2006-09-18 06:27:48 +04:00
/*
* NFS4 ACL handling
*
* Copyright ( C ) Jim McDonough , 2006
* Reused & renamed some parts of AIX 5.3 sys / acl . h structures
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2006-09-18 06:27:48 +04:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2006-09-18 06:27:48 +04:00
*/
# ifndef __NFS4_ACLS_H__
# define __NFS4_ACLS_H__
# define SMB_ACLTYPE_NONE 0
# define SMB_ACLTYPE_UNKNOWN 1
# define SMB_ACLTYPE_POSIX 2
# define SMB_ACLTYPE_NFS4 4
/*
* Following union captures the identity as
* used in the NFS4 ACL structures .
*/
typedef union _SMB_NFS4_ACEWHOID_T {
2015-05-03 06:11:02 +03:00
uid_t uid ; /* User id */
gid_t gid ; /* Group id */
uint32_t special_id ; /* Identifies special identities in NFS4 */
2006-09-18 06:27:48 +04:00
# define SMB_ACE4_WHO_OWNER 0x00000001 /*The owner of the file. */
# define SMB_ACE4_WHO_GROUP 0x00000002 /*The group associated with the file. */
# define SMB_ACE4_WHO_EVERYONE 0x00000003 /*The world. */
# define SMB_ACE4_WHO_INTERACTIVE 0x00000004 /*Accessed from an interactive terminal. */
# define SMB_ACE4_WHO_NETWORK 0x00000005 /*Accessed via the network. */
# define SMB_ACE4_WHO_DIALUP 0x00000006 /*Accessed as a dialup user to the server. */
# define SMB_ACE4_WHO_BATCH 0x00000007 /*Accessed from a batch job. */
# define SMB_ACE4_WHO_ANONYMOUS 0x00000008 /*Accessed without any authentication. */
# define SMB_ACE4_WHO_AUTHENTICATED 0x00000009 /*Any authenticated user (opposite of ANONYMOUS) */
# define SMB_ACE4_WHO_SERVICE 0x0000000A /*Access from a system service. */
# define SMB_ACE4_WHO_MAX SMB_ACE4_WHO_SERVICE /* largest valid ACE4_WHO */
2015-05-03 06:11:02 +03:00
uint32_t id ;
2006-09-18 06:27:48 +04:00
} SMB_NFS4_ACEWHOID_T ;
typedef struct _SMB_ACE4PROP_T {
2015-05-03 06:11:02 +03:00
uint32_t flags ; /* Bit mask defining details of ACE */
2006-09-18 06:27:48 +04:00
/*The following are constants for flags field */
/* #define SMB_ACE4_ID_NOT_VALID 0x00000001 - from aix/jfs2 */
# define SMB_ACE4_ID_SPECIAL 0x00000002
SMB_NFS4_ACEWHOID_T who ; /* Identifies to whom this ACE applies */
/* The following part of ACE has the same layout as NFSv4 wire format. */
2015-05-03 06:11:02 +03:00
uint32_t aceType ; /* Type of ACE PERMIT/ALLOW etc*/
2006-09-18 06:27:48 +04:00
/*The constants used for the type field (acetype4) are as follows: */
# define SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE 0x00000000
# define SMB_ACE4_ACCESS_DENIED_ACE_TYPE 0x00000001
# define SMB_ACE4_SYSTEM_AUDIT_ACE_TYPE 0x00000002
# define SMB_ACE4_SYSTEM_ALARM_ACE_TYPE 0x00000003
2016-10-10 15:24:31 +03:00
# define SMB_ACE4_MAX_TYPE SMB_ACE4_SYSTEM_ALARM_ACE_TYPE /* largest valid ACE4_TYPE */
2006-09-18 06:27:48 +04:00
2015-05-03 06:11:02 +03:00
uint32_t aceFlags ; /* Controls Inheritance and such */
2006-09-18 06:27:48 +04:00
/*The bitmask constants used for the flag field are as follows: */
# define SMB_ACE4_FILE_INHERIT_ACE 0x00000001
# define SMB_ACE4_DIRECTORY_INHERIT_ACE 0x00000002
# define SMB_ACE4_NO_PROPAGATE_INHERIT_ACE 0x00000004
# define SMB_ACE4_INHERIT_ONLY_ACE 0x00000008
# define SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG 0x00000010
# define SMB_ACE4_FAILED_ACCESS_ACE_FLAG 0x00000020
# define SMB_ACE4_IDENTIFIER_GROUP 0x00000040
2011-05-23 16:27:11 +04:00
# define SMB_ACE4_INHERITED_ACE 0x00000080
2006-09-18 06:27:48 +04:00
# define SMB_ACE4_ALL_FLAGS ( SMB_ACE4_FILE_INHERIT_ACE | SMB_ACE4_DIRECTORY_INHERIT_ACE \
| SMB_ACE4_NO_PROPAGATE_INHERIT_ACE | SMB_ACE4_INHERIT_ONLY_ACE | SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG \
2011-05-23 16:27:11 +04:00
| SMB_ACE4_FAILED_ACCESS_ACE_FLAG | SMB_ACE4_IDENTIFIER_GROUP | SMB_ACE4_INHERITED_ACE )
2006-09-18 06:27:48 +04:00
2015-05-03 06:11:02 +03:00
uint32_t aceMask ; /* Access rights */
2006-09-18 06:27:48 +04:00
/*The bitmask constants used for the access mask field are as follows: */
# define SMB_ACE4_READ_DATA 0x00000001
# define SMB_ACE4_LIST_DIRECTORY 0x00000001
# define SMB_ACE4_WRITE_DATA 0x00000002
# define SMB_ACE4_ADD_FILE 0x00000002
# define SMB_ACE4_APPEND_DATA 0x00000004
# define SMB_ACE4_ADD_SUBDIRECTORY 0x00000004
# define SMB_ACE4_READ_NAMED_ATTRS 0x00000008
# define SMB_ACE4_WRITE_NAMED_ATTRS 0x00000010
# define SMB_ACE4_EXECUTE 0x00000020
# define SMB_ACE4_DELETE_CHILD 0x00000040
# define SMB_ACE4_READ_ATTRIBUTES 0x00000080
# define SMB_ACE4_WRITE_ATTRIBUTES 0x00000100
# define SMB_ACE4_DELETE 0x00010000
# define SMB_ACE4_READ_ACL 0x00020000
# define SMB_ACE4_WRITE_ACL 0x00040000
# define SMB_ACE4_WRITE_OWNER 0x00080000
# define SMB_ACE4_SYNCHRONIZE 0x00100000
# define SMB_ACE4_ALL_MASKS ( SMB_ACE4_READ_DATA | SMB_ACE4_LIST_DIRECTORY \
| SMB_ACE4_WRITE_DATA | SMB_ACE4_ADD_FILE | SMB_ACE4_APPEND_DATA | SMB_ACE4_ADD_SUBDIRECTORY \
| SMB_ACE4_READ_NAMED_ATTRS | SMB_ACE4_WRITE_NAMED_ATTRS | SMB_ACE4_EXECUTE | SMB_ACE4_DELETE_CHILD \
| SMB_ACE4_READ_ATTRIBUTES | SMB_ACE4_WRITE_ATTRIBUTES | SMB_ACE4_DELETE | SMB_ACE4_READ_ACL \
| SMB_ACE4_WRITE_ACL | SMB_ACE4_WRITE_OWNER | SMB_ACE4_SYNCHRONIZE )
} SMB_ACE4PROP_T ;
2015-08-11 13:35:20 +03:00
struct SMB4ACL_T ;
2015-08-11 13:35:20 +03:00
struct SMB4ACE_T ;
2016-08-09 12:28:30 +03:00
enum smbacl4_mode_enum { e_simple = 0 , e_special = 1 } ;
enum smbacl4_acedup_enum { e_dontcare = 0 , e_reject = 1 , e_ignore = 2 , e_merge = 3 } ;
struct smbacl4_vfs_params {
enum smbacl4_mode_enum mode ;
bool do_chown ;
enum smbacl4_acedup_enum acedup ;
bool map_full_control ;
} ;
int smbacl4_get_vfs_params ( struct connection_struct * conn ,
struct smbacl4_vfs_params * params ) ;
2006-09-18 06:27:48 +04:00
2015-08-11 13:35:20 +03:00
struct SMB4ACL_T * smb_create_smb4acl ( TALLOC_CTX * mem_ctx ) ;
2006-09-18 06:27:48 +04:00
/* prop's contents are copied */
/* it doesn't change the order, appends */
2015-08-11 13:35:20 +03:00
struct SMB4ACE_T * smb_add_ace4 ( struct SMB4ACL_T * theacl , SMB_ACE4PROP_T * prop ) ;
2006-09-18 06:27:48 +04:00
2015-08-11 13:35:20 +03:00
SMB_ACE4PROP_T * smb_get_ace4 ( struct SMB4ACE_T * ace ) ;
2006-09-18 06:27:48 +04:00
/* Returns NULL if none - or error */
2015-08-11 13:35:20 +03:00
struct SMB4ACE_T * smb_first_ace4 ( struct SMB4ACL_T * theacl ) ;
2006-09-18 06:27:48 +04:00
/* Returns NULL in the end - or error */
2015-08-11 13:35:20 +03:00
struct SMB4ACE_T * smb_next_ace4 ( struct SMB4ACE_T * ace ) ;
2006-09-18 06:27:48 +04:00
2015-08-11 13:35:20 +03:00
uint32_t smb_get_naces ( struct SMB4ACL_T * theacl ) ;
2006-09-18 06:27:48 +04:00
2015-08-11 13:35:20 +03:00
uint16_t smbacl4_get_controlflags ( struct SMB4ACL_T * theacl ) ;
2014-01-20 18:12:42 +04:00
2015-08-11 13:35:20 +03:00
bool smbacl4_set_controlflags ( struct SMB4ACL_T * theacl , uint16_t controlflags ) ;
2014-01-20 18:12:42 +04:00
2007-11-15 02:46:20 +03:00
NTSTATUS smb_fget_nt_acl_nfs4 ( files_struct * fsp ,
2016-08-09 12:07:38 +03:00
const struct smbacl4_vfs_params * pparams ,
2015-05-03 06:11:02 +03:00
uint32_t security_info ,
2012-10-10 04:50:27 +04:00
TALLOC_CTX * mem_ctx ,
2015-08-11 13:35:20 +03:00
struct security_descriptor * * ppdesc , struct SMB4ACL_T * theacl ) ;
2007-11-15 02:46:20 +03:00
NTSTATUS smb_get_nt_acl_nfs4 ( connection_struct * conn ,
2016-03-11 02:56:51 +03:00
const struct smb_filename * smb_fname ,
2016-08-09 12:07:38 +03:00
const struct smbacl4_vfs_params * pparams ,
2015-05-03 06:11:02 +03:00
uint32_t security_info ,
2012-10-10 04:50:27 +04:00
TALLOC_CTX * mem_ctx ,
2015-08-11 13:35:20 +03:00
struct security_descriptor * * ppdesc , struct SMB4ACL_T * theacl ) ;
2006-09-18 06:27:48 +04:00
/* Callback function needed to set the native acl
* when applicable */
2015-08-11 13:35:20 +03:00
typedef bool ( * set_nfs4acl_native_fn_t ) ( vfs_handle_struct * handle ,
files_struct * ,
struct SMB4ACL_T * ) ;
2006-09-18 06:27:48 +04:00
2013-04-14 11:31:42 +04:00
NTSTATUS smb_set_nt_acl_nfs4 ( vfs_handle_struct * handle , files_struct * fsp ,
2016-08-09 12:07:38 +03:00
const struct smbacl4_vfs_params * pparams ,
2015-05-03 06:11:02 +03:00
uint32_t security_info_sent ,
2010-05-18 12:29:34 +04:00
const struct security_descriptor * psd ,
2006-09-18 06:27:48 +04:00
set_nfs4acl_native_fn_t set_nfs4_native ) ;
# endif /* __NFS4_ACLS_H__ */