Print this page
NEX-14666 Need to provide SMB 2.1 Client
NEX-17187 panic in smbfs_acl_store
NEX-17231 smbfs create xattr files finds wrong file
NEX-17224 smbfs lookup EINVAL should be ENOENT
NEX-17260 SMB1 client fails to list directory after NEX-14666
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Joyce McIntosh <joyce.mcintosh@nexenta.com>
and: (cleanup)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/smbsrv/ntaccess.h
+++ new/usr/src/uts/common/smb/ntaccess.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 + *
25 + * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
24 26 */
25 27
26 28 #ifndef _SMBSRV_NTACCESS_H
27 29 #define _SMBSRV_NTACCESS_H
28 30
29 -#pragma ident "%Z%%M% %I% %E% SMI"
30 -
31 31 /*
32 32 * This file defines the NT compatible access control masks and values.
33 33 * An access mask as a 32-bit value arranged as shown below.
34 34 *
35 35 * 31-28 Generic bits, interpreted per object type
36 36 * 27-26 Reserved, must-be-zero
37 37 * 25 Maximum allowed
38 38 * 24 System Security rights (SACL is SD)
39 39 * 23-16 Standard access rights, generic to all object types
40 40 * 15-0 Specific access rights, object specific
41 41 *
42 42 * 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
43 43 * 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
44 44 * +---------------+---------------+-------------------------------+
45 45 * |G|G|G|G|Res'd|A| StandardRights| SpecificRights |
46 46 * |R|W|E|A| |S| | |
47 47 * +-+-------------+---------------+-------------------------------+
48 48 */
49 49
50 50 #ifdef __cplusplus
51 51 extern "C" {
52 52 #endif
53 53
54 54 /*
55 55 * Specific rights for files, pipes and directories.
56 56 */
57 57 #define FILE_READ_DATA (0x0001) /* file & pipe */
58 58 #define FILE_LIST_DIRECTORY (0x0001) /* directory */
59 59 #define FILE_WRITE_DATA (0x0002) /* file & pipe */
60 60 #define FILE_ADD_FILE (0x0002) /* directory */
61 61 #define FILE_APPEND_DATA (0x0004) /* file */
62 62 #define FILE_ADD_SUBDIRECTORY (0x0004) /* directory */
63 63 #define FILE_CREATE_PIPE_INSTANCE (0x0004) /* named pipe */
64 64 #define FILE_READ_EA (0x0008) /* file & directory */
65 65 #define FILE_READ_PROPERTIES (0x0008) /* pipe */
66 66 #define FILE_WRITE_EA (0x0010) /* file & directory */
67 67 #define FILE_WRITE_PROPERTIES (0x0010) /* pipe */
68 68 #define FILE_EXECUTE (0x0020) /* file */
69 69 #define FILE_TRAVERSE (0x0020) /* directory */
70 70 #define FILE_DELETE_CHILD (0x0040) /* directory */
71 71 #define FILE_READ_ATTRIBUTES (0x0080) /* all */
72 72 #define FILE_WRITE_ATTRIBUTES (0x0100) /* all */
73 73 #define FILE_SPECIFIC_ALL (0x000001FFL)
74 74 #define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
75 75
76 76
77 77 /*
78 78 * Standard rights:
79 79 *
80 80 * DELETE The right to delete the object.
81 81 *
82 82 * READ_CONTROL The right to read the information in the object's security
83 83 * descriptor, not including the information in the SACL.
84 84 *
85 85 * WRITE_DAC The right to modify the DACL in the object's security
86 86 * descriptor.
87 87 *
88 88 * WRITE_OWNER The right to change the owner in the object's security
89 89 * descriptor.
90 90 *
91 91 * SYNCHRONIZE The right to use the object for synchronization. This enables
92 92 * a thread to wait until the object is in the signaled state.
93 93 */
94 94 #define DELETE (0x00010000L)
95 95 #define READ_CONTROL (0x00020000L)
96 96 #define WRITE_DAC (0x00040000L)
97 97 #define WRITE_OWNER (0x00080000L) /* take ownership */
98 98 #define SYNCHRONIZE (0x00100000L)
99 99 #define STANDARD_RIGHTS_REQUIRED (0x000F0000L)
100 100 #define STANDARD_RIGHTS_ALL (0x001F0000L)
101 101
102 102
103 103 #define STANDARD_RIGHTS_READ (READ_CONTROL)
104 104 #define STANDARD_RIGHTS_WRITE (READ_CONTROL)
105 105 #define STANDARD_RIGHTS_EXECUTE (READ_CONTROL)
106 106
107 107 #define FILE_METADATA_ALL (FILE_READ_EA |\
108 108 FILE_READ_ATTRIBUTES |\
109 109 READ_CONTROL |\
110 110 FILE_WRITE_EA |\
111 111 FILE_WRITE_ATTRIBUTES |\
112 112 WRITE_DAC |\
113 113 WRITE_OWNER |\
114 114 SYNCHRONIZE)
115 115
116 116 #define FILE_DATA_ALL (FILE_READ_DATA |\
117 117 FILE_WRITE_DATA |\
118 118 FILE_APPEND_DATA |\
119 119 FILE_EXECUTE |\
120 120 DELETE)
121 121
122 122 #define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)
123 123
124 124
125 125 /*
126 126 * Miscellaneous bits: SACL access and maximum allowed access.
127 127 */
128 128 #define ACCESS_SYSTEM_SECURITY (0x01000000L)
129 129 #define MAXIMUM_ALLOWED (0x02000000L)
130 130
131 131
132 132 /*
133 133 * Generic rights. These are shorthands that are interpreted as
134 134 * appropriate for the type of secured object being accessed.
135 135 */
136 136 #define GENERIC_ALL (0x10000000UL)
137 137 #define GENERIC_EXECUTE (0x20000000UL)
138 138 #define GENERIC_WRITE (0x40000000UL)
139 139 #define GENERIC_READ (0x80000000UL)
140 140
141 141 #define FILE_GENERIC_READ (STANDARD_RIGHTS_READ | \
142 142 FILE_READ_DATA | \
143 143 FILE_READ_ATTRIBUTES | \
144 144 FILE_READ_EA | \
145 145 SYNCHRONIZE)
146 146
147 147 #define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE | \
148 148 FILE_WRITE_DATA | \
149 149 FILE_WRITE_ATTRIBUTES | \
150 150 FILE_WRITE_EA | \
151 151 FILE_APPEND_DATA | \
152 152 SYNCHRONIZE)
153 153
154 154 #define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
155 155 FILE_READ_ATTRIBUTES | \
156 156 FILE_EXECUTE | \
157 157 SYNCHRONIZE)
158 158
159 159 #define FILE_GENERIC_ALL (FILE_GENERIC_READ | \
160 160 FILE_GENERIC_WRITE | \
161 161 FILE_GENERIC_EXECUTE)
162 162
163 163
164 164 /*
165 165 * LSA policy desired access masks.
166 166 */
167 167 #define POLICY_VIEW_LOCAL_INFORMATION 0x00000001L
168 168 #define POLICY_VIEW_AUDIT_INFORMATION 0x00000002L
169 169 #define POLICY_GET_PRIVATE_INFORMATION 0x00000004L
170 170 #define POLICY_TRUST_ADMIN 0x00000008L
171 171 #define POLICY_CREATE_ACCOUNT 0x00000010L
172 172 #define POLICY_CREATE_SECRET 0x00000020L
173 173 #define POLICY_CREATE_PRIVILEGE 0x00000040L
174 174 #define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080L
175 175 #define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100L
176 176 #define POLICY_AUDIT_LOG_ADMIN 0x00000200L
177 177 #define POLICY_SERVER_ADMIN 0x00000400L
178 178 #define POLICY_LOOKUP_NAMES 0x00000800L
179 179
180 180
181 181 /*
182 182 * SAM specific rights desired access masks. These definitions are listed
183 183 * mostly as a convenience; they don't seem to be documented. Setting the
184 184 * desired access mask to GENERIC_EXECUTE and STANDARD_RIGHTS_EXECUTE
185 185 * seems to work when just looking up information.
186 186 */
187 187 #define SAM_LOOKUP_INFORMATION (GENERIC_EXECUTE \
188 188 | STANDARD_RIGHTS_EXECUTE)
189 189
190 190 #define SAM_ACCESS_USER_READ 0x0000031BL
191 191 #define SAM_ACCESS_USER_UPDATE 0x0000031FL
192 192 #define SAM_ACCESS_USER_SETPWD 0x0000037FL
193 193 #define SAM_CONNECT_CREATE_ACCOUNT 0x00000020L
194 194 #define SAM_ENUM_LOCAL_DOMAIN 0x00000030L
195 195 #define SAM_DOMAIN_CREATE_ACCOUNT 0x00000211L
196 196
197 197
198 198 /*
199 199 * File attributes
200 200 *
201 201 * Note: 0x00000008 is reserved for use for the old DOS VOLID (volume ID)
202 202 * and is therefore not considered valid in NT.
203 203 *
204 204 * Note: 0x00000010 is reserved for use for the old DOS SUBDIRECTORY flag
205 205 * and is therefore not considered valid in NT. This flag has
206 206 * been disassociated with file attributes since the other flags are
207 207 * protected with READ_ and WRITE_ATTRIBUTES access to the file.
208 208 *
209 209 * Note: Note also that the order of these flags is set to allow both the
210 210 * FAT and the Pinball File Systems to directly set the attributes
211 211 * flags in attributes words without having to pick each flag out
212 212 * individually. The order of these flags should not be changed!
213 213 *
214 214 * The file attributes are defined in smbsrv/smb_vops.h
215 215 */
216 216
217 217 /* Filesystem Attributes */
218 218 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
219 219 #define FILE_CASE_PRESERVED_NAMES 0x00000002
220 220 #define FILE_UNICODE_ON_DISK 0x00000004
221 221 #define FILE_PERSISTENT_ACLS 0x00000008
222 222 #define FILE_FILE_COMPRESSION 0x00000010
223 223 #define FILE_VOLUME_QUOTAS 0x00000020
224 224 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
225 225 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
226 226 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
227 227 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
228 228 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
229 229 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
230 230 #define FILE_NAMED_STREAMS 0x00040000
231 231 #define FILE_READ_ONLY_VOLUME 0x00080000
232 232
233 233 #ifdef __cplusplus
234 234 }
235 235 #endif
236 236
237 237 #endif /* _SMBSRV_NTACCESS_H */
|
↓ open down ↓ |
197 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX