1da6c28aaSamw /* 2da6c28aaSamw * CDDL HEADER START 3da6c28aaSamw * 4da6c28aaSamw * The contents of this file are subject to the terms of the 5da6c28aaSamw * Common Development and Distribution License (the "License"). 6da6c28aaSamw * You may not use this file except in compliance with the License. 7da6c28aaSamw * 8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9da6c28aaSamw * or http://www.opensolaris.org/os/licensing. 10da6c28aaSamw * See the License for the specific language governing permissions 11da6c28aaSamw * and limitations under the License. 12da6c28aaSamw * 13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each 14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the 16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying 17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner] 18da6c28aaSamw * 19da6c28aaSamw * CDDL HEADER END 20da6c28aaSamw */ 21da6c28aaSamw /* 22f96bd5c8SAlan Wright * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23da6c28aaSamw * Use is subject to license terms. 24a90cf9f2SGordon Ross * 25*d11e14a7SMatt Barden * Copyright 2020 Nexenta by DDN, Inc. All rights reserved. 26da6c28aaSamw */ 27da6c28aaSamw 28da6c28aaSamw /* 29da6c28aaSamw * This module provides Security Descriptor handling functions. 30da6c28aaSamw */ 31da6c28aaSamw 3255bf511dSas200622 #include <smbsrv/smb_kproto.h> 33da6c28aaSamw #include <smbsrv/smb_fsops.h> 34da6c28aaSamw #include <smbsrv/smb_idmap.h> 35da6c28aaSamw 3655bf511dSas200622 static void smb_sd_set_sacl(smb_sd_t *, smb_acl_t *, boolean_t, int); 3755bf511dSas200622 static void smb_sd_set_dacl(smb_sd_t *, smb_acl_t *, boolean_t, int); 3855bf511dSas200622 static uint32_t smb_sd_fromfs(smb_fssd_t *, smb_sd_t *); 39da6c28aaSamw 40da6c28aaSamw void 41da6c28aaSamw smb_sd_init(smb_sd_t *sd, uint8_t revision) 42da6c28aaSamw { 43da6c28aaSamw bzero(sd, sizeof (smb_sd_t)); 4455bf511dSas200622 sd->sd_revision = revision; 45da6c28aaSamw } 46da6c28aaSamw 47da6c28aaSamw /* 48da6c28aaSamw * smb_sd_term 49da6c28aaSamw * 50da6c28aaSamw * Free non-NULL members of 'sd' which has to be in 51da6c28aaSamw * absolute (pointer) form. 52da6c28aaSamw */ 53da6c28aaSamw void 54da6c28aaSamw smb_sd_term(smb_sd_t *sd) 55da6c28aaSamw { 56da6c28aaSamw ASSERT(sd); 5755bf511dSas200622 ASSERT((sd->sd_control & SE_SELF_RELATIVE) == 0); 58da6c28aaSamw 596537f381Sas200622 smb_sid_free(sd->sd_owner); 606537f381Sas200622 smb_sid_free(sd->sd_group); 6155bf511dSas200622 smb_acl_free(sd->sd_dacl); 6255bf511dSas200622 smb_acl_free(sd->sd_sacl); 63da6c28aaSamw 64da6c28aaSamw bzero(sd, sizeof (smb_sd_t)); 65da6c28aaSamw } 66da6c28aaSamw 67da6c28aaSamw uint32_t 6855bf511dSas200622 smb_sd_len(smb_sd_t *sd, uint32_t secinfo) 69da6c28aaSamw { 7055bf511dSas200622 uint32_t length = SMB_SD_HDRSIZE; 71da6c28aaSamw 7255bf511dSas200622 if (secinfo & SMB_OWNER_SECINFO) 736537f381Sas200622 length += smb_sid_len(sd->sd_owner); 74da6c28aaSamw 7555bf511dSas200622 if (secinfo & SMB_GROUP_SECINFO) 766537f381Sas200622 length += smb_sid_len(sd->sd_group); 77da6c28aaSamw 7855bf511dSas200622 if (secinfo & SMB_DACL_SECINFO) 7955bf511dSas200622 length += smb_acl_len(sd->sd_dacl); 80da6c28aaSamw 8155bf511dSas200622 if (secinfo & SMB_SACL_SECINFO) 8255bf511dSas200622 length += smb_acl_len(sd->sd_sacl); 83da6c28aaSamw 84da6c28aaSamw return (length); 85da6c28aaSamw } 86da6c28aaSamw 87da6c28aaSamw /* 88da6c28aaSamw * smb_sd_get_secinfo 89da6c28aaSamw * 90da6c28aaSamw * Return the security information mask for the specified security 91da6c28aaSamw * descriptor. 92da6c28aaSamw */ 93da6c28aaSamw uint32_t 9455bf511dSas200622 smb_sd_get_secinfo(smb_sd_t *sd) 95da6c28aaSamw { 96da6c28aaSamw uint32_t sec_info = 0; 97da6c28aaSamw 9855bf511dSas200622 if (sd == NULL) 99da6c28aaSamw return (0); 100da6c28aaSamw 10155bf511dSas200622 if (sd->sd_owner) 102da6c28aaSamw sec_info |= SMB_OWNER_SECINFO; 103da6c28aaSamw 10455bf511dSas200622 if (sd->sd_group) 105da6c28aaSamw sec_info |= SMB_GROUP_SECINFO; 106da6c28aaSamw 10755bf511dSas200622 if (sd->sd_dacl) 108da6c28aaSamw sec_info |= SMB_DACL_SECINFO; 109da6c28aaSamw 11055bf511dSas200622 if (sd->sd_sacl) 111da6c28aaSamw sec_info |= SMB_SACL_SECINFO; 112da6c28aaSamw 113da6c28aaSamw return (sec_info); 114da6c28aaSamw } 115da6c28aaSamw 116da6c28aaSamw /* 11755bf511dSas200622 * smb_sd_read 118da6c28aaSamw * 11955bf511dSas200622 * Read uid, gid and ACL from filesystem. The returned ACL from read 12055bf511dSas200622 * routine is always in ZFS format. Convert the ZFS acl to a Win acl 12155bf511dSas200622 * and return the Win SD in absolute form. 122da6c28aaSamw * 12355bf511dSas200622 * NOTE: upon successful return caller MUST free the memory allocated 12455bf511dSas200622 * for the returned SD by calling smb_sd_term(). 125da6c28aaSamw */ 12655bf511dSas200622 uint32_t 12755bf511dSas200622 smb_sd_read(smb_request_t *sr, smb_sd_t *sd, uint32_t secinfo) 128da6c28aaSamw { 12955bf511dSas200622 smb_fssd_t fs_sd; 13055bf511dSas200622 smb_node_t *node; 131da6c28aaSamw uint32_t status = NT_STATUS_SUCCESS; 13255bf511dSas200622 uint32_t sd_flags; 13355bf511dSas200622 int error; 134da6c28aaSamw 13555bf511dSas200622 node = sr->fid_ofile->f_node; 1369fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States sd_flags = smb_node_is_dir(node) ? SMB_FSSD_FLAGS_DIR : 0; 13755bf511dSas200622 smb_fssd_init(&fs_sd, secinfo, sd_flags); 138da6c28aaSamw 13955bf511dSas200622 error = smb_fsop_sdread(sr, sr->user_cr, node, &fs_sd); 140a90cf9f2SGordon Ross if (error) 141a90cf9f2SGordon Ross return (smb_errno2status(error)); 142da6c28aaSamw 14355bf511dSas200622 status = smb_sd_fromfs(&fs_sd, sd); 14455bf511dSas200622 smb_fssd_term(&fs_sd); 145da6c28aaSamw 146da6c28aaSamw return (status); 147da6c28aaSamw } 148da6c28aaSamw 149da6c28aaSamw /* 15055bf511dSas200622 * smb_sd_write 15155bf511dSas200622 * 15255bf511dSas200622 * Takes a Win SD in absolute form, converts it to 15355bf511dSas200622 * ZFS format and write it to filesystem. The write routine 15455bf511dSas200622 * converts ZFS acl to Posix acl if required. 15555bf511dSas200622 */ 15655bf511dSas200622 uint32_t 15755bf511dSas200622 smb_sd_write(smb_request_t *sr, smb_sd_t *sd, uint32_t secinfo) 15855bf511dSas200622 { 15955bf511dSas200622 smb_node_t *node; 16055bf511dSas200622 smb_fssd_t fs_sd; 16155bf511dSas200622 uint32_t status; 16255bf511dSas200622 uint32_t sd_flags; 16355bf511dSas200622 int error; 16455bf511dSas200622 16555bf511dSas200622 node = sr->fid_ofile->f_node; 1669fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States sd_flags = smb_node_is_dir(node) ? SMB_FSSD_FLAGS_DIR : 0; 16755bf511dSas200622 smb_fssd_init(&fs_sd, secinfo, sd_flags); 16855bf511dSas200622 16955bf511dSas200622 status = smb_sd_tofs(sd, &fs_sd); 17055bf511dSas200622 if (status != NT_STATUS_SUCCESS) { 17155bf511dSas200622 smb_fssd_term(&fs_sd); 17255bf511dSas200622 return (status); 17355bf511dSas200622 } 17455bf511dSas200622 17555bf511dSas200622 error = smb_fsop_sdwrite(sr, sr->user_cr, node, &fs_sd, 0); 17655bf511dSas200622 smb_fssd_term(&fs_sd); 17755bf511dSas200622 17855bf511dSas200622 if (error) { 1792c1b14e5Sjose borrego if (error == EBADE) 1802c1b14e5Sjose borrego return (NT_STATUS_INVALID_OWNER); 181a90cf9f2SGordon Ross return (smb_errno2status(error)); 18255bf511dSas200622 } 18355bf511dSas200622 18455bf511dSas200622 return (NT_STATUS_SUCCESS); 18555bf511dSas200622 } 18655bf511dSas200622 18755bf511dSas200622 18855bf511dSas200622 /* 189da6c28aaSamw * smb_sd_tofs 190da6c28aaSamw * 191da6c28aaSamw * Creates a filesystem security structure based on the given 192da6c28aaSamw * Windows security descriptor. 193da6c28aaSamw */ 194da6c28aaSamw uint32_t 19555bf511dSas200622 smb_sd_tofs(smb_sd_t *sd, smb_fssd_t *fs_sd) 196da6c28aaSamw { 1976537f381Sas200622 smb_sid_t *sid; 198da6c28aaSamw uint32_t status = NT_STATUS_SUCCESS; 199da6c28aaSamw uint16_t sd_control; 200da6c28aaSamw idmap_stat idm_stat; 201da6c28aaSamw int idtype; 202da6c28aaSamw int flags = 0; 203da6c28aaSamw 20455bf511dSas200622 sd_control = sd->sd_control; 205da6c28aaSamw 206da6c28aaSamw /* 207da6c28aaSamw * ZFS only has one set of flags so for now only 208da6c28aaSamw * Windows DACL flags are taken into account. 209da6c28aaSamw */ 210da6c28aaSamw if (sd_control & SE_DACL_DEFAULTED) 211da6c28aaSamw flags |= ACL_DEFAULTED; 212da6c28aaSamw if (sd_control & SE_DACL_AUTO_INHERITED) 213da6c28aaSamw flags |= ACL_AUTO_INHERIT; 214da6c28aaSamw if (sd_control & SE_DACL_PROTECTED) 215da6c28aaSamw flags |= ACL_PROTECTED; 216da6c28aaSamw 217da6c28aaSamw if (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) 218da6c28aaSamw flags |= ACL_IS_DIR; 219da6c28aaSamw 220da6c28aaSamw /* Owner */ 221da6c28aaSamw if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 22255bf511dSas200622 sid = sd->sd_owner; 2236537f381Sas200622 if (!smb_sid_isvalid(sid)) 224da6c28aaSamw return (NT_STATUS_INVALID_SID); 225da6c28aaSamw 2262c1b14e5Sjose borrego idtype = SMB_IDMAP_USER; 227da6c28aaSamw idm_stat = smb_idmap_getid(sid, &fs_sd->sd_uid, &idtype); 228da6c28aaSamw if (idm_stat != IDMAP_SUCCESS) { 229da6c28aaSamw return (NT_STATUS_NONE_MAPPED); 230da6c28aaSamw } 231da6c28aaSamw } 232da6c28aaSamw 233da6c28aaSamw /* Group */ 234da6c28aaSamw if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 23555bf511dSas200622 sid = sd->sd_group; 2366537f381Sas200622 if (!smb_sid_isvalid(sid)) 237da6c28aaSamw return (NT_STATUS_INVALID_SID); 238da6c28aaSamw 2392c1b14e5Sjose borrego idtype = SMB_IDMAP_GROUP; 240da6c28aaSamw idm_stat = smb_idmap_getid(sid, &fs_sd->sd_gid, &idtype); 241da6c28aaSamw if (idm_stat != IDMAP_SUCCESS) { 242da6c28aaSamw return (NT_STATUS_NONE_MAPPED); 243da6c28aaSamw } 244da6c28aaSamw } 245da6c28aaSamw 246*d11e14a7SMatt Barden /* 247*d11e14a7SMatt Barden * In SMB, the 'secinfo' determines which parts of the SD the client 248*d11e14a7SMatt Barden * intends to change. Notably, this includes changing the DACL_PRESENT 249*d11e14a7SMatt Barden * and SACL_PRESENT control bits. The client can specify e.g. 250*d11e14a7SMatt Barden * SACL_SECINFO, but not SACL_PRESENT, and this means the client intends 251*d11e14a7SMatt Barden * to remove the SACL. 252*d11e14a7SMatt Barden * 253*d11e14a7SMatt Barden * If the *_PRESENT bit isn't set, then the respective ACL will be NULL. 254*d11e14a7SMatt Barden * [MS-DTYP] disallows providing an ACL when the PRESENT bit isn't set. 255*d11e14a7SMatt Barden * This is enforced by smb_decode_sd(). 256*d11e14a7SMatt Barden * 257*d11e14a7SMatt Barden * We allow the SACL to be NULL, but we MUST have a DACL. 258*d11e14a7SMatt Barden * If the DACL is NULL, that's equivalent to "everyone:full_set:allow". 259*d11e14a7SMatt Barden */ 260*d11e14a7SMatt Barden 261da6c28aaSamw /* DACL */ 262da6c28aaSamw if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 263*d11e14a7SMatt Barden ASSERT3U(((sd->sd_control & SE_DACL_PRESENT) != 0), ==, 264*d11e14a7SMatt Barden (sd->sd_dacl != NULL)); 26555bf511dSas200622 status = smb_acl_to_zfs(sd->sd_dacl, flags, 266da6c28aaSamw SMB_DACL_SECINFO, &fs_sd->sd_zdacl); 267da6c28aaSamw if (status != NT_STATUS_SUCCESS) 268da6c28aaSamw return (status); 269da6c28aaSamw } 270da6c28aaSamw 271da6c28aaSamw /* SACL */ 272da6c28aaSamw if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) { 27355bf511dSas200622 if (sd->sd_control & SE_SACL_PRESENT) { 27455bf511dSas200622 status = smb_acl_to_zfs(sd->sd_sacl, flags, 275da6c28aaSamw SMB_SACL_SECINFO, &fs_sd->sd_zsacl); 276da6c28aaSamw if (status != NT_STATUS_SUCCESS) { 277da6c28aaSamw return (status); 278da6c28aaSamw } 279da6c28aaSamw } 280da6c28aaSamw } 281da6c28aaSamw 282da6c28aaSamw return (status); 283da6c28aaSamw } 284da6c28aaSamw 285da6c28aaSamw /* 28655bf511dSas200622 * smb_sd_fromfs 287da6c28aaSamw * 28855bf511dSas200622 * Makes an Windows style security descriptor in absolute form 28955bf511dSas200622 * based on the given filesystem security information. 290da6c28aaSamw * 29155bf511dSas200622 * Should call smb_sd_term() for the returned sd to free allocated 29255bf511dSas200622 * members. 293da6c28aaSamw */ 29455bf511dSas200622 static uint32_t 29555bf511dSas200622 smb_sd_fromfs(smb_fssd_t *fs_sd, smb_sd_t *sd) 296da6c28aaSamw { 297da6c28aaSamw uint32_t status = NT_STATUS_SUCCESS; 29855bf511dSas200622 smb_acl_t *acl = NULL; 2996537f381Sas200622 smb_sid_t *sid; 30055bf511dSas200622 idmap_stat idm_stat; 301da6c28aaSamw 30255bf511dSas200622 ASSERT(fs_sd); 30355bf511dSas200622 ASSERT(sd); 304da6c28aaSamw 30555bf511dSas200622 smb_sd_init(sd, SECURITY_DESCRIPTOR_REVISION); 306da6c28aaSamw 30755bf511dSas200622 /* Owner */ 30855bf511dSas200622 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 30955bf511dSas200622 idm_stat = smb_idmap_getsid(fs_sd->sd_uid, 31055bf511dSas200622 SMB_IDMAP_USER, &sid); 311da6c28aaSamw 31255bf511dSas200622 if (idm_stat != IDMAP_SUCCESS) { 31355bf511dSas200622 smb_sd_term(sd); 31455bf511dSas200622 return (NT_STATUS_NONE_MAPPED); 315da6c28aaSamw } 316da6c28aaSamw 31755bf511dSas200622 sd->sd_owner = sid; 31855bf511dSas200622 } 31955bf511dSas200622 32055bf511dSas200622 /* Group */ 32155bf511dSas200622 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 32255bf511dSas200622 idm_stat = smb_idmap_getsid(fs_sd->sd_gid, 32355bf511dSas200622 SMB_IDMAP_GROUP, &sid); 32455bf511dSas200622 32555bf511dSas200622 if (idm_stat != IDMAP_SUCCESS) { 32655bf511dSas200622 smb_sd_term(sd); 32755bf511dSas200622 return (NT_STATUS_NONE_MAPPED); 32855bf511dSas200622 } 32955bf511dSas200622 33055bf511dSas200622 sd->sd_group = sid; 33155bf511dSas200622 } 33255bf511dSas200622 33355bf511dSas200622 /* DACL */ 33455bf511dSas200622 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 33555bf511dSas200622 if (fs_sd->sd_zdacl != NULL) { 336f96bd5c8SAlan Wright acl = smb_acl_from_zfs(fs_sd->sd_zdacl); 33755bf511dSas200622 if (acl == NULL) { 33855bf511dSas200622 smb_sd_term(sd); 33955bf511dSas200622 return (NT_STATUS_INTERNAL_ERROR); 34055bf511dSas200622 } 34155bf511dSas200622 342da6c28aaSamw /* 34355bf511dSas200622 * Need to sort the ACL before send it to Windows 34455bf511dSas200622 * clients. Winodws GUI is sensitive about the order 34555bf511dSas200622 * of ACEs. 346da6c28aaSamw */ 34755bf511dSas200622 smb_acl_sort(acl); 34855bf511dSas200622 smb_sd_set_dacl(sd, acl, B_TRUE, 34955bf511dSas200622 fs_sd->sd_zdacl->acl_flags); 35055bf511dSas200622 } else { 35155bf511dSas200622 smb_sd_set_dacl(sd, NULL, B_FALSE, 0); 35255bf511dSas200622 } 353da6c28aaSamw } 354da6c28aaSamw 35555bf511dSas200622 /* SACL */ 35655bf511dSas200622 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) { 35755bf511dSas200622 if (fs_sd->sd_zsacl != NULL) { 358f96bd5c8SAlan Wright acl = smb_acl_from_zfs(fs_sd->sd_zsacl); 35955bf511dSas200622 if (acl == NULL) { 36055bf511dSas200622 smb_sd_term(sd); 36155bf511dSas200622 return (NT_STATUS_INTERNAL_ERROR); 362da6c28aaSamw } 363da6c28aaSamw 36455bf511dSas200622 smb_sd_set_sacl(sd, acl, B_TRUE, 36555bf511dSas200622 fs_sd->sd_zsacl->acl_flags); 36655bf511dSas200622 } else { 36755bf511dSas200622 smb_sd_set_sacl(sd, NULL, B_FALSE, 0); 36855bf511dSas200622 } 369da6c28aaSamw } 370da6c28aaSamw 37155bf511dSas200622 return (status); 37255bf511dSas200622 } 37355bf511dSas200622 37455bf511dSas200622 static void 37555bf511dSas200622 smb_sd_set_dacl(smb_sd_t *sd, smb_acl_t *acl, boolean_t present, int flags) 37655bf511dSas200622 { 37755bf511dSas200622 ASSERT((sd->sd_control & SE_SELF_RELATIVE) == 0); 37855bf511dSas200622 37955bf511dSas200622 sd->sd_dacl = acl; 38055bf511dSas200622 38155bf511dSas200622 if (flags & ACL_DEFAULTED) 38255bf511dSas200622 sd->sd_control |= SE_DACL_DEFAULTED; 38355bf511dSas200622 if (flags & ACL_AUTO_INHERIT) 38455bf511dSas200622 sd->sd_control |= SE_DACL_AUTO_INHERITED; 38555bf511dSas200622 if (flags & ACL_PROTECTED) 38655bf511dSas200622 sd->sd_control |= SE_DACL_PROTECTED; 38755bf511dSas200622 38855bf511dSas200622 if (present) 38955bf511dSas200622 sd->sd_control |= SE_DACL_PRESENT; 39055bf511dSas200622 } 39155bf511dSas200622 39255bf511dSas200622 static void 39355bf511dSas200622 smb_sd_set_sacl(smb_sd_t *sd, smb_acl_t *acl, boolean_t present, int flags) 39455bf511dSas200622 { 39555bf511dSas200622 ASSERT((sd->sd_control & SE_SELF_RELATIVE) == 0); 39655bf511dSas200622 39755bf511dSas200622 sd->sd_sacl = acl; 39855bf511dSas200622 39955bf511dSas200622 if (flags & ACL_DEFAULTED) 40055bf511dSas200622 sd->sd_control |= SE_SACL_DEFAULTED; 40155bf511dSas200622 if (flags & ACL_AUTO_INHERIT) 40255bf511dSas200622 sd->sd_control |= SE_SACL_AUTO_INHERITED; 40355bf511dSas200622 if (flags & ACL_PROTECTED) 40455bf511dSas200622 sd->sd_control |= SE_SACL_PROTECTED; 40555bf511dSas200622 40655bf511dSas200622 if (present) 40755bf511dSas200622 sd->sd_control |= SE_SACL_PRESENT; 40855bf511dSas200622 } 40955bf511dSas200622 41055bf511dSas200622 /* 41155bf511dSas200622 * smb_fssd_init 41255bf511dSas200622 * 41355bf511dSas200622 * Initializes the given FS SD structure. 41455bf511dSas200622 */ 41555bf511dSas200622 void 41655bf511dSas200622 smb_fssd_init(smb_fssd_t *fs_sd, uint32_t secinfo, uint32_t flags) 41755bf511dSas200622 { 41855bf511dSas200622 bzero(fs_sd, sizeof (smb_fssd_t)); 41955bf511dSas200622 fs_sd->sd_secinfo = secinfo; 42055bf511dSas200622 fs_sd->sd_flags = flags; 42155bf511dSas200622 } 42255bf511dSas200622 42355bf511dSas200622 /* 42455bf511dSas200622 * smb_fssd_term 42555bf511dSas200622 * 42655bf511dSas200622 * Frees allocated memory for acl fields. 42755bf511dSas200622 */ 42855bf511dSas200622 void 42955bf511dSas200622 smb_fssd_term(smb_fssd_t *fs_sd) 43055bf511dSas200622 { 43155bf511dSas200622 ASSERT(fs_sd); 43255bf511dSas200622 43355bf511dSas200622 smb_fsacl_free(fs_sd->sd_zdacl); 43455bf511dSas200622 smb_fsacl_free(fs_sd->sd_zsacl); 43555bf511dSas200622 bzero(fs_sd, sizeof (smb_fssd_t)); 436da6c28aaSamw } 437