149 	ASSERT(of->f_magic == SMB_OFILE_MAGIC);
1150 
1151 	mutex_enter(&of->f_mutex);
1152 
1153 	if (of->f_state != SMB_OFILE_STATE_OPEN) {
1154 		mutex_exit(&of->f_mutex);
1155 		return (NT_STATUS_INVALID_HANDLE);
1156 	}
1157 
1158 	if (of->f_granted_access &
1159 	    (FILE_READ_DATA | FILE_WRITE_DATA |
1160 	    FILE_APPEND_DATA | FILE_EXECUTE | DELETE)) {
1161 		mutex_exit(&of->f_mutex);
1162 		return (NT_STATUS_SHARING_VIOLATION);
1163 	}
1164 
1165 	mutex_exit(&of->f_mutex);
1166 	return (NT_STATUS_SUCCESS);
1167 }
1168 
1169 cred_t *
1170 smb_ofile_getcred(smb_ofile_t *of)
1171 {
1172 	return (of->f_cr);
1173 }
1174 
1175 /*
1176  * smb_ofile_set_delete_on_close
1177  *
1178  * Set the DeleteOnClose flag on the smb file. When the file is closed,
1179  * the flag will be transferred to the smb node, which will commit the
1180  * delete operation and inhibit subsequent open requests.
1181  *
1182  * When DeleteOnClose is set on an smb_node, the common open code will
1183  * reject subsequent open requests for the file. Observation of Windows
1184  * 2000 indicates that subsequent opens should be allowed (assuming
1185  * there would be no sharing violation) until the file is closed using
1186  * the fid on which the DeleteOnClose was requested.
1187  */
1188 void
1189 smb_ofile_set_delete_on_close(smb_ofile_t *of)
1190 {
1191 	mutex_enter(&of->f_mutex);
1192 	of->f_flags |= SMB_OFLAGS_SET_DELETE_ON_CLOSE;
1193 	mutex_exit(&of->f_mutex);
1194 }
1195 
1196 /*
1197  * Encode open file information into a buffer; needed in user space to
1198  * support RPC requests.
1199  */
1200 static int
1201 smb_ofile_netinfo_encode(smb_ofile_t *of, uint8_t *buf, size_t buflen,
1202     uint32_t *nbytes)
1203 {
1204 	smb_netfileinfo_t	fi;
1205 	int			rc;
1206 
1207 	rc = smb_ofile_netinfo_init(of, &fi);
1208 	if (rc == 0) {
1209 		rc = smb_netfileinfo_encode(&fi, buf, buflen, nbytes);
1210 		smb_ofile_netinfo_fini(&fi);
1211 	}
1212 
1213 	return (rc);
1214 }
1215 
1216 static int
1217 smb_ofile_netinfo_init(smb_ofile_t *of, smb_netfileinfo_t *fi)
1218 {
1219 	smb_user_t	*user;
1220 	smb_tree_t	*tree;
1221 	smb_node_t	*node;
1222 	char		*path;
1223 	char		*buf;
1224 	int		rc;
1225 
1226 	ASSERT(of);
1227 	user = of->f_user;
1228 	tree = of->f_tree;
1229 	ASSERT(user);
1230 	ASSERT(tree);
1231 
1232 	buf = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1233 
1234 	switch (of->f_ftype) {
1235 	case SMB_FTYPE_DISK:
1236 		node = of->f_node;
1237 		ASSERT(node);
1238 
1239 		fi->fi_permissions = of->f_granted_access;
1240 		fi->fi_numlocks = smb_lock_get_lock_count(node, of);
1241 
1242 		path = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
1243 
1244 		if (node != tree->t_snode) {
1245 			rc = smb_node_getshrpath(node, tree, path, MAXPATHLEN);
1246 			if (rc != 0)
1247 				(void) strlcpy(path, node->od_name, MAXPATHLEN);
1248 		}
1249 
1250 		(void) snprintf(buf, MAXPATHLEN, "%s:%s", tree->t_sharename,
1251 		    path);
1252 		kmem_free(path, MAXPATHLEN);
1253 		break;
1254 
1255 	case SMB_FTYPE_MESG_PIPE:
1256 		ASSERT(of->f_pipe);
1257 
1258 		fi->fi_permissions = FILE_READ_DATA | FILE_WRITE_DATA |
1259 		    FILE_EXECUTE;
1260 		fi->fi_numlocks = 0;
1261 		(void) snprintf(buf, MAXPATHLEN, "\\PIPE\\%s",
1262 		    of->f_pipe->p_name);
1263 		break;
1264 
1265 	default:
1266 		kmem_free(buf, MAXPATHLEN);
1267 		return (-1);
1268 	}
1269 
1270 	fi->fi_fid = of->f_fid;
1271 	fi->fi_uniqid = of->f_uniqid;
1272 	fi->fi_pathlen = strlen(buf) + 1;
1273 	fi->fi_path = smb_mem_strdup(buf);
1274 	kmem_free(buf, MAXPATHLEN);
1275 
1276 	fi->fi_namelen = user->u_domain_len + user->u_name_len + 2;
1277 	fi->fi_username = kmem_alloc(fi->fi_namelen, KM_SLEEP);
1278 	(void) snprintf(fi->fi_username, fi->fi_namelen, "%s\\%s",
1279 	    user->u_domain, user->u_name);
1280 	return (0);
1281 }
1282 
1283 static void
1284 smb_ofile_netinfo_fini(smb_netfileinfo_t *fi)
1285 {
1286 	if (fi == NULL)
1287 		return;
1288 
1289 	if (fi->fi_path)
1290 		smb_mem_free(fi->fi_path);
1291 	if (fi->fi_username)
1292 		kmem_free(fi->fi_username, fi->fi_namelen);
1293 
1294 	bzero(fi, sizeof (smb_netfileinfo_t));
1295 }
1296 
1297 /*
1298  * A query of user and group quotas may span multiple requests.
1299  * f_quota_resume is used to determine where the query should
1300  * be resumed, in a subsequent request. f_quota_resume contains
1301  * the SID of the last quota entry returned to the client.
1302  */
1303 void
1304 smb_ofile_set_quota_resume(smb_ofile_t *ofile, char *resume)
1305 {
1306 	ASSERT(ofile);
1307 	mutex_enter(&ofile->f_mutex);
1308 	if (resume == NULL)
1309 		bzero(ofile->f_quota_resume, SMB_SID_STRSZ);
1310 	else
1311 		(void) strlcpy(ofile->f_quota_resume, resume, SMB_SID_STRSZ);
1312 	mutex_exit(&ofile->f_mutex);
1313 }
1314 
1315 void
1316 smb_ofile_get_quota_resume(smb_ofile_t *ofile, char *buf, int bufsize)
1317 {
1318 	ASSERT(ofile);
1319 	mutex_enter(&ofile->f_mutex);
1320 	(void) strlcpy(buf, ofile->f_quota_resume, bufsize);
1321 	mutex_exit(&ofile->f_mutex);
1322 }
1323