Print this page
NEX-16818 Add fksmbcl development tool
NEX-17264 SMB client test tp_smbutil_013 fails after NEX-14666
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
and: (fix ref leaks)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libsmbfs/smb/acl_api.c
+++ new/usr/src/lib/libsmbfs/smb/acl_api.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24 24 * Use is subject to license terms.
25 + *
26 + * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
25 27 */
26 28
27 29 /*
28 30 * ACL API for smbfs
29 31 */
30 32
31 33 #include <sys/types.h>
32 34 #include <sys/errno.h>
33 35 #include <sys/cred.h>
34 36 #include <sys/cmn_err.h>
35 37 #include <sys/kmem.h>
36 38 #include <sys/sunddi.h>
37 39 #include <sys/acl.h>
38 40 #include <sys/vnode.h>
39 41 #include <sys/vfs.h>
40 42 #include <sys/byteorder.h>
41 43
42 44 #include <errno.h>
43 45 #include <stdio.h>
44 46 #include <strings.h>
45 47 #include <unistd.h>
46 48
47 49 #include <umem.h>
48 50 #include <idmap.h>
49 51
50 52 #include <sys/fs/smbfs_ioctl.h>
51 53
52 54 #include <netsmb/smb.h>
53 55 #include <netsmb/smb_lib.h>
54 56 #include <netsmb/smbfs_acl.h>
55 57
56 58 #include "smbfs_ntacl.h"
57 59 #include "private.h"
58 60
59 61 /* Sanity check SD sizes */
60 62 #define MAX_RAW_SD_SIZE 32768
61 63
62 64 /* XXX: acl_common.h */
63 65 acl_t *acl_alloc(enum acl_type);
64 66 void acl_free(acl_t *);
65 67
66 68
67 69 /*
68 70 * Get/set a Windows security descriptor (SD)
69 71 * using the (private) smbfs ioctl mechanism.
70 72 * Note: Get allocates mbp->mb_top
71 73 */
72 74
73 75 /* ARGSUSED */
74 76 int
75 77 smbfs_acl_iocget(int fd, uint32_t selector, mbdata_t *mbp)
|
↓ open down ↓ |
41 lines elided |
↑ open up ↑ |
76 78 {
77 79 ioc_sdbuf_t iocb;
78 80 struct mbuf *m;
79 81 int error;
80 82
81 83 error = mb_init_sz(mbp, MAX_RAW_SD_SIZE);
82 84 if (error)
83 85 return (error);
84 86
85 87 m = mbp->mb_top;
88 + bzero(&iocb, sizeof (iocb));
86 89 iocb.addr = mtod(m, uintptr_t);
87 90 iocb.alloc = m->m_maxlen;
88 91 iocb.used = 0;
89 92 iocb.selector = selector;
90 93
91 94 /*
92 95 * This does the OTW Get.
93 96 */
94 - if (ioctl(fd, SMBFSIO_GETSD, &iocb) < 0) {
97 + if (nsmb_ioctl(fd, SMBFSIO_GETSD, &iocb) < 0) {
95 98 error = errno;
96 99 goto errout;
97 100 }
98 101
99 102 m->m_len = iocb.used;
100 103 return (0);
101 104
102 105 errout:
103 106 mb_done(mbp);
104 107 return (error);
105 108 }
106 109
107 110 /* ARGSUSED */
108 111 int
109 112 smbfs_acl_iocset(int fd, uint32_t selector, mbdata_t *mbp)
110 113 {
111 114 ioc_sdbuf_t iocb;
112 115 struct mbuf *m;
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
113 116 int error;
114 117
115 118 /* Make the data contiguous. */
116 119 error = m_lineup(mbp->mb_top, &m);
117 120 if (error)
118 121 return (error);
119 122
120 123 if (mbp->mb_top != m)
121 124 mb_initm(mbp, m);
122 125
126 + bzero(&iocb, sizeof (iocb));
123 127 iocb.addr = mtod(m, uintptr_t);
124 128 iocb.alloc = m->m_maxlen;
125 129 iocb.used = m->m_len;
126 130 iocb.selector = selector;
127 131
128 132 /*
129 133 * This does the OTW Set.
130 134 */
131 - if (ioctl(fd, SMBFSIO_SETSD, &iocb) < 0)
135 + if (nsmb_ioctl(fd, SMBFSIO_SETSD, &iocb) < 0)
132 136 error = errno;
133 137
134 138 return (error);
135 139 }
136 140
137 141 /*
138 142 * Get an NT SD from the open file via ioctl.
139 143 */
140 144 int
141 145 smbfs_acl_getsd(int fd, uint32_t selector, i_ntsd_t **sdp)
142 146 {
143 147 mbdata_t *mbp, mb_store;
144 148 int error;
145 149
146 150 mbp = &mb_store;
147 151 bzero(mbp, sizeof (*mbp));
148 152
149 153 /*
150 154 * Get the raw Windows SD via ioctl.
151 155 * Returns allocated mbchain in mbp.
152 156 */
153 157 error = smbfs_acl_iocget(fd, selector, mbp);
154 158 if (error == 0) {
155 159 /*
156 160 * Import the raw SD into "internal" form.
157 161 * (like "absolute" form per. NT docs)
158 162 * Returns allocated data in sdp
159 163 */
160 164 error = md_get_ntsd(mbp, sdp);
161 165 }
162 166
163 167 mb_done(mbp);
164 168 return (error);
165 169 }
166 170
167 171 /*
168 172 * Set an NT SD onto the open file via ioctl.
169 173 */
170 174 int
171 175 smbfs_acl_setsd(int fd, uint32_t selector, i_ntsd_t *sd)
172 176 {
173 177 mbdata_t *mbp, mb_store;
174 178 int error;
175 179
176 180 mbp = &mb_store;
177 181 error = mb_init_sz(mbp, MAX_RAW_SD_SIZE);
178 182 if (error)
179 183 return (error);
180 184
181 185 /*
182 186 * Export the "internal" SD into an mb chain.
183 187 * (a.k.a "self-relative" form per. NT docs)
184 188 * Returns allocated mbchain in mbp.
185 189 */
186 190 error = mb_put_ntsd(mbp, sd);
187 191 if (error == 0) {
188 192 /*
189 193 * Set the raw Windows SD via ioctl.
190 194 */
191 195 error = smbfs_acl_iocset(fd, selector, mbp);
192 196 }
193 197
194 198 mb_done(mbp);
195 199
196 200 return (error);
197 201 }
198 202
199 203
200 204
201 205 /*
202 206 * Convenience function to Get security using a
203 207 * ZFS-style ACL (libsec acl, type=ACE_T)
204 208 * Intentionally similar to: facl_get(3SEC)
205 209 */
206 210 int
207 211 smbfs_acl_get(int fd, acl_t **aclp, uid_t *uidp, gid_t *gidp)
208 212 {
209 213 i_ntsd_t *sd = NULL;
210 214 acl_t *acl = NULL;
211 215 uint32_t selector;
212 216 int error;
213 217
214 218 /*
215 219 * Which parts of the SD are being requested?
216 220 * XXX: Should we request the SACL too? If so,
217 221 * might that cause this access to be denied?
218 222 * Or maybe: if we get access denied, try the
219 223 * open/fetch again without the SACL bit.
220 224 */
221 225 selector = 0;
222 226 if (aclp)
223 227 selector |= DACL_SECURITY_INFORMATION;
224 228 if (uidp)
225 229 selector |= OWNER_SECURITY_INFORMATION;
226 230 if (gidp)
227 231 selector |= GROUP_SECURITY_INFORMATION;
228 232
229 233 if (selector == 0)
230 234 return (0);
231 235
232 236 /*
233 237 * Get the Windows SD via ioctl, in
234 238 * "internal" (absolute) form.
235 239 */
236 240 error = smbfs_acl_getsd(fd, selector, &sd);
237 241 if (error)
238 242 return (error);
239 243 /* Note: sd now holds allocated data. */
240 244
241 245 /*
242 246 * Convert the internal SD to a ZFS ACL.
243 247 * Get uid/gid too if pointers != NULL.
244 248 */
245 249 if (aclp) {
246 250 acl = acl_alloc(ACE_T);
247 251 if (acl == NULL) {
248 252 error = ENOMEM;
249 253 goto out;
250 254 }
251 255 }
252 256 error = smbfs_acl_sd2zfs(sd, acl, uidp, gidp);
253 257 if (error)
254 258 goto out;
255 259
256 260 /* Success! */
257 261 if (aclp) {
258 262 *aclp = acl;
259 263 acl = NULL;
260 264 }
261 265
262 266 out:
263 267 if (acl)
264 268 acl_free(acl);
265 269 smbfs_acl_free_sd(sd);
266 270 return (error);
267 271 }
268 272
269 273 /*
270 274 * Convenience function to Set security using a
271 275 * ZFS-style ACL (libsec acl, type=ACE_T)
272 276 * Intentionally similar to: facl_set(3SEC)
273 277 */
274 278 int
275 279 smbfs_acl_set(int fd, acl_t *acl, uid_t uid, gid_t gid)
276 280 {
277 281 struct stat st;
278 282 i_ntsd_t *sd = NULL;
279 283 uint32_t selector;
280 284 int error;
281 285
282 286 if (acl && acl->acl_type != ACE_T)
283 287 return (EINVAL);
284 288
285 289 /*
286 290 * Which parts of the SD are being modified?
287 291 * XXX: Ditto comments above re. SACL.
288 292 */
289 293 selector = 0;
290 294 if (acl)
291 295 selector |= DACL_SECURITY_INFORMATION;
292 296 if (uid != (uid_t)-1)
293 297 selector |= OWNER_SECURITY_INFORMATION;
294 298 if (gid != (gid_t)-1)
295 299 selector |= GROUP_SECURITY_INFORMATION;
296 300 if (selector == 0)
297 301 return (0);
298 302
299 303 if (uid == (uid_t)-1 || gid == (gid_t)-1) {
300 304 /*
301 305 * If not setting owner or group, we need the
302 306 * current owner and group for translating
303 307 * references via owner@ or group@ ACEs.
304 308 */
305 309 if (fstat(fd, &st) != 0)
306 310 return (errno);
307 311 if (uid == (uid_t)-1)
308 312 uid = st.st_uid;
309 313 if (gid == (gid_t)-1)
310 314 gid = st.st_gid;
311 315 }
312 316
313 317 /*
314 318 * Convert the ZFS ACL to an internal SD.
315 319 * Returns allocated data in sd
316 320 */
317 321 error = smbfs_acl_zfs2sd(acl, uid, gid, selector, &sd);
318 322 if (error == 0)
319 323 error = smbfs_acl_setsd(fd, selector, sd);
320 324
321 325 smbfs_acl_free_sd(sd);
322 326
323 327 return (error);
324 328 }
|
↓ open down ↓ |
183 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX