102d09e03SGordon Ross /* 202d09e03SGordon Ross * CDDL HEADER START 302d09e03SGordon Ross * 402d09e03SGordon Ross * The contents of this file are subject to the terms of the 502d09e03SGordon Ross * Common Development and Distribution License (the "License"). 602d09e03SGordon Ross * You may not use this file except in compliance with the License. 702d09e03SGordon Ross * 802d09e03SGordon Ross * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 902d09e03SGordon Ross * or http://www.opensolaris.org/os/licensing. 1002d09e03SGordon Ross * See the License for the specific language governing permissions 1102d09e03SGordon Ross * and limitations under the License. 1202d09e03SGordon Ross * 1302d09e03SGordon Ross * When distributing Covered Code, include this CDDL HEADER in each 1402d09e03SGordon Ross * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 1502d09e03SGordon Ross * If applicable, add the following below this CDDL HEADER, with the 1602d09e03SGordon Ross * fields enclosed by brackets "[]" replaced with your own identifying 1702d09e03SGordon Ross * information: Portions Copyright [yyyy] [name of copyright owner] 1802d09e03SGordon Ross * 1902d09e03SGordon Ross * CDDL HEADER END 2002d09e03SGordon Ross */ 2102d09e03SGordon Ross 2202d09e03SGordon Ross /* 23*bd7c6f51SGordon Ross * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 2402d09e03SGordon Ross * Use is subject to license terms. 2502d09e03SGordon Ross */ 2602d09e03SGordon Ross 2702d09e03SGordon Ross #ifndef _SMBFS_NTACL_H 2802d09e03SGordon Ross #define _SMBFS_NTACL_H 2902d09e03SGordon Ross 3002d09e03SGordon Ross /* 3102d09e03SGordon Ross * Internal functions for dealing with 3202d09e03SGordon Ross * NT Security data structures. 3302d09e03SGordon Ross */ 3402d09e03SGordon Ross 3502d09e03SGordon Ross #include <netsmb/mchain.h> 3602d09e03SGordon Ross 3702d09e03SGordon Ross /* 3802d09e03SGordon Ross * Internal form of an NT SID 3902d09e03SGordon Ross * Same as on the wire, but possibly byte-swapped. 4002d09e03SGordon Ross */ 4102d09e03SGordon Ross typedef struct i_ntsid { 4202d09e03SGordon Ross uint8_t sid_revision; 4302d09e03SGordon Ross uint8_t sid_subauthcount; 4402d09e03SGordon Ross uint8_t sid_authority[6]; 4502d09e03SGordon Ross uint32_t sid_subauthvec[1]; /* actually len=subauthcount */ 4602d09e03SGordon Ross } i_ntsid_t; 4702d09e03SGordon Ross #define I_SID_SIZE(sacnt) (8 + 4 * (sacnt)) 4802d09e03SGordon Ross 4902d09e03SGordon Ross /* 50*bd7c6f51SGordon Ross * Internal form of an NT ACE - first the header. 51*bd7c6f51SGordon Ross * See MS SDK: ACE_HEADER (For MS, it's the OtW form) 52*bd7c6f51SGordon Ross * Note: ace_size here is the in-memoy size, not OtW. 5302d09e03SGordon Ross */ 54*bd7c6f51SGordon Ross typedef struct i_ntace_hdr { 5502d09e03SGordon Ross uint8_t ace_type; 5602d09e03SGordon Ross uint8_t ace_flags; 57*bd7c6f51SGordon Ross uint16_t ace_size; 58*bd7c6f51SGordon Ross } i_ntace_hdr_t; 59*bd7c6f51SGordon Ross 60*bd7c6f51SGordon Ross /* 61*bd7c6f51SGordon Ross * Simple ACE for types: ACCESS_ALLOWED through SYSTEM_ALARM 62*bd7c6f51SGordon Ross * See MS SDK: ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, 63*bd7c6f51SGordon Ross * SYSTEM_AUDIT_ACE, SYSTEM_ALARM_ACE. 64*bd7c6f51SGordon Ross * 65*bd7c6f51SGordon Ross * The above are the only types that appear in a V2 ACL. 66*bd7c6f51SGordon Ross * Note that in the Windows SDK, the SID is stored as 67*bd7c6f51SGordon Ross * "flat" data after the ACE header. This implementation 68*bd7c6f51SGordon Ross * stores the SID as a pointer instead. 69*bd7c6f51SGordon Ross */ 70*bd7c6f51SGordon Ross typedef struct i_ntace_v2 { 71*bd7c6f51SGordon Ross i_ntace_hdr_t ace_hdr; 7202d09e03SGordon Ross uint32_t ace_rights; /* generic, standard, specific, etc */ 7302d09e03SGordon Ross i_ntsid_t *ace_sid; 74*bd7c6f51SGordon Ross } i_ntace_v2_t; 75*bd7c6f51SGordon Ross 76*bd7c6f51SGordon Ross /* 77*bd7c6f51SGordon Ross * A union for convenience of the conversion code. 78*bd7c6f51SGordon Ross * There are lots more ACE types, ignored for now. 79*bd7c6f51SGordon Ross */ 80*bd7c6f51SGordon Ross typedef union i_ntace_u { 81*bd7c6f51SGordon Ross i_ntace_hdr_t ace_hdr; 82*bd7c6f51SGordon Ross i_ntace_v2_t ace_v2; 8302d09e03SGordon Ross } i_ntace_t; 8402d09e03SGordon Ross 8502d09e03SGordon Ross /* 8602d09e03SGordon Ross * Internal form of an NT ACL (see sacl/dacl below) 8702d09e03SGordon Ross */ 8802d09e03SGordon Ross typedef struct i_ntacl { 8902d09e03SGordon Ross uint8_t acl_revision; /* 0x02 observed with W2K */ 9002d09e03SGordon Ross uint16_t acl_acecount; 9102d09e03SGordon Ross i_ntace_t *acl_acevec[1]; /* actually, len=acecount */ 9202d09e03SGordon Ross } i_ntacl_t; 9302d09e03SGordon Ross 9402d09e03SGordon Ross /* 9502d09e03SGordon Ross * Internal form of an NT Security Descriptor (SD) 9602d09e03SGordon Ross */ 9702d09e03SGordon Ross typedef struct i_ntsd { 9802d09e03SGordon Ross uint8_t sd_revision; /* 0x01 observed between W2K */ 9902d09e03SGordon Ross uint8_t sd_rmctl; /* resource mgr control (MBZ) */ 10002d09e03SGordon Ross uint16_t sd_flags; 10102d09e03SGordon Ross i_ntsid_t *sd_owner; 10202d09e03SGordon Ross i_ntsid_t *sd_group; 10302d09e03SGordon Ross i_ntacl_t *sd_sacl; 10402d09e03SGordon Ross i_ntacl_t *sd_dacl; 10502d09e03SGordon Ross } i_ntsd_t; 10602d09e03SGordon Ross 10702d09e03SGordon Ross /* 10802d09e03SGordon Ross * Import a raw SD (mb chain) into "internal" form. 10902d09e03SGordon Ross * (like "absolute" form per. NT docs) 11002d09e03SGordon Ross * Returns allocated data in sdp 11102d09e03SGordon Ross */ 11202d09e03SGordon Ross int md_get_ntsd(mdchain_t *mbp, i_ntsd_t **sdp); 11302d09e03SGordon Ross 11402d09e03SGordon Ross /* 11502d09e03SGordon Ross * Export an "internal" SD into an raw SD (mb chain). 11602d09e03SGordon Ross * (a.k.a "self-relative" form per. NT docs) 11702d09e03SGordon Ross * Returns allocated mbchain in mbp. 11802d09e03SGordon Ross */ 11902d09e03SGordon Ross int mb_put_ntsd(mbchain_t *mbp, i_ntsd_t *sd); 12002d09e03SGordon Ross 12102d09e03SGordon Ross /* 12202d09e03SGordon Ross * Convert an internal SD to a ZFS-style ACL. 12302d09e03SGordon Ross * Get uid/gid too if pointers != NULL. 12402d09e03SGordon Ross */ 12502d09e03SGordon Ross #ifdef _KERNEL 12602d09e03SGordon Ross int smbfs_acl_sd2zfs(i_ntsd_t *, vsecattr_t *, uid_t *, gid_t *); 12702d09e03SGordon Ross #else /* _KERNEL */ 128*bd7c6f51SGordon Ross /* See also: lib/libsmbfs/netsmb/smbfs_acl.h */ 129*bd7c6f51SGordon Ross int smbfs_acl_sd2zfs(struct i_ntsd *, acl_t *, uid_t *, gid_t *); 13002d09e03SGordon Ross #endif /* _KERNEL */ 13102d09e03SGordon Ross 13202d09e03SGordon Ross /* 133*bd7c6f51SGordon Ross * Convert a ZFS-style ACL to an internal SD. 134*bd7c6f51SGordon Ross * Set owner/group too if selector indicates. 135*bd7c6f51SGordon Ross * Always need to pass uid+gid, either the new 136*bd7c6f51SGordon Ross * (when setting them) or existing, so that any 137*bd7c6f51SGordon Ross * owner@ or group@ ACEs can be translated. 13802d09e03SGordon Ross */ 13902d09e03SGordon Ross #ifdef _KERNEL 140*bd7c6f51SGordon Ross int smbfs_acl_zfs2sd(vsecattr_t *, uid_t, gid_t, uint32_t, i_ntsd_t **); 14102d09e03SGordon Ross #else /* _KERNEL */ 142*bd7c6f51SGordon Ross /* See also: lib/libsmbfs/netsmb/smbfs_acl.h */ 143*bd7c6f51SGordon Ross int smbfs_acl_zfs2sd(acl_t *, uid_t, gid_t, uint32_t, struct i_ntsd **); 14402d09e03SGordon Ross #endif /* _KERNEL */ 14502d09e03SGordon Ross 14602d09e03SGordon Ross /* 147*bd7c6f51SGordon Ross * Free an i_ntsd_t from md_get_ntsd() or smbfs_acl_zfs2sd(). 148*bd7c6f51SGordon Ross * See also: lib/libsmbfs/netsmb/smbfs_acl.h 14902d09e03SGordon Ross */ 15002d09e03SGordon Ross void smbfs_acl_free_sd(struct i_ntsd *); 15102d09e03SGordon Ross 15202d09e03SGordon Ross /* 15302d09e03SGordon Ross * Convert an NT SID to string format. 15402d09e03SGordon Ross */ 15502d09e03SGordon Ross int smbfs_sid2str(i_ntsid_t *sid, 15602d09e03SGordon Ross char *obuf, size_t olen, uint32_t *ridp); 15702d09e03SGordon Ross 15802d09e03SGordon Ross #endif /* _SMBFS_NTACL_H */ 159