1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 #ifndef _CIFSACL_H
23 #define _CIFSACL_H
24
25
26 #define NUM_AUTHS (6)
27 #define SID_MAX_SUB_AUTHORITIES (15)
28
29 #define READ_BIT 0x4
30 #define WRITE_BIT 0x2
31 #define EXEC_BIT 0x1
32
33 #define UBITSHIFT 6
34 #define GBITSHIFT 3
35
36 #define ACCESS_ALLOWED 0
37 #define ACCESS_DENIED 1
38
39 #define SIDOWNER 1
40 #define SIDGROUP 2
41
42
43
44
45
46 #define DEFAULT_SEC_DESC_LEN (sizeof(struct cifs_ntsd) + \
47 sizeof(struct cifs_acl) + \
48 (sizeof(struct cifs_ace) * 4))
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65 #define SID_STRING_BASE_SIZE (2 + 3 + 15 + 1)
66 #define SID_STRING_SUBAUTH_SIZE (11)
67
68 struct cifs_ntsd {
69 __le16 revision;
70 __le16 type;
71 __le32 osidoffset;
72 __le32 gsidoffset;
73 __le32 sacloffset;
74 __le32 dacloffset;
75 } __attribute__((packed));
76
77 struct cifs_sid {
78 __u8 revision;
79 __u8 num_subauth;
80 __u8 authority[NUM_AUTHS];
81 __le32 sub_auth[SID_MAX_SUB_AUTHORITIES];
82 } __attribute__((packed));
83
84
85 #define CIFS_SID_BASE_SIZE (1 + 1 + NUM_AUTHS)
86
87 struct cifs_acl {
88 __le16 revision;
89 __le16 size;
90 __le32 num_aces;
91 } __attribute__((packed));
92
93
94 #define ACCESS_ALLOWED_ACE_TYPE 0x00
95 #define ACCESS_DENIED_ACE_TYPE 0x01
96 #define SYSTEM_AUDIT_ACE_TYPE 0x02
97 #define SYSTEM_ALARM_ACE_TYPE 0x03
98 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x04
99 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE 0x05
100 #define ACCESS_DENIED_OBJECT_ACE_TYPE 0x06
101 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE 0x07
102 #define SYSTEM_ALARM_OBJECT_ACE_TYPE 0x08
103 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE 0x09
104 #define ACCESS_DENIED_CALLBACK_ACE_TYPE 0x0A
105 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE 0x0B
106 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE 0x0C
107 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE 0x0D
108 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE 0x0E
109 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE 0x0F
110 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 0x10
111 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE 0x11
112 #define SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE 0x12
113 #define SYSTEM_SCOPED_POLICY_ID_ACE_TYPE 0x13
114
115
116 #define OBJECT_INHERIT_ACE 0x01
117 #define CONTAINER_INHERIT_ACE 0x02
118 #define NO_PROPAGATE_INHERIT_ACE 0x04
119 #define INHERIT_ONLY_ACE 0x08
120 #define INHERITED_ACE 0x10
121 #define SUCCESSFUL_ACCESS_ACE_FLAG 0x40
122 #define FAILED_ACCESS_ACE_FLAG 0x80
123
124 struct cifs_ace {
125 __u8 type;
126 __u8 flags;
127 __le16 size;
128 __le32 access_req;
129 struct cifs_sid sid;
130 } __attribute__((packed));
131
132
133
134
135
136
137
138
139 struct smb3_sd {
140 __u8 Revision;
141 __u8 Sbz1;
142 __le16 Control;
143 __le32 OffsetOwner;
144 __le32 OffsetGroup;
145 __le32 OffsetSacl;
146 __le32 OffsetDacl;
147 } __packed;
148
149
150 #define ACL_CONTROL_SR 0x0001
151 #define ACL_CONTROL_RM 0x0002
152 #define ACL_CONTROL_PS 0x0004
153 #define ACL_CONTROL_PD 0x0008
154 #define ACL_CONTROL_SI 0x0010
155 #define ACL_CONTROL_DI 0x0020
156 #define ACL_CONTROL_SC 0x0040
157 #define ACL_CONTROL_DC 0x0080
158 #define ACL_CONTROL_SS 0x0100
159 #define ACL_CONTROL_DT 0x0200
160 #define ACL_CONTROL_SD 0x0400
161 #define ACL_CONTROL_SP 0x0800
162 #define ACL_CONTROL_DD 0x1000
163 #define ACL_CONTROL_DP 0x2000
164 #define ACL_CONTROL_GD 0x4000
165 #define ACL_CONTROL_OD 0x8000
166
167
168 #define ACL_REVISION 0x02
169 #define ACL_REVISION_DS 0x04
170
171 struct smb3_acl {
172 u8 AclRevision;
173 u8 Sbz1;
174 __le16 AclSize;
175 __le16 AceCount;
176 __le16 Sbz2;
177 } __packed;
178
179
180
181
182
183
184
185
186 #define MIN_SID_LEN (1 + 1 + 6 + 4)
187
188
189
190
191
192 #define MIN_SEC_DESC_LEN (sizeof(struct cifs_ntsd) + (2 * MIN_SID_LEN))
193
194 #endif