netatalk  4.4.0dev
Free and Open Source Apple Filing Protocol (AFP) Server
Loading...
Searching...
No Matches
acls.h
Go to the documentation of this file.
1/*
2 Copyright (c) 2008,2009 Frank Lahm <[email protected]>
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13 */
14
15#ifndef AFPD_ACLS_H
16#define AFPD_ACLS_H
17
18#ifdef HAVE_FREEBSD_SUNACL
19#include <sunacl.h>
20#endif
21
22#ifdef HAVE_SOLARIS_ACLS
23#include <sys/acl.h>
24#endif
25
26/* for atalk_uuid_t */
27#include <atalk/uuid.h>
28
29#include "directory.h"
30
31/*
32 * This is what Apple says about ACL flags in sys/kauth.h:
33 *
34 * <Apple> The low 16 bits of the flags field are reserved for filesystem
35 * internal use and must be preserved by all APIs. This includes
36 * round-tripping flags through user-space interfaces.
37 * The high 16 bits of the flags are used to store attributes and
38 * to request specific handling of the ACL. </Apple>
39 *
40 * The constants are included for reference. We DONT expect them on
41 * the wire! We will ignore and spoil em.
42 */
43
44#ifdef HAVE_NFSV4_ACLS
45/* Some stuff for the handling of NFSv4 ACLs */
46#define ACE_TRIVIAL (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)
47#endif /* HAVE_NFSV4_ACLS */
48
49/* FPGet|Set Bitmap */
50enum {
51 kFileSec_UUID = (1 << 0),
52 kFileSec_GRPUUID = (1 << 1),
53 kFileSec_ACL = (1 << 2),
54 kFileSec_REMOVEACL = (1 << 3),
55 kFileSec_Inherit = (1 << 4)
56};
57
58/* ACL Flags */
59#define DARWIN_ACL_FLAGS_PRIVATE (0xffff)
60/* inheritance will be deferred until the first rename operation */
61#define KAUTH_ACL_DEFER_INHERIT (1<<16)
62/* this ACL must not be overwritten as part of an inheritance operation */
63#define KAUTH_ACL_NO_INHERIT (1<<17)
64
65/* ACE Flags */
66#define DARWIN_ACE_FLAGS_KINDMASK 0xf
67/* 0x00000001 */
68#define DARWIN_ACE_FLAGS_PERMIT (1<<0)
69/* 0x00000002 */
70#define DARWIN_ACE_FLAGS_DENY (1<<1)
71/* 0x00000010 */
72#define DARWIN_ACE_FLAGS_INHERITED (1<<4)
73/* 0x00000020 */
74#define DARWIN_ACE_FLAGS_FILE_INHERIT (1<<5)
75/* 0x00000040 */
76#define DARWIN_ACE_FLAGS_DIRECTORY_INHERIT (1<<6)
77/* 0x00000080 */
78#define DARWIN_ACE_FLAGS_LIMIT_INHERIT (1<<7)
79/* 0x00000100 */
80#define DARWIN_ACE_FLAGS_ONLY_INHERIT (1<<8)
81
82/* All flag bits controlling ACE inheritance */
83#define DARWIN_ACE_INHERIT_CONTROL_FLAGS \
84 (DARWIN_ACE_FLAGS_FILE_INHERIT |\
85 DARWIN_ACE_FLAGS_DIRECTORY_INHERIT |\
86 DARWIN_ACE_FLAGS_LIMIT_INHERIT |\
87 DARWIN_ACE_FLAGS_ONLY_INHERIT)
88
89/* ACE Rights */
90#define DARWIN_ACE_READ_DATA 0x00000002
91#define DARWIN_ACE_LIST_DIRECTORY 0x00000002
92#define DARWIN_ACE_WRITE_DATA 0x00000004
93#define DARWIN_ACE_ADD_FILE 0x00000004
94#define DARWIN_ACE_EXECUTE 0x00000008
95#define DARWIN_ACE_SEARCH 0x00000008
96#define DARWIN_ACE_DELETE 0x00000010
97#define DARWIN_ACE_APPEND_DATA 0x00000020
98#define DARWIN_ACE_ADD_SUBDIRECTORY 0x00000020
99#define DARWIN_ACE_DELETE_CHILD 0x00000040
100#define DARWIN_ACE_READ_ATTRIBUTES 0x00000080
101#define DARWIN_ACE_WRITE_ATTRIBUTES 0x00000100
102#define DARWIN_ACE_READ_EXTATTRIBUTES 0x00000200
103#define DARWIN_ACE_WRITE_EXTATTRIBUTES 0x00000400
104#define DARWIN_ACE_READ_SECURITY 0x00000800
105#define DARWIN_ACE_WRITE_SECURITY 0x00001000
106#define DARWIN_ACE_TAKE_OWNERSHIP 0x00002000
107
108/* Access Control List Entry (ACE) */
114
115/* Access Control List */
116typedef struct {
117 uint32_t darwin_acl_count;
118 uint32_t darwin_acl_flags;
119} darwin_acl_header_t;
120
121/* FP functions */
122int afp_access(AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf,
123 size_t *rbuflen);
124int afp_getacl(AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf,
125 size_t *rbuflen);
126int afp_setacl(AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf,
127 size_t *rbuflen);
128
129/* Misc funcs */
130extern int acltoownermode(const AFPObj *obj, const struct vol *vol, char *path,
131 struct stat *st, struct maccess *ma);
132#endif
kFileSec_REMOVEACL
@ kFileSec_REMOVEACL
Definition acls.h:54
kFileSec_UUID
@ kFileSec_UUID
Definition acls.h:51
kFileSec_Inherit
@ kFileSec_Inherit
Definition acls.h:55
kFileSec_ACL
@ kFileSec_ACL
Definition acls.h:53
kFileSec_GRPUUID
@ kFileSec_GRPUUID
Definition acls.h:52
afp_getacl
int afp_getacl(AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
afp_setacl
int afp_setacl(AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
acltoownermode
int acltoownermode(const AFPObj *obj, const struct vol *vol, char *path, struct stat *st, struct maccess *ma)
Definition acls.c:1981
afp_access
int afp_access(AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
rbuflen
static size_t rbuflen
Definition afpfunc_helpers.c:45
rbuf
static char rbuf[rbufsize]
Definition afpfunc_helpers.c:44
obj
static AFPObj obj
Definition netatalk.c:62
AFPObj
Definition globals.h:154
darwin_ace_t
Definition acls.h:109
darwin_ace_t::darwin_ace_uuid
atalk_uuid_t darwin_ace_uuid
Definition acls.h:110
darwin_ace_t::darwin_ace_flags
uint32_t darwin_ace_flags
Definition acls.h:111
darwin_ace_t::darwin_ace_rights
uint32_t darwin_ace_rights
Definition acls.h:112
darwin_acl_header_t
Definition acls.h:116
darwin_acl_header_t::darwin_acl_flags
uint32_t darwin_acl_flags
Definition acls.h:118
darwin_acl_header_t::darwin_acl_count
uint32_t darwin_acl_count
Definition acls.h:117
maccess
Definition etc/afpd/directory.h:68
path
Definition include/atalk/directory.h:97
vol
Definition include/atalk/volume.h:32
atalk_uuid_t
unsigned char atalk_uuid_t[UUID_BINSIZE]
Definition uuid.h:21