summaryrefslogtreecommitdiff
path: root/usr/src/lib/smbsrv/libsmb/common
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/lib/smbsrv/libsmb/common')
-rw-r--r--usr/src/lib/smbsrv/libsmb/common/libsmb.h7
-rw-r--r--usr/src/lib/smbsrv/libsmb/common/mapfile-vers3
-rw-r--r--usr/src/lib/smbsrv/libsmb/common/smb_acl.c64
-rw-r--r--usr/src/lib/smbsrv/libsmb/common/smb_idmap.c20
-rw-r--r--usr/src/lib/smbsrv/libsmb/common/smb_sd.c8
-rw-r--r--usr/src/lib/smbsrv/libsmb/common/smb_wksids.c40
6 files changed, 103 insertions, 39 deletions
diff --git a/usr/src/lib/smbsrv/libsmb/common/libsmb.h b/usr/src/lib/smbsrv/libsmb/common/libsmb.h
index f9acbec34c..e8d0ed396f 100644
--- a/usr/src/lib/smbsrv/libsmb/common/libsmb.h
+++ b/usr/src/lib/smbsrv/libsmb/common/libsmb.h
@@ -19,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -815,9 +815,10 @@ typedef struct smb_wka {
*/
int smb_wka_init(void);
void smb_wka_fini(void);
-smb_wka_t *smb_wka_lookup_name(char *);
+smb_wka_t *smb_wka_lookup_builtin(const char *);
+smb_wka_t *smb_wka_lookup_name(const char *);
smb_wka_t *smb_wka_lookup_sid(smb_sid_t *);
-smb_sid_t *smb_wka_get_sid(char *);
+smb_sid_t *smb_wka_get_sid(const char *);
char *smb_wka_get_domain(int);
uint32_t smb_wka_token_groups(uint32_t, smb_ids_t *);
diff --git a/usr/src/lib/smbsrv/libsmb/common/mapfile-vers b/usr/src/lib/smbsrv/libsmb/common/mapfile-vers
index 43e39c72da..fa8740097e 100644
--- a/usr/src/lib/smbsrv/libsmb/common/mapfile-vers
+++ b/usr/src/lib/smbsrv/libsmb/common/mapfile-vers
@@ -18,7 +18,7 @@
# CDDL HEADER END
#
#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
@@ -380,6 +380,7 @@ SUNWprivate {
smb_wka_get_domain;
smb_wka_get_sid;
smb_wka_init;
+ smb_wka_lookup_builtin;
smb_wka_lookup_name;
smb_wka_lookup_sid;
smb_wka_token_groups;
diff --git a/usr/src/lib/smbsrv/libsmb/common/smb_acl.c b/usr/src/lib/smbsrv/libsmb/common/smb_acl.c
index 9d981ceeb4..df5bc7cfb3 100644
--- a/usr/src/lib/smbsrv/libsmb/common/smb_acl.c
+++ b/usr/src/lib/smbsrv/libsmb/common/smb_acl.c
@@ -19,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -45,25 +45,16 @@
#define SMB_AG_DNY_DRCT 3
#define SMB_AG_NUM 4
-/*
- * SID for Everyone group: S-1-1-0.
- */
-smb_sid_t everyone_sid = {
- NT_SID_REVISION,
- 1,
- NT_SECURITY_WORLD_AUTH,
- { 0 }
-};
-
#define DEFAULT_DACL_ACENUM 2
acl_t *acl_alloc(enum acl_type);
-static idmap_stat smb_fsacl_getsids(smb_idmap_batch_t *, acl_t *, uid_t, gid_t);
+static idmap_stat smb_fsacl_getsids(smb_idmap_batch_t *, acl_t *);
static acl_t *smb_fsacl_null_empty(boolean_t);
static uint16_t smb_ace_len(smb_ace_t *);
static uint32_t smb_ace_mask_g2s(uint32_t);
static uint16_t smb_ace_flags_tozfs(uint8_t);
static uint8_t smb_ace_flags_fromzfs(uint16_t);
+static boolean_t smb_ace_wellknown_update(const char *, ace_t *);
smb_acl_t *
smb_acl_alloc(uint8_t revision, uint16_t bsize, uint16_t acecnt)
@@ -245,7 +236,7 @@ smb_acl_sort(smb_acl_t *acl)
* returned upon successful conversion.
*/
smb_acl_t *
-smb_acl_from_zfs(acl_t *zacl, uid_t uid, gid_t gid)
+smb_acl_from_zfs(acl_t *zacl)
{
ace_t *zace;
int numaces;
@@ -260,7 +251,7 @@ smb_acl_from_zfs(acl_t *zacl, uid_t uid, gid_t gid)
if (idm_stat != IDMAP_SUCCESS)
return (NULL);
- if (smb_fsacl_getsids(&sib, zacl, uid, gid) != IDMAP_SUCCESS) {
+ if (smb_fsacl_getsids(&sib, zacl) != IDMAP_SUCCESS) {
smb_idmap_batch_destroy(&sib);
return (NULL);
}
@@ -308,6 +299,7 @@ smb_acl_from_zfs(acl_t *zacl, uid_t uid, gid_t gid)
uint32_t
smb_acl_to_zfs(smb_acl_t *acl, uint32_t flags, int which_acl, acl_t **fs_acl)
{
+ char sidstr[SMB_SID_STRSZ];
smb_ace_t *ace;
acl_t *zacl;
ace_t *zace;
@@ -345,13 +337,14 @@ smb_acl_to_zfs(smb_acl_t *acl, uint32_t flags, int which_acl, acl_t **fs_acl)
zace->a_type = ace->se_hdr.se_type & ACE_ALL_TYPES;
zace->a_access_mask = smb_ace_mask_g2s(ace->se_mask);
zace->a_flags = smb_ace_flags_tozfs(ace->se_hdr.se_flags);
+ zace->a_who = (uid_t)-1;
- if (smb_sid_cmp(ace->se_sid, &everyone_sid))
- zace->a_flags |= ACE_EVERYONE;
- else {
+ smb_sid_tostr(ace->se_sid, sidstr);
+
+ if (!smb_ace_wellknown_update(sidstr, zace)) {
sim->sim_id = &zace->a_who;
idm_stat = smb_idmap_batch_getid(sib.sib_idmaph, sim,
- ace->se_sid, -1);
+ ace->se_sid, SMB_IDMAP_UNKNOWN);
if (idm_stat != IDMAP_SUCCESS) {
smb_fsacl_free(zacl);
@@ -375,7 +368,7 @@ smb_acl_to_zfs(smb_acl_t *acl, uint32_t flags, int which_acl, acl_t **fs_acl)
ace = acl->sl_aces;
sim = sib.sib_maps;
for (i = 0; i < acl->sl_acecnt; i++, zace++, ace++, sim++) {
- if (zace->a_flags & ACE_EVERYONE)
+ if (zace->a_who == (uid_t)-1)
continue;
if (sim->sim_idtype == SMB_IDMAP_GROUP)
@@ -388,13 +381,38 @@ smb_acl_to_zfs(smb_acl_t *acl, uint32_t flags, int which_acl, acl_t **fs_acl)
return (NT_STATUS_SUCCESS);
}
+static boolean_t
+smb_ace_wellknown_update(const char *sid, ace_t *zace)
+{
+ struct {
+ char *sid;
+ uint16_t flags;
+ } map[] = {
+ { NT_WORLD_SIDSTR, ACE_EVERYONE },
+ { NT_BUILTIN_CURRENT_OWNER_SIDSTR, ACE_OWNER },
+ { NT_BUILTIN_CURRENT_GROUP_SIDSTR,
+ (ACE_GROUP | ACE_IDENTIFIER_GROUP) },
+ };
+
+ int i;
+
+ for (i = 0; i < (sizeof (map) / sizeof (map[0])); ++i) {
+ if (strcmp(sid, map[i].sid) == 0) {
+ zace->a_flags |= map[i].flags;
+ return (B_TRUE);
+ }
+ }
+
+ return (B_FALSE);
+}
+
/*
* smb_fsacl_getsids
*
* Batch all the uid/gid in given ZFS ACL to get their corresponding SIDs.
*/
static idmap_stat
-smb_fsacl_getsids(smb_idmap_batch_t *sib, acl_t *zacl, uid_t uid, gid_t gid)
+smb_fsacl_getsids(smb_idmap_batch_t *sib, acl_t *zacl)
{
ace_t *zace;
idmap_stat idm_stat;
@@ -408,14 +426,12 @@ smb_fsacl_getsids(smb_idmap_batch_t *sib, acl_t *zacl, uid_t uid, gid_t gid)
zace++, i++, sim++) {
switch (zace->a_flags & ACE_TYPE_FLAGS) {
case ACE_OWNER:
- id = uid;
- idtype = SMB_IDMAP_USER;
+ idtype = SMB_IDMAP_OWNERAT;
break;
case (ACE_GROUP | ACE_IDENTIFIER_GROUP):
/* owning group */
- id = gid;
- idtype = SMB_IDMAP_GROUP;
+ idtype = SMB_IDMAP_GROUPAT;
break;
case ACE_IDENTIFIER_GROUP:
diff --git a/usr/src/lib/smbsrv/libsmb/common/smb_idmap.c b/usr/src/lib/smbsrv/libsmb/common/smb_idmap.c
index 9da309a7c6..a972059ef4 100644
--- a/usr/src/lib/smbsrv/libsmb/common/smb_idmap.c
+++ b/usr/src/lib/smbsrv/libsmb/common/smb_idmap.c
@@ -19,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -348,9 +348,25 @@ smb_idmap_batch_getsid(idmap_get_handle_t *idmaph, smb_idmap_t *sim,
&sim->sim_domsid, &sim->sim_rid, &sim->sim_stat);
break;
+ case SMB_IDMAP_OWNERAT:
+ /* Current Owner S-1-5-32-766 */
+ sim->sim_domsid = strdup(NT_BUILTIN_DOMAIN_SIDSTR);
+ sim->sim_rid = SECURITY_CURRENT_OWNER_RID;
+ sim->sim_stat = IDMAP_SUCCESS;
+ stat = IDMAP_SUCCESS;
+ break;
+
+ case SMB_IDMAP_GROUPAT:
+ /* Current Group S-1-5-32-767 */
+ sim->sim_domsid = strdup(NT_BUILTIN_DOMAIN_SIDSTR);
+ sim->sim_rid = SECURITY_CURRENT_GROUP_RID;
+ sim->sim_stat = IDMAP_SUCCESS;
+ stat = IDMAP_SUCCESS;
+ break;
+
case SMB_IDMAP_EVERYONE:
/* Everyone S-1-1-0 */
- sim->sim_domsid = strdup("S-1-1");
+ sim->sim_domsid = strdup(NT_WORLD_AUTH_SIDSTR);
sim->sim_rid = 0;
sim->sim_stat = IDMAP_SUCCESS;
stat = IDMAP_SUCCESS;
diff --git a/usr/src/lib/smbsrv/libsmb/common/smb_sd.c b/usr/src/lib/smbsrv/libsmb/common/smb_sd.c
index af9171ce1d..f8007c454e 100644
--- a/usr/src/lib/smbsrv/libsmb/common/smb_sd.c
+++ b/usr/src/lib/smbsrv/libsmb/common/smb_sd.c
@@ -19,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -425,8 +425,7 @@ smb_sd_fromfs(smb_fssd_t *fs_sd, smb_sd_t *sd)
/* DACL */
if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) {
if (fs_sd->sd_zdacl != NULL) {
- acl = smb_acl_from_zfs(fs_sd->sd_zdacl, fs_sd->sd_uid,
- fs_sd->sd_gid);
+ acl = smb_acl_from_zfs(fs_sd->sd_zdacl);
if (acl == NULL) {
smb_sd_term(sd);
return (NT_STATUS_INTERNAL_ERROR);
@@ -448,8 +447,7 @@ smb_sd_fromfs(smb_fssd_t *fs_sd, smb_sd_t *sd)
/* SACL */
if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) {
if (fs_sd->sd_zsacl != NULL) {
- acl = smb_acl_from_zfs(fs_sd->sd_zsacl, fs_sd->sd_uid,
- fs_sd->sd_gid);
+ acl = smb_acl_from_zfs(fs_sd->sd_zsacl);
if (acl == NULL) {
smb_sd_term(sd);
return (NT_STATUS_INTERNAL_ERROR);
diff --git a/usr/src/lib/smbsrv/libsmb/common/smb_wksids.c b/usr/src/lib/smbsrv/libsmb/common/smb_wksids.c
index ef9400b785..58cc60918e 100644
--- a/usr/src/lib/smbsrv/libsmb/common/smb_wksids.c
+++ b/usr/src/lib/smbsrv/libsmb/common/smb_wksids.c
@@ -19,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -60,6 +60,8 @@ static smb_wka_t wka_tbl[] = {
SidTypeWellKnownGroup, 0, NULL, NULL },
{ 0, "S-1-3-4", "Owner Rights",
SidTypeWellKnownGroup, 0, NULL, NULL },
+ { 0, "S-1-3-5", "Group Rights",
+ SidTypeWellKnownGroup, 0, NULL, NULL },
{ 1, "S-1-5", "NT Pseudo Domain",
SidTypeDomain, 0, NULL, NULL },
{ 2, "S-1-5-1", "Dialup",
@@ -124,7 +126,11 @@ static smb_wka_t wka_tbl[] = {
SMB_WKAFLG_LGRP_ENABLE,
"Members can bypass file security to back up files", NULL },
{ 3, "S-1-5-32-552", "Replicator",
- SidTypeAlias, 0, NULL, NULL }
+ SidTypeAlias, 0, NULL, NULL },
+ { 3, "S-1-5-32-766", "Current Owner",
+ SidTypeAlias, 0, NULL, NULL },
+ { 3, "S-1-5-32-767", "Current Group",
+ SidTypeAlias, 0, NULL, NULL },
};
#define SMB_WKA_NUM (sizeof (wka_tbl)/sizeof (wka_tbl[0]))
@@ -161,7 +167,7 @@ smb_wka_lookup_sid(smb_sid_t *sid)
* entry, otherwise returns NULL.
*/
smb_sid_t *
-smb_wka_get_sid(char *name)
+smb_wka_get_sid(const char *name)
{
smb_wka_t *entry;
smb_sid_t *sid = NULL;
@@ -178,7 +184,7 @@ smb_wka_get_sid(char *name)
* the table, otherwise returns NULL.
*/
smb_wka_t *
-smb_wka_lookup_name(char *name)
+smb_wka_lookup_name(const char *name)
{
smb_wka_t *entry;
int i;
@@ -197,6 +203,32 @@ smb_wka_lookup_name(char *name)
}
/*
+ * Lookup a name in the BUILTIN domain.
+ */
+smb_wka_t *
+smb_wka_lookup_builtin(const char *name)
+{
+ smb_wka_t *entry;
+ int i;
+
+ (void) rw_rdlock(&wk_rwlock);
+ for (i = 0; i < SMB_WKA_NUM; ++i) {
+ entry = &wka_tbl[i];
+
+ if (entry->wka_domidx != 3)
+ continue;
+
+ if (!smb_strcasecmp(name, entry->wka_name, 0)) {
+ (void) rw_unlock(&wk_rwlock);
+ return (entry);
+ }
+ }
+
+ (void) rw_unlock(&wk_rwlock);
+ return (NULL);
+}
+
+/*
* Returns the Netbios domain name for the given index
*/
char *
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-01 08:31:07 +0000