3882 Remove xmod & friends

[illumos-gate.git] / usr / src / uts / common / smbsrv / ntaccess.h

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#ifndef _SMBSRV_NTACCESS_H
#define _SMBSRV_NTACCESS_H

#pragma ident   "%Z%%M% %I%     %E% SMI"

/*
 * This file defines the NT compatible access control masks and values.
 * An access mask as a 32-bit value arranged as shown below.
 *
 *   31-28    Generic bits, interpreted per object type
 *   27-26    Reserved, must-be-zero
 *   25       Maximum allowed
 *   24       System Security rights (SACL is SD)
 *   23-16    Standard access rights, generic to all object types
 *   15-0     Specific access rights, object specific
 *
 *   3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
 *   1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
 *   +---------------+---------------+-------------------------------+
 *   |G|G|G|G|Res'd|A| StandardRights|         SpecificRights        |
 *   |R|W|E|A|     |S|               |                               |
 *   +-+-------------+---------------+-------------------------------+
 */

#ifdef __cplusplus
extern "C" {
#endif

/*
 * Specific rights for files, pipes and directories.
 */
#define FILE_READ_DATA                  (0x0001) /* file & pipe */
#define FILE_LIST_DIRECTORY             (0x0001) /* directory */
#define FILE_WRITE_DATA                 (0x0002) /* file & pipe */
#define FILE_ADD_FILE                   (0x0002) /* directory */
#define FILE_APPEND_DATA                (0x0004) /* file */
#define FILE_ADD_SUBDIRECTORY           (0x0004) /* directory */
#define FILE_CREATE_PIPE_INSTANCE       (0x0004) /* named pipe */
#define FILE_READ_EA                    (0x0008) /* file & directory */
#define FILE_READ_PROPERTIES            (0x0008) /* pipe */
#define FILE_WRITE_EA                   (0x0010) /* file & directory */
#define FILE_WRITE_PROPERTIES           (0x0010) /* pipe */
#define FILE_EXECUTE                    (0x0020) /* file */
#define FILE_TRAVERSE                   (0x0020) /* directory */
#define FILE_DELETE_CHILD               (0x0040) /* directory */
#define FILE_READ_ATTRIBUTES            (0x0080) /* all */
#define FILE_WRITE_ATTRIBUTES           (0x0100) /* all */
#define FILE_SPECIFIC_ALL               (0x000001FFL)
#define SPECIFIC_RIGHTS_ALL             (0x0000FFFFL)


/*
 * Standard rights:
 *
 * DELETE       The right to delete the object.
 *
 * READ_CONTROL The right to read the information in the object's security
 *              descriptor, not including the information in the SACL.
 *
 * WRITE_DAC    The right to modify the DACL in the object's security
 *              descriptor.
 *
 * WRITE_OWNER  The right to change the owner in the object's security
 *              descriptor.
 *
 * SYNCHRONIZE  The right to use the object for synchronization. This enables
 *              a thread to wait until the object is in the signaled state.
 */
#define DELETE                          (0x00010000L)
#define READ_CONTROL                    (0x00020000L)
#define WRITE_DAC                       (0x00040000L)
#define WRITE_OWNER                     (0x00080000L) /* take ownership */
#define SYNCHRONIZE                     (0x00100000L)
#define STANDARD_RIGHTS_REQUIRED        (0x000F0000L)
#define STANDARD_RIGHTS_ALL             (0x001F0000L)


#define STANDARD_RIGHTS_READ            (READ_CONTROL)
#define STANDARD_RIGHTS_WRITE           (READ_CONTROL)
#define STANDARD_RIGHTS_EXECUTE         (READ_CONTROL)

#define FILE_METADATA_ALL               (FILE_READ_EA           |\
                                        FILE_READ_ATTRIBUTES    |\
                                        READ_CONTROL            |\
                                        FILE_WRITE_EA           |\
                                        FILE_WRITE_ATTRIBUTES   |\
                                        WRITE_DAC               |\
                                        WRITE_OWNER             |\
                                        SYNCHRONIZE)

#define FILE_DATA_ALL                   (FILE_READ_DATA         |\
                                        FILE_WRITE_DATA         |\
                                        FILE_APPEND_DATA        |\
                                        FILE_EXECUTE            |\
                                        DELETE)

#define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)


/*
 * Miscellaneous bits: SACL access and maximum allowed access.
 */
#define ACCESS_SYSTEM_SECURITY          (0x01000000L)
#define MAXIMUM_ALLOWED                 (0x02000000L)


/*
 * Generic rights. These are shorthands that are interpreted as
 * appropriate for the type of secured object being accessed.
 */
#define GENERIC_ALL                     (0x10000000UL)
#define GENERIC_EXECUTE                 (0x20000000UL)
#define GENERIC_WRITE                   (0x40000000UL)
#define GENERIC_READ                    (0x80000000UL)

#define FILE_GENERIC_READ (STANDARD_RIGHTS_READ |               \
            FILE_READ_DATA              |                       \
            FILE_READ_ATTRIBUTES        |                       \
            FILE_READ_EA                |                       \
            SYNCHRONIZE)

#define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |             \
            FILE_WRITE_DATA             |                       \
            FILE_WRITE_ATTRIBUTES       |                       \
            FILE_WRITE_EA               |                       \
            FILE_APPEND_DATA            |                       \
            SYNCHRONIZE)

#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |         \
            FILE_READ_ATTRIBUTES        |                       \
            FILE_EXECUTE                |                       \
            SYNCHRONIZE)

#define FILE_GENERIC_ALL (FILE_GENERIC_READ |                   \
            FILE_GENERIC_WRITE          |                       \
            FILE_GENERIC_EXECUTE)


/*
 * LSA policy desired access masks.
 */
#define POLICY_VIEW_LOCAL_INFORMATION           0x00000001L
#define POLICY_VIEW_AUDIT_INFORMATION           0x00000002L
#define POLICY_GET_PRIVATE_INFORMATION          0x00000004L
#define POLICY_TRUST_ADMIN                      0x00000008L
#define POLICY_CREATE_ACCOUNT                   0x00000010L
#define POLICY_CREATE_SECRET                    0x00000020L
#define POLICY_CREATE_PRIVILEGE                 0x00000040L
#define POLICY_SET_DEFAULT_QUOTA_LIMITS         0x00000080L
#define POLICY_SET_AUDIT_REQUIREMENTS           0x00000100L
#define POLICY_AUDIT_LOG_ADMIN                  0x00000200L
#define POLICY_SERVER_ADMIN                     0x00000400L
#define POLICY_LOOKUP_NAMES                     0x00000800L


/*
 * SAM specific rights desired access masks. These definitions are listed
 * mostly as a convenience; they don't seem to be documented. Setting the
 * desired access mask to GENERIC_EXECUTE and STANDARD_RIGHTS_EXECUTE
 * seems to work when just looking up information.
 */
#define SAM_LOOKUP_INFORMATION (GENERIC_EXECUTE         \
            | STANDARD_RIGHTS_EXECUTE)

#define SAM_ACCESS_USER_READ            0x0000031BL
#define SAM_ACCESS_USER_UPDATE          0x0000031FL
#define SAM_ACCESS_USER_SETPWD          0x0000037FL
#define SAM_CONNECT_CREATE_ACCOUNT      0x00000020L
#define SAM_ENUM_LOCAL_DOMAIN           0x00000030L
#define SAM_DOMAIN_CREATE_ACCOUNT       0x00000211L


/*
 * File attributes
 *
 * Note:  0x00000008 is reserved for use for the old DOS VOLID (volume ID)
 *        and is therefore not considered valid in NT.
 *
 * Note:  0x00000010 is reserved for use for the old DOS SUBDIRECTORY flag
 *        and is therefore not considered valid in NT.  This flag has
 *        been disassociated with file attributes since the other flags are
 *        protected with READ_ and WRITE_ATTRIBUTES access to the file.
 *
 * Note:  Note also that the order of these flags is set to allow both the
 *        FAT and the Pinball File Systems to directly set the attributes
 *        flags in attributes words without having to pick each flag out
 *        individually.  The order of these flags should not be changed!
 *
 * The file attributes are defined in smbsrv/smb_vops.h
 */

/* Filesystem Attributes */
#define FILE_CASE_SENSITIVE_SEARCH      0x00000001
#define FILE_CASE_PRESERVED_NAMES       0x00000002
#define FILE_UNICODE_ON_DISK            0x00000004
#define FILE_PERSISTENT_ACLS            0x00000008
#define FILE_FILE_COMPRESSION           0x00000010
#define FILE_VOLUME_QUOTAS              0x00000020
#define FILE_SUPPORTS_SPARSE_FILES      0x00000040
#define FILE_SUPPORTS_REPARSE_POINTS    0x00000080
#define FILE_SUPPORTS_REMOTE_STORAGE    0x00000100
#define FILE_VOLUME_IS_COMPRESSED       0x00008000
#define FILE_SUPPORTS_OBJECT_IDS        0x00010000
#define FILE_SUPPORTS_ENCRYPTION        0x00020000
#define FILE_NAMED_STREAMS              0x00040000
#define FILE_READ_ONLY_VOLUME           0x00080000

#ifdef __cplusplus
}
#endif

#endif /* _SMBSRV_NTACCESS_H */