1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SMBSRV_NTIFS_H 27 #define _SMBSRV_NTIFS_H 28 29 /* 30 * This file provides definitions compatible with the NT Installable 31 * File System (IFS) interface. This header file also defines the Security 32 * Descriptor module from Windows. 33 */ 34 35 #ifdef __cplusplus 36 extern "C" { 37 #endif 38 39 #include <sys/acl.h> 40 #include <sys/list.h> 41 #include <smbsrv/smb_sid.h> 42 43 /* 44 * The Volume and Directory bits are for SMB rather than NT. 45 * NT has an explicit Normal bit; this bit is implied in SMB 46 * when the Hidden, System and Directory bits are not set. 47 * 48 * File attributes and creation flags share the same 32-bit 49 * space. 50 */ 51 #define FILE_ATTRIBUTE_READONLY 0x00000001 52 #define FILE_ATTRIBUTE_HIDDEN 0x00000002 53 #define FILE_ATTRIBUTE_SYSTEM 0x00000004 54 #define FILE_ATTRIBUTE_VOLUME 0x00000008 55 #define FILE_ATTRIBUTE_DIRECTORY 0x00000010 56 #define FILE_ATTRIBUTE_ARCHIVE 0x00000020 57 #define FILE_ATTRIBUTE_DEVICE 0x00000040 58 #define FILE_ATTRIBUTE_NORMAL 0x00000080 59 #define FILE_ATTRIBUTE_TEMPORARY 0x00000100 60 #define FILE_ATTRIBUTE_SPARSE_FILE 0x00000200 61 #define FILE_ATTRIBUTE_REPARSE_POINT 0x00000400 62 #define FILE_ATTRIBUTE_COMPRESSED 0x00000800 63 #define FILE_ATTRIBUTE_OFFLINE 0x00001000 64 #define FILE_ATTRIBUTE_NOT_CONTENT_INDEXED 0x00002000 65 #define FILE_ATTRIBUTE_ENCRYPTED 0x00004000 66 #define FILE_ATTRIBUTE_VIRTUAL 0x00010000 67 #define FILE_FLAG_OPEN_NO_RECALL 0x00100000 68 #define FILE_FLAG_OPEN_REPARSE_POINT 0x00200000 69 #define FILE_FLAG_POSIX_SEMANTICS 0x01000000 70 #define FILE_FLAG_BACKUP_SEMANTICS 0x02000000 71 #define FILE_FLAG_DELETE_ON_CLOSE 0x04000000 72 #define FILE_FLAG_SEQUENTIAL_SCAN 0x08000000 73 #define FILE_FLAG_RANDOM_ACCESS 0x10000000 74 #define FILE_FLAG_NO_BUFFERING 0x20000000 75 #define FILE_FLAG_OVERLAPPED 0x40000000 76 #define FILE_FLAG_WRITE_THROUGH 0x80000000 77 78 #define FILE_ATTRIBUTE_VALID_FLAGS 0x00001fb7 79 #define FILE_ATTRIBUTE_VALID_SET_FLAGS 0x00001fa7 80 #define FILE_ATTRIBUTE_MASK 0x00003FFF 81 82 /* 83 * The create/open option flags: used in NtCreateAndx and NtTransactCreate 84 * SMB requests. 85 * 86 * The CreateOptions specify the options to be applied when creating or 87 * opening the file, as a compatible combination of the following flags: 88 * 89 * FILE_DIRECTORY_FILE 90 * The file being created or opened is a directory file. With this 91 * flag, the Disposition parameter must be set to one of FILE_CREATE, 92 * FILE_OPEN, or FILE_OPEN_IF. With this flag, other compatible 93 * CreateOptions flags include only the following: 94 * FILE_SYNCHRONOUS_IO_ALERT 95 * FILE_SYNCHRONOUS_IO_NONALERT 96 * FILE_WRITE_THROUGH 97 * FILE_OPEN_FOR_BACKUP_INTENT 98 * FILE_OPEN_BY_FILE_ID 99 * 100 * FILE_NON_DIRECTORY_FILE 101 * The file being opened must not be a directory file or this call 102 * will fail. The file object being opened can represent a data file, 103 * a logical, virtual, or physical device, or a volume. 104 * 105 * FILE_WRITE_THROUGH 106 * System services, FSDs, and drivers that write data to the file must 107 * actually transfer the data into the file before any requested write 108 * operation is considered complete. This flag is automatically set if 109 * the CreateOptions flag FILE_NO_INTERMEDIATE _BUFFERING is set. 110 * 111 * FILE_SEQUENTIAL_ONLY 112 * All accesses to the file will be sequential. 113 * 114 * FILE_RANDOM_ACCESS 115 * Accesses to the file can be random, so no sequential read-ahead 116 * operations should be performed on the file by FSDs or the system. 117 * FILE_NO_INTERMEDIATE _BUFFERING The file cannot be cached or 118 * buffered in a driver's internal buffers. This flag is incompatible 119 * with the DesiredAccess FILE_APPEND_DATA flag. 120 * 121 * FILE_SYNCHRONOUS_IO_ALERT 122 * All operations on the file are performed synchronously. Any wait 123 * on behalf of the caller is subject to premature termination from 124 * alerts. This flag also causes the I/O system to maintain the file 125 * position context. If this flag is set, the DesiredAccess 126 * SYNCHRONIZE flag also must be set. 127 * 128 * FILE_SYNCHRONOUS_IO _NONALERT 129 * All operations on the file are performed synchronously. Waits in 130 * the system to synchronize I/O queuing and completion are not subject 131 * to alerts. This flag also causes the I/O system to maintain the file 132 * position context. If this flag is set, the DesiredAccess SYNCHRONIZE 133 * flag also must be set. 134 * 135 * FILE_CREATE_TREE _CONNECTION 136 * Create a tree connection for this file in order to open it over the 137 * network. This flag is irrelevant to device and intermediate drivers. 138 * 139 * FILE_COMPLETE_IF_OPLOCKED 140 * Complete this operation immediately with an alternate success code 141 * if the target file is oplocked, rather than blocking the caller's 142 * thread. If the file is oplocked, another caller already has access 143 * to the file over the network. This flag is irrelevant to device and 144 * intermediate drivers. 145 * 146 * FILE_NO_EA_KNOWLEDGE 147 * If the extended attributes on an existing file being opened indicate 148 * that the caller must understand EAs to properly interpret the file, 149 * fail this request because the caller does not understand how to deal 150 * with EAs. Device and intermediate drivers can ignore this flag. 151 * 152 * FILE_DELETE_ON_CLOSE 153 * Delete the file when the last reference to it is passed to close. 154 * 155 * FILE_OPEN_BY_FILE_ID 156 * The file name contains the name of a device and a 64-bit ID to 157 * be used to open the file. This flag is irrelevant to device and 158 * intermediate drivers. 159 * 160 * FILE_OPEN_FOR_BACKUP _INTENT 161 * The file is being opened for backup intent, hence, the system should 162 * check for certain access rights and grant the caller the appropriate 163 * accesses to the file before checking the input DesiredAccess against 164 * the file's security descriptor. This flag is irrelevant to device 165 * and intermediate drivers. 166 */ 167 #define FILE_DIRECTORY_FILE 0x00000001 168 #define FILE_WRITE_THROUGH 0x00000002 169 #define FILE_SEQUENTIAL_ONLY 0x00000004 170 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008 171 172 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010 173 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 174 #define FILE_NON_DIRECTORY_FILE 0x00000040 175 #define FILE_CREATE_TREE_CONNECTION 0x00000080 176 177 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100 178 #define FILE_NO_EA_KNOWLEDGE 0x00000200 179 /* UNUSED 0x00000400 */ 180 #define FILE_RANDOM_ACCESS 0x00000800 181 182 #define FILE_DELETE_ON_CLOSE 0x00001000 183 #define FILE_OPEN_BY_FILE_ID 0x00002000 184 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000 185 #define FILE_NO_COMPRESSION 0x00008000 186 187 #define FILE_RESERVE_OPFILTER 0x00100000 188 #define FILE_RESERVED0 0x00200000 189 #define FILE_RESERVED1 0x00400000 190 #define FILE_RESERVED2 0x00800000 191 192 #define FILE_VALID_OPTION_FLAGS 0x007fffff 193 #define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032 194 #define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032 195 #define FILE_VALID_SET_FLAGS 0x00000036 196 197 /* 198 * Define the file information class values used by the NT DDK and HAL. 199 */ 200 typedef enum _FILE_INFORMATION_CLASS { 201 FileDirectoryInformation = 1, 202 FileFullDirectoryInformation, /* 2 */ 203 FileBothDirectoryInformation, /* 3 */ 204 FileBasicInformation, /* 4 */ 205 FileStandardInformation, /* 5 */ 206 FileInternalInformation, /* 6 */ 207 FileEaInformation, /* 7 */ 208 FileAccessInformation, /* 8 */ 209 FileNameInformation, /* 9 */ 210 FileRenameInformation, /* 10 */ 211 FileLinkInformation, /* 11 */ 212 FileNamesInformation, /* 12 */ 213 FileDispositionInformation, /* 13 */ 214 FilePositionInformation, /* 14 */ 215 FileFullEaInformation, /* 15 */ 216 FileModeInformation, /* 16 */ 217 FileAlignmentInformation, /* 17 */ 218 FileAllInformation, /* 18 */ 219 FileAllocationInformation, /* 19 */ 220 FileEndOfFileInformation, /* 20 */ 221 FileAlternateNameInformation, /* 21 */ 222 FileStreamInformation, /* 22 */ 223 FilePipeInformation, /* 23 */ 224 FilePipeLocalInformation, /* 24 */ 225 FilePipeRemoteInformation, /* 25 */ 226 FileMailslotQueryInformation, /* 26 */ 227 FileMailslotSetInformation, /* 27 */ 228 FileCompressionInformation, /* 28 */ 229 FileObjectIdInformation, /* 29 */ 230 FileCompletionInformation, /* 30 */ 231 FileMoveClusterInformation, /* 31 */ 232 FileInformationReserved32, /* 32 */ 233 FileInformationReserved33, /* 33 */ 234 FileNetworkOpenInformation, /* 34 */ 235 FileAttributeTagInformation, /* 35 */ 236 FileMaximumInformation 237 } FILE_INFORMATION_CLASS; 238 239 /* 240 * Discretionary Access Control List (DACL) 241 * 242 * A Discretionary Access Control List (DACL), often abbreviated to 243 * ACL, is a list of access controls which either allow or deny access 244 * for users or groups to a resource. There is a list header followed 245 * by a list of access control entries (ACE). Each ACE specifies the 246 * access allowed or denied to a single user or group (identified by 247 * a SID). 248 * 249 * There is another access control list object called a System Access 250 * Control List (SACL), which is used to control auditing, but no 251 * support is provideed for SACLs at this time. 252 * 253 * ACL header format: 254 * 255 * 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 256 * 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 257 * +-------------------------------+---------------+---------------+ 258 * | AclSize | Sbz1 | AclRevision | 259 * +-------------------------------+---------------+---------------+ 260 * | Sbz2 | AceCount | 261 * +-------------------------------+-------------------------------+ 262 * 263 * AclRevision specifies the revision level of the ACL. This value should 264 * be ACL_REVISION, unless the ACL contains an object-specific ACE, in which 265 * case this value must be ACL_REVISION_DS. All ACEs in an ACL must be at the 266 * same revision level. 267 * 268 * ACE header format: 269 * 270 * 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 271 * 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 272 * +---------------+-------+-------+---------------+---------------+ 273 * | AceSize | AceFlags | AceType | 274 * +---------------+-------+-------+---------------+---------------+ 275 * 276 * Access mask format: 277 * 278 * 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 279 * 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 280 * +---------------+---------------+-------------------------------+ 281 * |G|G|G|G|Res'd|A| StandardRights| SpecificRights | 282 * |R|W|E|A| |S| | | 283 * +-+-------------+---------------+-------------------------------+ 284 * 285 * typedef struct ACCESS_MASK { 286 * WORD SpecificRights; 287 * BYTE StandardRights; 288 * BYTE AccessSystemAcl : 1; 289 * BYTE Reserved : 3; 290 * BYTE GenericAll : 1; 291 * BYTE GenericExecute : 1; 292 * BYTE GenericWrite : 1; 293 * BYTE GenericRead : 1; 294 * } ACCESS_MASK; 295 * 296 */ 297 298 #define ACL_REVISION1 1 299 #define ACL_REVISION2 2 300 #define MIN_ACL_REVISION2 ACL_REVISION2 301 #define ACL_REVISION3 3 302 #define ACL_REVISION4 4 303 #define MAX_ACL_REVISION ACL_REVISION4 304 305 /* 306 * Current ACE and ACL revision Levels 307 */ 308 #define ACE_REVISION 1 309 #define ACL_REVISION ACL_REVISION2 310 #define ACL_REVISION_DS ACL_REVISION4 311 312 313 #define ACCESS_ALLOWED_ACE_TYPE 0 314 #define ACCESS_DENIED_ACE_TYPE 1 315 #define SYSTEM_AUDIT_ACE_TYPE 2 316 #define SYSTEM_ALARM_ACE_TYPE 3 317 318 /* 319 * se_flags 320 * ---------- 321 * Specifies a set of ACE type-specific control flags. This member can be a 322 * combination of the following values. 323 * 324 * CONTAINER_INHERIT_ACE: Child objects that are containers, such as 325 * directories, inherit the ACE as an effective ACE. The inherited 326 * ACE is inheritable unless the NO_PROPAGATE_INHERIT_ACE bit flag 327 * is also set. 328 * 329 * INHERIT_ONLY_ACE: Indicates an inherit-only ACE which does not control 330 * access to the object to which it is attached. 331 * If this flag is not set, 332 * the ACE is an effective ACE which controls access to the object 333 * to which it is attached. 334 * Both effective and inherit-only ACEs can be inherited 335 * depending on the state of the other inheritance flags. 336 * 337 * INHERITED_ACE: Windows 2000/XP: Indicates that the ACE was inherited. 338 * The system sets this bit when it propagates an 339 * inherited ACE to a child object. 340 * 341 * NO_PROPAGATE_INHERIT_ACE: If the ACE is inherited by a child object, the 342 * system clears the OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE 343 * flags in the inherited ACE. 344 * This prevents the ACE from being inherited by 345 * subsequent generations of objects. 346 * 347 * OBJECT_INHERIT_ACE: Noncontainer child objects inherit the ACE as an 348 * effective ACE. For child objects that are containers, 349 * the ACE is inherited as an inherit-only ACE unless the 350 * NO_PROPAGATE_INHERIT_ACE bit flag is also set. 351 */ 352 #define OBJECT_INHERIT_ACE 0x01 353 #define CONTAINER_INHERIT_ACE 0x02 354 #define NO_PROPOGATE_INHERIT_ACE 0x04 355 #define INHERIT_ONLY_ACE 0x08 356 #define INHERITED_ACE 0x10 357 #define INHERIT_MASK_ACE 0x1F 358 359 360 /* 361 * These flags are only used in system audit or alarm ACEs to 362 * indicate when an audit message should be generated, i.e. 363 * on successful access or on unsuccessful access. 364 */ 365 #define SUCCESSFUL_ACCESS_ACE_FLAG 0x40 366 #define FAILED_ACCESS_ACE_FLAG 0x80 367 368 /* 369 * se_bsize is the size, in bytes, of ACE as it appears on the wire. 370 * se_sln is used to sort the ACL when it's required. 371 */ 372 typedef struct smb_acehdr { 373 uint8_t se_type; 374 uint8_t se_flags; 375 uint16_t se_bsize; 376 } smb_acehdr_t; 377 378 typedef struct smb_ace { 379 smb_acehdr_t se_hdr; 380 uint32_t se_mask; 381 list_node_t se_sln; 382 smb_sid_t *se_sid; 383 } smb_ace_t; 384 385 /* 386 * sl_bsize is the size of ACL in bytes as it appears on the wire. 387 */ 388 typedef struct smb_acl { 389 uint8_t sl_revision; 390 uint16_t sl_bsize; 391 uint16_t sl_acecnt; 392 smb_ace_t *sl_aces; 393 list_t sl_sorted; 394 } smb_acl_t; 395 396 /* 397 * ACE/ACL header size, in byte, as it appears on the wire 398 */ 399 #define SMB_ACE_HDRSIZE 4 400 #define SMB_ACL_HDRSIZE 8 401 402 /* 403 * Security Descriptor (SD) 404 * 405 * Security descriptors provide protection for objects, for example 406 * files and directories. It identifies the owner and primary group 407 * (SIDs) and contains an access control list. When a user tries to 408 * access an object his SID is compared to the permissions in the 409 * DACL to determine if access should be allowed or denied. Note that 410 * this is a simplification because there are other factors, such as 411 * default behavior and privileges to be taken into account (see also 412 * access tokens). 413 * 414 * The boolean flags have the following meanings when set: 415 * 416 * SE_OWNER_DEFAULTED indicates that the SID pointed to by the Owner 417 * field was provided by a defaulting mechanism rather than explicitly 418 * provided by the original provider of the security descriptor. This 419 * may affect the treatment of the SID with respect to inheritance of 420 * an owner. 421 * 422 * SE_GROUP_DEFAULTED indicates that the SID in the Group field was 423 * provided by a defaulting mechanism rather than explicitly provided 424 * by the original provider of the security descriptor. This may 425 * affect the treatment of the SID with respect to inheritance of a 426 * primary group. 427 * 428 * SE_DACL_PRESENT indicates that the security descriptor contains a 429 * discretionary ACL. If this flag is set and the Dacl field of the 430 * SECURITY_DESCRIPTOR is null, then a null ACL is explicitly being 431 * specified. 432 * 433 * SE_DACL_DEFAULTED indicates that the ACL pointed to by the Dacl 434 * field was provided by a defaulting mechanism rather than explicitly 435 * provided by the original provider of the security descriptor. This 436 * may affect the treatment of the ACL with respect to inheritance of 437 * an ACL. This flag is ignored if the DaclPresent flag is not set. 438 * 439 * SE_SACL_PRESENT indicates that the security descriptor contains a 440 * system ACL pointed to by the Sacl field. If this flag is set and 441 * the Sacl field of the SECURITY_DESCRIPTOR is null, then an empty 442 * (but present) ACL is being specified. 443 * 444 * SE_SACL_DEFAULTED indicates that the ACL pointed to by the Sacl 445 * field was provided by a defaulting mechanism rather than explicitly 446 * provided by the original provider of the security descriptor. This 447 * may affect the treatment of the ACL with respect to inheritance of 448 * an ACL. This flag is ignored if the SaclPresent flag is not set. 449 * 450 * SE_DACL_PROTECTED Prevents ACEs set on the DACL of the parent container 451 * (and any objects above the parent container in the directory hierarchy) 452 * from being applied to the object's DACL. 453 * 454 * SE_SACL_PROTECTED Prevents ACEs set on the SACL of the parent container 455 * (and any objects above the parent container in the directory hierarchy) 456 * from being applied to the object's SACL. 457 * 458 * Note that the SE_DACL_PRESENT flag needs to be present to set 459 * SE_DACL_PROTECTED and SE_SACL_PRESENT needs to be present to set 460 * SE_SACL_PROTECTED. 461 * 462 * SE_SELF_RELATIVE indicates that the security descriptor is in self- 463 * relative form. In this form, all fields of the security descriptor 464 * are contiguous in memory and all pointer fields are expressed as 465 * offsets from the beginning of the security descriptor. 466 * 467 * 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 468 * 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 469 * +---------------------------------------------------------------+ 470 * | Control |Reserved1 (SBZ)| Revision | 471 * +---------------------------------------------------------------+ 472 * | Owner | 473 * +---------------------------------------------------------------+ 474 * | Group | 475 * +---------------------------------------------------------------+ 476 * | Sacl | 477 * +---------------------------------------------------------------+ 478 * | Dacl | 479 * +---------------------------------------------------------------+ 480 * 481 */ 482 483 #define SMB_OWNER_SECINFO 0x0001 484 #define SMB_GROUP_SECINFO 0x0002 485 #define SMB_DACL_SECINFO 0x0004 486 #define SMB_SACL_SECINFO 0x0008 487 #define SMB_ALL_SECINFO 0x000F 488 #define SMB_ACL_SECINFO (SMB_DACL_SECINFO | SMB_SACL_SECINFO) 489 490 #define SECURITY_DESCRIPTOR_REVISION 1 491 492 493 #define SE_OWNER_DEFAULTED 0x0001 494 #define SE_GROUP_DEFAULTED 0x0002 495 #define SE_DACL_PRESENT 0x0004 496 #define SE_DACL_DEFAULTED 0x0008 497 #define SE_SACL_PRESENT 0x0010 498 #define SE_SACL_DEFAULTED 0x0020 499 #define SE_DACL_AUTO_INHERIT_REQ 0x0100 500 #define SE_SACL_AUTO_INHERIT_REQ 0x0200 501 #define SE_DACL_AUTO_INHERITED 0x0400 502 #define SE_SACL_AUTO_INHERITED 0x0800 503 #define SE_DACL_PROTECTED 0x1000 504 #define SE_SACL_PROTECTED 0x2000 505 #define SE_SELF_RELATIVE 0x8000 506 507 #define SE_DACL_INHERITANCE_MASK 0x1500 508 #define SE_SACL_INHERITANCE_MASK 0x2A00 509 510 /* 511 * Security descriptor structures: 512 * 513 * smb_sd_t SD in SMB pointer form 514 * smb_fssd_t SD in filesystem form 515 * 516 * Filesystems (e.g. ZFS/UFS) don't have something equivalent 517 * to SD. The items comprising a SMB SD are kept separately in 518 * filesystem. smb_fssd_t is introduced as a helper to provide 519 * the required abstraction for CIFS code. 520 */ 521 522 typedef struct smb_sd { 523 uint8_t sd_revision; 524 uint16_t sd_control; 525 smb_sid_t *sd_owner; /* SID file owner */ 526 smb_sid_t *sd_group; /* SID group (for POSIX) */ 527 smb_acl_t *sd_sacl; /* ACL System (audits) */ 528 smb_acl_t *sd_dacl; /* ACL Discretionary (perm) */ 529 } smb_sd_t; 530 531 /* 532 * SD header size as it appears on the wire 533 */ 534 #define SMB_SD_HDRSIZE 20 535 536 /* 537 * values for smb_fssd.sd_flags 538 */ 539 #define SMB_FSSD_FLAGS_DIR 0x01 540 541 typedef struct smb_fssd { 542 uint32_t sd_secinfo; 543 uint32_t sd_flags; 544 uid_t sd_uid; 545 gid_t sd_gid; 546 acl_t *sd_zdacl; 547 acl_t *sd_zsacl; 548 } smb_fssd_t; 549 550 void smb_sd_init(smb_sd_t *, uint8_t); 551 void smb_sd_term(smb_sd_t *); 552 uint32_t smb_sd_get_secinfo(smb_sd_t *); 553 uint32_t smb_sd_len(smb_sd_t *, uint32_t); 554 uint32_t smb_sd_tofs(smb_sd_t *, smb_fssd_t *); 555 556 void smb_fssd_init(smb_fssd_t *, uint32_t, uint32_t); 557 void smb_fssd_term(smb_fssd_t *); 558 559 void smb_acl_sort(smb_acl_t *); 560 void smb_acl_free(smb_acl_t *); 561 smb_acl_t *smb_acl_alloc(uint8_t, uint16_t, uint16_t); 562 smb_acl_t *smb_acl_from_zfs(acl_t *, uid_t, gid_t); 563 uint32_t smb_acl_to_zfs(smb_acl_t *, uint32_t, int, acl_t **); 564 uint16_t smb_acl_len(smb_acl_t *); 565 boolean_t smb_acl_isvalid(smb_acl_t *, int); 566 567 void smb_fsacl_free(acl_t *); 568 acl_t *smb_fsacl_alloc(int, int); 569 570 #ifdef __cplusplus 571 } 572 #endif 573 574 #endif /* _SMBSRV_NTIFS_H */ 575