summaryrefslogtreecommitdiff
path: root/source3/modules/nfs4_acls.h
blob: f4576b0c1372310ebe059014e3e27ca24d511ba4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
/*
 * NFS4 ACL handling
 *
 * Copyright (C) Jim McDonough, 2006
 * Reused & renamed some parts of AIX 5.3 sys/acl.h structures
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <http://www.gnu.org/licenses/>.
 */

#ifndef __NFS4_ACLS_H__
#define __NFS4_ACLS_H__

#define SMB_ACLTYPE_NONE 0
#define SMB_ACLTYPE_UNKNOWN 1
#define SMB_ACLTYPE_POSIX 2
#define SMB_ACLTYPE_NFS4 4

/* 
 * Following union captures the identity as 
 * used in the NFS4 ACL structures. 
 */
typedef union _SMB_NFS4_ACEWHOID_T {
	uid_t	uid;	/* User id */
	gid_t	gid;	/* Group id */
	uint32	special_id;	/* Identifies special identities in NFS4 */

#define SMB_ACE4_WHO_OWNER         0x00000001 /*The owner of the file. */
#define SMB_ACE4_WHO_GROUP         0x00000002 /*The group associated with the file. */
#define SMB_ACE4_WHO_EVERYONE      0x00000003 /*The world. */
#define SMB_ACE4_WHO_INTERACTIVE   0x00000004 /*Accessed from an interactive terminal. */
#define SMB_ACE4_WHO_NETWORK       0x00000005 /*Accessed via the network. */
#define SMB_ACE4_WHO_DIALUP        0x00000006 /*Accessed as a dialup user to the server. */
#define SMB_ACE4_WHO_BATCH         0x00000007 /*Accessed from a batch job. */
#define SMB_ACE4_WHO_ANONYMOUS     0x00000008 /*Accessed without any authentication. */
#define SMB_ACE4_WHO_AUTHENTICATED 0x00000009 /*Any authenticated user (opposite of ANONYMOUS) */
#define SMB_ACE4_WHO_SERVICE       0x0000000A /*Access from a system service. */
#define SMB_ACE4_WHO_MAX		SMB_ACE4_WHO_SERVICE  /* largest valid ACE4_WHO */
	uint32 id;
} SMB_NFS4_ACEWHOID_T;

typedef struct _SMB_ACE4PROP_T { 
	uint32	flags;	/* Bit mask defining details of ACE */
/*The following are constants for flags field */
/* #define	SMB_ACE4_ID_NOT_VALID	0x00000001 - from aix/jfs2 */
#define	SMB_ACE4_ID_SPECIAL		0x00000002

	SMB_NFS4_ACEWHOID_T	who;	/* Identifies to whom this ACE applies */

	/* The following part of ACE has the same layout as NFSv4 wire format. */

	uint32	aceType;	/* Type of ACE PERMIT/ALLOW etc*/
/*The constants used for the type field (acetype4) are as follows: */
#define	SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE	0x00000000
#define	SMB_ACE4_ACCESS_DENIED_ACE_TYPE	0x00000001
#define	SMB_ACE4_SYSTEM_AUDIT_ACE_TYPE	0x00000002
#define	SMB_ACE4_SYSTEM_ALARM_ACE_TYPE	0x00000003
#define SMB_ACE4_MAX_TYPE	ACE4_SYSTEM_ALARM_ACE_TYPE  /* largest valid ACE4_TYPE */

	uint32	aceFlags;	/* Controls Inheritance and such */
/*The bitmask constants used for the flag field are as follows: */
#define SMB_ACE4_FILE_INHERIT_ACE             0x00000001
#define SMB_ACE4_DIRECTORY_INHERIT_ACE        0x00000002
#define SMB_ACE4_NO_PROPAGATE_INHERIT_ACE     0x00000004
#define SMB_ACE4_INHERIT_ONLY_ACE             0x00000008
#define SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG   0x00000010
#define SMB_ACE4_FAILED_ACCESS_ACE_FLAG       0x00000020
#define SMB_ACE4_IDENTIFIER_GROUP             0x00000040
#define SMB_ACE4_ALL_FLAGS	( SMB_ACE4_FILE_INHERIT_ACE | SMB_ACE4_DIRECTORY_INHERIT_ACE \
| SMB_ACE4_NO_PROPAGATE_INHERIT_ACE | SMB_ACE4_INHERIT_ONLY_ACE | SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG \
| SMB_ACE4_FAILED_ACCESS_ACE_FLAG | SMB_ACE4_IDENTIFIER_GROUP )

	uint32	aceMask;	/* Access rights */
/*The bitmask constants used for the access mask field are as follows: */
#define SMB_ACE4_READ_DATA            0x00000001
#define SMB_ACE4_LIST_DIRECTORY       0x00000001
#define SMB_ACE4_WRITE_DATA           0x00000002
#define SMB_ACE4_ADD_FILE             0x00000002
#define SMB_ACE4_APPEND_DATA          0x00000004
#define SMB_ACE4_ADD_SUBDIRECTORY     0x00000004
#define SMB_ACE4_READ_NAMED_ATTRS     0x00000008
#define SMB_ACE4_WRITE_NAMED_ATTRS    0x00000010
#define SMB_ACE4_EXECUTE              0x00000020
#define SMB_ACE4_DELETE_CHILD         0x00000040
#define SMB_ACE4_READ_ATTRIBUTES      0x00000080
#define SMB_ACE4_WRITE_ATTRIBUTES     0x00000100
#define SMB_ACE4_DELETE               0x00010000
#define SMB_ACE4_READ_ACL             0x00020000
#define SMB_ACE4_WRITE_ACL            0x00040000
#define SMB_ACE4_WRITE_OWNER          0x00080000
#define SMB_ACE4_SYNCHRONIZE          0x00100000
#define SMB_ACE4_ALL_MASKS	( SMB_ACE4_READ_DATA | SMB_ACE4_LIST_DIRECTORY \
| SMB_ACE4_WRITE_DATA | SMB_ACE4_ADD_FILE | SMB_ACE4_APPEND_DATA | SMB_ACE4_ADD_SUBDIRECTORY \
| SMB_ACE4_READ_NAMED_ATTRS | SMB_ACE4_WRITE_NAMED_ATTRS | SMB_ACE4_EXECUTE | SMB_ACE4_DELETE_CHILD \
| SMB_ACE4_READ_ATTRIBUTES | SMB_ACE4_WRITE_ATTRIBUTES | SMB_ACE4_DELETE | SMB_ACE4_READ_ACL \
| SMB_ACE4_WRITE_ACL | SMB_ACE4_WRITE_OWNER | SMB_ACE4_SYNCHRONIZE )
} SMB_ACE4PROP_T;

/*
 * Never allocate these structures on your own
 * use create_smb4acl instead
 */
typedef struct _SMB4ACL_T {char dontuse;} SMB4ACL_T;
typedef struct _SMB4ACE_T {char dontuse;} SMB4ACE_T;

SMB4ACL_T *smb_create_smb4acl(void);

/* prop's contents are copied */
/* it doesn't change the order, appends */
SMB4ACE_T *smb_add_ace4(SMB4ACL_T *theacl, SMB_ACE4PROP_T *prop);

SMB_ACE4PROP_T *smb_get_ace4(SMB4ACE_T *ace);

/* Returns NULL if none - or error */
SMB4ACE_T *smb_first_ace4(SMB4ACL_T *theacl);

/* Returns NULL in the end - or error */
SMB4ACE_T *smb_next_ace4(SMB4ACE_T *ace);

uint32 smb_get_naces(SMB4ACL_T *theacl);

NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp,
	uint32 security_info,
	struct security_descriptor **ppdesc, SMB4ACL_T *theacl);

NTSTATUS smb_get_nt_acl_nfs4(connection_struct *conn,
	const char *name,
	uint32 security_info,
	struct security_descriptor **ppdesc, SMB4ACL_T *theacl);

/* Callback function needed to set the native acl
 * when applicable */
typedef bool (*set_nfs4acl_native_fn_t)(files_struct *, SMB4ACL_T *);

NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
	uint32 security_info_sent,
	const struct security_descriptor *psd,
	set_nfs4acl_native_fn_t set_nfs4_native);

#endif /* __NFS4_ACLS_H__ */