usr/src/common/smbclnt/smbfs_ntacl.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21
  22 /*
  23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26
  27 #ifndef _SMBFS_NTACL_H
  28 #define _SMBFS_NTACL_H
  29
  30 /*
  31  * Internal functions for dealing with
  32  * NT Security data structures.
  33  */
  34
  35 #include <netsmb/mchain.h>
  36
  37 /*
  38  * Internal form of an NT SID
  39  * Same as on the wire, but possibly byte-swapped.
  40  */
  41 typedef struct i_ntsid {
  42         uint8_t sid_revision;
  43         uint8_t sid_subauthcount;
  44         uint8_t sid_authority[6];
  45         uint32_t sid_subauthvec[1]; /* actually len=subauthcount */
  46 } i_ntsid_t;
  47 #define I_SID_SIZE(sacnt)       (8 + 4 * (sacnt))
  48
  49 /*
  50  * Internal form of an NT ACE - first the header.
  51  * See MS SDK: ACE_HEADER  (For MS, it's the OtW form)
  52  * Note: ace_size here is the in-memoy size, not OtW.
  53  */
  54 typedef struct i_ntace_hdr {
  55         uint8_t         ace_type;
  56         uint8_t         ace_flags;
  57         uint16_t        ace_size;
  58 } i_ntace_hdr_t;
  59
  60 /*
  61  * Simple ACE for types: ACCESS_ALLOWED through SYSTEM_ALARM
  62  * See MS SDK: ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE,
  63  * SYSTEM_AUDIT_ACE, SYSTEM_ALARM_ACE.
  64  *
  65  * The above are the only types that appear in a V2 ACL.
  66  * Note that in the Windows SDK, the SID is stored as
  67  * "flat" data after the ACE header.  This implementation
  68  * stores the SID as a pointer instead.
  69  */
  70 typedef struct i_ntace_v2 {
  71         i_ntace_hdr_t   ace_hdr;
  72         uint32_t        ace_rights; /* generic, standard, specific, etc */
  73         i_ntsid_t       *ace_sid;
  74 } i_ntace_v2_t;
  75
  76 /*
  77  * A union for convenience of the conversion code.
  78  * There are lots more ACE types, ignored for now.
  79  */
  80 typedef union i_ntace_u {
  81         i_ntace_hdr_t   ace_hdr;
  82         i_ntace_v2_t    ace_v2;
  83 } i_ntace_t;
  84
  85 /*
  86  * Internal form of an NT ACL (see sacl/dacl below)
  87  */
  88 typedef struct i_ntacl {
  89         uint8_t         acl_revision;   /* 0x02 observed with W2K */
  90         uint16_t        acl_acecount;
  91         i_ntace_t       *acl_acevec[1]; /* actually, len=acecount */
  92 } i_ntacl_t;
  93
  94 /*
  95  * Internal form of an NT Security Descriptor (SD)
  96  */
  97 typedef struct i_ntsd {
  98         uint8_t         sd_revision;    /* 0x01 observed between W2K */
  99         uint8_t         sd_rmctl;       /* resource mgr control (MBZ) */
 100         uint16_t        sd_flags;
 101         i_ntsid_t       *sd_owner;
 102         i_ntsid_t       *sd_group;
 103         i_ntacl_t       *sd_sacl;
 104         i_ntacl_t       *sd_dacl;
 105 } i_ntsd_t;
 106
 107 /*
 108  * Import a raw SD (mb chain) into "internal" form.
 109  * (like "absolute" form per. NT docs)
 110  * Returns allocated data in sdp
 111  */
 112 int md_get_ntsd(mdchain_t *mbp, i_ntsd_t **sdp);
 113
 114 /*
 115  * Export an "internal" SD into an raw SD (mb chain).
 116  * (a.k.a "self-relative" form per. NT docs)
 117  * Returns allocated mbchain in mbp.
 118  */
 119 int mb_put_ntsd(mbchain_t *mbp, i_ntsd_t *sd);
 120
 121 /*
 122  * Convert an internal SD to a ZFS-style ACL.
 123  * Get uid/gid too if pointers != NULL.
 124  */
 125 #ifdef  _KERNEL
 126 int smbfs_acl_sd2zfs(i_ntsd_t *, vsecattr_t *, uid_t *, gid_t *);
 127 #else /* _KERNEL */
 128 /* See also: lib/libsmbfs/netsmb/smbfs_acl.h */
 129 int smbfs_acl_sd2zfs(struct i_ntsd *, acl_t *, uid_t *, gid_t *);
 130 #endif /* _KERNEL */
 131
 132 /*
 133  * Convert a ZFS-style ACL to an internal SD.
 134  * Set owner/group too if selector indicates.
 135  * Always need to pass uid+gid, either the new
 136  * (when setting them) or existing, so that any
 137  * owner@ or group@ ACEs can be translated.
 138  */
 139 #ifdef  _KERNEL
 140 int smbfs_acl_zfs2sd(vsecattr_t *, uid_t, gid_t, uint32_t, i_ntsd_t **);
 141 #else /* _KERNEL */
 142 /* See also: lib/libsmbfs/netsmb/smbfs_acl.h */
 143 int smbfs_acl_zfs2sd(acl_t *, uid_t, gid_t, uint32_t, struct i_ntsd **);
 144 #endif /* _KERNEL */
 145
 146 /*
 147  * Free an i_ntsd_t from md_get_ntsd() or smbfs_acl_zfs2sd().
 148  * See also: lib/libsmbfs/netsmb/smbfs_acl.h
 149  */
 150 void smbfs_acl_free_sd(struct i_ntsd *);
 151
 152 /*
 153  * Convert an NT SID to string format.
 154  */
 155 int smbfs_sid2str(i_ntsid_t *sid,
 156         char *obuf, size_t olen, uint32_t *ridp);
 157
 158 #endif  /* _SMBFS_NTACL_H */