1/*
2 * NFS4 ACL handling
3 *
4 * Copyright (C) Jim McDonough, 2006
5 * Reused & renamed some parts of AIX 5.3 sys/acl.h structures
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21#ifndef __NFS4_ACLS_H__
22#define __NFS4_ACLS_H__
23
24#define SMB_ACLTYPE_NONE 0
25#define SMB_ACLTYPE_UNKNOWN 1
26#define SMB_ACLTYPE_POSIX 2
27#define SMB_ACLTYPE_NFS4 4
28
29/*
30 * Following union captures the identity as
31 * used in the NFS4 ACL structures.
32 */
33typedef union _SMB_NFS4_ACEWHOID_T {
34	uid_t	uid;	/* User id */
35	gid_t	gid;	/* Group id */
36	uint32	special_id;	/* Identifies special identities in NFS4 */
37
38#define SMB_ACE4_WHO_OWNER         0x00000001 /*The owner of the file. */
39#define SMB_ACE4_WHO_GROUP         0x00000002 /*The group associated with the file. */
40#define SMB_ACE4_WHO_EVERYONE      0x00000003 /*The world. */
41#define SMB_ACE4_WHO_INTERACTIVE   0x00000004 /*Accessed from an interactive terminal. */
42#define SMB_ACE4_WHO_NETWORK       0x00000005 /*Accessed via the network. */
43#define SMB_ACE4_WHO_DIALUP        0x00000006 /*Accessed as a dialup user to the server. */
44#define SMB_ACE4_WHO_BATCH         0x00000007 /*Accessed from a batch job. */
45#define SMB_ACE4_WHO_ANONYMOUS     0x00000008 /*Accessed without any authentication. */
46#define SMB_ACE4_WHO_AUTHENTICATED 0x00000009 /*Any authenticated user (opposite of ANONYMOUS) */
47#define SMB_ACE4_WHO_SERVICE       0x0000000A /*Access from a system service. */
48#define SMB_ACE4_WHO_MAX		SMB_ACE4_WHO_SERVICE  /* largest valid ACE4_WHO */
49	uint32 id;
50} SMB_NFS4_ACEWHOID_T;
51
52typedef struct _SMB_ACE4PROP_T {
53	uint32	flags;	/* Bit mask defining details of ACE */
54/*The following are constants for flags field */
55/* #define	SMB_ACE4_ID_NOT_VALID	0x00000001 - from aix/jfs2 */
56#define	SMB_ACE4_ID_SPECIAL		0x00000002
57
58	SMB_NFS4_ACEWHOID_T	who;	/* Identifies to whom this ACE applies */
59
60	/* The following part of ACE has the same layout as NFSv4 wire format. */
61
62	uint32	aceType;	/* Type of ACE PERMIT/ALLOW etc*/
63/*The constants used for the type field (acetype4) are as follows: */
64#define	SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE	0x00000000
65#define	SMB_ACE4_ACCESS_DENIED_ACE_TYPE	0x00000001
66#define	SMB_ACE4_SYSTEM_AUDIT_ACE_TYPE	0x00000002
67#define	SMB_ACE4_SYSTEM_ALARM_ACE_TYPE	0x00000003
68#define SMB_ACE4_MAX_TYPE	ACE4_SYSTEM_ALARM_ACE_TYPE  /* largest valid ACE4_TYPE */
69
70	uint32	aceFlags;	/* Controls Inheritance and such */
71/*The bitmask constants used for the flag field are as follows: */
72#define SMB_ACE4_FILE_INHERIT_ACE             0x00000001
73#define SMB_ACE4_DIRECTORY_INHERIT_ACE        0x00000002
74#define SMB_ACE4_NO_PROPAGATE_INHERIT_ACE     0x00000004
75#define SMB_ACE4_INHERIT_ONLY_ACE             0x00000008
76#define SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG   0x00000010
77#define SMB_ACE4_FAILED_ACCESS_ACE_FLAG       0x00000020
78#define SMB_ACE4_IDENTIFIER_GROUP             0x00000040
79#define SMB_ACE4_ALL_FLAGS	( SMB_ACE4_FILE_INHERIT_ACE | SMB_ACE4_DIRECTORY_INHERIT_ACE \
80| SMB_ACE4_NO_PROPAGATE_INHERIT_ACE | SMB_ACE4_INHERIT_ONLY_ACE | SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG \
81| SMB_ACE4_FAILED_ACCESS_ACE_FLAG | SMB_ACE4_IDENTIFIER_GROUP )
82
83	uint32	aceMask;	/* Access rights */
84/*The bitmask constants used for the access mask field are as follows: */
85#define SMB_ACE4_READ_DATA            0x00000001
86#define SMB_ACE4_LIST_DIRECTORY       0x00000001
87#define SMB_ACE4_WRITE_DATA           0x00000002
88#define SMB_ACE4_ADD_FILE             0x00000002
89#define SMB_ACE4_APPEND_DATA          0x00000004
90#define SMB_ACE4_ADD_SUBDIRECTORY     0x00000004
91#define SMB_ACE4_READ_NAMED_ATTRS     0x00000008
92#define SMB_ACE4_WRITE_NAMED_ATTRS    0x00000010
93#define SMB_ACE4_EXECUTE              0x00000020
94#define SMB_ACE4_DELETE_CHILD         0x00000040
95#define SMB_ACE4_READ_ATTRIBUTES      0x00000080
96#define SMB_ACE4_WRITE_ATTRIBUTES     0x00000100
97#define SMB_ACE4_DELETE               0x00010000
98#define SMB_ACE4_READ_ACL             0x00020000
99#define SMB_ACE4_WRITE_ACL            0x00040000
100#define SMB_ACE4_WRITE_OWNER          0x00080000
101#define SMB_ACE4_SYNCHRONIZE          0x00100000
102#define SMB_ACE4_ALL_MASKS	( SMB_ACE4_READ_DATA | SMB_ACE4_LIST_DIRECTORY \
103| SMB_ACE4_WRITE_DATA | SMB_ACE4_ADD_FILE | SMB_ACE4_APPEND_DATA | SMB_ACE4_ADD_SUBDIRECTORY \
104| SMB_ACE4_READ_NAMED_ATTRS | SMB_ACE4_WRITE_NAMED_ATTRS | SMB_ACE4_EXECUTE | SMB_ACE4_DELETE_CHILD \
105| SMB_ACE4_READ_ATTRIBUTES | SMB_ACE4_WRITE_ATTRIBUTES | SMB_ACE4_DELETE | SMB_ACE4_READ_ACL \
106| SMB_ACE4_WRITE_ACL | SMB_ACE4_WRITE_OWNER | SMB_ACE4_SYNCHRONIZE )
107} SMB_ACE4PROP_T;
108
109/*
110 * Never allocate these structures on your own
111 * use create_smb4acl instead
112 */
113typedef struct _SMB4ACL_T {char dontuse;} SMB4ACL_T;
114typedef struct _SMB4ACE_T {char dontuse;} SMB4ACE_T;
115
116SMB4ACL_T *smb_create_smb4acl(void);
117
118/* prop's contents are copied */
119/* it doesn't change the order, appends */
120SMB4ACE_T *smb_add_ace4(SMB4ACL_T *theacl, SMB_ACE4PROP_T *prop);
121
122SMB_ACE4PROP_T *smb_get_ace4(SMB4ACE_T *ace);
123
124/* Returns NULL if none - or error */
125SMB4ACE_T *smb_first_ace4(SMB4ACL_T *theacl);
126
127/* Returns NULL in the end - or error */
128SMB4ACE_T *smb_next_ace4(SMB4ACE_T *ace);
129
130uint32 smb_get_naces(SMB4ACL_T *theacl);
131
132NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp,
133	uint32 security_info,
134	SEC_DESC **ppdesc, SMB4ACL_T *theacl);
135
136NTSTATUS smb_get_nt_acl_nfs4(connection_struct *conn,
137	const char *name,
138	uint32 security_info,
139	SEC_DESC **ppdesc, SMB4ACL_T *theacl);
140
141/* Callback function needed to set the native acl
142 * when applicable */
143typedef bool (*set_nfs4acl_native_fn_t)(files_struct *, SMB4ACL_T *);
144
145NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
146	uint32 security_info_sent,
147	const SEC_DESC *psd,
148	set_nfs4acl_native_fn_t set_nfs4_native);
149
150#endif /* __NFS4_ACLS_H__ */
151