1987da915Sopenharmony_ci/* 2987da915Sopenharmony_ci * 3987da915Sopenharmony_ci * Copyright (c) 2007-2008 Jean-Pierre Andre 4987da915Sopenharmony_ci * 5987da915Sopenharmony_ci */ 6987da915Sopenharmony_ci 7987da915Sopenharmony_ci/* 8987da915Sopenharmony_ci * This program is free software; you can redistribute it and/or modify 9987da915Sopenharmony_ci * it under the terms of the GNU General Public License as published by 10987da915Sopenharmony_ci * the Free Software Foundation; either version 2 of the License, or 11987da915Sopenharmony_ci * (at your option) any later version. 12987da915Sopenharmony_ci * 13987da915Sopenharmony_ci * This program is distributed in the hope that it will be useful, 14987da915Sopenharmony_ci * but WITHOUT ANY WARRANTY; without even the implied warranty of 15987da915Sopenharmony_ci * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16987da915Sopenharmony_ci * GNU General Public License for more details. 17987da915Sopenharmony_ci * 18987da915Sopenharmony_ci * You should have received a copy of the GNU General Public License 19987da915Sopenharmony_ci * along with this program (in the main directory of the NTFS-3G 20987da915Sopenharmony_ci * distribution in the file COPYING); if not, write to the Free Software 21987da915Sopenharmony_ci * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 22987da915Sopenharmony_ci */ 23987da915Sopenharmony_ci 24987da915Sopenharmony_ci#ifndef ACLS_H 25987da915Sopenharmony_ci#define ACLS_H 26987da915Sopenharmony_ci 27987da915Sopenharmony_ci#include "endians.h" 28987da915Sopenharmony_ci 29987da915Sopenharmony_ci/* 30987da915Sopenharmony_ci * JPA configuration modes for security.c / acls.c 31987da915Sopenharmony_ci * should be moved to some config file 32987da915Sopenharmony_ci */ 33987da915Sopenharmony_ci 34987da915Sopenharmony_ci#define BUFSZ 1024 /* buffer size to read mapping file */ 35987da915Sopenharmony_ci#define MAPPINGFILE ".NTFS-3G/UserMapping" /* default mapping file */ 36987da915Sopenharmony_ci#define LINESZ 120 /* maximum useful size of a mapping line */ 37987da915Sopenharmony_ci#define CACHE_PERMISSIONS_BITS 6 /* log2 of unitary allocation of permissions */ 38987da915Sopenharmony_ci#define CACHE_PERMISSIONS_SIZE 262144 /* max cacheable permissions */ 39987da915Sopenharmony_ci 40987da915Sopenharmony_ci/* 41987da915Sopenharmony_ci * Matching of ntfs permissions to Linux permissions 42987da915Sopenharmony_ci * these constants are adapted to endianness 43987da915Sopenharmony_ci * when setting, set them all 44987da915Sopenharmony_ci * when checking, check one is present 45987da915Sopenharmony_ci */ 46987da915Sopenharmony_ci 47987da915Sopenharmony_ci /* flags which are set to mean exec, write or read */ 48987da915Sopenharmony_ci 49987da915Sopenharmony_ci#define FILE_READ (FILE_READ_DATA) 50987da915Sopenharmony_ci#define FILE_WRITE (FILE_WRITE_DATA | FILE_APPEND_DATA \ 51987da915Sopenharmony_ci | READ_CONTROL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA) 52987da915Sopenharmony_ci#define FILE_EXEC (FILE_EXECUTE) 53987da915Sopenharmony_ci#define DIR_READ FILE_LIST_DIRECTORY 54987da915Sopenharmony_ci#define DIR_WRITE (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | FILE_DELETE_CHILD \ 55987da915Sopenharmony_ci | READ_CONTROL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA) 56987da915Sopenharmony_ci#define DIR_EXEC (FILE_TRAVERSE) 57987da915Sopenharmony_ci 58987da915Sopenharmony_ci /* flags tested for meaning exec, write or read */ 59987da915Sopenharmony_ci /* tests for write allow for interpretation of a sticky bit */ 60987da915Sopenharmony_ci 61987da915Sopenharmony_ci#define FILE_GREAD (FILE_READ_DATA | GENERIC_READ) 62987da915Sopenharmony_ci#define FILE_GWRITE (FILE_WRITE_DATA | FILE_APPEND_DATA | GENERIC_WRITE) 63987da915Sopenharmony_ci#define FILE_GEXEC (FILE_EXECUTE | GENERIC_EXECUTE) 64987da915Sopenharmony_ci#define DIR_GREAD (FILE_LIST_DIRECTORY | GENERIC_READ) 65987da915Sopenharmony_ci#define DIR_GWRITE (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | GENERIC_WRITE) 66987da915Sopenharmony_ci#define DIR_GEXEC (FILE_TRAVERSE | GENERIC_EXECUTE) 67987da915Sopenharmony_ci 68987da915Sopenharmony_ci /* standard owner (and administrator) rights */ 69987da915Sopenharmony_ci 70987da915Sopenharmony_ci#define OWNER_RIGHTS (DELETE | READ_CONTROL | WRITE_DAC | WRITE_OWNER \ 71987da915Sopenharmony_ci | SYNCHRONIZE \ 72987da915Sopenharmony_ci | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES \ 73987da915Sopenharmony_ci | FILE_READ_EA | FILE_WRITE_EA) 74987da915Sopenharmony_ci 75987da915Sopenharmony_ci /* standard world rights */ 76987da915Sopenharmony_ci 77987da915Sopenharmony_ci#define WORLD_RIGHTS (READ_CONTROL | FILE_READ_ATTRIBUTES | FILE_READ_EA \ 78987da915Sopenharmony_ci | SYNCHRONIZE) 79987da915Sopenharmony_ci 80987da915Sopenharmony_ci /* inheritance flags for files and directories */ 81987da915Sopenharmony_ci 82987da915Sopenharmony_ci#define FILE_INHERITANCE NO_PROPAGATE_INHERIT_ACE 83987da915Sopenharmony_ci#define DIR_INHERITANCE (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE) 84987da915Sopenharmony_ci 85987da915Sopenharmony_ci/* 86987da915Sopenharmony_ci * To identify NTFS ACL meaning Posix ACL granted to root 87987da915Sopenharmony_ci * we use rights always granted to anybody, so they have no impact 88987da915Sopenharmony_ci * either on Windows or on Linux. 89987da915Sopenharmony_ci */ 90987da915Sopenharmony_ci 91987da915Sopenharmony_ci#define ROOT_OWNER_UNMARK SYNCHRONIZE /* ACL granted to root as owner */ 92987da915Sopenharmony_ci#define ROOT_GROUP_UNMARK FILE_READ_EA /* ACL granted to root as group */ 93987da915Sopenharmony_ci 94987da915Sopenharmony_ci/* 95987da915Sopenharmony_ci * Maximum SID size and a type large enough to hold it 96987da915Sopenharmony_ci */ 97987da915Sopenharmony_ci 98987da915Sopenharmony_ci#define MAX_SID_SIZE (8 + SID_MAX_SUB_AUTHORITIES*4) 99987da915Sopenharmony_citypedef char BIGSID[MAX_SID_SIZE]; 100987da915Sopenharmony_ci 101987da915Sopenharmony_ci/* 102987da915Sopenharmony_ci * Struct to hold the input mapping file 103987da915Sopenharmony_ci * (private to this module) 104987da915Sopenharmony_ci */ 105987da915Sopenharmony_ci 106987da915Sopenharmony_cistruct MAPLIST { 107987da915Sopenharmony_ci struct MAPLIST *next; 108987da915Sopenharmony_ci char *uidstr; /* uid text from the same record */ 109987da915Sopenharmony_ci char *gidstr; /* gid text from the same record */ 110987da915Sopenharmony_ci char *sidstr; /* sid text from the same record */ 111987da915Sopenharmony_ci char maptext[LINESZ + 1]; 112987da915Sopenharmony_ci}; 113987da915Sopenharmony_ci 114987da915Sopenharmony_citypedef int (*FILEREADER)(void *fileid, char *buf, size_t size, off_t pos); 115987da915Sopenharmony_ci 116987da915Sopenharmony_ci/* 117987da915Sopenharmony_ci * Constants defined in acls.c 118987da915Sopenharmony_ci */ 119987da915Sopenharmony_ci 120987da915Sopenharmony_ciextern const SID *adminsid; 121987da915Sopenharmony_ciextern const SID *worldsid; 122987da915Sopenharmony_ci 123987da915Sopenharmony_ci/* 124987da915Sopenharmony_ci * Functions defined in acls.c 125987da915Sopenharmony_ci */ 126987da915Sopenharmony_ci 127987da915Sopenharmony_ciBOOL ntfs_valid_descr(const char *securattr, unsigned int attrsz); 128987da915Sopenharmony_ciBOOL ntfs_valid_pattern(const SID *sid); 129987da915Sopenharmony_ciBOOL ntfs_valid_sid(const SID *sid); 130987da915Sopenharmony_ciBOOL ntfs_same_sid(const SID *first, const SID *second); 131987da915Sopenharmony_ci 132987da915Sopenharmony_ciBOOL ntfs_is_user_sid(const SID *usid); 133987da915Sopenharmony_ci 134987da915Sopenharmony_ci 135987da915Sopenharmony_ciint ntfs_sid_size(const SID * sid); 136987da915Sopenharmony_ciunsigned int ntfs_attr_size(const char *attr); 137987da915Sopenharmony_ci 138987da915Sopenharmony_ciconst SID *ntfs_find_usid(const struct MAPPING *usermapping, 139987da915Sopenharmony_ci uid_t uid, SID *pdefsid); 140987da915Sopenharmony_ciconst SID *ntfs_find_gsid(const struct MAPPING *groupmapping, 141987da915Sopenharmony_ci gid_t gid, SID *pdefsid); 142987da915Sopenharmony_ciuid_t ntfs_find_user(const struct MAPPING *usermapping, const SID *usid); 143987da915Sopenharmony_cigid_t ntfs_find_group(const struct MAPPING *groupmapping, const SID * gsid); 144987da915Sopenharmony_ciconst SID *ntfs_acl_owner(const char *secattr); 145987da915Sopenharmony_ci 146987da915Sopenharmony_ci#if POSIXACLS 147987da915Sopenharmony_ci 148987da915Sopenharmony_ciBOOL ntfs_valid_posix(const struct POSIX_SECURITY *pxdesc); 149987da915Sopenharmony_civoid ntfs_sort_posix(struct POSIX_SECURITY *pxdesc); 150987da915Sopenharmony_ciint ntfs_merge_mode_posix(struct POSIX_SECURITY *pxdesc, mode_t mode); 151987da915Sopenharmony_cistruct POSIX_SECURITY *ntfs_build_inherited_posix( 152987da915Sopenharmony_ci const struct POSIX_SECURITY *pxdesc, mode_t mode, 153987da915Sopenharmony_ci mode_t umask, BOOL isdir); 154987da915Sopenharmony_cistruct POSIX_SECURITY *ntfs_build_basic_posix( 155987da915Sopenharmony_ci const struct POSIX_SECURITY *pxdesc, mode_t mode, 156987da915Sopenharmony_ci mode_t umask, BOOL isdir); 157987da915Sopenharmony_cistruct POSIX_SECURITY *ntfs_replace_acl(const struct POSIX_SECURITY *oldpxdesc, 158987da915Sopenharmony_ci const struct POSIX_ACL *newacl, int count, BOOL deflt); 159987da915Sopenharmony_cistruct POSIX_SECURITY *ntfs_build_permissions_posix( 160987da915Sopenharmony_ci struct MAPPING* const mapping[], 161987da915Sopenharmony_ci const char *securattr, 162987da915Sopenharmony_ci const SID *usid, const SID *gsid, BOOL isdir); 163987da915Sopenharmony_cistruct POSIX_SECURITY *ntfs_merge_descr_posix(const struct POSIX_SECURITY *first, 164987da915Sopenharmony_ci const struct POSIX_SECURITY *second); 165987da915Sopenharmony_cichar *ntfs_build_descr_posix(struct MAPPING* const mapping[], 166987da915Sopenharmony_ci struct POSIX_SECURITY *pxdesc, 167987da915Sopenharmony_ci int isdir, const SID *usid, const SID *gsid); 168987da915Sopenharmony_ci 169987da915Sopenharmony_ci#endif /* POSIXACLS */ 170987da915Sopenharmony_ci 171987da915Sopenharmony_ciint ntfs_inherit_acl(const ACL *oldacl, ACL *newacl, 172987da915Sopenharmony_ci const SID *usid, const SID *gsid, 173987da915Sopenharmony_ci BOOL fordir, le16 inherited); 174987da915Sopenharmony_ciint ntfs_build_permissions(const char *securattr, 175987da915Sopenharmony_ci const SID *usid, const SID *gsid, BOOL isdir); 176987da915Sopenharmony_cichar *ntfs_build_descr(mode_t mode, 177987da915Sopenharmony_ci int isdir, const SID * usid, const SID * gsid); 178987da915Sopenharmony_cistruct MAPLIST *ntfs_read_mapping(FILEREADER reader, void *fileid); 179987da915Sopenharmony_cistruct MAPPING *ntfs_do_user_mapping(struct MAPLIST *firstitem); 180987da915Sopenharmony_cistruct MAPPING *ntfs_do_group_mapping(struct MAPLIST *firstitem); 181987da915Sopenharmony_civoid ntfs_free_mapping(struct MAPPING *mapping[]); 182987da915Sopenharmony_ci 183987da915Sopenharmony_ci#endif /* ACLS_H */ 184987da915Sopenharmony_ci 185