1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24 * Use is subject to license terms.
25 */
26
27#ifndef _SMBFS_NTACL_H
28#define	_SMBFS_NTACL_H
29
30/*
31 * Internal functions for dealing with
32 * NT Security data structures.
33 */
34
35#include <netsmb/mchain.h>
36
37/*
38 * Internal form of an NT SID
39 * Same as on the wire, but possibly byte-swapped.
40 */
41typedef struct i_ntsid {
42	uint8_t	sid_revision;
43	uint8_t	sid_subauthcount;
44	uint8_t	sid_authority[6];
45	uint32_t sid_subauthvec[1]; /* actually len=subauthcount */
46} i_ntsid_t;
47#define	I_SID_SIZE(sacnt)	(8 + 4 * (sacnt))
48
49/*
50 * Internal form of an NT ACE - first the header.
51 * See MS SDK: ACE_HEADER  (For MS, it's the OtW form)
52 * Note: ace_size here is the in-memoy size, not OtW.
53 */
54typedef struct i_ntace_hdr {
55	uint8_t		ace_type;
56	uint8_t		ace_flags;
57	uint16_t	ace_size;
58} i_ntace_hdr_t;
59
60/*
61 * Simple ACE for types: ACCESS_ALLOWED through SYSTEM_ALARM
62 * See MS SDK: ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE,
63 * SYSTEM_AUDIT_ACE, SYSTEM_ALARM_ACE.
64 *
65 * The above are the only types that appear in a V2 ACL.
66 * Note that in the Windows SDK, the SID is stored as
67 * "flat" data after the ACE header.  This implementation
68 * stores the SID as a pointer instead.
69 */
70typedef struct i_ntace_v2 {
71	i_ntace_hdr_t	ace_hdr;
72	uint32_t	ace_rights; /* generic, standard, specific, etc */
73	i_ntsid_t	*ace_sid;
74} i_ntace_v2_t;
75
76/*
77 * A union for convenience of the conversion code.
78 * There are lots more ACE types, ignored for now.
79 */
80typedef union i_ntace_u {
81	i_ntace_hdr_t	ace_hdr;
82	i_ntace_v2_t	ace_v2;
83} i_ntace_t;
84
85/*
86 * Internal form of an NT ACL (see sacl/dacl below)
87 */
88typedef struct i_ntacl {
89	uint8_t		acl_revision;	/* 0x02 observed with W2K */
90	uint16_t	acl_acecount;
91	i_ntace_t	*acl_acevec[1]; /* actually, len=acecount */
92} i_ntacl_t;
93
94/*
95 * Internal form of an NT Security Descriptor (SD)
96 */
97typedef struct i_ntsd {
98	uint8_t		sd_revision;	/* 0x01 observed between W2K */
99	uint8_t		sd_rmctl;	/* resource mgr control (MBZ) */
100	uint16_t	sd_flags;
101	i_ntsid_t	*sd_owner;
102	i_ntsid_t	*sd_group;
103	i_ntacl_t	*sd_sacl;
104	i_ntacl_t	*sd_dacl;
105} i_ntsd_t;
106
107/*
108 * Import a raw SD (mb chain) into "internal" form.
109 * (like "absolute" form per. NT docs)
110 * Returns allocated data in sdp
111 */
112int md_get_ntsd(mdchain_t *mbp, i_ntsd_t **sdp);
113
114/*
115 * Export an "internal" SD into an raw SD (mb chain).
116 * (a.k.a "self-relative" form per. NT docs)
117 * Returns allocated mbchain in mbp.
118 */
119int mb_put_ntsd(mbchain_t *mbp, i_ntsd_t *sd);
120
121/*
122 * Convert an internal SD to a ZFS-style ACL.
123 * Get uid/gid too if pointers != NULL.
124 */
125#ifdef	_KERNEL
126int smbfs_acl_sd2zfs(i_ntsd_t *, vsecattr_t *, uid_t *, gid_t *);
127#else /* _KERNEL */
128/* See also: lib/libsmbfs/netsmb/smbfs_acl.h */
129int smbfs_acl_sd2zfs(struct i_ntsd *, acl_t *, uid_t *, gid_t *);
130#endif /* _KERNEL */
131
132/*
133 * Convert a ZFS-style ACL to an internal SD.
134 * Set owner/group too if selector indicates.
135 * Always need to pass uid+gid, either the new
136 * (when setting them) or existing, so that any
137 * owner@ or group@ ACEs can be translated.
138 */
139#ifdef	_KERNEL
140int smbfs_acl_zfs2sd(vsecattr_t *, uid_t, gid_t, uint32_t, i_ntsd_t **);
141#else /* _KERNEL */
142/* See also: lib/libsmbfs/netsmb/smbfs_acl.h */
143int smbfs_acl_zfs2sd(acl_t *, uid_t, gid_t, uint32_t, struct i_ntsd **);
144#endif /* _KERNEL */
145
146/*
147 * Free an i_ntsd_t from md_get_ntsd() or smbfs_acl_zfs2sd().
148 * See also: lib/libsmbfs/netsmb/smbfs_acl.h
149 */
150void smbfs_acl_free_sd(struct i_ntsd *);
151
152/*
153 * Convert an NT SID to string format.
154 */
155int smbfs_sid2str(i_ntsid_t *sid,
156	char *obuf, size_t olen, uint32_t *ridp);
157
158#endif	/* _SMBFS_NTACL_H */
159