xref: /illumos-gate/usr/src/common/smbclnt/smbfs_ntacl.h (revision 5422785d352a2bb398daceab3d1898a8aa64d006)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef _SMBFS_NTACL_H
28 #define	_SMBFS_NTACL_H
29 
30 /*
31  * Internal functions for dealing with
32  * NT Security data structures.
33  */
34 
35 #include <netsmb/mchain.h>
36 
37 /*
38  * Internal form of an NT SID
39  * Same as on the wire, but possibly byte-swapped.
40  */
41 typedef struct i_ntsid {
42 	uint8_t	sid_revision;
43 	uint8_t	sid_subauthcount;
44 	uint8_t	sid_authority[6];
45 	uint32_t sid_subauthvec[1]; /* actually len=subauthcount */
46 } i_ntsid_t;
47 #define	I_SID_SIZE(sacnt)	(8 + 4 * (sacnt))
48 
49 /*
50  * Internal form of an NT ACE - first the header.
51  * See MS SDK: ACE_HEADER  (For MS, it's the OtW form)
52  * Note: ace_size here is the in-memoy size, not OtW.
53  */
54 typedef struct i_ntace_hdr {
55 	uint8_t		ace_type;
56 	uint8_t		ace_flags;
57 	uint16_t	ace_size;
58 } i_ntace_hdr_t;
59 
60 /*
61  * Simple ACE for types: ACCESS_ALLOWED through SYSTEM_ALARM
62  * See MS SDK: ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE,
63  * SYSTEM_AUDIT_ACE, SYSTEM_ALARM_ACE.
64  *
65  * The above are the only types that appear in a V2 ACL.
66  * Note that in the Windows SDK, the SID is stored as
67  * "flat" data after the ACE header.  This implementation
68  * stores the SID as a pointer instead.
69  */
70 typedef struct i_ntace_v2 {
71 	i_ntace_hdr_t	ace_hdr;
72 	uint32_t	ace_rights; /* generic, standard, specific, etc */
73 	i_ntsid_t	*ace_sid;
74 } i_ntace_v2_t;
75 
76 /*
77  * A union for convenience of the conversion code.
78  * There are lots more ACE types, ignored for now.
79  */
80 typedef union i_ntace_u {
81 	i_ntace_hdr_t	ace_hdr;
82 	i_ntace_v2_t	ace_v2;
83 } i_ntace_t;
84 
85 /*
86  * Internal form of an NT ACL (see sacl/dacl below)
87  */
88 typedef struct i_ntacl {
89 	uint8_t		acl_revision;	/* 0x02 observed with W2K */
90 	uint16_t	acl_acecount;
91 	i_ntace_t	*acl_acevec[1]; /* actually, len=acecount */
92 } i_ntacl_t;
93 
94 /*
95  * Internal form of an NT Security Descriptor (SD)
96  */
97 typedef struct i_ntsd {
98 	uint8_t		sd_revision;	/* 0x01 observed between W2K */
99 	uint8_t		sd_rmctl;	/* resource mgr control (MBZ) */
100 	uint16_t	sd_flags;
101 	i_ntsid_t	*sd_owner;
102 	i_ntsid_t	*sd_group;
103 	i_ntacl_t	*sd_sacl;
104 	i_ntacl_t	*sd_dacl;
105 } i_ntsd_t;
106 
107 /*
108  * Import a raw SD (mb chain) into "internal" form.
109  * (like "absolute" form per. NT docs)
110  * Returns allocated data in sdp
111  */
112 int md_get_ntsd(mdchain_t *mbp, i_ntsd_t **sdp);
113 
114 /*
115  * Export an "internal" SD into an raw SD (mb chain).
116  * (a.k.a "self-relative" form per. NT docs)
117  * Returns allocated mbchain in mbp.
118  */
119 int mb_put_ntsd(mbchain_t *mbp, i_ntsd_t *sd);
120 
121 /*
122  * Convert an internal SD to a ZFS-style ACL.
123  * Get uid/gid too if pointers != NULL.
124  */
125 #ifdef	_KERNEL
126 int smbfs_acl_sd2zfs(i_ntsd_t *, vsecattr_t *, uid_t *, gid_t *);
127 #else /* _KERNEL */
128 /* See also: lib/libsmbfs/netsmb/smbfs_acl.h */
129 int smbfs_acl_sd2zfs(struct i_ntsd *, acl_t *, uid_t *, gid_t *);
130 #endif /* _KERNEL */
131 
132 /*
133  * Convert a ZFS-style ACL to an internal SD.
134  * Set owner/group too if selector indicates.
135  * Always need to pass uid+gid, either the new
136  * (when setting them) or existing, so that any
137  * owner@ or group@ ACEs can be translated.
138  */
139 #ifdef	_KERNEL
140 int smbfs_acl_zfs2sd(vsecattr_t *, uid_t, gid_t, uint32_t, i_ntsd_t **);
141 #else /* _KERNEL */
142 /* See also: lib/libsmbfs/netsmb/smbfs_acl.h */
143 int smbfs_acl_zfs2sd(acl_t *, uid_t, gid_t, uint32_t, struct i_ntsd **);
144 #endif /* _KERNEL */
145 
146 /*
147  * Free an i_ntsd_t from md_get_ntsd() or smbfs_acl_zfs2sd().
148  * See also: lib/libsmbfs/netsmb/smbfs_acl.h
149  */
150 void smbfs_acl_free_sd(struct i_ntsd *);
151 
152 /*
153  * Convert an NT SID to string format.
154  */
155 int smbfs_sid2str(i_ntsid_t *sid,
156 	char *obuf, size_t olen, uint32_t *ridp);
157 
158 #endif	/* _SMBFS_NTACL_H */
159