smbfs_acl.c revision 7568150a58e78021968b6c22bc28e9787b33496a
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* ACL support for smbfs
*/
#include <sys/byteorder.h>
#include <netsmb/smb_osdep.h>
#include <netsmb/smb_conn.h>
#include <netsmb/smb_subr.h>
#include <smbfs/smbfs_node.h>
#include <smbfs/smbfs_subr.h>
/* Sanity check SD sizes */
#define MAX_RAW_SD_SIZE 32768
#define SMALL_SD_SIZE 1024
/*
* smbfs_getsd(), smbfs_setsd() are common functions used by
*
* Note: smbfs_getsd allocates and returns an mblk chain,
* which the caller must free.
*/
int
{
/* Shared lock for (possible) n_fid use. */
return (EINTR);
if (error)
goto out;
/*
* This does the OTW Get
*/
/*
* Server may give us an error indicating that we
* need a larger data buffer to receive the SD,
* and the size we'll need. Use the given size,
* but only after a sanity check.
*
* Let's check for specific error values here.
* The NT error is: STATUS_BUFFER_TOO_SMALL,
* or with old error codes, one of these:
* Those are mapped to: EMOREDATA, which is
* later converted to E2BIG.
*/
sdlen > SMALL_SD_SIZE &&
sdlen <= MAX_RAW_SD_SIZE)
goto again;
if (cerror)
SMBERROR("error %d closing file %s\n",
out:
return (error);
}
int
{
/*
* Which parts of the SD are we setting?
* What rights do we need for that?
*/
if (selector == 0)
return (0);
rights = 0;
if (selector & (OWNER_SECURITY_INFORMATION |
/* Shared lock for (possible) n_fid use. */
return (EINTR);
if (error)
goto out;
/*
* This does the OTW Set
*/
if (cerror)
SMBERROR("error %d closing file %s\n",
out:
return (error);
}
/*
* Entry points from VOP_IOCTL
*/
int
{
mblk_t *m;
void *ubuf;
int error;
/*
* Get the buffer information
*/
return (EFAULT);
/*
* This does the OTW Get (and maybe open, close)
* Allocates and returns an mblk in &m.
*/
if (error)
return (error);
/*
* Have m. Must free it before return.
*/
/*
* Always copyout the buffer information,
* so the user can realloc and try again
* after an EOVERFLOW return.
*/
goto out;
}
goto out;
}
/*
* Copyout the buffer contents (SD)
*/
out:
/* Note: m_freem(m) is done by... */
return (error);
}
int
{
void *ubuf;
int error;
/*
* Get the buffer information
*/
return (EFAULT);
return (EINVAL);
/*
* Get the buffer contents (security descriptor data)
*/
if (error)
goto out;
/*
* This does the OTW Set (and maybe open, close)
* It clears mb_top when consuming the message.
*/
out:
return (error);
}
#ifdef ACL_SUPPORT
/*
* Conversion functions for VOP_GETSECATTR, VOP_SETSECATTR
*
* XXX: We may or may not add conversion code here, or we
* ACL conversion code is in libsmbfs.
*/
/*
* Convert a Windows SD (in the mdchain mdp) into a
* ZFS-style vsecattr_t and possibly uid, gid.
*/
/* ARGSUSED */
static int
{
/* XXX NOT_YET */
return (ENOSYS);
}
/*
* Convert a ZFS-style vsecattr_t (and possibly uid, gid)
* into a Windows SD (built in the mbchain mbp).
*/
/* ARGSUSED */
static int
{
/* XXX NOT_YET */
return (ENOSYS);
}
#endif /* ACL_SUPPORT */
/*
* Entry points from VOP_GETSECATTR, VOP_SETSECATTR
*
* Disabled the real _getacl functionality for now,
* because we have no way to return the owner and
* in getattr with something derived from _getsd.
*/
/* ARGSUSED */
int
{
#ifdef ACL_SUPPORT
mblk_t *m;
int error;
/*
* Which parts of the SD we request.
* XXX: We need a way to let the caller specify
* what parts she wants - i.e. the SACL?
* XXX: selector |= SACL_SECURITY_INFORMATION;
* Or maybe: if we get access denied, try the
*/
selector = 0;
if (vsa)
if (uidp)
if (gidp)
if (selector == 0)
return (0);
/*
* This does the OTW Get (and maybe open, close)
* Allocates and returns an mblk in &m.
*/
if (error)
return (error);
/*
* Have m. Must free it before return.
*/
/*
* Convert the Windows security descriptor to a
* ZFS ACL (and owner ID, primary group ID).
* This is the difficult part. (todo)
*/
/* Note: m_freem(m) is done by... */
return (error);
#else /* ACL_SUPPORT */
return (ENOSYS);
#endif /* ACL_SUPPORT */
}
/* ARGSUSED */
int
{
#ifdef ACL_SUPPORT
int error;
/*
* Which parts of the SD we'll modify.
* Ditto comments above re. SACL
*/
selector = 0;
if (vsa)
if (uid != -1)
if (gid != -1)
if (selector == 0)
return (0);
/*
* Setup buffer for SD data.
*/
/*
* Convert a ZFS ACL (and owner ID, group ID)
* to a Windows security descriptor.
* This is the difficult part. (todo)
*/
if (error)
goto out;
/*
* This does the OTW Set (and maybe open, close)
* It clears mb_top when consuming the message.
*/
out:
return (error);
#else /* ACL_SUPPORT */
return (ENOSYS);
#endif /* ACL_SUPPORT */
}