smb_sd.c revision 1fdeec650620e8498c06f832ea4bd2292f7e9632
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * CDDL HEADER START
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * The contents of this file are subject to the terms of the
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Common Development and Distribution License (the "License").
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * You may not use this file except in compliance with the License.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * See the License for the specific language governing permissions
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * and limitations under the License.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * When distributing Covered Code, include this CDDL HEADER in each
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * If applicable, add the following below this CDDL HEADER, with the
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * fields enclosed by brackets "[]" replaced with your own identifying
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * information: Portions Copyright [yyyy] [name of copyright owner]
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * CDDL HEADER END
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This module provides Security Descriptor handling functions.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_SHR_ACE_READ_PERMS (ACE_READ_PERMS | ACE_EXECUTE | ACE_SYNCHRONIZE)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_SHR_ACE_CONTROL_PERMS (ACE_MODIFY_PERMS & (~ACE_DELETE_CHILD))
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States/*
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * This mapping table is provided to map permissions set by chmod
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * using 'read_set' and 'modify_set' to what Windows share ACL GUI
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * expects as Read and Control, respectively.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States */
b1352070d318187b41b088da3533692976f3f225Alan Wrightstatic struct {
b1352070d318187b41b088da3533692976f3f225Alan Wright { ACE_MODIFY_PERMS, SMB_SHR_ACE_CONTROL_PERMS },
b1352070d318187b41b088da3533692976f3f225Alan Wright#define SMB_ACE_MASK_MAP_SIZE (sizeof (smb_ace_map)/sizeof (smb_ace_map[0]))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic void smb_sd_set_sacl(smb_sd_t *, smb_acl_t *, boolean_t, int);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic void smb_sd_set_dacl(smb_sd_t *, smb_acl_t *, boolean_t, int);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_term
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Free non-NULL members of 'sd' which has to be in
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * absolute (pointer) form.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright assert((sd->sd_control & SE_SELF_RELATIVE) == 0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_get_secinfo
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Return the security information mask for the specified security
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * descriptor.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Adjust the Access Mask so that ZFS ACE mask and Windows ACE read mask match.
b1352070d318187b41b088da3533692976f3f225Alan Wright for (i = 0; i < SMB_ACE_MASK_MAP_SIZE; ++i) {
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States return (mask);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Get ZFS acl from the share path via acl_get() method.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States for (int i = 0; i < z_acl->acl_cnt; i++, z_ace++)
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States z_ace->a_access_mask =
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States smb_sd_adjust_read_mask(z_ace->a_access_mask);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_read
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Reads ZFS acl from filesystem using acl_get() method. Convert the ZFS acl to
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * a Win SD and return the Win SD in absolute form.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * NOTE: upon successful return caller MUST free the memory allocated
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * for the returned SD by calling smb_sd_term().
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_read(char *path, smb_sd_t *sd, uint32_t secinfo)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Apply ZFS acl to the share path via acl_set() method.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * A NULL ACL pointer here represents an error.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States * Null or empty ACLs are handled in smb_sd_tofs().
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States z_acl = fs_sd->sd_zdacl;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States if (z_acl == NULL)
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States z_ace = (ace_t *)z_acl->acl_aclp;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States if (z_ace == NULL)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_write
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Takes a Win SD in absolute form, converts it to
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ZFS acl and applies the acl to the share path via acl_set() method.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_write(char *path, smb_sd_t *sd, uint32_t secinfo)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_tofs
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Creates a filesystem security structure based on the given
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Windows security descriptor.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ZFS only has one set of flags so for now only
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Windows DACL flags are taken into account.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright idm_stat = smb_idmap_getid(sid, &fs_sd->sd_uid, &idtype);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright idm_stat = smb_idmap_getid(sid, &fs_sd->sd_gid, &idtype);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_fromfs
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Makes an Windows style security descriptor in absolute form
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * based on the given filesystem security information.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Should call smb_sd_term() for the returned sd to free allocated
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Need to sort the ACL before send it to Windows
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * clients. Winodws GUI is sensitive about the order
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_set_dacl(smb_sd_t *sd, smb_acl_t *acl, boolean_t present, int flags)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright assert((sd->sd_control & SE_SELF_RELATIVE) == 0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_set_sacl(smb_sd_t *sd, smb_acl_t *acl, boolean_t present, int flags)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright assert((sd->sd_control & SE_SELF_RELATIVE) == 0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_fssd_init
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Initializes the given FS SD structure.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_fssd_init(smb_fssd_t *fs_sd, uint32_t secinfo, uint32_t flags)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_fssd_term
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Frees allocated memory for acl fields.