1da6c28aaSamw /*
2da6c28aaSamw * CDDL HEADER START
3da6c28aaSamw *
4da6c28aaSamw * The contents of this file are subject to the terms of the
5da6c28aaSamw * Common Development and Distribution License (the "License").
6da6c28aaSamw * You may not use this file except in compliance with the License.
7da6c28aaSamw *
8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9da6c28aaSamw * or http://www.opensolaris.org/os/licensing.
10da6c28aaSamw * See the License for the specific language governing permissions
11da6c28aaSamw * and limitations under the License.
12da6c28aaSamw *
13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each
14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the
16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying
17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner]
18da6c28aaSamw *
19da6c28aaSamw * CDDL HEADER END
20da6c28aaSamw */
21da6c28aaSamw /*
22f96bd5c8SAlan Wright * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23da6c28aaSamw * Use is subject to license terms.
24a90cf9f2SGordon Ross *
253ef858b3SMatt Barden * Copyright 2021 Tintri by DDN, Inc. All rights reserved.
26da6c28aaSamw */
27da6c28aaSamw
28da6c28aaSamw /*
29da6c28aaSamw * This module provides Security Descriptor handling functions.
30da6c28aaSamw */
31da6c28aaSamw
3255bf511dSas200622 #include <smbsrv/smb_kproto.h>
33da6c28aaSamw #include <smbsrv/smb_fsops.h>
34da6c28aaSamw #include <smbsrv/smb_idmap.h>
35da6c28aaSamw
3655bf511dSas200622 static void smb_sd_set_sacl(smb_sd_t *, smb_acl_t *, boolean_t, int);
3755bf511dSas200622 static void smb_sd_set_dacl(smb_sd_t *, smb_acl_t *, boolean_t, int);
3855bf511dSas200622 static uint32_t smb_sd_fromfs(smb_fssd_t *, smb_sd_t *);
39da6c28aaSamw
40da6c28aaSamw void
smb_sd_init(smb_sd_t * sd,uint8_t revision)41da6c28aaSamw smb_sd_init(smb_sd_t *sd, uint8_t revision)
42da6c28aaSamw {
43da6c28aaSamw bzero(sd, sizeof (smb_sd_t));
4455bf511dSas200622 sd->sd_revision = revision;
45da6c28aaSamw }
46da6c28aaSamw
47da6c28aaSamw /*
48da6c28aaSamw * smb_sd_term
49da6c28aaSamw *
50da6c28aaSamw * Free non-NULL members of 'sd' which has to be in
51da6c28aaSamw * absolute (pointer) form.
52da6c28aaSamw */
53da6c28aaSamw void
smb_sd_term(smb_sd_t * sd)54da6c28aaSamw smb_sd_term(smb_sd_t *sd)
55da6c28aaSamw {
56da6c28aaSamw ASSERT(sd);
5755bf511dSas200622 ASSERT((sd->sd_control & SE_SELF_RELATIVE) == 0);
58da6c28aaSamw
596537f381Sas200622 smb_sid_free(sd->sd_owner);
606537f381Sas200622 smb_sid_free(sd->sd_group);
6155bf511dSas200622 smb_acl_free(sd->sd_dacl);
6255bf511dSas200622 smb_acl_free(sd->sd_sacl);
63da6c28aaSamw
64da6c28aaSamw bzero(sd, sizeof (smb_sd_t));
65da6c28aaSamw }
66da6c28aaSamw
67da6c28aaSamw uint32_t
smb_sd_len(smb_sd_t * sd,uint32_t secinfo)6855bf511dSas200622 smb_sd_len(smb_sd_t *sd, uint32_t secinfo)
69da6c28aaSamw {
7055bf511dSas200622 uint32_t length = SMB_SD_HDRSIZE;
71da6c28aaSamw
7255bf511dSas200622 if (secinfo & SMB_OWNER_SECINFO)
736537f381Sas200622 length += smb_sid_len(sd->sd_owner);
74da6c28aaSamw
7555bf511dSas200622 if (secinfo & SMB_GROUP_SECINFO)
766537f381Sas200622 length += smb_sid_len(sd->sd_group);
77da6c28aaSamw
7855bf511dSas200622 if (secinfo & SMB_DACL_SECINFO)
7955bf511dSas200622 length += smb_acl_len(sd->sd_dacl);
80da6c28aaSamw
8155bf511dSas200622 if (secinfo & SMB_SACL_SECINFO)
8255bf511dSas200622 length += smb_acl_len(sd->sd_sacl);
83da6c28aaSamw
84da6c28aaSamw return (length);
85da6c28aaSamw }
86da6c28aaSamw
87da6c28aaSamw /*
88da6c28aaSamw * smb_sd_get_secinfo
89da6c28aaSamw *
90da6c28aaSamw * Return the security information mask for the specified security
91da6c28aaSamw * descriptor.
92*5cfb18f0SMatt Barden *
93*5cfb18f0SMatt Barden * Note: This is used for 'create-with-sd'. 'set-security-info' provides the
94*5cfb18f0SMatt Barden * secinfo as part of the request, but create does not, so we must infer it.
95da6c28aaSamw */
96da6c28aaSamw uint32_t
smb_sd_get_secinfo(smb_sd_t * sd)9755bf511dSas200622 smb_sd_get_secinfo(smb_sd_t *sd)
98da6c28aaSamw {
99da6c28aaSamw uint32_t sec_info = 0;
100da6c28aaSamw
10155bf511dSas200622 if (sd == NULL)
102da6c28aaSamw return (0);
103da6c28aaSamw
10455bf511dSas200622 if (sd->sd_owner)
105da6c28aaSamw sec_info |= SMB_OWNER_SECINFO;
106da6c28aaSamw
10755bf511dSas200622 if (sd->sd_group)
108da6c28aaSamw sec_info |= SMB_GROUP_SECINFO;
109da6c28aaSamw
110*5cfb18f0SMatt Barden if ((sd->sd_control & SE_DACL_PRESENT) != 0)
111da6c28aaSamw sec_info |= SMB_DACL_SECINFO;
112da6c28aaSamw
113*5cfb18f0SMatt Barden if ((sd->sd_control & SE_SACL_PRESENT) != 0)
114da6c28aaSamw sec_info |= SMB_SACL_SECINFO;
115da6c28aaSamw
116da6c28aaSamw return (sec_info);
117da6c28aaSamw }
118da6c28aaSamw
119da6c28aaSamw /*
12055bf511dSas200622 * smb_sd_read
121da6c28aaSamw *
12255bf511dSas200622 * Read uid, gid and ACL from filesystem. The returned ACL from read
12355bf511dSas200622 * routine is always in ZFS format. Convert the ZFS acl to a Win acl
12455bf511dSas200622 * and return the Win SD in absolute form.
125da6c28aaSamw *
12655bf511dSas200622 * NOTE: upon successful return caller MUST free the memory allocated
12755bf511dSas200622 * for the returned SD by calling smb_sd_term().
128da6c28aaSamw */
12955bf511dSas200622 uint32_t
smb_sd_read(smb_request_t * sr,smb_sd_t * sd,uint32_t secinfo)13055bf511dSas200622 smb_sd_read(smb_request_t *sr, smb_sd_t *sd, uint32_t secinfo)
131da6c28aaSamw {
13255bf511dSas200622 smb_fssd_t fs_sd;
13355bf511dSas200622 smb_node_t *node;
134da6c28aaSamw uint32_t status = NT_STATUS_SUCCESS;
13555bf511dSas200622 uint32_t sd_flags;
13655bf511dSas200622 int error;
137da6c28aaSamw
13855bf511dSas200622 node = sr->fid_ofile->f_node;
1399fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States sd_flags = smb_node_is_dir(node) ? SMB_FSSD_FLAGS_DIR : 0;
14055bf511dSas200622 smb_fssd_init(&fs_sd, secinfo, sd_flags);
141da6c28aaSamw
14255bf511dSas200622 error = smb_fsop_sdread(sr, sr->user_cr, node, &fs_sd);
143a90cf9f2SGordon Ross if (error)
144a90cf9f2SGordon Ross return (smb_errno2status(error));
145da6c28aaSamw
14655bf511dSas200622 status = smb_sd_fromfs(&fs_sd, sd);
14755bf511dSas200622 smb_fssd_term(&fs_sd);
148da6c28aaSamw
149da6c28aaSamw return (status);
150da6c28aaSamw }
151da6c28aaSamw
152da6c28aaSamw /*
15355bf511dSas200622 * smb_sd_write
15455bf511dSas200622 *
15555bf511dSas200622 * Takes a Win SD in absolute form, converts it to
15655bf511dSas200622 * ZFS format and write it to filesystem. The write routine
15755bf511dSas200622 * converts ZFS acl to Posix acl if required.
15855bf511dSas200622 */
15955bf511dSas200622 uint32_t
smb_sd_write(smb_request_t * sr,smb_sd_t * sd,uint32_t secinfo)16055bf511dSas200622 smb_sd_write(smb_request_t *sr, smb_sd_t *sd, uint32_t secinfo)
16155bf511dSas200622 {
16255bf511dSas200622 smb_node_t *node;
16355bf511dSas200622 smb_fssd_t fs_sd;
16455bf511dSas200622 uint32_t status;
16555bf511dSas200622 uint32_t sd_flags;
16655bf511dSas200622 int error;
16755bf511dSas200622
16855bf511dSas200622 node = sr->fid_ofile->f_node;
1699fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States sd_flags = smb_node_is_dir(node) ? SMB_FSSD_FLAGS_DIR : 0;
17055bf511dSas200622 smb_fssd_init(&fs_sd, secinfo, sd_flags);
17155bf511dSas200622
17255bf511dSas200622 status = smb_sd_tofs(sd, &fs_sd);
17355bf511dSas200622 if (status != NT_STATUS_SUCCESS) {
17455bf511dSas200622 smb_fssd_term(&fs_sd);
17555bf511dSas200622 return (status);
17655bf511dSas200622 }
17755bf511dSas200622
17855bf511dSas200622 error = smb_fsop_sdwrite(sr, sr->user_cr, node, &fs_sd, 0);
17955bf511dSas200622 smb_fssd_term(&fs_sd);
18055bf511dSas200622
18155bf511dSas200622 if (error) {
1822c1b14e5Sjose borrego if (error == EBADE)
1832c1b14e5Sjose borrego return (NT_STATUS_INVALID_OWNER);
184a90cf9f2SGordon Ross return (smb_errno2status(error));
18555bf511dSas200622 }
18655bf511dSas200622
18755bf511dSas200622 return (NT_STATUS_SUCCESS);
18855bf511dSas200622 }
18955bf511dSas200622
19055bf511dSas200622
19155bf511dSas200622 /*
192da6c28aaSamw * smb_sd_tofs
193da6c28aaSamw *
194da6c28aaSamw * Creates a filesystem security structure based on the given
195da6c28aaSamw * Windows security descriptor.
196da6c28aaSamw */
197da6c28aaSamw uint32_t
smb_sd_tofs(smb_sd_t * sd,smb_fssd_t * fs_sd)19855bf511dSas200622 smb_sd_tofs(smb_sd_t *sd, smb_fssd_t *fs_sd)
199da6c28aaSamw {
2006537f381Sas200622 smb_sid_t *sid;
201da6c28aaSamw uint32_t status = NT_STATUS_SUCCESS;
202da6c28aaSamw uint16_t sd_control;
203da6c28aaSamw idmap_stat idm_stat;
204da6c28aaSamw int idtype;
205da6c28aaSamw int flags = 0;
206da6c28aaSamw
20755bf511dSas200622 sd_control = sd->sd_control;
208da6c28aaSamw
209da6c28aaSamw /*
210da6c28aaSamw * ZFS only has one set of flags so for now only
211da6c28aaSamw * Windows DACL flags are taken into account.
212da6c28aaSamw */
213da6c28aaSamw if (sd_control & SE_DACL_DEFAULTED)
214da6c28aaSamw flags |= ACL_DEFAULTED;
215da6c28aaSamw if (sd_control & SE_DACL_AUTO_INHERITED)
216da6c28aaSamw flags |= ACL_AUTO_INHERIT;
217da6c28aaSamw if (sd_control & SE_DACL_PROTECTED)
218da6c28aaSamw flags |= ACL_PROTECTED;
219da6c28aaSamw
220da6c28aaSamw if (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR)
221da6c28aaSamw flags |= ACL_IS_DIR;
222da6c28aaSamw
223da6c28aaSamw /* Owner */
224da6c28aaSamw if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
22555bf511dSas200622 sid = sd->sd_owner;
2266537f381Sas200622 if (!smb_sid_isvalid(sid))
227da6c28aaSamw return (NT_STATUS_INVALID_SID);
228da6c28aaSamw
2292c1b14e5Sjose borrego idtype = SMB_IDMAP_USER;
230da6c28aaSamw idm_stat = smb_idmap_getid(sid, &fs_sd->sd_uid, &idtype);
231da6c28aaSamw if (idm_stat != IDMAP_SUCCESS) {
232da6c28aaSamw return (NT_STATUS_NONE_MAPPED);
233da6c28aaSamw }
234da6c28aaSamw }
235da6c28aaSamw
236da6c28aaSamw /* Group */
237da6c28aaSamw if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
23855bf511dSas200622 sid = sd->sd_group;
2396537f381Sas200622 if (!smb_sid_isvalid(sid))
240da6c28aaSamw return (NT_STATUS_INVALID_SID);
241da6c28aaSamw
2422c1b14e5Sjose borrego idtype = SMB_IDMAP_GROUP;
243da6c28aaSamw idm_stat = smb_idmap_getid(sid, &fs_sd->sd_gid, &idtype);
244da6c28aaSamw if (idm_stat != IDMAP_SUCCESS) {
245da6c28aaSamw return (NT_STATUS_NONE_MAPPED);
246da6c28aaSamw }
247da6c28aaSamw }
248da6c28aaSamw
249d11e14a7SMatt Barden /*
250d11e14a7SMatt Barden * In SMB, the 'secinfo' determines which parts of the SD the client
251d11e14a7SMatt Barden * intends to change. Notably, this includes changing the DACL_PRESENT
252d11e14a7SMatt Barden * and SACL_PRESENT control bits. The client can specify e.g.
253d11e14a7SMatt Barden * SACL_SECINFO, but not SACL_PRESENT, and this means the client intends
254d11e14a7SMatt Barden * to remove the SACL.
255d11e14a7SMatt Barden *
2563ef858b3SMatt Barden * Note that Windows behavior differs from that described in [MS-DTYP].
2573ef858b3SMatt Barden * MS-DTYP states that the offset is nonzero if-and-only-if the PRESENT
2583ef858b3SMatt Barden * bit is set. It also states that a DACL that is marked non-present
2593ef858b3SMatt Barden * is equivalent to 'no security', but one that is marked present and
2603ef858b3SMatt Barden * provides no ACEs is equivalent to 'no access'.
261d11e14a7SMatt Barden *
2623ef858b3SMatt Barden * Windows, on the other hand, allows the offset to be 0 even when
2633ef858b3SMatt Barden * the PRESENT bit is set, and only provides security when the DACL
2643ef858b3SMatt Barden * offset is non-zero. It will also convert an SD where the DACL is
2653ef858b3SMatt Barden * marked not-present to one where the PRESENT bit is set and the
2663ef858b3SMatt Barden * offset is 0.
2673ef858b3SMatt Barden *
2683ef858b3SMatt Barden * If the *_PRESENT bit isn't set, then the respective ACL will be NULL.
2693ef858b3SMatt Barden * For the fssd, we allow the SACL to be NULL, but we MUST have a DACL.
270d11e14a7SMatt Barden * If the DACL is NULL, that's equivalent to "everyone:full_set:allow".
2713ef858b3SMatt Barden *
2723ef858b3SMatt Barden * The IMPLY's should be enforced by smb_decode_sd().
273d11e14a7SMatt Barden */
274d11e14a7SMatt Barden
275da6c28aaSamw /* DACL */
276da6c28aaSamw if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) {
2773ef858b3SMatt Barden IMPLY(sd->sd_dacl != NULL,
2783ef858b3SMatt Barden (sd->sd_control & SE_DACL_PRESENT) != 0);
27955bf511dSas200622 status = smb_acl_to_zfs(sd->sd_dacl, flags,
280da6c28aaSamw SMB_DACL_SECINFO, &fs_sd->sd_zdacl);
281da6c28aaSamw if (status != NT_STATUS_SUCCESS)
282da6c28aaSamw return (status);
283da6c28aaSamw }
284da6c28aaSamw
285da6c28aaSamw /* SACL */
286da6c28aaSamw if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) {
2873ef858b3SMatt Barden IMPLY(sd->sd_sacl != NULL,
2883ef858b3SMatt Barden (sd->sd_control & SE_SACL_PRESENT) != 0);
28955bf511dSas200622 if (sd->sd_control & SE_SACL_PRESENT) {
29055bf511dSas200622 status = smb_acl_to_zfs(sd->sd_sacl, flags,
291da6c28aaSamw SMB_SACL_SECINFO, &fs_sd->sd_zsacl);
292da6c28aaSamw if (status != NT_STATUS_SUCCESS) {
293da6c28aaSamw return (status);
294da6c28aaSamw }
295da6c28aaSamw }
296da6c28aaSamw }
297da6c28aaSamw
298da6c28aaSamw return (status);
299da6c28aaSamw }
300da6c28aaSamw
301da6c28aaSamw /*
30255bf511dSas200622 * smb_sd_fromfs
303da6c28aaSamw *
30455bf511dSas200622 * Makes an Windows style security descriptor in absolute form
30555bf511dSas200622 * based on the given filesystem security information.
306da6c28aaSamw *
30755bf511dSas200622 * Should call smb_sd_term() for the returned sd to free allocated
30855bf511dSas200622 * members.
309da6c28aaSamw */
31055bf511dSas200622 static uint32_t
smb_sd_fromfs(smb_fssd_t * fs_sd,smb_sd_t * sd)31155bf511dSas200622 smb_sd_fromfs(smb_fssd_t *fs_sd, smb_sd_t *sd)
312da6c28aaSamw {
313da6c28aaSamw uint32_t status = NT_STATUS_SUCCESS;
31455bf511dSas200622 smb_acl_t *acl = NULL;
3156537f381Sas200622 smb_sid_t *sid;
31655bf511dSas200622 idmap_stat idm_stat;
317da6c28aaSamw
31855bf511dSas200622 ASSERT(fs_sd);
31955bf511dSas200622 ASSERT(sd);
320da6c28aaSamw
32155bf511dSas200622 smb_sd_init(sd, SECURITY_DESCRIPTOR_REVISION);
322da6c28aaSamw
32355bf511dSas200622 /* Owner */
32455bf511dSas200622 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
32555bf511dSas200622 idm_stat = smb_idmap_getsid(fs_sd->sd_uid,
32655bf511dSas200622 SMB_IDMAP_USER, &sid);
327da6c28aaSamw
32855bf511dSas200622 if (idm_stat != IDMAP_SUCCESS) {
32955bf511dSas200622 smb_sd_term(sd);
33055bf511dSas200622 return (NT_STATUS_NONE_MAPPED);
331da6c28aaSamw }
332da6c28aaSamw
33355bf511dSas200622 sd->sd_owner = sid;
33455bf511dSas200622 }
33555bf511dSas200622
33655bf511dSas200622 /* Group */
33755bf511dSas200622 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
33855bf511dSas200622 idm_stat = smb_idmap_getsid(fs_sd->sd_gid,
33955bf511dSas200622 SMB_IDMAP_GROUP, &sid);
34055bf511dSas200622
34155bf511dSas200622 if (idm_stat != IDMAP_SUCCESS) {
34255bf511dSas200622 smb_sd_term(sd);
34355bf511dSas200622 return (NT_STATUS_NONE_MAPPED);
34455bf511dSas200622 }
34555bf511dSas200622
34655bf511dSas200622 sd->sd_group = sid;
34755bf511dSas200622 }
34855bf511dSas200622
34955bf511dSas200622 /* DACL */
35055bf511dSas200622 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) {
35155bf511dSas200622 if (fs_sd->sd_zdacl != NULL) {
352f96bd5c8SAlan Wright acl = smb_acl_from_zfs(fs_sd->sd_zdacl);
35355bf511dSas200622 if (acl == NULL) {
35455bf511dSas200622 smb_sd_term(sd);
35555bf511dSas200622 return (NT_STATUS_INTERNAL_ERROR);
35655bf511dSas200622 }
35755bf511dSas200622
358da6c28aaSamw /*
35955bf511dSas200622 * Need to sort the ACL before send it to Windows
36055bf511dSas200622 * clients. Winodws GUI is sensitive about the order
36155bf511dSas200622 * of ACEs.
362da6c28aaSamw */
36355bf511dSas200622 smb_acl_sort(acl);
36455bf511dSas200622 smb_sd_set_dacl(sd, acl, B_TRUE,
36555bf511dSas200622 fs_sd->sd_zdacl->acl_flags);
36655bf511dSas200622 } else {
36755bf511dSas200622 smb_sd_set_dacl(sd, NULL, B_FALSE, 0);
36855bf511dSas200622 }
369da6c28aaSamw }
370da6c28aaSamw
37155bf511dSas200622 /* SACL */
37255bf511dSas200622 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) {
37355bf511dSas200622 if (fs_sd->sd_zsacl != NULL) {
374f96bd5c8SAlan Wright acl = smb_acl_from_zfs(fs_sd->sd_zsacl);
37555bf511dSas200622 if (acl == NULL) {
37655bf511dSas200622 smb_sd_term(sd);
37755bf511dSas200622 return (NT_STATUS_INTERNAL_ERROR);
378da6c28aaSamw }
379da6c28aaSamw
38055bf511dSas200622 smb_sd_set_sacl(sd, acl, B_TRUE,
38155bf511dSas200622 fs_sd->sd_zsacl->acl_flags);
38255bf511dSas200622 } else {
38355bf511dSas200622 smb_sd_set_sacl(sd, NULL, B_FALSE, 0);
38455bf511dSas200622 }
385da6c28aaSamw }
386da6c28aaSamw
38755bf511dSas200622 return (status);
38855bf511dSas200622 }
38955bf511dSas200622
39055bf511dSas200622 static void
smb_sd_set_dacl(smb_sd_t * sd,smb_acl_t * acl,boolean_t present,int flags)39155bf511dSas200622 smb_sd_set_dacl(smb_sd_t *sd, smb_acl_t *acl, boolean_t present, int flags)
39255bf511dSas200622 {
39355bf511dSas200622 ASSERT((sd->sd_control & SE_SELF_RELATIVE) == 0);
39455bf511dSas200622
39555bf511dSas200622 sd->sd_dacl = acl;
39655bf511dSas200622
39755bf511dSas200622 if (flags & ACL_DEFAULTED)
39855bf511dSas200622 sd->sd_control |= SE_DACL_DEFAULTED;
39955bf511dSas200622 if (flags & ACL_AUTO_INHERIT)
40055bf511dSas200622 sd->sd_control |= SE_DACL_AUTO_INHERITED;
40155bf511dSas200622 if (flags & ACL_PROTECTED)
40255bf511dSas200622 sd->sd_control |= SE_DACL_PROTECTED;
40355bf511dSas200622
40455bf511dSas200622 if (present)
40555bf511dSas200622 sd->sd_control |= SE_DACL_PRESENT;
40655bf511dSas200622 }
40755bf511dSas200622
40855bf511dSas200622 static void
smb_sd_set_sacl(smb_sd_t * sd,smb_acl_t * acl,boolean_t present,int flags)40955bf511dSas200622 smb_sd_set_sacl(smb_sd_t *sd, smb_acl_t *acl, boolean_t present, int flags)
41055bf511dSas200622 {
41155bf511dSas200622 ASSERT((sd->sd_control & SE_SELF_RELATIVE) == 0);
41255bf511dSas200622
41355bf511dSas200622 sd->sd_sacl = acl;
41455bf511dSas200622
41555bf511dSas200622 if (flags & ACL_DEFAULTED)
41655bf511dSas200622 sd->sd_control |= SE_SACL_DEFAULTED;
41755bf511dSas200622 if (flags & ACL_AUTO_INHERIT)
41855bf511dSas200622 sd->sd_control |= SE_SACL_AUTO_INHERITED;
41955bf511dSas200622 if (flags & ACL_PROTECTED)
42055bf511dSas200622 sd->sd_control |= SE_SACL_PROTECTED;
42155bf511dSas200622
42255bf511dSas200622 if (present)
42355bf511dSas200622 sd->sd_control |= SE_SACL_PRESENT;
42455bf511dSas200622 }
42555bf511dSas200622
42655bf511dSas200622 /*
42755bf511dSas200622 * smb_fssd_init
42855bf511dSas200622 *
42955bf511dSas200622 * Initializes the given FS SD structure.
43055bf511dSas200622 */
43155bf511dSas200622 void
smb_fssd_init(smb_fssd_t * fs_sd,uint32_t secinfo,uint32_t flags)43255bf511dSas200622 smb_fssd_init(smb_fssd_t *fs_sd, uint32_t secinfo, uint32_t flags)
43355bf511dSas200622 {
43455bf511dSas200622 bzero(fs_sd, sizeof (smb_fssd_t));
43555bf511dSas200622 fs_sd->sd_secinfo = secinfo;
43655bf511dSas200622 fs_sd->sd_flags = flags;
43755bf511dSas200622 }
43855bf511dSas200622
43955bf511dSas200622 /*
44055bf511dSas200622 * smb_fssd_term
44155bf511dSas200622 *
44255bf511dSas200622 * Frees allocated memory for acl fields.
44355bf511dSas200622 */
44455bf511dSas200622 void
smb_fssd_term(smb_fssd_t * fs_sd)44555bf511dSas200622 smb_fssd_term(smb_fssd_t *fs_sd)
44655bf511dSas200622 {
44755bf511dSas200622 ASSERT(fs_sd);
44855bf511dSas200622
44955bf511dSas200622 smb_fsacl_free(fs_sd->sd_zdacl);
45055bf511dSas200622 smb_fsacl_free(fs_sd->sd_zsacl);
45155bf511dSas200622 bzero(fs_sd, sizeof (smb_fssd_t));
452da6c28aaSamw }
453