1/*
2   Copyright (c) 2008,2009 Frank Lahm <franklahm@gmail.com>
3
4   This program is free software; you can redistribute it and/or modify
5   it under the terms of the GNU General Public License as published by
6   the Free Software Foundation; either version 2 of the License, or
7   (at your option) any later version.
8
9   This program is distributed in the hope that it will be useful,
10   but WITHOUT ANY WARRANTY; without even the implied warranty of
11   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12   GNU General Public License for more details.
13 */
14
15#ifndef AFPD_ACLS_H
16#define AFPD_ACLS_H
17
18#ifdef HAVE_SOLARIS_ACLS
19#include <sys/acl.h>
20#endif
21
22#include <atalk/uuid.h>		/* for atalk_uuid_t */
23
24/*
25 * This is what Apple says about ACL flags in sys/kauth.h:
26 *
27 * <Apple> The low 16 bits of the flags field are reserved for filesystem
28 * internal use and must be preserved by all APIs.  This includes
29 * round-tripping flags through user-space interfaces.
30 * The high 16 bits of the flags are used to store attributes and
31 * to request specific handling of the ACL. </Apple>
32 *
33 * The constants are included for reference. We DONT expect them on
34 * the wire! We will ignore and spoil em.
35 */
36
37#ifdef HAVE_SOLARIS_ACLS
38/* Some stuff for the handling of NFSv4 ACLs */
39#define ACE_TRIVIAL (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)
40#endif /* HAVE_SOLARIS_ACLS */
41
42/* FPGet|Set Bitmap */
43enum {
44    kFileSec_UUID      = (1<<0),
45    kFileSec_GRPUUID   = (1<<1),
46    kFileSec_ACL       = (1<<2),
47    kFileSec_REMOVEACL = (1<<3),
48    kFileSec_Inherit   = (1<<4)
49};
50
51/* ACL Flags */
52#define DARWIN_ACL_FLAGS_PRIVATE       (0xffff)
53/* inheritance will be deferred until the first rename operation */
54#define KAUTH_ACL_DEFER_INHERIT (1<<16)
55/* this ACL must not be overwritten as part of an inheritance operation */
56#define KAUTH_ACL_NO_INHERIT (1<<17)
57
58/* ACE Flags */
59#define DARWIN_ACE_FLAGS_KINDMASK           0xf
60#define DARWIN_ACE_FLAGS_PERMIT             (1<<0) /* 0x00000001 */
61#define DARWIN_ACE_FLAGS_DENY               (1<<1) /* 0x00000002 */
62#define DARWIN_ACE_FLAGS_INHERITED          (1<<4) /* 0x00000010 */
63#define DARWIN_ACE_FLAGS_FILE_INHERIT       (1<<5) /* 0x00000020 */
64#define DARWIN_ACE_FLAGS_DIRECTORY_INHERIT  (1<<6) /* 0x00000040 */
65#define DARWIN_ACE_FLAGS_LIMIT_INHERIT      (1<<7) /* 0x00000080 */
66#define DARWIN_ACE_FLAGS_ONLY_INHERIT       (1<<8) /* 0x00000100 */
67
68/* All flag bits controlling ACE inheritance */
69#define DARWIN_ACE_INHERIT_CONTROL_FLAGS \
70       (DARWIN_ACE_FLAGS_FILE_INHERIT |\
71        DARWIN_ACE_FLAGS_DIRECTORY_INHERIT |\
72        DARWIN_ACE_FLAGS_LIMIT_INHERIT |\
73        DARWIN_ACE_FLAGS_ONLY_INHERIT)
74
75/* ACE Rights */
76#define DARWIN_ACE_READ_DATA           0x00000002
77#define DARWIN_ACE_LIST_DIRECTORY      0x00000002
78#define DARWIN_ACE_WRITE_DATA          0x00000004
79#define DARWIN_ACE_ADD_FILE            0x00000004
80#define DARWIN_ACE_EXECUTE             0x00000008
81#define DARWIN_ACE_SEARCH              0x00000008
82#define DARWIN_ACE_DELETE              0x00000010
83#define DARWIN_ACE_APPEND_DATA         0x00000020
84#define DARWIN_ACE_ADD_SUBDIRECTORY    0x00000020
85#define DARWIN_ACE_DELETE_CHILD        0x00000040
86#define DARWIN_ACE_READ_ATTRIBUTES     0x00000080
87#define DARWIN_ACE_WRITE_ATTRIBUTES    0x00000100
88#define DARWIN_ACE_READ_EXTATTRIBUTES  0x00000200
89#define DARWIN_ACE_WRITE_EXTATTRIBUTES 0x00000400
90#define DARWIN_ACE_READ_SECURITY       0x00000800
91#define DARWIN_ACE_WRITE_SECURITY      0x00001000
92#define DARWIN_ACE_TAKE_OWNERSHIP      0x00002000
93
94/* Access Control List Entry (ACE) */
95typedef struct {
96    atalk_uuid_t      darwin_ace_uuid;
97    uint32_t    darwin_ace_flags;
98    uint32_t    darwin_ace_rights;
99} darwin_ace_t;
100
101/* Access Control List */
102typedef struct {
103    uint32_t darwin_acl_count;
104    uint32_t darwin_acl_flags;
105} darwin_acl_header_t;
106
107/* FP functions */
108int afp_access (AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf,  size_t *rbuflen);
109int afp_getacl (AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf,  size_t *rbuflen);
110int afp_setacl (AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf,  size_t *rbuflen);
111
112/* Parse afp_ldap.conf */
113extern int acl_ldap_readconfig(char *name);
114
115/* Misc funcs */
116extern int acltoownermode(char *path, struct stat *st, struct maccess *ma);
117extern int check_vol_acl_support(const struct vol *vol);
118#endif
119