smb_sd.c revision da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This module provides Security Descriptor handling functions.
*/
#include <smbsrv/smb_incl.h>
#include <smbsrv/smb_fsops.h>
#include <smbsrv/smb_idmap.h>
void
{
}
/*
* smb_sd_term
*
* Free non-NULL members of 'sd' which has to be in
* absolute (pointer) form.
*/
void
{
}
/*
* Hmmm. For all of these smb_sd_set_xxx() functions,
* what do we do if the affected member is already set?
* Should we free() it? For now, punt and risk a memory leak.
*/
void
{
if (defaulted)
else
}
void
{
if (defaulted)
else
}
void
{
if (flags & ACL_DEFAULTED)
if (flags & ACL_AUTO_INHERIT)
if (flags & ACL_PROTECTED)
if (present)
}
void
{
if (flags & ACL_DEFAULTED)
if (flags & ACL_AUTO_INHERIT)
if (flags & ACL_PROTECTED)
if (present)
}
nt_sid_t *
{
/*LINTED E_BAD_PTR_CAST_ALIGN*/
}
else
return (sid);
}
nt_sid_t *
{
/*LINTED E_BAD_PTR_CAST_ALIGN*/
}
else
return (sid);
}
{
if (sr_sd->sd_dacl_offs) {
/*LINTED E_BAD_PTR_CAST_ALIGN*/
}
}
else
return (acl);
}
{
if (sr_sd->sd_sacl_offs) {
/*LINTED E_BAD_PTR_CAST_ALIGN*/
}
}
else
return (acl);
}
{
int present;
/* SD Header */
length += sizeof (smb_sdbuf_t);
/* Owner */
if (secinfo & SMB_OWNER_SECINFO) {
if (sid)
}
/* Group */
if (secinfo & SMB_GROUP_SECINFO) {
if (sid)
}
/* DACL */
if (secinfo & SMB_DACL_SECINFO) {
}
/* SACL */
if (secinfo & SMB_SACL_SECINFO) {
}
return (length);
}
/*
* smb_sd_get_secinfo
*
* Return the security information mask for the specified security
* descriptor.
*/
smb_sd_get_secinfo(void *sd)
{
int present;
if (sd == 0)
return (0);
return (sec_info);
}
/*
* smb_sd_abs2selfrel
*
* This function takes an absolute SD (sd) and make a self relative
* SD which will be returned in srel_sd.
*
* srel_sdsz contains the size of buffer which srel_sd points to.
*
* Do not add new error codes here without checking the impact on
* all callers of this function.
*
* Returns NT status codes:
* NT_STATUS_SUCCESS
* NT_STATUS_BUFFER_TOO_SMALL
* NT_STATUS_INVALID_SECURITY_DESCR
*/
static uint32_t
{
unsigned char *scan_end;
if (length == 0)
return (NT_STATUS_INVALID_SECURITY_DESCR);
return (NT_STATUS_BUFFER_TOO_SMALL);
/* SD Header */
length = sizeof (smb_sdbuf_t);
if (secinfo & SMB_OWNER_SECINFO) {
/* Owner */
if (defaulted)
if (sid) {
/*LINTED E_PTRDIFF_OVERFLOW*/
if (length == 0)
goto fail;
/*LINTED E_PTRDIFF_OVERFLOW*/
}
}
if (secinfo & SMB_GROUP_SECINFO) {
/* Group */
if (defaulted)
if (sid) {
/*LINTED E_PTRDIFF_OVERFLOW*/
if (length == 0)
goto fail;
/*LINTED E_PTRDIFF_OVERFLOW*/
}
}
if (secinfo & SMB_DACL_SECINFO) {
/* Dacl */
if (defaulted)
if (present)
/*LINTED E_PTRDIFF_OVERFLOW*/
if (length == 0)
goto fail;
/*LINTED E_PTRDIFF_OVERFLOW*/
/*LINTED E_PTRDIFF_OVERFLOW*/
}
}
if (secinfo & SMB_SACL_SECINFO) {
/* Sacl */
if (defaulted)
if (present)
/*LINTED E_PTRDIFF_OVERFLOW*/
if (length == 0)
goto fail;
/*LINTED E_PTRDIFF_OVERFLOW*/
/*LINTED E_PTRDIFF_OVERFLOW*/
}
}
return (NT_STATUS_SUCCESS);
fail:
return (NT_STATUS_INVALID_SECURITY_DESCR);
}
/*
* smb_sd_fromfs
*
* Makes an Windows style security descriptor in absolute form
* based on the given filesystem security information.
*
* Should call smb_sd_term() for the returned sd to free allocated
* members.
*/
static uint32_t
{
/* Owner */
SMB_IDMAP_USER, &sid);
if (idm_stat != IDMAP_SUCCESS) {
return (NT_STATUS_NONE_MAPPED);
}
}
/* Group */
SMB_IDMAP_GROUP, &sid);
if (idm_stat != IDMAP_SUCCESS) {
return (NT_STATUS_NONE_MAPPED);
}
}
/* DACL */
return (NT_STATUS_INTERNAL_ERROR);
}
/*
* Need to sort the ACL before send it to Windows
* clients. Winodws GUI is sensitive about the order
* of ACEs.
*/
acl = sorted_acl;
}
} else {
}
}
/* SACL */
return (NT_STATUS_INTERNAL_ERROR);
}
} else {
}
}
return (status);
}
/*
* smb_sd_tofs
*
* Creates a filesystem security structure based on the given
* Windows security descriptor.
*/
{
int present;
int idtype;
int flags = 0;
/*
* ZFS only has one set of flags so for now only
* Windows DACL flags are taken into account.
*/
if (sd_control & SE_DACL_DEFAULTED)
flags |= ACL_DEFAULTED;
if (sd_control & SE_DACL_AUTO_INHERITED)
if (sd_control & SE_DACL_PROTECTED)
flags |= ACL_PROTECTED;
flags |= ACL_IS_DIR;
/* Owner */
if (nt_sid_is_valid(sid) == 0) {
return (NT_STATUS_INVALID_SID);
}
if (idm_stat != IDMAP_SUCCESS) {
return (NT_STATUS_NONE_MAPPED);
}
}
/* Group */
if (nt_sid_is_valid(sid) == 0) {
return (NT_STATUS_INVALID_SID);
}
if (idm_stat != IDMAP_SUCCESS) {
return (NT_STATUS_NONE_MAPPED);
}
}
/* DACL */
if (present) {
if (status != NT_STATUS_SUCCESS)
return (status);
}
else
return (NT_STATUS_INVALID_ACL);
}
/* SACL */
if (present) {
if (status != NT_STATUS_SUCCESS) {
return (status);
}
} else {
return (NT_STATUS_INVALID_ACL);
}
}
return (status);
}
/*
* smb_sd_read
*
* Read uid, gid and ACL from filesystem. The returned ACL from read
* routine is always in ZFS format. Convert the ZFS acl to a Win acl
* and return the Win SD in relative form.
*
* NOTE: upon successful return caller MUST free the memory allocated
* for the returned SD by calling kmem_free(). The length of the allocated
* buffer is returned in 'buflen'.
*/
{
int error;
if (error) {
}
if (status != NT_STATUS_SUCCESS)
return (status);
/* return the required size */
smb_sd_term(&sd);
return (NT_STATUS_BUFFER_TOO_SMALL);
}
smb_sd_term(&sd);
if (status == NT_STATUS_SUCCESS) {
}
else
return (status);
}
/*
* smb_sd_write
*
* Takes a Win SD in self-relative form, convert it to
* ZFS format and write it to filesystem. The write routine
* converts ZFS acl to Posix acl if required.
*/
{
int error;
if (status != NT_STATUS_SUCCESS) {
return (status);
}
if (error) {
}
return (NT_STATUS_SUCCESS);
}
/*
* smb_fmt_sid
*
* Make an string SID and copy the result into the specified buffer.
*/
void
{
char *sid_str;
if (sid_str) {
} else {
}
}
/*
* smb_sd_log
*
* log the given Windows style security descriptor information
* in system log. This is for debugging purposes.
*/
void
smb_sd_log(void *sd)
{
char entry[128];
char *inherit;
char *type;
int ix_dacl;
if (sid)
else
if (sid)
else
return;
}
for (ix_dacl = 0;
ix_dacl++) {
/*
* Make sure the ACE type is something we grok.
* All ACE, now and in the future, have a valid
* header. Can't access fields passed the Header
* until we're sure it's right.
*/
case ACCESS_ALLOWED_ACE_TYPE:
type = "(Allow)";
break;
case ACCESS_DENIED_ACE_TYPE:
type = "(Deny)";
break;
case SYSTEM_AUDIT_ACE_TYPE:
default:
/* Ignore unrecognized/misplaced ACE */
continue;
}
case OBJECT_INHERIT_ACE:
inherit = "(OI)";
break;
case CONTAINER_INHERIT_ACE:
inherit = "(CI)";
break;
case INHERIT_ONLY_ACE:
inherit = "(IO)";
break;
case NO_PROPOGATE_INHERIT_ACE:
inherit = "(NP)";
break;
default:
inherit = "";
}
}
}