xref: /onnv-gate/usr/src/common/smbclnt/smbfs_ntacl.h (revision 11564:184d27948276) 
111332SGordon.Ross@Sun.COM /*
211332SGordon.Ross@Sun.COM  * CDDL HEADER START
311332SGordon.Ross@Sun.COM  *
411332SGordon.Ross@Sun.COM  * The contents of this file are subject to the terms of the
511332SGordon.Ross@Sun.COM  * Common Development and Distribution License (the "License").
611332SGordon.Ross@Sun.COM  * You may not use this file except in compliance with the License.
711332SGordon.Ross@Sun.COM  *
811332SGordon.Ross@Sun.COM  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
911332SGordon.Ross@Sun.COM  * or http://www.opensolaris.org/os/licensing.
1011332SGordon.Ross@Sun.COM  * See the License for the specific language governing permissions
1111332SGordon.Ross@Sun.COM  * and limitations under the License.
1211332SGordon.Ross@Sun.COM  *
1311332SGordon.Ross@Sun.COM  * When distributing Covered Code, include this CDDL HEADER in each
1411332SGordon.Ross@Sun.COM  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1511332SGordon.Ross@Sun.COM  * If applicable, add the following below this CDDL HEADER, with the
1611332SGordon.Ross@Sun.COM  * fields enclosed by brackets "[]" replaced with your own identifying
1711332SGordon.Ross@Sun.COM  * information: Portions Copyright [yyyy] [name of copyright owner]
1811332SGordon.Ross@Sun.COM  *
1911332SGordon.Ross@Sun.COM  * CDDL HEADER END
2011332SGordon.Ross@Sun.COM  */
2111332SGordon.Ross@Sun.COM 
2211332SGordon.Ross@Sun.COM /*
23*11564SGordon.Ross@Sun.COM  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
2411332SGordon.Ross@Sun.COM  * Use is subject to license terms.
2511332SGordon.Ross@Sun.COM  */
2611332SGordon.Ross@Sun.COM 
2711332SGordon.Ross@Sun.COM #ifndef _SMBFS_NTACL_H
2811332SGordon.Ross@Sun.COM #define	_SMBFS_NTACL_H
2911332SGordon.Ross@Sun.COM 
3011332SGordon.Ross@Sun.COM /*
3111332SGordon.Ross@Sun.COM  * Internal functions for dealing with
3211332SGordon.Ross@Sun.COM  * NT Security data structures.
3311332SGordon.Ross@Sun.COM  */
3411332SGordon.Ross@Sun.COM 
3511332SGordon.Ross@Sun.COM #include <netsmb/mchain.h>
3611332SGordon.Ross@Sun.COM 
3711332SGordon.Ross@Sun.COM /*
3811332SGordon.Ross@Sun.COM  * Internal form of an NT SID
3911332SGordon.Ross@Sun.COM  * Same as on the wire, but possibly byte-swapped.
4011332SGordon.Ross@Sun.COM  */
4111332SGordon.Ross@Sun.COM typedef struct i_ntsid {
4211332SGordon.Ross@Sun.COM 	uint8_t	sid_revision;
4311332SGordon.Ross@Sun.COM 	uint8_t	sid_subauthcount;
4411332SGordon.Ross@Sun.COM 	uint8_t	sid_authority[6];
4511332SGordon.Ross@Sun.COM 	uint32_t sid_subauthvec[1]; /* actually len=subauthcount */
4611332SGordon.Ross@Sun.COM } i_ntsid_t;
4711332SGordon.Ross@Sun.COM #define	I_SID_SIZE(sacnt)	(8 + 4 * (sacnt))
4811332SGordon.Ross@Sun.COM 
4911332SGordon.Ross@Sun.COM /*
50*11564SGordon.Ross@Sun.COM  * Internal form of an NT ACE - first the header.
51*11564SGordon.Ross@Sun.COM  * See MS SDK: ACE_HEADER  (For MS, it's the OtW form)
52*11564SGordon.Ross@Sun.COM  * Note: ace_size here is the in-memoy size, not OtW.
5311332SGordon.Ross@Sun.COM  */
54*11564SGordon.Ross@Sun.COM typedef struct i_ntace_hdr {
55*11564SGordon.Ross@Sun.COM 	uint8_t		ace_type;
56*11564SGordon.Ross@Sun.COM 	uint8_t		ace_flags;
57*11564SGordon.Ross@Sun.COM 	uint16_t	ace_size;
58*11564SGordon.Ross@Sun.COM } i_ntace_hdr_t;
59*11564SGordon.Ross@Sun.COM 
60*11564SGordon.Ross@Sun.COM /*
61*11564SGordon.Ross@Sun.COM  * Simple ACE for types: ACCESS_ALLOWED through SYSTEM_ALARM
62*11564SGordon.Ross@Sun.COM  * See MS SDK: ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE,
63*11564SGordon.Ross@Sun.COM  * SYSTEM_AUDIT_ACE, SYSTEM_ALARM_ACE.
64*11564SGordon.Ross@Sun.COM  *
65*11564SGordon.Ross@Sun.COM  * The above are the only types that appear in a V2 ACL.
66*11564SGordon.Ross@Sun.COM  * Note that in the Windows SDK, the SID is stored as
67*11564SGordon.Ross@Sun.COM  * "flat" data after the ACE header.  This implementation
68*11564SGordon.Ross@Sun.COM  * stores the SID as a pointer instead.
69*11564SGordon.Ross@Sun.COM  */
70*11564SGordon.Ross@Sun.COM typedef struct i_ntace_v2 {
71*11564SGordon.Ross@Sun.COM 	i_ntace_hdr_t	ace_hdr;
7211332SGordon.Ross@Sun.COM 	uint32_t	ace_rights; /* generic, standard, specific, etc */
7311332SGordon.Ross@Sun.COM 	i_ntsid_t	*ace_sid;
74*11564SGordon.Ross@Sun.COM } i_ntace_v2_t;
75*11564SGordon.Ross@Sun.COM 
76*11564SGordon.Ross@Sun.COM /*
77*11564SGordon.Ross@Sun.COM  * A union for convenience of the conversion code.
78*11564SGordon.Ross@Sun.COM  * There are lots more ACE types, ignored for now.
79*11564SGordon.Ross@Sun.COM  */
80*11564SGordon.Ross@Sun.COM typedef union i_ntace_u {
81*11564SGordon.Ross@Sun.COM 	i_ntace_hdr_t	ace_hdr;
82*11564SGordon.Ross@Sun.COM 	i_ntace_v2_t	ace_v2;
8311332SGordon.Ross@Sun.COM } i_ntace_t;
8411332SGordon.Ross@Sun.COM 
8511332SGordon.Ross@Sun.COM /*
8611332SGordon.Ross@Sun.COM  * Internal form of an NT ACL (see sacl/dacl below)
8711332SGordon.Ross@Sun.COM  */
8811332SGordon.Ross@Sun.COM typedef struct i_ntacl {
89*11564SGordon.Ross@Sun.COM 	uint8_t		acl_revision;	/* 0x02 observed with W2K */
9011332SGordon.Ross@Sun.COM 	uint16_t	acl_acecount;
9111332SGordon.Ross@Sun.COM 	i_ntace_t	*acl_acevec[1]; /* actually, len=acecount */
9211332SGordon.Ross@Sun.COM } i_ntacl_t;
9311332SGordon.Ross@Sun.COM 
9411332SGordon.Ross@Sun.COM /*
9511332SGordon.Ross@Sun.COM  * Internal form of an NT Security Descriptor (SD)
9611332SGordon.Ross@Sun.COM  */
9711332SGordon.Ross@Sun.COM typedef struct i_ntsd {
9811332SGordon.Ross@Sun.COM 	uint8_t		sd_revision;	/* 0x01 observed between W2K */
9911332SGordon.Ross@Sun.COM 	uint8_t		sd_rmctl;	/* resource mgr control (MBZ) */
10011332SGordon.Ross@Sun.COM 	uint16_t	sd_flags;
10111332SGordon.Ross@Sun.COM 	i_ntsid_t	*sd_owner;
10211332SGordon.Ross@Sun.COM 	i_ntsid_t	*sd_group;
10311332SGordon.Ross@Sun.COM 	i_ntacl_t	*sd_sacl;
10411332SGordon.Ross@Sun.COM 	i_ntacl_t	*sd_dacl;
10511332SGordon.Ross@Sun.COM } i_ntsd_t;
10611332SGordon.Ross@Sun.COM 
10711332SGordon.Ross@Sun.COM /*
10811332SGordon.Ross@Sun.COM  * Import a raw SD (mb chain) into "internal" form.
10911332SGordon.Ross@Sun.COM  * (like "absolute" form per. NT docs)
11011332SGordon.Ross@Sun.COM  * Returns allocated data in sdp
11111332SGordon.Ross@Sun.COM  */
11211332SGordon.Ross@Sun.COM int md_get_ntsd(mdchain_t *mbp, i_ntsd_t **sdp);
11311332SGordon.Ross@Sun.COM 
11411332SGordon.Ross@Sun.COM /*
11511332SGordon.Ross@Sun.COM  * Export an "internal" SD into an raw SD (mb chain).
11611332SGordon.Ross@Sun.COM  * (a.k.a "self-relative" form per. NT docs)
11711332SGordon.Ross@Sun.COM  * Returns allocated mbchain in mbp.
11811332SGordon.Ross@Sun.COM  */
11911332SGordon.Ross@Sun.COM int mb_put_ntsd(mbchain_t *mbp, i_ntsd_t *sd);
12011332SGordon.Ross@Sun.COM 
12111332SGordon.Ross@Sun.COM /*
12211332SGordon.Ross@Sun.COM  * Convert an internal SD to a ZFS-style ACL.
12311332SGordon.Ross@Sun.COM  * Get uid/gid too if pointers != NULL.
12411332SGordon.Ross@Sun.COM  */
12511332SGordon.Ross@Sun.COM #ifdef	_KERNEL
12611332SGordon.Ross@Sun.COM int smbfs_acl_sd2zfs(i_ntsd_t *, vsecattr_t *, uid_t *, gid_t *);
12711332SGordon.Ross@Sun.COM #else /* _KERNEL */
128*11564SGordon.Ross@Sun.COM /* See also: lib/libsmbfs/netsmb/smbfs_acl.h */
129*11564SGordon.Ross@Sun.COM int smbfs_acl_sd2zfs(struct i_ntsd *, acl_t *, uid_t *, gid_t *);
13011332SGordon.Ross@Sun.COM #endif /* _KERNEL */
13111332SGordon.Ross@Sun.COM 
13211332SGordon.Ross@Sun.COM /*
133*11564SGordon.Ross@Sun.COM  * Convert a ZFS-style ACL to an internal SD.
134*11564SGordon.Ross@Sun.COM  * Set owner/group too if selector indicates.
135*11564SGordon.Ross@Sun.COM  * Always need to pass uid+gid, either the new
136*11564SGordon.Ross@Sun.COM  * (when setting them) or existing, so that any
137*11564SGordon.Ross@Sun.COM  * owner@ or group@ ACEs can be translated.
13811332SGordon.Ross@Sun.COM  */
13911332SGordon.Ross@Sun.COM #ifdef	_KERNEL
140*11564SGordon.Ross@Sun.COM int smbfs_acl_zfs2sd(vsecattr_t *, uid_t, gid_t, uint32_t, i_ntsd_t **);
14111332SGordon.Ross@Sun.COM #else /* _KERNEL */
142*11564SGordon.Ross@Sun.COM /* See also: lib/libsmbfs/netsmb/smbfs_acl.h */
143*11564SGordon.Ross@Sun.COM int smbfs_acl_zfs2sd(acl_t *, uid_t, gid_t, uint32_t, struct i_ntsd **);
14411332SGordon.Ross@Sun.COM #endif /* _KERNEL */
14511332SGordon.Ross@Sun.COM 
14611332SGordon.Ross@Sun.COM /*
147*11564SGordon.Ross@Sun.COM  * Free an i_ntsd_t from md_get_ntsd() or smbfs_acl_zfs2sd().
148*11564SGordon.Ross@Sun.COM  * See also: lib/libsmbfs/netsmb/smbfs_acl.h
14911332SGordon.Ross@Sun.COM  */
15011332SGordon.Ross@Sun.COM void smbfs_acl_free_sd(struct i_ntsd *);
15111332SGordon.Ross@Sun.COM 
15211332SGordon.Ross@Sun.COM /*
15311332SGordon.Ross@Sun.COM  * Convert an NT SID to string format.
15411332SGordon.Ross@Sun.COM  */
15511332SGordon.Ross@Sun.COM int smbfs_sid2str(i_ntsid_t *sid,
15611332SGordon.Ross@Sun.COM 	char *obuf, size_t olen, uint32_t *ridp);
15711332SGordon.Ross@Sun.COM 
15811332SGordon.Ross@Sun.COM #endif	/* _SMBFS_NTACL_H */
159