/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* ACL support for smbfs
*/
#include <sys/byteorder.h>
#include <netsmb/smb_conn.h>
#include <netsmb/smb_osdep.h>
#include <netsmb/smb_subr.h>
#include <smbfs/smbfs_node.h>
#include <smbfs/smbfs_subr.h>
#include "smbfs_ntacl.h"
/* Sanity check SD sizes */
/*
* smbfs_getsd() is a common function used by both
* smbfs_ioctl SMBFSIO_GETSD and VOP_GETSECATTR.
*
* Note: smbfs_getsd allocates and returns an mblk chain,
* which the caller must free.
*/
static int
{
/* Shared lock for (possible) n_fid use. */
return (EINTR);
if (error)
goto out;
/*
* This does the OTW Get
*/
/*
* Server may give us an error indicating that we
* need a larger data buffer to receive the SD,
* and the size we'll need. Use the given size,
* but only after a sanity check.
*
* Let's check for specific error values here.
* The NT error is: STATUS_BUFFER_TOO_SMALL,
* or with old error codes, one of these:
* Those are mapped to: EMOREDATA, which is
* later converted to E2BIG.
*/
sdlen > SMALL_SD_SIZE &&
sdlen <= MAX_RAW_SD_SIZE)
goto again;
if (cerror)
SMBVDEBUG("error %d closing file %s\n",
out:
return (error);
}
/*
* smbfs_setsd() is a common function used by both
* smbfs_ioctl SMBFSIO_SETSD and VOP_SETSECATTR.
*
* Note: smbfs_setsd _consumes_ the passed *mp and
* clears the pointer (so the caller won't free it)
*/
static int
{
/*
* Which parts of the SD are we setting?
* What rights do we need for that?
*/
if (selector == 0)
return (0);
rights = 0;
if (selector & (OWNER_SECURITY_INFORMATION |
/* Shared lock for (possible) n_fid use. */
return (EINTR);
if (error)
goto out;
/*
* We're setting the remote ACL now, so
* invalidate our cached ACL just in case
* the server doesn't do exactly as we ask.
*/
/*
* This does the OTW Set
*/
if (cerror)
SMBVDEBUG("error %d closing file %s\n",
out:
return (error);
}
/*
* Helper for VOP_IOCTL: SMBFSIO_GETSD
*/
int
{
mblk_t *m;
void *ubuf;
int error;
/*
* Get the buffer information
*/
return (EFAULT);
/*
* This does the OTW Get (and maybe open, close)
* Allocates and returns an mblk in &m.
*/
if (error)
return (error);
/*
* Have m. Must free it before return.
*/
/*
* Always copyout the buffer information,
* so the user can realloc and try again
* after an EOVERFLOW return.
*/
goto out;
}
goto out;
}
/*
* Copyout the buffer contents (SD)
*/
out:
/* Note: m_freem(m) is done by... */
return (error);
}
/*
* Helper for VOP_IOCTL: SMBFSIO_SETSD
*/
int
{
void *ubuf;
int error;
/*
* Get the buffer information
*/
return (EFAULT);
return (EINVAL);
/*
* Get the buffer contents (security descriptor data)
*/
if (error)
goto out;
/*
* This does the OTW Set (and maybe open, close)
* It clears mb_top when consuming the message.
*/
out:
return (error);
}
/*
* Refresh our cached copy of the security attributes
*/
static int
{
int error;
/*
* Which parts of the SD we request.
* Not getting the SACL for now.
*/
/*
* This does the OTW Get (and maybe open, close)
* Allocates and returns an mblk in &m.
*/
if (error)
goto out;
/* Note: allocated *m */
/*
* Parse the OtW security descriptor,
* storing in our internal form.
*/
if (error)
goto out;
/*
* Convert the Windows security descriptor to a
* ZFS ACL (and owner ID, primary group ID).
*/
if (error)
goto out;
/*
* Store the results in r_secattr, n_uid, n_gid
*/
/*
* ACLs don't change frequently, so cache these
* for a relatively long time (ac dir max).
*/
/* Allocated in: smbfs_acl_sd2zfs */
out:
/* Note: m_freem(m) is done by... */
return (error);
}
/*
* Helper for smbfsgetattr()
*
* Just refresh the ACL cache if needed,
*/
int
{
int error;
/*
* NB: extended attribute files and directories
* do not have ACLs separate from the parent.
* Let the caller do ACL fabrication.
*/
return (ENOSYS);
/* Need to update r_secattr */
return (error);
}
return (0);
}
/*
* Helper for VOP_GETSECATTR
*
* Refresh the ACL cache if needed, then
* duplicate the requested parts of the vsecattr.
*/
/* ARGSUSED */
int
{
int error;
/*
* NB: extended attribute files and directories
* do not have ACLs separate from the parent.
* Let the caller do ACL fabrication.
*/
return (ENOSYS);
/* Need to update r_secattr */
if (error)
return (error);
}
/*
* Duplicate requested parts of r_secattr
*/
vsa->vsa_aclentsz);
}
return (0);
}
/*
* Helper for smbfs_acl_setids, smbfs_acl_setvsa
*/
static int
{
int error;
/*
* Convert a ZFS ACL (and owner ID, group ID)
* into an NT SD, internal form.
*/
if (error)
goto out;
/*
* Marshall the internal form SD into an
* OtW security descriptor.
*/
if (error)
goto out;
/*
* This does the OTW Set (and maybe open, close)
* It clears mb_top when consuming the message.
*/
out:
return (error);
}
/*
* Helper for smbfs_setattr()
*
*/
int
{
int error;
}
}
if (selector == 0)
return (0);
return (error);
}
/*
* Helper for VOP_SETSECATTR
* Convert ZFS to NT form, call smbfs_setsd.
*/
/* ARGSUSED */
int
{
int error;
/*
* NB: extended attribute files and directories
* do not have ACLs separate from the parent.
*/
return (ENOSYS);
/*
* When handling ACE_OWNER or ACE_GROUP entries,
* we need the current owner and group.
*/
if (error)
return (error);
return (error);
}