2 Copyright (c) 2008,2009 Frank Lahm <franklahm@gmail.com>
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
18 #ifdef HAVE_SOLARIS_ACLS
22 #include <atalk/uuid.h> /* for atalk_uuid_t */
25 * This is what Apple says about ACL flags in sys/kauth.h:
27 * <Apple> The low 16 bits of the flags field are reserved for filesystem
28 * internal use and must be preserved by all APIs. This includes
29 * round-tripping flags through user-space interfaces.
30 * The high 16 bits of the flags are used to store attributes and
31 * to request specific handling of the ACL. </Apple>
33 * The constants are included for reference. We DONT expect them on
34 * the wire! We will ignore and spoil em.
37 #ifdef HAVE_SOLARIS_ACLS
38 /* Some stuff for the handling of NFSv4 ACLs */
39 #define ACE_TRIVIAL (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)
40 #endif /* HAVE_SOLARIS_ACLS */
42 /* FPGet|Set Bitmap */
44 kFileSec_UUID = (1<<0),
45 kFileSec_GRPUUID = (1<<1),
46 kFileSec_ACL = (1<<2),
47 kFileSec_REMOVEACL = (1<<3),
48 kFileSec_Inherit = (1<<4)
52 #define DARWIN_ACL_FLAGS_PRIVATE (0xffff)
53 /* inheritance will be deferred until the first rename operation */
54 #define KAUTH_ACL_DEFER_INHERIT (1<<16)
55 /* this ACL must not be overwritten as part of an inheritance operation */
56 #define KAUTH_ACL_NO_INHERIT (1<<17)
59 #define DARWIN_ACE_FLAGS_KINDMASK 0xf
60 #define DARWIN_ACE_FLAGS_PERMIT (1<<0) /* 0x00000001 */
61 #define DARWIN_ACE_FLAGS_DENY (1<<1) /* 0x00000002 */
62 #define DARWIN_ACE_FLAGS_INHERITED (1<<4) /* 0x00000010 */
63 #define DARWIN_ACE_FLAGS_FILE_INHERIT (1<<5) /* 0x00000020 */
64 #define DARWIN_ACE_FLAGS_DIRECTORY_INHERIT (1<<6) /* 0x00000040 */
65 #define DARWIN_ACE_FLAGS_LIMIT_INHERIT (1<<7) /* 0x00000080 */
66 #define DARWIN_ACE_FLAGS_ONLY_INHERIT (1<<8) /* 0x00000100 */
68 /* All flag bits controlling ACE inheritance */
69 #define DARWIN_ACE_INHERIT_CONTROL_FLAGS \
70 (DARWIN_ACE_FLAGS_FILE_INHERIT |\
71 DARWIN_ACE_FLAGS_DIRECTORY_INHERIT |\
72 DARWIN_ACE_FLAGS_LIMIT_INHERIT |\
73 DARWIN_ACE_FLAGS_ONLY_INHERIT)
76 #define DARWIN_ACE_READ_DATA 0x00000002
77 #define DARWIN_ACE_LIST_DIRECTORY 0x00000002
78 #define DARWIN_ACE_WRITE_DATA 0x00000004
79 #define DARWIN_ACE_ADD_FILE 0x00000004
80 #define DARWIN_ACE_EXECUTE 0x00000008
81 #define DARWIN_ACE_SEARCH 0x00000008
82 #define DARWIN_ACE_DELETE 0x00000010
83 #define DARWIN_ACE_APPEND_DATA 0x00000020
84 #define DARWIN_ACE_ADD_SUBDIRECTORY 0x00000020
85 #define DARWIN_ACE_DELETE_CHILD 0x00000040
86 #define DARWIN_ACE_READ_ATTRIBUTES 0x00000080
87 #define DARWIN_ACE_WRITE_ATTRIBUTES 0x00000100
88 #define DARWIN_ACE_READ_EXTATTRIBUTES 0x00000200
89 #define DARWIN_ACE_WRITE_EXTATTRIBUTES 0x00000400
90 #define DARWIN_ACE_READ_SECURITY 0x00000800
91 #define DARWIN_ACE_WRITE_SECURITY 0x00001000
92 #define DARWIN_ACE_TAKE_OWNERSHIP 0x00002000
94 /* Access Control List Entry (ACE) */
96 atalk_uuid_t darwin_ace_uuid;
97 uint32_t darwin_ace_flags;
98 uint32_t darwin_ace_rights;
101 /* Access Control List */
103 uint32_t darwin_acl_count;
104 uint32_t darwin_acl_flags;
105 } darwin_acl_header_t;
108 int afp_access (AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen);
109 int afp_getacl (AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen);
110 int afp_setacl (AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen);
112 /* Parse afp_ldap.conf */
113 extern int acl_ldap_readconfig(char *name);
116 extern int acltoownermode(char *path, struct stat *st, struct maccess *ma);
117 extern int check_vol_acl_support(const struct vol *vol);