1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  *
26  * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
27  */
28 
29 #ifndef _SMBFS_NTACL_H
30 #define	_SMBFS_NTACL_H
31 
32 /*
33  * Internal functions for dealing with
34  * NT Security data structures.
35  */
36 
37 #include <netsmb/mchain.h>
38 
39 /*
40  * Internal form of an NT SID
41  * Same as on the wire, but possibly byte-swapped.
42  */
43 typedef struct i_ntsid {
44 	uint8_t	sid_revision;
45 	uint8_t	sid_subauthcount;
46 	uint8_t	sid_authority[6];
47 	uint32_t sid_subauthvec[1]; /* actually len=subauthcount */
48 } i_ntsid_t;
49 #define	I_SID_SIZE(sacnt)	(8 + 4 * (sacnt))
50 
51 /*
52  * Internal form of an NT ACE - first the header.
53  * See MS SDK: ACE_HEADER  (For MS, it's the OtW form)
54  * Note: ace_size here is the in-memoy size, not OtW.
55  */
56 typedef struct i_ntace_hdr {
57 	uint8_t		ace_type;
58 	uint8_t		ace_flags;
59 	uint16_t	ace_size;
60 } i_ntace_hdr_t;
61 
62 /*
63  * Simple ACE for types: ACCESS_ALLOWED through SYSTEM_ALARM
64  * See MS SDK: ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE,
65  * SYSTEM_AUDIT_ACE, SYSTEM_ALARM_ACE.
66  *
67  * The above are the only types that appear in a V2 ACL.
68  * Note that in the Windows SDK, the SID is stored as
69  * "flat" data after the ACE header.  This implementation
70  * stores the SID as a pointer instead.
71  */
72 typedef struct i_ntace_v2 {
73 	i_ntace_hdr_t	ace_hdr;
74 	uint32_t	ace_rights; /* generic, standard, specific, etc */
75 	i_ntsid_t	*ace_sid;
76 } i_ntace_v2_t;
77 
78 /*
79  * A union for convenience of the conversion code.
80  * There are lots more ACE types, ignored for now.
81  */
82 typedef union i_ntace_u {
83 	i_ntace_hdr_t	ace_hdr;
84 	i_ntace_v2_t	ace_v2;
85 } i_ntace_t;
86 
87 /*
88  * Internal form of an NT ACL (see sacl/dacl below)
89  */
90 typedef struct i_ntacl {
91 	uint8_t		acl_revision;	/* 0x02 observed with W2K */
92 	uint16_t	acl_acecount;
93 	i_ntace_t	*acl_acevec[1]; /* actually, len=acecount */
94 } i_ntacl_t;
95 
96 /*
97  * Internal form of an NT Security Descriptor (SD)
98  */
99 typedef struct i_ntsd {
100 	uint8_t		sd_revision;	/* 0x01 observed between W2K */
101 	uint8_t		sd_rmctl;	/* resource mgr control (MBZ) */
102 	uint16_t	sd_flags;
103 	i_ntsid_t	*sd_owner;
104 	i_ntsid_t	*sd_group;
105 	i_ntacl_t	*sd_sacl;
106 	i_ntacl_t	*sd_dacl;
107 } i_ntsd_t;
108 
109 /*
110  * Import a raw SD (mb chain) into "internal" form.
111  * (like "absolute" form per. NT docs)
112  * Returns allocated data in sdp
113  */
114 int md_get_ntsd(mdchain_t *mbp, i_ntsd_t **sdp);
115 
116 /*
117  * Export an "internal" SD into an raw SD (mb chain).
118  * (a.k.a "self-relative" form per. NT docs)
119  * Returns allocated mbchain in mbp.
120  */
121 int mb_put_ntsd(mbchain_t *mbp, i_ntsd_t *sd);
122 
123 /*
124  * Convert an internal SD to a ZFS-style ACL.
125  * Get uid/gid too if pointers != NULL.
126  */
127 #if defined(_KERNEL) || defined(_FAKE_KERNEL)
128 int smbfs_acl_sd2zfs(i_ntsd_t *, vsecattr_t *, uid_t *, gid_t *);
129 #else /* _KERNEL */
130 /* See also: lib/libsmbfs/netsmb/smbfs_acl.h */
131 int smbfs_acl_sd2zfs(struct i_ntsd *, acl_t *, uid_t *, gid_t *);
132 #endif /* _KERNEL */
133 
134 /*
135  * Convert a ZFS-style ACL to an internal SD.
136  * Set owner/group too if selector indicates.
137  * Always need to pass uid+gid, either the new
138  * (when setting them) or existing, so that any
139  * owner@ or group@ ACEs can be translated.
140  */
141 #if defined(_KERNEL) || defined(_FAKE_KERNEL)
142 int smbfs_acl_zfs2sd(vsecattr_t *, uid_t, gid_t, uint32_t, i_ntsd_t **);
143 #else /* _KERNEL */
144 /* See also: lib/libsmbfs/netsmb/smbfs_acl.h */
145 int smbfs_acl_zfs2sd(acl_t *, uid_t, gid_t, uint32_t, struct i_ntsd **);
146 #endif /* _KERNEL */
147 
148 /*
149  * Free an i_ntsd_t from md_get_ntsd() or smbfs_acl_zfs2sd().
150  * See also: lib/libsmbfs/netsmb/smbfs_acl.h
151  */
152 void smbfs_acl_free_sd(struct i_ntsd *);
153 
154 /*
155  * Convert an NT SID to string format.
156  */
157 int smbfs_sid2str(i_ntsid_t *sid,
158 	char *obuf, size_t olen, uint32_t *ridp);
159 
160 #endif	/* _SMBFS_NTACL_H */
161