platform/external/ntfs-3g.git - Unnamed repository; edit this file 'description' to name the repository.

1 /*
2  * security.h - Exports for handling security/ACLs in NTFS.
3  *              Originated from the Linux-NTFS project.
4  *
5  * Copyright (c) 2004      Anton Altaparmakov
6  * Copyright (c) 2005-2006 Szabolcs Szakacsits
7  * Copyright (c) 2007-2008 Jean-Pierre Andre
8  *
9  * This program/include file is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License as published
11  * by the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * This program/include file is distributed in the hope that it will be
15  * useful, but WITHOUT ANY WARRANTY; without even the implied warranty
16  * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program (in the main directory of the NTFS-3G
21  * distribution in the file COPYING); if not, write to the Free Software
22  * Foundation,Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23  */
24
25 #ifndef _NTFS_SECURITY_H
26 #define _NTFS_SECURITY_H
27
28 #include "types.h"
29 #include "layout.h"
30 #include "inode.h"
31 #include "dir.h"
32
33 #ifndef POSIXACLS
34 #define POSIXACLS 0
35 #endif
36
37 #if __BYTE_ORDER == __LITTLE_ENDIAN
38 #define const_cpu_to_be16(x) ((((x) & 255L) << 8) + (((x) >> 8) & 255L))
39 #define const_cpu_to_be32(x) ((((x) & 255L) << 24) + (((x) & 0xff00L) << 8) \
40 			+ (((x) >> 8) & 0xff00L) + (((x) >> 24) & 255L))
41 #else
42 #define const_cpu_to_be16(x) (x)
43 #define const_cpu_to_be32(x) (x)
44 #endif
45
46 /*
47  *          item in the mapping list
48  */
49
50 struct MAPPING {
51 	struct MAPPING *next;
52 	int xid;		/* linux id : uid or gid */
53 	SID *sid;		/* Windows id : usid or gsid */
54 	int grcnt;		/* group count (for users only) */
55 	gid_t *groups;		/* groups which the user is member of */
56 };
57
58 /*
59  *		Entry in the permissions cache
60  *	Note : this cache is not organized as a generic cache
61  */
62
63 struct CACHED_PERMISSIONS {
64 	uid_t uid;
65 	gid_t gid;
66 	le32 inh_fileid;
67 	le32 inh_dirid;
68 #if POSIXACLS
69 	struct POSIX_SECURITY *pxdesc;
70 	unsigned int pxdescsize:16;
71 #endif
72 	unsigned int mode:12;
73 	unsigned int valid:1;
74 } ;
75
76 /*
77  *	Entry in the permissions cache for directories with no security_id
78  */
79
80 struct CACHED_PERMISSIONS_LEGACY {
81 	struct CACHED_PERMISSIONS_LEGACY *next;
82 	struct CACHED_PERMISSIONS_LEGACY *previous;
83 	void *variable;
84 	size_t varsize;
85 		/* above fields must match "struct CACHED_GENERIC" */
86 	u64 mft_no;
87 	struct CACHED_PERMISSIONS perm;
88 } ;
89
90 /*
91  *	Entry in the securid cache
92  */
93
94 struct CACHED_SECURID {
95 	struct CACHED_SECURID *next;
96 	struct CACHED_SECURID *previous;
97 	void *variable;
98 	size_t varsize;
99 		/* above fields must match "struct CACHED_GENERIC" */
100 	uid_t uid;
101 	gid_t gid;
102 	unsigned int dmode;
103 	le32 securid;
104 } ;
105
106 /*
107  *	Header of the security cache
108  *	(has no cache structure by itself)
109  */
110
111 struct CACHED_PERMISSIONS_HEADER {
112 	unsigned int last;
113 			/* statistics for permissions */
114 	unsigned long p_writes;
115 	unsigned long p_reads;
116 	unsigned long p_hits;
117 } ;
118
119 /*
120  *	The whole permissions cache
121  */
122
123 struct PERMISSIONS_CACHE {
124 	struct CACHED_PERMISSIONS_HEADER head;
125 	struct CACHED_PERMISSIONS *cachetable[1]; /* array of variable size */
126 } ;
127
128 /*
129  *	Security flags values
130  */
131
132 enum {
133 	SECURITY_DEFAULT,	/* rely on fuse for permissions checking */
134 	SECURITY_RAW,		/* force same ownership/permissions on files */
135 	SECURITY_ADDSECURIDS,	/* upgrade old security descriptors */
136 	SECURITY_STATICGRPS,	/* use static groups for access control */
137 	SECURITY_WANTED		/* a security related option was present */
138 } ;
139
140 /*
141  *	Security context, needed by most security functions
142  */
143
144 enum { MAPUSERS, MAPGROUPS, MAPCOUNT } ;
145
146 struct SECURITY_CONTEXT {
147 	ntfs_volume *vol;
148 	struct MAPPING *mapping[MAPCOUNT];
149 	struct PERMISSIONS_CACHE **pseccache;
150 	uid_t uid; /* uid of user requesting (not the mounter) */
151 	gid_t gid; /* gid of user requesting (not the mounter) */
152 	pid_t tid; /* thread id of thread requesting */
153 	mode_t umask; /* umask of requesting thread */
154 	} ;
155
156 #if POSIXACLS
157
158 /*
159  *		       Posix ACL structures
160  */
161
162 struct POSIX_ACE {
163 	u16 tag;
164 	u16 perms;
165 	s32 id;
166 } ;
167
168 struct POSIX_ACL {
169 	u8 version;
170 	u8 flags;
171 	u16 filler;
172 	struct POSIX_ACE ace[0];
173 } ;
174
175 struct POSIX_SECURITY {
176 	mode_t mode;
177 	int acccnt;
178 	int defcnt;
179 	int firstdef;
180 	u16 tagsset;
181 	struct POSIX_ACL acl;
182 } ;
183
184 /*
185  *		Posix tags, cpu-endian 16 bits
186  */
187
188 enum {
189 	POSIX_ACL_USER_OBJ =	1,
190 	POSIX_ACL_USER =	2,
191 	POSIX_ACL_GROUP_OBJ =	4,
192 	POSIX_ACL_GROUP =	8,
193 	POSIX_ACL_MASK =	16,
194 	POSIX_ACL_OTHER =	32,
195 	POSIX_ACL_SPECIAL =	64  /* internal use only */
196 } ;
197
198 #define POSIX_ACL_EXTENSIONS (POSIX_ACL_USER | POSIX_ACL_GROUP | POSIX_ACL_MASK)
199
200 /*
201  *		Posix permissions, cpu-endian 16 bits
202  */
203
204 enum {
205 	POSIX_PERM_X =		1,
206 	POSIX_PERM_W =		2,
207 	POSIX_PERM_R =		4,
208 	POSIX_PERM_DENIAL =	64 /* internal use only */
209 } ;
210
211 #define POSIX_VERSION 2
212
213 #endif
214
215 extern BOOL ntfs_guid_is_zero(const GUID *guid);
216 extern char *ntfs_guid_to_mbs(const GUID *guid, char *guid_str);
217
218 /**
219  * ntfs_sid_is_valid - determine if a SID is valid
220  * @sid:	SID for which to determine if it is valid
221  *
222  * Determine if the SID pointed to by @sid is valid.
223  *
224  * Return TRUE if it is valid and FALSE otherwise.
225  */
226 static __inline__ BOOL ntfs_sid_is_valid(const SID *sid)
227 {
228 	if (!sid || sid->revision != SID_REVISION ||
229 			sid->sub_authority_count > SID_MAX_SUB_AUTHORITIES)
230 		return FALSE;
231 	return TRUE;
232 }
233
234 extern int ntfs_sid_to_mbs_size(const SID *sid);
235 extern char *ntfs_sid_to_mbs(const SID *sid, char *sid_str,
236 		size_t sid_str_size);
237 extern void ntfs_generate_guid(GUID *guid);
238 extern int ntfs_sd_add_everyone(ntfs_inode *ni);
239
240 extern le32 ntfs_security_hash(const SECURITY_DESCRIPTOR_RELATIVE *sd,
241 			       const u32 len);
242
243 int ntfs_build_mapping(struct SECURITY_CONTEXT *scx, const char *usermap_path);
244 int ntfs_get_owner_mode(struct SECURITY_CONTEXT *scx,
245 		ntfs_inode *ni, struct stat*);
246 int ntfs_set_mode(struct SECURITY_CONTEXT *scx, ntfs_inode *ni, mode_t mode);
247 BOOL ntfs_allowed_as_owner(struct SECURITY_CONTEXT *scx, ntfs_inode *ni);
248 int ntfs_allowed_access(struct SECURITY_CONTEXT *scx,
249 		ntfs_inode *ni, int accesstype);
250 BOOL old_ntfs_allowed_dir_access(struct SECURITY_CONTEXT *scx,
251 		const char *path, int accesstype);
252
253 #if POSIXACLS
254 le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
255 		uid_t uid, gid_t gid, ntfs_inode *dir_ni,
256 		mode_t mode, BOOL isdir);
257 #else
258 le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
259 		uid_t uid, gid_t gid, mode_t mode, BOOL isdir);
260 #endif
261 int ntfs_set_owner(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
262 		uid_t uid, gid_t gid);
263 int ntfs_set_ownmod(struct SECURITY_CONTEXT *scx,
264 		ntfs_inode *ni, uid_t uid, gid_t gid, mode_t mode);
265 #if POSIXACLS
266 int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx,
267 		ntfs_inode *ni, uid_t uid, gid_t gid,
268 		mode_t mode, struct POSIX_SECURITY *pxdesc);
269 #else
270 int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx,
271 		ntfs_inode *ni, uid_t uid, gid_t gid, mode_t mode);
272 #endif
273 le32 ntfs_inherited_id(struct SECURITY_CONTEXT *scx,
274 		ntfs_inode *dir_ni, BOOL fordir);
275 int ntfs_open_secure(ntfs_volume *vol);
276 void ntfs_close_secure(struct SECURITY_CONTEXT *scx);
277
278 #if POSIXACLS
279
280 int ntfs_set_inherited_posix(struct SECURITY_CONTEXT *scx,
281 		ntfs_inode *ni, uid_t uid, gid_t gid,
282 		ntfs_inode *dir_ni, mode_t mode);
283 int ntfs_get_posix_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
284 			const char *name, char *value, size_t size);
285 int ntfs_set_posix_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
286 			const char *name, const char *value, size_t size,
287 			int flags);
288 int ntfs_remove_posix_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
289 			const char *name);
290 #endif
291
292 int ntfs_get_ntfs_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
293 			char *value, size_t size);
294 int ntfs_set_ntfs_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
295 			const char *value, size_t size, int flags);
296
297 int ntfs_get_ntfs_attrib(ntfs_inode *ni, char *value, size_t size);
298 int ntfs_set_ntfs_attrib(ntfs_inode *ni,
299 			const char *value, size_t size,	int flags);
300
301
302 /*
303  *		Security API for direct access to security descriptors
304  *	based on Win32 API
305  */
306
307 #define MAGIC_API 0x09042009
308
309 struct SECURITY_API {
310 	u32 magic;
311 	struct SECURITY_CONTEXT security;
312 	struct PERMISSIONS_CACHE *seccache;
313 } ;
314
315 /*
316  *  The following constants are used in interfacing external programs.
317  *  They are not to be stored on disk and must be defined in their
318  *  native cpu representation.
319  *  When disk representation (le) is needed, use SE_DACL_PRESENT, etc.
320  */
321 enum {	OWNER_SECURITY_INFORMATION = 1,
322 	GROUP_SECURITY_INFORMATION = 2,
323 	DACL_SECURITY_INFORMATION = 4,
324 	SACL_SECURITY_INFORMATION = 8
325 } ;
326
327 int ntfs_get_file_security(struct SECURITY_API *scapi,
328                 const char *path, u32 selection,
329                 char *buf, u32 buflen, u32 *psize);
330 int ntfs_set_file_security(struct SECURITY_API *scapi,
331 		const char *path, u32 selection, const char *attr);
332 int ntfs_get_file_attributes(struct SECURITY_API *scapi,
333 		const char *path);
334 BOOL ntfs_set_file_attributes(struct SECURITY_API *scapi,
335 		const char *path, s32 attrib);
336 BOOL ntfs_read_directory(struct SECURITY_API *scapi,
337 		const char *path, ntfs_filldir_t callback, void *context);
338 int ntfs_read_sds(struct SECURITY_API *scapi,
339 		char *buf, u32 size, u32 offset);
340 INDEX_ENTRY *ntfs_read_sii(struct SECURITY_API *scapi,
341 		INDEX_ENTRY *entry);
342 INDEX_ENTRY *ntfs_read_sdh(struct SECURITY_API *scapi,
343 		INDEX_ENTRY *entry);
344 struct SECURITY_API *ntfs_initialize_file_security(const char *device,
345                                 int flags);
346 BOOL ntfs_leave_file_security(struct SECURITY_API *scx);
347
348 int ntfs_get_usid(struct SECURITY_API *scapi, uid_t uid, char *buf);
349 int ntfs_get_gsid(struct SECURITY_API *scapi, gid_t gid, char *buf);
350 int ntfs_get_user(struct SECURITY_API *scapi, const SID *usid);
351 int ntfs_get_group(struct SECURITY_API *scapi, const SID *gsid);
352
353 #endif /* defined _NTFS_SECURITY_H */
354
1	/*
2	* security.h - Exports for handling security/ACLs in NTFS.
3	* Originated from the Linux-NTFS project.
4	*
5	* Copyright (c) 2004 Anton Altaparmakov
6	* Copyright (c) 2005-2006 Szabolcs Szakacsits
7	* Copyright (c) 2007-2008 Jean-Pierre Andre
8	*
9	* This program/include file is free software; you can redistribute it and/or
10	* modify it under the terms of the GNU General Public License as published
11	* by the Free Software Foundation; either version 2 of the License, or
12	* (at your option) any later version.
13	*
14	* This program/include file is distributed in the hope that it will be
15	* useful, but WITHOUT ANY WARRANTY; without even the implied warranty
16	* of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	* GNU General Public License for more details.
18	*
19	* You should have received a copy of the GNU General Public License
20	* along with this program (in the main directory of the NTFS-3G
21	* distribution in the file COPYING); if not, write to the Free Software
22	* Foundation,Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23	*/
24
25	#ifndef _NTFS_SECURITY_H
26	#define _NTFS_SECURITY_H
27
28	#include "types.h"
29	#include "layout.h"
30	#include "inode.h"
31	#include "dir.h"
32
33	#ifndef POSIXACLS
34	#define POSIXACLS 0
35	#endif
36
37	#if __BYTE_ORDER == __LITTLE_ENDIAN
38	#define const_cpu_to_be16(x) ((((x) & 255L) << 8) + (((x) >> 8) & 255L))
39	#define const_cpu_to_be32(x) ((((x) & 255L) << 24) + (((x) & 0xff00L) << 8) \
40	+ (((x) >> 8) & 0xff00L) + (((x) >> 24) & 255L))
41	#else
42	#define const_cpu_to_be16(x) (x)
43	#define const_cpu_to_be32(x) (x)
44	#endif
45
46	/*
47	* item in the mapping list
48	*/
49
50	struct MAPPING {
51	struct MAPPING *next;
52	int xid; /* linux id : uid or gid */
53	SID sid; / Windows id : usid or gsid */
54	int grcnt; /* group count (for users only) */
55	gid_t groups; / groups which the user is member of */
56	};
57
58	/*
59	* Entry in the permissions cache
60	* Note : this cache is not organized as a generic cache
61	*/
62
63	struct CACHED_PERMISSIONS {
64	uid_t uid;
65	gid_t gid;
66	le32 inh_fileid;
67	le32 inh_dirid;
68	#if POSIXACLS
69	struct POSIX_SECURITY *pxdesc;
70	unsigned int pxdescsize:16;
71	#endif
72	unsigned int mode:12;
73	unsigned int valid:1;
74	} ;
75
76	/*
77	* Entry in the permissions cache for directories with no security_id
78	*/
79
80	struct CACHED_PERMISSIONS_LEGACY {
81	struct CACHED_PERMISSIONS_LEGACY *next;
82	struct CACHED_PERMISSIONS_LEGACY *previous;
83	void *variable;
84	size_t varsize;
85	/* above fields must match "struct CACHED_GENERIC" */
86	u64 mft_no;
87	struct CACHED_PERMISSIONS perm;
88	} ;
89
90	/*
91	* Entry in the securid cache
92	*/
93
94	struct CACHED_SECURID {
95	struct CACHED_SECURID *next;
96	struct CACHED_SECURID *previous;
97	void *variable;
98	size_t varsize;
99	/* above fields must match "struct CACHED_GENERIC" */
100	uid_t uid;
101	gid_t gid;
102	unsigned int dmode;
103	le32 securid;
104	} ;
105
106	/*
107	* Header of the security cache
108	* (has no cache structure by itself)
109	*/
110
111	struct CACHED_PERMISSIONS_HEADER {
112	unsigned int last;
113	/* statistics for permissions */
114	unsigned long p_writes;
115	unsigned long p_reads;
116	unsigned long p_hits;
117	} ;
118
119	/*
120	* The whole permissions cache
121	*/
122
123	struct PERMISSIONS_CACHE {
124	struct CACHED_PERMISSIONS_HEADER head;
125	struct CACHED_PERMISSIONS cachetable[1]; / array of variable size */
126	} ;
127
128	/*
129	* Security flags values
130	*/
131
132	enum {
133	SECURITY_DEFAULT, /* rely on fuse for permissions checking */
134	SECURITY_RAW, /* force same ownership/permissions on files */
135	SECURITY_ADDSECURIDS, /* upgrade old security descriptors */
136	SECURITY_STATICGRPS, /* use static groups for access control */
137	SECURITY_WANTED /* a security related option was present */
138	} ;
139
140	/*
141	* Security context, needed by most security functions
142	*/
143
144	enum { MAPUSERS, MAPGROUPS, MAPCOUNT } ;
145
146	struct SECURITY_CONTEXT {
147	ntfs_volume *vol;
148	struct MAPPING *mapping[MAPCOUNT];
149	struct PERMISSIONS_CACHE **pseccache;
150	uid_t uid; /* uid of user requesting (not the mounter) */
151	gid_t gid; /* gid of user requesting (not the mounter) */
152	pid_t tid; /* thread id of thread requesting */
153	mode_t umask; /* umask of requesting thread */
154	} ;
155
156	#if POSIXACLS
157
158	/*
159	* Posix ACL structures
160	*/
161
162	struct POSIX_ACE {
163	u16 tag;
164	u16 perms;
165	s32 id;
166	} ;
167
168	struct POSIX_ACL {
169	u8 version;
170	u8 flags;
171	u16 filler;
172	struct POSIX_ACE ace[0];
173	} ;
174
175	struct POSIX_SECURITY {
176	mode_t mode;
177	int acccnt;
178	int defcnt;
179	int firstdef;
180	u16 tagsset;
181	struct POSIX_ACL acl;
182	} ;
183
184	/*
185	* Posix tags, cpu-endian 16 bits
186	*/
187
188	enum {
189	POSIX_ACL_USER_OBJ = 1,
190	POSIX_ACL_USER = 2,
191	POSIX_ACL_GROUP_OBJ = 4,
192	POSIX_ACL_GROUP = 8,
193	POSIX_ACL_MASK = 16,
194	POSIX_ACL_OTHER = 32,
195	POSIX_ACL_SPECIAL = 64 /* internal use only */
196	} ;
197
198	#define POSIX_ACL_EXTENSIONS (POSIX_ACL_USER \| POSIX_ACL_GROUP \| POSIX_ACL_MASK)
199
200	/*
201	* Posix permissions, cpu-endian 16 bits
202	*/
203
204	enum {
205	POSIX_PERM_X = 1,
206	POSIX_PERM_W = 2,
207	POSIX_PERM_R = 4,
208	POSIX_PERM_DENIAL = 64 /* internal use only */
209	} ;
210
211	#define POSIX_VERSION 2
212
213	#endif
214
215	extern BOOL ntfs_guid_is_zero(const GUID *guid);
216	extern char ntfs_guid_to_mbs(const GUID guid, char *guid_str);
217
218	/**
219	* ntfs_sid_is_valid - determine if a SID is valid
220	* @sid: SID for which to determine if it is valid
221	*
222	* Determine if the SID pointed to by @sid is valid.
223	*
224	* Return TRUE if it is valid and FALSE otherwise.
225	*/
226	static __inline__ BOOL ntfs_sid_is_valid(const SID *sid)
227	{
228	if (!sid \|\| sid->revision != SID_REVISION \|\|
229	sid->sub_authority_count > SID_MAX_SUB_AUTHORITIES)
230	return FALSE;
231	return TRUE;
232	}
233
234	extern int ntfs_sid_to_mbs_size(const SID *sid);
235	extern char ntfs_sid_to_mbs(const SID sid, char *sid_str,
236	size_t sid_str_size);
237	extern void ntfs_generate_guid(GUID *guid);
238	extern int ntfs_sd_add_everyone(ntfs_inode *ni);
239
240	extern le32 ntfs_security_hash(const SECURITY_DESCRIPTOR_RELATIVE *sd,
241	const u32 len);
242
243	int ntfs_build_mapping(struct SECURITY_CONTEXT scx, const char usermap_path);
244	int ntfs_get_owner_mode(struct SECURITY_CONTEXT *scx,
245	ntfs_inode ni, struct stat);
246	int ntfs_set_mode(struct SECURITY_CONTEXT scx, ntfs_inode ni, mode_t mode);
247	BOOL ntfs_allowed_as_owner(struct SECURITY_CONTEXT scx, ntfs_inode ni);
248	int ntfs_allowed_access(struct SECURITY_CONTEXT *scx,
249	ntfs_inode *ni, int accesstype);
250	BOOL old_ntfs_allowed_dir_access(struct SECURITY_CONTEXT *scx,
251	const char *path, int accesstype);
252
253	#if POSIXACLS
254	le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
255	uid_t uid, gid_t gid, ntfs_inode *dir_ni,
256	mode_t mode, BOOL isdir);
257	#else
258	le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
259	uid_t uid, gid_t gid, mode_t mode, BOOL isdir);
260	#endif
261	int ntfs_set_owner(struct SECURITY_CONTEXT scx, ntfs_inode ni,
262	uid_t uid, gid_t gid);
263	int ntfs_set_ownmod(struct SECURITY_CONTEXT *scx,
264	ntfs_inode *ni, uid_t uid, gid_t gid, mode_t mode);
265	#if POSIXACLS
266	int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx,
267	ntfs_inode *ni, uid_t uid, gid_t gid,
268	mode_t mode, struct POSIX_SECURITY *pxdesc);
269	#else
270	int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx,
271	ntfs_inode *ni, uid_t uid, gid_t gid, mode_t mode);
272	#endif
273	le32 ntfs_inherited_id(struct SECURITY_CONTEXT *scx,
274	ntfs_inode *dir_ni, BOOL fordir);
275	int ntfs_open_secure(ntfs_volume *vol);
276	void ntfs_close_secure(struct SECURITY_CONTEXT *scx);
277
278	#if POSIXACLS
279
280	int ntfs_set_inherited_posix(struct SECURITY_CONTEXT *scx,
281	ntfs_inode *ni, uid_t uid, gid_t gid,
282	ntfs_inode *dir_ni, mode_t mode);
283	int ntfs_get_posix_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
284	const char name, char value, size_t size);
285	int ntfs_set_posix_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
286	const char name, const char value, size_t size,
287	int flags);
288	int ntfs_remove_posix_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
289	const char *name);
290	#endif
291
292	int ntfs_get_ntfs_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
293	char *value, size_t size);
294	int ntfs_set_ntfs_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
295	const char *value, size_t size, int flags);
296
297	int ntfs_get_ntfs_attrib(ntfs_inode ni, char value, size_t size);
298	int ntfs_set_ntfs_attrib(ntfs_inode *ni,
299	const char *value, size_t size, int flags);
300
301
302	/*
303	* Security API for direct access to security descriptors
304	* based on Win32 API
305	*/
306
307	#define MAGIC_API 0x09042009
308
309	struct SECURITY_API {
310	u32 magic;
311	struct SECURITY_CONTEXT security;
312	struct PERMISSIONS_CACHE *seccache;
313	} ;
314
315	/*
316	* The following constants are used in interfacing external programs.
317	* They are not to be stored on disk and must be defined in their
318	* native cpu representation.
319	* When disk representation (le) is needed, use SE_DACL_PRESENT, etc.
320	*/
321	enum { OWNER_SECURITY_INFORMATION = 1,
322	GROUP_SECURITY_INFORMATION = 2,
323	DACL_SECURITY_INFORMATION = 4,
324	SACL_SECURITY_INFORMATION = 8
325	} ;
326
327	int ntfs_get_file_security(struct SECURITY_API *scapi,
328	const char *path, u32 selection,
329	char buf, u32 buflen, u32 psize);
330	int ntfs_set_file_security(struct SECURITY_API *scapi,
331	const char path, u32 selection, const char attr);
332	int ntfs_get_file_attributes(struct SECURITY_API *scapi,
333	const char *path);
334	BOOL ntfs_set_file_attributes(struct SECURITY_API *scapi,
335	const char *path, s32 attrib);
336	BOOL ntfs_read_directory(struct SECURITY_API *scapi,
337	const char path, ntfs_filldir_t callback, void context);
338	int ntfs_read_sds(struct SECURITY_API *scapi,
339	char *buf, u32 size, u32 offset);
340	INDEX_ENTRY ntfs_read_sii(struct SECURITY_API scapi,
341	INDEX_ENTRY *entry);
342	INDEX_ENTRY ntfs_read_sdh(struct SECURITY_API scapi,
343	INDEX_ENTRY *entry);
344	struct SECURITY_API ntfs_initialize_file_security(const char device,
345	int flags);
346	BOOL ntfs_leave_file_security(struct SECURITY_API *scx);
347
348	int ntfs_get_usid(struct SECURITY_API scapi, uid_t uid, char buf);
349	int ntfs_get_gsid(struct SECURITY_API scapi, gid_t gid, char buf);
350	int ntfs_get_user(struct SECURITY_API scapi, const SID usid);
351	int ntfs_get_group(struct SECURITY_API scapi, const SID gsid);
352
353	#endif /* defined _NTFS_SECURITY_H */
354