4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
  24  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
  25  */
  26 
  27 #include <smbsrv/smb_kproto.h>
  28 
  29 static void smb_encode_sacl(mbuf_chain_t *, smb_acl_t *);
  30 static void smb_encode_dacl(mbuf_chain_t *, smb_acl_t *);
  31 static smb_acl_t *smb_decode_acl(mbuf_chain_t *, uint32_t);
  32 
  33 /*
  34  * smb_nt_transact_query_security_info
  35  *
  36  * This command allows the client to retrieve the security descriptor
  37  * on a file. The result of the call is returned to the client in the
  38  * Data part of the transaction response.
  39  *
  40  * Some clients specify a non-zero maximum data return size (mdrcnt)
  41  * for the SD and some specify zero. In either case, if the mdrcnt is
  42  * too small we need to return NT_STATUS_BUFFER_TOO_SMALL and a buffer
  43  * size hint. The client should then retry with the appropriate buffer
  44  * size.

 354                 ace = list_next(&acl->sl_sorted, ace);
 355         }
 356 }
 357 
 358 /*
 359  * smb_decode_sd
 360  *
 361  * Decodes the security descriptor in the request buffer
 362  * and set the fields of 'sd' appropraitely. Upon successful
 363  * return, caller must free allocated memories by calling
 364  * smb_sd_term().
 365  */
 366 uint32_t
 367 smb_decode_sd(mbuf_chain_t *mbc, smb_sd_t *sd)
 368 {
 369         struct mbuf_chain sdbuf;
 370         uint32_t owner_offs;
 371         uint32_t group_offs;
 372         uint32_t sacl_offs;
 373         uint32_t dacl_offs;

 374 
 375         smb_sd_init(sd, SECURITY_DESCRIPTOR_REVISION);
 376 
 377         (void) MBC_SHADOW_CHAIN(&sdbuf, mbc,
 378             mbc->chain_offset,
 379             mbc->max_bytes - mbc->chain_offset);
 380 
 381         if (smb_mbc_decodef(&sdbuf, "b.wllll",
 382             &sd->sd_revision, &sd->sd_control,
 383             &owner_offs, &group_offs, &sacl_offs, &dacl_offs))
 384                 goto decode_error;
 385 

 386         sd->sd_control &= ~SE_SELF_RELATIVE;


 387 
 388         if (owner_offs != 0) {
 389                 if (owner_offs < SMB_SD_HDRSIZE)
 390                         goto decode_error;
 391 
 392                 sd->sd_owner = smb_decode_sid(mbc, owner_offs);
 393                 if (sd->sd_owner == NULL)
 394                         goto decode_error;
 395         }
 396 
 397         if (group_offs != 0) {
 398                 if (group_offs < SMB_SD_HDRSIZE)
 399                         goto decode_error;
 400 
 401                 sd->sd_group = smb_decode_sid(mbc, group_offs);
 402                 if (sd->sd_group == NULL)
 403                         goto decode_error;
 404         }
 405 
 406         if (sacl_offs != 0) {

   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
  24  * Copyright 2016 Nexenta Systems, Inc.  All rights reserved.
  25  */
  26 
  27 #include <smbsrv/smb_kproto.h>
  28 
  29 static void smb_encode_sacl(mbuf_chain_t *, smb_acl_t *);
  30 static void smb_encode_dacl(mbuf_chain_t *, smb_acl_t *);
  31 static smb_acl_t *smb_decode_acl(mbuf_chain_t *, uint32_t);
  32 
  33 /*
  34  * smb_nt_transact_query_security_info
  35  *
  36  * This command allows the client to retrieve the security descriptor
  37  * on a file. The result of the call is returned to the client in the
  38  * Data part of the transaction response.
  39  *
  40  * Some clients specify a non-zero maximum data return size (mdrcnt)
  41  * for the SD and some specify zero. In either case, if the mdrcnt is
  42  * too small we need to return NT_STATUS_BUFFER_TOO_SMALL and a buffer
  43  * size hint. The client should then retry with the appropriate buffer
  44  * size.

 354                 ace = list_next(&acl->sl_sorted, ace);
 355         }
 356 }
 357 
 358 /*
 359  * smb_decode_sd
 360  *
 361  * Decodes the security descriptor in the request buffer
 362  * and set the fields of 'sd' appropraitely. Upon successful
 363  * return, caller must free allocated memories by calling
 364  * smb_sd_term().
 365  */
 366 uint32_t
 367 smb_decode_sd(mbuf_chain_t *mbc, smb_sd_t *sd)
 368 {
 369         struct mbuf_chain sdbuf;
 370         uint32_t owner_offs;
 371         uint32_t group_offs;
 372         uint32_t sacl_offs;
 373         uint32_t dacl_offs;
 374         int rc;
 375 
 376         smb_sd_init(sd, SECURITY_DESCRIPTOR_REVISION);
 377 
 378         (void) MBC_SHADOW_CHAIN(&sdbuf, mbc,
 379             mbc->chain_offset,
 380             mbc->max_bytes - mbc->chain_offset);
 381 
 382         rc = smb_mbc_decodef(&sdbuf, "b.wllll",
 383             &sd->sd_revision, &sd->sd_control,
 384             &owner_offs, &group_offs, &sacl_offs, &dacl_offs);

 385 
 386         /* Prevent disallowed flags in smb_sd_term. */
 387         sd->sd_control &= ~SE_SELF_RELATIVE;
 388         if (rc != 0)
 389                 goto decode_error;
 390 
 391         if (owner_offs != 0) {
 392                 if (owner_offs < SMB_SD_HDRSIZE)
 393                         goto decode_error;
 394 
 395                 sd->sd_owner = smb_decode_sid(mbc, owner_offs);
 396                 if (sd->sd_owner == NULL)
 397                         goto decode_error;
 398         }
 399 
 400         if (group_offs != 0) {
 401                 if (group_offs < SMB_SD_HDRSIZE)
 402                         goto decode_error;
 403 
 404                 sd->sd_group = smb_decode_sid(mbc, group_offs);
 405                 if (sd->sd_group == NULL)
 406                         goto decode_error;
 407         }
 408 
 409         if (sacl_offs != 0) {