| 1 | /*
|
|---|
| 2 | * NFS4 ACL handling
|
|---|
| 3 | *
|
|---|
| 4 | * Copyright (C) Jim McDonough, 2006
|
|---|
| 5 | * Reused & renamed some parts of AIX 5.3 sys/acl.h structures
|
|---|
| 6 | *
|
|---|
| 7 | * This program is free software; you can redistribute it and/or modify
|
|---|
| 8 | * it under the terms of the GNU General Public License as published by
|
|---|
| 9 | * the Free Software Foundation; either version 2 of the License, or
|
|---|
| 10 | * (at your option) any later version.
|
|---|
| 11 | *
|
|---|
| 12 | * This program is distributed in the hope that it will be useful,
|
|---|
| 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|---|
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|---|
| 15 | * GNU General Public License for more details.
|
|---|
| 16 | *
|
|---|
| 17 | * You should have received a copy of the GNU General Public License
|
|---|
| 18 | * along with this program; if not, write to the Free Software
|
|---|
| 19 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|---|
| 20 | */
|
|---|
| 21 |
|
|---|
| 22 | #ifndef __NFS4_ACLS_H__
|
|---|
| 23 | #define __NFS4_ACLS_H__
|
|---|
| 24 |
|
|---|
| 25 | #define SMB_ACLTYPE_NONE 0
|
|---|
| 26 | #define SMB_ACLTYPE_UNKNOWN 1
|
|---|
| 27 | #define SMB_ACLTYPE_POSIX 2
|
|---|
| 28 | #define SMB_ACLTYPE_NFS4 4
|
|---|
| 29 |
|
|---|
| 30 | /*
|
|---|
| 31 | * Following union captures the identity as
|
|---|
| 32 | * used in the NFS4 ACL structures.
|
|---|
| 33 | */
|
|---|
| 34 | typedef union _SMB_NFS4_ACEWHOID_T {
|
|---|
| 35 | uid_t uid; /* User id */
|
|---|
| 36 | gid_t gid; /* Group id */
|
|---|
| 37 | uint32 special_id; /* Identifies special identities in NFS4 */
|
|---|
| 38 |
|
|---|
| 39 | #define SMB_ACE4_WHO_OWNER 0x00000001 /*The owner of the file. */
|
|---|
| 40 | #define SMB_ACE4_WHO_GROUP 0x00000002 /*The group associated with the file. */
|
|---|
| 41 | #define SMB_ACE4_WHO_EVERYONE 0x00000003 /*The world. */
|
|---|
| 42 | #define SMB_ACE4_WHO_INTERACTIVE 0x00000004 /*Accessed from an interactive terminal. */
|
|---|
| 43 | #define SMB_ACE4_WHO_NETWORK 0x00000005 /*Accessed via the network. */
|
|---|
| 44 | #define SMB_ACE4_WHO_DIALUP 0x00000006 /*Accessed as a dialup user to the server. */
|
|---|
| 45 | #define SMB_ACE4_WHO_BATCH 0x00000007 /*Accessed from a batch job. */
|
|---|
| 46 | #define SMB_ACE4_WHO_ANONYMOUS 0x00000008 /*Accessed without any authentication. */
|
|---|
| 47 | #define SMB_ACE4_WHO_AUTHENTICATED 0x00000009 /*Any authenticated user (opposite of ANONYMOUS) */
|
|---|
| 48 | #define SMB_ACE4_WHO_SERVICE 0x0000000A /*Access from a system service. */
|
|---|
| 49 | #define SMB_ACE4_WHO_MAX SMB_ACE4_WHO_SERVICE /* largest valid ACE4_WHO */
|
|---|
| 50 | uint32 id;
|
|---|
| 51 | } SMB_NFS4_ACEWHOID_T;
|
|---|
| 52 |
|
|---|
| 53 | typedef struct _SMB_ACE4PROP_T {
|
|---|
| 54 | uint32 flags; /* Bit mask defining details of ACE */
|
|---|
| 55 | /*The following are constants for flags field */
|
|---|
| 56 | /* #define SMB_ACE4_ID_NOT_VALID 0x00000001 - from aix/jfs2 */
|
|---|
| 57 | #define SMB_ACE4_ID_SPECIAL 0x00000002
|
|---|
| 58 |
|
|---|
| 59 | SMB_NFS4_ACEWHOID_T who; /* Identifies to whom this ACE applies */
|
|---|
| 60 |
|
|---|
| 61 | /* The following part of ACE has the same layout as NFSv4 wire format. */
|
|---|
| 62 |
|
|---|
| 63 | uint32 aceType; /* Type of ACE PERMIT/ALLOW etc*/
|
|---|
| 64 | /*The constants used for the type field (acetype4) are as follows: */
|
|---|
| 65 | #define SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE 0x00000000
|
|---|
| 66 | #define SMB_ACE4_ACCESS_DENIED_ACE_TYPE 0x00000001
|
|---|
| 67 | #define SMB_ACE4_SYSTEM_AUDIT_ACE_TYPE 0x00000002
|
|---|
| 68 | #define SMB_ACE4_SYSTEM_ALARM_ACE_TYPE 0x00000003
|
|---|
| 69 | #define SMB_ACE4_MAX_TYPE ACE4_SYSTEM_ALARM_ACE_TYPE /* largest valid ACE4_TYPE */
|
|---|
| 70 |
|
|---|
| 71 | uint32 aceFlags; /* Controls Inheritance and such */
|
|---|
| 72 | /*The bitmask constants used for the flag field are as follows: */
|
|---|
| 73 | #define SMB_ACE4_FILE_INHERIT_ACE 0x00000001
|
|---|
| 74 | #define SMB_ACE4_DIRECTORY_INHERIT_ACE 0x00000002
|
|---|
| 75 | #define SMB_ACE4_NO_PROPAGATE_INHERIT_ACE 0x00000004
|
|---|
| 76 | #define SMB_ACE4_INHERIT_ONLY_ACE 0x00000008
|
|---|
| 77 | #define SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG 0x00000010
|
|---|
| 78 | #define SMB_ACE4_FAILED_ACCESS_ACE_FLAG 0x00000020
|
|---|
| 79 | #define SMB_ACE4_IDENTIFIER_GROUP 0x00000040
|
|---|
| 80 | #define SMB_ACE4_ALL_FLAGS ( SMB_ACE4_FILE_INHERIT_ACE | SMB_ACE4_DIRECTORY_INHERIT_ACE \
|
|---|
| 81 | | SMB_ACE4_NO_PROPAGATE_INHERIT_ACE | SMB_ACE4_INHERIT_ONLY_ACE | SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG \
|
|---|
| 82 | | SMB_ACE4_FAILED_ACCESS_ACE_FLAG | SMB_ACE4_IDENTIFIER_GROUP )
|
|---|
| 83 |
|
|---|
| 84 | uint32 aceMask; /* Access rights */
|
|---|
| 85 | /*The bitmask constants used for the access mask field are as follows: */
|
|---|
| 86 | #define SMB_ACE4_READ_DATA 0x00000001
|
|---|
| 87 | #define SMB_ACE4_LIST_DIRECTORY 0x00000001
|
|---|
| 88 | #define SMB_ACE4_WRITE_DATA 0x00000002
|
|---|
| 89 | #define SMB_ACE4_ADD_FILE 0x00000002
|
|---|
| 90 | #define SMB_ACE4_APPEND_DATA 0x00000004
|
|---|
| 91 | #define SMB_ACE4_ADD_SUBDIRECTORY 0x00000004
|
|---|
| 92 | #define SMB_ACE4_READ_NAMED_ATTRS 0x00000008
|
|---|
| 93 | #define SMB_ACE4_WRITE_NAMED_ATTRS 0x00000010
|
|---|
| 94 | #define SMB_ACE4_EXECUTE 0x00000020
|
|---|
| 95 | #define SMB_ACE4_DELETE_CHILD 0x00000040
|
|---|
| 96 | #define SMB_ACE4_READ_ATTRIBUTES 0x00000080
|
|---|
| 97 | #define SMB_ACE4_WRITE_ATTRIBUTES 0x00000100
|
|---|
| 98 | #define SMB_ACE4_DELETE 0x00010000
|
|---|
| 99 | #define SMB_ACE4_READ_ACL 0x00020000
|
|---|
| 100 | #define SMB_ACE4_WRITE_ACL 0x00040000
|
|---|
| 101 | #define SMB_ACE4_WRITE_OWNER 0x00080000
|
|---|
| 102 | #define SMB_ACE4_SYNCHRONIZE 0x00100000
|
|---|
| 103 | #define SMB_ACE4_ALL_MASKS ( SMB_ACE4_READ_DATA | SMB_ACE4_LIST_DIRECTORY \
|
|---|
| 104 | | SMB_ACE4_WRITE_DATA | SMB_ACE4_ADD_FILE | SMB_ACE4_APPEND_DATA | SMB_ACE4_ADD_SUBDIRECTORY \
|
|---|
| 105 | | SMB_ACE4_READ_NAMED_ATTRS | SMB_ACE4_WRITE_NAMED_ATTRS | SMB_ACE4_EXECUTE | SMB_ACE4_DELETE_CHILD \
|
|---|
| 106 | | SMB_ACE4_READ_ATTRIBUTES | SMB_ACE4_WRITE_ATTRIBUTES | SMB_ACE4_DELETE | SMB_ACE4_READ_ACL \
|
|---|
| 107 | | SMB_ACE4_WRITE_ACL | SMB_ACE4_WRITE_OWNER | SMB_ACE4_SYNCHRONIZE )
|
|---|
| 108 | } SMB_ACE4PROP_T;
|
|---|
| 109 |
|
|---|
| 110 | /*
|
|---|
| 111 | * Never allocate these structures on your own
|
|---|
| 112 | * use create_smb4acl instead
|
|---|
| 113 | */
|
|---|
| 114 | typedef struct _SMB4ACL_T {char dontuse;} SMB4ACL_T;
|
|---|
| 115 | typedef struct _SMB4ACE_T {char dontuse;} SMB4ACE_T;
|
|---|
| 116 |
|
|---|
| 117 | SMB4ACL_T *smb_create_smb4acl(void);
|
|---|
| 118 |
|
|---|
| 119 | /* prop's contents are copied */
|
|---|
| 120 | /* it doesn't change the order, appends */
|
|---|
| 121 | SMB4ACE_T *smb_add_ace4(SMB4ACL_T *acl, SMB_ACE4PROP_T *prop);
|
|---|
| 122 |
|
|---|
| 123 | SMB_ACE4PROP_T *smb_get_ace4(SMB4ACE_T *ace);
|
|---|
| 124 |
|
|---|
| 125 | /* Returns NULL if none - or error */
|
|---|
| 126 | SMB4ACE_T *smb_first_ace4(SMB4ACL_T *acl);
|
|---|
| 127 |
|
|---|
| 128 | /* Returns NULL in the end - or error */
|
|---|
| 129 | SMB4ACE_T *smb_next_ace4(SMB4ACE_T *ace);
|
|---|
| 130 |
|
|---|
| 131 | uint32 smb_get_naces(SMB4ACL_T *acl);
|
|---|
| 132 |
|
|---|
| 133 | size_t smb_get_nt_acl_nfs4(files_struct *fsp,
|
|---|
| 134 | uint32 security_info,
|
|---|
| 135 | SEC_DESC **ppdesc, SMB4ACL_T *acl);
|
|---|
| 136 |
|
|---|
| 137 | /* Callback function needed to set the native acl
|
|---|
| 138 | * when applicable */
|
|---|
| 139 | typedef BOOL (*set_nfs4acl_native_fn_t)(files_struct *, SMB4ACL_T *);
|
|---|
| 140 |
|
|---|
| 141 | BOOL smb_set_nt_acl_nfs4(files_struct *fsp,
|
|---|
| 142 | uint32 security_info_sent,
|
|---|
| 143 | SEC_DESC *psd,
|
|---|
| 144 | set_nfs4acl_native_fn_t set_nfs4_native);
|
|---|
| 145 |
|
|---|
| 146 | #endif /* __NFS4_ACLS_H__ */
|
|---|
