/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2014 Nexenta Systems, Inc. All rights reserved.
*/
#include <smbsrv/smb_kproto.h>
/*
* smb_nt_transact_query_security_info
*
* This command allows the client to retrieve the security descriptor
* on a file. The result of the call is returned to the client in the
* Data part of the transaction response.
*
* Some clients specify a non-zero maximum data return size (mdrcnt)
* for the SD and some specify zero. In either case, if the mdrcnt is
* too small we need to return NT_STATUS_BUFFER_TOO_SMALL and a buffer
* size hint. The client should then retry with the appropriate buffer
* size.
*
* Client Parameter Block Description
* ================================== =================================
*
* USHORT Fid; FID of target
* USHORT Reserved; MBZ
* ULONG secinfo; Fields of descriptor to set
*
* Data Block Encoding Description
* ================================== ==================================
*
* Data[TotalDataCount] Security Descriptor information
*/
{
return (SDRC_ERROR);
}
return (SDRC_ERROR);
}
return (SDRC_ERROR);
}
/*
* If target filesystem doesn't support ACE_T acls then
* don't process SACL
*/
secinfo &= ~SMB_SACL_SECINFO;
}
if (status != NT_STATUS_SUCCESS) {
return (SDRC_ERROR);
}
if (sdlen == 0) {
smb_sd_term(&sd);
return (SDRC_ERROR);
}
/*
* The maximum data return count specified by the
* client is not big enough to hold the security
* descriptor. We have to return an error but we
* should provide a buffer size hint for the client.
*/
smb_sd_term(&sd);
return (SDRC_SUCCESS);
}
smb_sd_term(&sd);
return (SDRC_SUCCESS);
}
/*
* smb_nt_transact_set_security_info
*
* This command allows the client to change the security descriptor on a
* file. All we do here is decode the parameters and the data. The data
* is passed directly to smb_nt_set_security_object, with the security
* information describing the information to set. There are no response
* parameters or data.
*
* Client Parameter Block Encoding Description
* ================================== ==================================
* USHORT Fid; FID of target
* USHORT Reserved; MBZ
* ULONG SecurityInformation; Fields of SD that to set
*
* Data Block Encoding Description
* ================================== ==================================
* Data[TotalDataCount] Security Descriptor information
*/
{
return (SDRC_ERROR);
}
return (SDRC_ERROR);
}
return (SDRC_ERROR);
}
if (SMB_TREE_IS_READONLY(sr)) {
return (SDRC_ERROR);
}
/*
* If target filesystem doesn't support ACE_T acls then
* don't process SACL
*/
secinfo &= ~SMB_SACL_SECINFO;
}
if ((secinfo & SMB_ALL_SECINFO) == 0) {
return (NT_STATUS_SUCCESS);
}
if (status != NT_STATUS_SUCCESS) {
return (SDRC_ERROR);
}
return (SDRC_ERROR);
}
smb_sd_term(&sd);
if (status != NT_STATUS_SUCCESS) {
return (SDRC_ERROR);
}
return (SDRC_SUCCESS);
}
/*
* smb_encode_sd
*
* Encodes given security descriptor in the reply buffer.
*/
void
{
/* encode header */
/* owner offset */
if (secinfo & SMB_OWNER_SECINFO) {
} else {
}
/* group offset */
if (secinfo & SMB_GROUP_SECINFO) {
} else {
}
/* SACL offset */
} else {
}
/* DACL offset */
else
if (secinfo & SMB_OWNER_SECINFO)
if (secinfo & SMB_GROUP_SECINFO)
if (secinfo & SMB_SACL_SECINFO)
if (secinfo & SMB_DACL_SECINFO)
}
/*
* smb_encode_sid
*
* Encodes given SID in the reply buffer.
*/
void
{
int i;
for (i = 0; i < NT_SID_AUTH_MAX; i++) {
sid->sid_authority[i]);
}
for (i = 0; i < sid->sid_subauthcnt; i++) {
sid->sid_subauth[i]);
}
}
/*
* smb_encode_sacl
*
* Encodes given SACL in the reply buffer.
*/
static void
{
int i;
return;
/* encode header */
}
}
/*
* smb_encode_dacl
*
* Encodes given DACL in the reply buffer.
*/
static void
{
return;
/* encode header */
while (ace) {
}
}
/*
* smb_decode_sd
*
* Decodes the security descriptor in the request buffer
* and set the fields of 'sd' appropraitely. Upon successful
* return, caller must free allocated memories by calling
* smb_sd_term().
*/
{
goto decode_error;
if (owner_offs != 0) {
if (owner_offs < SMB_SD_HDRSIZE)
goto decode_error;
goto decode_error;
}
if (group_offs != 0) {
if (group_offs < SMB_SD_HDRSIZE)
goto decode_error;
goto decode_error;
}
if (sacl_offs != 0) {
goto decode_error;
if (sacl_offs < SMB_SD_HDRSIZE)
goto decode_error;
goto decode_error;
}
if (dacl_offs != 0) {
goto decode_error;
if (dacl_offs < SMB_SD_HDRSIZE)
goto decode_error;
goto decode_error;
}
return (NT_STATUS_SUCCESS);
return (NT_STATUS_INVALID_SECURITY_DESCR);
}
/*
* smb_decode_sid
*
* Allocates memory and decodes the SID in the request buffer
* Upon successful return, caller must free the allocated memory
* by calling smb_sid_free()
*/
{
int sidlen;
int bytes_left;
int i;
if (bytes_left < (int)sizeof (smb_sid_t))
return (NULL);
return (NULL);
return (NULL);
(subauth_cnt * sizeof (uint32_t));
for (i = 0; i < NT_SID_AUTH_MAX; i++) {
goto decode_err;
}
for (i = 0; i < sid->sid_subauthcnt; i++) {
goto decode_err;
}
return (sid);
return (NULL);
}
/*
* smb_decode_acl
*
* Allocates memory and decodes the ACL in the request buffer
* Upon successful return, caller must free the allocated memory
* by calling smb_acl_free().
*/
static smb_acl_t *
{
int bytes_left;
int sidlen;
int i;
if (bytes_left < SMB_ACL_HDRSIZE)
return (NULL);
return (NULL);
return (NULL);
if (size == 0)
return (NULL);
goto decode_error;
goto decode_error;
/* This is SID length plus any paddings between ACEs */
}
return (acl);
return (NULL);
}