platform/external/ntfs-3g.git - Unnamed repository; edit this file 'description' to name the repository.

1 /*
2  *
3  * Copyright (c) 2007-2008 Jean-Pierre Andre
4  *
5  */
6
7 /*
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program (in the main directory of the NTFS-3G
20  * distribution in the file COPYING); if not, write to the Free Software
21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  */
23
24 #ifndef ACLS_H
25 #define ACLS_H
26
27 /*
28  *	JPA configuration modes for security.c / acls.c
29  *	should be moved to some config file
30  */
31
32 #define BUFSZ 1024		/* buffer size to read mapping file */
33 #define MAPPINGFILE ".NTFS-3G/UserMapping" /* default mapping file */
34 #define LINESZ 120              /* maximum useful size of a mapping line */
35 #define CACHE_PERMISSIONS_BITS 6  /* log2 of unitary allocation of permissions */
36 #define CACHE_PERMISSIONS_SIZE 262144 /* max cacheable permissions */
37
38 /*
39  *	JPA The following must be in some library...
40  *	but did not found out where
41  */
42
43 #define endian_rev16(x) (((x >> 8) & 255) | ((x & 255) << 8))
44 #define endian_rev32(x) (((x >> 24) & 255) | ((x >> 8) & 0xff00) \
45 		| ((x & 0xff00) << 8) | ((x & 255) << 24))
46
47 #define cpu_to_be16(x) endian_rev16(cpu_to_le16(x))
48 #define cpu_to_be32(x) endian_rev32(cpu_to_le32(x))
49
50 /*
51  *		Macro definitions needed to share code with secaudit
52  */
53
54 #define NTFS_FIND_USID(map,uid,buf) ntfs_find_usid(map,uid,buf)
55 #define NTFS_FIND_GSID(map,gid,buf) ntfs_find_gsid(map,gid,buf)
56 #define NTFS_FIND_USER(map,usid) ntfs_find_user(map,usid)
57 #define NTFS_FIND_GROUP(map,gsid) ntfs_find_group(map,gsid)
58
59
60 /*
61  *		Matching of ntfs permissions to Linux permissions
62  *	these constants are adapted to endianness
63  *	when setting, set them all
64  *	when checking, check one is present
65  */
66
67           /* flags which are set to mean exec, write or read */
68
69 #define FILE_READ (FILE_READ_DATA)
70 #define FILE_WRITE (FILE_WRITE_DATA | FILE_APPEND_DATA \
71 		| READ_CONTROL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)
72 #define FILE_EXEC (FILE_EXECUTE)
73 #define DIR_READ FILE_LIST_DIRECTORY
74 #define DIR_WRITE (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | FILE_DELETE_CHILD \
75 	 	| READ_CONTROL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)
76 #define DIR_EXEC (FILE_TRAVERSE)
77
78           /* flags tested for meaning exec, write or read */
79 	  /* tests for write allow for interpretation of a sticky bit */
80
81 #define FILE_GREAD (FILE_READ_DATA | GENERIC_READ)
82 #define FILE_GWRITE (FILE_WRITE_DATA | FILE_APPEND_DATA | GENERIC_WRITE)
83 #define FILE_GEXEC (FILE_EXECUTE | GENERIC_EXECUTE)
84 #define DIR_GREAD (FILE_LIST_DIRECTORY | GENERIC_READ)
85 #define DIR_GWRITE (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | GENERIC_WRITE)
86 #define DIR_GEXEC (FILE_TRAVERSE | GENERIC_EXECUTE)
87
88 	/* standard owner (and administrator) rights */
89
90 #define OWNER_RIGHTS (DELETE | READ_CONTROL | WRITE_DAC | WRITE_OWNER \
91 			| SYNCHRONIZE \
92 			| FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES \
93 			| FILE_READ_EA | FILE_WRITE_EA)
94
95 	/* standard world rights */
96
97 #define WORLD_RIGHTS (READ_CONTROL | FILE_READ_ATTRIBUTES | FILE_READ_EA \
98 			| SYNCHRONIZE)
99
100           /* inheritance flags for files and directories */
101
102 #define FILE_INHERITANCE NO_PROPAGATE_INHERIT_ACE
103 #define DIR_INHERITANCE (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE)
104
105 /*
106  *		To identify NTFS ACL meaning Posix ACL granted to root
107  *	we use rights always granted to anybody, so they have no impact
108  *	either on Windows or on Linux.
109  */
110
111 #define ROOT_OWNER_UNMARK SYNCHRONIZE	/* ACL granted to root as owner */
112 #define ROOT_GROUP_UNMARK FILE_READ_EA	/* ACL granted to root as group */
113
114 /*
115  *		A type large enough to hold any SID
116  */
117
118 typedef char BIGSID[40];
119
120 /*
121  *		Struct to hold the input mapping file
122  *	(private to this module)
123  */
124
125 struct MAPLIST {
126 	struct MAPLIST *next;
127 	char *uidstr;		/* uid text from the same record */
128 	char *gidstr;		/* gid text from the same record */
129 	char *sidstr;		/* sid text from the same record */
130 	char maptext[LINESZ + 1];
131 };
132
133 typedef int (*FILEREADER)(void *fileid, char *buf, size_t size, off_t pos);
134
135 /*
136  *		Constants defined in acls.c
137  */
138
139 extern const SID *adminsid;
140 extern const SID *worldsid;
141
142 /*
143  *		Functions defined in acls.c
144  */
145
146 BOOL ntfs_valid_descr(const char *securattr, unsigned int attrsz);
147 BOOL ntfs_valid_pattern(const SID *sid);
148 BOOL ntfs_valid_sid(const SID *sid);
149 BOOL ntfs_same_sid(const SID *first, const SID *second);
150
151 BOOL ntfs_is_user_sid(const SID *usid);
152
153
154 int ntfs_sid_size(const SID * sid);
155 unsigned int ntfs_attr_size(const char *attr);
156
157 const SID *ntfs_find_usid(const struct MAPPING *usermapping,
158 			uid_t uid, SID *pdefsid);
159 const SID *ntfs_find_gsid(const struct MAPPING *groupmapping,
160 			gid_t gid, SID *pdefsid);
161 uid_t ntfs_find_user(const struct MAPPING *usermapping, const SID *usid);
162 gid_t ntfs_find_group(const struct MAPPING *groupmapping, const SID * gsid);
163 const SID *ntfs_acl_owner(const char *secattr);
164
165 #if POSIXACLS
166
167 BOOL ntfs_valid_posix(const struct POSIX_SECURITY *pxdesc);
168 void ntfs_sort_posix(struct POSIX_SECURITY *pxdesc);
169 int ntfs_merge_mode_posix(struct POSIX_SECURITY *pxdesc, mode_t mode);
170 struct POSIX_SECURITY *ntfs_build_inherited_posix(
171 		const struct POSIX_SECURITY *pxdesc, mode_t mode,
172 		mode_t umask, BOOL isdir);
173 struct POSIX_SECURITY *ntfs_replace_acl(const struct POSIX_SECURITY *oldpxdesc,
174 		const struct POSIX_ACL *newacl, int count, BOOL deflt);
175 struct POSIX_SECURITY *ntfs_build_permissions_posix(
176 			struct MAPPING* const mapping[],
177 			const char *securattr,
178 			const SID *usid, const SID *gsid, BOOL isdir);
179 struct POSIX_SECURITY *ntfs_merge_descr_posix(const struct POSIX_SECURITY *first,
180 			const struct POSIX_SECURITY *second);
181 char *ntfs_build_descr_posix(struct MAPPING* const mapping[],
182 			struct POSIX_SECURITY *pxdesc,
183 			int isdir, const SID *usid, const SID *gsid);
184
185 #endif /* POSIXACLS */
186
187 int ntfs_inherit_acl(const ACL *oldacl, ACL *newacl,
188 			const SID *usid, const SID *gsid, BOOL fordir);
189 int ntfs_build_permissions(const char *securattr,
190 			const SID *usid, const SID *gsid, BOOL isdir);
191 char *ntfs_build_descr(mode_t mode,
192 			int isdir, const SID * usid, const SID * gsid);
193 struct MAPLIST *ntfs_read_mapping(FILEREADER reader, void *fileid);
194 struct MAPPING *ntfs_do_user_mapping(struct MAPLIST *firstitem);
195 struct MAPPING *ntfs_do_group_mapping(struct MAPLIST *firstitem);
196 void ntfs_free_mapping(struct MAPPING *mapping[]);
197
198 #endif /* ACLS_H */
199
200
1	/*
2	*
3	* Copyright (c) 2007-2008 Jean-Pierre Andre
4	*
5	*/
6
7	/*
8	* This program is free software; you can redistribute it and/or modify
9	* it under the terms of the GNU General Public License as published by
10	* the Free Software Foundation; either version 2 of the License, or
11	* (at your option) any later version.
12	*
13	* This program is distributed in the hope that it will be useful,
14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	* GNU General Public License for more details.
17	*
18	* You should have received a copy of the GNU General Public License
19	* along with this program (in the main directory of the NTFS-3G
20	* distribution in the file COPYING); if not, write to the Free Software
21	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22	*/
23
24	#ifndef ACLS_H
25	#define ACLS_H
26
27	/*
28	* JPA configuration modes for security.c / acls.c
29	* should be moved to some config file
30	*/
31
32	#define BUFSZ 1024 /* buffer size to read mapping file */
33	#define MAPPINGFILE ".NTFS-3G/UserMapping" /* default mapping file */
34	#define LINESZ 120 /* maximum useful size of a mapping line */
35	#define CACHE_PERMISSIONS_BITS 6 /* log2 of unitary allocation of permissions */
36	#define CACHE_PERMISSIONS_SIZE 262144 /* max cacheable permissions */
37
38	/*
39	* JPA The following must be in some library...
40	* but did not found out where
41	*/
42
43	#define endian_rev16(x) (((x >> 8) & 255) \| ((x & 255) << 8))
44	#define endian_rev32(x) (((x >> 24) & 255) \| ((x >> 8) & 0xff00) \
45	\| ((x & 0xff00) << 8) \| ((x & 255) << 24))
46
47	#define cpu_to_be16(x) endian_rev16(cpu_to_le16(x))
48	#define cpu_to_be32(x) endian_rev32(cpu_to_le32(x))
49
50	/*
51	* Macro definitions needed to share code with secaudit
52	*/
53
54	#define NTFS_FIND_USID(map,uid,buf) ntfs_find_usid(map,uid,buf)
55	#define NTFS_FIND_GSID(map,gid,buf) ntfs_find_gsid(map,gid,buf)
56	#define NTFS_FIND_USER(map,usid) ntfs_find_user(map,usid)
57	#define NTFS_FIND_GROUP(map,gsid) ntfs_find_group(map,gsid)
58
59
60	/*
61	* Matching of ntfs permissions to Linux permissions
62	* these constants are adapted to endianness
63	* when setting, set them all
64	* when checking, check one is present
65	*/
66
67	/* flags which are set to mean exec, write or read */
68
69	#define FILE_READ (FILE_READ_DATA)
70	#define FILE_WRITE (FILE_WRITE_DATA \| FILE_APPEND_DATA \
71	\| READ_CONTROL \| FILE_WRITE_ATTRIBUTES \| FILE_WRITE_EA)
72	#define FILE_EXEC (FILE_EXECUTE)
73	#define DIR_READ FILE_LIST_DIRECTORY
74	#define DIR_WRITE (FILE_ADD_FILE \| FILE_ADD_SUBDIRECTORY \| FILE_DELETE_CHILD \
75	\| READ_CONTROL \| FILE_WRITE_ATTRIBUTES \| FILE_WRITE_EA)
76	#define DIR_EXEC (FILE_TRAVERSE)
77
78	/* flags tested for meaning exec, write or read */
79	/* tests for write allow for interpretation of a sticky bit */
80
81	#define FILE_GREAD (FILE_READ_DATA \| GENERIC_READ)
82	#define FILE_GWRITE (FILE_WRITE_DATA \| FILE_APPEND_DATA \| GENERIC_WRITE)
83	#define FILE_GEXEC (FILE_EXECUTE \| GENERIC_EXECUTE)
84	#define DIR_GREAD (FILE_LIST_DIRECTORY \| GENERIC_READ)
85	#define DIR_GWRITE (FILE_ADD_FILE \| FILE_ADD_SUBDIRECTORY \| GENERIC_WRITE)
86	#define DIR_GEXEC (FILE_TRAVERSE \| GENERIC_EXECUTE)
87
88	/* standard owner (and administrator) rights */
89
90	#define OWNER_RIGHTS (DELETE \| READ_CONTROL \| WRITE_DAC \| WRITE_OWNER \
91	\| SYNCHRONIZE \
92	\| FILE_READ_ATTRIBUTES \| FILE_WRITE_ATTRIBUTES \
93	\| FILE_READ_EA \| FILE_WRITE_EA)
94
95	/* standard world rights */
96
97	#define WORLD_RIGHTS (READ_CONTROL \| FILE_READ_ATTRIBUTES \| FILE_READ_EA \
98	\| SYNCHRONIZE)
99
100	/* inheritance flags for files and directories */
101
102	#define FILE_INHERITANCE NO_PROPAGATE_INHERIT_ACE
103	#define DIR_INHERITANCE (OBJECT_INHERIT_ACE \| CONTAINER_INHERIT_ACE)
104
105	/*
106	* To identify NTFS ACL meaning Posix ACL granted to root
107	* we use rights always granted to anybody, so they have no impact
108	* either on Windows or on Linux.
109	*/
110
111	#define ROOT_OWNER_UNMARK SYNCHRONIZE /* ACL granted to root as owner */
112	#define ROOT_GROUP_UNMARK FILE_READ_EA /* ACL granted to root as group */
113
114	/*
115	* A type large enough to hold any SID
116	*/
117
118	typedef char BIGSID[40];
119
120	/*
121	* Struct to hold the input mapping file
122	* (private to this module)
123	*/
124
125	struct MAPLIST {
126	struct MAPLIST *next;
127	char uidstr; / uid text from the same record */
128	char gidstr; / gid text from the same record */
129	char sidstr; / sid text from the same record */
130	char maptext[LINESZ + 1];
131	};
132
133	typedef int (FILEREADER)(void fileid, char *buf, size_t size, off_t pos);
134
135	/*
136	* Constants defined in acls.c
137	*/
138
139	extern const SID *adminsid;
140	extern const SID *worldsid;
141
142	/*
143	* Functions defined in acls.c
144	*/
145
146	BOOL ntfs_valid_descr(const char *securattr, unsigned int attrsz);
147	BOOL ntfs_valid_pattern(const SID *sid);
148	BOOL ntfs_valid_sid(const SID *sid);
149	BOOL ntfs_same_sid(const SID first, const SID second);
150
151	BOOL ntfs_is_user_sid(const SID *usid);
152
153
154	int ntfs_sid_size(const SID * sid);
155	unsigned int ntfs_attr_size(const char *attr);
156
157	const SID ntfs_find_usid(const struct MAPPING usermapping,
158	uid_t uid, SID *pdefsid);
159	const SID ntfs_find_gsid(const struct MAPPING groupmapping,
160	gid_t gid, SID *pdefsid);
161	uid_t ntfs_find_user(const struct MAPPING usermapping, const SID usid);
162	gid_t ntfs_find_group(const struct MAPPING groupmapping, const SID gsid);
163	const SID ntfs_acl_owner(const char secattr);
164
165	#if POSIXACLS
166
167	BOOL ntfs_valid_posix(const struct POSIX_SECURITY *pxdesc);
168	void ntfs_sort_posix(struct POSIX_SECURITY *pxdesc);
169	int ntfs_merge_mode_posix(struct POSIX_SECURITY *pxdesc, mode_t mode);
170	struct POSIX_SECURITY *ntfs_build_inherited_posix(
171	const struct POSIX_SECURITY *pxdesc, mode_t mode,
172	mode_t umask, BOOL isdir);
173	struct POSIX_SECURITY ntfs_replace_acl(const struct POSIX_SECURITY oldpxdesc,
174	const struct POSIX_ACL *newacl, int count, BOOL deflt);
175	struct POSIX_SECURITY *ntfs_build_permissions_posix(
176	struct MAPPING* const mapping[],
177	const char *securattr,
178	const SID usid, const SID gsid, BOOL isdir);
179	struct POSIX_SECURITY ntfs_merge_descr_posix(const struct POSIX_SECURITY first,
180	const struct POSIX_SECURITY *second);
181	char ntfs_build_descr_posix(struct MAPPING const mapping[],
182	struct POSIX_SECURITY *pxdesc,
183	int isdir, const SID usid, const SID gsid);
184
185	#endif /* POSIXACLS */
186
187	int ntfs_inherit_acl(const ACL oldacl, ACL newacl,
188	const SID usid, const SID gsid, BOOL fordir);
189	int ntfs_build_permissions(const char *securattr,
190	const SID usid, const SID gsid, BOOL isdir);
191	char *ntfs_build_descr(mode_t mode,
192	int isdir, const SID * usid, const SID * gsid);
193	struct MAPLIST ntfs_read_mapping(FILEREADER reader, void fileid);
194	struct MAPPING ntfs_do_user_mapping(struct MAPLIST firstitem);
195	struct MAPPING ntfs_do_group_mapping(struct MAPLIST firstitem);
196	void ntfs_free_mapping(struct MAPPING *mapping[]);
197
198	#endif /* ACLS_H */
199
200