1 /*
2  *   fs/cifs/cifsacl.h
3  *
4  *   Copyright (c) International Business Machines  Corp., 2007
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 
22 #ifndef _CIFSACL_H
23 #define _CIFSACL_H
24 
25 
26 #define NUM_AUTHS (6)	/* number of authority fields */
27 #define SID_MAX_SUB_AUTHORITIES (15) /* max number of sub authority fields */
28 
29 #define READ_BIT        0x4
30 #define WRITE_BIT       0x2
31 #define EXEC_BIT        0x1
32 
33 #define UBITSHIFT	6
34 #define GBITSHIFT	3
35 
36 #define ACCESS_ALLOWED	0
37 #define ACCESS_DENIED	1
38 
39 #define SIDOWNER 1
40 #define SIDGROUP 2
41 
42 /*
43  * Security Descriptor length containing DACL with 3 ACEs (one each for
44  * owner, group and world).
45  */
46 #define DEFAULT_SEC_DESC_LEN (sizeof(struct cifs_ntsd) + \
47 			      sizeof(struct cifs_acl) + \
48 			      (sizeof(struct cifs_ace) * 3))
49 
50 /*
51  * Maximum size of a string representation of a SID:
52  *
53  * The fields are unsigned values in decimal. So:
54  *
55  * u8:  max 3 bytes in decimal
56  * u32: max 10 bytes in decimal
57  *
58  * "S-" + 3 bytes for version field + 15 for authority field + NULL terminator
59  *
60  * For authority field, max is when all 6 values are non-zero and it must be
61  * represented in hex. So "-0x" + 12 hex digits.
62  *
63  * Add 11 bytes for each subauthority field (10 bytes each + 1 for '-')
64  */
65 #define SID_STRING_BASE_SIZE (2 + 3 + 15 + 1)
66 #define SID_STRING_SUBAUTH_SIZE (11) /* size of a single subauth string */
67 
68 struct cifs_ntsd {
69 	__le16 revision; /* revision level */
70 	__le16 type;
71 	__le32 osidoffset;
72 	__le32 gsidoffset;
73 	__le32 sacloffset;
74 	__le32 dacloffset;
75 } __attribute__((packed));
76 
77 struct cifs_sid {
78 	__u8 revision; /* revision level */
79 	__u8 num_subauth;
80 	__u8 authority[NUM_AUTHS];
81 	__le32 sub_auth[SID_MAX_SUB_AUTHORITIES]; /* sub_auth[num_subauth] */
82 } __attribute__((packed));
83 
84 /* size of a struct cifs_sid, sans sub_auth array */
85 #define CIFS_SID_BASE_SIZE (1 + 1 + NUM_AUTHS)
86 
87 struct cifs_acl {
88 	__le16 revision; /* revision level */
89 	__le16 size;
90 	__le32 num_aces;
91 } __attribute__((packed));
92 
93 struct cifs_ace {
94 	__u8 type;
95 	__u8 flags;
96 	__le16 size;
97 	__le32 access_req;
98 	struct cifs_sid sid; /* ie UUID of user or group who gets these perms */
99 } __attribute__((packed));
100 
101 /*
102  * Minimum security identifier can be one for system defined Users
103  * and Groups such as NULL SID and World or Built-in accounts such
104  * as Administrator and Guest and consists of
105  * Revision + Num (Sub)Auths + Authority + Domain (one Subauthority)
106  */
107 #define MIN_SID_LEN  (1 + 1 + 6 + 4) /* in bytes */
108 
109 /*
110  * Minimum security descriptor can be one without any SACL and DACL and can
111  * consist of revision, type, and two sids of minimum size for owner and group
112  */
113 #define MIN_SEC_DESC_LEN  (sizeof(struct cifs_ntsd) + (2 * MIN_SID_LEN))
114 
115 #endif /* _CIFSACL_H */
116