smbfs_acl.c revision 02d09e03eb27f3a2dc299de704e45dae5173f43f
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* ACL support for smbfs
*/
#include <sys/byteorder.h>
#include <netsmb/smb_conn.h>
#include <netsmb/smb_osdep.h>
#include <netsmb/smb_subr.h>
#include <smbfs/smbfs_node.h>
#include <smbfs/smbfs_subr.h>
#include "smbfs_ntacl.h"
/* Sanity check SD sizes */
#define MAX_RAW_SD_SIZE 32768
#define SMALL_SD_SIZE 1024
/*
* smbfs_getsd() is a common function used by both
* smbfs_ioctl SMBFSIO_GETSD and VOP_GETSECATTR.
*
* Note: smbfs_getsd allocates and returns an mblk chain,
* which the caller must free.
*/
int
{
/* Shared lock for (possible) n_fid use. */
return (EINTR);
if (error)
goto out;
/*
* This does the OTW Get
*/
/*
* Server may give us an error indicating that we
* need a larger data buffer to receive the SD,
* and the size we'll need. Use the given size,
* but only after a sanity check.
*
* Let's check for specific error values here.
* The NT error is: STATUS_BUFFER_TOO_SMALL,
* or with old error codes, one of these:
* Those are mapped to: EMOREDATA, which is
* later converted to E2BIG.
*/
sdlen > SMALL_SD_SIZE &&
sdlen <= MAX_RAW_SD_SIZE)
goto again;
if (cerror)
SMBVDEBUG("error %d closing file %s\n",
out:
return (error);
}
int
{
/*
* Which parts of the SD are we setting?
* What rights do we need for that?
*/
if (selector == 0)
return (0);
rights = 0;
if (selector & (OWNER_SECURITY_INFORMATION |
/* Shared lock for (possible) n_fid use. */
return (EINTR);
if (error)
goto out;
/*
* This does the OTW Set
*/
if (cerror)
SMBVDEBUG("error %d closing file %s\n",
out:
return (error);
}
/*
* Helper for VOP_IOCTL: SMBFSIO_GETSD
*/
int
{
mblk_t *m;
void *ubuf;
int error;
/*
* Get the buffer information
*/
return (EFAULT);
/*
* This does the OTW Get (and maybe open, close)
* Allocates and returns an mblk in &m.
*/
if (error)
return (error);
/*
* Have m. Must free it before return.
*/
/*
* Always copyout the buffer information,
* so the user can realloc and try again
* after an EOVERFLOW return.
*/
goto out;
}
goto out;
}
/*
* Copyout the buffer contents (SD)
*/
out:
/* Note: m_freem(m) is done by... */
return (error);
}
/*
* Helper for VOP_IOCTL: SMBFSIO_SETSD
*/
int
{
void *ubuf;
int error;
/*
* Get the buffer information
*/
return (EFAULT);
return (EINVAL);
/*
* Get the buffer contents (security descriptor data)
*/
if (error)
goto out;
/*
* This does the OTW Set (and maybe open, close)
* It clears mb_top when consuming the message.
*/
out:
return (error);
}
/*
* Helper for VOP_GETSECATTR
* Call smbfs_getsd, convert NT to ZFS form.
*/
/* ARGSUSED */
int
{
int error;
/*
* Which parts of the SD we request.
* XXX: We need a way to let the caller specify
* what parts she wants - i.e. the SACL?
* XXX: selector |= SACL_SECURITY_INFORMATION;
* Or maybe: if we get access denied, try the
*/
selector = 0;
if (vsa)
if (uidp)
if (gidp)
if (selector == 0)
return (0);
/*
* This does the OTW Get (and maybe open, close)
* Allocates and returns an mblk in &m.
*/
if (error)
goto out;
/* Note: allocated *m */
/*
* Parse the OtW security descriptor,
* storing in our internal form.
*/
if (error)
goto out;
/*
* Convert the Windows security descriptor to a
* ZFS ACL (and owner ID, primary group ID).
*/
out:
/* Note: m_freem(m) is done by... */
return (error);
}
/*
* Helper for VOP_SETSECATTR
* Convert ZFS to NT form, call smbfs_setsd.
*/
/* ARGSUSED */
int
{
int error;
/*
* Which parts of the SD we'll modify.
* Ditto comments above re. SACL
*/
selector = 0;
if (vsa)
if (selector == 0)
return (0);
/*
* Convert a ZFS ACL (and owner ID, group ID)
* into an NT SD, internal form.
*/
if (error)
goto out;
/*
* Marshall the internal form SD into an
* OtW security descriptor.
*/
if (error)
goto out;
/*
* This does the OTW Set (and maybe open, close)
* It clears mb_top when consuming the message.
*/
out:
return (error);
}