libsmb/common/smb_sd.c

29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * CDDL HEADER START
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * The contents of this file are subject to the terms of the
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Common Development and Distribution License (the "License").
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * You may not use this file except in compliance with the License.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * or http://www.opensolaris.org/os/licensing.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * See the License for the specific language governing permissions
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * and limitations under the License.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * When distributing Covered Code, include this CDDL HEADER in each
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * If applicable, add the following below this CDDL HEADER, with the
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * fields enclosed by brackets "[]" replaced with your own identifying
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * information: Portions Copyright [yyyy] [name of copyright owner]
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * CDDL HEADER END
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This module provides Security Descriptor handling functions.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#include <strings.h>
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#include <assert.h>
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh#include <errno.h>
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#include <smbsrv/ntifs.h>
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#include <smbsrv/smb_idmap.h>
b1352070d318187b41b088da3533692976f3f225Alan Wright#include <smbsrv/libsmb.h>
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_SHR_ACE_READ_PERMS  (ACE_READ_PERMS | ACE_EXECUTE | ACE_SYNCHRONIZE)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_SHR_ACE_CONTROL_PERMS   (ACE_MODIFY_PERMS & (~ACE_DELETE_CHILD))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States/*
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * This mapping table is provided to map permissions set by chmod
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * using 'read_set' and 'modify_set' to what Windows share ACL GUI
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * expects as Read and Control, respectively.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States */
b1352070d318187b41b088da3533692976f3f225Alan Wrightstatic struct {
b1352070d318187b41b088da3533692976f3f225Alan Wright    int am_ace_perms;
b1352070d318187b41b088da3533692976f3f225Alan Wright    int am_share_perms;
b1352070d318187b41b088da3533692976f3f225Alan Wright} smb_ace_map[] = {
b1352070d318187b41b088da3533692976f3f225Alan Wright    { ACE_MODIFY_PERMS, SMB_SHR_ACE_CONTROL_PERMS },
b1352070d318187b41b088da3533692976f3f225Alan Wright    { ACE_READ_PERMS,   SMB_SHR_ACE_READ_PERMS }
b1352070d318187b41b088da3533692976f3f225Alan Wright};
b1352070d318187b41b088da3533692976f3f225Alan Wright
b1352070d318187b41b088da3533692976f3f225Alan Wright#define SMB_ACE_MASK_MAP_SIZE   (sizeof (smb_ace_map)/sizeof (smb_ace_map[0]))
b1352070d318187b41b088da3533692976f3f225Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic void smb_sd_set_sacl(smb_sd_t *, smb_acl_t *, boolean_t, int);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic void smb_sd_set_dacl(smb_sd_t *, smb_acl_t *, boolean_t, int);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightvoid
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_init(smb_sd_t *sd, uint8_t revision)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    bzero(sd, sizeof (smb_sd_t));
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    sd->sd_revision = revision;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_term
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Free non-NULL members of 'sd' which has to be in
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * absolute (pointer) form.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightvoid
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_term(smb_sd_t *sd)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    assert(sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    assert((sd->sd_control & SE_SELF_RELATIVE) == 0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_sid_free(sd->sd_owner);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_sid_free(sd->sd_group);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_acl_free(sd->sd_dacl);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_acl_free(sd->sd_sacl);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    bzero(sd, sizeof (smb_sd_t));
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightuint32_t
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_len(smb_sd_t *sd, uint32_t secinfo)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t length = SMB_SD_HDRSIZE;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (secinfo & SMB_OWNER_SECINFO)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        length += smb_sid_len(sd->sd_owner);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (secinfo & SMB_GROUP_SECINFO)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        length += smb_sid_len(sd->sd_group);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (secinfo & SMB_DACL_SECINFO)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        length += smb_acl_len(sd->sd_dacl);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (secinfo & SMB_SACL_SECINFO)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        length += smb_acl_len(sd->sd_sacl);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    return (length);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_get_secinfo
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Return the security information mask for the specified security
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * descriptor.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightuint32_t
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_get_secinfo(smb_sd_t *sd)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t sec_info = 0;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (sd == NULL)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        return (0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (sd->sd_owner)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sec_info |= SMB_OWNER_SECINFO;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (sd->sd_group)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sec_info |= SMB_GROUP_SECINFO;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (sd->sd_dacl)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sec_info |= SMB_DACL_SECINFO;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (sd->sd_sacl)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sec_info |= SMB_SACL_SECINFO;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    return (sec_info);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Adjust the Access Mask so that ZFS ACE mask and Windows ACE read mask match.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic int
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_adjust_read_mask(int mask)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
b1352070d318187b41b088da3533692976f3f225Alan Wright    int i;
b1352070d318187b41b088da3533692976f3f225Alan Wright
b1352070d318187b41b088da3533692976f3f225Alan Wright    for (i = 0; i < SMB_ACE_MASK_MAP_SIZE; ++i) {
b1352070d318187b41b088da3533692976f3f225Alan Wright        if (smb_ace_map[i].am_ace_perms == mask)
b1352070d318187b41b088da3533692976f3f225Alan Wright            return (smb_ace_map[i].am_share_perms);
b1352070d318187b41b088da3533692976f3f225Alan Wright    }
b1352070d318187b41b088da3533692976f3f225Alan Wright
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States    return (mask);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Get ZFS acl from the share path via acl_get() method.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic uint32_t
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_read_acl(char *path, smb_fssd_t *fs_sd)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    acl_t *z_acl;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    ace_t *z_ace;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    fs_sd->sd_gid = fs_sd->sd_uid = 0;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    errno = 0;
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    if (acl_get(path, 0, &z_acl) != 0) {
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        switch (errno) {
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        case EACCES:
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            return (NT_STATUS_ACCESS_DENIED);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        case ENOENT:
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            return (NT_STATUS_OBJECT_PATH_NOT_FOUND);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        default:
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh            return (NT_STATUS_INTERNAL_ERROR);
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh        }
1fdeec650620e8498c06f832ea4bd2292f7e9632joyce mcintosh    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if ((z_ace = (ace_t *)z_acl->acl_aclp) == NULL)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        return (NT_STATUS_INVALID_ACL);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States    for (int i = 0; i < z_acl->acl_cnt; i++, z_ace++)
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States        z_ace->a_access_mask =
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States            smb_sd_adjust_read_mask(z_ace->a_access_mask);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    fs_sd->sd_zdacl = z_acl;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    fs_sd->sd_zsacl = NULL;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    return (NT_STATUS_SUCCESS);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_read
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Reads ZFS acl from filesystem using acl_get() method. Convert the ZFS acl to
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * a Win SD and return the Win SD in absolute form.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * NOTE: upon successful return caller MUST free the memory allocated
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * for the returned SD by calling smb_sd_term().
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightuint32_t
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_read(char *path, smb_sd_t *sd, uint32_t secinfo)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_fssd_t fs_sd;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t status = NT_STATUS_SUCCESS;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t sd_flags;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    int error;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    sd_flags = SMB_FSSD_FLAGS_DIR;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_fssd_init(&fs_sd, secinfo, sd_flags);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    error = smb_sd_read_acl(path, &fs_sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (error != NT_STATUS_SUCCESS) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        smb_fssd_term(&fs_sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        return (error);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    status = smb_sd_fromfs(&fs_sd, sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_fssd_term(&fs_sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    return (status);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Apply ZFS acl to the share path via acl_set() method.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * A NULL ACL pointer here represents an error.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * Null or empty ACLs are handled in smb_sd_tofs().
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic uint32_t
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_write_acl(char *path, smb_fssd_t *fs_sd)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    acl_t *z_acl;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    ace_t *z_ace;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t status = NT_STATUS_SUCCESS;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States    z_acl = fs_sd->sd_zdacl;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States    if (z_acl == NULL)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        return (NT_STATUS_INVALID_ACL);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States    z_ace = (ace_t *)z_acl->acl_aclp;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States    if (z_ace == NULL)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        return (NT_STATUS_INVALID_ACL);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    fs_sd->sd_gid = fs_sd->sd_uid = 0;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (acl_set(path, z_acl) != 0)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        status = NT_STATUS_INTERNAL_ERROR;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    return (status);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_write
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Takes a Win SD in absolute form, converts it to
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ZFS acl and applies the acl to the share path via acl_set() method.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightuint32_t
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_write(char *path, smb_sd_t *sd, uint32_t secinfo)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_fssd_t fs_sd;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t status = NT_STATUS_SUCCESS;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t sd_flags;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    int error;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    sd_flags = SMB_FSSD_FLAGS_DIR;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_fssd_init(&fs_sd, secinfo, sd_flags);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    error = smb_sd_tofs(sd, &fs_sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (error != NT_STATUS_SUCCESS) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        smb_fssd_term(&fs_sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        return (error);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    status = smb_sd_write_acl(path, &fs_sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_fssd_term(&fs_sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    return (status);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_tofs
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Creates a filesystem security structure based on the given
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Windows security descriptor.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightuint32_t
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_tofs(smb_sd_t *sd, smb_fssd_t *fs_sd)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_sid_t *sid;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t status = NT_STATUS_SUCCESS;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint16_t sd_control;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    idmap_stat idm_stat;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    int idtype;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    int flags = 0;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    sd_control = sd->sd_control;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    /*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright     * ZFS only has one set of flags so for now only
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright     * Windows DACL flags are taken into account.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright     */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (sd_control & SE_DACL_DEFAULTED)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        flags |= ACL_DEFAULTED;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (sd_control & SE_DACL_AUTO_INHERITED)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        flags |= ACL_AUTO_INHERIT;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (sd_control & SE_DACL_PROTECTED)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        flags |= ACL_PROTECTED;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        flags |= ACL_IS_DIR;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    /* Owner */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sid = sd->sd_owner;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (!smb_sid_isvalid(sid))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_INVALID_SID);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        idtype = SMB_IDMAP_USER;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        idm_stat = smb_idmap_getid(sid, &fs_sd->sd_uid, &idtype);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (idm_stat != IDMAP_SUCCESS) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_NONE_MAPPED);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    /* Group */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sid = sd->sd_group;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (!smb_sid_isvalid(sid))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_INVALID_SID);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        idtype = SMB_IDMAP_GROUP;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        idm_stat = smb_idmap_getid(sid, &fs_sd->sd_gid, &idtype);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (idm_stat != IDMAP_SUCCESS) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_NONE_MAPPED);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    /* DACL */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (sd->sd_control & SE_DACL_PRESENT) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            status = smb_acl_to_zfs(sd->sd_dacl, flags,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                SMB_DACL_SECINFO, &fs_sd->sd_zdacl);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            if (status != NT_STATUS_SUCCESS)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                return (status);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        else
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_INVALID_ACL);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    /* SACL */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (sd->sd_control & SE_SACL_PRESENT) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            status = smb_acl_to_zfs(sd->sd_sacl, flags,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                SMB_SACL_SECINFO, &fs_sd->sd_zsacl);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            if (status != NT_STATUS_SUCCESS) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                return (status);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        } else {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_INVALID_ACL);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    return (status);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_fromfs
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Makes an Windows style security descriptor in absolute form
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * based on the given filesystem security information.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Should call smb_sd_term() for the returned sd to free allocated
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * members.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krieruint32_t
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_fromfs(smb_fssd_t *fs_sd, smb_sd_t *sd)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    uint32_t status = NT_STATUS_SUCCESS;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_acl_t *acl = NULL;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_sid_t *sid;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    idmap_stat idm_stat;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    assert(fs_sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    assert(sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_sd_init(sd, SECURITY_DESCRIPTOR_REVISION);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    /* Owner */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        idm_stat = smb_idmap_getsid(fs_sd->sd_uid,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            SMB_IDMAP_USER, &sid);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (idm_stat != IDMAP_SUCCESS) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            smb_sd_term(sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_NONE_MAPPED);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sd->sd_owner = sid;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    /* Group */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        idm_stat = smb_idmap_getsid(fs_sd->sd_gid,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            SMB_IDMAP_GROUP, &sid);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (idm_stat != IDMAP_SUCCESS) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            smb_sd_term(sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            return (NT_STATUS_NONE_MAPPED);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sd->sd_group = sid;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    /* DACL */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (fs_sd->sd_zdacl != NULL) {
f96bd5c800e73e351b0b6e4bd7f00b578dad29bbAlan Wright            acl = smb_acl_from_zfs(fs_sd->sd_zdacl);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            if (acl == NULL) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                smb_sd_term(sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                return (NT_STATUS_INTERNAL_ERROR);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            /*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright             * Need to sort the ACL before send it to Windows
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright             * clients. Winodws GUI is sensitive about the order
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright             * of ACEs.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright             */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            smb_acl_sort(acl);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            smb_sd_set_dacl(sd, acl, B_TRUE,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                fs_sd->sd_zdacl->acl_flags);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        } else {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            smb_sd_set_dacl(sd, NULL, B_FALSE, 0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    /* SACL */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        if (fs_sd->sd_zsacl != NULL) {
f96bd5c800e73e351b0b6e4bd7f00b578dad29bbAlan Wright            acl = smb_acl_from_zfs(fs_sd->sd_zsacl);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            if (acl == NULL) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                smb_sd_term(sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                return (NT_STATUS_INTERNAL_ERROR);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            smb_sd_set_sacl(sd, acl, B_TRUE,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright                fs_sd->sd_zsacl->acl_flags);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        } else {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright            smb_sd_set_sacl(sd, NULL, B_FALSE, 0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    return (status);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic void
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_set_dacl(smb_sd_t *sd, smb_acl_t *acl, boolean_t present, int flags)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    assert((sd->sd_control & SE_SELF_RELATIVE) == 0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    sd->sd_dacl = acl;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (flags & ACL_DEFAULTED)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sd->sd_control |= SE_DACL_DEFAULTED;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (flags & ACL_AUTO_INHERIT)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sd->sd_control |= SE_DACL_AUTO_INHERITED;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (flags & ACL_PROTECTED)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sd->sd_control |= SE_DACL_PROTECTED;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (present)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sd->sd_control |= SE_DACL_PRESENT;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic void
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_set_sacl(smb_sd_t *sd, smb_acl_t *acl, boolean_t present, int flags)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    assert((sd->sd_control & SE_SELF_RELATIVE) == 0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    sd->sd_sacl = acl;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (flags & ACL_DEFAULTED)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sd->sd_control |= SE_SACL_DEFAULTED;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (flags & ACL_AUTO_INHERIT)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sd->sd_control |= SE_SACL_AUTO_INHERITED;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (flags & ACL_PROTECTED)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sd->sd_control |= SE_SACL_PROTECTED;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    if (present)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        sd->sd_control |= SE_SACL_PRESENT;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_fssd_init
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Initializes the given FS SD structure.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightvoid
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_fssd_init(smb_fssd_t *fs_sd, uint32_t secinfo, uint32_t flags)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    bzero(fs_sd, sizeof (smb_fssd_t));
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    fs_sd->sd_secinfo = secinfo;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    fs_sd->sd_flags = flags;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_fssd_term
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Frees allocated memory for acl fields.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightvoid
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_fssd_term(smb_fssd_t *fs_sd)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    assert(fs_sd);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    acl_free(fs_sd->sd_zdacl);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    acl_free(fs_sd->sd_zsacl);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    bzero(fs_sd, sizeof (smb_fssd_t));
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright}