smb_nt_transact_security.c revision da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <smbsrv/smb_secdesc.h>
#include <smbsrv/smb_incl.h>
#include <smbsrv/smb_fsops.h>
/*
* smb_nt_transact_query_security_info
*
* This command allows the client to retrieve the security descriptor
* on a file. The result of the call is returned to the client in the
* Data part of the transaction response.
*
* Some clients specify a non-zero maximum data return size (mdrcnt)
* for the SD and some specify zero. In either case, if the mdrcnt is
* too small we need to return NT_STATUS_BUFFER_TOO_SMALL and a buffer
* size hint. The client should then retry with the appropriate buffer
* size.
*
* Client Parameter Block Description
* ================================== =================================
*
* USHORT Fid; FID of target
* USHORT Reserved; MBZ
* ULONG secinfo; Fields of descriptor to set
*
* Data Block Encoding Description
* ================================== ==================================
*
* Data[TotalDataCount] Security Descriptor information
*/
int
{
/*
* It's not clear why ERRnomem is returned here.
* This should rarely happen and we're not sure if
* it's going to break something if we change this
* error code, so we're going to keep it for now.
*/
/* NOTREACHED */
}
/* NOTREACHED */
}
/* NOTREACHED */
}
/*
* If target filesystem doesn't support ACE_T acls then
* don't process SACL
*/
secinfo &= ~SMB_SACL_SECINFO;
}
if (status != NT_STATUS_SUCCESS) {
if (status == NT_STATUS_BUFFER_TOO_SMALL) {
/*
* The maximum data return count specified by the
* client is not big enough to hold the security
* descriptor. We have to return an error but we
* can provide a buffer size hint for the client.
*/
return (SDRC_NORMAL_REPLY);
}
/* NOTREACHED */
}
return (SDRC_NORMAL_REPLY);
}
/*
* smb_nt_transact_set_security_info
*
* This command allows the client to change the security descriptor on a
* file. All we do here is decode the parameters and the data. The data
* is passed directly to smb_nt_set_security_object, with the security
* information describing the information to set. There are no response
* parameters or data.
*
* Client Parameter Block Encoding Description
* ================================== ==================================
* USHORT Fid; FID of target
* USHORT Reserved; MBZ
* ULONG SecurityInformation; Fields of SD that to set
*
* Data Block Encoding Description
* ================================== ==================================
* Data[TotalDataCount] Security Descriptor information
*/
int
{
/* NOTREACHED */
}
/* NOTREACHED */
}
/* NOTREACHED */
}
/* NOTREACHED */
}
/*
* If target filesystem doesn't support ACE_T acls then
* don't process SACL
*/
sec_info &= ~SMB_SACL_SECINFO;
}
if ((sec_info & SMB_ALL_SECINFO) == 0) {
return (NT_STATUS_SUCCESS);
}
/* NOTREACHED */
}
if (status != NT_STATUS_SUCCESS) {
/* NOTREACHED */
}
return (SDRC_NORMAL_REPLY);
}