1 /* 2 * NFS4 ACL handling 3 * 4 * Copyright (C) Jim McDonough, 2006 5 * Reused & renamed some parts of AIX 5.3 sys/acl.h structures 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 3 of the License, or 10 * (at your option) any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #ifndef __NFS4_ACLS_H__ 22 #define __NFS4_ACLS_H__ 23 24 /* 25 * Following union captures the identity as 26 * used in the NFS4 ACL structures. 27 */ 28 typedef union _SMB_NFS4_ACEWHOID_T { 29 uid_t uid; /* User id */ 30 gid_t gid; /* Group id */ 31 uint32_t special_id; /* Identifies special identities in NFS4 */ 32 33 #define SMB_ACE4_WHO_OWNER 0x00000001 /*The owner of the file. */ 34 #define SMB_ACE4_WHO_GROUP 0x00000002 /*The group associated with the file. */ 35 #define SMB_ACE4_WHO_EVERYONE 0x00000003 /*The world. */ 36 #define SMB_ACE4_WHO_INTERACTIVE 0x00000004 /*Accessed from an interactive terminal. */ 37 #define SMB_ACE4_WHO_NETWORK 0x00000005 /*Accessed via the network. */ 38 #define SMB_ACE4_WHO_DIALUP 0x00000006 /*Accessed as a dialup user to the server. */ 39 #define SMB_ACE4_WHO_BATCH 0x00000007 /*Accessed from a batch job. */ 40 #define SMB_ACE4_WHO_ANONYMOUS 0x00000008 /*Accessed without any authentication. */ 41 #define SMB_ACE4_WHO_AUTHENTICATED 0x00000009 /*Any authenticated user (opposite of ANONYMOUS) */ 42 #define SMB_ACE4_WHO_SERVICE 0x0000000A /*Access from a system service. */ 43 #define SMB_ACE4_WHO_MAX SMB_ACE4_WHO_SERVICE /* largest valid ACE4_WHO */ 44 uint32_t id; 45 } SMB_NFS4_ACEWHOID_T; 46 47 typedef struct _SMB_ACE4PROP_T { 48 uint32_t flags; /* Bit mask defining details of ACE */ 49 /*The following are constants for flags field */ 50 /* #define SMB_ACE4_ID_NOT_VALID 0x00000001 - from aix/jfs2 */ 51 #define SMB_ACE4_ID_SPECIAL 0x00000002 52 53 SMB_NFS4_ACEWHOID_T who; /* Identifies to whom this ACE applies */ 54 55 /* The following part of ACE has the same layout as NFSv4 wire format. */ 56 57 uint32_t aceType; /* Type of ACE PERMIT/ALLOW etc*/ 58 /*The constants used for the type field (acetype4) are as follows: */ 59 #define SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE 0x00000000 60 #define SMB_ACE4_ACCESS_DENIED_ACE_TYPE 0x00000001 61 #define SMB_ACE4_SYSTEM_AUDIT_ACE_TYPE 0x00000002 62 #define SMB_ACE4_SYSTEM_ALARM_ACE_TYPE 0x00000003 63 #define SMB_ACE4_MAX_TYPE SMB_ACE4_SYSTEM_ALARM_ACE_TYPE /* largest valid ACE4_TYPE */ 64 65 uint32_t aceFlags; /* Controls Inheritance and such */ 66 /*The bitmask constants used for the flag field are as follows: */ 67 #define SMB_ACE4_FILE_INHERIT_ACE 0x00000001 68 #define SMB_ACE4_DIRECTORY_INHERIT_ACE 0x00000002 69 #define SMB_ACE4_NO_PROPAGATE_INHERIT_ACE 0x00000004 70 #define SMB_ACE4_INHERIT_ONLY_ACE 0x00000008 71 #define SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG 0x00000010 72 #define SMB_ACE4_FAILED_ACCESS_ACE_FLAG 0x00000020 73 #define SMB_ACE4_IDENTIFIER_GROUP 0x00000040 74 #define SMB_ACE4_INHERITED_ACE 0x00000080 75 #define SMB_ACE4_ALL_FLAGS ( SMB_ACE4_FILE_INHERIT_ACE | SMB_ACE4_DIRECTORY_INHERIT_ACE \ 76 | SMB_ACE4_NO_PROPAGATE_INHERIT_ACE | SMB_ACE4_INHERIT_ONLY_ACE | SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG \ 77 | SMB_ACE4_FAILED_ACCESS_ACE_FLAG | SMB_ACE4_IDENTIFIER_GROUP | SMB_ACE4_INHERITED_ACE) 78 79 uint32_t aceMask; /* Access rights */ 80 /*The bitmask constants used for the access mask field are as follows: */ 81 #define SMB_ACE4_READ_DATA 0x00000001 82 #define SMB_ACE4_LIST_DIRECTORY 0x00000001 83 #define SMB_ACE4_WRITE_DATA 0x00000002 84 #define SMB_ACE4_ADD_FILE 0x00000002 85 #define SMB_ACE4_APPEND_DATA 0x00000004 86 #define SMB_ACE4_ADD_SUBDIRECTORY 0x00000004 87 #define SMB_ACE4_READ_NAMED_ATTRS 0x00000008 88 #define SMB_ACE4_WRITE_NAMED_ATTRS 0x00000010 89 #define SMB_ACE4_EXECUTE 0x00000020 90 #define SMB_ACE4_DELETE_CHILD 0x00000040 91 #define SMB_ACE4_READ_ATTRIBUTES 0x00000080 92 #define SMB_ACE4_WRITE_ATTRIBUTES 0x00000100 93 #define SMB_ACE4_DELETE 0x00010000 94 #define SMB_ACE4_READ_ACL 0x00020000 95 #define SMB_ACE4_WRITE_ACL 0x00040000 96 #define SMB_ACE4_WRITE_OWNER 0x00080000 97 #define SMB_ACE4_SYNCHRONIZE 0x00100000 98 #define SMB_ACE4_ALL_MASKS ( SMB_ACE4_READ_DATA | SMB_ACE4_LIST_DIRECTORY \ 99 | SMB_ACE4_WRITE_DATA | SMB_ACE4_ADD_FILE | SMB_ACE4_APPEND_DATA | SMB_ACE4_ADD_SUBDIRECTORY \ 100 | SMB_ACE4_READ_NAMED_ATTRS | SMB_ACE4_WRITE_NAMED_ATTRS | SMB_ACE4_EXECUTE | SMB_ACE4_DELETE_CHILD \ 101 | SMB_ACE4_READ_ATTRIBUTES | SMB_ACE4_WRITE_ATTRIBUTES | SMB_ACE4_DELETE | SMB_ACE4_READ_ACL \ 102 | SMB_ACE4_WRITE_ACL | SMB_ACE4_WRITE_OWNER | SMB_ACE4_SYNCHRONIZE ) 103 } SMB_ACE4PROP_T; 104 105 struct SMB4ACL_T; 106 struct SMB4ACE_T; 107 108 enum smbacl4_mode_enum {e_simple=0, e_special=1}; 109 enum smbacl4_acedup_enum {e_dontcare=0, e_reject=1, e_ignore=2, e_merge=3}; 110 111 struct smbacl4_vfs_params { 112 enum smbacl4_mode_enum mode; 113 bool do_chown; 114 enum smbacl4_acedup_enum acedup; 115 bool map_full_control; 116 }; 117 118 int smbacl4_get_vfs_params(struct connection_struct *conn, 119 struct smbacl4_vfs_params *params); 120 121 struct SMB4ACL_T *smb_create_smb4acl(TALLOC_CTX *mem_ctx); 122 123 /* prop's contents are copied */ 124 /* it doesn't change the order, appends */ 125 struct SMB4ACE_T *smb_add_ace4(struct SMB4ACL_T *theacl, SMB_ACE4PROP_T *prop); 126 127 SMB_ACE4PROP_T *smb_get_ace4(struct SMB4ACE_T *ace); 128 129 /* Returns NULL if none - or error */ 130 struct SMB4ACE_T *smb_first_ace4(struct SMB4ACL_T *theacl); 131 132 /* Returns NULL in the end - or error */ 133 struct SMB4ACE_T *smb_next_ace4(struct SMB4ACE_T *ace); 134 135 uint32_t smb_get_naces(struct SMB4ACL_T *theacl); 136 137 uint16_t smbacl4_get_controlflags(struct SMB4ACL_T *theacl); 138 139 bool smbacl4_set_controlflags(struct SMB4ACL_T *theacl, uint16_t controlflags); 140 141 bool nfs_ace_is_inherit(SMB_ACE4PROP_T *ace); 142 143 NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp, 144 const struct smbacl4_vfs_params *pparams, 145 uint32_t security_info, 146 TALLOC_CTX *mem_ctx, 147 struct security_descriptor **ppdesc, struct SMB4ACL_T *theacl); 148 149 NTSTATUS smb_get_nt_acl_nfs4(connection_struct *conn, 150 const struct smb_filename *smb_fname, 151 const struct smbacl4_vfs_params *pparams, 152 uint32_t security_info, 153 TALLOC_CTX *mem_ctx, 154 struct security_descriptor **ppdesc, struct SMB4ACL_T *theacl); 155 156 /* Callback function needed to set the native acl 157 * when applicable */ 158 typedef bool (*set_nfs4acl_native_fn_t)(vfs_handle_struct *handle, 159 files_struct *, 160 struct SMB4ACL_T *); 161 162 NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, 163 const struct smbacl4_vfs_params *pparams, 164 uint32_t security_info_sent, 165 const struct security_descriptor *psd, 166 set_nfs4acl_native_fn_t set_nfs4_native); 167 168 #endif /* __NFS4_ACLS_H__ */ 169