platform/external/ntfs-3g.git - Unnamed repository; edit this file 'description' to name the repository.

1 /*
2  * security.h - Exports for handling security/ACLs in NTFS.
3  *              Originated from the Linux-NTFS project.
4  *
5  * Copyright (c) 2004      Anton Altaparmakov
6  * Copyright (c) 2005-2006 Szabolcs Szakacsits
7  * Copyright (c) 2007-2010 Jean-Pierre Andre
8  *
9  * This program/include file is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License as published
11  * by the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * This program/include file is distributed in the hope that it will be
15  * useful, but WITHOUT ANY WARRANTY; without even the implied warranty
16  * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program (in the main directory of the NTFS-3G
21  * distribution in the file COPYING); if not, write to the Free Software
22  * Foundation,Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23  */
24
25 #ifndef _NTFS_SECURITY_H
26 #define _NTFS_SECURITY_H
27
28 #include "types.h"
29 #include "layout.h"
30 #include "inode.h"
31 #include "dir.h"
32
33 #ifndef POSIXACLS
34 #define POSIXACLS 0
35 #endif
36
37 typedef u16 be16;
38 typedef u32 be32;
39
40 #if __BYTE_ORDER == __LITTLE_ENDIAN
41 #define const_cpu_to_be16(x) ((((x) & 255L) << 8) + (((x) >> 8) & 255L))
42 #define const_cpu_to_be32(x) ((((x) & 255L) << 24) + (((x) & 0xff00L) << 8) \
43 			+ (((x) >> 8) & 0xff00L) + (((x) >> 24) & 255L))
44 #else
45 #define const_cpu_to_be16(x) (x)
46 #define const_cpu_to_be32(x) (x)
47 #endif
48
49 /*
50  *          item in the mapping list
51  */
52
53 struct MAPPING {
54 	struct MAPPING *next;
55 	int xid;		/* linux id : uid or gid */
56 	SID *sid;		/* Windows id : usid or gsid */
57 	int grcnt;		/* group count (for users only) */
58 	gid_t *groups;		/* groups which the user is member of */
59 };
60
61 /*
62  *		Entry in the permissions cache
63  *	Note : this cache is not organized as a generic cache
64  */
65
66 struct CACHED_PERMISSIONS {
67 	uid_t uid;
68 	gid_t gid;
69 	le32 inh_fileid;
70 	le32 inh_dirid;
71 #if POSIXACLS
72 	struct POSIX_SECURITY *pxdesc;
73 	unsigned int pxdescsize:16;
74 #endif
75 	unsigned int mode:12;
76 	unsigned int valid:1;
77 } ;
78
79 /*
80  *	Entry in the permissions cache for directories with no security_id
81  */
82
83 struct CACHED_PERMISSIONS_LEGACY {
84 	struct CACHED_PERMISSIONS_LEGACY *next;
85 	struct CACHED_PERMISSIONS_LEGACY *previous;
86 	void *variable;
87 	size_t varsize;
88 	union ALIGNMENT payload[0];
89 		/* above fields must match "struct CACHED_GENERIC" */
90 	u64 mft_no;
91 	struct CACHED_PERMISSIONS perm;
92 } ;
93
94 /*
95  *	Entry in the securid cache
96  */
97
98 struct CACHED_SECURID {
99 	struct CACHED_SECURID *next;
100 	struct CACHED_SECURID *previous;
101 	void *variable;
102 	size_t varsize;
103 	union ALIGNMENT payload[0];
104 		/* above fields must match "struct CACHED_GENERIC" */
105 	uid_t uid;
106 	gid_t gid;
107 	unsigned int dmode;
108 	le32 securid;
109 } ;
110
111 /*
112  *	Header of the security cache
113  *	(has no cache structure by itself)
114  */
115
116 struct CACHED_PERMISSIONS_HEADER {
117 	unsigned int last;
118 			/* statistics for permissions */
119 	unsigned long p_writes;
120 	unsigned long p_reads;
121 	unsigned long p_hits;
122 } ;
123
124 /*
125  *	The whole permissions cache
126  */
127
128 struct PERMISSIONS_CACHE {
129 	struct CACHED_PERMISSIONS_HEADER head;
130 	struct CACHED_PERMISSIONS *cachetable[1]; /* array of variable size */
131 } ;
132
133 /*
134  *	Security flags values
135  */
136
137 enum {
138 	SECURITY_DEFAULT,	/* rely on fuse for permissions checking */
139 	SECURITY_RAW,		/* force same ownership/permissions on files */
140 	SECURITY_ACL,		/* enable Posix ACLs (when compiled in) */
141 	SECURITY_ADDSECURIDS,	/* upgrade old security descriptors */
142 	SECURITY_STATICGRPS,	/* use static groups for access control */
143 	SECURITY_WANTED		/* a security related option was present */
144 } ;
145
146 /*
147  *	Security context, needed by most security functions
148  */
149
150 enum { MAPUSERS, MAPGROUPS, MAPCOUNT } ;
151
152 struct SECURITY_CONTEXT {
153 	ntfs_volume *vol;
154 	struct MAPPING *mapping[MAPCOUNT];
155 	struct PERMISSIONS_CACHE **pseccache;
156 	uid_t uid; /* uid of user requesting (not the mounter) */
157 	gid_t gid; /* gid of user requesting (not the mounter) */
158 	pid_t tid; /* thread id of thread requesting */
159 	mode_t umask; /* umask of requesting thread */
160 	} ;
161
162 #if POSIXACLS
163
164 /*
165  *		       Posix ACL structures
166  */
167
168 struct POSIX_ACE {
169 	u16 tag;
170 	u16 perms;
171 	s32 id;
172 } __attribute__((__packed__));
173
174 struct POSIX_ACL {
175 	u8 version;
176 	u8 flags;
177 	u16 filler;
178 	struct POSIX_ACE ace[0];
179 } __attribute__((__packed__));
180
181 struct POSIX_SECURITY {
182 	mode_t mode;
183 	int acccnt;
184 	int defcnt;
185 	int firstdef;
186 	u16 tagsset;
187 	s32 alignment[0];
188 	struct POSIX_ACL acl;
189 } ;
190
191 /*
192  *		Posix tags, cpu-endian 16 bits
193  */
194
195 enum {
196 	POSIX_ACL_USER_OBJ =	1,
197 	POSIX_ACL_USER =	2,
198 	POSIX_ACL_GROUP_OBJ =	4,
199 	POSIX_ACL_GROUP =	8,
200 	POSIX_ACL_MASK =	16,
201 	POSIX_ACL_OTHER =	32,
202 	POSIX_ACL_SPECIAL =	64  /* internal use only */
203 } ;
204
205 #define POSIX_ACL_EXTENSIONS (POSIX_ACL_USER | POSIX_ACL_GROUP | POSIX_ACL_MASK)
206
207 /*
208  *		Posix permissions, cpu-endian 16 bits
209  */
210
211 enum {
212 	POSIX_PERM_X =		1,
213 	POSIX_PERM_W =		2,
214 	POSIX_PERM_R =		4,
215 	POSIX_PERM_DENIAL =	64 /* internal use only */
216 } ;
217
218 #define POSIX_VERSION 2
219
220 #endif
221
222 extern BOOL ntfs_guid_is_zero(const GUID *guid);
223 extern char *ntfs_guid_to_mbs(const GUID *guid, char *guid_str);
224
225 /**
226  * ntfs_sid_is_valid - determine if a SID is valid
227  * @sid:	SID for which to determine if it is valid
228  *
229  * Determine if the SID pointed to by @sid is valid.
230  *
231  * Return TRUE if it is valid and FALSE otherwise.
232  */
233 static __inline__ BOOL ntfs_sid_is_valid(const SID *sid)
234 {
235 	if (!sid || sid->revision != SID_REVISION ||
236 			sid->sub_authority_count > SID_MAX_SUB_AUTHORITIES)
237 		return FALSE;
238 	return TRUE;
239 }
240
241 extern int ntfs_sid_to_mbs_size(const SID *sid);
242 extern char *ntfs_sid_to_mbs(const SID *sid, char *sid_str,
243 		size_t sid_str_size);
244 extern void ntfs_generate_guid(GUID *guid);
245 extern int ntfs_sd_add_everyone(ntfs_inode *ni);
246
247 extern le32 ntfs_security_hash(const SECURITY_DESCRIPTOR_RELATIVE *sd,
248 			       const u32 len);
249
250 int ntfs_build_mapping(struct SECURITY_CONTEXT *scx, const char *usermap_path,
251 		BOOL allowdef);
252 int ntfs_get_owner_mode(struct SECURITY_CONTEXT *scx,
253 		ntfs_inode *ni, struct stat*);
254 int ntfs_set_mode(struct SECURITY_CONTEXT *scx, ntfs_inode *ni, mode_t mode);
255 BOOL ntfs_allowed_as_owner(struct SECURITY_CONTEXT *scx, ntfs_inode *ni);
256 int ntfs_allowed_access(struct SECURITY_CONTEXT *scx,
257 		ntfs_inode *ni, int accesstype);
258 int ntfs_allowed_create(struct SECURITY_CONTEXT *scx,
259 		ntfs_inode *ni, gid_t *pgid, mode_t *pdsetgid);
260 BOOL old_ntfs_allowed_dir_access(struct SECURITY_CONTEXT *scx,
261 		const char *path, int accesstype);
262
263 #if POSIXACLS
264 le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
265 		uid_t uid, gid_t gid, ntfs_inode *dir_ni,
266 		mode_t mode, BOOL isdir);
267 #else
268 le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
269 		uid_t uid, gid_t gid, mode_t mode, BOOL isdir);
270 #endif
271 int ntfs_set_owner(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
272 		uid_t uid, gid_t gid);
273 int ntfs_set_ownmod(struct SECURITY_CONTEXT *scx,
274 		ntfs_inode *ni, uid_t uid, gid_t gid, mode_t mode);
275 #if POSIXACLS
276 int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx,
277 		ntfs_inode *ni, uid_t uid, gid_t gid,
278 		mode_t mode, struct POSIX_SECURITY *pxdesc);
279 #else
280 int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx,
281 		ntfs_inode *ni, uid_t uid, gid_t gid, mode_t mode);
282 #endif
283 le32 ntfs_inherited_id(struct SECURITY_CONTEXT *scx,
284 		ntfs_inode *dir_ni, BOOL fordir);
285 int ntfs_open_secure(ntfs_volume *vol);
286 void ntfs_close_secure(struct SECURITY_CONTEXT *scx);
287
288 #if POSIXACLS
289
290 int ntfs_set_inherited_posix(struct SECURITY_CONTEXT *scx,
291 		ntfs_inode *ni, uid_t uid, gid_t gid,
292 		ntfs_inode *dir_ni, mode_t mode);
293 int ntfs_get_posix_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
294 			const char *name, char *value, size_t size);
295 int ntfs_set_posix_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
296 			const char *name, const char *value, size_t size,
297 			int flags);
298 int ntfs_remove_posix_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
299 			const char *name);
300 #endif
301
302 int ntfs_get_ntfs_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
303 			char *value, size_t size);
304 int ntfs_set_ntfs_acl(struct SECURITY_CONTEXT *scx, ntfs_inode *ni,
305 			const char *value, size_t size, int flags);
306
307 int ntfs_get_ntfs_attrib(ntfs_inode *ni, char *value, size_t size);
308 int ntfs_set_ntfs_attrib(ntfs_inode *ni,
309 			const char *value, size_t size,	int flags);
310
311
312 /*
313  *		Security API for direct access to security descriptors
314  *	based on Win32 API
315  */
316
317 #define MAGIC_API 0x09042009
318
319 struct SECURITY_API {
320 	u32 magic;
321 	struct SECURITY_CONTEXT security;
322 	struct PERMISSIONS_CACHE *seccache;
323 } ;
324
325 /*
326  *  The following constants are used in interfacing external programs.
327  *  They are not to be stored on disk and must be defined in their
328  *  native cpu representation.
329  *  When disk representation (le) is needed, use SE_DACL_PRESENT, etc.
330  */
331 enum {	OWNER_SECURITY_INFORMATION = 1,
332 	GROUP_SECURITY_INFORMATION = 2,
333 	DACL_SECURITY_INFORMATION = 4,
334 	SACL_SECURITY_INFORMATION = 8
335 } ;
336
337 int ntfs_get_file_security(struct SECURITY_API *scapi,
338                 const char *path, u32 selection,
339                 char *buf, u32 buflen, u32 *psize);
340 int ntfs_set_file_security(struct SECURITY_API *scapi,
341 		const char *path, u32 selection, const char *attr);
342 int ntfs_get_file_attributes(struct SECURITY_API *scapi,
343 		const char *path);
344 BOOL ntfs_set_file_attributes(struct SECURITY_API *scapi,
345 		const char *path, s32 attrib);
346 BOOL ntfs_read_directory(struct SECURITY_API *scapi,
347 		const char *path, ntfs_filldir_t callback, void *context);
348 int ntfs_read_sds(struct SECURITY_API *scapi,
349 		char *buf, u32 size, u32 offset);
350 INDEX_ENTRY *ntfs_read_sii(struct SECURITY_API *scapi,
351 		INDEX_ENTRY *entry);
352 INDEX_ENTRY *ntfs_read_sdh(struct SECURITY_API *scapi,
353 		INDEX_ENTRY *entry);
354 struct SECURITY_API *ntfs_initialize_file_security(const char *device,
355                                 unsigned long flags);
356 BOOL ntfs_leave_file_security(struct SECURITY_API *scx);
357
358 int ntfs_get_usid(struct SECURITY_API *scapi, uid_t uid, char *buf);
359 int ntfs_get_gsid(struct SECURITY_API *scapi, gid_t gid, char *buf);
360 int ntfs_get_user(struct SECURITY_API *scapi, const SID *usid);
361 int ntfs_get_group(struct SECURITY_API *scapi, const SID *gsid);
362
363 #endif /* defined _NTFS_SECURITY_H */
364
1	/*
2	* security.h - Exports for handling security/ACLs in NTFS.
3	* Originated from the Linux-NTFS project.
4	*
5	* Copyright (c) 2004 Anton Altaparmakov
6	* Copyright (c) 2005-2006 Szabolcs Szakacsits
7	* Copyright (c) 2007-2010 Jean-Pierre Andre
8	*
9	* This program/include file is free software; you can redistribute it and/or
10	* modify it under the terms of the GNU General Public License as published
11	* by the Free Software Foundation; either version 2 of the License, or
12	* (at your option) any later version.
13	*
14	* This program/include file is distributed in the hope that it will be
15	* useful, but WITHOUT ANY WARRANTY; without even the implied warranty
16	* of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	* GNU General Public License for more details.
18	*
19	* You should have received a copy of the GNU General Public License
20	* along with this program (in the main directory of the NTFS-3G
21	* distribution in the file COPYING); if not, write to the Free Software
22	* Foundation,Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23	*/
24
25	#ifndef _NTFS_SECURITY_H
26	#define _NTFS_SECURITY_H
27
28	#include "types.h"
29	#include "layout.h"
30	#include "inode.h"
31	#include "dir.h"
32
33	#ifndef POSIXACLS
34	#define POSIXACLS 0
35	#endif
36
37	typedef u16 be16;
38	typedef u32 be32;
39
40	#if __BYTE_ORDER == __LITTLE_ENDIAN
41	#define const_cpu_to_be16(x) ((((x) & 255L) << 8) + (((x) >> 8) & 255L))
42	#define const_cpu_to_be32(x) ((((x) & 255L) << 24) + (((x) & 0xff00L) << 8) \
43	+ (((x) >> 8) & 0xff00L) + (((x) >> 24) & 255L))
44	#else
45	#define const_cpu_to_be16(x) (x)
46	#define const_cpu_to_be32(x) (x)
47	#endif
48
49	/*
50	* item in the mapping list
51	*/
52
53	struct MAPPING {
54	struct MAPPING *next;
55	int xid; /* linux id : uid or gid */
56	SID sid; / Windows id : usid or gsid */
57	int grcnt; /* group count (for users only) */
58	gid_t groups; / groups which the user is member of */
59	};
60
61	/*
62	* Entry in the permissions cache
63	* Note : this cache is not organized as a generic cache
64	*/
65
66	struct CACHED_PERMISSIONS {
67	uid_t uid;
68	gid_t gid;
69	le32 inh_fileid;
70	le32 inh_dirid;
71	#if POSIXACLS
72	struct POSIX_SECURITY *pxdesc;
73	unsigned int pxdescsize:16;
74	#endif
75	unsigned int mode:12;
76	unsigned int valid:1;
77	} ;
78
79	/*
80	* Entry in the permissions cache for directories with no security_id
81	*/
82
83	struct CACHED_PERMISSIONS_LEGACY {
84	struct CACHED_PERMISSIONS_LEGACY *next;
85	struct CACHED_PERMISSIONS_LEGACY *previous;
86	void *variable;
87	size_t varsize;
88	union ALIGNMENT payload[0];
89	/* above fields must match "struct CACHED_GENERIC" */
90	u64 mft_no;
91	struct CACHED_PERMISSIONS perm;
92	} ;
93
94	/*
95	* Entry in the securid cache
96	*/
97
98	struct CACHED_SECURID {
99	struct CACHED_SECURID *next;
100	struct CACHED_SECURID *previous;
101	void *variable;
102	size_t varsize;
103	union ALIGNMENT payload[0];
104	/* above fields must match "struct CACHED_GENERIC" */
105	uid_t uid;
106	gid_t gid;
107	unsigned int dmode;
108	le32 securid;
109	} ;
110
111	/*
112	* Header of the security cache
113	* (has no cache structure by itself)
114	*/
115
116	struct CACHED_PERMISSIONS_HEADER {
117	unsigned int last;
118	/* statistics for permissions */
119	unsigned long p_writes;
120	unsigned long p_reads;
121	unsigned long p_hits;
122	} ;
123
124	/*
125	* The whole permissions cache
126	*/
127
128	struct PERMISSIONS_CACHE {
129	struct CACHED_PERMISSIONS_HEADER head;
130	struct CACHED_PERMISSIONS cachetable[1]; / array of variable size */
131	} ;
132
133	/*
134	* Security flags values
135	*/
136
137	enum {
138	SECURITY_DEFAULT, /* rely on fuse for permissions checking */
139	SECURITY_RAW, /* force same ownership/permissions on files */
140	SECURITY_ACL, /* enable Posix ACLs (when compiled in) */
141	SECURITY_ADDSECURIDS, /* upgrade old security descriptors */
142	SECURITY_STATICGRPS, /* use static groups for access control */
143	SECURITY_WANTED /* a security related option was present */
144	} ;
145
146	/*
147	* Security context, needed by most security functions
148	*/
149
150	enum { MAPUSERS, MAPGROUPS, MAPCOUNT } ;
151
152	struct SECURITY_CONTEXT {
153	ntfs_volume *vol;
154	struct MAPPING *mapping[MAPCOUNT];
155	struct PERMISSIONS_CACHE **pseccache;
156	uid_t uid; /* uid of user requesting (not the mounter) */
157	gid_t gid; /* gid of user requesting (not the mounter) */
158	pid_t tid; /* thread id of thread requesting */
159	mode_t umask; /* umask of requesting thread */
160	} ;
161
162	#if POSIXACLS
163
164	/*
165	* Posix ACL structures
166	*/
167
168	struct POSIX_ACE {
169	u16 tag;
170	u16 perms;
171	s32 id;
172	} __attribute__((__packed__));
173
174	struct POSIX_ACL {
175	u8 version;
176	u8 flags;
177	u16 filler;
178	struct POSIX_ACE ace[0];
179	} __attribute__((__packed__));
180
181	struct POSIX_SECURITY {
182	mode_t mode;
183	int acccnt;
184	int defcnt;
185	int firstdef;
186	u16 tagsset;
187	s32 alignment[0];
188	struct POSIX_ACL acl;
189	} ;
190
191	/*
192	* Posix tags, cpu-endian 16 bits
193	*/
194
195	enum {
196	POSIX_ACL_USER_OBJ = 1,
197	POSIX_ACL_USER = 2,
198	POSIX_ACL_GROUP_OBJ = 4,
199	POSIX_ACL_GROUP = 8,
200	POSIX_ACL_MASK = 16,
201	POSIX_ACL_OTHER = 32,
202	POSIX_ACL_SPECIAL = 64 /* internal use only */
203	} ;
204
205	#define POSIX_ACL_EXTENSIONS (POSIX_ACL_USER \| POSIX_ACL_GROUP \| POSIX_ACL_MASK)
206
207	/*
208	* Posix permissions, cpu-endian 16 bits
209	*/
210
211	enum {
212	POSIX_PERM_X = 1,
213	POSIX_PERM_W = 2,
214	POSIX_PERM_R = 4,
215	POSIX_PERM_DENIAL = 64 /* internal use only */
216	} ;
217
218	#define POSIX_VERSION 2
219
220	#endif
221
222	extern BOOL ntfs_guid_is_zero(const GUID *guid);
223	extern char ntfs_guid_to_mbs(const GUID guid, char *guid_str);
224
225	/**
226	* ntfs_sid_is_valid - determine if a SID is valid
227	* @sid: SID for which to determine if it is valid
228	*
229	* Determine if the SID pointed to by @sid is valid.
230	*
231	* Return TRUE if it is valid and FALSE otherwise.
232	*/
233	static __inline__ BOOL ntfs_sid_is_valid(const SID *sid)
234	{
235	if (!sid \|\| sid->revision != SID_REVISION \|\|
236	sid->sub_authority_count > SID_MAX_SUB_AUTHORITIES)
237	return FALSE;
238	return TRUE;
239	}
240
241	extern int ntfs_sid_to_mbs_size(const SID *sid);
242	extern char ntfs_sid_to_mbs(const SID sid, char *sid_str,
243	size_t sid_str_size);
244	extern void ntfs_generate_guid(GUID *guid);
245	extern int ntfs_sd_add_everyone(ntfs_inode *ni);
246
247	extern le32 ntfs_security_hash(const SECURITY_DESCRIPTOR_RELATIVE *sd,
248	const u32 len);
249
250	int ntfs_build_mapping(struct SECURITY_CONTEXT scx, const char usermap_path,
251	BOOL allowdef);
252	int ntfs_get_owner_mode(struct SECURITY_CONTEXT *scx,
253	ntfs_inode ni, struct stat);
254	int ntfs_set_mode(struct SECURITY_CONTEXT scx, ntfs_inode ni, mode_t mode);
255	BOOL ntfs_allowed_as_owner(struct SECURITY_CONTEXT scx, ntfs_inode ni);
256	int ntfs_allowed_access(struct SECURITY_CONTEXT *scx,
257	ntfs_inode *ni, int accesstype);
258	int ntfs_allowed_create(struct SECURITY_CONTEXT *scx,
259	ntfs_inode ni, gid_t pgid, mode_t *pdsetgid);
260	BOOL old_ntfs_allowed_dir_access(struct SECURITY_CONTEXT *scx,
261	const char *path, int accesstype);
262
263	#if POSIXACLS
264	le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
265	uid_t uid, gid_t gid, ntfs_inode *dir_ni,
266	mode_t mode, BOOL isdir);
267	#else
268	le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
269	uid_t uid, gid_t gid, mode_t mode, BOOL isdir);
270	#endif
271	int ntfs_set_owner(struct SECURITY_CONTEXT scx, ntfs_inode ni,
272	uid_t uid, gid_t gid);
273	int ntfs_set_ownmod(struct SECURITY_CONTEXT *scx,
274	ntfs_inode *ni, uid_t uid, gid_t gid, mode_t mode);
275	#if POSIXACLS
276	int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx,
277	ntfs_inode *ni, uid_t uid, gid_t gid,
278	mode_t mode, struct POSIX_SECURITY *pxdesc);
279	#else
280	int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx,
281	ntfs_inode *ni, uid_t uid, gid_t gid, mode_t mode);
282	#endif
283	le32 ntfs_inherited_id(struct SECURITY_CONTEXT *scx,
284	ntfs_inode *dir_ni, BOOL fordir);
285	int ntfs_open_secure(ntfs_volume *vol);
286	void ntfs_close_secure(struct SECURITY_CONTEXT *scx);
287
288	#if POSIXACLS
289
290	int ntfs_set_inherited_posix(struct SECURITY_CONTEXT *scx,
291	ntfs_inode *ni, uid_t uid, gid_t gid,
292	ntfs_inode *dir_ni, mode_t mode);
293	int ntfs_get_posix_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
294	const char name, char value, size_t size);
295	int ntfs_set_posix_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
296	const char name, const char value, size_t size,
297	int flags);
298	int ntfs_remove_posix_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
299	const char *name);
300	#endif
301
302	int ntfs_get_ntfs_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
303	char *value, size_t size);
304	int ntfs_set_ntfs_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
305	const char *value, size_t size, int flags);
306
307	int ntfs_get_ntfs_attrib(ntfs_inode ni, char value, size_t size);
308	int ntfs_set_ntfs_attrib(ntfs_inode *ni,
309	const char *value, size_t size, int flags);
310
311
312	/*
313	* Security API for direct access to security descriptors
314	* based on Win32 API
315	*/
316
317	#define MAGIC_API 0x09042009
318
319	struct SECURITY_API {
320	u32 magic;
321	struct SECURITY_CONTEXT security;
322	struct PERMISSIONS_CACHE *seccache;
323	} ;
324
325	/*
326	* The following constants are used in interfacing external programs.
327	* They are not to be stored on disk and must be defined in their
328	* native cpu representation.
329	* When disk representation (le) is needed, use SE_DACL_PRESENT, etc.
330	*/
331	enum { OWNER_SECURITY_INFORMATION = 1,
332	GROUP_SECURITY_INFORMATION = 2,
333	DACL_SECURITY_INFORMATION = 4,
334	SACL_SECURITY_INFORMATION = 8
335	} ;
336
337	int ntfs_get_file_security(struct SECURITY_API *scapi,
338	const char *path, u32 selection,
339	char buf, u32 buflen, u32 psize);
340	int ntfs_set_file_security(struct SECURITY_API *scapi,
341	const char path, u32 selection, const char attr);
342	int ntfs_get_file_attributes(struct SECURITY_API *scapi,
343	const char *path);
344	BOOL ntfs_set_file_attributes(struct SECURITY_API *scapi,
345	const char *path, s32 attrib);
346	BOOL ntfs_read_directory(struct SECURITY_API *scapi,
347	const char path, ntfs_filldir_t callback, void context);
348	int ntfs_read_sds(struct SECURITY_API *scapi,
349	char *buf, u32 size, u32 offset);
350	INDEX_ENTRY ntfs_read_sii(struct SECURITY_API scapi,
351	INDEX_ENTRY *entry);
352	INDEX_ENTRY ntfs_read_sdh(struct SECURITY_API scapi,
353	INDEX_ENTRY *entry);
354	struct SECURITY_API ntfs_initialize_file_security(const char device,
355	unsigned long flags);
356	BOOL ntfs_leave_file_security(struct SECURITY_API *scx);
357
358	int ntfs_get_usid(struct SECURITY_API scapi, uid_t uid, char buf);
359	int ntfs_get_gsid(struct SECURITY_API scapi, gid_t gid, char buf);
360	int ntfs_get_user(struct SECURITY_API scapi, const SID usid);
361	int ntfs_get_group(struct SECURITY_API scapi, const SID gsid);
362
363	#endif /* defined _NTFS_SECURITY_H */
364