xref: /titanic_52/usr/src/uts/common/fs/smbsrv/smb_acl.c (revision c1c61f44e88f4c8c155272ee56d868043146096a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <sys/acl.h>
29 #include <acl/acl_common.h>
30 #include <smbsrv/ntsid.h>
31 #include <smbsrv/smb_fsops.h>
32 #include <smbsrv/smb_idmap.h>
33 #include <smbsrv/smb_kproto.h>
34 #include <smbsrv/ntstatus.h>
35 #include <smbsrv/ntaccess.h>
36 
37 #define	ACE_FD_INHERIT_ACE (ACE_FILE_INHERIT_ACE | ACE_DIRECTORY_INHERIT_ACE)
38 
39 #define	ZACE_IS_OWNER(zace) ((zace->a_flags & ACE_TYPE_FLAGS) == ACE_OWNER)
40 #define	ZACE_IS_OWNGRP(zace) \
41 	((zace->a_flags & ACE_TYPE_FLAGS) == (ACE_IDENTIFIER_GROUP|ACE_GROUP))
42 
43 #define	ZACE_IS_USER(zace) \
44 	(((zace->a_flags & ACE_TYPE_FLAGS) == 0) || (ZACE_IS_OWNER(zace)))
45 #define	ZACE_IS_GROUP(zace) (zace->a_flags & ACE_IDENTIFIER_GROUP)
46 #define	ZACE_IS_EVERYONE(zace) (zace->a_flags & ACE_EVERYONE)
47 
48 #define	ZACE_IS_PROPAGATE(zace) \
49 	((zace->a_flags & ACE_NO_PROPAGATE_INHERIT_ACE) == 0)
50 
51 #define	ZACE_IS_CREATOR_OWNER(zace) \
52 	(ZACE_IS_USER(zace) && (zace->a_who == IDMAP_WK_CREATOR_OWNER_UID))
53 
54 #define	ZACE_IS_CREATOR_GROUP(zace) \
55 	(ZACE_IS_GROUP(zace) && (zace->a_who == IDMAP_WK_CREATOR_GROUP_GID))
56 
57 #define	ZACE_IS_CREATOR(zace) \
58 	(ZACE_IS_CREATOR_OWNER(zace) || ZACE_IS_CREATOR_GROUP(zace))
59 
60 /*
61  * ACE groups within a DACL
62  *
63  * This is from lower to higher ACE order priority
64  */
65 #define	SMB_AG_START		0
66 #define	SMB_AG_ALW_INHRT	0
67 #define	SMB_AG_DNY_INHRT	1
68 #define	SMB_AG_ALW_DRCT		2
69 #define	SMB_AG_DNY_DRCT		3
70 #define	SMB_AG_NUM		4
71 
72 /*
73  * SID for Everyone group: S-1-1-0.
74  */
75 nt_sid_t everyone_sid = {
76 	NT_SID_REVISION,
77 	1,
78 	NT_SECURITY_WORLD_AUTH,
79 	{ 0 }
80 };
81 
82 #define	DEFAULT_DACL_ACENUM	2
83 /*
84  * Default ACL:
85  *    owner: full access
86  *    SYSTEM: full access
87  */
88 static ace_t default_dacl[DEFAULT_DACL_ACENUM] = {
89 	{ (uid_t)-1, ACE_ALL_PERMS, 0, ACE_ACCESS_ALLOWED_ACE_TYPE },
90 	{ IDMAP_WK_LOCAL_SYSTEM_GID, ACE_ALL_PERMS, ACE_IDENTIFIER_GROUP,
91 	    ACE_ACCESS_ALLOWED_ACE_TYPE }
92 };
93 
94 /*
95  * Note:
96  *
97  * smb_acl_xxx functions work with smb_acl_t which represents the CIFS format
98  * smb_fsacl_xxx functions work with acl_t which represents the Solaris native
99  * format
100  */
101 
102 static idmap_stat smb_acl_getsids(smb_idmap_batch_t *, acl_t *, uid_t, gid_t);
103 static acl_t *smb_acl_null_empty(boolean_t null);
104 
105 static int smb_fsacl_inheritable(acl_t *, int);
106 
107 
108 static void smb_ace_inherit(ace_t *, ace_t *, int);
109 static boolean_t smb_ace_isvalid(smb_ace_t *, int);
110 static uint16_t smb_ace_len(smb_ace_t *);
111 static uint32_t smb_ace_mask_g2s(uint32_t);
112 static uint16_t smb_ace_flags_tozfs(uint8_t, int);
113 static uint8_t smb_ace_flags_fromzfs(uint16_t);
114 
115 smb_acl_t *
116 smb_acl_alloc(uint8_t revision, uint16_t bsize, uint16_t acecnt)
117 {
118 	smb_acl_t *acl;
119 	int size;
120 
121 	size = sizeof (smb_acl_t) + (acecnt * sizeof (smb_ace_t));
122 	acl = kmem_zalloc(size, KM_SLEEP);
123 	acl->sl_revision = revision;
124 	acl->sl_bsize = bsize;
125 	acl->sl_acecnt = acecnt;
126 	acl->sl_aces = (smb_ace_t *)(acl + 1);
127 
128 	list_create(&acl->sl_sorted, sizeof (smb_ace_t),
129 	    offsetof(smb_ace_t, se_sln));
130 	return (acl);
131 }
132 
133 void
134 smb_acl_free(smb_acl_t *acl)
135 {
136 	int i, size;
137 	void *ace;
138 
139 	if (acl == NULL)
140 		return;
141 
142 	for (i = 0; i < acl->sl_acecnt; i++) {
143 		MEM_FREE("smbsrv", acl->sl_aces[i].se_sid);
144 	}
145 
146 	while ((ace = list_head(&acl->sl_sorted)) != NULL)
147 		list_remove(&acl->sl_sorted, ace);
148 	list_destroy(&acl->sl_sorted);
149 
150 	size = sizeof (smb_acl_t) + (acl->sl_acecnt * sizeof (smb_ace_t));
151 	kmem_free(acl, size);
152 }
153 
154 /*
155  * smb_acl_len
156  *
157  * Returns the size of given ACL in bytes. Note that this
158  * is not an in-memory size, it's the ACL's size as it would
159  * appear on the wire
160  */
161 uint16_t
162 smb_acl_len(smb_acl_t *acl)
163 {
164 	if (acl == NULL)
165 		return (0);
166 
167 	return (acl->sl_bsize);
168 }
169 
170 boolean_t
171 smb_acl_isvalid(smb_acl_t *acl, int which_acl)
172 {
173 	int i;
174 
175 	if (acl->sl_bsize < SMB_ACL_HDRSIZE)
176 		return (B_FALSE);
177 
178 	if (acl->sl_revision != ACL_REVISION) {
179 		/*
180 		 * we are rejecting ACLs with object-specific ACEs for now
181 		 */
182 		return (B_FALSE);
183 	}
184 
185 	for (i = 0; i < acl->sl_acecnt; i++) {
186 		if (!smb_ace_isvalid(&acl->sl_aces[i], which_acl))
187 			return (B_FALSE);
188 	}
189 
190 	return (B_TRUE);
191 }
192 
193 /*
194  * smb_acl_sort
195  *
196  * Sorts the given ACL in place if it needs to be sorted.
197  *
198  * The following is an excerpt from MSDN website.
199  *
200  * Order of ACEs in a DACL
201  *
202  * For Windows NT versions 4.0 and earlier, the preferred order of ACEs
203  * is simple: In a DACL, all access-denied ACEs should precede any
204  * access-allowed ACEs.
205  *
206  * For Windows 2000 or later, the proper order of ACEs is more complicated
207  * because of the introduction of object-specific ACEs and automatic
208  * inheritance.
209  *
210  * The following describes the preferred order:
211  *
212  * To ensure that noninherited ACEs have precedence over inherited ACEs,
213  * place all noninherited ACEs in a group before any inherited ACEs. This
214  * ordering ensures, for example, that a noninherited access-denied ACE
215  * is enforced regardless of any inherited ACE that allows access.
216  * Within the groups of noninherited ACEs and inherited ACEs, order ACEs
217  * according to ACE type, as the following shows:
218  * 	. Access-denied ACEs that apply to the object itself
219  * 	. Access-denied ACEs that apply to a subobject of the
220  *	  object, such as a property set or property
221  * 	. Access-allowed ACEs that apply to the object itself
222  * 	. Access-allowed ACEs that apply to a subobject of the object
223  *
224  * So, here is the desired ACE order
225  *
226  * deny-direct, allow-direct, deny-inherited, allow-inherited
227  *
228  * Of course, not all ACE types are required in an ACL.
229  */
230 void
231 smb_acl_sort(smb_acl_t *acl)
232 {
233 	list_t ace_grps[SMB_AG_NUM];
234 	list_t *alist;
235 	smb_ace_t *ace;
236 	uint8_t ace_flags;
237 	int ag, i;
238 
239 	ASSERT(acl);
240 
241 	if (acl->sl_acecnt == 0) {
242 		/*
243 		 * ACL with no entry is a valid ACL and it means
244 		 * no access for anybody.
245 		 */
246 		return;
247 	}
248 
249 	for (i = SMB_AG_START; i < SMB_AG_NUM; i++) {
250 		list_create(&ace_grps[i], sizeof (smb_ace_t),
251 		    offsetof(smb_ace_t, se_sln));
252 	}
253 
254 	for (i = 0, ace = acl->sl_aces; i < acl->sl_acecnt; ++i, ace++) {
255 		ace_flags = ace->se_hdr.se_flags;
256 
257 		switch (ace->se_hdr.se_type) {
258 		case ACCESS_DENIED_ACE_TYPE:
259 			ag = (ace_flags & INHERITED_ACE) ?
260 			    SMB_AG_DNY_INHRT : SMB_AG_DNY_DRCT;
261 			break;
262 
263 		case ACCESS_ALLOWED_ACE_TYPE:
264 			ag = (ace_flags & INHERITED_ACE) ?
265 			    SMB_AG_ALW_INHRT : SMB_AG_ALW_DRCT;
266 			break;
267 
268 		default:
269 			/*
270 			 * This is the lowest priority group so we put
271 			 * evertything unknown here.
272 			 */
273 			ag = SMB_AG_ALW_INHRT;
274 			break;
275 		}
276 
277 		/* Add the ACE to the selected group */
278 		list_insert_tail(&ace_grps[ag], ace);
279 	}
280 
281 	/*
282 	 * start with highest priority ACE group and append
283 	 * the ACEs to the ACL.
284 	 */
285 	for (i = SMB_AG_NUM - 1; i >= SMB_AG_START; i--) {
286 		alist = &ace_grps[i];
287 		while ((ace = list_head(alist)) != NULL) {
288 			list_remove(alist, ace);
289 			list_insert_tail(&acl->sl_sorted, ace);
290 		}
291 		list_destroy(alist);
292 	}
293 }
294 
295 /*
296  * smb_acl_from_zfs
297  *
298  * Converts given ZFS ACL to a Windows ACL.
299  *
300  * A pointer to allocated memory for the Win ACL will be
301  * returned upon successful conversion.
302  */
303 smb_acl_t *
304 smb_acl_from_zfs(acl_t *zacl, uid_t uid, gid_t gid)
305 {
306 	ace_t *zace;
307 	int numaces;
308 	smb_acl_t *acl;
309 	smb_ace_t *ace;
310 	smb_idmap_batch_t sib;
311 	smb_idmap_t *sim;
312 	idmap_stat idm_stat;
313 
314 	idm_stat = smb_idmap_batch_create(&sib, zacl->acl_cnt,
315 	    SMB_IDMAP_ID2SID);
316 	if (idm_stat != IDMAP_SUCCESS)
317 		return (NULL);
318 
319 	if (smb_acl_getsids(&sib, zacl, uid, gid) != IDMAP_SUCCESS) {
320 		smb_idmap_batch_destroy(&sib);
321 		return (NULL);
322 	}
323 
324 	acl = smb_acl_alloc(ACL_REVISION, SMB_ACL_HDRSIZE, zacl->acl_cnt);
325 
326 	sim = sib.sib_maps;
327 	for (numaces = 0, zace = zacl->acl_aclp;
328 	    numaces < zacl->acl_cnt;
329 	    zace++, numaces++, sim++) {
330 		ASSERT(sim->sim_sid);
331 		if (sim->sim_sid == NULL) {
332 			smb_acl_free(acl);
333 			acl = NULL;
334 			break;
335 		}
336 
337 		ace = &acl->sl_aces[numaces];
338 		ace->se_hdr.se_type = zace->a_type;
339 		ace->se_hdr.se_flags = smb_ace_flags_fromzfs(zace->a_flags);
340 		ace->se_mask = zace->a_access_mask;
341 		ace->se_sid = nt_sid_dup(sim->sim_sid);
342 		ace->se_hdr.se_bsize = smb_ace_len(ace);
343 
344 		acl->sl_bsize += ace->se_hdr.se_bsize;
345 	}
346 
347 	smb_idmap_batch_destroy(&sib);
348 	return (acl);
349 }
350 
351 /*
352  * smb_acl_to_zfs
353  *
354  * Converts given Windows ACL to a ZFS ACL.
355  *
356  * fs_acl will contain a pointer to the created ZFS ACL.
357  * The allocated memory should be freed by calling
358  * smb_fsacl_free().
359  *
360  * Since the output parameter, fs_acl, is allocated in this
361  * function, the caller has to make sure *fs_acl is NULL which
362  * means it's not pointing to any memory.
363  */
364 uint32_t
365 smb_acl_to_zfs(smb_acl_t *acl, uint32_t flags, int which_acl, acl_t **fs_acl)
366 {
367 	smb_ace_t *ace;
368 	acl_t *zacl;
369 	ace_t *zace;
370 	smb_idmap_batch_t sib;
371 	smb_idmap_t *sim;
372 	idmap_stat idm_stat;
373 	int i, isdir;
374 
375 	ASSERT(fs_acl);
376 	ASSERT(*fs_acl == NULL);
377 
378 	if (acl && !smb_acl_isvalid(acl, which_acl))
379 		return (NT_STATUS_INVALID_ACL);
380 
381 	if ((acl == NULL) || (acl->sl_acecnt == 0)) {
382 		if (which_acl == SMB_DACL_SECINFO) {
383 			*fs_acl = smb_acl_null_empty(acl == NULL);
384 		}
385 
386 		return (NT_STATUS_SUCCESS);
387 	}
388 
389 	idm_stat = smb_idmap_batch_create(&sib, acl->sl_acecnt,
390 	    SMB_IDMAP_SID2ID);
391 	if (idm_stat != IDMAP_SUCCESS)
392 		return (NT_STATUS_INTERNAL_ERROR);
393 
394 	isdir = ((flags & ACL_IS_DIR) == ACL_IS_DIR);
395 
396 	zacl = smb_fsacl_alloc(acl->sl_acecnt, flags);
397 
398 	zace = zacl->acl_aclp;
399 	ace = acl->sl_aces;
400 	sim = sib.sib_maps;
401 
402 	for (i = 0; i < acl->sl_acecnt; i++, zace++, ace++, sim++) {
403 		zace->a_type = ace->se_hdr.se_type & ACE_ALL_TYPES;
404 		zace->a_access_mask = smb_ace_mask_g2s(ace->se_mask);
405 		zace->a_flags = smb_ace_flags_tozfs(ace->se_hdr.se_flags,
406 		    isdir);
407 
408 		if (nt_sid_is_equal(ace->se_sid, &everyone_sid))
409 			zace->a_flags |= ACE_EVERYONE;
410 		else {
411 			sim->sim_id = &zace->a_who;
412 			idm_stat = smb_idmap_batch_getid(sib.sib_idmaph, sim,
413 			    ace->se_sid, -1);
414 
415 			if (idm_stat != IDMAP_SUCCESS) {
416 				smb_fsacl_free(zacl);
417 				smb_idmap_batch_destroy(&sib);
418 				return (NT_STATUS_INTERNAL_ERROR);
419 			}
420 		}
421 	}
422 
423 	idm_stat = smb_idmap_batch_getmappings(&sib);
424 	if (idm_stat != IDMAP_SUCCESS) {
425 		smb_fsacl_free(zacl);
426 		smb_idmap_batch_destroy(&sib);
427 		return (NT_STATUS_NONE_MAPPED);
428 	}
429 
430 	/*
431 	 * Set the ACEs group flag based on the type of ID returned.
432 	 */
433 	zace = zacl->acl_aclp;
434 	ace = acl->sl_aces;
435 	sim = sib.sib_maps;
436 	for (i = 0; i < acl->sl_acecnt; i++, zace++, ace++, sim++) {
437 		if (zace->a_flags & ACE_EVERYONE)
438 			continue;
439 
440 		if (sim->sim_idtype == SMB_IDMAP_GROUP)
441 			zace->a_flags |= ACE_IDENTIFIER_GROUP;
442 	}
443 
444 	smb_idmap_batch_destroy(&sib);
445 
446 	*fs_acl = zacl;
447 	return (NT_STATUS_SUCCESS);
448 }
449 
450 /*
451  * smb_acl_getsids
452  *
453  * Batch all the uid/gid in given ZFS ACL to get their corresponding SIDs.
454  */
455 static idmap_stat
456 smb_acl_getsids(smb_idmap_batch_t *sib, acl_t *zacl, uid_t uid, gid_t gid)
457 {
458 	ace_t *zace;
459 	idmap_stat idm_stat;
460 	smb_idmap_t *sim;
461 	uid_t id;
462 	int i, idtype;
463 
464 	sim = sib->sib_maps;
465 
466 	for (i = 0, zace = zacl->acl_aclp; i < zacl->acl_cnt;
467 	    zace++, i++, sim++) {
468 		switch (zace->a_flags & ACE_TYPE_FLAGS) {
469 		case ACE_OWNER:
470 			id = uid;
471 			idtype = SMB_IDMAP_USER;
472 			break;
473 
474 		case (ACE_GROUP | ACE_IDENTIFIER_GROUP):
475 			/* owning group */
476 			id = gid;
477 			idtype = SMB_IDMAP_GROUP;
478 			break;
479 
480 		case ACE_IDENTIFIER_GROUP:
481 			/* regular group */
482 			id = zace->a_who;
483 			idtype = SMB_IDMAP_GROUP;
484 			break;
485 
486 		case ACE_EVERYONE:
487 			idtype = SMB_IDMAP_EVERYONE;
488 			break;
489 
490 		default:
491 			/* user entry */
492 			id = zace->a_who;
493 			idtype = SMB_IDMAP_USER;
494 		}
495 
496 		idm_stat = smb_idmap_batch_getsid(sib->sib_idmaph, sim,
497 		    id, idtype);
498 
499 		if (idm_stat != IDMAP_SUCCESS) {
500 			return (idm_stat);
501 		}
502 	}
503 
504 	idm_stat = smb_idmap_batch_getmappings(sib);
505 	return (idm_stat);
506 }
507 
508 /*
509  * smb_acl_null_empty
510  *
511  * NULL DACL means everyone full-access
512  * Empty DACL means everyone full-deny
513  *
514  * ZFS ACL must have at least one entry so smb server has
515  * to simulate the aforementioned expected behavior by adding
516  * an entry in case the requested DACL is null or empty. Adding
517  * a everyone full-deny entry has proved to be problematic in
518  * tests since a deny entry takes precedence over allow entries.
519  * So, instead of adding a everyone full-deny, an owner ACE with
520  * owner implicit permissions will be set.
521  */
522 static acl_t *
523 smb_acl_null_empty(boolean_t null)
524 {
525 	acl_t *zacl;
526 	ace_t *zace;
527 
528 	zacl = smb_fsacl_alloc(1, ACL_AUTO_INHERIT);
529 	zace = zacl->acl_aclp;
530 
531 	zace->a_type = ACE_ACCESS_ALLOWED_ACE_TYPE;
532 	if (null) {
533 		zace->a_access_mask = ACE_ALL_PERMS;
534 		zace->a_flags = ACE_EVERYONE;
535 	} else {
536 		zace->a_access_mask = ACE_READ_ACL | ACE_WRITE_ACL |
537 		    ACE_READ_ATTRIBUTES;
538 		zace->a_flags = ACE_OWNER;
539 	}
540 
541 	return (zacl);
542 }
543 
544 /*
545  * FS ACL (acl_t) Functions
546  */
547 acl_t *
548 smb_fsacl_alloc(int acenum, int flags)
549 {
550 	acl_t *acl;
551 
552 	acl = acl_alloc(ACE_T);
553 	acl->acl_cnt = acenum;
554 	acl->acl_aclp = kmem_zalloc(acl->acl_entry_size * acenum, KM_SLEEP);
555 	acl->acl_flags = flags;
556 	return (acl);
557 }
558 
559 void
560 smb_fsacl_free(acl_t *acl)
561 {
562 	if (acl)
563 		acl_free(acl);
564 }
565 
566 /*
567  * smb_fsop_aclmerge
568  *
569  * smb_fsop_aclread/write routines which interact with filesystem
570  * work with single ACL. This routine merges given DACL and SACL
571  * which might have been created during CIFS to FS conversion into
572  * one single ACL.
573  */
574 acl_t *
575 smb_fsacl_merge(acl_t *dacl, acl_t *sacl)
576 {
577 	acl_t *acl;
578 	int dacl_size;
579 
580 	ASSERT(dacl);
581 	ASSERT(sacl);
582 
583 	acl = smb_fsacl_alloc(dacl->acl_cnt + sacl->acl_cnt, dacl->acl_flags);
584 	dacl_size = dacl->acl_cnt * dacl->acl_entry_size;
585 	bcopy(dacl->acl_aclp, acl->acl_aclp, dacl_size);
586 	bcopy(sacl->acl_aclp, (char *)acl->acl_aclp + dacl_size,
587 	    sacl->acl_cnt * sacl->acl_entry_size);
588 
589 	return (acl);
590 }
591 
592 /*
593  * smb_fsacl_split
594  *
595  * splits the given ACE_T ACL (zacl) to one or two ACLs (DACL/SACL) based on
596  * the 'which_acl' parameter. Note that output dacl/sacl parameters could be
597  * NULL even if they're specified in 'which_acl', which means the target
598  * doesn't have any access and/or audit ACEs.
599  */
600 void
601 smb_fsacl_split(acl_t *zacl, acl_t **dacl, acl_t **sacl, int which_acl)
602 {
603 	ace_t *zace;
604 	ace_t *access_ace;
605 	ace_t *audit_ace;
606 	int naccess, naudit;
607 	int get_dacl, get_sacl;
608 	int i;
609 
610 	*dacl = *sacl = NULL;
611 	naccess = naudit = 0;
612 	get_dacl = (which_acl & SMB_DACL_SECINFO);
613 	get_sacl = (which_acl & SMB_SACL_SECINFO);
614 
615 	for (i = 0, zace = zacl->acl_aclp; i < zacl->acl_cnt; zace++, i++) {
616 		if (get_dacl && smb_ace_is_access(zace->a_type))
617 			naccess++;
618 		else if (get_sacl && smb_ace_is_audit(zace->a_type))
619 			naudit++;
620 	}
621 
622 	if (naccess) {
623 		*dacl = smb_fsacl_alloc(naccess, zacl->acl_flags);
624 		access_ace = (*dacl)->acl_aclp;
625 	}
626 
627 	if (naudit) {
628 		*sacl = smb_fsacl_alloc(naudit, zacl->acl_flags);
629 		audit_ace = (*sacl)->acl_aclp;
630 	}
631 
632 	for (i = 0, zace = zacl->acl_aclp; i < zacl->acl_cnt; zace++, i++) {
633 		if (get_dacl && smb_ace_is_access(zace->a_type)) {
634 			*access_ace = *zace;
635 			access_ace++;
636 		} else if (get_sacl && smb_ace_is_audit(zace->a_type)) {
637 			*audit_ace = *zace;
638 			audit_ace++;
639 		}
640 	}
641 }
642 
643 /*
644  * ACE Inheritance Rules
645  *
646  * The system propagates inheritable ACEs to child objects according to a
647  * set of inheritance rules. The system places inherited ACEs in the child's
648  * DACL according to the preferred order of ACEs in a DACL. For Windows
649  * 2000 or later, the system sets the INHERITED_ACE flag in all inherited ACEs.
650  *
651  * The following table shows the ACEs inherited by container and noncontainer
652  * child objects for different combinations of inheritance flags. These
653  * inheritance rules work the same for both DACLs and SACLs.
654  *
655  * Parent ACE type 			Effect on Child ACL
656  * -----------------------		-------------------
657  * OBJECT_INHERIT_ACE only 		Noncontainer child objects:
658  *					Inherited as an effective ACE.
659  *					Container child objects:
660  *					Containers inherit an inherit-only ACE
661  *					unless the NO_PROPAGATE_INHERIT_ACE bit
662  *					flag is also set.
663  *
664  * CONTAINER_INHERIT_ACE only 		Noncontainer child objects:
665  *					No effect on the child object.
666  *					Container child objects:
667  *				The child object inherits an effective ACE.
668  *				The inherited ACE is inheritable unless the
669  *				NO_PROPAGATE_INHERIT_ACE bit flag is also set.
670  *
671  * CONTAINER_INHERIT_ACE and
672  * OBJECT_INHERIT_ACE 			Noncontainer child objects:
673  *					Inherited as an effective ACE.
674  *					Container child objects:
675  *				The child object inherits an effective ACE.
676  *				The inherited ACE is inheritable unless the
677  *				NO_PROPAGATE_INHERIT_ACE bit flag is also set
678  *
679  * No inheritance flags set 	No effect on child container or noncontainer
680  *				objects.
681  *
682  * If an inherited ACE is an effective ACE for the child object, the system
683  * maps any generic rights to the specific rights for the child object.
684  * Similarly, the system maps generic SIDs, such as CREATOR_OWNER, to the
685  * appropriate SID. If an inherited ACE is an inherit-only ACE, any generic
686  * rights or generic SIDs are left unchanged so that they can be mapped
687  * appropriately when the ACE is inherited by the next generation of child
688  * objects.
689  *
690  * For a case in which a container object inherits an ACE that is both
691  * effective on the container and inheritable by its descendants, the
692  * container may inherit two ACEs. This occurs if the inheritable ACE
693  * contains generic information. The container inherits an inherit-only
694  * ACE containing the generic information and an effective-only ACE in
695  * which the generic information has been mapped.
696  */
697 
698 /*
699  * smb_fsacl_inherit
700  *
701  * Manufacture the inherited ACL from the given ACL considering
702  * the new object type (file/dir) specified by 'is_dir'. The
703  * returned ACL is used in smb_fsop_create/smb_fsop_mkdir functions.
704  * This function implements Windows inheritance rules explained above.
705  *
706  * Note that the in/out ACLs are ZFS ACLs not Windows ACLs
707  */
708 acl_t *
709 smb_fsacl_inherit(acl_t *dir_zacl, int is_dir, int which_acl, uid_t owner_uid)
710 {
711 	boolean_t use_default = B_FALSE;
712 	int num_inheritable = 0;
713 	int numaces;
714 	ace_t *dir_zace;
715 	acl_t *new_zacl;
716 	ace_t *new_zace;
717 
718 	num_inheritable = smb_fsacl_inheritable(dir_zacl, is_dir);
719 
720 	if (num_inheritable == 0) {
721 		if (which_acl == SMB_DACL_SECINFO) {
722 			/* No inheritable access ACEs -> default DACL */
723 			num_inheritable = DEFAULT_DACL_ACENUM;
724 			use_default = B_TRUE;
725 		} else {
726 			return (NULL);
727 		}
728 	}
729 
730 	new_zacl = smb_fsacl_alloc(num_inheritable, ACL_AUTO_INHERIT);
731 	new_zace = new_zacl->acl_aclp;
732 
733 	if (use_default) {
734 		bcopy(default_dacl, new_zacl->acl_aclp, sizeof (default_dacl));
735 		new_zace->a_who = owner_uid;
736 		return (new_zacl);
737 	}
738 
739 	for (numaces = 0, dir_zace = dir_zacl->acl_aclp;
740 	    numaces < dir_zacl->acl_cnt;
741 	    dir_zace++, numaces++) {
742 		switch (dir_zace->a_flags & ACE_FD_INHERIT_ACE) {
743 		case (ACE_FILE_INHERIT_ACE | ACE_DIRECTORY_INHERIT_ACE):
744 			/*
745 			 * Files inherit an effective ACE.
746 			 *
747 			 * Dirs inherit an effective ACE.
748 			 * The inherited ACE is inheritable unless the
749 			 * ACE_NO_PROPAGATE_INHERIT_ACE bit flag is also set
750 			 */
751 			smb_ace_inherit(dir_zace, new_zace, is_dir);
752 			new_zace++;
753 
754 			if (is_dir && ZACE_IS_CREATOR(dir_zace) &&
755 			    (ZACE_IS_PROPAGATE(dir_zace))) {
756 				*new_zace = *dir_zace;
757 				new_zace->a_flags |= (ACE_INHERIT_ONLY_ACE |
758 				    ACE_INHERITED_ACE);
759 				new_zace++;
760 			}
761 			break;
762 
763 		case ACE_FILE_INHERIT_ACE:
764 			/*
765 			 * Files inherit as an effective ACE.
766 			 *
767 			 * Dirs inherit an inherit-only ACE
768 			 * unless the ACE_NO_PROPAGATE_INHERIT_ACE bit
769 			 * flag is also set.
770 			 */
771 			if (is_dir == 0) {
772 				smb_ace_inherit(dir_zace, new_zace, is_dir);
773 				new_zace++;
774 			} else if (ZACE_IS_PROPAGATE(dir_zace)) {
775 				*new_zace = *dir_zace;
776 				new_zace->a_flags |= (ACE_INHERIT_ONLY_ACE |
777 				    ACE_INHERITED_ACE);
778 				new_zace++;
779 			}
780 			break;
781 
782 		case ACE_DIRECTORY_INHERIT_ACE:
783 			/*
784 			 * No effect on files
785 			 *
786 			 * Dirs inherit an effective ACE.
787 			 * The inherited ACE is inheritable unless the
788 			 * ACE_NO_PROPAGATE_INHERIT_ACE bit flag is also set.
789 			 */
790 			if (is_dir == 0)
791 				break;
792 
793 			smb_ace_inherit(dir_zace, new_zace, is_dir);
794 			new_zace++;
795 
796 			if (ZACE_IS_CREATOR(dir_zace) &&
797 			    (ZACE_IS_PROPAGATE(dir_zace))) {
798 				*new_zace = *dir_zace;
799 				new_zace->a_flags |= (ACE_INHERIT_ONLY_ACE |
800 				    ACE_INHERITED_ACE);
801 				new_zace++;
802 			}
803 
804 			break;
805 
806 		default:
807 			break;
808 		}
809 	}
810 
811 	return (new_zacl);
812 }
813 
814 /*
815  * smb_fsacl_from_vsa
816  *
817  * Converts given vsecattr_t structure to a acl_t structure.
818  *
819  * The allocated memory for retuned acl_t should be freed by
820  * calling acl_free().
821  */
822 acl_t *
823 smb_fsacl_from_vsa(vsecattr_t *vsecattr, acl_type_t acl_type)
824 {
825 	int		aclbsize = 0;	/* size of acl list in bytes */
826 	int		dfaclbsize = 0;	/* size of default acl list in bytes */
827 	int		numacls;
828 	acl_t		*acl_info;
829 
830 	ASSERT(vsecattr);
831 
832 	acl_info = acl_alloc(acl_type);
833 	if (acl_info == NULL)
834 		return (NULL);
835 
836 	acl_info->acl_flags = 0;
837 
838 	switch (acl_type) {
839 
840 	case ACLENT_T:
841 		numacls = vsecattr->vsa_aclcnt + vsecattr->vsa_dfaclcnt;
842 		aclbsize = vsecattr->vsa_aclcnt * sizeof (aclent_t);
843 		dfaclbsize = vsecattr->vsa_dfaclcnt * sizeof (aclent_t);
844 
845 		acl_info->acl_cnt = numacls;
846 		acl_info->acl_aclp = kmem_alloc(aclbsize + dfaclbsize,
847 		    KM_SLEEP);
848 		(void) memcpy(acl_info->acl_aclp, vsecattr->vsa_aclentp,
849 		    aclbsize);
850 		(void) memcpy((char *)acl_info->acl_aclp + aclbsize,
851 		    vsecattr->vsa_dfaclentp, dfaclbsize);
852 
853 		if (acl_info->acl_cnt <= MIN_ACL_ENTRIES)
854 			acl_info->acl_flags |= ACL_IS_TRIVIAL;
855 
856 		break;
857 
858 	case ACE_T:
859 		aclbsize = vsecattr->vsa_aclcnt * sizeof (ace_t);
860 		acl_info->acl_cnt = vsecattr->vsa_aclcnt;
861 		acl_info->acl_flags = vsecattr->vsa_aclflags;
862 		acl_info->acl_aclp = kmem_alloc(aclbsize, KM_SLEEP);
863 		(void) memcpy(acl_info->acl_aclp, vsecattr->vsa_aclentp,
864 		    aclbsize);
865 		if (ace_trivial(acl_info->acl_aclp, acl_info->acl_cnt) == 0)
866 			acl_info->acl_flags |= ACL_IS_TRIVIAL;
867 
868 		break;
869 
870 	default:
871 		acl_free(acl_info);
872 		return (NULL);
873 	}
874 
875 	if (aclbsize && vsecattr->vsa_aclentp)
876 		kmem_free(vsecattr->vsa_aclentp, aclbsize);
877 	if (dfaclbsize && vsecattr->vsa_dfaclentp)
878 		kmem_free(vsecattr->vsa_dfaclentp, dfaclbsize);
879 
880 	return (acl_info);
881 }
882 
883 /*
884  * smb_fsacl_to_vsa
885  *
886  * Converts given acl_t structure to a vsecattr_t structure.
887  *
888  * IMPORTANT:
889  * Upon successful return the memory allocated for vsa_aclentp
890  * should be freed by calling kmem_free(). The size is returned
891  * in aclbsize.
892  */
893 int
894 smb_fsacl_to_vsa(acl_t *acl_info, vsecattr_t *vsecattr, int *aclbsize)
895 {
896 	int		error = 0;
897 	int		numacls;
898 	aclent_t	*aclp;
899 
900 	ASSERT(acl_info);
901 	ASSERT(vsecattr);
902 	ASSERT(aclbsize);
903 
904 	bzero(vsecattr, sizeof (vsecattr_t));
905 	*aclbsize = 0;
906 
907 	switch (acl_info->acl_type) {
908 	case ACLENT_T:
909 		numacls = acl_info->acl_cnt;
910 		/*
911 		 * Minimum ACL size is three entries so might as well
912 		 * bail out here.  Also limit request size to prevent user
913 		 * from allocating too much kernel memory.  Maximum size
914 		 * is MAX_ACL_ENTRIES for the ACL part and MAX_ACL_ENTRIES
915 		 * for the default ACL part.
916 		 */
917 		if (numacls < 3 || numacls > (MAX_ACL_ENTRIES * 2)) {
918 			error = EINVAL;
919 			break;
920 		}
921 
922 		vsecattr->vsa_mask = VSA_ACL;
923 
924 		vsecattr->vsa_aclcnt = numacls;
925 		*aclbsize = numacls * sizeof (aclent_t);
926 		vsecattr->vsa_aclentp = kmem_alloc(*aclbsize, KM_SLEEP);
927 		(void) memcpy(vsecattr->vsa_aclentp, acl_info->acl_aclp,
928 		    *aclbsize);
929 
930 		/* Sort the acl list */
931 		ksort((caddr_t)vsecattr->vsa_aclentp,
932 		    vsecattr->vsa_aclcnt, sizeof (aclent_t), cmp2acls);
933 
934 		/* Break into acl and default acl lists */
935 		for (numacls = 0, aclp = vsecattr->vsa_aclentp;
936 		    numacls < vsecattr->vsa_aclcnt;
937 		    aclp++, numacls++) {
938 			if (aclp->a_type & ACL_DEFAULT)
939 				break;
940 		}
941 
942 		/* Find where defaults start (if any) */
943 		if (numacls < vsecattr->vsa_aclcnt) {
944 			vsecattr->vsa_mask |= VSA_DFACL;
945 			vsecattr->vsa_dfaclcnt = vsecattr->vsa_aclcnt - numacls;
946 			vsecattr->vsa_dfaclentp = aclp;
947 			vsecattr->vsa_aclcnt = numacls;
948 		}
949 
950 		/* Adjust if they're all defaults */
951 		if (vsecattr->vsa_aclcnt == 0) {
952 			vsecattr->vsa_mask &= ~VSA_ACL;
953 			vsecattr->vsa_aclentp = NULL;
954 		}
955 
956 		/* Only directories can have defaults */
957 		if (vsecattr->vsa_dfaclcnt &&
958 		    (acl_info->acl_flags & ACL_IS_DIR)) {
959 			error = ENOTDIR;
960 		}
961 
962 		break;
963 
964 	case ACE_T:
965 		if (acl_info->acl_cnt < 1 ||
966 		    acl_info->acl_cnt > MAX_ACL_ENTRIES) {
967 			error = EINVAL;
968 			break;
969 		}
970 
971 		vsecattr->vsa_mask = VSA_ACE | VSA_ACE_ACLFLAGS;
972 		vsecattr->vsa_aclcnt = acl_info->acl_cnt;
973 		vsecattr->vsa_aclflags = acl_info->acl_flags & ACL_FLAGS_ALL;
974 		*aclbsize = vsecattr->vsa_aclcnt * sizeof (ace_t);
975 		vsecattr->vsa_aclentsz = *aclbsize;
976 		vsecattr->vsa_aclentp = kmem_alloc(*aclbsize, KM_SLEEP);
977 		(void) memcpy(vsecattr->vsa_aclentp, acl_info->acl_aclp,
978 		    *aclbsize);
979 
980 		break;
981 
982 	default:
983 		error = EINVAL;
984 	}
985 
986 	return (error);
987 }
988 
989 /*
990  * smb_fsacl_inheritable
991  *
992  * Checks to see if there are any inheritable ACEs in the
993  * given ZFS ACL. Returns the number of inheritable ACEs.
994  *
995  * The inherited ACL could be different based on the type of
996  * new object (file/dir) specified by 'is_dir'.
997  *
998  * Note that the input ACL is a ZFS ACL not Windows ACL.
999  *
1000  * Any ACE except creator owner/group:
1001  *
1002  *  FI   DI   NP   #F  #D
1003  * ---- ---- ---- ---- ----
1004  *  -    -    ?    0    0
1005  *  X    -    -    1    1
1006  *  X    -    X    1    0
1007  *  -    X    -    0    1
1008  *  -    X    X    0    1
1009  *  X    X    -    1    1
1010  *  X    X    X    1    1
1011  *
1012  * Creator owner/group ACE:
1013  *
1014  *  FI   DI   NP   #F  #D
1015  * ---- ---- ---- ---- ----
1016  *  -    -    ?    0    0
1017  *  X    -    -    1r   1c
1018  *  X    -    X    1r   0
1019  *  -    X    -    0    2
1020  *  -    X    X    0    1r
1021  *  X    X    -    1r   2
1022  *  X    X    X    1r   1r
1023  *
1024  * Legend:
1025  *
1026  *  FI: File Inherit
1027  *  DI: Dir Inherit
1028  *  NP: No Propagate
1029  *  #F: #ACE for a new file
1030  *  #D: #ACE for a new dir
1031  *
1032  *   X: bit is set
1033  *   -: bit is not set
1034  *   ?: don't care
1035  *
1036  *  1r: one owner/group ACE
1037  *  1c: one creator owner/group ACE
1038  */
1039 static int
1040 smb_fsacl_inheritable(acl_t *zacl, int is_dir)
1041 {
1042 	int numaces;
1043 	int num_inheritable = 0;
1044 	ace_t *zace;
1045 
1046 	if (zacl == NULL)
1047 		return (0);
1048 
1049 	for (numaces = 0, zace = zacl->acl_aclp;
1050 	    numaces < zacl->acl_cnt;
1051 	    zace++, numaces++) {
1052 		switch (zace->a_flags & ACE_FD_INHERIT_ACE) {
1053 		case (ACE_FILE_INHERIT_ACE | ACE_DIRECTORY_INHERIT_ACE):
1054 			/*
1055 			 * Files inherit an effective ACE.
1056 			 *
1057 			 * Dirs inherit an effective ACE.
1058 			 * The inherited ACE is inheritable unless the
1059 			 * ACE_NO_PROPAGATE_INHERIT_ACE bit flag is also set
1060 			 */
1061 			num_inheritable++;
1062 
1063 			if (is_dir && ZACE_IS_CREATOR(zace) &&
1064 			    (ZACE_IS_PROPAGATE(zace))) {
1065 				num_inheritable++;
1066 			}
1067 			break;
1068 
1069 		case ACE_FILE_INHERIT_ACE:
1070 			/*
1071 			 * Files inherit as an effective ACE.
1072 			 *
1073 			 * Dirs inherit an inherit-only ACE
1074 			 * unless the ACE_NO_PROPAGATE_INHERIT_ACE bit
1075 			 * flag is also set.
1076 			 */
1077 			if (is_dir == 0)
1078 				num_inheritable++;
1079 			else if (ZACE_IS_PROPAGATE(zace))
1080 				num_inheritable++;
1081 			break;
1082 
1083 		case ACE_DIRECTORY_INHERIT_ACE:
1084 			/*
1085 			 * No effect on files
1086 			 *
1087 			 * Dirs inherit an effective ACE.
1088 			 * The inherited ACE is inheritable unless the
1089 			 * ACE_NO_PROPAGATE_INHERIT_ACE bit flag is also set.
1090 			 */
1091 			if (is_dir == 0)
1092 				break;
1093 
1094 			num_inheritable++;
1095 
1096 			if (ZACE_IS_CREATOR(zace) &&
1097 			    (ZACE_IS_PROPAGATE(zace)))
1098 				num_inheritable++;
1099 			break;
1100 
1101 		default:
1102 			break;
1103 		}
1104 	}
1105 
1106 	return (num_inheritable);
1107 }
1108 
1109 
1110 /*
1111  * ACE Functions
1112  */
1113 
1114 /*
1115  * This is generic (ACL version 2) vs. object-specific
1116  * (ACL version 4) ACE types.
1117  */
1118 boolean_t
1119 smb_ace_is_generic(int type)
1120 {
1121 	switch (type) {
1122 	case ACE_ACCESS_ALLOWED_ACE_TYPE:
1123 	case ACE_ACCESS_DENIED_ACE_TYPE:
1124 	case ACE_SYSTEM_AUDIT_ACE_TYPE:
1125 	case ACE_SYSTEM_ALARM_ACE_TYPE:
1126 	case ACE_ACCESS_ALLOWED_CALLBACK_ACE_TYPE:
1127 	case ACE_ACCESS_DENIED_CALLBACK_ACE_TYPE:
1128 	case ACE_SYSTEM_AUDIT_CALLBACK_ACE_TYPE:
1129 	case ACE_SYSTEM_ALARM_CALLBACK_ACE_TYPE:
1130 		return (B_TRUE);
1131 
1132 	default:
1133 		break;
1134 	}
1135 
1136 	return (B_FALSE);
1137 }
1138 
1139 boolean_t
1140 smb_ace_is_access(int type)
1141 {
1142 	switch (type) {
1143 	case ACE_ACCESS_ALLOWED_ACE_TYPE:
1144 	case ACE_ACCESS_DENIED_ACE_TYPE:
1145 	case ACE_ACCESS_ALLOWED_COMPOUND_ACE_TYPE:
1146 	case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
1147 	case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
1148 	case ACE_ACCESS_ALLOWED_CALLBACK_ACE_TYPE:
1149 	case ACE_ACCESS_DENIED_CALLBACK_ACE_TYPE:
1150 	case ACE_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
1151 	case ACE_ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
1152 		return (B_TRUE);
1153 
1154 	default:
1155 		break;
1156 	}
1157 
1158 	return (B_FALSE);
1159 }
1160 
1161 boolean_t
1162 smb_ace_is_audit(int type)
1163 {
1164 	switch (type) {
1165 	case ACE_SYSTEM_AUDIT_ACE_TYPE:
1166 	case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
1167 	case ACE_SYSTEM_AUDIT_CALLBACK_ACE_TYPE:
1168 	case ACE_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:
1169 		return (B_TRUE);
1170 
1171 	default:
1172 		break;
1173 	}
1174 
1175 	return (B_FALSE);
1176 }
1177 
1178 /*
1179  * smb_ace_len
1180  *
1181  * Returns the length of the given ACE as it appears in an
1182  * ACL on the wire (i.e. a flat buffer which contains the SID)
1183  */
1184 static uint16_t
1185 smb_ace_len(smb_ace_t *ace)
1186 {
1187 	ASSERT(ace);
1188 	ASSERT(ace->se_sid);
1189 
1190 	if (ace == NULL)
1191 		return (0);
1192 
1193 	return (SMB_ACE_HDRSIZE + sizeof (ace->se_mask) +
1194 	    nt_sid_length(ace->se_sid));
1195 }
1196 
1197 static void
1198 smb_ace_inherit(ace_t *dir_zace, ace_t *zace, int is_dir)
1199 {
1200 	*zace = *dir_zace;
1201 	if (!(is_dir && ZACE_IS_PROPAGATE(dir_zace)))
1202 		zace->a_flags &= ~ACE_INHERIT_FLAGS;
1203 	zace->a_flags |= ACE_INHERITED_ACE;
1204 
1205 	/*
1206 	 * Replace creator owner/group ACEs with
1207 	 * actual owner/group ACEs.
1208 	 */
1209 	if (ZACE_IS_CREATOR_OWNER(dir_zace)) {
1210 		zace->a_who = (uid_t)-1;
1211 		zace->a_flags |= ACE_OWNER;
1212 	} else if (ZACE_IS_CREATOR_GROUP(dir_zace)) {
1213 		zace->a_who = (uid_t)-1;
1214 		zace->a_flags |= ACE_GROUP;
1215 	}
1216 }
1217 
1218 /*
1219  * smb_ace_mask_g2s
1220  *
1221  * Converts generic access bits in the given mask (if any)
1222  * to file specific bits. Generic access masks shouldn't be
1223  * stored in filesystem ACEs.
1224  */
1225 static uint32_t
1226 smb_ace_mask_g2s(uint32_t mask)
1227 {
1228 	if (mask & GENERIC_ALL) {
1229 		mask &= ~(GENERIC_ALL | GENERIC_READ | GENERIC_WRITE
1230 		    | GENERIC_EXECUTE);
1231 
1232 		mask |= FILE_ALL_ACCESS;
1233 		return (mask);
1234 	}
1235 
1236 	if (mask & GENERIC_READ) {
1237 		mask &= ~GENERIC_READ;
1238 		mask |= FILE_GENERIC_READ;
1239 	}
1240 
1241 	if (mask & GENERIC_WRITE) {
1242 		mask &= ~GENERIC_WRITE;
1243 		mask |= FILE_GENERIC_WRITE;
1244 	}
1245 
1246 	if (mask & GENERIC_EXECUTE) {
1247 		mask &= ~GENERIC_EXECUTE;
1248 		mask |= FILE_GENERIC_EXECUTE;
1249 	}
1250 
1251 	return (mask);
1252 }
1253 
1254 static uint16_t
1255 smb_ace_flags_tozfs(uint8_t c_flags, int isdir)
1256 {
1257 	uint16_t z_flags = 0;
1258 
1259 	if (c_flags & SUCCESSFUL_ACCESS_ACE_FLAG)
1260 		z_flags |= ACE_SUCCESSFUL_ACCESS_ACE_FLAG;
1261 
1262 	if (c_flags & FAILED_ACCESS_ACE_FLAG)
1263 		z_flags |= ACE_FAILED_ACCESS_ACE_FLAG;
1264 
1265 	if (c_flags & INHERITED_ACE)
1266 		z_flags |= ACE_INHERITED_ACE;
1267 
1268 	/*
1269 	 * ZFS doesn't like any inheritance flags to be set on a
1270 	 * file's ACE, only directories. Windows doesn't care.
1271 	 */
1272 	if (isdir)
1273 		z_flags |= (c_flags & ACE_INHERIT_FLAGS);
1274 
1275 	return (z_flags);
1276 }
1277 
1278 static uint8_t
1279 smb_ace_flags_fromzfs(uint16_t z_flags)
1280 {
1281 	uint8_t c_flags;
1282 
1283 	c_flags = z_flags & ACE_INHERIT_FLAGS;
1284 
1285 	if (z_flags & ACE_SUCCESSFUL_ACCESS_ACE_FLAG)
1286 		c_flags |= SUCCESSFUL_ACCESS_ACE_FLAG;
1287 
1288 	if (z_flags & ACE_FAILED_ACCESS_ACE_FLAG)
1289 		c_flags |= FAILED_ACCESS_ACE_FLAG;
1290 
1291 	if (z_flags & ACE_INHERITED_ACE)
1292 		c_flags |= INHERITED_ACE;
1293 
1294 	return (c_flags);
1295 }
1296 
1297 static boolean_t
1298 smb_ace_isvalid(smb_ace_t *ace, int which_acl)
1299 {
1300 	uint16_t min_len;
1301 
1302 	min_len = sizeof (smb_acehdr_t);
1303 
1304 	if (ace->se_hdr.se_bsize < min_len)
1305 		return (B_FALSE);
1306 
1307 	if (smb_ace_is_access(ace->se_hdr.se_type) &&
1308 	    (which_acl != SMB_DACL_SECINFO))
1309 		return (B_FALSE);
1310 
1311 	if (smb_ace_is_audit(ace->se_hdr.se_type) &&
1312 	    (which_acl != SMB_SACL_SECINFO))
1313 		return (B_FALSE);
1314 
1315 	if (smb_ace_is_generic(ace->se_hdr.se_type)) {
1316 		if (nt_sid_is_valid(ace->se_sid) == 0)
1317 			return (B_FALSE);
1318 
1319 		min_len += sizeof (ace->se_mask);
1320 		min_len += nt_sid_length(ace->se_sid);
1321 
1322 		if (ace->se_hdr.se_bsize < min_len)
1323 			return (B_FALSE);
1324 	}
1325 
1326 	/*
1327 	 * object-specific ACE validation will be added later.
1328 	 */
1329 	return (B_TRUE);
1330 }
1331