smb_sd.c revision bbf6f00c25b6a2bed23c35eac6d62998ecdb338c
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * CDDL HEADER START
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * The contents of this file are subject to the terms of the
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * Common Development and Distribution License (the "License").
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * You may not use this file except in compliance with the License.
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * See the License for the specific language governing permissions
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * and limitations under the License.
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * When distributing Covered Code, include this CDDL HEADER in each
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * If applicable, add the following below this CDDL HEADER, with the
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * fields enclosed by brackets "[]" replaced with your own identifying
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * information: Portions Copyright [yyyy] [name of copyright owner]
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * CDDL HEADER END
794f0adb050e571bbfde4d2a19b9f88b852079ddRoger A. Faulkner * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchi * Use is subject to license terms.
475b496bc008381e64c802250441cc256622ce91Garrett D'Amore * This module provides Security Descriptor handling functions.
1e49577a7fcde812700ded04431b49d67cc57d6dRod Evansstatic void smb_sd_set_sacl(smb_sd_t *, smb_acl_t *, boolean_t, int);
b1593d50e783f7d66722dde093752b74ffa95176Jason Belorostatic void smb_sd_set_dacl(smb_sd_t *, smb_acl_t *, boolean_t, int);
b1593d50e783f7d66722dde093752b74ffa95176Jason Belorostatic uint32_t smb_sd_fromfs(smb_fssd_t *, smb_sd_t *);
1e49577a7fcde812700ded04431b49d67cc57d6dRod Evans * smb_sd_term
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * Free non-NULL members of 'sd' which has to be in
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * absolute (pointer) form.
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro ASSERT((sd->sd_control & SE_SELF_RELATIVE) == 0);
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * smb_sd_get_secinfo
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * Return the security information mask for the specified security
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * descriptor.
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * smb_sd_read
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * Read uid, gid and ACL from filesystem. The returned ACL from read
9d12795f87b63c2e39e87bff369182edd34677d3Robert Mustacchi * routine is always in ZFS format. Convert the ZFS acl to a Win acl
9d12795f87b63c2e39e87bff369182edd34677d3Robert Mustacchi * and return the Win SD in absolute form.
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * NOTE: upon successful return caller MUST free the memory allocated
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * for the returned SD by calling smb_sd_term().
b1593d50e783f7d66722dde093752b74ffa95176Jason Belorosmb_sd_read(smb_request_t *sr, smb_sd_t *sd, uint32_t secinfo)
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro sd_flags = (node->vp->v_type == VDIR) ? SMB_FSSD_FLAGS_DIR : 0;
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro error = smb_fsop_sdread(sr, sr->user_cr, node, &fs_sd);
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * smb_sd_write
7dc9a163b382daee1ce43b6588dd1b507363dae5Robert Mustacchi * Takes a Win SD in absolute form, converts it to
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * ZFS format and write it to filesystem. The write routine
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * converts ZFS acl to Posix acl if required.
b1593d50e783f7d66722dde093752b74ffa95176Jason Belorosmb_sd_write(smb_request_t *sr, smb_sd_t *sd, uint32_t secinfo)
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro sd_flags = (node->vp->v_type == VDIR) ? SMB_FSSD_FLAGS_DIR : 0;
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro error = smb_fsop_sdwrite(sr, sr->user_cr, node, &fs_sd, 0);
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * smb_sd_tofs
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * Creates a filesystem security structure based on the given
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * Windows security descriptor.
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * ZFS only has one set of flags so for now only
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * Windows DACL flags are taken into account.
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro idm_stat = smb_idmap_getid(sid, &fs_sd->sd_uid, &idtype);
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro idm_stat = smb_idmap_getid(sid, &fs_sd->sd_gid, &idtype);
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * smb_sd_fromfs
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * Makes an Windows style security descriptor in absolute form
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * based on the given filesystem security information.
5dbfd19ad5fcc2b779f40f80fa05c1bd28fd0b4eTheo Schlossnagle * Should call smb_sd_term() for the returned sd to free allocated
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro acl = smb_acl_from_zfs(fs_sd->sd_zdacl, fs_sd->sd_uid,
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * Need to sort the ACL before send it to Windows
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * clients. Winodws GUI is sensitive about the order
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro acl = smb_acl_from_zfs(fs_sd->sd_zsacl, fs_sd->sd_uid,
b1593d50e783f7d66722dde093752b74ffa95176Jason Belorosmb_sd_set_dacl(smb_sd_t *sd, smb_acl_t *acl, boolean_t present, int flags)
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro ASSERT((sd->sd_control & SE_SELF_RELATIVE) == 0);
b1593d50e783f7d66722dde093752b74ffa95176Jason Belorosmb_sd_set_sacl(smb_sd_t *sd, smb_acl_t *acl, boolean_t present, int flags)
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro ASSERT((sd->sd_control & SE_SELF_RELATIVE) == 0);
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * smb_fssd_init
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * Initializes the given FS SD structure.
b1593d50e783f7d66722dde093752b74ffa95176Jason Belorosmb_fssd_init(smb_fssd_t *fs_sd, uint32_t secinfo, uint32_t flags)
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * smb_fssd_term
b1593d50e783f7d66722dde093752b74ffa95176Jason Beloro * Frees allocated memory for acl fields.