/* SPDX-License-Identifier: LGPL-2.1 */ /* * * Copyright (c) International Business Machines Corp., 2007 * Author(s): Steve French ([email protected]) * */ #ifndef _CIFSACL_H #define _CIFSACL_H #define NUM_AUTHS … #define SID_MAX_SUB_AUTHORITIES … #define READ_BIT … #define WRITE_BIT … #define EXEC_BIT … #define ACL_OWNER_MASK … #define ACL_GROUP_MASK … #define ACL_EVERYONE_MASK … #define UBITSHIFT … #define GBITSHIFT … #define ACCESS_ALLOWED … #define ACCESS_DENIED … #define SIDOWNER … #define SIDGROUP … /* * Security Descriptor length containing DACL with 3 ACEs (one each for * owner, group and world). */ #define DEFAULT_SEC_DESC_LEN … /* * Maximum size of a string representation of a SID: * * The fields are unsigned values in decimal. So: * * u8: max 3 bytes in decimal * u32: max 10 bytes in decimal * * "S-" + 3 bytes for version field + 15 for authority field + NULL terminator * * For authority field, max is when all 6 values are non-zero and it must be * represented in hex. So "-0x" + 12 hex digits. * * Add 11 bytes for each subauthority field (10 bytes each + 1 for '-') */ #define SID_STRING_BASE_SIZE … #define SID_STRING_SUBAUTH_SIZE … struct cifs_ntsd { … } __attribute__((packed)); struct cifs_sid { … } __attribute__((packed)); /* size of a struct cifs_sid, sans sub_auth array */ #define CIFS_SID_BASE_SIZE … struct cifs_acl { … } __attribute__((packed)); /* ACE types - see MS-DTYP 2.4.4.1 */ #define ACCESS_ALLOWED_ACE_TYPE … #define ACCESS_DENIED_ACE_TYPE … #define SYSTEM_AUDIT_ACE_TYPE … #define SYSTEM_ALARM_ACE_TYPE … #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE … #define ACCESS_ALLOWED_OBJECT_ACE_TYPE … #define ACCESS_DENIED_OBJECT_ACE_TYPE … #define SYSTEM_AUDIT_OBJECT_ACE_TYPE … #define SYSTEM_ALARM_OBJECT_ACE_TYPE … #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE … #define ACCESS_DENIED_CALLBACK_ACE_TYPE … #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE … #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE … #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE … #define SYSTEM_ALARM_CALLBACK_ACE_TYPE … #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE … #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE … #define SYSTEM_MANDATORY_LABEL_ACE_TYPE … #define SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE … #define SYSTEM_SCOPED_POLICY_ID_ACE_TYPE … /* ACE flags */ #define OBJECT_INHERIT_ACE … #define CONTAINER_INHERIT_ACE … #define NO_PROPAGATE_INHERIT_ACE … #define INHERIT_ONLY_ACE … #define INHERITED_ACE … #define SUCCESSFUL_ACCESS_ACE_FLAG … #define FAILED_ACCESS_ACE_FLAG … struct cifs_ace { … } __attribute__((packed)); /* * The current SMB3 form of security descriptor is similar to what was used for * cifs (see above) but some fields are split, and fields in the struct below * matches names of fields to the spec, MS-DTYP (see sections 2.4.5 and * 2.4.6). Note that "CamelCase" fields are used in this struct in order to * match the MS-DTYP and MS-SMB2 specs which define the wire format. */ struct smb3_sd { … } __packed; /* Meaning of 'Control' field flags */ #define ACL_CONTROL_SR … #define ACL_CONTROL_RM … #define ACL_CONTROL_PS … #define ACL_CONTROL_PD … #define ACL_CONTROL_SI … #define ACL_CONTROL_DI … #define ACL_CONTROL_SC … #define ACL_CONTROL_DC … #define ACL_CONTROL_SS … #define ACL_CONTROL_DT … #define ACL_CONTROL_SD … #define ACL_CONTROL_SP … #define ACL_CONTROL_DD … #define ACL_CONTROL_DP … #define ACL_CONTROL_GD … #define ACL_CONTROL_OD … /* Meaning of AclRevision flags */ #define ACL_REVISION … #define ACL_REVISION_DS … struct smb3_acl { … } __packed; /* * Used to store the special 'NFS SIDs' used to persist the POSIX uid and gid * See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx */ struct owner_sid { … } __packed; struct owner_group_sids { … } __packed; /* * Minimum security identifier can be one for system defined Users * and Groups such as NULL SID and World or Built-in accounts such * as Administrator and Guest and consists of * Revision + Num (Sub)Auths + Authority + Domain (one Subauthority) */ #define MIN_SID_LEN … /* * Minimum security descriptor can be one without any SACL and DACL and can * consist of revision, type, and two sids of minimum size for owner and group */ #define MIN_SEC_DESC_LEN … #endif /* _CIFSACL_H */
Codebase Browser
linux