|
Packit |
b0b924 |
/* Copyright (c) 2002, 2003, 2006 The Regents of the University of Michigan.
|
|
Packit |
b0b924 |
* All rights reserved.
|
|
Packit |
b0b924 |
*
|
|
Packit |
b0b924 |
* Redistribution and use in source and binary forms, with or without
|
|
Packit |
b0b924 |
* modification, are permitted provided that the following conditions
|
|
Packit |
b0b924 |
* are met:
|
|
Packit |
b0b924 |
*
|
|
Packit |
b0b924 |
* 1. Redistributions of source code must retain the above copyright
|
|
Packit |
b0b924 |
* notice, this list of conditions and the following disclaimer.
|
|
Packit |
b0b924 |
* 2. Redistributions in binary form must reproduce the above copyright
|
|
Packit |
b0b924 |
* notice, this list of conditions and the following disclaimer in the
|
|
Packit |
b0b924 |
* documentation and/or other materials provided with the distribution.
|
|
Packit |
b0b924 |
* 3. Neither the name of the University nor the names of its
|
|
Packit |
b0b924 |
* contributors may be used to endorse or promote products derived
|
|
Packit |
b0b924 |
* from this software without specific prior written permission.
|
|
Packit |
b0b924 |
*
|
|
Packit |
b0b924 |
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
Packit |
b0b924 |
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
Packit |
b0b924 |
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
Packit |
b0b924 |
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
Packit |
b0b924 |
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
Packit |
b0b924 |
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
Packit |
b0b924 |
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
|
Packit |
b0b924 |
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
Packit |
b0b924 |
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
Packit |
b0b924 |
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
Packit |
b0b924 |
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
Packit |
b0b924 |
*/
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
#ifndef LIBACL_NFS4_H
|
|
Packit |
b0b924 |
#define LIBACL_NFS4_H 1
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
#include <sys/types.h>
|
|
Packit |
b0b924 |
#include <pwd.h>
|
|
Packit |
b0b924 |
#include <grp.h>
|
|
Packit |
b0b924 |
#include <stdlib.h>
|
|
Packit |
b0b924 |
#include <stdio.h>
|
|
Packit |
b0b924 |
#include <sys/queue.h>
|
|
Packit |
b0b924 |
#include <sys/errno.h>
|
|
Packit |
b0b924 |
#include <string.h>
|
|
Packit |
b0b924 |
#include "nfs4.h"
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/* flags'/perms' corresponding display characters */
|
|
Packit |
b0b924 |
#define TYPE_ALLOW 'A'
|
|
Packit |
b0b924 |
#define TYPE_DENY 'D'
|
|
Packit |
b0b924 |
#define TYPE_AUDIT 'U'
|
|
Packit |
b0b924 |
#define TYPE_ALARM 'L'
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
#define FLAG_FILE_INHERIT 'f'
|
|
Packit |
b0b924 |
#define FLAG_DIR_INHERIT 'd'
|
|
Packit |
b0b924 |
#define FLAG_NO_PROPAGATE_INHERIT 'n'
|
|
Packit |
b0b924 |
#define FLAG_INHERIT_ONLY 'i'
|
|
Packit |
b0b924 |
#define FLAG_SUCCESSFUL_ACCESS 'S'
|
|
Packit |
b0b924 |
#define FLAG_FAILED_ACCESS 'F'
|
|
Packit |
b0b924 |
#define FLAG_GROUP 'g'
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
#define PERM_READ_DATA 'r'
|
|
Packit |
b0b924 |
#define PERM_WRITE_DATA 'w'
|
|
Packit |
b0b924 |
#define PERM_APPEND_DATA 'a'
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
#define PERM_LIST_DIR PERM_READ_DATA
|
|
Packit |
b0b924 |
#define PERM_CREATE_FILE PERM_WRITE_DATA
|
|
Packit |
b0b924 |
#define PERM_CREATE_SUBDIR PERM_APPEND_DATA
|
|
Packit |
b0b924 |
#define PERM_DELETE_CHILD 'D'
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
#define PERM_DELETE 'd'
|
|
Packit |
b0b924 |
#define PERM_EXECUTE 'x'
|
|
Packit |
b0b924 |
#define PERM_READ_ATTR 't'
|
|
Packit |
b0b924 |
#define PERM_WRITE_ATTR 'T'
|
|
Packit |
b0b924 |
#define PERM_READ_NAMED_ATTR 'n'
|
|
Packit |
b0b924 |
#define PERM_WRITE_NAMED_ATTR 'N'
|
|
Packit |
b0b924 |
#define PERM_READ_ACL 'c'
|
|
Packit |
b0b924 |
#define PERM_WRITE_ACL 'C'
|
|
Packit |
b0b924 |
#define PERM_WRITE_OWNER 'o'
|
|
Packit |
b0b924 |
#define PERM_SYNCHRONIZE 'y'
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
#define PERM_GENERIC_READ 'R'
|
|
Packit |
b0b924 |
#define PERM_GENERIC_WRITE 'W'
|
|
Packit |
b0b924 |
#define PERM_GENERIC_EXECUTE 'X'
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/* mode bit translations: */
|
|
Packit |
b0b924 |
#define NFS4_READ_MODE NFS4_ACE_READ_DATA
|
|
Packit |
b0b924 |
#define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA \
|
|
Packit |
b0b924 |
| NFS4_ACE_APPEND_DATA | NFS4_ACE_DELETE_CHILD)
|
|
Packit |
b0b924 |
#define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE
|
|
Packit |
b0b924 |
#define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | \
|
|
Packit |
b0b924 |
NFS4_ACE_SYNCHRONIZE)
|
|
Packit |
b0b924 |
#define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL)
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/* flags used to simulate posix default ACLs */
|
|
Packit |
b0b924 |
#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \
|
|
Packit |
b0b924 |
| NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE)
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/*
|
|
Packit |
b0b924 |
* NFS4_MAX_ACESIZE -- the number of bytes in the string representation we
|
|
Packit |
b0b924 |
* read in (not the same as on-the-wire, which is also not the same as how
|
|
Packit |
b0b924 |
* NFSD actually stores the ACEs).
|
|
Packit |
b0b924 |
*
|
|
Packit |
b0b924 |
* Note that right now NFSD tolerates at most 170 ACEs, regardless of size,
|
|
Packit |
b0b924 |
* and linux in general tolerates at most 64KB xattrs.
|
|
Packit |
b0b924 |
*
|
|
Packit |
b0b924 |
* : 3 of these
|
|
Packit |
b0b924 |
* type 1
|
|
Packit |
b0b924 |
* flag 7 (total number of flag characters)
|
|
Packit |
b0b924 |
* who NFS4_MAX_PRINCIPALSIZE (user:128, domain:256, '@':1, NULL:1)
|
|
Packit |
b0b924 |
* mask 14 (total number of dir + common mask characters)
|
|
Packit |
b0b924 |
*
|
|
Packit |
b0b924 |
* which equals 410. let's try that for now.
|
|
Packit |
b0b924 |
*/
|
|
Packit |
b0b924 |
#define NFS4_MAX_ACESIZE (3 + 1 + 7 + NFS4_MAX_PRINCIPALSIZE + 14)
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/*
|
|
Packit |
b0b924 |
* NFS4_MAX_ACLSIZE -- the number of bytes in the string representation
|
|
Packit |
b0b924 |
* of a whole ACL, regardless of the number of ACEs; used to set buffer
|
|
Packit |
b0b924 |
* sizes. since linux limits xattrs to 64KB anyway, we don't have to
|
|
Packit |
b0b924 |
* worry about/can't really handle huge ACLs. while the string
|
|
Packit |
b0b924 |
* representation doesn't directly compare to the xattr size, this
|
|
Packit |
b0b924 |
* is probably a reasonable guess.
|
|
Packit |
b0b924 |
*/
|
|
Packit |
b0b924 |
#define NFS4_MAX_ACLSIZE (65536)
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/* NFS4 acl xattr name */
|
|
Packit |
b0b924 |
#define ACL_NFS4_XATTR "system.nfs4_acl"
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/* Macro for finding empty tailqs */
|
|
Packit |
b0b924 |
#define TAILQ_IS_EMPTY(head) (head.tqh_first == NULL)
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/* Flags to pass certain properties around */
|
|
Packit |
b0b924 |
#define NFS4_ACL_NOFLAGS 0x00
|
|
Packit |
b0b924 |
#define NFS4_ACL_ISFILE 0x00
|
|
Packit |
b0b924 |
#define NFS4_ACL_ISDIR 0x01
|
|
Packit |
b0b924 |
#define NFS4_ACL_OWNER 0x02
|
|
Packit |
b0b924 |
#define NFS4_ACL_REQUEST_DEFAULT 0x04
|
|
Packit |
b0b924 |
#define NFS4_ACL_RAW 0x01
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
#define NFS4_XDR_MOD 4
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
typedef u_int32_t u32;
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
enum { ACL_NFS4_NOT_USED = 0,
|
|
Packit |
b0b924 |
ACL_NFS4_USED
|
|
Packit |
b0b924 |
};
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
struct ace_container {
|
|
Packit |
b0b924 |
struct nfs4_ace *ace;
|
|
Packit |
b0b924 |
TAILQ_ENTRY(ace_container) l_ace;
|
|
Packit |
b0b924 |
};
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
TAILQ_HEAD(ace_container_list_head, ace_container);
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/**** Public functions ****/
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/** Manipulation functions **/
|
|
Packit |
b0b924 |
extern int acl_nfs4_set_who(struct nfs4_ace*, int, char*);
|
|
Packit |
b0b924 |
extern struct nfs4_acl * acl_nfs4_copy_acl(struct nfs4_acl *);
|
|
Packit |
b0b924 |
extern struct nfs4_acl * acl_nfs4_xattr_load(char *, int, u32);
|
|
Packit |
b0b924 |
extern int acl_nfs4_xattr_pack(struct nfs4_acl *, char**);
|
|
Packit |
b0b924 |
extern int acl_nfs4_xattr_size(struct nfs4_acl *);
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
extern void nfs4_free_acl(struct nfs4_acl *);
|
|
Packit |
b0b924 |
extern int nfs4_set_acl(struct nfs4_acl *acl, const char *path);
|
|
Packit |
b0b924 |
extern int nfs4_remove_ace(struct nfs4_acl *acl, struct nfs4_ace *ace);
|
|
Packit |
b0b924 |
extern int nfs4_remove_ace_at(struct nfs4_acl *acl, unsigned int index);
|
|
Packit |
b0b924 |
extern int nfs4_insert_ace_at(struct nfs4_acl *acl, struct nfs4_ace *ace, unsigned int index);
|
|
Packit |
b0b924 |
#define nfs4_prepend_ace(acl, ace) nfs4_insert_ace_at(acl, ace, 0)
|
|
Packit |
b0b924 |
#define nfs4_append_ace(acl, ace) nfs4_insert_ace_at(acl, ace, acl->naces)
|
|
Packit |
b0b924 |
extern struct nfs4_ace * nfs4_new_ace(int is_directory, u32 type, u32 flag, u32 access_mask, int whotype, char* who);
|
|
Packit |
b0b924 |
extern struct nfs4_acl * nfs4_new_acl(u32);
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
extern int nfs4_insert_file_aces(struct nfs4_acl *acl, FILE* fd, unsigned int index);
|
|
Packit |
b0b924 |
extern int nfs4_insert_string_aces(struct nfs4_acl *acl, const char *acl_spec, unsigned int index);
|
|
Packit |
b0b924 |
extern int nfs4_replace_ace(struct nfs4_acl *acl, struct nfs4_ace *old_ace, struct nfs4_ace *new_ace);
|
|
Packit |
b0b924 |
extern int nfs4_replace_ace_spec(struct nfs4_acl *acl, char *from_ace_spec, char *to_ace_spec);
|
|
Packit |
b0b924 |
extern int nfs4_remove_file_aces(struct nfs4_acl *acl, FILE *fd);
|
|
Packit |
b0b924 |
extern int nfs4_remove_string_aces(struct nfs4_acl *acl, char *string);
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/** Conversion functions **/
|
|
Packit |
b0b924 |
extern struct nfs4_ace * nfs4_ace_from_string(char *ace_spec, int is_dir);
|
|
Packit |
b0b924 |
extern struct nfs4_acl * nfs4_acl_for_path(const char *path);
|
|
Packit |
b0b924 |
extern char * nfs4_acl_spec_from_file(FILE *f);
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/** Access Functions **/
|
|
Packit |
b0b924 |
extern int acl_nfs4_get_who(struct nfs4_ace*, int*, char**);
|
|
Packit |
b0b924 |
extern int acl_nfs4_get_whotype(char*);
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
extern struct nfs4_ace * nfs4_get_first_ace(struct nfs4_acl *);
|
|
Packit |
b0b924 |
extern struct nfs4_ace * nfs4_get_next_ace(struct nfs4_ace **);
|
|
Packit |
b0b924 |
extern struct nfs4_ace * nfs4_get_ace_at(struct nfs4_acl *, unsigned int index);
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/** Display Functions **/
|
|
Packit |
b0b924 |
extern void nfs4_print_acl(FILE *fp, struct nfs4_acl *acl);
|
|
Packit |
b0b924 |
extern int nfs4_print_ace(FILE *fp, struct nfs4_ace *ace, u32 isdir);
|
|
Packit |
b0b924 |
extern int nfs4_print_ace_verbose(struct nfs4_ace * ace, u32 isdir);
|
|
Packit |
b0b924 |
extern char* nfs4_get_ace_type(struct nfs4_ace*, char*, int);
|
|
Packit |
b0b924 |
extern char* nfs4_get_ace_flags(struct nfs4_ace*, char*);
|
|
Packit |
b0b924 |
extern char* nfs4_get_ace_access(struct nfs4_ace*, char*, int);
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
|
|
Packit |
b0b924 |
/** misc **/
|
|
Packit |
b0b924 |
extern int nfs4_ace_cmp(struct nfs4_ace *lhs, struct nfs4_ace *rhs);
|
|
Packit |
b0b924 |
extern unsigned long strtoul_reals(char *s, int base);
|
|
Packit |
b0b924 |
#endif
|