| blob | 9a33fb5288a69c86ba0ad9a9d292df8aa1999e50 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 1994,2001-2003 Sun Microsystems, Inc.
24 * All rights reserved.
25 * Use is subject to license terms.
26 */
28 /*
29 * ident "%Z%%M% %I% %E% SMI"
30 */
32 const NFS_ACL_MAX_ENTRIES = 1024;
34 typedef int uid;
35 typedef unsigned short o_mode;
37 /*
38 * This is the format of an ACL which is passed over the network.
39 */
40 struct aclent {
41 int type;
42 uid id;
43 o_mode perm;
44 };
46 /*
47 * The values for the type element of the aclent structure.
48 */
49 const NA_USER_OBJ = 0x1; /* object owner */
50 const NA_USER = 0x2; /* additional users */
51 const NA_GROUP_OBJ = 0x4; /* owning group of the object */
52 const NA_GROUP = 0x8; /* additional groups */
53 const NA_CLASS_OBJ = 0x10; /* file group class and mask entry */
54 const NA_OTHER_OBJ = 0x20; /* other entry for the object */
55 const NA_ACL_DEFAULT = 0x1000; /* default flag */
57 /*
58 * The bit field values for the perm element of the aclent
59 * structure. The three values can be combined to form any
60 * of the 8 combinations.
61 */
62 const NA_READ = 0x4; /* read permission */
63 const NA_WRITE = 0x2; /* write permission */
64 const NA_EXEC = 0x1; /* exec permission */
66 /*
67 * This is the structure which contains the ACL entries for a
68 * particular entity. It contains the ACL entries which apply
69 * to this object plus any default ACL entries which are
70 * inherited by its children.
71 *
72 * The values for the mask field are defined below.
73 */
74 struct secattr {
75 u_int mask;
76 int aclcnt;
77 aclent aclent<NFS_ACL_MAX_ENTRIES>;
78 int dfaclcnt;
79 aclent dfaclent<NFS_ACL_MAX_ENTRIES>;
80 };
82 /*
83 * The values for the mask element of the secattr struct as well
84 * as for the mask element in the arguments in the GETACL2 and
85 * GETACL3 procedures.
86 */
87 const NA_ACL = 0x1; /* aclent contains a valid list */
88 const NA_ACLCNT = 0x2; /* the number of entries in the aclent list */
89 const NA_DFACL = 0x4; /* dfaclent contains a valid list */
90 const NA_DFACLCNT = 0x8; /* the number of entries in the dfaclent list */
92 /*
93 * This the definition for the GETACL procedure which applies to
94 * NFS Version 2.
95 */
96 struct GETACL2args {
97 fhandle_t fh;
98 u_int mask;
99 };
101 struct GETACL2resok {
102 struct nfsfattr attr;
103 secattr acl;
104 };
106 union GETACL2res switch (enum nfsstat status) {
107 case ACL2_OK:
108 GETACL2resok resok;
109 default:
110 void;
111 };
113 /*
114 * This is the definition for the SETACL procedure which applies
115 * NFS Version 2.
116 */
117 struct SETACL2args {
118 fhandle_t fh;
119 secattr acl;
120 };
122 struct SETACL2resok {
123 struct nfsfattr attr;
124 };
126 union SETACL2res switch (enum nfsstat status) {
127 case ACL2_OK:
128 SETACL2resok resok;
129 default:
130 void;
131 };
133 /*
134 * This is the definition for the GETATTR procedure which can be
135 * used as an alternative to the GETATTR in NFS Version 2. The
136 * main difference between this GETATTR and the NFS GETATTR is
137 * that this GETATTR returns the mode of the file without it being
138 * changed to match the min/max permissions mapping that the NFS
139 * Version 2 server does.
140 */
141 struct GETATTR2args {
142 fhandle_t fh;
143 };
145 struct GETATTR2resok {
146 struct nfsfattr attr;
147 };
149 union GETATTR2res switch (enum nfsstat status) {
150 case ACL2_OK:
151 GETATTR2resok resok;
152 default:
153 void;
154 };
156 /*
157 * This is the definition for the ACCESS procedure which applies
158 * to NFS Version 2.
159 */
160 struct ACCESS2args {
161 fhandle_t fh;
162 uint32 access;
163 };
165 /*
166 * The following access permissions may be requested:
167 */
168 const ACCESS2_READ = 0x1; /* read data or readdir a directory */
169 const ACCESS2_LOOKUP = 0x2; /* lookup a name in a directory */
170 const ACCESS2_MODIFY = 0x4; /* rewrite existing file data or */
171 /* modify existing directory entries */
172 const ACCESS2_EXTEND = 0x8; /* write new data or add directory entries */
173 const ACCESS2_DELETE = 0x10; /* delete existing directory entry */
174 const ACCESS2_EXECUTE = 0x20; /* execute file (no meaning for a directory) */
176 struct ACCESS2resok {
177 struct nfsfattr attr;
178 uint32 access;
179 };
181 union ACCESS2res switch (enum nfsstat status) {
182 case ACL2_OK:
183 ACCESS2resok resok;
184 default:
185 void;
186 };
188 /*
189 * This is the definition for the GETXATTRDIR procedure which applies
190 * to NFS Version 2 files.
191 */
192 struct GETXATTRDIR2args {
193 fhandle_t fh;
194 bool create;
195 };
197 struct GETXATTRDIR2resok {
198 fhandle_t fh;
199 struct nfsfattr attr;
200 };
202 union GETXATTRDIR2res switch (enum nfsstat status) {
203 case ACL2_OK:
204 GETXATTRDIR2resok resok;
205 default:
206 void;
207 };
209 /*
210 * This is the definition for the GETACL procedure which applies
211 * to NFS Version 3 files.
212 */
213 struct GETACL3args {
214 nfs_fh3 fh;
215 u_int mask;
216 };
218 struct GETACL3resok {
219 post_op_attr attr;
220 secattr acl;
221 };
223 struct GETACL3resfail {
224 post_op_attr attr;
225 };
227 union GETACL3res switch (nfsstat3 status) {
228 case ACL3_OK:
229 GETACL3resok resok;
230 default:
231 GETACL3resfail resfail;
232 };
234 /*
235 * This is the definition for the SETACL procedure which applies
236 * to NFS Version 3 files.
237 */
238 struct SETACL3args {
239 nfs_fh3 fh;
240 secattr acl;
241 };
243 struct SETACL3resok {
244 post_op_attr attr;
245 };
247 struct SETACL3resfail {
248 post_op_attr attr;
249 };
251 union SETACL3res switch (nfsstat3 status) {
252 case ACL3_OK:
253 SETACL3resok resok;
254 default:
255 SETACL3resfail resfail;
256 };
258 /*
259 * This is the definition for the GETXATTRDIR procedure which applies
260 * to NFS Version 3 files.
261 */
262 struct GETXATTRDIR3args {
263 nfs_fh3 fh;
264 bool create;
265 };
267 struct GETXATTRDIR3resok {
268 nfs_fh3 fh;
269 post_op_attr attr;
270 };
272 union GETXATTRDIR3res switch (nfsstat3 status) {
273 case ACL3_OK:
274 GETXATTRDIR3resok resok;
275 default:
276 void;
277 };
279 /*
280 * XXX {
281 * This is a transitional interface to enable Solaris NFSv4
282 * clients to manipulate ACLs on Solaris servers until the
283 * spec is complete enough to implement this inside the
284 * NFSv4 protocol itself. NFSv4 does handle extended
285 * attributes in-band.
286 */
288 /*
289 * This is the definition for the GETACL procedure which applies
290 * to NFS Version 4 files.
291 */
292 struct GETACL4args {
293 nfs_fh4 fh;
294 u_int mask;
295 };
297 struct GETACL4resok {
298 post_op_attr attr;
299 secattr acl;
300 };
302 struct GETACL4resfail {
303 post_op_attr attr;
304 };
306 union GETACL4res switch (nfsstat3 status) {
307 case ACL4_OK:
308 GETACL4resok resok;
309 default:
310 GETACL4resfail resfail;
311 };
313 /*
314 * This is the definition for the SETACL procedure which applies
315 * to NFS Version 4 files.
316 */
317 struct SETACL4args {
318 nfs_fh4 fh;
319 secattr acl;
320 };
322 struct SETACL4resok {
323 post_op_attr attr;
324 };
326 struct SETACL4resfail {
327 post_op_attr attr;
328 };
330 union SETACL4res switch (nfsstat3 status) {
331 case ACL4_OK:
332 SETACL4resok resok;
333 default:
334 SETACL4resfail resfail;
335 };
337 /* XXX } */
339 /*
340 * Share the port with the NFS service. NFS has to be running
341 * in order for this service to be useful anyway.
342 */
343 const NFS_ACL_PORT = 2049;
345 /*
346 * This is the definition for the ACL network protocol which is used
347 * to provide support for Solaris ACLs for files which are accessed
348 * via NFS Version 2 and NFS Version 3.
349 */
350 program NFS_ACL_PROGRAM {
351 version NFS_ACL_V2 {
352 void
353 ACLPROC2_NULL(void) = 0;
354 GETACL2res
355 ACLPROC2_GETACL(GETACL2args) = 1;
356 SETACL2res
357 ACLPROC2_SETACL(SETACL2args) = 2;
358 GETATTR2res
359 ACLPROC2_GETATTR(GETATTR2args) = 3;
360 ACCESS2res
361 ACLPROC2_ACCESS(ACCESS2args) = 4;
362 GETXATTRDIR2res
363 ACLPROC2_GETXATTRDIR(GETXATTRDIR2args) = 5;
364 } = 2;
365 version NFS_ACL_V3 {
366 void
367 ACLPROC3_NULL(void) = 0;
368 GETACL3res
369 ACLPROC3_GETACL(GETACL3args) = 1;
370 SETACL3res
371 ACLPROC3_SETACL(SETACL3args) = 2;
372 GETXATTRDIR3res
373 ACLPROC3_GETXATTRDIR(GETXATTRDIR3args) = 3;
374 } = 3;
375 version NFS_ACL_V4 {
376 void
377 ACLPROC4_NULL(void) = 0;
378 GETACL4res
379 ACLPROC4_GETACL(GETACL4args) = 1;
380 SETACL4res
381 ACLPROC4_SETACL(SETACL4args) = 2;
382 } = 4;
383 } = 100227;