smb_sd.c revision 29bd28862cfb8abbd3a0f0a4b17e08bbc3652836
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * CDDL HEADER START
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * The contents of this file are subject to the terms of the
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Common Development and Distribution License (the "License").
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * You may not use this file except in compliance with the License.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * See the License for the specific language governing permissions
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * and limitations under the License.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * When distributing Covered Code, include this CDDL HEADER in each
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * If applicable, add the following below this CDDL HEADER, with the
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * fields enclosed by brackets "[]" replaced with your own identifying
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * information: Portions Copyright [yyyy] [name of copyright owner]
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * CDDL HEADER END
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Use is subject to license terms.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This module provides Security Descriptor handling functions.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_SHR_ACE_READ_PERMS (ACE_READ_PERMS | ACE_EXECUTE | ACE_SYNCHRONIZE)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright#define SMB_SHR_ACE_CONTROL_PERMS (ACE_MODIFY_PERMS & (~ACE_DELETE_CHILD))
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic void smb_sd_set_sacl(smb_sd_t *, smb_acl_t *, boolean_t, int);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic void smb_sd_set_dacl(smb_sd_t *, smb_acl_t *, boolean_t, int);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightstatic uint32_t smb_sd_fromfs(smb_fssd_t *, smb_sd_t *);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_term
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Free non-NULL members of 'sd' which has to be in
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * absolute (pointer) form.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright assert((sd->sd_control & SE_SELF_RELATIVE) == 0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_get_secinfo
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Return the security information mask for the specified security
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * descriptor.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Adjust the Access Mask so that ZFS ACE mask and Windows ACE read mask match.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright return (-1);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Get ZFS acl from the share path via acl_get() method.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright for (int i = 0; i < z_acl->acl_cnt; i++, z_ace++) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright mask = smb_sd_adjust_read_mask(z_ace->a_access_mask);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_read
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Reads ZFS acl from filesystem using acl_get() method. Convert the ZFS acl to
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * a Win SD and return the Win SD in absolute form.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * NOTE: upon successful return caller MUST free the memory allocated
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * for the returned SD by calling smb_sd_term().
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_read(char *path, smb_sd_t *sd, uint32_t secinfo)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Adjust the Access Mask so that ZFS ACE mask and Windows ACE write mask match.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright return (-1);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Apply ZFS acl to the share path via acl_set() method.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright for (int i = 0; i < z_acl->acl_cnt; i++, z_ace++) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright mask = smb_sd_adjust_write_mask(z_ace->a_access_mask);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_write
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Takes a Win SD in absolute form, converts it to
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ZFS acl and applies the acl to the share path via acl_set() method.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_write(char *path, smb_sd_t *sd, uint32_t secinfo)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_tofs
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Creates a filesystem security structure based on the given
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Windows security descriptor.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * ZFS only has one set of flags so for now only
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Windows DACL flags are taken into account.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright idm_stat = smb_idmap_getid(sid, &fs_sd->sd_uid, &idtype);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright idm_stat = smb_idmap_getid(sid, &fs_sd->sd_gid, &idtype);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_sd_fromfs
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Makes an Windows style security descriptor in absolute form
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * based on the given filesystem security information.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Should call smb_sd_term() for the returned sd to free allocated
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright acl = smb_acl_from_zfs(fs_sd->sd_zdacl, fs_sd->sd_uid,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Need to sort the ACL before send it to Windows
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * clients. Winodws GUI is sensitive about the order
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright acl = smb_acl_from_zfs(fs_sd->sd_zsacl, fs_sd->sd_uid,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_set_dacl(smb_sd_t *sd, smb_acl_t *acl, boolean_t present, int flags)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright assert((sd->sd_control & SE_SELF_RELATIVE) == 0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_sd_set_sacl(smb_sd_t *sd, smb_acl_t *acl, boolean_t present, int flags)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright assert((sd->sd_control & SE_SELF_RELATIVE) == 0);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_fssd_init
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Initializes the given FS SD structure.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightsmb_fssd_init(smb_fssd_t *fs_sd, uint32_t secinfo, uint32_t flags)
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * smb_fssd_term
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Frees allocated memory for acl fields.