xref: /illumos-gate/usr/src/head/rpcsvc/nfs_acl.x (revision 35a5a3587fd94b666239c157d3722745250ccbd7)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  *	Copyright 1994,2001-2003 Sun Microsystems, Inc.
24  *	All rights reserved.
25  *	Use is subject to license terms.
26  */
27 
28 /*
29  * ident	"%Z%%M%	%I%	%E% SMI"
30  */
31 
32 const NFS_ACL_MAX_ENTRIES = 1024;
33 
34 typedef int uid;
35 typedef unsigned short o_mode;
36 
37 /*
38  * This is the format of an ACL which is passed over the network.
39  */
40 struct aclent {
41 	int type;
42 	uid id;
43 	o_mode perm;
44 };
45 
46 /*
47  * The values for the type element of the aclent structure.
48  */
49 const NA_USER_OBJ = 0x1;	/* object owner */
50 const NA_USER = 0x2;		/* additional users */
51 const NA_GROUP_OBJ = 0x4;	/* owning group of the object */
52 const NA_GROUP = 0x8;		/* additional groups */
53 const NA_CLASS_OBJ = 0x10;	/* file group class and mask entry */
54 const NA_OTHER_OBJ = 0x20;	/* other entry for the object */
55 const NA_ACL_DEFAULT = 0x1000;	/* default flag */
56 
57 /*
58  * The bit field values for the perm element of the aclent
59  * structure.  The three values can be combined to form any
60  * of the 8 combinations.
61  */
62 const NA_READ = 0x4;		/* read permission */
63 const NA_WRITE = 0x2;		/* write permission */
64 const NA_EXEC = 0x1;		/* exec permission */
65 
66 /*
67  * This is the structure which contains the ACL entries for a
68  * particular entity.  It contains the ACL entries which apply
69  * to this object plus any default ACL entries which are
70  * inherited by its children.
71  *
72  * The values for the mask field are defined below.
73  */
74 struct secattr {
75 	u_int mask;
76 	int aclcnt;
77 	aclent aclent<NFS_ACL_MAX_ENTRIES>;
78 	int dfaclcnt;
79 	aclent dfaclent<NFS_ACL_MAX_ENTRIES>;
80 };
81 
82 /*
83  * The values for the mask element of the secattr struct as well
84  * as for the mask element in the arguments in the GETACL2 and
85  * GETACL3 procedures.
86  */
87 const NA_ACL = 0x1;		/* aclent contains a valid list */
88 const NA_ACLCNT = 0x2;		/* the number of entries in the aclent list */
89 const NA_DFACL = 0x4;		/* dfaclent contains a valid list */
90 const NA_DFACLCNT = 0x8;	/* the number of entries in the dfaclent list */
91 
92 /*
93  * This the definition for the GETACL procedure which applies to
94  * NFS Version 2.
95  */
96 struct GETACL2args {
97 	fhandle_t fh;
98 	u_int mask;
99 };
100 
101 struct GETACL2resok {
102 	struct nfsfattr attr;
103 	secattr acl;
104 };
105 
106 union GETACL2res switch (enum nfsstat status) {
107 case ACL2_OK:
108 	GETACL2resok resok;
109 default:
110 	void;
111 };
112 
113 /*
114  * This is the definition for the SETACL procedure which applies
115  * NFS Version 2.
116  */
117 struct SETACL2args {
118 	fhandle_t fh;
119 	secattr acl;
120 };
121 
122 struct SETACL2resok {
123 	struct nfsfattr attr;
124 };
125 
126 union SETACL2res switch (enum nfsstat status) {
127 case ACL2_OK:
128 	SETACL2resok resok;
129 default:
130 	void;
131 };
132 
133 /*
134  * This is the definition for the GETATTR procedure which can be
135  * used as an alternative to the GETATTR in NFS Version 2.  The
136  * main difference between this GETATTR and the NFS GETATTR is
137  * that this GETATTR returns the mode of the file without it being
138  * changed to match the min/max permissions mapping that the NFS
139  * Version 2 server does.
140  */
141 struct GETATTR2args {
142 	fhandle_t fh;
143 };
144 
145 struct GETATTR2resok {
146 	struct nfsfattr attr;
147 };
148 
149 union GETATTR2res switch (enum nfsstat status) {
150 case ACL2_OK:
151 	GETATTR2resok resok;
152 default:
153 	void;
154 };
155 
156 /*
157  * This is the definition for the ACCESS procedure which applies
158  * to NFS Version 2.
159  */
160 struct ACCESS2args {
161 	fhandle_t fh;
162 	uint32 access;
163 };
164 
165 /*
166  * The following access permissions may be requested:
167  */
168 const ACCESS2_READ = 0x1;	/* read data or readdir a directory */
169 const ACCESS2_LOOKUP = 0x2;	/* lookup a name in a directory */
170 const ACCESS2_MODIFY = 0x4;	/* rewrite existing file data or */
171 				/* modify existing directory entries */
172 const ACCESS2_EXTEND = 0x8;	/* write new data or add directory entries */
173 const ACCESS2_DELETE = 0x10;	/* delete existing directory entry */
174 const ACCESS2_EXECUTE = 0x20;	/* execute file (no meaning for a directory) */
175 
176 struct ACCESS2resok {
177 	struct nfsfattr attr;
178 	uint32 access;
179 };
180 
181 union ACCESS2res switch (enum nfsstat status) {
182 case ACL2_OK:
183 	ACCESS2resok resok;
184 default:
185 	void;
186 };
187 
188 /*
189  * This is the definition for the GETXATTRDIR procedure which applies
190  * to NFS Version 2 files.
191  */
192 struct GETXATTRDIR2args {
193 	fhandle_t fh;
194 	bool create;
195 };
196 
197 struct GETXATTRDIR2resok {
198 	fhandle_t fh;
199 	struct nfsfattr attr;
200 };
201 
202 union GETXATTRDIR2res switch (enum nfsstat status) {
203 case ACL2_OK:
204 	GETXATTRDIR2resok resok;
205 default:
206 	void;
207 };
208 
209 /*
210  * This is the definition for the GETACL procedure which applies
211  * to NFS Version 3 files.
212  */
213 struct GETACL3args {
214 	nfs_fh3 fh;
215 	u_int mask;
216 };
217 
218 struct GETACL3resok {
219 	post_op_attr attr;
220 	secattr acl;
221 };
222 
223 struct GETACL3resfail {
224 	post_op_attr attr;
225 };
226 
227 union GETACL3res switch (nfsstat3 status) {
228 case ACL3_OK:
229 	GETACL3resok resok;
230 default:
231 	GETACL3resfail resfail;
232 };
233 
234 /*
235  * This is the definition for the SETACL procedure which applies
236  * to NFS Version 3 files.
237  */
238 struct SETACL3args {
239 	nfs_fh3 fh;
240 	secattr acl;
241 };
242 
243 struct SETACL3resok {
244 	post_op_attr attr;
245 };
246 
247 struct SETACL3resfail {
248 	post_op_attr attr;
249 };
250 
251 union SETACL3res switch (nfsstat3 status) {
252 case ACL3_OK:
253 	SETACL3resok resok;
254 default:
255 	SETACL3resfail resfail;
256 };
257 
258 /*
259  * This is the definition for the GETXATTRDIR procedure which applies
260  * to NFS Version 3 files.
261  */
262 struct GETXATTRDIR3args {
263 	nfs_fh3 fh;
264 	bool create;
265 };
266 
267 struct GETXATTRDIR3resok {
268 	nfs_fh3 fh;
269 	post_op_attr attr;
270 };
271 
272 union GETXATTRDIR3res switch (nfsstat3 status) {
273 case ACL3_OK:
274 	GETXATTRDIR3resok resok;
275 default:
276 	void;
277 };
278 
279 /*
280  * XXX {
281  * This is a transitional interface to enable Solaris NFSv4
282  * clients to manipulate ACLs on Solaris servers until the
283  * spec is complete enough to implement this inside the
284  * NFSv4 protocol itself.  NFSv4 does handle extended
285  * attributes in-band.
286  */
287 
288 /*
289  * This is the definition for the GETACL procedure which applies
290  * to NFS Version 4 files.
291  */
292 struct GETACL4args {
293 	nfs_fh4 fh;
294 	u_int mask;
295 };
296 
297 struct GETACL4resok {
298 	post_op_attr attr;
299 	secattr acl;
300 };
301 
302 struct GETACL4resfail {
303 	post_op_attr attr;
304 };
305 
306 union GETACL4res switch (nfsstat3 status) {
307 case ACL4_OK:
308 	GETACL4resok resok;
309 default:
310 	GETACL4resfail resfail;
311 };
312 
313 /*
314  * This is the definition for the SETACL procedure which applies
315  * to NFS Version 4 files.
316  */
317 struct SETACL4args {
318 	nfs_fh4 fh;
319 	secattr acl;
320 };
321 
322 struct SETACL4resok {
323 	post_op_attr attr;
324 };
325 
326 struct SETACL4resfail {
327 	post_op_attr attr;
328 };
329 
330 union SETACL4res switch (nfsstat3 status) {
331 case ACL4_OK:
332 	SETACL4resok resok;
333 default:
334 	SETACL4resfail resfail;
335 };
336 
337 /* XXX } */
338 
339 /*
340  * Share the port with the NFS service.  NFS has to be running
341  * in order for this service to be useful anyway.
342  */
343 const NFS_ACL_PORT = 2049;
344 
345 /*
346  * This is the definition for the ACL network protocol which is used
347  * to provide support for Solaris ACLs for files which are accessed
348  * via NFS Version 2 and NFS Version 3.
349  */
350 program NFS_ACL_PROGRAM {
351 	version NFS_ACL_V2 {
352 		void
353 		 ACLPROC2_NULL(void) = 0;
354 		GETACL2res
355 		 ACLPROC2_GETACL(GETACL2args) = 1;
356 		SETACL2res
357 		 ACLPROC2_SETACL(SETACL2args) = 2;
358 		GETATTR2res
359 		 ACLPROC2_GETATTR(GETATTR2args) = 3;
360 		ACCESS2res
361 		 ACLPROC2_ACCESS(ACCESS2args) = 4;
362 		GETXATTRDIR2res
363 		 ACLPROC2_GETXATTRDIR(GETXATTRDIR2args) = 5;
364 	} = 2;
365 	version NFS_ACL_V3 {
366 		void
367 		 ACLPROC3_NULL(void) = 0;
368 		GETACL3res
369 		 ACLPROC3_GETACL(GETACL3args) = 1;
370 		SETACL3res
371 		 ACLPROC3_SETACL(SETACL3args) = 2;
372 		GETXATTRDIR3res
373 		 ACLPROC3_GETXATTRDIR(GETXATTRDIR3args) = 3;
374 	} = 3;
375 	version NFS_ACL_V4 {
376 		void
377 		 ACLPROC4_NULL(void) = 0;
378 		GETACL4res
379 		 ACLPROC4_GETACL(GETACL4args) = 1;
380 		SETACL4res
381 		 ACLPROC4_SETACL(SETACL4args) = 2;
382 	} = 4;
383 } = 100227;
384