From patchwork Tue Aug 23 19:03:43 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shirish Pargaonkar X-Patchwork-Id: 1089422 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.4) with ESMTP id p7NIw3oF009681 for ; Tue, 23 Aug 2011 18:58:11 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755516Ab1HWS6L (ORCPT ); Tue, 23 Aug 2011 14:58:11 -0400 Received: from mail-gx0-f174.google.com ([209.85.161.174]:53254 "EHLO mail-gx0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750923Ab1HWS6K (ORCPT ); Tue, 23 Aug 2011 14:58:10 -0400 Received: by gxk21 with SMTP id 21so323475gxk.19 for ; Tue, 23 Aug 2011 11:58:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; bh=UjcQbyaYdJhmixSBElHiqTqoPukUcffnbW9xl8573tU=; b=VITZRji0sVgvQSnrr9o5rrMsPQR8jWm8X6L6cYK6KahJ8Tx1HLucVOU/3Kfsmhk8yz QZgRdqnUVVhkNpQRZ5unjTP139CtJrO9DNbLAD75vj/upRCjGFMq/x+4LL3vWLV7wVVc GhI3Ih5VsNcTig/5kuEB4v+20CJLPWN4wieZM= Received: by 10.236.154.199 with SMTP id h47mr25623832yhk.81.1314125889631; Tue, 23 Aug 2011 11:58:09 -0700 (PDT) Received: from localhost ([32.97.110.58]) by mx.google.com with ESMTPS id a29sm324096yhj.17.2011.08.23.11.58.08 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 23 Aug 2011 11:58:08 -0700 (PDT) From: shirishpargaonkar@gmail.com To: jlayton@samba.org Cc: linux-cifs@vger.kernel.org, Shirish Pargaonkar Subject: [PATCH 1/8] cifs-utils: cifsacl utilities: Add file cifsacl.h (try #2) Date: Tue, 23 Aug 2011 14:03:43 -0500 Message-Id: <1314126223-11966-1-git-send-email-shirishpargaonkar@gmail.com> X-Mailer: git-send-email 1.6.0.2 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Tue, 23 Aug 2011 18:58:15 +0000 (UTC) From: Shirish Pargaonkar Add defines and structures related to security descriptor, ACL, ACE, various fields within an ACE, and SID. Also define various file permissions and acess types. Signed-off-by: Shirish Pargaonkar --- cifsacl.h | 136 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 136 insertions(+), 0 deletions(-) create mode 100644 cifsacl.h diff --git a/cifsacl.h b/cifsacl.h new file mode 100644 index 0000000..4ea7fd4 --- /dev/null +++ b/cifsacl.h @@ -0,0 +1,136 @@ +/* +* Header file for getcifsacl and setcifsacl utilities +* +* Copyright (C) Shirish Pargaonkar (shirishp@us.ibm.com) 2011 +* +* Has various access rights, security descriptor fields defines +* and data structures related to security descriptor, DACL, ACE, +* and SID. +* +* This program is free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation; either version 2 of the License, or +* (at your option) any later version. +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software +* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +#ifndef _CIFSACL_H +#define _CIFSACL_H + +#define BUFSIZE 1024 +#define ATTRNAME "system.cifs_acl" + +#define MAX_NUM_AUTHS 6 + +/* File specific rights */ +#define READ_DATA 0x00000001 /* R */ +#define WRITE_DATA 0x00000002 /* W */ +#define APPEND_DATA 0x00000004 /* A */ +#define READ_EA 0x00000008 /* REA */ +#define WRITE_EA 0x00000010 /* WEA */ +#define EXEC 0x00000020 /* E */ +#define DELDHLD 0x00000040 /* DC */ +#define READ_ATTR 0x00000080 /* RA */ +#define WRITE_ATTR 0x00000100 /* WA */ + +/* Standard rights */ +#define DELETE 0x00010000 /* D */ +#define READ_CONTROL 0x00020000 /* RC */ +#define WRITE_DAC 0x00040000 /* P */ +#define WRITE_OWNER 0x00080000 /* O */ +#define SYNC 0x00100000 /* S */ + +/* Generic rights */ +#define SYSSEC 0x01000000 +#define MAX 0x02000000 +#define ALL 0x10000000 +#define EXECUTE 0x20000000 /* GE */ +#define WRITE 0x40000000 /* GW */ +#define READ 0x80000000 /* GR */ + +/* D | RC | P | O | S | R | W | A | E | DC | REA | WEA | RA | WA */ +#define FULL_CONTROL 0x001f01ff + +/* RC | S | R | E | REA | RA */ +#define EREAD 0x001200a9 + +/* RC | S | R | E | REA | GR | GE */ +#define OREAD 0xa01200a1 + +/* RC | S | R | REA | RA */ +#define BREAD 0x00120089 + +/* W | A | WA | WEA| */ +#define EWRITE 0x00000116 + +/* D | RC | S | R | W | A | E |REA | WEA | RA | WA */ +#define CHANGE 0x001301bf + +/* GR | RC | REA | RA | REA | R */ +#define ALL_READ_BITS 0x80020089 + +/* WA | WEA | A | W */ +#define ALL_WRITE_BITS 0x40000116 + +#define OBJECT_INHERIT_FLAG 0x01 /* OI */ +#define CONTAINER_INHERIT_FLAG 0x02 /* CI */ +#define NO_PROPAGATE_INHERIT_FLAG 0x04 /* NP */ +#define INHERIT_ONLY_FLAG 0x08 /* IO */ +#define INHERITED_ACE_FLAG 0x10 /* I */ +#define VFLAGS 0x1f + +#define ACCESS_ALLOWED 0 /* ALLOWED */ +#define ACCESS_DENIED 1 /* DENIED */ +#define ACCESS_ALLOWED_OBJECT 5 /* OBJECT_ALLOWED */ +#define ACCESS_DENIED_OBJECT 6 /* OBJECT_DENIED */ + +#define COMPSID 0x1 +#define COMPTYPE 0x2 +#define COMPFLAG 0x4 +#define COMPMASK 0x8 +#define COMPALL 0xf /* COMPSID | COMPTYPE | COMPFLAG | COMPMASK */ + +enum ace_action { + acedelete = 0, + acemodify, + aceadd, + aceset +}; + +struct cifs_ntsd { + uint16_t revision; /* revision level */ + uint16_t type; + uint32_t osidoffset; + uint32_t gsidoffset; + uint32_t sacloffset; + uint32_t dacloffset; +}; + +struct cifs_sid { + uint8_t revision; /* revision level */ + uint8_t num_subauth; + uint8_t authority[6]; + uint32_t sub_auth[5]; /* sub_auth[num_subauth] */ +}; + +struct cifs_ctrl_acl { + uint16_t revision; /* revision level */ + uint16_t size; + uint32_t num_aces; +}; + +struct cifs_ace { + uint8_t type; + uint8_t flags; + uint16_t size; + uint32_t access_req; + struct cifs_sid sid; /* ie UUID of user or group who gets these perms */ +}; + +#endif /* CIFSACL_H */