Blame - include/ntfs-3g/security.h - platform_external_ntfs-3g

blob: d28bc89bff0463010d1d64530688f8f167ff0710 [file] [log] [blame]

Steve Kondik	2111ad7	2013-07-07 12:07:44 -0700	[diff] [blame]	1	/*
				2	* security.h - Exports for handling security/ACLs in NTFS.
				3	* Originated from the Linux-NTFS project.
				4	*
				5	* Copyright (c) 2004 Anton Altaparmakov
				6	* Copyright (c) 2005-2006 Szabolcs Szakacsits
				7	* Copyright (c) 2007-2010 Jean-Pierre Andre
				8	*
				9	* This program/include file is free software; you can redistribute it and/or
				10	* modify it under the terms of the GNU General Public License as published
				11	* by the Free Software Foundation; either version 2 of the License, or
				12	* (at your option) any later version.
				13	*
				14	* This program/include file is distributed in the hope that it will be
				15	* useful, but WITHOUT ANY WARRANTY; without even the implied warranty
				16	* of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				17	* GNU General Public License for more details.
				18	*
				19	* You should have received a copy of the GNU General Public License
				20	* along with this program (in the main directory of the NTFS-3G
				21	* distribution in the file COPYING); if not, write to the Free Software
				22	* Foundation,Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
				23	*/
				24
				25	#ifndef _NTFS_SECURITY_H
				26	#define _NTFS_SECURITY_H
				27
				28	#include "types.h"
				29	#include "layout.h"
				30	#include "inode.h"
				31	#include "dir.h"
Steve Kondik	e68cb60	2016-08-28 00:45:36 -0700	[diff] [blame]	32	#include "endians.h"
Steve Kondik	2111ad7	2013-07-07 12:07:44 -0700	[diff] [blame]	33
				34	#ifndef POSIXACLS
				35	#define POSIXACLS 0
				36	#endif
				37
Steve Kondik	2111ad7	2013-07-07 12:07:44 -0700	[diff] [blame]	38	/*
				39	* item in the mapping list
				40	*/
				41
				42	struct MAPPING {
				43	struct MAPPING *next;
				44	int xid; /* linux id : uid or gid */
				45	SID sid; / Windows id : usid or gsid */
				46	int grcnt; /* group count (for users only) */
				47	gid_t groups; / groups which the user is member of */
				48	};
				49
				50	/*
				51	* Entry in the permissions cache
				52	* Note : this cache is not organized as a generic cache
				53	*/
				54
				55	struct CACHED_PERMISSIONS {
				56	uid_t uid;
				57	gid_t gid;
				58	le32 inh_fileid;
				59	le32 inh_dirid;
				60	#if POSIXACLS
				61	struct POSIX_SECURITY *pxdesc;
				62	unsigned int pxdescsize:16;
				63	#endif
				64	unsigned int mode:12;
				65	unsigned int valid:1;
				66	} ;
				67
				68	/*
				69	* Entry in the permissions cache for directories with no security_id
				70	*/
				71
				72	struct CACHED_PERMISSIONS_LEGACY {
				73	struct CACHED_PERMISSIONS_LEGACY *next;
				74	struct CACHED_PERMISSIONS_LEGACY *previous;
				75	void *variable;
				76	size_t varsize;
				77	union ALIGNMENT payload[0];
				78	/* above fields must match "struct CACHED_GENERIC" */
				79	u64 mft_no;
				80	struct CACHED_PERMISSIONS perm;
				81	} ;
				82
				83	/*
				84	* Entry in the securid cache
				85	*/
				86
				87	struct CACHED_SECURID {
				88	struct CACHED_SECURID *next;
				89	struct CACHED_SECURID *previous;
				90	void *variable;
				91	size_t varsize;
				92	union ALIGNMENT payload[0];
				93	/* above fields must match "struct CACHED_GENERIC" */
				94	uid_t uid;
				95	gid_t gid;
				96	unsigned int dmode;
				97	le32 securid;
				98	} ;
				99
				100	/*
				101	* Header of the security cache
				102	* (has no cache structure by itself)
				103	*/
				104
				105	struct CACHED_PERMISSIONS_HEADER {
				106	unsigned int last;
				107	/* statistics for permissions */
				108	unsigned long p_writes;
				109	unsigned long p_reads;
				110	unsigned long p_hits;
				111	} ;
				112
				113	/*
				114	* The whole permissions cache
				115	*/
				116
				117	struct PERMISSIONS_CACHE {
				118	struct CACHED_PERMISSIONS_HEADER head;
				119	struct CACHED_PERMISSIONS cachetable[1]; / array of variable size */
				120	} ;
				121
				122	/*
				123	* Security flags values
				124	*/
				125
				126	enum {
				127	SECURITY_DEFAULT, /* rely on fuse for permissions checking */
				128	SECURITY_RAW, /* force same ownership/permissions on files */
				129	SECURITY_ACL, /* enable Posix ACLs (when compiled in) */
				130	SECURITY_ADDSECURIDS, /* upgrade old security descriptors */
				131	SECURITY_STATICGRPS, /* use static groups for access control */
				132	SECURITY_WANTED /* a security related option was present */
				133	} ;
				134
				135	/*
				136	* Security context, needed by most security functions
				137	*/
				138
				139	enum { MAPUSERS, MAPGROUPS, MAPCOUNT } ;
				140
				141	struct SECURITY_CONTEXT {
				142	ntfs_volume *vol;
				143	struct MAPPING *mapping[MAPCOUNT];
				144	struct PERMISSIONS_CACHE **pseccache;
				145	uid_t uid; /* uid of user requesting (not the mounter) */
				146	gid_t gid; /* gid of user requesting (not the mounter) */
				147	pid_t tid; /* thread id of thread requesting */
				148	mode_t umask; /* umask of requesting thread */
				149	} ;
				150
				151	#if POSIXACLS
				152
				153	/*
				154	* Posix ACL structures
				155	*/
				156
				157	struct POSIX_ACE {
				158	u16 tag;
				159	u16 perms;
				160	s32 id;
				161	} __attribute__((__packed__));
				162
				163	struct POSIX_ACL {
				164	u8 version;
				165	u8 flags;
				166	u16 filler;
				167	struct POSIX_ACE ace[0];
				168	} __attribute__((__packed__));
				169
				170	struct POSIX_SECURITY {
				171	mode_t mode;
				172	int acccnt;
				173	int defcnt;
				174	int firstdef;
				175	u16 tagsset;
				176	s32 alignment[0];
				177	struct POSIX_ACL acl;
				178	} ;
				179
				180	/*
				181	* Posix tags, cpu-endian 16 bits
				182	*/
				183
				184	enum {
				185	POSIX_ACL_USER_OBJ = 1,
				186	POSIX_ACL_USER = 2,
				187	POSIX_ACL_GROUP_OBJ = 4,
				188	POSIX_ACL_GROUP = 8,
				189	POSIX_ACL_MASK = 16,
				190	POSIX_ACL_OTHER = 32,
				191	POSIX_ACL_SPECIAL = 64 /* internal use only */
				192	} ;
				193
				194	#define POSIX_ACL_EXTENSIONS (POSIX_ACL_USER \| POSIX_ACL_GROUP \| POSIX_ACL_MASK)
				195
				196	/*
				197	* Posix permissions, cpu-endian 16 bits
				198	*/
				199
				200	enum {
				201	POSIX_PERM_X = 1,
				202	POSIX_PERM_W = 2,
				203	POSIX_PERM_R = 4,
				204	POSIX_PERM_DENIAL = 64 /* internal use only */
				205	} ;
				206
				207	#define POSIX_VERSION 2
				208
				209	#endif
				210
				211	extern BOOL ntfs_guid_is_zero(const GUID *guid);
				212	extern char ntfs_guid_to_mbs(const GUID guid, char *guid_str);
				213
Steve Kondik	2111ad7	2013-07-07 12:07:44 -0700	[diff] [blame]	214	extern int ntfs_sid_to_mbs_size(const SID *sid);
				215	extern char ntfs_sid_to_mbs(const SID sid, char *sid_str,
				216	size_t sid_str_size);
				217	extern void ntfs_generate_guid(GUID *guid);
				218	extern int ntfs_sd_add_everyone(ntfs_inode *ni);
				219
				220	extern le32 ntfs_security_hash(const SECURITY_DESCRIPTOR_RELATIVE *sd,
				221	const u32 len);
				222
				223	int ntfs_build_mapping(struct SECURITY_CONTEXT scx, const char usermap_path,
				224	BOOL allowdef);
				225	int ntfs_get_owner_mode(struct SECURITY_CONTEXT *scx,
				226	ntfs_inode ni, struct stat);
				227	int ntfs_set_mode(struct SECURITY_CONTEXT scx, ntfs_inode ni, mode_t mode);
				228	BOOL ntfs_allowed_as_owner(struct SECURITY_CONTEXT scx, ntfs_inode ni);
				229	int ntfs_allowed_access(struct SECURITY_CONTEXT *scx,
				230	ntfs_inode *ni, int accesstype);
				231	int ntfs_allowed_create(struct SECURITY_CONTEXT *scx,
				232	ntfs_inode ni, gid_t pgid, mode_t *pdsetgid);
				233	BOOL old_ntfs_allowed_dir_access(struct SECURITY_CONTEXT *scx,
				234	const char *path, int accesstype);
				235
				236	#if POSIXACLS
				237	le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
				238	uid_t uid, gid_t gid, ntfs_inode *dir_ni,
				239	mode_t mode, BOOL isdir);
				240	#else
				241	le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
				242	uid_t uid, gid_t gid, mode_t mode, BOOL isdir);
				243	#endif
				244	int ntfs_set_owner(struct SECURITY_CONTEXT scx, ntfs_inode ni,
				245	uid_t uid, gid_t gid);
				246	int ntfs_set_ownmod(struct SECURITY_CONTEXT *scx,
				247	ntfs_inode *ni, uid_t uid, gid_t gid, mode_t mode);
				248	#if POSIXACLS
				249	int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx,
				250	ntfs_inode *ni, uid_t uid, gid_t gid,
				251	mode_t mode, struct POSIX_SECURITY *pxdesc);
				252	#else
				253	int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx,
				254	ntfs_inode *ni, uid_t uid, gid_t gid, mode_t mode);
				255	#endif
				256	le32 ntfs_inherited_id(struct SECURITY_CONTEXT *scx,
				257	ntfs_inode *dir_ni, BOOL fordir);
				258	int ntfs_open_secure(ntfs_volume *vol);
				259	void ntfs_close_secure(struct SECURITY_CONTEXT *scx);
				260
				261	#if POSIXACLS
				262
				263	int ntfs_set_inherited_posix(struct SECURITY_CONTEXT *scx,
				264	ntfs_inode *ni, uid_t uid, gid_t gid,
				265	ntfs_inode *dir_ni, mode_t mode);
				266	int ntfs_get_posix_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
				267	const char name, char value, size_t size);
				268	int ntfs_set_posix_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
				269	const char name, const char value, size_t size,
				270	int flags);
				271	int ntfs_remove_posix_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
				272	const char *name);
				273	#endif
				274
				275	int ntfs_get_ntfs_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
				276	char *value, size_t size);
				277	int ntfs_set_ntfs_acl(struct SECURITY_CONTEXT scx, ntfs_inode ni,
				278	const char *value, size_t size, int flags);
				279
				280	int ntfs_get_ntfs_attrib(ntfs_inode ni, char value, size_t size);
				281	int ntfs_set_ntfs_attrib(ntfs_inode *ni,
				282	const char *value, size_t size, int flags);
				283
				284
				285	/*
				286	* Security API for direct access to security descriptors
				287	* based on Win32 API
				288	*/
				289
				290	#define MAGIC_API 0x09042009
				291
				292	struct SECURITY_API {
				293	u32 magic;
				294	struct SECURITY_CONTEXT security;
				295	struct PERMISSIONS_CACHE *seccache;
				296	} ;
				297
				298	/*
				299	* The following constants are used in interfacing external programs.
				300	* They are not to be stored on disk and must be defined in their
				301	* native cpu representation.
				302	* When disk representation (le) is needed, use SE_DACL_PRESENT, etc.
				303	*/
				304	enum { OWNER_SECURITY_INFORMATION = 1,
				305	GROUP_SECURITY_INFORMATION = 2,
				306	DACL_SECURITY_INFORMATION = 4,
				307	SACL_SECURITY_INFORMATION = 8
				308	} ;
				309
				310	int ntfs_get_file_security(struct SECURITY_API *scapi,
				311	const char *path, u32 selection,
				312	char buf, u32 buflen, u32 psize);
				313	int ntfs_set_file_security(struct SECURITY_API *scapi,
				314	const char path, u32 selection, const char attr);
				315	int ntfs_get_file_attributes(struct SECURITY_API *scapi,
				316	const char *path);
				317	BOOL ntfs_set_file_attributes(struct SECURITY_API *scapi,
				318	const char *path, s32 attrib);
				319	BOOL ntfs_read_directory(struct SECURITY_API *scapi,
				320	const char path, ntfs_filldir_t callback, void context);
				321	int ntfs_read_sds(struct SECURITY_API *scapi,
				322	char *buf, u32 size, u32 offset);
				323	INDEX_ENTRY ntfs_read_sii(struct SECURITY_API scapi,
				324	INDEX_ENTRY *entry);
				325	INDEX_ENTRY ntfs_read_sdh(struct SECURITY_API scapi,
				326	INDEX_ENTRY *entry);
				327	struct SECURITY_API ntfs_initialize_file_security(const char device,
				328	unsigned long flags);
				329	BOOL ntfs_leave_file_security(struct SECURITY_API *scx);
				330
				331	int ntfs_get_usid(struct SECURITY_API scapi, uid_t uid, char buf);
				332	int ntfs_get_gsid(struct SECURITY_API scapi, gid_t gid, char buf);
				333	int ntfs_get_user(struct SECURITY_API scapi, const SID usid);
				334	int ntfs_get_group(struct SECURITY_API scapi, const SID gsid);
				335
				336	#endif /* defined _NTFS_SECURITY_H */