1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
/*
* NFS4 ACL handling
*
* Copyright (C) Jim McDonough, 2006
* Reused & renamed some parts of AIX 5.3 sys/acl.h structures
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __NFS4_ACLS_H__
#define __NFS4_ACLS_H__
/*
* Following union captures the identity as
* used in the NFS4 ACL structures.
*/
typedef union _SMB_NFS4_ACEWHOID_T {
uid_t uid; /* User id */
gid_t gid; /* Group id */
uint32_t special_id; /* Identifies special identities in NFS4 */
#define SMB_ACE4_WHO_OWNER 0x00000001 /*The owner of the file. */
#define SMB_ACE4_WHO_GROUP 0x00000002 /*The group associated with the file. */
#define SMB_ACE4_WHO_EVERYONE 0x00000003 /*The world. */
#define SMB_ACE4_WHO_INTERACTIVE 0x00000004 /*Accessed from an interactive terminal. */
#define SMB_ACE4_WHO_NETWORK 0x00000005 /*Accessed via the network. */
#define SMB_ACE4_WHO_DIALUP 0x00000006 /*Accessed as a dialup user to the server. */
#define SMB_ACE4_WHO_BATCH 0x00000007 /*Accessed from a batch job. */
#define SMB_ACE4_WHO_ANONYMOUS 0x00000008 /*Accessed without any authentication. */
#define SMB_ACE4_WHO_AUTHENTICATED 0x00000009 /*Any authenticated user (opposite of ANONYMOUS) */
#define SMB_ACE4_WHO_SERVICE 0x0000000A /*Access from a system service. */
#define SMB_ACE4_WHO_MAX SMB_ACE4_WHO_SERVICE /* largest valid ACE4_WHO */
uint32_t id;
} SMB_NFS4_ACEWHOID_T;
typedef struct _SMB_ACE4PROP_T {
uint32_t flags; /* Bit mask defining details of ACE */
/*The following are constants for flags field */
/* #define SMB_ACE4_ID_NOT_VALID 0x00000001 - from aix/jfs2 */
#define SMB_ACE4_ID_SPECIAL 0x00000002
SMB_NFS4_ACEWHOID_T who; /* Identifies to whom this ACE applies */
/* The following part of ACE has the same layout as NFSv4 wire format. */
uint32_t aceType; /* Type of ACE PERMIT/ALLOW etc*/
/*The constants used for the type field (acetype4) are as follows: */
#define SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE 0x00000000
#define SMB_ACE4_ACCESS_DENIED_ACE_TYPE 0x00000001
#define SMB_ACE4_SYSTEM_AUDIT_ACE_TYPE 0x00000002
#define SMB_ACE4_SYSTEM_ALARM_ACE_TYPE 0x00000003
#define SMB_ACE4_MAX_TYPE SMB_ACE4_SYSTEM_ALARM_ACE_TYPE /* largest valid ACE4_TYPE */
uint32_t aceFlags; /* Controls Inheritance and such */
/*The bitmask constants used for the flag field are as follows: */
#define SMB_ACE4_FILE_INHERIT_ACE 0x00000001
#define SMB_ACE4_DIRECTORY_INHERIT_ACE 0x00000002
#define SMB_ACE4_NO_PROPAGATE_INHERIT_ACE 0x00000004
#define SMB_ACE4_INHERIT_ONLY_ACE 0x00000008
#define SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG 0x00000010
#define SMB_ACE4_FAILED_ACCESS_ACE_FLAG 0x00000020
#define SMB_ACE4_IDENTIFIER_GROUP 0x00000040
#define SMB_ACE4_INHERITED_ACE 0x00000080
#define SMB_ACE4_ALL_FLAGS ( SMB_ACE4_FILE_INHERIT_ACE | SMB_ACE4_DIRECTORY_INHERIT_ACE \
| SMB_ACE4_NO_PROPAGATE_INHERIT_ACE | SMB_ACE4_INHERIT_ONLY_ACE | SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG \
| SMB_ACE4_FAILED_ACCESS_ACE_FLAG | SMB_ACE4_IDENTIFIER_GROUP | SMB_ACE4_INHERITED_ACE)
uint32_t aceMask; /* Access rights */
/*The bitmask constants used for the access mask field are as follows: */
#define SMB_ACE4_READ_DATA 0x00000001
#define SMB_ACE4_LIST_DIRECTORY 0x00000001
#define SMB_ACE4_WRITE_DATA 0x00000002
#define SMB_ACE4_ADD_FILE 0x00000002
#define SMB_ACE4_APPEND_DATA 0x00000004
#define SMB_ACE4_ADD_SUBDIRECTORY 0x00000004
#define SMB_ACE4_READ_NAMED_ATTRS 0x00000008
#define SMB_ACE4_WRITE_NAMED_ATTRS 0x00000010
#define SMB_ACE4_EXECUTE 0x00000020
#define SMB_ACE4_DELETE_CHILD 0x00000040
#define SMB_ACE4_READ_ATTRIBUTES 0x00000080
#define SMB_ACE4_WRITE_ATTRIBUTES 0x00000100
#define SMB_ACE4_DELETE 0x00010000
#define SMB_ACE4_READ_ACL 0x00020000
#define SMB_ACE4_WRITE_ACL 0x00040000
#define SMB_ACE4_WRITE_OWNER 0x00080000
#define SMB_ACE4_SYNCHRONIZE 0x00100000
#define SMB_ACE4_ALL_MASKS ( SMB_ACE4_READ_DATA | SMB_ACE4_LIST_DIRECTORY \
| SMB_ACE4_WRITE_DATA | SMB_ACE4_ADD_FILE | SMB_ACE4_APPEND_DATA | SMB_ACE4_ADD_SUBDIRECTORY \
| SMB_ACE4_READ_NAMED_ATTRS | SMB_ACE4_WRITE_NAMED_ATTRS | SMB_ACE4_EXECUTE | SMB_ACE4_DELETE_CHILD \
| SMB_ACE4_READ_ATTRIBUTES | SMB_ACE4_WRITE_ATTRIBUTES | SMB_ACE4_DELETE | SMB_ACE4_READ_ACL \
| SMB_ACE4_WRITE_ACL | SMB_ACE4_WRITE_OWNER | SMB_ACE4_SYNCHRONIZE )
} SMB_ACE4PROP_T;
struct SMB4ACL_T;
struct SMB4ACE_T;
enum smbacl4_mode_enum {e_simple=0, e_special=1};
enum smbacl4_acedup_enum {e_dontcare=0, e_reject=1, e_ignore=2, e_merge=3};
struct smbacl4_vfs_params {
enum smbacl4_mode_enum mode;
bool do_chown;
enum smbacl4_acedup_enum acedup;
bool map_full_control;
};
int smbacl4_get_vfs_params(struct connection_struct *conn,
struct smbacl4_vfs_params *params);
struct SMB4ACL_T *smb_create_smb4acl(TALLOC_CTX *mem_ctx);
/* prop's contents are copied */
/* it doesn't change the order, appends */
struct SMB4ACE_T *smb_add_ace4(struct SMB4ACL_T *theacl, SMB_ACE4PROP_T *prop);
SMB_ACE4PROP_T *smb_get_ace4(struct SMB4ACE_T *ace);
/* Returns NULL if none - or error */
struct SMB4ACE_T *smb_first_ace4(struct SMB4ACL_T *theacl);
/* Returns NULL in the end - or error */
struct SMB4ACE_T *smb_next_ace4(struct SMB4ACE_T *ace);
uint32_t smb_get_naces(struct SMB4ACL_T *theacl);
uint16_t smbacl4_get_controlflags(struct SMB4ACL_T *theacl);
bool smbacl4_set_controlflags(struct SMB4ACL_T *theacl, uint16_t controlflags);
bool nfs_ace_is_inherit(SMB_ACE4PROP_T *ace);
NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp,
const struct smbacl4_vfs_params *pparams,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc, struct SMB4ACL_T *theacl);
NTSTATUS smb_get_nt_acl_nfs4(connection_struct *conn,
const struct smb_filename *smb_fname,
const struct smbacl4_vfs_params *pparams,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc, struct SMB4ACL_T *theacl);
/* Callback function needed to set the native acl
* when applicable */
typedef bool (*set_nfs4acl_native_fn_t)(vfs_handle_struct *handle,
files_struct *,
struct SMB4ACL_T *);
NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp,
const struct smbacl4_vfs_params *pparams,
uint32_t security_info_sent,
const struct security_descriptor *psd,
set_nfs4acl_native_fn_t set_nfs4_native);
#endif /* __NFS4_ACLS_H__ */
|