4 * Copyright (C) Jim McDonough, 2006
5 * Reused & renamed some parts of AIX 5.3 sys/acl.h structures
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #ifndef __NFS4_ACLS_H__
22 #define __NFS4_ACLS_H__
24 #define SMB_ACLTYPE_NONE 0
25 #define SMB_ACLTYPE_UNKNOWN 1
26 #define SMB_ACLTYPE_POSIX 2
27 #define SMB_ACLTYPE_NFS4 4
30 * Following union captures the identity as
31 * used in the NFS4 ACL structures.
33 typedef union _SMB_NFS4_ACEWHOID_T
{
34 uid_t uid
; /* User id */
35 gid_t gid
; /* Group id */
36 uint32_t special_id
; /* Identifies special identities in NFS4 */
38 #define SMB_ACE4_WHO_OWNER 0x00000001 /*The owner of the file. */
39 #define SMB_ACE4_WHO_GROUP 0x00000002 /*The group associated with the file. */
40 #define SMB_ACE4_WHO_EVERYONE 0x00000003 /*The world. */
41 #define SMB_ACE4_WHO_INTERACTIVE 0x00000004 /*Accessed from an interactive terminal. */
42 #define SMB_ACE4_WHO_NETWORK 0x00000005 /*Accessed via the network. */
43 #define SMB_ACE4_WHO_DIALUP 0x00000006 /*Accessed as a dialup user to the server. */
44 #define SMB_ACE4_WHO_BATCH 0x00000007 /*Accessed from a batch job. */
45 #define SMB_ACE4_WHO_ANONYMOUS 0x00000008 /*Accessed without any authentication. */
46 #define SMB_ACE4_WHO_AUTHENTICATED 0x00000009 /*Any authenticated user (opposite of ANONYMOUS) */
47 #define SMB_ACE4_WHO_SERVICE 0x0000000A /*Access from a system service. */
48 #define SMB_ACE4_WHO_MAX SMB_ACE4_WHO_SERVICE /* largest valid ACE4_WHO */
50 } SMB_NFS4_ACEWHOID_T
;
52 typedef struct _SMB_ACE4PROP_T
{
53 uint32_t flags
; /* Bit mask defining details of ACE */
54 /*The following are constants for flags field */
55 /* #define SMB_ACE4_ID_NOT_VALID 0x00000001 - from aix/jfs2 */
56 #define SMB_ACE4_ID_SPECIAL 0x00000002
58 SMB_NFS4_ACEWHOID_T who
; /* Identifies to whom this ACE applies */
60 /* The following part of ACE has the same layout as NFSv4 wire format. */
62 uint32_t aceType
; /* Type of ACE PERMIT/ALLOW etc*/
63 /*The constants used for the type field (acetype4) are as follows: */
64 #define SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE 0x00000000
65 #define SMB_ACE4_ACCESS_DENIED_ACE_TYPE 0x00000001
66 #define SMB_ACE4_SYSTEM_AUDIT_ACE_TYPE 0x00000002
67 #define SMB_ACE4_SYSTEM_ALARM_ACE_TYPE 0x00000003
68 #define SMB_ACE4_MAX_TYPE SMB_ACE4_SYSTEM_ALARM_ACE_TYPE /* largest valid ACE4_TYPE */
70 uint32_t aceFlags
; /* Controls Inheritance and such */
71 /*The bitmask constants used for the flag field are as follows: */
72 #define SMB_ACE4_FILE_INHERIT_ACE 0x00000001
73 #define SMB_ACE4_DIRECTORY_INHERIT_ACE 0x00000002
74 #define SMB_ACE4_NO_PROPAGATE_INHERIT_ACE 0x00000004
75 #define SMB_ACE4_INHERIT_ONLY_ACE 0x00000008
76 #define SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG 0x00000010
77 #define SMB_ACE4_FAILED_ACCESS_ACE_FLAG 0x00000020
78 #define SMB_ACE4_IDENTIFIER_GROUP 0x00000040
79 #define SMB_ACE4_INHERITED_ACE 0x00000080
80 #define SMB_ACE4_ALL_FLAGS ( SMB_ACE4_FILE_INHERIT_ACE | SMB_ACE4_DIRECTORY_INHERIT_ACE \
81 | SMB_ACE4_NO_PROPAGATE_INHERIT_ACE | SMB_ACE4_INHERIT_ONLY_ACE | SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG \
82 | SMB_ACE4_FAILED_ACCESS_ACE_FLAG | SMB_ACE4_IDENTIFIER_GROUP | SMB_ACE4_INHERITED_ACE)
84 uint32_t aceMask
; /* Access rights */
85 /*The bitmask constants used for the access mask field are as follows: */
86 #define SMB_ACE4_READ_DATA 0x00000001
87 #define SMB_ACE4_LIST_DIRECTORY 0x00000001
88 #define SMB_ACE4_WRITE_DATA 0x00000002
89 #define SMB_ACE4_ADD_FILE 0x00000002
90 #define SMB_ACE4_APPEND_DATA 0x00000004
91 #define SMB_ACE4_ADD_SUBDIRECTORY 0x00000004
92 #define SMB_ACE4_READ_NAMED_ATTRS 0x00000008
93 #define SMB_ACE4_WRITE_NAMED_ATTRS 0x00000010
94 #define SMB_ACE4_EXECUTE 0x00000020
95 #define SMB_ACE4_DELETE_CHILD 0x00000040
96 #define SMB_ACE4_READ_ATTRIBUTES 0x00000080
97 #define SMB_ACE4_WRITE_ATTRIBUTES 0x00000100
98 #define SMB_ACE4_DELETE 0x00010000
99 #define SMB_ACE4_READ_ACL 0x00020000
100 #define SMB_ACE4_WRITE_ACL 0x00040000
101 #define SMB_ACE4_WRITE_OWNER 0x00080000
102 #define SMB_ACE4_SYNCHRONIZE 0x00100000
103 #define SMB_ACE4_ALL_MASKS ( SMB_ACE4_READ_DATA | SMB_ACE4_LIST_DIRECTORY \
104 | SMB_ACE4_WRITE_DATA | SMB_ACE4_ADD_FILE | SMB_ACE4_APPEND_DATA | SMB_ACE4_ADD_SUBDIRECTORY \
105 | SMB_ACE4_READ_NAMED_ATTRS | SMB_ACE4_WRITE_NAMED_ATTRS | SMB_ACE4_EXECUTE | SMB_ACE4_DELETE_CHILD \
106 | SMB_ACE4_READ_ATTRIBUTES | SMB_ACE4_WRITE_ATTRIBUTES | SMB_ACE4_DELETE | SMB_ACE4_READ_ACL \
107 | SMB_ACE4_WRITE_ACL | SMB_ACE4_WRITE_OWNER | SMB_ACE4_SYNCHRONIZE )
113 enum smbacl4_mode_enum
{e_simple
=0, e_special
=1};
114 enum smbacl4_acedup_enum
{e_dontcare
=0, e_reject
=1, e_ignore
=2, e_merge
=3};
116 struct smbacl4_vfs_params
{
117 enum smbacl4_mode_enum mode
;
119 enum smbacl4_acedup_enum acedup
;
120 bool map_full_control
;
123 int smbacl4_get_vfs_params(struct connection_struct
*conn
,
124 struct smbacl4_vfs_params
*params
);
126 struct SMB4ACL_T
*smb_create_smb4acl(TALLOC_CTX
*mem_ctx
);
128 /* prop's contents are copied */
129 /* it doesn't change the order, appends */
130 struct SMB4ACE_T
*smb_add_ace4(struct SMB4ACL_T
*theacl
, SMB_ACE4PROP_T
*prop
);
132 SMB_ACE4PROP_T
*smb_get_ace4(struct SMB4ACE_T
*ace
);
134 /* Returns NULL if none - or error */
135 struct SMB4ACE_T
*smb_first_ace4(struct SMB4ACL_T
*theacl
);
137 /* Returns NULL in the end - or error */
138 struct SMB4ACE_T
*smb_next_ace4(struct SMB4ACE_T
*ace
);
140 uint32_t smb_get_naces(struct SMB4ACL_T
*theacl
);
142 uint16_t smbacl4_get_controlflags(struct SMB4ACL_T
*theacl
);
144 bool smbacl4_set_controlflags(struct SMB4ACL_T
*theacl
, uint16_t controlflags
);
146 NTSTATUS
smb_fget_nt_acl_nfs4(files_struct
*fsp
,
147 const struct smbacl4_vfs_params
*pparams
,
148 uint32_t security_info
,
150 struct security_descriptor
**ppdesc
, struct SMB4ACL_T
*theacl
);
152 NTSTATUS
smb_get_nt_acl_nfs4(connection_struct
*conn
,
153 const struct smb_filename
*smb_fname
,
154 const struct smbacl4_vfs_params
*pparams
,
155 uint32_t security_info
,
157 struct security_descriptor
**ppdesc
, struct SMB4ACL_T
*theacl
);
159 /* Callback function needed to set the native acl
161 typedef bool (*set_nfs4acl_native_fn_t
)(vfs_handle_struct
*handle
,
165 NTSTATUS
smb_set_nt_acl_nfs4(vfs_handle_struct
*handle
, files_struct
*fsp
,
166 const struct smbacl4_vfs_params
*pparams
,
167 uint32_t security_info_sent
,
168 const struct security_descriptor
*psd
,
169 set_nfs4acl_native_fn_t set_nfs4_native
);
171 #endif /* __NFS4_ACLS_H__ */