Loading...
1/*
2 * fs/cifs/cifsacl.h
3 *
4 * Copyright (c) International Business Machines Corp., 2007
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21
22#ifndef _CIFSACL_H
23#define _CIFSACL_H
24
25
26#define NUM_AUTHS (6) /* number of authority fields */
27#define SID_MAX_SUB_AUTHORITIES (15) /* max number of sub authority fields */
28
29#define READ_BIT 0x4
30#define WRITE_BIT 0x2
31#define EXEC_BIT 0x1
32
33#define UBITSHIFT 6
34#define GBITSHIFT 3
35
36#define ACCESS_ALLOWED 0
37#define ACCESS_DENIED 1
38
39#define SIDOWNER 1
40#define SIDGROUP 2
41
42/*
43 * Security Descriptor length containing DACL with 3 ACEs (one each for
44 * owner, group and world).
45 */
46#define DEFAULT_SEC_DESC_LEN (sizeof(struct cifs_ntsd) + \
47 sizeof(struct cifs_acl) + \
48 (sizeof(struct cifs_ace) * 3))
49
50/*
51 * Maximum size of a string representation of a SID:
52 *
53 * The fields are unsigned values in decimal. So:
54 *
55 * u8: max 3 bytes in decimal
56 * u32: max 10 bytes in decimal
57 *
58 * "S-" + 3 bytes for version field + 15 for authority field + NULL terminator
59 *
60 * For authority field, max is when all 6 values are non-zero and it must be
61 * represented in hex. So "-0x" + 12 hex digits.
62 *
63 * Add 11 bytes for each subauthority field (10 bytes each + 1 for '-')
64 */
65#define SID_STRING_BASE_SIZE (2 + 3 + 15 + 1)
66#define SID_STRING_SUBAUTH_SIZE (11) /* size of a single subauth string */
67
68struct cifs_ntsd {
69 __le16 revision; /* revision level */
70 __le16 type;
71 __le32 osidoffset;
72 __le32 gsidoffset;
73 __le32 sacloffset;
74 __le32 dacloffset;
75} __attribute__((packed));
76
77struct cifs_sid {
78 __u8 revision; /* revision level */
79 __u8 num_subauth;
80 __u8 authority[NUM_AUTHS];
81 __le32 sub_auth[SID_MAX_SUB_AUTHORITIES]; /* sub_auth[num_subauth] */
82} __attribute__((packed));
83
84/* size of a struct cifs_sid, sans sub_auth array */
85#define CIFS_SID_BASE_SIZE (1 + 1 + NUM_AUTHS)
86
87struct cifs_acl {
88 __le16 revision; /* revision level */
89 __le16 size;
90 __le32 num_aces;
91} __attribute__((packed));
92
93struct cifs_ace {
94 __u8 type;
95 __u8 flags;
96 __le16 size;
97 __le32 access_req;
98 struct cifs_sid sid; /* ie UUID of user or group who gets these perms */
99} __attribute__((packed));
100
101#endif /* _CIFSACL_H */
1/*
2 * fs/cifs/cifsacl.h
3 *
4 * Copyright (c) International Business Machines Corp., 2007
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21
22#ifndef _CIFSACL_H
23#define _CIFSACL_H
24
25
26#define NUM_AUTHS 6 /* number of authority fields */
27#define NUM_SUBAUTHS 5 /* number of sub authority fields */
28#define NUM_WK_SIDS 7 /* number of well known sids */
29#define SIDNAMELENGTH 20 /* long enough for the ones we care about */
30#define DEFSECDESCLEN 192 /* sec desc len contaiting a dacl with three aces */
31
32#define READ_BIT 0x4
33#define WRITE_BIT 0x2
34#define EXEC_BIT 0x1
35
36#define UBITSHIFT 6
37#define GBITSHIFT 3
38
39#define ACCESS_ALLOWED 0
40#define ACCESS_DENIED 1
41
42#define SIDOWNER 1
43#define SIDGROUP 2
44#define SIDLEN 150 /* S- 1 revision- 6 authorities- max 5 sub authorities */
45
46#define SID_ID_MAPPED 0
47#define SID_ID_PENDING 1
48#define SID_MAP_EXPIRE (3600 * HZ) /* map entry expires after one hour */
49#define SID_MAP_RETRY (300 * HZ) /* wait 5 minutes for next attempt to map */
50
51struct cifs_ntsd {
52 __le16 revision; /* revision level */
53 __le16 type;
54 __le32 osidoffset;
55 __le32 gsidoffset;
56 __le32 sacloffset;
57 __le32 dacloffset;
58} __attribute__((packed));
59
60struct cifs_sid {
61 __u8 revision; /* revision level */
62 __u8 num_subauth;
63 __u8 authority[6];
64 __le32 sub_auth[5]; /* sub_auth[num_subauth] */
65} __attribute__((packed));
66
67struct cifs_acl {
68 __le16 revision; /* revision level */
69 __le16 size;
70 __le32 num_aces;
71} __attribute__((packed));
72
73struct cifs_ace {
74 __u8 type;
75 __u8 flags;
76 __le16 size;
77 __le32 access_req;
78 struct cifs_sid sid; /* ie UUID of user or group who gets these perms */
79} __attribute__((packed));
80
81struct cifs_wksid {
82 struct cifs_sid cifssid;
83 char sidname[SIDNAMELENGTH];
84} __attribute__((packed));
85
86struct cifs_sid_id {
87 unsigned int refcount; /* increment with spinlock, decrement without */
88 unsigned long id;
89 unsigned long time;
90 unsigned long state;
91 char *sidstr;
92 struct rb_node rbnode;
93 struct cifs_sid sid;
94};
95
96#ifdef __KERNEL__
97extern struct key_type cifs_idmap_key_type;
98extern const struct cred *root_cred;
99#endif /* KERNEL */
100
101extern int compare_sids(const struct cifs_sid *, const struct cifs_sid *);
102
103#endif /* _CIFSACL_H */