1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
24 */
25
26#include <sys/sid.h>
27#include <sys/nbmlock.h>
28#include <smbsrv/smb_fsops.h>
29#include <smbsrv/smb_kproto.h>
30#include <acl/acl_common.h>
31#include <sys/fcntl.h>
32#include <sys/filio.h>
33#include <sys/flock.h>
34#include <fs/fs_subr.h>
35
36extern caller_context_t smb_ct;
37
38static int smb_fsop_create_stream(smb_request_t *, cred_t *, smb_node_t *,
39    char *, char *, int, smb_attr_t *, smb_node_t **);
40
41static int smb_fsop_create_file(smb_request_t *, cred_t *, smb_node_t *,
42    char *, int, smb_attr_t *, smb_node_t **);
43
44#ifdef	_KERNEL
45static int smb_fsop_create_with_sd(smb_request_t *, cred_t *, smb_node_t *,
46    char *, smb_attr_t *, smb_node_t **, smb_fssd_t *);
47static int smb_fsop_sdinherit(smb_request_t *, smb_node_t *, smb_fssd_t *);
48#endif	/* _KERNEL */
49
50/*
51 * The smb_fsop_* functions have knowledge of CIFS semantics.
52 *
53 * The smb_vop_* functions have minimal knowledge of CIFS semantics and
54 * serve as an interface to the VFS layer.
55 *
56 * Hence, smb_request_t and smb_node_t structures should not be passed
57 * from the smb_fsop_* layer to the smb_vop_* layer.
58 *
59 * In general, CIFS service code should only ever call smb_fsop_*
60 * functions directly, and never smb_vop_* functions directly.
61 *
62 * smb_fsop_* functions should call smb_vop_* functions where possible, instead
63 * of their smb_fsop_* counterparts.  However, there are times when
64 * this cannot be avoided.
65 */
66
67/*
68 * Note: Stream names cannot be mangled.
69 */
70
71/*
72 * smb_fsop_amask_to_omode
73 *
74 * Convert the access mask to the open mode (for use
75 * with the VOP_OPEN call).
76 *
77 * Note that opening a file for attribute only access
78 * will also translate into an FREAD or FWRITE open mode
79 * (i.e., it's not just for data).
80 *
81 * This is needed so that opens are tracked appropriately
82 * for oplock processing.
83 */
84
85int
86smb_fsop_amask_to_omode(uint32_t access)
87{
88	int mode = 0;
89
90	if (access & (FILE_READ_DATA | FILE_EXECUTE |
91	    FILE_READ_ATTRIBUTES | FILE_READ_EA))
92		mode |= FREAD;
93
94	if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA |
95	    FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA))
96		mode |= FWRITE;
97
98	if (access & FILE_APPEND_DATA)
99		mode |= FAPPEND;
100
101	return (mode);
102}
103
104int
105smb_fsop_open(smb_node_t *node, int mode, cred_t *cred)
106{
107	/*
108	 * Assuming that the same vnode is returned as we had before.
109	 * (I.e., with certain types of files or file systems, a
110	 * different vnode might be returned by VOP_OPEN)
111	 */
112	return (smb_vop_open(&node->vp, mode, cred));
113}
114
115void
116smb_fsop_close(smb_node_t *node, int mode, cred_t *cred)
117{
118	smb_vop_close(node->vp, mode, cred);
119}
120
121#ifdef	_KERNEL
122static int
123smb_fsop_create_with_sd(smb_request_t *sr, cred_t *cr,
124    smb_node_t *dnode, char *name,
125    smb_attr_t *attr, smb_node_t **ret_snode, smb_fssd_t *fs_sd)
126{
127	vsecattr_t *vsap;
128	vsecattr_t vsecattr;
129	smb_attr_t set_attr;
130	acl_t *acl, *dacl, *sacl;
131	vnode_t *vp;
132	cred_t *kcr = zone_kcred();
133	int aclbsize = 0;	/* size of acl list in bytes */
134	int flags = 0;
135	int rc;
136	boolean_t is_dir;
137
138	ASSERT(fs_sd);
139
140	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
141		flags = SMB_IGNORE_CASE;
142	if (SMB_TREE_SUPPORTS_CATIA(sr))
143		flags |= SMB_CATIA;
144
145	ASSERT(cr);
146
147	is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0);
148
149	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) {
150		if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
151			dacl = fs_sd->sd_zdacl;
152			sacl = fs_sd->sd_zsacl;
153			ASSERT(dacl || sacl);
154			if (dacl && sacl) {
155				acl = smb_fsacl_merge(dacl, sacl);
156			} else if (dacl) {
157				acl = dacl;
158			} else {
159				acl = sacl;
160			}
161
162			rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize);
163
164			if (dacl && sacl)
165				acl_free(acl);
166
167			if (rc != 0)
168				return (rc);
169
170			vsap = &vsecattr;
171		} else {
172			vsap = NULL;
173		}
174
175		/* The tree ACEs may prevent a create */
176		rc = EACCES;
177		if (is_dir) {
178			if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_SUBDIRECTORY) != 0)
179				rc = smb_vop_mkdir(dnode->vp, name, attr,
180				    &vp, flags, cr, vsap);
181		} else {
182			if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_FILE) != 0)
183				rc = smb_vop_create(dnode->vp, name, attr,
184				    &vp, flags, cr, vsap);
185		}
186
187		if (vsap != NULL)
188			kmem_free(vsap->vsa_aclentp, aclbsize);
189
190		if (rc != 0)
191			return (rc);
192
193		set_attr.sa_mask = 0;
194
195		/*
196		 * Ideally we should be able to specify the owner and owning
197		 * group at create time along with the ACL. Since we cannot
198		 * do that right now, kcred is passed to smb_vop_setattr so it
199		 * doesn't fail due to lack of permission.
200		 */
201		if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
202			set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
203			set_attr.sa_mask |= SMB_AT_UID;
204		}
205
206		if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
207			set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
208			set_attr.sa_mask |= SMB_AT_GID;
209		}
210
211		if (set_attr.sa_mask)
212			rc = smb_vop_setattr(vp, NULL, &set_attr, 0, kcr);
213
214		if (rc == 0) {
215			*ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp,
216			    name, dnode, NULL);
217
218			if (*ret_snode == NULL)
219				rc = ENOMEM;
220
221			VN_RELE(vp);
222		}
223	} else {
224		/*
225		 * For filesystems that don't support ACL-on-create, try
226		 * to set the specified SD after create, which could actually
227		 * fail because of conflicts between inherited security
228		 * attributes upon creation and the specified SD.
229		 *
230		 * Passing kcred to smb_fsop_sdwrite() to overcome this issue.
231		 */
232
233		if (is_dir) {
234			rc = smb_vop_mkdir(dnode->vp, name, attr, &vp,
235			    flags, cr, NULL);
236		} else {
237			rc = smb_vop_create(dnode->vp, name, attr, &vp,
238			    flags, cr, NULL);
239		}
240
241		if (rc != 0)
242			return (rc);
243
244		*ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp,
245		    name, dnode, NULL);
246
247		if (*ret_snode != NULL) {
248			if (!smb_tree_has_feature(sr->tid_tree,
249			    SMB_TREE_NFS_MOUNTED))
250				rc = smb_fsop_sdwrite(sr, kcr, *ret_snode,
251				    fs_sd, 1);
252		} else {
253			rc = ENOMEM;
254		}
255
256		VN_RELE(vp);
257	}
258
259	if (rc != 0) {
260		if (is_dir)
261			(void) smb_vop_rmdir(dnode->vp, name, flags, cr);
262		else
263			(void) smb_vop_remove(dnode->vp, name, flags, cr);
264	}
265
266	return (rc);
267}
268#endif	/* _KERNEL */
269
270/*
271 * smb_fsop_create
272 *
273 * All SMB functions should use this wrapper to ensure that
274 * all the smb_vop_creates are performed with the appropriate credentials.
275 * Please document any direct calls to explain the reason for avoiding
276 * this wrapper.
277 *
278 * *ret_snode is returned with a reference upon success.  No reference is
279 * taken if an error is returned.
280 */
281int
282smb_fsop_create(smb_request_t *sr, cred_t *cr, smb_node_t *dnode,
283    char *name, smb_attr_t *attr, smb_node_t **ret_snode)
284{
285	int	rc = 0;
286	int	flags = 0;
287	char	*fname, *sname;
288	char	*longname = NULL;
289
290	ASSERT(cr);
291	ASSERT(dnode);
292	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
293	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
294
295	ASSERT(ret_snode);
296	*ret_snode = 0;
297
298	ASSERT(name);
299	if (*name == 0)
300		return (EINVAL);
301
302	ASSERT(sr);
303	ASSERT(sr->tid_tree);
304
305	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
306		return (EACCES);
307
308	if (SMB_TREE_IS_READONLY(sr))
309		return (EROFS);
310
311	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
312		flags = SMB_IGNORE_CASE;
313	if (SMB_TREE_SUPPORTS_CATIA(sr))
314		flags |= SMB_CATIA;
315	if (SMB_TREE_SUPPORTS_ABE(sr))
316		flags |= SMB_ABE;
317
318	if (smb_is_stream_name(name)) {
319		fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
320		sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
321		smb_stream_parse_name(name, fname, sname);
322
323		rc = smb_fsop_create_stream(sr, cr, dnode,
324		    fname, sname, flags, attr, ret_snode);
325
326		kmem_free(fname, MAXNAMELEN);
327		kmem_free(sname, MAXNAMELEN);
328		return (rc);
329	}
330
331	/* Not a named stream */
332
333	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) {
334		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
335		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
336		kmem_free(longname, MAXNAMELEN);
337
338		if (rc == 0)
339			rc = EEXIST;
340		if (rc != ENOENT)
341			return (rc);
342	}
343
344	rc = smb_fsop_create_file(sr, cr, dnode, name, flags,
345	    attr, ret_snode);
346	return (rc);
347
348}
349
350
351/*
352 * smb_fsop_create_stream
353 *
354 * Create NTFS named stream file (sname) on unnamed stream
355 * file (fname), creating the unnamed stream file if it
356 * doesn't exist.
357 * If we created the unnamed stream file and then creation
358 * of the named stream file fails, we delete the unnamed stream.
359 * Since we use the real file name for the smb_vop_remove we
360 * clear the SMB_IGNORE_CASE flag to ensure a case sensitive
361 * match.
362 *
363 * The second parameter of smb_vop_setattr() is set to
364 * NULL, even though an unnamed stream exists.  This is
365 * because we want to set the UID and GID on the named
366 * stream in this case for consistency with the (unnamed
367 * stream) file (see comments for smb_vop_setattr()).
368 *
369 * Note that some stream "types" are "restricted" and only
370 * internal callers (cr == kcred) can create those.
371 */
372static int
373smb_fsop_create_stream(smb_request_t *sr, cred_t *cr,
374    smb_node_t *dnode, char *fname, char *sname, int flags,
375    smb_attr_t *attr, smb_node_t **ret_snode)
376{
377	smb_attr_t	fattr;
378	smb_node_t	*fnode;
379	vnode_t		*xattrdvp;
380	vnode_t		*vp;
381	cred_t		*kcr = zone_kcred();
382	int		rc = 0;
383	boolean_t	fcreate = B_FALSE;
384
385	if (cr != kcr && smb_strname_restricted(sname))
386		return (EACCES);
387
388	/* Look up / create the unnamed stream, fname */
389	rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
390	    sr->tid_tree->t_snode, dnode, fname, &fnode);
391	if (rc == 0) {
392		if (smb_fsop_access(sr, sr->user_cr, fnode,
393		    sr->sr_open.desired_access) != 0)
394			rc = EACCES;
395	} else if (rc == ENOENT) {
396		fcreate = B_TRUE;
397		rc = smb_fsop_create_file(sr, cr, dnode, fname, flags,
398		    attr, &fnode);
399	}
400	if (rc != 0)
401		return (rc);
402
403	fattr.sa_mask = SMB_AT_UID | SMB_AT_GID;
404	rc = smb_vop_getattr(fnode->vp, NULL, &fattr, 0, kcr);
405
406	if (rc == 0) {
407		/* create the named stream, sname */
408		rc = smb_vop_stream_create(fnode->vp, sname, attr,
409		    &vp, &xattrdvp, flags, cr);
410	}
411	if (rc != 0) {
412		if (fcreate) {
413			flags &= ~SMB_IGNORE_CASE;
414			(void) smb_vop_remove(dnode->vp,
415			    fnode->od_name, flags, cr);
416		}
417		smb_node_release(fnode);
418		return (rc);
419	}
420
421	attr->sa_vattr.va_uid = fattr.sa_vattr.va_uid;
422	attr->sa_vattr.va_gid = fattr.sa_vattr.va_gid;
423	attr->sa_mask = SMB_AT_UID | SMB_AT_GID;
424
425	rc = smb_vop_setattr(vp, NULL, attr, 0, kcr);
426	if (rc != 0) {
427		smb_node_release(fnode);
428		return (rc);
429	}
430
431	*ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdvp,
432	    vp, sname);
433
434	smb_node_release(fnode);
435	VN_RELE(xattrdvp);
436	VN_RELE(vp);
437
438	if (*ret_snode == NULL)
439		rc = ENOMEM;
440
441	/* notify change to the unnamed stream */
442	if (rc == 0)
443		smb_node_notify_change(dnode,
444		    FILE_ACTION_ADDED_STREAM, fname);
445
446	return (rc);
447}
448
449/*
450 * smb_fsop_create_file
451 */
452static int
453smb_fsop_create_file(smb_request_t *sr, cred_t *cr,
454    smb_node_t *dnode, char *name, int flags,
455    smb_attr_t *attr, smb_node_t **ret_snode)
456{
457	smb_arg_open_t	*op = &sr->sr_open;
458	vnode_t		*vp;
459	int		rc;
460
461#ifdef	_KERNEL
462	smb_fssd_t	fs_sd;
463	uint32_t	secinfo;
464	uint32_t	status;
465
466	if (op->sd) {
467		/*
468		 * SD sent by client in Windows format. Needs to be
469		 * converted to FS format. No inheritance.
470		 */
471		secinfo = smb_sd_get_secinfo(op->sd);
472		smb_fssd_init(&fs_sd, secinfo, 0);
473
474		status = smb_sd_tofs(op->sd, &fs_sd);
475		if (status == NT_STATUS_SUCCESS) {
476			rc = smb_fsop_create_with_sd(sr, cr, dnode,
477			    name, attr, ret_snode, &fs_sd);
478		} else {
479			rc = EINVAL;
480		}
481		smb_fssd_term(&fs_sd);
482	} else if (sr->tid_tree->t_acltype == ACE_T) {
483		/*
484		 * No incoming SD and filesystem is ZFS
485		 * Server applies Windows inheritance rules,
486		 * see smb_fsop_sdinherit() comments as to why.
487		 */
488		smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0);
489		rc = smb_fsop_sdinherit(sr, dnode, &fs_sd);
490		if (rc == 0) {
491			rc = smb_fsop_create_with_sd(sr, cr, dnode,
492			    name, attr, ret_snode, &fs_sd);
493		}
494
495		smb_fssd_term(&fs_sd);
496	} else
497#endif	/* _KERNEL */
498	{
499		/*
500		 * No incoming SD and filesystem is not ZFS
501		 * let the filesystem handles the inheritance.
502		 */
503		rc = smb_vop_create(dnode->vp, name, attr, &vp,
504		    flags, cr, NULL);
505
506		if (rc == 0) {
507			*ret_snode = smb_node_lookup(sr, op, cr, vp,
508			    name, dnode, NULL);
509
510			if (*ret_snode == NULL)
511				rc = ENOMEM;
512
513			VN_RELE(vp);
514		}
515
516	}
517
518	if (rc == 0)
519		smb_node_notify_change(dnode, FILE_ACTION_ADDED, name);
520
521	return (rc);
522}
523
524/*
525 * smb_fsop_mkdir
526 *
527 * All SMB functions should use this wrapper to ensure that
528 * the the calls are performed with the appropriate credentials.
529 * Please document any direct call to explain the reason
530 * for avoiding this wrapper.
531 *
532 * It is assumed that a reference exists on snode coming into this routine.
533 *
534 * *ret_snode is returned with a reference upon success.  No reference is
535 * taken if an error is returned.
536 */
537int
538smb_fsop_mkdir(
539    smb_request_t *sr,
540    cred_t *cr,
541    smb_node_t *dnode,
542    char *name,
543    smb_attr_t *attr,
544    smb_node_t **ret_snode)
545{
546	struct open_param *op = &sr->arg.open;
547	char *longname;
548	vnode_t *vp;
549	int flags = 0;
550	int rc;
551
552#ifdef	_KERNEL
553	smb_fssd_t fs_sd;
554	uint32_t secinfo;
555	uint32_t status;
556#endif	/* _KERNEL */
557
558	ASSERT(cr);
559	ASSERT(dnode);
560	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
561	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
562
563	ASSERT(ret_snode);
564	*ret_snode = 0;
565
566	ASSERT(name);
567	if (*name == 0)
568		return (EINVAL);
569
570	ASSERT(sr);
571	ASSERT(sr->tid_tree);
572
573	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
574		return (EACCES);
575
576	if (SMB_TREE_IS_READONLY(sr))
577		return (EROFS);
578	if (SMB_TREE_SUPPORTS_CATIA(sr))
579		flags |= SMB_CATIA;
580	if (SMB_TREE_SUPPORTS_ABE(sr))
581		flags |= SMB_ABE;
582
583	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) {
584		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
585		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
586		kmem_free(longname, MAXNAMELEN);
587
588		/*
589		 * If the name passed in by the client has an unmangled
590		 * equivalent that is found in the specified directory,
591		 * then the mkdir cannot succeed.  Return EEXIST.
592		 *
593		 * Only if ENOENT is returned will a mkdir be attempted.
594		 */
595
596		if (rc == 0)
597			rc = EEXIST;
598
599		if (rc != ENOENT)
600			return (rc);
601	}
602
603	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
604		flags = SMB_IGNORE_CASE;
605
606#ifdef	_KERNEL
607	if (op->sd) {
608		/*
609		 * SD sent by client in Windows format. Needs to be
610		 * converted to FS format. No inheritance.
611		 */
612		secinfo = smb_sd_get_secinfo(op->sd);
613		smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR);
614
615		status = smb_sd_tofs(op->sd, &fs_sd);
616		if (status == NT_STATUS_SUCCESS) {
617			rc = smb_fsop_create_with_sd(sr, cr, dnode,
618			    name, attr, ret_snode, &fs_sd);
619		}
620		else
621			rc = EINVAL;
622		smb_fssd_term(&fs_sd);
623	} else if (sr->tid_tree->t_acltype == ACE_T) {
624		/*
625		 * No incoming SD and filesystem is ZFS
626		 * Server applies Windows inheritance rules,
627		 * see smb_fsop_sdinherit() comments as to why.
628		 */
629		smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR);
630		rc = smb_fsop_sdinherit(sr, dnode, &fs_sd);
631		if (rc == 0) {
632			rc = smb_fsop_create_with_sd(sr, cr, dnode,
633			    name, attr, ret_snode, &fs_sd);
634		}
635
636		smb_fssd_term(&fs_sd);
637
638	} else
639#endif	/* _KERNEL */
640	{
641		rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, flags, cr,
642		    NULL);
643
644		if (rc == 0) {
645			*ret_snode = smb_node_lookup(sr, op, cr, vp, name,
646			    dnode, NULL);
647
648			if (*ret_snode == NULL)
649				rc = ENOMEM;
650
651			VN_RELE(vp);
652		}
653	}
654
655	if (rc == 0)
656		smb_node_notify_change(dnode, FILE_ACTION_ADDED, name);
657
658	return (rc);
659}
660
661/*
662 * smb_fsop_remove
663 *
664 * All SMB functions should use this wrapper to ensure that
665 * the the calls are performed with the appropriate credentials.
666 * Please document any direct call to explain the reason
667 * for avoiding this wrapper.
668 *
669 * It is assumed that a reference exists on snode coming into this routine.
670 *
671 * A null smb_request might be passed to this function.
672 *
673 * Note that some stream "types" are "restricted" and only
674 * internal callers (cr == kcred) can remove those.
675 */
676int
677smb_fsop_remove(
678    smb_request_t	*sr,
679    cred_t		*cr,
680    smb_node_t		*dnode,
681    char		*name,
682    uint32_t		flags)
683{
684	smb_node_t	*fnode;
685	char		*longname;
686	char		*fname;
687	char		*sname;
688	int		rc;
689
690	ASSERT(cr);
691	/*
692	 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
693	 * function is called during the deletion of the node (because of
694	 * DELETE_ON_CLOSE).
695	 */
696	ASSERT(dnode);
697	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
698
699	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 ||
700	    SMB_TREE_HAS_ACCESS(sr, ACE_DELETE) == 0)
701		return (EACCES);
702
703	if (SMB_TREE_IS_READONLY(sr))
704		return (EROFS);
705
706	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
707	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
708
709	if (dnode->flags & NODE_XATTR_DIR) {
710		if (cr != zone_kcred() && smb_strname_restricted(name)) {
711			rc = EACCES;
712			goto out;
713		}
714
715		fnode = dnode->n_dnode;
716		rc = smb_vop_stream_remove(fnode->vp, name, flags, cr);
717
718		/* notify change to the unnamed stream */
719		if ((rc == 0) && fnode->n_dnode) {
720			smb_node_notify_change(fnode->n_dnode,
721			    FILE_ACTION_REMOVED_STREAM, fnode->od_name);
722		}
723	} else if (smb_is_stream_name(name)) {
724		smb_stream_parse_name(name, fname, sname);
725
726		if (cr != zone_kcred() && smb_strname_restricted(sname)) {
727			rc = EACCES;
728			goto out;
729		}
730
731		/*
732		 * Look up the unnamed stream (i.e. fname).
733		 * Unmangle processing will be done on fname
734		 * as well as any link target.
735		 */
736
737		rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
738		    sr->tid_tree->t_snode, dnode, fname, &fnode);
739
740		if (rc != 0) {
741			goto out;
742		}
743
744		/*
745		 * XXX
746		 * Need to find out what permission is required by NTFS
747		 * to remove a stream.
748		 */
749		rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr);
750
751		smb_node_release(fnode);
752
753		/* notify change to the unnamed stream */
754		if (rc == 0) {
755			smb_node_notify_change(dnode,
756			    FILE_ACTION_REMOVED_STREAM, fname);
757		}
758	} else {
759		rc = smb_vop_remove(dnode->vp, name, flags, cr);
760
761		if (rc == ENOENT) {
762			if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
763			    !smb_maybe_mangled(name)) {
764				goto out;
765			}
766			longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
767
768			if (SMB_TREE_SUPPORTS_ABE(sr))
769				flags |= SMB_ABE;
770
771			rc = smb_unmangle(dnode, name, longname, MAXNAMELEN,
772			    flags);
773
774			if (rc == 0) {
775				/*
776				 * longname is the real (case-sensitive)
777				 * on-disk name.
778				 * We make sure we do a remove on this exact
779				 * name, as the name was mangled and denotes
780				 * a unique file.
781				 */
782				flags &= ~SMB_IGNORE_CASE;
783				rc = smb_vop_remove(dnode->vp, longname,
784				    flags, cr);
785			}
786			kmem_free(longname, MAXNAMELEN);
787		}
788		if (rc == 0) {
789			smb_node_notify_change(dnode,
790			    FILE_ACTION_REMOVED, name);
791		}
792	}
793
794out:
795	kmem_free(fname, MAXNAMELEN);
796	kmem_free(sname, MAXNAMELEN);
797
798	return (rc);
799}
800
801/*
802 * smb_fsop_remove_streams
803 *
804 * This function removes a file's streams without removing the
805 * file itself.
806 *
807 * It is assumed that fnode is not a link.
808 */
809uint32_t
810smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode)
811{
812	int rc, flags = 0;
813	smb_odir_t *od;
814	smb_odirent_t *odirent;
815	uint32_t status;
816	boolean_t eos;
817
818	ASSERT(sr);
819	ASSERT(cr);
820	ASSERT(fnode);
821	ASSERT(fnode->n_magic == SMB_NODE_MAGIC);
822	ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING);
823
824	if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0)
825		return (NT_STATUS_ACCESS_DENIED);
826
827	if (SMB_TREE_IS_READONLY(sr))
828		return (NT_STATUS_ACCESS_DENIED);
829
830	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
831		flags = SMB_IGNORE_CASE;
832
833	if (SMB_TREE_SUPPORTS_CATIA(sr))
834		flags |= SMB_CATIA;
835
836	status = smb_odir_openat(sr, fnode, &od);
837	switch (status) {
838	case 0:
839		break;
840	case NT_STATUS_OBJECT_NAME_NOT_FOUND:
841	case NT_STATUS_NO_SUCH_FILE:
842	case NT_STATUS_NOT_SUPPORTED:
843		/* No streams to remove. */
844		return (0);
845	default:
846		return (status);
847	}
848
849	odirent = kmem_alloc(sizeof (smb_odirent_t), KM_SLEEP);
850	for (;;) {
851		rc = smb_odir_read(sr, od, odirent, &eos);
852		if ((rc != 0) || (eos))
853			break;
854		(void) smb_vop_remove(od->d_dnode->vp, odirent->od_name,
855		    flags, cr);
856	}
857	kmem_free(odirent, sizeof (smb_odirent_t));
858	if (eos && rc == ENOENT)
859		rc = 0;
860
861	smb_odir_close(od);
862	smb_odir_release(od);
863	if (rc)
864		status = smb_errno2status(rc);
865	return (status);
866}
867
868/*
869 * smb_fsop_rmdir
870 *
871 * All SMB functions should use this wrapper to ensure that
872 * the the calls are performed with the appropriate credentials.
873 * Please document any direct call to explain the reason
874 * for avoiding this wrapper.
875 *
876 * It is assumed that a reference exists on snode coming into this routine.
877 */
878int
879smb_fsop_rmdir(
880    smb_request_t	*sr,
881    cred_t		*cr,
882    smb_node_t		*dnode,
883    char		*name,
884    uint32_t		flags)
885{
886	int		rc;
887	char		*longname;
888
889	ASSERT(cr);
890	/*
891	 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
892	 * function is called during the deletion of the node (because of
893	 * DELETE_ON_CLOSE).
894	 */
895	ASSERT(dnode);
896	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
897
898	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 ||
899	    SMB_TREE_HAS_ACCESS(sr, ACE_DELETE_CHILD) == 0)
900		return (EACCES);
901
902	if (SMB_TREE_IS_READONLY(sr))
903		return (EROFS);
904
905	rc = smb_vop_rmdir(dnode->vp, name, flags, cr);
906
907	if (rc == ENOENT) {
908		if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
909		    !smb_maybe_mangled(name)) {
910			return (rc);
911		}
912
913		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
914
915		if (SMB_TREE_SUPPORTS_ABE(sr))
916			flags |= SMB_ABE;
917		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
918
919		if (rc == 0) {
920			/*
921			 * longname is the real (case-sensitive)
922			 * on-disk name.
923			 * We make sure we do a rmdir on this exact
924			 * name, as the name was mangled and denotes
925			 * a unique directory.
926			 */
927			flags &= ~SMB_IGNORE_CASE;
928			rc = smb_vop_rmdir(dnode->vp, longname, flags, cr);
929		}
930
931		kmem_free(longname, MAXNAMELEN);
932	}
933
934	if (rc == 0)
935		smb_node_notify_change(dnode, FILE_ACTION_REMOVED, name);
936
937	return (rc);
938}
939
940/*
941 * smb_fsop_getattr
942 *
943 * All SMB functions should use this wrapper to ensure that
944 * the the calls are performed with the appropriate credentials.
945 * Please document any direct call to explain the reason
946 * for avoiding this wrapper.
947 *
948 * It is assumed that a reference exists on snode coming into this routine.
949 */
950int
951smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
952    smb_attr_t *attr)
953{
954	smb_node_t *unnamed_node;
955	vnode_t *unnamed_vp = NULL;
956	uint32_t status;
957	uint32_t access = 0;
958	int flags = 0;
959	int rc;
960
961	ASSERT(cr);
962	ASSERT(snode);
963	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
964	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
965
966	if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0 ||
967	    SMB_TREE_HAS_ACCESS(sr, ACE_READ_ATTRIBUTES) == 0)
968		return (EACCES);
969
970	/* sr could be NULL in some cases */
971	if (sr && sr->fid_ofile) {
972		/* if uid and/or gid is requested */
973		if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID))
974			access |= READ_CONTROL;
975
976		/* if anything else is also requested */
977		if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID))
978			access |= FILE_READ_ATTRIBUTES;
979
980		status = smb_ofile_access(sr->fid_ofile, cr, access);
981		if (status != NT_STATUS_SUCCESS)
982			return (EACCES);
983
984		if (smb_tree_has_feature(sr->tid_tree,
985		    SMB_TREE_ACEMASKONACCESS))
986			flags = ATTR_NOACLCHECK;
987	}
988
989	unnamed_node = SMB_IS_STREAM(snode);
990
991	if (unnamed_node) {
992		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
993		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
994		unnamed_vp = unnamed_node->vp;
995	}
996
997	rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr);
998
999	if ((rc == 0) && smb_node_is_dfslink(snode)) {
1000		/* a DFS link should be treated as a directory */
1001		attr->sa_dosattr |= FILE_ATTRIBUTE_DIRECTORY;
1002	}
1003
1004	return (rc);
1005}
1006
1007/*
1008 * smb_fsop_link
1009 *
1010 * All SMB functions should use this smb_vop_link wrapper to ensure that
1011 * the smb_vop_link is performed with the appropriate credentials.
1012 * Please document any direct call to smb_vop_link to explain the reason
1013 * for avoiding this wrapper.
1014 *
1015 * It is assumed that references exist on from_dnode and to_dnode coming
1016 * into this routine.
1017 */
1018int
1019smb_fsop_link(smb_request_t *sr, cred_t *cr, smb_node_t *from_fnode,
1020    smb_node_t *to_dnode, char *to_name)
1021{
1022	char	*longname = NULL;
1023	int	flags = 0;
1024	int	rc;
1025
1026	ASSERT(sr);
1027	ASSERT(sr->tid_tree);
1028	ASSERT(cr);
1029	ASSERT(to_dnode);
1030	ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC);
1031	ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1032	ASSERT(from_fnode);
1033	ASSERT(from_fnode->n_magic == SMB_NODE_MAGIC);
1034	ASSERT(from_fnode->n_state != SMB_NODE_STATE_DESTROYING);
1035
1036	if (SMB_TREE_CONTAINS_NODE(sr, from_fnode) == 0)
1037		return (EACCES);
1038
1039	if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0)
1040		return (EACCES);
1041
1042	if (SMB_TREE_IS_READONLY(sr))
1043		return (EROFS);
1044
1045	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1046		flags = SMB_IGNORE_CASE;
1047	if (SMB_TREE_SUPPORTS_CATIA(sr))
1048		flags |= SMB_CATIA;
1049	if (SMB_TREE_SUPPORTS_ABE(sr))
1050		flags |= SMB_ABE;
1051
1052	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(to_name)) {
1053		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1054		rc = smb_unmangle(to_dnode, to_name, longname,
1055		    MAXNAMELEN, flags);
1056		kmem_free(longname, MAXNAMELEN);
1057
1058		if (rc == 0)
1059			rc = EEXIST;
1060		if (rc != ENOENT)
1061			return (rc);
1062	}
1063
1064	rc = smb_vop_link(to_dnode->vp, from_fnode->vp, to_name, flags, cr);
1065
1066	if (rc == 0)
1067		smb_node_notify_change(to_dnode, FILE_ACTION_ADDED, to_name);
1068
1069	return (rc);
1070}
1071
1072/*
1073 * smb_fsop_rename
1074 *
1075 * All SMB functions should use this smb_vop_rename wrapper to ensure that
1076 * the smb_vop_rename is performed with the appropriate credentials.
1077 * Please document any direct call to smb_vop_rename to explain the reason
1078 * for avoiding this wrapper.
1079 *
1080 * It is assumed that references exist on from_dnode and to_dnode coming
1081 * into this routine.
1082 */
1083int
1084smb_fsop_rename(
1085    smb_request_t *sr,
1086    cred_t *cr,
1087    smb_node_t *from_dnode,
1088    char *from_name,
1089    smb_node_t *to_dnode,
1090    char *to_name)
1091{
1092	smb_node_t *from_snode;
1093	smb_attr_t from_attr;
1094	vnode_t *from_vp;
1095	int flags = 0, ret_flags;
1096	int rc;
1097	boolean_t isdir;
1098
1099	ASSERT(cr);
1100	ASSERT(from_dnode);
1101	ASSERT(from_dnode->n_magic == SMB_NODE_MAGIC);
1102	ASSERT(from_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1103
1104	ASSERT(to_dnode);
1105	ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC);
1106	ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1107
1108	if (SMB_TREE_CONTAINS_NODE(sr, from_dnode) == 0)
1109		return (EACCES);
1110
1111	if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0)
1112		return (EACCES);
1113
1114	ASSERT(sr);
1115	ASSERT(sr->tid_tree);
1116	if (SMB_TREE_IS_READONLY(sr))
1117		return (EROFS);
1118
1119	/*
1120	 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE
1121	 * here.
1122	 *
1123	 * A case-sensitive rename is always done in this routine
1124	 * because we are using the on-disk name from an earlier lookup.
1125	 * If a mangled name was passed in by the caller (denoting a
1126	 * deterministic lookup), then the exact file must be renamed
1127	 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or
1128	 * else the underlying file system might return a "first-match"
1129	 * on this on-disk name, possibly resulting in the wrong file).
1130	 */
1131
1132	if (SMB_TREE_SUPPORTS_CATIA(sr))
1133		flags |= SMB_CATIA;
1134
1135	/*
1136	 * XXX: Lock required through smb_node_release() below?
1137	 */
1138
1139	rc = smb_vop_lookup(from_dnode->vp, from_name, &from_vp, NULL,
1140	    flags, &ret_flags, NULL, &from_attr, cr);
1141
1142	if (rc != 0)
1143		return (rc);
1144
1145	if (from_attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) {
1146		VN_RELE(from_vp);
1147		return (EACCES);
1148	}
1149
1150	isdir = ((from_attr.sa_dosattr & FILE_ATTRIBUTE_DIRECTORY) != 0);
1151
1152	if ((isdir && SMB_TREE_HAS_ACCESS(sr,
1153	    ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY) !=
1154	    (ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY)) ||
1155	    (!isdir && SMB_TREE_HAS_ACCESS(sr, ACE_DELETE | ACE_ADD_FILE) !=
1156	    (ACE_DELETE | ACE_ADD_FILE))) {
1157		VN_RELE(from_vp);
1158		return (EACCES);
1159	}
1160
1161	/*
1162	 * SMB checks access on open and retains an access granted
1163	 * mask for use while the file is open.  ACL changes should
1164	 * not affect access to an open file.
1165	 *
1166	 * If the rename is being performed on an ofile:
1167	 * - Check the ofile's access granted mask to see if the
1168	 *   rename is permitted - requires DELETE access.
1169	 * - If the file system does access checking, set the
1170	 *   ATTR_NOACLCHECK flag to ensure that the file system
1171	 *   does not check permissions on subsequent calls.
1172	 */
1173	if (sr && sr->fid_ofile) {
1174		rc = smb_ofile_access(sr->fid_ofile, cr, DELETE);
1175		if (rc != NT_STATUS_SUCCESS) {
1176			VN_RELE(from_vp);
1177			return (EACCES);
1178		}
1179
1180		if (smb_tree_has_feature(sr->tid_tree,
1181		    SMB_TREE_ACEMASKONACCESS))
1182			flags = ATTR_NOACLCHECK;
1183	}
1184
1185	rc = smb_vop_rename(from_dnode->vp, from_name, to_dnode->vp,
1186	    to_name, flags, cr);
1187
1188	if (rc == 0) {
1189		from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name,
1190		    from_dnode, NULL);
1191
1192		if (from_snode == NULL) {
1193			rc = ENOMEM;
1194		} else {
1195			smb_node_rename(from_dnode, from_snode,
1196			    to_dnode, to_name);
1197			smb_node_release(from_snode);
1198		}
1199	}
1200	VN_RELE(from_vp);
1201
1202	if (rc == 0) {
1203		if (from_dnode == to_dnode) {
1204			smb_node_notify_change(from_dnode,
1205			    FILE_ACTION_RENAMED_OLD_NAME, from_name);
1206			smb_node_notify_change(to_dnode,
1207			    FILE_ACTION_RENAMED_NEW_NAME, to_name);
1208		} else {
1209			smb_node_notify_change(from_dnode,
1210			    FILE_ACTION_REMOVED, from_name);
1211			smb_node_notify_change(to_dnode,
1212			    FILE_ACTION_ADDED, to_name);
1213		}
1214	}
1215
1216	/* XXX: unlock */
1217
1218	return (rc);
1219}
1220
1221/*
1222 * smb_fsop_setattr
1223 *
1224 * All SMB functions should use this wrapper to ensure that
1225 * the the calls are performed with the appropriate credentials.
1226 * Please document any direct call to explain the reason
1227 * for avoiding this wrapper.
1228 *
1229 * It is assumed that a reference exists on snode coming into
1230 * this function.
1231 * A null smb_request might be passed to this function.
1232 */
1233int
1234smb_fsop_setattr(
1235    smb_request_t	*sr,
1236    cred_t		*cr,
1237    smb_node_t		*snode,
1238    smb_attr_t		*set_attr)
1239{
1240	smb_node_t *unnamed_node;
1241	vnode_t *unnamed_vp = NULL;
1242	uint32_t status;
1243	uint32_t access;
1244	int rc = 0;
1245	int flags = 0;
1246	uint_t sa_mask;
1247
1248	ASSERT(cr);
1249	ASSERT(snode);
1250	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1251	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1252
1253	if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0)
1254		return (EACCES);
1255
1256	if (SMB_TREE_IS_READONLY(sr))
1257		return (EROFS);
1258
1259	if (SMB_TREE_HAS_ACCESS(sr,
1260	    ACE_WRITE_ATTRIBUTES | ACE_WRITE_NAMED_ATTRS) == 0)
1261		return (EACCES);
1262
1263	/*
1264	 * SMB checks access on open and retains an access granted
1265	 * mask for use while the file is open.  ACL changes should
1266	 * not affect access to an open file.
1267	 *
1268	 * If the setattr is being performed on an ofile:
1269	 * - Check the ofile's access granted mask to see if the
1270	 *   setattr is permitted.
1271	 *   UID, GID - require WRITE_OWNER
1272	 *   SIZE, ALLOCSZ - require FILE_WRITE_DATA
1273	 *   all other attributes require FILE_WRITE_ATTRIBUTES
1274	 *
1275	 * - If the file system does access checking, set the
1276	 *   ATTR_NOACLCHECK flag to ensure that the file system
1277	 *   does not check permissions on subsequent calls.
1278	 */
1279	if (sr && sr->fid_ofile) {
1280		sa_mask = set_attr->sa_mask;
1281		access = 0;
1282
1283		if (sa_mask & (SMB_AT_SIZE | SMB_AT_ALLOCSZ)) {
1284			access |= FILE_WRITE_DATA;
1285			sa_mask &= ~(SMB_AT_SIZE | SMB_AT_ALLOCSZ);
1286		}
1287
1288		if (sa_mask & (SMB_AT_UID|SMB_AT_GID)) {
1289			access |= WRITE_OWNER;
1290			sa_mask &= ~(SMB_AT_UID|SMB_AT_GID);
1291		}
1292
1293		if (sa_mask)
1294			access |= FILE_WRITE_ATTRIBUTES;
1295
1296		status = smb_ofile_access(sr->fid_ofile, cr, access);
1297		if (status != NT_STATUS_SUCCESS)
1298			return (EACCES);
1299
1300		if (smb_tree_has_feature(sr->tid_tree,
1301		    SMB_TREE_ACEMASKONACCESS))
1302			flags = ATTR_NOACLCHECK;
1303	}
1304
1305	unnamed_node = SMB_IS_STREAM(snode);
1306
1307	if (unnamed_node) {
1308		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1309		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1310		unnamed_vp = unnamed_node->vp;
1311	}
1312
1313	rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr);
1314	return (rc);
1315}
1316
1317/*
1318 * Support for SMB2 setinfo FileValidDataLengthInformation.
1319 * Free (zero out) data in the range off, off+len
1320 */
1321int
1322smb_fsop_freesp(
1323    smb_request_t	*sr,
1324    cred_t		*cr,
1325    smb_ofile_t		*ofile,
1326    off64_t		off,
1327    off64_t		len)
1328{
1329	flock64_t flk;
1330	smb_node_t *node = ofile->f_node;
1331	uint32_t status;
1332	uint32_t access = FILE_WRITE_DATA;
1333	int rc;
1334
1335	ASSERT(cr);
1336	ASSERT(node);
1337	ASSERT(node->n_magic == SMB_NODE_MAGIC);
1338	ASSERT(node->n_state != SMB_NODE_STATE_DESTROYING);
1339
1340	if (SMB_TREE_CONTAINS_NODE(sr, node) == 0)
1341		return (EACCES);
1342
1343	if (SMB_TREE_IS_READONLY(sr))
1344		return (EROFS);
1345
1346	if (SMB_TREE_HAS_ACCESS(sr, access) == 0)
1347		return (EACCES);
1348
1349	/*
1350	 * SMB checks access on open and retains an access granted
1351	 * mask for use while the file is open.  ACL changes should
1352	 * not affect access to an open file.
1353	 *
1354	 * If the setattr is being performed on an ofile:
1355	 * - Check the ofile's access granted mask to see if this
1356	 *   modification should be permitted (FILE_WRITE_DATA)
1357	 */
1358	status = smb_ofile_access(sr->fid_ofile, cr, access);
1359	if (status != NT_STATUS_SUCCESS)
1360		return (EACCES);
1361
1362	bzero(&flk, sizeof (flk));
1363	flk.l_start = off;
1364	flk.l_len = len;
1365
1366	rc = smb_vop_space(node->vp, F_FREESP, &flk, FWRITE, 0LL, cr);
1367	return (rc);
1368}
1369
1370/*
1371 * smb_fsop_read
1372 *
1373 * All SMB functions should use this wrapper to ensure that
1374 * the the calls are performed with the appropriate credentials.
1375 * Please document any direct call to explain the reason
1376 * for avoiding this wrapper.
1377 *
1378 * It is assumed that a reference exists on snode coming into this routine.
1379 * Note that ofile may be different from sr->fid_ofile, or may be NULL.
1380 */
1381int
1382smb_fsop_read(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1383    smb_ofile_t *ofile, uio_t *uio, int ioflag)
1384{
1385	caller_context_t ct;
1386	cred_t *kcr = zone_kcred();
1387	uint32_t amask;
1388	int svmand;
1389	int rc;
1390
1391	ASSERT(cr);
1392	ASSERT(snode);
1393	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1394	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1395
1396	ASSERT(sr);
1397
1398	if (ofile != NULL) {
1399		/*
1400		 * Check tree access.  Not SMB_TREE_HAS_ACCESS
1401		 * because we need to use ofile->f_tree
1402		 */
1403		if ((ofile->f_tree->t_access & ACE_READ_DATA) == 0)
1404			return (EACCES);
1405
1406		/*
1407		 * Check ofile access.  Use in-line smb_ofile_access
1408		 * so we can check both amask bits at the same time.
1409		 * If any bit in amask is granted, allow this read.
1410		 */
1411		amask = FILE_READ_DATA;
1412		if (sr->smb_flg2 & SMB_FLAGS2_READ_IF_EXECUTE)
1413			amask |= FILE_EXECUTE;
1414		if (cr != kcr && (ofile->f_granted_access & amask) == 0)
1415			return (EACCES);
1416	}
1417
1418	/*
1419	 * Streams permission are checked against the unnamed stream,
1420	 * but in FS level they have their own permissions. To avoid
1421	 * rejection by FS due to lack of permission on the actual
1422	 * extended attr kcred is passed for streams.
1423	 */
1424	if (SMB_IS_STREAM(snode))
1425		cr = kcr;
1426
1427	smb_node_start_crit(snode, RW_READER);
1428	rc = nbl_svmand(snode->vp, kcr, &svmand);
1429	if (rc) {
1430		smb_node_end_crit(snode);
1431		return (rc);
1432	}
1433
1434	/*
1435	 * Note: SMB allows a zero-byte read, which should not
1436	 * conflict with any locks.  However nbl_lock_conflict
1437	 * takes a zero-byte length as lock to EOF, so we must
1438	 * special case that here.
1439	 */
1440	if (uio->uio_resid > 0) {
1441		ct = smb_ct;
1442		if (ofile != NULL)
1443			ct.cc_pid = ofile->f_uniqid;
1444		rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset,
1445		    uio->uio_resid, svmand, &ct);
1446		if (rc != 0) {
1447			smb_node_end_crit(snode);
1448			return (ERANGE);
1449		}
1450	}
1451
1452	rc = smb_vop_read(snode->vp, uio, ioflag, cr);
1453	smb_node_end_crit(snode);
1454
1455	return (rc);
1456}
1457
1458/*
1459 * smb_fsop_write
1460 *
1461 * It is assumed that a reference exists on snode coming into this routine.
1462 * Note that ofile may be different from sr->fid_ofile, or may be NULL.
1463 */
1464int
1465smb_fsop_write(
1466    smb_request_t *sr,
1467    cred_t *cr,
1468    smb_node_t *snode,
1469    smb_ofile_t *ofile,
1470    uio_t *uio,
1471    uint32_t *lcount,
1472    int ioflag)
1473{
1474	caller_context_t ct;
1475	smb_attr_t attr;
1476	cred_t *kcr = zone_kcred();
1477	smb_node_t *u_node;
1478	vnode_t *u_vp = NULL;
1479	vnode_t *vp;
1480	uint32_t amask;
1481	int svmand;
1482	int rc;
1483
1484	ASSERT(cr);
1485	ASSERT(snode);
1486	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1487	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1488
1489	ASSERT(sr);
1490	vp = snode->vp;
1491
1492	if (ofile != NULL) {
1493		amask = FILE_WRITE_DATA | FILE_APPEND_DATA;
1494
1495		/* Check tree access. */
1496		if ((ofile->f_tree->t_access & amask) == 0)
1497			return (EROFS);
1498
1499		/*
1500		 * Check ofile access.  Use in-line smb_ofile_access
1501		 * so we can check both amask bits at the same time.
1502		 * If any bit in amask is granted, allow this write.
1503		 */
1504		if (cr != kcr && (ofile->f_granted_access & amask) == 0)
1505			return (EACCES);
1506	}
1507
1508	/*
1509	 * Streams permission are checked against the unnamed stream,
1510	 * but in FS level they have their own permissions. To avoid
1511	 * rejection by FS due to lack of permission on the actual
1512	 * extended attr kcred is passed for streams.
1513	 */
1514	u_node = SMB_IS_STREAM(snode);
1515	if (u_node != NULL) {
1516		ASSERT(u_node->n_magic == SMB_NODE_MAGIC);
1517		ASSERT(u_node->n_state != SMB_NODE_STATE_DESTROYING);
1518		u_vp = u_node->vp;
1519		cr = kcr;
1520	}
1521
1522	smb_node_start_crit(snode, RW_WRITER);
1523	rc = nbl_svmand(vp, kcr, &svmand);
1524	if (rc) {
1525		smb_node_end_crit(snode);
1526		return (rc);
1527	}
1528
1529	/*
1530	 * Note: SMB allows a zero-byte write, which should not
1531	 * conflict with any locks.  However nbl_lock_conflict
1532	 * takes a zero-byte length as lock to EOF, so we must
1533	 * special case that here.
1534	 */
1535	if (uio->uio_resid > 0) {
1536		ct = smb_ct;
1537		if (ofile != NULL)
1538			ct.cc_pid = ofile->f_uniqid;
1539		rc = nbl_lock_conflict(vp, NBL_WRITE, uio->uio_loffset,
1540		    uio->uio_resid, svmand, &ct);
1541		if (rc != 0) {
1542			smb_node_end_crit(snode);
1543			return (ERANGE);
1544		}
1545	}
1546
1547	rc = smb_vop_write(vp, uio, ioflag, lcount, cr);
1548
1549	/*
1550	 * Once the mtime has been set via this ofile, the
1551	 * automatic mtime changes from writes via this ofile
1552	 * should cease, preserving the mtime that was set.
1553	 * See: [MS-FSA] 2.1.5.14 and smb_node_setattr.
1554	 *
1555	 * The VFS interface does not offer a way to ask it to
1556	 * skip the mtime updates, so we simulate the desired
1557	 * behavior by re-setting the mtime after writes on a
1558	 * handle where the mtime has been set.
1559	 */
1560	if (ofile != NULL &&
1561	    (ofile->f_pending_attr.sa_mask & SMB_AT_MTIME) != 0) {
1562		bcopy(&ofile->f_pending_attr, &attr, sizeof (attr));
1563		attr.sa_mask = SMB_AT_MTIME;
1564		(void) smb_vop_setattr(vp, u_vp, &attr, 0, kcr);
1565	}
1566
1567	smb_node_end_crit(snode);
1568
1569	return (rc);
1570}
1571
1572/*
1573 * Find the next allocated range starting at or after
1574 * the offset (*datap), returning the start/end of
1575 * that range in (*datap, *holep)
1576 */
1577int
1578smb_fsop_next_alloc_range(
1579    cred_t *cr,
1580    smb_node_t *node,
1581    off64_t *datap,
1582    off64_t *holep)
1583{
1584	int err;
1585
1586	err = smb_vop_ioctl(node->vp, _FIO_SEEK_DATA, datap, cr);
1587	if (err != 0)
1588		return (err);
1589
1590	*holep = *datap;
1591	err = smb_vop_ioctl(node->vp, _FIO_SEEK_HOLE, holep, cr);
1592
1593	return (err);
1594}
1595
1596/*
1597 * smb_fsop_statfs
1598 *
1599 * This is a wrapper function used for stat operations.
1600 */
1601int
1602smb_fsop_statfs(
1603    cred_t *cr,
1604    smb_node_t *snode,
1605    struct statvfs64 *statp)
1606{
1607	ASSERT(cr);
1608	ASSERT(snode);
1609	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1610	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1611
1612	return (smb_vop_statfs(snode->vp, statp, cr));
1613}
1614
1615/*
1616 * smb_fsop_access
1617 *
1618 * Named streams do not have separate permissions from the associated
1619 * unnamed stream.  Thus, if node is a named stream, the permissions
1620 * check will be performed on the associated unnamed stream.
1621 *
1622 * However, our named streams do have their own quarantine attribute,
1623 * separate from that on the unnamed stream. If READ or EXECUTE
1624 * access has been requested on a named stream, an additional access
1625 * check is performed on the named stream in case it has been
1626 * quarantined.  kcred is used to avoid issues with the permissions
1627 * set on the extended attribute file representing the named stream.
1628 *
1629 * Note that some stream "types" are "restricted" and only
1630 * internal callers (cr == kcred) can access those.
1631 */
1632int
1633smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1634    uint32_t faccess)
1635{
1636	int access = 0;
1637	int error;
1638	vnode_t *dir_vp;
1639	boolean_t acl_check = B_TRUE;
1640	smb_node_t *unnamed_node;
1641
1642	ASSERT(sr);
1643	ASSERT(cr);
1644	ASSERT(snode);
1645	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1646	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1647
1648	if (SMB_TREE_IS_READONLY(sr)) {
1649		if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA|
1650		    FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES|
1651		    DELETE|WRITE_DAC|WRITE_OWNER)) {
1652			return (NT_STATUS_ACCESS_DENIED);
1653		}
1654	}
1655
1656	if (smb_node_is_reparse(snode) && (faccess & DELETE))
1657		return (NT_STATUS_ACCESS_DENIED);
1658
1659	unnamed_node = SMB_IS_STREAM(snode);
1660	if (unnamed_node) {
1661		cred_t *kcr = zone_kcred();
1662
1663		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1664		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1665
1666		if (cr != kcr && smb_strname_restricted(snode->od_name))
1667			return (NT_STATUS_ACCESS_DENIED);
1668
1669		/*
1670		 * Perform VREAD access check on the named stream in case it
1671		 * is quarantined. kcred is passed to smb_vop_access so it
1672		 * doesn't fail due to lack of permission.
1673		 */
1674		if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) {
1675			error = smb_vop_access(snode->vp, VREAD,
1676			    0, NULL, kcr);
1677			if (error)
1678				return (NT_STATUS_ACCESS_DENIED);
1679		}
1680
1681		/*
1682		 * Streams authorization should be performed against the
1683		 * unnamed stream.
1684		 */
1685		snode = unnamed_node;
1686	}
1687
1688	if (faccess & ACCESS_SYSTEM_SECURITY) {
1689		/*
1690		 * This permission is required for reading/writing SACL and
1691		 * it's not part of DACL. It's only granted via proper
1692		 * privileges.
1693		 */
1694		if ((sr->uid_user->u_privileges &
1695		    (SMB_USER_PRIV_BACKUP |
1696		    SMB_USER_PRIV_RESTORE |
1697		    SMB_USER_PRIV_SECURITY)) == 0)
1698			return (NT_STATUS_PRIVILEGE_NOT_HELD);
1699
1700		faccess &= ~ACCESS_SYSTEM_SECURITY;
1701	}
1702
1703	/* Links don't have ACL */
1704	if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) ||
1705	    smb_node_is_symlink(snode))
1706		acl_check = B_FALSE;
1707
1708	/* Deny access based on the share access mask */
1709
1710	if ((faccess & ~sr->tid_tree->t_access) != 0)
1711		return (NT_STATUS_ACCESS_DENIED);
1712
1713	if (acl_check) {
1714		dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL;
1715		error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp,
1716		    cr);
1717	} else {
1718		/*
1719		 * FS doesn't understand 32-bit mask, need to map
1720		 */
1721		if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA))
1722			access |= VWRITE;
1723
1724		if (faccess & FILE_READ_DATA)
1725			access |= VREAD;
1726
1727		if (faccess & FILE_EXECUTE)
1728			access |= VEXEC;
1729
1730		error = smb_vop_access(snode->vp, access, 0, NULL, cr);
1731	}
1732
1733	return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS);
1734}
1735
1736/*
1737 * smb_fsop_lookup_name()
1738 *
1739 * If name indicates that the file is a stream file, perform
1740 * stream specific lookup, otherwise call smb_fsop_lookup.
1741 *
1742 * Return an error if the looked-up file is in outside the tree.
1743 * (Required when invoked from open path.)
1744 *
1745 * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1746 * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1747 * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1748 * flag is set in the flags value passed as a parameter, a case insensitive
1749 * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1750 * or not).
1751 */
1752
1753int
1754smb_fsop_lookup_name(
1755    smb_request_t *sr,
1756    cred_t	*cr,
1757    int		flags,
1758    smb_node_t	*root_node,
1759    smb_node_t	*dnode,
1760    char	*name,
1761    smb_node_t	**ret_snode)
1762{
1763	smb_node_t	*fnode;
1764	vnode_t		*xattrdirvp;
1765	vnode_t		*vp;
1766	char		*od_name;
1767	char		*fname;
1768	char		*sname;
1769	int		rc;
1770
1771	ASSERT(cr);
1772	ASSERT(dnode);
1773	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
1774	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
1775
1776	/*
1777	 * The following check is required for streams processing, below
1778	 */
1779
1780	if (!(flags & SMB_CASE_SENSITIVE)) {
1781		if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1782			flags |= SMB_IGNORE_CASE;
1783	}
1784
1785	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1786	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1787
1788	if (smb_is_stream_name(name)) {
1789		smb_stream_parse_name(name, fname, sname);
1790
1791		/*
1792		 * Look up the unnamed stream (i.e. fname).
1793		 * Unmangle processing will be done on fname
1794		 * as well as any link target.
1795		 */
1796		rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode,
1797		    fname, &fnode);
1798
1799		if (rc != 0) {
1800			kmem_free(fname, MAXNAMELEN);
1801			kmem_free(sname, MAXNAMELEN);
1802			return (rc);
1803		}
1804
1805		od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1806
1807		/*
1808		 * od_name is the on-disk name of the stream, except
1809		 * without the prepended stream prefix (SMB_STREAM_PREFIX)
1810		 */
1811
1812		/*
1813		 * XXX
1814		 * What permissions NTFS requires for stream lookup if any?
1815		 */
1816		rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name,
1817		    &xattrdirvp, flags, root_node->vp, cr);
1818
1819		if (rc != 0) {
1820			smb_node_release(fnode);
1821			kmem_free(fname, MAXNAMELEN);
1822			kmem_free(sname, MAXNAMELEN);
1823			kmem_free(od_name, MAXNAMELEN);
1824			return (rc);
1825		}
1826
1827		*ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp,
1828		    vp, od_name);
1829
1830		kmem_free(od_name, MAXNAMELEN);
1831		smb_node_release(fnode);
1832		VN_RELE(xattrdirvp);
1833		VN_RELE(vp);
1834
1835		if (*ret_snode == NULL) {
1836			kmem_free(fname, MAXNAMELEN);
1837			kmem_free(sname, MAXNAMELEN);
1838			return (ENOMEM);
1839		}
1840	} else {
1841		rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, name,
1842		    ret_snode);
1843	}
1844
1845	if (rc == 0) {
1846		ASSERT(ret_snode);
1847		if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) {
1848			smb_node_release(*ret_snode);
1849			*ret_snode = NULL;
1850			rc = EACCES;
1851		}
1852	}
1853
1854	kmem_free(fname, MAXNAMELEN);
1855	kmem_free(sname, MAXNAMELEN);
1856
1857	return (rc);
1858}
1859
1860/*
1861 * smb_fsop_lookup
1862 *
1863 * All SMB functions should use this smb_vop_lookup wrapper to ensure that
1864 * the smb_vop_lookup is performed with the appropriate credentials and using
1865 * case insensitive compares. Please document any direct call to smb_vop_lookup
1866 * to explain the reason for avoiding this wrapper.
1867 *
1868 * It is assumed that a reference exists on dnode coming into this routine
1869 * (and that it is safe from deallocation).
1870 *
1871 * Same with the root_node.
1872 *
1873 * *ret_snode is returned with a reference upon success.  No reference is
1874 * taken if an error is returned.
1875 *
1876 * Note: The returned ret_snode may be in a child mount.  This is ok for
1877 * readdir.
1878 *
1879 * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent
1880 * operations on files not in the parent mount.
1881 *
1882 * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1883 * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1884 * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1885 * flag is set in the flags value passed as a parameter, a case insensitive
1886 * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1887 * or not).
1888 */
1889int
1890smb_fsop_lookup(
1891    smb_request_t *sr,
1892    cred_t	*cr,
1893    int		flags,
1894    smb_node_t	*root_node,
1895    smb_node_t	*dnode,
1896    char	*name,
1897    smb_node_t	**ret_snode)
1898{
1899	smb_node_t *lnk_target_node;
1900	smb_node_t *lnk_dnode;
1901	char *longname;
1902	char *od_name;
1903	vnode_t *vp;
1904	int rc;
1905	int ret_flags;
1906	smb_attr_t attr;
1907
1908	ASSERT(cr);
1909	ASSERT(dnode);
1910	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
1911	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
1912
1913	if (name == NULL)
1914		return (EINVAL);
1915
1916	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
1917		return (EACCES);
1918
1919	if (!(flags & SMB_CASE_SENSITIVE)) {
1920		if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1921			flags |= SMB_IGNORE_CASE;
1922	}
1923	if (SMB_TREE_SUPPORTS_CATIA(sr))
1924		flags |= SMB_CATIA;
1925	if (SMB_TREE_SUPPORTS_ABE(sr))
1926		flags |= SMB_ABE;
1927
1928	/*
1929	 * Can have "" or "." when opening named streams on a directory.
1930	 */
1931	if (name[0] == '\0' || (name[0] == '.' && name[1] == '\0')) {
1932		smb_node_ref(dnode);
1933		*ret_snode = dnode;
1934		return (0);
1935	}
1936
1937	od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1938
1939	rc = smb_vop_lookup(dnode->vp, name, &vp, od_name, flags,
1940	    &ret_flags, root_node ? root_node->vp : NULL, &attr, cr);
1941
1942	if (rc != 0) {
1943		if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
1944		    !smb_maybe_mangled(name)) {
1945			kmem_free(od_name, MAXNAMELEN);
1946			return (rc);
1947		}
1948
1949		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1950		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
1951		if (rc != 0) {
1952			kmem_free(od_name, MAXNAMELEN);
1953			kmem_free(longname, MAXNAMELEN);
1954			return (rc);
1955		}
1956
1957		/*
1958		 * longname is the real (case-sensitive)
1959		 * on-disk name.
1960		 * We make sure we do a lookup on this exact
1961		 * name, as the name was mangled and denotes
1962		 * a unique file.
1963		 */
1964
1965		if (flags & SMB_IGNORE_CASE)
1966			flags &= ~SMB_IGNORE_CASE;
1967
1968		rc = smb_vop_lookup(dnode->vp, longname, &vp, od_name,
1969		    flags, &ret_flags, root_node ? root_node->vp : NULL, &attr,
1970		    cr);
1971
1972		kmem_free(longname, MAXNAMELEN);
1973
1974		if (rc != 0) {
1975			kmem_free(od_name, MAXNAMELEN);
1976			return (rc);
1977		}
1978	}
1979
1980	if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK) &&
1981	    ((attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) == 0)) {
1982		rc = smb_pathname(sr, od_name, FOLLOW, root_node, dnode,
1983		    &lnk_dnode, &lnk_target_node, cr, NULL);
1984
1985		if (rc != 0) {
1986			/*
1987			 * The link is assumed to be for the last component
1988			 * of a path.  Hence any ENOTDIR error will be returned
1989			 * as ENOENT.
1990			 */
1991			if (rc == ENOTDIR)
1992				rc = ENOENT;
1993
1994			VN_RELE(vp);
1995			kmem_free(od_name, MAXNAMELEN);
1996			return (rc);
1997		}
1998
1999		/*
2000		 * Release the original VLNK vnode
2001		 */
2002
2003		VN_RELE(vp);
2004		vp = lnk_target_node->vp;
2005
2006		rc = smb_vop_traverse_check(&vp);
2007
2008		if (rc != 0) {
2009			smb_node_release(lnk_dnode);
2010			smb_node_release(lnk_target_node);
2011			kmem_free(od_name, MAXNAMELEN);
2012			return (rc);
2013		}
2014
2015		/*
2016		 * smb_vop_traverse_check() may have returned a different vnode
2017		 */
2018
2019		if (lnk_target_node->vp == vp) {
2020			*ret_snode = lnk_target_node;
2021		} else {
2022			*ret_snode = smb_node_lookup(sr, NULL, cr, vp,
2023			    lnk_target_node->od_name, lnk_dnode, NULL);
2024			VN_RELE(vp);
2025
2026			if (*ret_snode == NULL)
2027				rc = ENOMEM;
2028			smb_node_release(lnk_target_node);
2029		}
2030
2031		smb_node_release(lnk_dnode);
2032
2033	} else {
2034
2035		rc = smb_vop_traverse_check(&vp);
2036		if (rc) {
2037			VN_RELE(vp);
2038			kmem_free(od_name, MAXNAMELEN);
2039			return (rc);
2040		}
2041
2042		*ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name,
2043		    dnode, NULL);
2044		VN_RELE(vp);
2045
2046		if (*ret_snode == NULL)
2047			rc = ENOMEM;
2048	}
2049
2050	kmem_free(od_name, MAXNAMELEN);
2051	return (rc);
2052}
2053
2054int /*ARGSUSED*/
2055smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode)
2056{
2057	ASSERT(cr);
2058	ASSERT(snode);
2059	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
2060	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
2061
2062	ASSERT(sr);
2063	ASSERT(sr->tid_tree);
2064	if (SMB_TREE_IS_READONLY(sr))
2065		return (EROFS);
2066
2067	return (smb_vop_commit(snode->vp, cr));
2068}
2069
2070/*
2071 * smb_fsop_aclread
2072 *
2073 * Retrieve filesystem ACL. Depends on requested ACLs in
2074 * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in
2075 * fs_sd. Note that requesting a DACL/SACL doesn't mean that
2076 * the corresponding field in fs_sd should be non-NULL upon
2077 * return, since the target ACL might not contain that type of
2078 * entries.
2079 *
2080 * Returned ACL is always in ACE_T (aka ZFS) format.
2081 * If successful the allocated memory for the ACL should be freed
2082 * using smb_fsacl_free() or smb_fssd_term()
2083 */
2084int
2085smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2086    smb_fssd_t *fs_sd)
2087{
2088	int error = 0;
2089	int flags = 0;
2090	int access = 0;
2091	acl_t *acl;
2092
2093	ASSERT(cr);
2094
2095	/* Can't query security on named streams */
2096	if (SMB_IS_STREAM(snode) != NULL)
2097		return (EINVAL);
2098
2099	if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_ACL) == 0)
2100		return (EACCES);
2101
2102	if (sr->fid_ofile) {
2103		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2104			access = READ_CONTROL;
2105
2106		if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2107			access |= ACCESS_SYSTEM_SECURITY;
2108
2109		error = smb_ofile_access(sr->fid_ofile, cr, access);
2110		if (error != NT_STATUS_SUCCESS) {
2111			return (EACCES);
2112		}
2113	}
2114
2115
2116	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS))
2117		flags = ATTR_NOACLCHECK;
2118
2119	error = smb_vop_acl_read(snode->vp, &acl, flags,
2120	    sr->tid_tree->t_acltype, cr);
2121	if (error != 0) {
2122		return (error);
2123	}
2124
2125	error = acl_translate(acl, _ACL_ACE_ENABLED,
2126	    smb_node_is_dir(snode), fs_sd->sd_uid, fs_sd->sd_gid);
2127
2128	if (error == 0) {
2129		smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl,
2130		    fs_sd->sd_secinfo);
2131	}
2132
2133	acl_free(acl);
2134	return (error);
2135}
2136
2137/*
2138 * smb_fsop_aclwrite
2139 *
2140 * Stores the filesystem ACL provided in fs_sd->sd_acl.
2141 */
2142int
2143smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2144    smb_fssd_t *fs_sd)
2145{
2146	int target_flavor;
2147	int error = 0;
2148	int flags = 0;
2149	int access = 0;
2150	acl_t *acl, *dacl, *sacl;
2151
2152	ASSERT(cr);
2153
2154	ASSERT(sr);
2155	ASSERT(sr->tid_tree);
2156	if (SMB_TREE_IS_READONLY(sr))
2157		return (EROFS);
2158
2159	/* Can't set security on named streams */
2160	if (SMB_IS_STREAM(snode) != NULL)
2161		return (EINVAL);
2162
2163	if (SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_ACL) == 0)
2164		return (EACCES);
2165
2166	if (sr->fid_ofile) {
2167		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2168			access = WRITE_DAC;
2169
2170		if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2171			access |= ACCESS_SYSTEM_SECURITY;
2172
2173		error = smb_ofile_access(sr->fid_ofile, cr, access);
2174		if (error != NT_STATUS_SUCCESS)
2175			return (EACCES);
2176	}
2177
2178	switch (sr->tid_tree->t_acltype) {
2179	case ACLENT_T:
2180		target_flavor = _ACL_ACLENT_ENABLED;
2181		break;
2182
2183	case ACE_T:
2184		target_flavor = _ACL_ACE_ENABLED;
2185		break;
2186	default:
2187		return (EINVAL);
2188	}
2189
2190	dacl = fs_sd->sd_zdacl;
2191	sacl = fs_sd->sd_zsacl;
2192
2193	ASSERT(dacl || sacl);
2194	if ((dacl == NULL) && (sacl == NULL))
2195		return (EINVAL);
2196
2197	if (dacl && sacl)
2198		acl = smb_fsacl_merge(dacl, sacl);
2199	else if (dacl)
2200		acl = dacl;
2201	else
2202		acl = sacl;
2203
2204	error = acl_translate(acl, target_flavor, smb_node_is_dir(snode),
2205	    fs_sd->sd_uid, fs_sd->sd_gid);
2206	if (error == 0) {
2207		if (smb_tree_has_feature(sr->tid_tree,
2208		    SMB_TREE_ACEMASKONACCESS))
2209			flags = ATTR_NOACLCHECK;
2210
2211		error = smb_vop_acl_write(snode->vp, acl, flags, cr);
2212	}
2213
2214	if (dacl && sacl)
2215		acl_free(acl);
2216
2217	return (error);
2218}
2219
2220acl_type_t
2221smb_fsop_acltype(smb_node_t *snode)
2222{
2223	return (smb_vop_acl_type(snode->vp));
2224}
2225
2226/*
2227 * smb_fsop_sdread
2228 *
2229 * Read the requested security descriptor items from filesystem.
2230 * The items are specified in fs_sd->sd_secinfo.
2231 */
2232int
2233smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2234    smb_fssd_t *fs_sd)
2235{
2236	int error = 0;
2237	int getowner = 0;
2238	cred_t *ga_cred;
2239	smb_attr_t attr;
2240
2241	ASSERT(cr);
2242	ASSERT(fs_sd);
2243
2244	/* Can't query security on named streams */
2245	if (SMB_IS_STREAM(snode) != NULL)
2246		return (EINVAL);
2247
2248	/*
2249	 * File's uid/gid is fetched in two cases:
2250	 *
2251	 * 1. it's explicitly requested
2252	 *
2253	 * 2. target ACL is ACE_T (ZFS ACL). They're needed for
2254	 *    owner@/group@ entries. In this case kcred should be used
2255	 *    because uid/gid are fetched on behalf of smb server.
2256	 */
2257	if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) {
2258		getowner = 1;
2259		ga_cred = cr;
2260	} else if (sr->tid_tree->t_acltype == ACE_T) {
2261		getowner = 1;
2262		ga_cred = zone_kcred();
2263	}
2264
2265	if (getowner) {
2266		/*
2267		 * Windows require READ_CONTROL to read owner/group SID since
2268		 * they're part of Security Descriptor.
2269		 * ZFS only requires read_attribute. Need to have a explicit
2270		 * access check here.
2271		 */
2272		if (sr->fid_ofile == NULL) {
2273			error = smb_fsop_access(sr, ga_cred, snode,
2274			    READ_CONTROL);
2275			if (error)
2276				return (EACCES);
2277		}
2278
2279		attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2280		error = smb_fsop_getattr(sr, ga_cred, snode, &attr);
2281		if (error == 0) {
2282			fs_sd->sd_uid = attr.sa_vattr.va_uid;
2283			fs_sd->sd_gid = attr.sa_vattr.va_gid;
2284		} else {
2285			return (error);
2286		}
2287	}
2288
2289	if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2290		error = smb_fsop_aclread(sr, cr, snode, fs_sd);
2291	}
2292
2293	return (error);
2294}
2295
2296/*
2297 * smb_fsop_sdmerge
2298 *
2299 * From SMB point of view DACL and SACL are two separate list
2300 * which can be manipulated independently without one affecting
2301 * the other, but entries for both DACL and SACL will end up
2302 * in the same ACL if target filesystem supports ACE_T ACLs.
2303 *
2304 * So, if either DACL or SACL is present in the client set request
2305 * the entries corresponding to the non-present ACL shouldn't
2306 * be touched in the FS ACL.
2307 *
2308 * fs_sd parameter contains DACL and SACL specified by SMB
2309 * client to be set on a file/directory. The client could
2310 * specify both or one of these ACLs (if none is specified
2311 * we don't get this far). When both DACL and SACL are given
2312 * by client the existing ACL should be overwritten. If only
2313 * one of them is specified the entries corresponding to the other
2314 * ACL should not be touched. For example, if only DACL
2315 * is specified in input fs_sd, the function reads audit entries
2316 * of the existing ACL of the file and point fs_sd->sd_zsdacl
2317 * pointer to the fetched SACL, this way when smb_fsop_sdwrite()
2318 * function is called the passed fs_sd would point to the specified
2319 * DACL by client and fetched SACL from filesystem, so the file
2320 * will end up with correct ACL.
2321 */
2322static int
2323smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd)
2324{
2325	smb_fssd_t cur_sd;
2326	cred_t *kcr = zone_kcred();
2327	int error = 0;
2328
2329	if (sr->tid_tree->t_acltype != ACE_T)
2330		/* Don't bother if target FS doesn't support ACE_T */
2331		return (0);
2332
2333	if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) {
2334		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) {
2335			/*
2336			 * Don't overwrite existing audit entries
2337			 */
2338			smb_fssd_init(&cur_sd, SMB_SACL_SECINFO,
2339			    fs_sd->sd_flags);
2340
2341			error = smb_fsop_sdread(sr, kcr, snode, &cur_sd);
2342			if (error == 0) {
2343				ASSERT(fs_sd->sd_zsacl == NULL);
2344				fs_sd->sd_zsacl = cur_sd.sd_zsacl;
2345				if (fs_sd->sd_zsacl && fs_sd->sd_zdacl)
2346					fs_sd->sd_zsacl->acl_flags =
2347					    fs_sd->sd_zdacl->acl_flags;
2348			}
2349		} else {
2350			/*
2351			 * Don't overwrite existing access entries
2352			 */
2353			smb_fssd_init(&cur_sd, SMB_DACL_SECINFO,
2354			    fs_sd->sd_flags);
2355
2356			error = smb_fsop_sdread(sr, kcr, snode, &cur_sd);
2357			if (error == 0) {
2358				ASSERT(fs_sd->sd_zdacl == NULL);
2359				fs_sd->sd_zdacl = cur_sd.sd_zdacl;
2360				if (fs_sd->sd_zdacl && fs_sd->sd_zsacl)
2361					fs_sd->sd_zdacl->acl_flags =
2362					    fs_sd->sd_zsacl->acl_flags;
2363			}
2364		}
2365
2366		if (error)
2367			smb_fssd_term(&cur_sd);
2368	}
2369
2370	return (error);
2371}
2372
2373/*
2374 * smb_fsop_sdwrite
2375 *
2376 * Stores the given uid, gid and acl in filesystem.
2377 * Provided items in fs_sd are specified by fs_sd->sd_secinfo.
2378 *
2379 * A SMB security descriptor could contain owner, primary group,
2380 * DACL and SACL. Setting an SD should be atomic but here it has to
2381 * be done via two separate FS operations: VOP_SETATTR and
2382 * VOP_SETSECATTR. Therefore, this function has to simulate the
2383 * atomicity as well as it can.
2384 *
2385 * Get the current uid, gid before setting the new uid/gid
2386 * so if smb_fsop_aclwrite fails they can be restored. root cred is
2387 * used to get currend uid/gid since this operation is performed on
2388 * behalf of the server not the user.
2389 *
2390 * If setting uid/gid fails with EPERM it means that and invalid
2391 * owner has been specified. Callers should translate this to
2392 * STATUS_INVALID_OWNER which is not the normal mapping for EPERM
2393 * in upper layers, so EPERM is mapped to EBADE.
2394 */
2395int
2396smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2397    smb_fssd_t *fs_sd, int overwrite)
2398{
2399	smb_attr_t set_attr;
2400	smb_attr_t orig_attr;
2401	cred_t *kcr = zone_kcred();
2402	int error = 0;
2403	int access = 0;
2404
2405	ASSERT(cr);
2406	ASSERT(fs_sd);
2407
2408	ASSERT(sr);
2409	ASSERT(sr->tid_tree);
2410	if (SMB_TREE_IS_READONLY(sr))
2411		return (EROFS);
2412
2413	/* Can't set security on named streams */
2414	if (SMB_IS_STREAM(snode) != NULL)
2415		return (EINVAL);
2416
2417	bzero(&set_attr, sizeof (smb_attr_t));
2418
2419	if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
2420		set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
2421		set_attr.sa_mask |= SMB_AT_UID;
2422		access |= WRITE_OWNER;
2423	}
2424
2425	if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
2426		set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
2427		set_attr.sa_mask |= SMB_AT_GID;
2428		access |= WRITE_OWNER;
2429	}
2430
2431	if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2432		access |= WRITE_DAC;
2433
2434	if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2435		access |= ACCESS_SYSTEM_SECURITY;
2436
2437	if (sr->fid_ofile)
2438		error = smb_ofile_access(sr->fid_ofile, cr, access);
2439	else
2440		error = smb_fsop_access(sr, cr, snode, access);
2441
2442	if (error)
2443		return (EACCES);
2444
2445	if (set_attr.sa_mask) {
2446		orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2447		error = smb_fsop_getattr(sr, kcr, snode, &orig_attr);
2448		if (error == 0) {
2449			error = smb_fsop_setattr(sr, cr, snode, &set_attr);
2450			if (error == EPERM)
2451				error = EBADE;
2452		}
2453
2454		if (error)
2455			return (error);
2456	}
2457
2458	if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2459		if (overwrite == 0) {
2460			error = smb_fsop_sdmerge(sr, snode, fs_sd);
2461			if (error)
2462				return (error);
2463		}
2464
2465		error = smb_fsop_aclwrite(sr, cr, snode, fs_sd);
2466		if (error) {
2467			/*
2468			 * Revert uid/gid changes if required.
2469			 */
2470			if (set_attr.sa_mask) {
2471				orig_attr.sa_mask = set_attr.sa_mask;
2472				(void) smb_fsop_setattr(sr, kcr, snode,
2473				    &orig_attr);
2474			}
2475		}
2476	}
2477
2478	return (error);
2479}
2480
2481#ifdef	_KERNEL
2482/*
2483 * smb_fsop_sdinherit
2484 *
2485 * Inherit the security descriptor from the parent container.
2486 * This function is called after FS has created the file/folder
2487 * so if this doesn't do anything it means FS inheritance is
2488 * in place.
2489 *
2490 * Do inheritance for ZFS internally.
2491 *
2492 * If we want to let ZFS does the inheritance the
2493 * following setting should be true:
2494 *
2495 *  - aclinherit = passthrough
2496 *  - aclmode = passthrough
2497 *  - smbd umask = 0777
2498 *
2499 * This will result in right effective permissions but
2500 * ZFS will always add 6 ACEs for owner, owning group
2501 * and others to be POSIX compliant. This is not what
2502 * Windows clients/users expect, so we decided that CIFS
2503 * implements Windows rules and overwrite whatever ZFS
2504 * comes up with. This way we also don't have to care
2505 * about ZFS aclinherit and aclmode settings.
2506 */
2507static int
2508smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd)
2509{
2510	acl_t *dacl = NULL;
2511	acl_t *sacl = NULL;
2512	int is_dir;
2513	int error;
2514
2515	ASSERT(fs_sd);
2516
2517	if (sr->tid_tree->t_acltype != ACE_T) {
2518		/*
2519		 * No forced inheritance for non-ZFS filesystems.
2520		 */
2521		fs_sd->sd_secinfo = 0;
2522		return (0);
2523	}
2524
2525
2526	/* Fetch parent directory's ACL */
2527	error = smb_fsop_sdread(sr, zone_kcred(), dnode, fs_sd);
2528	if (error) {
2529		return (error);
2530	}
2531
2532	is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR);
2533	dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO,
2534	    sr->user_cr);
2535	sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO,
2536	    sr->user_cr);
2537
2538	if (sacl == NULL)
2539		fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO;
2540
2541	smb_fsacl_free(fs_sd->sd_zdacl);
2542	smb_fsacl_free(fs_sd->sd_zsacl);
2543
2544	fs_sd->sd_zdacl = dacl;
2545	fs_sd->sd_zsacl = sacl;
2546
2547	return (0);
2548}
2549#endif	/* _KERNEL */
2550
2551/*
2552 * smb_fsop_eaccess
2553 *
2554 * Returns the effective permission of the given credential for the
2555 * specified object.
2556 *
2557 * This is just a workaround. We need VFS/FS support for this.
2558 */
2559void
2560smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2561    uint32_t *eaccess)
2562{
2563	int access = 0;
2564	vnode_t *dir_vp;
2565	smb_node_t *unnamed_node;
2566
2567	ASSERT(cr);
2568	ASSERT(snode);
2569	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
2570	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
2571
2572	unnamed_node = SMB_IS_STREAM(snode);
2573	if (unnamed_node) {
2574		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2575		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2576		/*
2577		 * Streams authorization should be performed against the
2578		 * unnamed stream.
2579		 */
2580		snode = unnamed_node;
2581	}
2582
2583	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) {
2584		dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL;
2585		smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp,
2586		    cr);
2587		return;
2588	}
2589
2590	/*
2591	 * FS doesn't understand 32-bit mask
2592	 */
2593	smb_vop_eaccess(snode->vp, &access, 0, NULL, cr);
2594	access &= sr->tid_tree->t_access;
2595
2596	*eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES;
2597
2598	if (access & VREAD)
2599		*eaccess |= FILE_READ_DATA;
2600
2601	if (access & VEXEC)
2602		*eaccess |= FILE_EXECUTE;
2603
2604	if (access & VWRITE)
2605		*eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES |
2606		    FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD;
2607
2608	if (access & (VREAD | VWRITE))
2609		*eaccess |= SYNCHRONIZE;
2610
2611#ifdef	_FAKE_KERNEL
2612	/* Should be: if (we are the owner)... */
2613	if (access & VWRITE)
2614		*eaccess |= DELETE | WRITE_DAC | WRITE_OWNER;
2615#endif
2616}
2617
2618/*
2619 * smb_fsop_shrlock
2620 *
2621 * For the current open request, check file sharing rules
2622 * against existing opens.
2623 *
2624 * Returns NT_STATUS_SHARING_VIOLATION if there is any
2625 * sharing conflict.  Returns NT_STATUS_SUCCESS otherwise.
2626 *
2627 * Full system-wide share reservation synchronization is available
2628 * when the nbmand (non-blocking mandatory) mount option is set
2629 * (i.e. nbl_need_crit() is true) and nbmand critical regions are used.
2630 * This provides synchronization with NFS and local processes.  The
2631 * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called
2632 * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well
2633 * as the CIFS rename and delete paths.
2634 *
2635 * The CIFS server will also enter the nbl critical region in the open,
2636 * rename, and delete paths when nbmand is not set.  There is limited
2637 * coordination with local and VFS share reservations in this case.
2638 * Note that when the nbmand mount option is not set, the VFS layer
2639 * only processes advisory reservations and the delete mode is not checked.
2640 *
2641 * Whether or not the nbmand mount option is set, intra-CIFS share
2642 * checking is done in the open, delete, and rename paths using a CIFS
2643 * critical region (node->n_share_lock).
2644 */
2645uint32_t
2646smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid,
2647    uint32_t desired_access, uint32_t share_access)
2648{
2649	int rc;
2650
2651	/* Allow access if the request is just for meta data */
2652	if ((desired_access & FILE_DATA_ALL) == 0)
2653		return (NT_STATUS_SUCCESS);
2654
2655	rc = smb_node_open_check(node, desired_access, share_access);
2656	if (rc)
2657		return (NT_STATUS_SHARING_VIOLATION);
2658
2659	rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access,
2660	    cr);
2661	if (rc)
2662		return (NT_STATUS_SHARING_VIOLATION);
2663
2664	return (NT_STATUS_SUCCESS);
2665}
2666
2667void
2668smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid)
2669{
2670	(void) smb_vop_unshrlock(node->vp, uniq_fid, cr);
2671}
2672
2673int
2674smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock,
2675    cred_t *cr)
2676{
2677	flock64_t bf;
2678	int flag = F_REMOTELOCK;
2679
2680	/*
2681	 * VOP_FRLOCK() will not be called if:
2682	 *
2683	 * 1) The lock has a range of zero bytes. The semantics of Windows and
2684	 *    POSIX are different. In the case of POSIX it asks for the locking
2685	 *    of all the bytes from the offset provided until the end of the
2686	 *    file. In the case of Windows a range of zero locks nothing and
2687	 *    doesn't conflict with any other lock.
2688	 *
2689	 * 2) The lock rolls over (start + lenght < start). Solaris will assert
2690	 *    if such a request is submitted. This will not create
2691	 *    incompatibilities between POSIX and Windows. In the Windows world,
2692	 *    if a client submits such a lock, the server will not lock any
2693	 *    bytes. Interestingly if the same lock (same offset and length) is
2694	 *    resubmitted Windows will consider that there is an overlap and
2695	 *    the granting rules will then apply.
2696	 *
2697	 * 3) The SMB-level process IDs (smb_pid) are not passed down to the
2698	 *    POSIX level in l_pid because (a) the rules about lock PIDs are
2699	 *    different in SMB, and (b) we're putting our ofile f_uniqid in
2700	 *    the POSIX l_pid field to segregate locks per SMB ofile.
2701	 *    (We're also using a "remote" system ID in l_sysid.)
2702	 *    All SMB locking PIDs are handled at the SMB level and
2703	 *    not exposed in POSIX locking.
2704	 */
2705	if ((lock->l_length == 0) ||
2706	    ((lock->l_start + lock->l_length - 1) < lock->l_start))
2707		return (0);
2708
2709	bzero(&bf, sizeof (bf));
2710
2711	if (unlock) {
2712		bf.l_type = F_UNLCK;
2713	} else if (lock->l_type == SMB_LOCK_TYPE_READONLY) {
2714		bf.l_type = F_RDLCK;
2715		flag |= FREAD;
2716	} else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) {
2717		bf.l_type = F_WRLCK;
2718		flag |= FWRITE;
2719	}
2720
2721	bf.l_start = lock->l_start;
2722	bf.l_len = lock->l_length;
2723	bf.l_pid = lock->l_file->f_uniqid;
2724	bf.l_sysid = smb_ct.cc_sysid;
2725
2726	return (smb_vop_frlock(node->vp, cr, flag, &bf));
2727}
2728