diff options
| author | Boris Protopopov <pboris@amazon.com> | 2020-11-19 21:40:42 +0000 |
|---|---|---|
| committer | Pavel Shilovsky <pshilov@microsoft.com> | 2020-12-16 15:51:19 -0800 |
| commit | c3f8e814f8b3339b3f9cc86333a72c4bd7621070 (patch) | |
| tree | c7f0d158df36e9d4d011e02ec5503c8c1f61b028 /cifsacl.h | |
| parent | 6da2dd375de7fa4d9f553128fc2580d536cb04b1 (diff) | |
| download | cifs-utils-c3f8e814f8b3339b3f9cc86333a72c4bd7621070.tar.gz cifs-utils-c3f8e814f8b3339b3f9cc86333a72c4bd7621070.tar.bz2 cifs-utils-c3f8e814f8b3339b3f9cc86333a72c4bd7621070.zip | |
Extend cifs acl utilities to handle SACLs
Extend getcifsacl/setcifsacl utilities to handle System ACLs (SACLs)
in addition to Discretionary ACLs (DACLs). The SACL extensions depend
on CIFS client support for system.cifs_ntsd_full extended attribute.
Signed-off-by: Boris Protopopov <pboris@amazon.com>
Diffstat (limited to 'cifsacl.h')
| -rw-r--r-- | cifsacl.h | 57 |
1 files changed, 42 insertions, 15 deletions
@@ -25,13 +25,19 @@ #ifndef _CIFSACL_H #define _CIFSACL_H -#define BUFSIZE 1024 -#define ATTRNAME "system.cifs_acl" -#define ATTRNAME_ACL ATTRNAME -#define ATTRNAME_NTSD "system.cifs_ntsd" +#define BUFSIZE 1024 +#define ATTRNAME "system.cifs_acl" +#define ATTRNAME_ACL ATTRNAME +#define ATTRNAME_NTSD "system.cifs_ntsd" +#define ATTRNAME_NTSD_FULL "system.cifs_ntsd_full" #define MAX_NUM_AUTHS 6 +typedef enum { + ACE_KIND_DACL, + ACE_KIND_SACL +} ace_kinds; + /* File specific rights */ #define READ_DATA 0x00000001 /* R */ #define WRITE_DATA 0x00000002 /* W */ @@ -82,17 +88,36 @@ /* WA | WEA | A | W */ #define ALL_WRITE_BITS 0x40000116 -#define OBJECT_INHERIT_FLAG 0x01 /* OI */ -#define CONTAINER_INHERIT_FLAG 0x02 /* CI */ -#define NO_PROPAGATE_INHERIT_FLAG 0x04 /* NP */ -#define INHERIT_ONLY_FLAG 0x08 /* IO */ -#define INHERITED_ACE_FLAG 0x10 /* I */ -#define VFLAGS (OBJECT_INHERIT_FLAG|CONTAINER_INHERIT_FLAG|NO_PROPAGATE_INHERIT_FLAG|INHERIT_ONLY_FLAG|INHERITED_ACE_FLAG) - -#define ACCESS_ALLOWED 0 /* ALLOWED */ -#define ACCESS_DENIED 1 /* DENIED */ -#define ACCESS_ALLOWED_OBJECT 5 /* OBJECT_ALLOWED */ -#define ACCESS_DENIED_OBJECT 6 /* OBJECT_DENIED */ +/* R | W | A | REA | WEA | E | DC | RA | EA | D | RC | P | O */ +#define ALL_ACCESS_BITS 0x000f01ff + +/* ace flags */ +#define OBJECT_INHERIT_FLAG 0x01 /* OI */ +#define CONTAINER_INHERIT_FLAG 0x02 /* CI */ +#define NO_PROPAGATE_INHERIT_FLAG 0x04 /* NP */ +#define INHERIT_ONLY_FLAG 0x08 /* IO */ +#define INHERITED_ACE_FLAG 0x10 /* I */ +#define DACL_VFLAGS (OBJECT_INHERIT_FLAG|CONTAINER_INHERIT_FLAG|NO_PROPAGATE_INHERIT_FLAG|INHERIT_ONLY_FLAG|INHERITED_ACE_FLAG) + +#define SUCCESSFUL_ACCESS 0x40 /* SA */ +#define FAILED_ACCESS 0x80 /* FA */ +#define SACL_VFLAGS (SUCCESSFUL_ACCESS | FAILED_ACCESS) + +/* ace types */ +#define ACCESS_ALLOWED 0 /* ALLOWED */ +#define ACCESS_DENIED 1 /* DENIED */ +#define SYSTEM_AUDIT 2 /* AUDIT */ +#define ACCESS_ALLOWED_OBJECT 5 /* OBJECT_ALLOWED */ +#define ACCESS_DENIED_OBJECT 6 /* OBJECT_DENIED */ +#define SYSTEM_AUDIT_OBJECT 7 /* AUDIT_OBJECT */ +#define SYSTEM_AUDIT_CALLBACK 13 /* AUDIT_CALLBACK */ +#define SYSTEM_AUDIT_CALLBACK_OBJECT 15 /* AUDIT_CALLBACK_OBJECT */ +#define SYSTEM_MANDATORY_LABEL 17 /* MANDATORY_LABEL */ +#define SYSTEM_RESOURCE_ATTRIBUTE 18 /* RESOURCE_ATTRIBUTE */ +#define SYSTEM_SCOPED_POLICY_ID 19 /* SCOPED_POLICY_ID */ + +#define DACL_VTYPES (ACCESS_ALLOWED | ACCESS_DENIED | ACCESS_ALLOWED_OBJECT | ACCESS_DENIED_OBJECT) +#define SACL_VTYPES (SYSTEM_AUDIT | SYSTEM_AUDIT_OBJECT | SYSTEM_AUDIT_CALLBACK | SYSTEM_AUDIT_CALLBACK_OBJECT | SYSTEM_MANDATORY_LABEL | SYSTEM_RESOURCE_ATTRIBUTE | SYSTEM_SCOPED_POLICY_ID) #define COMPSID 0x1 #define COMPTYPE 0x2 @@ -100,6 +125,8 @@ #define COMPMASK 0x8 #define COMPALL (COMPSID|COMPTYPE|COMPFLAG|COMPMASK) +#define DEFAULT_ACL_REVISION 0x2 + /* * While not indicated here, the structs below represent on-the-wire data * structures. Any multi-byte values are expected to be little-endian! |