Página inicial Explorar Ajuda
Entrar
samsung-sm8650
/
android_kernel_samsung_sm8650_ksu
2
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: 8062222ad7
Branches Tags
android_kernel_...
/
fs
/
smb
/
client
/
cifsacl.h

cifsacl.h 6.2 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199 
  1. /* SPDX-License-Identifier: LGPL-2.1 */
    2. 

  2. /*
    3. 

  3.  *
    4. 

  4.  *   Copyright (c) International Business Machines  Corp., 2007
    5. 

  5.  *   Author(s): Steve French ([email protected])
    6. 

  6.  *
    7. 

  7.  */
    8. 

  8. 

  9. #ifndef _CIFSACL_H
    10. 

  10. #define _CIFSACL_H
    11. 

  11. 

  12. #define NUM_AUTHS (6)	/* number of authority fields */
    13. 

  13. #define SID_MAX_SUB_AUTHORITIES (15) /* max number of sub authority fields */
    14. 

  14. 

  15. #define READ_BIT        0x4
    16. 

  16. #define WRITE_BIT       0x2
    17. 

  17. #define EXEC_BIT        0x1
    18. 

  18. 

  19. #define ACL_OWNER_MASK 0700
    20. 

  20. #define ACL_GROUP_MASK 0070
    21. 

  21. #define ACL_EVERYONE_MASK 0007
    22. 

  22. 

  23. #define UBITSHIFT	6
    24. 

  24. #define GBITSHIFT	3
    25. 

  25. 

  26. #define ACCESS_ALLOWED	0
    27. 

  27. #define ACCESS_DENIED	1
    28. 

  28. 

  29. #define SIDOWNER 1
    30. 

  30. #define SIDGROUP 2
    31. 

  31. 

  32. /*
    33. 

  33.  * Security Descriptor length containing DACL with 3 ACEs (one each for
    34. 

  34.  * owner, group and world).
    35. 

  35.  */
    36. 

  36. #define DEFAULT_SEC_DESC_LEN (sizeof(struct cifs_ntsd) + \
    37. 

  37. 			      sizeof(struct cifs_acl) + \
    38. 

  38. 			      (sizeof(struct cifs_ace) * 4))
    39. 

  39. 

  40. /*
    41. 

  41.  * Maximum size of a string representation of a SID:
    42. 

  42.  *
    43. 

  43.  * The fields are unsigned values in decimal. So:
    44. 

  44.  *
    45. 

  45.  * u8:  max 3 bytes in decimal
    46. 

  46.  * u32: max 10 bytes in decimal
    47. 

  47.  *
    48. 

  48.  * "S-" + 3 bytes for version field + 15 for authority field + NULL terminator
    49. 

  49.  *
    50. 

  50.  * For authority field, max is when all 6 values are non-zero and it must be
    51. 

  51.  * represented in hex. So "-0x" + 12 hex digits.
    52. 

  52.  *
    53. 

  53.  * Add 11 bytes for each subauthority field (10 bytes each + 1 for '-')
    54. 

  54.  */
    55. 

  55. #define SID_STRING_BASE_SIZE (2 + 3 + 15 + 1)
    56. 

  56. #define SID_STRING_SUBAUTH_SIZE (11) /* size of a single subauth string */
    57. 

  57. 

  58. struct cifs_ntsd {
    59. 

  59. 	__le16 revision; /* revision level */
    60. 

  60. 	__le16 type;
    61. 

  61. 	__le32 osidoffset;
    62. 

  62. 	__le32 gsidoffset;
    63. 

  63. 	__le32 sacloffset;
    64. 

  64. 	__le32 dacloffset;
    65. 

  65. } __attribute__((packed));
    66. 

  66. 

  67. struct cifs_sid {
    68. 

  68. 	__u8 revision; /* revision level */
    69. 

  69. 	__u8 num_subauth;
    70. 

  70. 	__u8 authority[NUM_AUTHS];
    71. 

  71. 	__le32 sub_auth[SID_MAX_SUB_AUTHORITIES]; /* sub_auth[num_subauth] */
    72. 

  72. } __attribute__((packed));
    73. 

  73. 

  74. /* size of a struct cifs_sid, sans sub_auth array */
    75. 

  75. #define CIFS_SID_BASE_SIZE (1 + 1 + NUM_AUTHS)
    76. 

  76. 

  77. struct cifs_acl {
    78. 

  78. 	__le16 revision; /* revision level */
    79. 

  79. 	__le16 size;
    80. 

  80. 	__le32 num_aces;
    81. 

  81. } __attribute__((packed));
    82. 

  82. 

  83. /* ACE types - see MS-DTYP 2.4.4.1 */
    84. 

  84. #define ACCESS_ALLOWED_ACE_TYPE	0x00
    85. 

  85. #define ACCESS_DENIED_ACE_TYPE	0x01
    86. 

  86. #define SYSTEM_AUDIT_ACE_TYPE	0x02
    87. 

  87. #define SYSTEM_ALARM_ACE_TYPE	0x03
    88. 

  88. #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x04
    89. 

  89. #define ACCESS_ALLOWED_OBJECT_ACE_TYPE	0x05
    90. 

  90. #define ACCESS_DENIED_OBJECT_ACE_TYPE	0x06
    91. 

  91. #define SYSTEM_AUDIT_OBJECT_ACE_TYPE	0x07
    92. 

  92. #define SYSTEM_ALARM_OBJECT_ACE_TYPE	0x08
    93. 

  93. #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE 0x09
    94. 

  94. #define ACCESS_DENIED_CALLBACK_ACE_TYPE	0x0A
    95. 

  95. #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE 0x0B
    96. 

  96. #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE  0x0C
    97. 

  97. #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE	0x0D
    98. 

  98. #define SYSTEM_ALARM_CALLBACK_ACE_TYPE	0x0E /* Reserved */
    99. 

  99. #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE 0x0F
    100. 

  100. #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 0x10 /* reserved */
    101. 

  101. #define SYSTEM_MANDATORY_LABEL_ACE_TYPE	0x11
    102. 

  102. #define SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE 0x12
    103. 

  103. #define SYSTEM_SCOPED_POLICY_ID_ACE_TYPE 0x13
    104. 

  104. 

  105. /* ACE flags */
    106. 

  106. #define OBJECT_INHERIT_ACE	0x01
    107. 

  107. #define CONTAINER_INHERIT_ACE	0x02
    108. 

  108. #define NO_PROPAGATE_INHERIT_ACE 0x04
    109. 

  109. #define INHERIT_ONLY_ACE	0x08
    110. 

  110. #define INHERITED_ACE		0x10
    111. 

  111. #define SUCCESSFUL_ACCESS_ACE_FLAG 0x40
    112. 

  112. #define FAILED_ACCESS_ACE_FLAG	0x80
    113. 

  113. 

  114. struct cifs_ace {
    115. 

  115. 	__u8 type; /* see above and MS-DTYP 2.4.4.1 */
    116. 

  116. 	__u8 flags;
    117. 

  117. 	__le16 size;
    118. 

  118. 	__le32 access_req;
    119. 

  119. 	struct cifs_sid sid; /* ie UUID of user or group who gets these perms */
    120. 

  120. } __attribute__((packed));
    121. 

  121. 

  122. /*
    123. 

  123.  * The current SMB3 form of security descriptor is similar to what was used for
    124. 

  124.  * cifs (see above) but some fields are split, and fields in the struct below
    125. 

  125.  * matches names of fields to the spec, MS-DTYP (see sections 2.4.5 and
    126. 

  126.  * 2.4.6). Note that "CamelCase" fields are used in this struct in order to
    127. 

  127.  * match the MS-DTYP and MS-SMB2 specs which define the wire format.
    128. 

  128.  */
    129. 

  129. struct smb3_sd {
    130. 

  130. 	__u8 Revision; /* revision level, MUST be one */
    131. 

  131. 	__u8 Sbz1; /* only meaningful if 'RM' flag set below */
    132. 

  132. 	__le16 Control;
    133. 

  133. 	__le32 OffsetOwner;
    134. 

  134. 	__le32 OffsetGroup;
    135. 

  135. 	__le32 OffsetSacl;
    136. 

  136. 	__le32 OffsetDacl;
    137. 

  137. } __packed;
    138. 

  138. 

  139. /* Meaning of 'Control' field flags */
    140. 

  140. #define ACL_CONTROL_SR	0x8000	/* Self relative */
    141. 

  141. #define ACL_CONTROL_RM	0x4000	/* Resource manager control bits */
    142. 

  142. #define ACL_CONTROL_PS	0x2000	/* SACL protected from inherits */
    143. 

  143. #define ACL_CONTROL_PD	0x1000	/* DACL protected from inherits */
    144. 

  144. #define ACL_CONTROL_SI	0x0800	/* SACL Auto-Inherited */
    145. 

  145. #define ACL_CONTROL_DI	0x0400	/* DACL Auto-Inherited */
    146. 

  146. #define ACL_CONTROL_SC	0x0200	/* SACL computed through inheritance */
    147. 

  147. #define ACL_CONTROL_DC	0x0100	/* DACL computed through inheritence */
    148. 

  148. #define ACL_CONTROL_SS	0x0080	/* Create server ACL */
    149. 

  149. #define ACL_CONTROL_DT	0x0040	/* DACL provided by trusted source */
    150. 

  150. #define ACL_CONTROL_SD	0x0020	/* SACL defaulted */
    151. 

  151. #define ACL_CONTROL_SP	0x0010	/* SACL is present on object */
    152. 

  152. #define ACL_CONTROL_DD	0x0008	/* DACL defaulted */
    153. 

  153. #define ACL_CONTROL_DP	0x0004	/* DACL is present on object */
    154. 

  154. #define ACL_CONTROL_GD	0x0002	/* Group was defaulted */
    155. 

  155. #define ACL_CONTROL_OD	0x0001	/* User was defaulted */
    156. 

  156. 

  157. /* Meaning of AclRevision flags */
    158. 

  158. #define ACL_REVISION	0x02 /* See section 2.4.4.1 of MS-DTYP */
    159. 

  159. #define ACL_REVISION_DS	0x04 /* Additional AceTypes allowed */
    160. 

  160. 

  161. struct smb3_acl {
    162. 

  162. 	u8 AclRevision; /* revision level */
    163. 

  163. 	u8 Sbz1; /* MBZ */
    164. 

  164. 	__le16 AclSize;
    165. 

  165. 	__le16 AceCount;
    166. 

  166. 	__le16 Sbz2; /* MBZ */
    167. 

  167. } __packed;
    168. 

  168. 

  169. /*
    170. 

  170.  * Used to store the special 'NFS SIDs' used to persist the POSIX uid and gid
    171. 

  171.  * See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx
    172. 

  172.  */
    173. 

  173. struct owner_sid {
    174. 

  174. 	u8 Revision;
    175. 

  175. 	u8 NumAuth;
    176. 

  176. 	u8 Authority[6];
    177. 

  177. 	__le32 SubAuthorities[3];
    178. 

  178. } __packed;
    179. 

  179. 

  180. struct owner_group_sids {
    181. 

  181. 	struct owner_sid owner;
    182. 

  182. 	struct owner_sid group;
    183. 

  183. } __packed;
    184. 

  184. 

  185. /*
    186. 

  186.  * Minimum security identifier can be one for system defined Users
    187. 

  187.  * and Groups such as NULL SID and World or Built-in accounts such
    188. 

  188.  * as Administrator and Guest and consists of
    189. 

  189.  * Revision + Num (Sub)Auths + Authority + Domain (one Subauthority)
    190. 

  190.  */
    191. 

  191. #define MIN_SID_LEN  (1 + 1 + 6 + 4) /* in bytes */
    192. 

  192. 

  193. /*
    194. 

  194.  * Minimum security descriptor can be one without any SACL and DACL and can
    195. 

  195.  * consist of revision, type, and two sids of minimum size for owner and group
    196. 

  196.  */
    197. 

  197. #define MIN_SEC_DESC_LEN  (sizeof(struct cifs_ntsd) + (2 * MIN_SID_LEN))
    198. 

  198. 

  199. #endif /* _CIFSACL_H */
    200.