xref: /titanic_52/usr/src/lib/libsmbfs/smb/acl_api.c (revision 8a88157cd7245729dea5d91a5181bb05a80164a8) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * ACL API for smbfs
31  */
32 
33 #include <sys/types.h>
34 #include <sys/errno.h>
35 #include <sys/cred.h>
36 #include <sys/cmn_err.h>
37 #include <sys/kmem.h>
38 #include <sys/sunddi.h>
39 #include <sys/acl.h>
40 #include <sys/vnode.h>
41 #include <sys/vfs.h>
42 #include <sys/byteorder.h>
43 
44 #include <errno.h>
45 #include <stdio.h>
46 #include <strings.h>
47 #include <unistd.h>
48 
49 #include <umem.h>
50 #include <idmap.h>
51 
52 #include <sys/fs/smbfs_ioctl.h>
53 
54 #include <netsmb/smb_lib.h>
55 #include <netsmb/smbfs_acl.h>
56 #include <netsmb/smbfs_isec.h>
57 
58 /* Sanity check SD sizes */
59 #define	MAX_RAW_SD_SIZE	32768
60 
61 /* XXX: acl_common.h */
62 acl_t *acl_alloc(enum acl_type);
63 void acl_free(acl_t *);
64 
65 
66 /*
67  * Get/set a Windows security descriptor (SD)
68  * using the (private) smbfs ioctl mechanism.
69  * Note: Get allocates mbp->mb_top
70  */
71 
72 /* ARGSUSED */
73 int
74 smbfs_acl_iocget(int fd, uint32_t selector, mbdata_t *mbp)
75 {
76 	ioc_sdbuf_t	iocb;
77 	struct mbuf	*m;
78 	int		error;
79 
80 	error = mb_init(mbp, MAX_RAW_SD_SIZE);
81 	if (error)
82 		return (error);
83 
84 	m = mbp->mb_top;
85 	iocb.addr = mtod(m, uintptr_t);
86 	iocb.alloc = m->m_maxlen;
87 	iocb.used = 0;
88 	iocb.selector = selector;
89 
90 	/*
91 	 * This does the OTW Get.
92 	 */
93 	if (ioctl(fd, SMBFSIO_GETSD, &iocb) < 0) {
94 		error = errno;
95 		goto errout;
96 	}
97 
98 	m->m_len = iocb.used;
99 	return (0);
100 
101 errout:
102 	mb_done(mbp);
103 	return (error);
104 }
105 
106 /* ARGSUSED */
107 int
108 smbfs_acl_iocset(int fd, uint32_t selector, mbdata_t *mbp)
109 {
110 	ioc_sdbuf_t	iocb;
111 	struct mbuf	*m;
112 	int		error;
113 
114 	/* Make the data contiguous. */
115 	error = m_lineup(mbp->mb_top, &m);
116 	if (error)
117 		return (error);
118 
119 	if (mbp->mb_top != m)
120 		mb_initm(mbp, m);
121 
122 	iocb.addr = mtod(m, uintptr_t);
123 	iocb.alloc = m->m_maxlen;
124 	iocb.used  = m->m_len;
125 	iocb.selector = selector;
126 
127 	/*
128 	 * This does the OTW Set.
129 	 */
130 	if (ioctl(fd, SMBFSIO_SETSD, &iocb) < 0)
131 		error = errno;
132 
133 	return (error);
134 }
135 
136 /*
137  * Get an NT SD from the open file via ioctl.
138  */
139 int
140 smbfs_acl_getsd(int fd, uint32_t selector, i_ntsd_t **sdp)
141 {
142 	mbdata_t *mbp, mb_store;
143 	int error;
144 
145 	mbp = &mb_store;
146 	bzero(mbp, sizeof (*mbp));
147 
148 	/*
149 	 * Get the raw Windows SD via ioctl.
150 	 * Returns allocated mbchain in mbp.
151 	 */
152 	error = smbfs_acl_iocget(fd, selector, mbp);
153 	if (error == 0) {
154 		/*
155 		 * Import the raw SD into "internal" form.
156 		 * (like "absolute" form per. NT docs)
157 		 * Returns allocated data in sdp
158 		 */
159 		error = mb_get_ntsd(mbp, sdp);
160 	}
161 
162 	mb_done(mbp);
163 	return (error);
164 }
165 
166 /*
167  * Set an NT SD onto the open file via ioctl.
168  */
169 int
170 smbfs_acl_setsd(int fd, uint32_t selector, i_ntsd_t *sd)
171 {
172 	mbdata_t *mbp, mb_store;
173 	int error;
174 
175 	mbp = &mb_store;
176 	mb_init(mbp, M_MINSIZE);
177 
178 	/*
179 	 * Export the "internal" SD into an mb chain.
180 	 * (a.k.a "self-relative" form per. NT docs)
181 	 * Returns allocated mbchain in mbp.
182 	 */
183 	error = mb_put_ntsd(mbp, sd);
184 	if (error == 0) {
185 		/*
186 		 * Set the raw Windows SD via ioctl.
187 		 */
188 		error = smbfs_acl_iocset(fd, selector, mbp);
189 	}
190 
191 	mb_done(mbp);
192 
193 	return (error);
194 }
195 
196 
197 
198 /*
199  * Convenience function to Get security using a
200  * ZFS-style ACL (libsec acl, type=ACE_T)
201  * Intentionally similar to: facl_get(3SEC)
202  */
203 int
204 smbfs_acl_get(int fd, acl_t **aclp, uid_t *uidp, gid_t *gidp)
205 {
206 	i_ntsd_t *sd = NULL;
207 	acl_t *acl = NULL;
208 	uint32_t selector;
209 	int error;
210 
211 	/*
212 	 * Which parts of the SD are being requested?
213 	 * XXX: Should we request the SACL too?  If so,
214 	 * might that cause this access to be denied?
215 	 * Or maybe: if we get access denied, try the
216 	 * open/fetch again without the SACL bit.
217 	 */
218 	selector = 0;
219 	if (aclp)
220 		selector |= DACL_SECURITY_INFORMATION;
221 	if (uidp)
222 		selector |= OWNER_SECURITY_INFORMATION;
223 	if (gidp)
224 		selector |= GROUP_SECURITY_INFORMATION;
225 
226 	if (selector == 0)
227 		return (0);
228 
229 	/*
230 	 * Get the Windows SD via ioctl, in
231 	 * "internal" (absolute) form.
232 	 */
233 	error = smbfs_acl_getsd(fd, selector, &sd);
234 	if (error)
235 		return (error);
236 	/* Note: sd now holds allocated data. */
237 
238 	/*
239 	 * Convert the internal SD to a ZFS ACL.
240 	 * Get uid/gid too if pointers != NULL.
241 	 */
242 	if (aclp) {
243 		acl = acl_alloc(ACE_T);
244 		if (acl == NULL) {
245 			error = ENOMEM;
246 			goto out;
247 		}
248 	}
249 	error = smbfs_acl_sd2zfs(sd, acl, uidp, gidp);
250 	if (error)
251 		goto out;
252 
253 	/* Success! */
254 	if (aclp) {
255 		*aclp = acl;
256 		acl = NULL;
257 	}
258 
259 out:
260 	if (acl)
261 		acl_free(acl);
262 	smbfs_acl_free_sd(sd);
263 	return (error);
264 }
265 
266 /*
267  * Convenience function to Set security using a
268  * ZFS-style ACL (libsec acl, type=ACE_T)
269  * Intentionally similar to: facl_set(3SEC)
270  */
271 int
272 smbfs_acl_set(int fd, acl_t *acl, uid_t uid, gid_t gid)
273 {
274 	i_ntsd_t *sd = NULL;
275 	uint32_t selector;
276 	int error;
277 
278 	/*
279 	 * Which parts of the SD are being modified?
280 	 * XXX: Ditto comments above re. SACL.
281 	 */
282 	selector = 0;
283 	if (acl)
284 		selector |= DACL_SECURITY_INFORMATION;
285 	if (uid != (uid_t)-1)
286 		selector |= OWNER_SECURITY_INFORMATION;
287 	if (gid != (gid_t)-1)
288 		selector |= GROUP_SECURITY_INFORMATION;
289 	if (selector == 0)
290 		return (0);
291 
292 	if (acl && acl->acl_type != ACE_T)
293 		return (EINVAL);
294 
295 	/*
296 	 * Convert the ZFS ACL to an internal SD.
297 	 * Returns allocated data in sd
298 	 */
299 	error = smbfs_acl_zfs2sd(acl, uid, gid, &sd);
300 	if (error == 0)
301 		error = smbfs_acl_setsd(fd, selector, sd);
302 
303 	smbfs_acl_free_sd(sd);
304 
305 	return (error);
306 }
307