29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * CDDL HEADER START
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * The contents of this file are subject to the terms of the
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Common Development and Distribution License (the "License").
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * You may not use this file except in compliance with the License.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * See the License for the specific language governing permissions
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * and limitations under the License.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * When distributing Covered Code, include this CDDL HEADER in each
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * If applicable, add the following below this CDDL HEADER, with the
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * fields enclosed by brackets "[]" replaced with your own identifying
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * information: Portions Copyright [yyyy] [name of copyright owner]
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * CDDL HEADER END
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This is a helper file to get/set Windows SD. This is used by
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * SRVSVC service.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/* Size of offset members in mslm_security_descriptor structure */
f96bd5c800e73e351b0b6e4bd7f00b578dad29bbAlan Wrightuint32_t srvsvc_sd_set_relative(smb_sd_t *, uint8_t *);
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krierstatic uint32_t srvsvc_sd_get_autohome(const smb_share_t *, smb_sd_t *);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic uint32_t srvsvc_sd_status_to_error(uint32_t);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic uint32_t srvsvc_sd_set_absolute(uint8_t *, smb_sd_t *);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This method computes ACL on share path from a share name.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Return 0 upon success, -1 upon failure.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsrvsvc_shareacl_getpath(smb_share_t *si, char *shr_acl_path)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright ret = smb_getdataset(si->shr_path, dataset, MAXPATHLEN);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright return (-1);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright if ((zfshd = zfs_open(libhd, dataset, ZFS_TYPE_DATASET)) == NULL) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright return (-1);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright if (zfs_prop_get(zfshd, ZFS_PROP_MOUNTPOINT, mp, sizeof (mp), NULL,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright return (-1);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright (void) snprintf(shr_acl_path, MAXPATHLEN, "%s/.zfs/shares/%s",
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This method sets Security Descriptor on a share path.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_SUCCESS
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_NOT_ENOUGH_MEMORY
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_INVALID_ACL
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_INVALID_SID
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_INVALID_SECURITY_DESCR
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_NONE_MAPPED
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_INTERNAL_ERROR
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_PATH_NOT_FOUND
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright status = smb_sd_write(path, &sd, SMB_DACL_SECINFO);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This method returns a Security Descriptor of a share path in self relative
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * format. Call to this function with NULL buffer, returns the size of the
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * security descriptor, which can be used to allocate buffer.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_SUCCESS
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_NOT_ENOUGH_MEMORY
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_INVALID_ACL
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_INVALID_SID
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_INVALID_SECURITY_DESCR
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_INVALID_PARAMETER
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_NONE_MAPPED
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_INTERNAL_ERROR
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ERROR_PATH_NOT_FOUND
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsrvsvc_sd_get(smb_share_t *si, uint8_t *sdbuf, uint32_t *size)
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier status = smb_sd_read(path, &sd, SMB_ALL_SECINFO);
fe1c642d06e14b412cd83ae2179303186ab08972Bill Kriersrvsvc_sd_get_autohome(const smb_share_t *si, smb_sd_t *sd)
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier if (acl_fromtext("owner@:rwxpdDaARWcCos::allow", &acl) != 0)
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier smb_fssd_init(&fs_sd, SMB_ALL_SECINFO, SMB_FSSD_FLAGS_DIR);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This method converts an ACE from absolute (pointer) to
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * self relative (flat buffer) format.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Returns Win32 error codes.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsrvsvc_ace_set_relative(mslm_ace_t *m_ace, struct mslm_sid *m_sid,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright bcopy(&ace->se_hdr, &m_ace->header, sizeof (mslm_ace_hdr_t));
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright bcopy(ace->se_sid, m_sid, smb_sid_len(ace->se_sid));
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This method converts an ACL from absolute (pointer) to
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * self relative (flat buffer) format.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Returns an initialized mslm_acl structure on success.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Returns NULL on failure.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic struct mslm_acl *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsrvsvc_acl_set_relative(uint8_t *sdbuf, smb_acl_t *acl)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This method converts Security Descriptor from absolute (pointer) to
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * self relative (flat buffer) format.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Returns Win32 error codes.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsrvsvc_sd_set_relative(smb_sd_t *sd, uint8_t *sdbuf)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright msd->control = sd->sd_control | SE_SELF_RELATIVE;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright offset = sizeof (mslm_security_descriptor_t) - SRVSVC_SD_OFFSET_SZ;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright msd->sacl = srvsvc_acl_set_relative(&sdbuf[offset],
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright status = srvsvc_ace_set_relative(m_ace, m_sid, ace);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright msd->dacl = srvsvc_acl_set_relative(&sdbuf[offset],
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright status = srvsvc_ace_set_relative(m_ace, m_sid, ace);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This method converts an ACE from self relative (flat buffer) to
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * absolute (pointer) format.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Returns Win32 error codes.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsrvsvc_ace_set_absolute(mslm_ace_t *m_ace, struct mslm_sid *m_sid,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright if ((m_ace == NULL) || (ace == NULL) || (m_sid == NULL))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright bcopy(&m_ace->header, &ace->se_hdr, sizeof (mslm_ace_hdr_t));
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This method converts an ACL from self relative (flat buffer) to
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * absolute (pointer) format.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Returns an initialized smb_acl_t structure on success.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Returns NULL on failure.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsrvsvc_acl_set_absolute(uint8_t *sdbuf, int *offset)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright bcopy(&sdbuf[*offset], &ace_cnt, sizeof (uint16_t));
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This method converts Security Descriptor from self relative (flat buffer) to
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * absolute (pointer) format.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Returns Win32 error codes.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsrvsvc_sd_set_absolute(uint8_t *sdbuf, smb_sd_t *sd)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright sd->sd_control = msd->control & (~SE_SELF_RELATIVE);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright m_sid = (struct mslm_sid *)&sdbuf[msd->offset_owner];
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright m_sid = (struct mslm_sid *)&sdbuf[msd->offset_group];
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright sd->sd_sacl = srvsvc_acl_set_absolute(sdbuf, &offset);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright status = srvsvc_ace_set_absolute(m_ace, m_sid, ace);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright sd->sd_dacl = srvsvc_acl_set_absolute(sdbuf, &offset);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright /*LINTED E_BAD_PTR_CAST_ALIGN*/
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright status = srvsvc_ace_set_absolute(m_ace, m_sid, ace);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This method maps NT status codes into Win 32 error codes.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This method operates on status codes that are related
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * to processing of Security Descriptor.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright static struct {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright for (i = 0; i < (sizeof (errmap) / sizeof (errmap[0])); ++i) {