xref: /illumos-gate/usr/src/head/rpcsvc/nfs_acl.x (revision ab017dba278352f85f904f92ba32ab12cee76cb2)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  *	Copyright 1994,2001-2003 Sun Microsystems, Inc.
24  *	All rights reserved.
25  *	Use is subject to license terms.
26  */
27 
28 const NFS_ACL_MAX_ENTRIES = 1024;
29 
30 typedef int uid;
31 typedef unsigned short o_mode;
32 
33 /*
34  * This is the format of an ACL which is passed over the network.
35  */
36 struct aclent {
37 	int type;
38 	uid id;
39 	o_mode perm;
40 };
41 
42 /*
43  * The values for the type element of the aclent structure.
44  */
45 const NA_USER_OBJ = 0x1;	/* object owner */
46 const NA_USER = 0x2;		/* additional users */
47 const NA_GROUP_OBJ = 0x4;	/* owning group of the object */
48 const NA_GROUP = 0x8;		/* additional groups */
49 const NA_CLASS_OBJ = 0x10;	/* file group class and mask entry */
50 const NA_OTHER_OBJ = 0x20;	/* other entry for the object */
51 const NA_ACL_DEFAULT = 0x1000;	/* default flag */
52 
53 /*
54  * The bit field values for the perm element of the aclent
55  * structure.  The three values can be combined to form any
56  * of the 8 combinations.
57  */
58 const NA_READ = 0x4;		/* read permission */
59 const NA_WRITE = 0x2;		/* write permission */
60 const NA_EXEC = 0x1;		/* exec permission */
61 
62 /*
63  * This is the structure which contains the ACL entries for a
64  * particular entity.  It contains the ACL entries which apply
65  * to this object plus any default ACL entries which are
66  * inherited by its children.
67  *
68  * The values for the mask field are defined below.
69  */
70 struct secattr {
71 	u_int mask;
72 	int aclcnt;
73 	aclent aclent<NFS_ACL_MAX_ENTRIES>;
74 	int dfaclcnt;
75 	aclent dfaclent<NFS_ACL_MAX_ENTRIES>;
76 };
77 
78 /*
79  * The values for the mask element of the secattr struct as well
80  * as for the mask element in the arguments in the GETACL2 and
81  * GETACL3 procedures.
82  */
83 const NA_ACL = 0x1;		/* aclent contains a valid list */
84 const NA_ACLCNT = 0x2;		/* the number of entries in the aclent list */
85 const NA_DFACL = 0x4;		/* dfaclent contains a valid list */
86 const NA_DFACLCNT = 0x8;	/* the number of entries in the dfaclent list */
87 
88 /*
89  * This the definition for the GETACL procedure which applies to
90  * NFS Version 2.
91  */
92 struct GETACL2args {
93 	fhandle_t fh;
94 	u_int mask;
95 };
96 
97 struct GETACL2resok {
98 	struct nfsfattr attr;
99 	secattr acl;
100 };
101 
102 union GETACL2res switch (enum nfsstat status) {
103 case ACL2_OK:
104 	GETACL2resok resok;
105 default:
106 	void;
107 };
108 
109 /*
110  * This is the definition for the SETACL procedure which applies
111  * NFS Version 2.
112  */
113 struct SETACL2args {
114 	fhandle_t fh;
115 	secattr acl;
116 };
117 
118 struct SETACL2resok {
119 	struct nfsfattr attr;
120 };
121 
122 union SETACL2res switch (enum nfsstat status) {
123 case ACL2_OK:
124 	SETACL2resok resok;
125 default:
126 	void;
127 };
128 
129 /*
130  * This is the definition for the GETATTR procedure which can be
131  * used as an alternative to the GETATTR in NFS Version 2.  The
132  * main difference between this GETATTR and the NFS GETATTR is
133  * that this GETATTR returns the mode of the file without it being
134  * changed to match the min/max permissions mapping that the NFS
135  * Version 2 server does.
136  */
137 struct GETATTR2args {
138 	fhandle_t fh;
139 };
140 
141 struct GETATTR2resok {
142 	struct nfsfattr attr;
143 };
144 
145 union GETATTR2res switch (enum nfsstat status) {
146 case ACL2_OK:
147 	GETATTR2resok resok;
148 default:
149 	void;
150 };
151 
152 /*
153  * This is the definition for the ACCESS procedure which applies
154  * to NFS Version 2.
155  */
156 struct ACCESS2args {
157 	fhandle_t fh;
158 	uint32 access;
159 };
160 
161 /*
162  * The following access permissions may be requested:
163  */
164 const ACCESS2_READ = 0x1;	/* read data or readdir a directory */
165 const ACCESS2_LOOKUP = 0x2;	/* lookup a name in a directory */
166 const ACCESS2_MODIFY = 0x4;	/* rewrite existing file data or */
167 				/* modify existing directory entries */
168 const ACCESS2_EXTEND = 0x8;	/* write new data or add directory entries */
169 const ACCESS2_DELETE = 0x10;	/* delete existing directory entry */
170 const ACCESS2_EXECUTE = 0x20;	/* execute file (no meaning for a directory) */
171 
172 struct ACCESS2resok {
173 	struct nfsfattr attr;
174 	uint32 access;
175 };
176 
177 union ACCESS2res switch (enum nfsstat status) {
178 case ACL2_OK:
179 	ACCESS2resok resok;
180 default:
181 	void;
182 };
183 
184 /*
185  * This is the definition for the GETXATTRDIR procedure which applies
186  * to NFS Version 2 files.
187  */
188 struct GETXATTRDIR2args {
189 	fhandle_t fh;
190 	bool create;
191 };
192 
193 struct GETXATTRDIR2resok {
194 	fhandle_t fh;
195 	struct nfsfattr attr;
196 };
197 
198 union GETXATTRDIR2res switch (enum nfsstat status) {
199 case ACL2_OK:
200 	GETXATTRDIR2resok resok;
201 default:
202 	void;
203 };
204 
205 /*
206  * This is the definition for the GETACL procedure which applies
207  * to NFS Version 3 files.
208  */
209 struct GETACL3args {
210 	nfs_fh3 fh;
211 	u_int mask;
212 };
213 
214 struct GETACL3resok {
215 	post_op_attr attr;
216 	secattr acl;
217 };
218 
219 struct GETACL3resfail {
220 	post_op_attr attr;
221 };
222 
223 union GETACL3res switch (nfsstat3 status) {
224 case ACL3_OK:
225 	GETACL3resok resok;
226 default:
227 	GETACL3resfail resfail;
228 };
229 
230 /*
231  * This is the definition for the SETACL procedure which applies
232  * to NFS Version 3 files.
233  */
234 struct SETACL3args {
235 	nfs_fh3 fh;
236 	secattr acl;
237 };
238 
239 struct SETACL3resok {
240 	post_op_attr attr;
241 };
242 
243 struct SETACL3resfail {
244 	post_op_attr attr;
245 };
246 
247 union SETACL3res switch (nfsstat3 status) {
248 case ACL3_OK:
249 	SETACL3resok resok;
250 default:
251 	SETACL3resfail resfail;
252 };
253 
254 /*
255  * This is the definition for the GETXATTRDIR procedure which applies
256  * to NFS Version 3 files.
257  */
258 struct GETXATTRDIR3args {
259 	nfs_fh3 fh;
260 	bool create;
261 };
262 
263 struct GETXATTRDIR3resok {
264 	nfs_fh3 fh;
265 	post_op_attr attr;
266 };
267 
268 union GETXATTRDIR3res switch (nfsstat3 status) {
269 case ACL3_OK:
270 	GETXATTRDIR3resok resok;
271 default:
272 	void;
273 };
274 
275 /*
276  * XXX {
277  * This is a transitional interface to enable Solaris NFSv4
278  * clients to manipulate ACLs on Solaris servers until the
279  * spec is complete enough to implement this inside the
280  * NFSv4 protocol itself.  NFSv4 does handle extended
281  * attributes in-band.
282  */
283 
284 /*
285  * This is the definition for the GETACL procedure which applies
286  * to NFS Version 4 files.
287  */
288 struct GETACL4args {
289 	nfs_fh4 fh;
290 	u_int mask;
291 };
292 
293 struct GETACL4resok {
294 	post_op_attr attr;
295 	secattr acl;
296 };
297 
298 struct GETACL4resfail {
299 	post_op_attr attr;
300 };
301 
302 union GETACL4res switch (nfsstat3 status) {
303 case ACL4_OK:
304 	GETACL4resok resok;
305 default:
306 	GETACL4resfail resfail;
307 };
308 
309 /*
310  * This is the definition for the SETACL procedure which applies
311  * to NFS Version 4 files.
312  */
313 struct SETACL4args {
314 	nfs_fh4 fh;
315 	secattr acl;
316 };
317 
318 struct SETACL4resok {
319 	post_op_attr attr;
320 };
321 
322 struct SETACL4resfail {
323 	post_op_attr attr;
324 };
325 
326 union SETACL4res switch (nfsstat3 status) {
327 case ACL4_OK:
328 	SETACL4resok resok;
329 default:
330 	SETACL4resfail resfail;
331 };
332 
333 /* XXX } */
334 
335 /*
336  * Share the port with the NFS service.  NFS has to be running
337  * in order for this service to be useful anyway.
338  */
339 const NFS_ACL_PORT = 2049;
340 
341 /*
342  * This is the definition for the ACL network protocol which is used
343  * to provide support for Solaris ACLs for files which are accessed
344  * via NFS Version 2 and NFS Version 3.
345  */
346 program NFS_ACL_PROGRAM {
347 	version NFS_ACL_V2 {
348 		void
349 		 ACLPROC2_NULL(void) = 0;
350 		GETACL2res
351 		 ACLPROC2_GETACL(GETACL2args) = 1;
352 		SETACL2res
353 		 ACLPROC2_SETACL(SETACL2args) = 2;
354 		GETATTR2res
355 		 ACLPROC2_GETATTR(GETATTR2args) = 3;
356 		ACCESS2res
357 		 ACLPROC2_ACCESS(ACCESS2args) = 4;
358 		GETXATTRDIR2res
359 		 ACLPROC2_GETXATTRDIR(GETXATTRDIR2args) = 5;
360 	} = 2;
361 	version NFS_ACL_V3 {
362 		void
363 		 ACLPROC3_NULL(void) = 0;
364 		GETACL3res
365 		 ACLPROC3_GETACL(GETACL3args) = 1;
366 		SETACL3res
367 		 ACLPROC3_SETACL(SETACL3args) = 2;
368 		GETXATTRDIR3res
369 		 ACLPROC3_GETXATTRDIR(GETXATTRDIR3args) = 3;
370 	} = 3;
371 	version NFS_ACL_V4 {
372 		void
373 		 ACLPROC4_NULL(void) = 0;
374 		GETACL4res
375 		 ACLPROC4_GETACL(GETACL4args) = 1;
376 		SETACL4res
377 		 ACLPROC4_SETACL(SETACL4args) = 2;
378 	} = 4;
379 } = 100227;
380