1/* 2 Copyright (c) 2008,2009 Frank Lahm <franklahm@gmail.com> 3 4 This program is free software; you can redistribute it and/or modify 5 it under the terms of the GNU General Public License as published by 6 the Free Software Foundation; either version 2 of the License, or 7 (at your option) any later version. 8 9 This program is distributed in the hope that it will be useful, 10 but WITHOUT ANY WARRANTY; without even the implied warranty of 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 GNU General Public License for more details. 13 */ 14 15#ifndef AFPD_ACLS_H 16#define AFPD_ACLS_H 17 18#ifdef HAVE_SOLARIS_ACLS 19#include <sys/acl.h> 20#endif 21 22#include <atalk/uuid.h> /* for atalk_uuid_t */ 23 24/* 25 * This is what Apple says about ACL flags in sys/kauth.h: 26 * 27 * <Apple> The low 16 bits of the flags field are reserved for filesystem 28 * internal use and must be preserved by all APIs. This includes 29 * round-tripping flags through user-space interfaces. 30 * The high 16 bits of the flags are used to store attributes and 31 * to request specific handling of the ACL. </Apple> 32 * 33 * The constants are included for reference. We DONT expect them on 34 * the wire! We will ignore and spoil em. 35 */ 36 37#ifdef HAVE_SOLARIS_ACLS 38/* Some stuff for the handling of NFSv4 ACLs */ 39#define ACE_TRIVIAL (ACE_OWNER | ACE_GROUP | ACE_EVERYONE) 40#endif /* HAVE_SOLARIS_ACLS */ 41 42/* FPGet|Set Bitmap */ 43enum { 44 kFileSec_UUID = (1<<0), 45 kFileSec_GRPUUID = (1<<1), 46 kFileSec_ACL = (1<<2), 47 kFileSec_REMOVEACL = (1<<3), 48 kFileSec_Inherit = (1<<4) 49}; 50 51/* ACL Flags */ 52#define DARWIN_ACL_FLAGS_PRIVATE (0xffff) 53/* inheritance will be deferred until the first rename operation */ 54#define KAUTH_ACL_DEFER_INHERIT (1<<16) 55/* this ACL must not be overwritten as part of an inheritance operation */ 56#define KAUTH_ACL_NO_INHERIT (1<<17) 57 58/* ACE Flags */ 59#define DARWIN_ACE_FLAGS_KINDMASK 0xf 60#define DARWIN_ACE_FLAGS_PERMIT (1<<0) /* 0x00000001 */ 61#define DARWIN_ACE_FLAGS_DENY (1<<1) /* 0x00000002 */ 62#define DARWIN_ACE_FLAGS_INHERITED (1<<4) /* 0x00000010 */ 63#define DARWIN_ACE_FLAGS_FILE_INHERIT (1<<5) /* 0x00000020 */ 64#define DARWIN_ACE_FLAGS_DIRECTORY_INHERIT (1<<6) /* 0x00000040 */ 65#define DARWIN_ACE_FLAGS_LIMIT_INHERIT (1<<7) /* 0x00000080 */ 66#define DARWIN_ACE_FLAGS_ONLY_INHERIT (1<<8) /* 0x00000100 */ 67 68/* All flag bits controlling ACE inheritance */ 69#define DARWIN_ACE_INHERIT_CONTROL_FLAGS \ 70 (DARWIN_ACE_FLAGS_FILE_INHERIT |\ 71 DARWIN_ACE_FLAGS_DIRECTORY_INHERIT |\ 72 DARWIN_ACE_FLAGS_LIMIT_INHERIT |\ 73 DARWIN_ACE_FLAGS_ONLY_INHERIT) 74 75/* ACE Rights */ 76#define DARWIN_ACE_READ_DATA 0x00000002 77#define DARWIN_ACE_LIST_DIRECTORY 0x00000002 78#define DARWIN_ACE_WRITE_DATA 0x00000004 79#define DARWIN_ACE_ADD_FILE 0x00000004 80#define DARWIN_ACE_EXECUTE 0x00000008 81#define DARWIN_ACE_SEARCH 0x00000008 82#define DARWIN_ACE_DELETE 0x00000010 83#define DARWIN_ACE_APPEND_DATA 0x00000020 84#define DARWIN_ACE_ADD_SUBDIRECTORY 0x00000020 85#define DARWIN_ACE_DELETE_CHILD 0x00000040 86#define DARWIN_ACE_READ_ATTRIBUTES 0x00000080 87#define DARWIN_ACE_WRITE_ATTRIBUTES 0x00000100 88#define DARWIN_ACE_READ_EXTATTRIBUTES 0x00000200 89#define DARWIN_ACE_WRITE_EXTATTRIBUTES 0x00000400 90#define DARWIN_ACE_READ_SECURITY 0x00000800 91#define DARWIN_ACE_WRITE_SECURITY 0x00001000 92#define DARWIN_ACE_TAKE_OWNERSHIP 0x00002000 93 94/* Access Control List Entry (ACE) */ 95typedef struct { 96 atalk_uuid_t darwin_ace_uuid; 97 uint32_t darwin_ace_flags; 98 uint32_t darwin_ace_rights; 99} darwin_ace_t; 100 101/* Access Control List */ 102typedef struct { 103 uint32_t darwin_acl_count; 104 uint32_t darwin_acl_flags; 105} darwin_acl_header_t; 106 107/* FP functions */ 108int afp_access (AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen); 109int afp_getacl (AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen); 110int afp_setacl (AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen); 111 112/* Parse afp.conf */ 113extern int acl_ldap_readconfig(char *name); 114 115/* Misc funcs */ 116extern int acltoownermode(const AFPObj *obj, const struct vol *vol, char *path, struct stat *st, struct maccess *ma); 117#endif 118