mars_nwe/mars-nwe
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 2 Wiki Activity
Files
2a3834347f2e85b7e34ae039b381ae3876bb5aea
mars-nwe/include/nwnss/include/zasAuthModel.h
Mario Fetka 235a26d9c8 0614 nwnss import COMN backend dependency sweep
2026-06-16 15:31:38 +02:00

380 lines
11 KiB
C
Raw Blame History

/****************************************************************************
|
| (C) Copyright 1993-2005 Novell, Inc.
| All Rights Reserved.
|
| This program is free software; you can redistribute it and/or
| modify it under the terms of version 2 of the GNU General Public
| License as published by the Free Software Foundation.
|
| This program is distributed in the hope that it will be useful,
| but WITHOUT ANY WARRANTY; without even the implied warranty of
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
| GNU General Public License for more details.
|
| You should have received a copy of the GNU General Public License
| along with this program; if not, contact Novell, Inc.
|
| To contact Novell about this file by physical or electronic mail,
| you may find current contact information at www.novell.com
|
|***************************************************************************
|
| NetWare Advance File Services (NSS) Initialization module
|
|---------------------------------------------------------------------------
|
| $Author: randys $
| $Date: 2006-11-28 22:26:54 +0530 (Tue, 28 Nov 2006) $
|
| $RCSfile$
| $Revision: 1694 $
|
|---------------------------------------------------------------------------
| This module is used to:
| This module defines the authorization system native to PSS.
+-------------------------------------------------------------------------*/
#ifndef _ZASAUTHMODEL_H_
#define _ZASAUTHMODEL_H_
#ifndef _OMNI_H_
#include <omni.h>
#endif
#ifndef _LATCH_H_
#include <latch.h>
#endif
#ifndef _COMNBEASTS_H_
#include "comnBeasts.h"
#endif
#ifndef _COMNZAS_H_
#include "comnZAS.h"
#endif
/*-------------------------------------------------------------------------
* Defines
*-------------------------------------------------------------------------*/
#define CURRENT_AUTH_VERSION 2
#define INVALID_EACL_CACHE_INDEX 0xFFFF
#define MAX_TRUSTEES_IN_BEAST 4
#define MAX_VISIBILITY_TRUSTEES_IN_BEAST 4
#define OVERFLOW_ALLOC_UNIT 5
#define ACLO_SMALL DISABLE
//#define ACLO_SMALL ENABLE
#if ACLO_SMALL IS_ENABLED && NSS_DEBUG IS_ENABLED
#define MAX_ACL_OVERFLOW_ENTRIES 10
#else
#define MAX_ACL_OVERFLOW_ENTRIES 50
#endif
#define VISO_SMALL DISABLE
//#define VISO_SMALL ENABLE
#if VISO_SMALL IS_ENABLED && NSS_DEBUG IS_ENABLED
#define MAX_VIS_OVERFLOW_ENTRIES 10
#else
#define MAX_VIS_OVERFLOW_ENTRIES 50
#endif
/*-------------------------------------------------------------------------
* Macros
*-------------------------------------------------------------------------*/
#define ZAS_DELETE_ENTRY(_numEntries, _aclEntry, _firstAcl) \
zASSERT((_numEntries) > 0); \
(_numEntries)--; \
/* move the last entry over the deleted entry */ \
if ((_aclEntry) != (_firstAcl) + (_numEntries)) \
{ /* if not at the end of the array */ \
memmove((_aclEntry), (_firstAcl) + (_numEntries), sizeof(ACLEntry_s)); \
}
/*-------------------------------------------------------------------------
* The zas authorization area in the beast - put here for debug purposes
*-------------------------------------------------------------------------*/
typedef struct ZASPersistentAuthInfo_s
{ /* this is a space for the z authorization system to use */
WORD version; /* the version of the authorizatio layout */
WORD extra1; /* alignment space */
LONG extra2; /* alignment space */
LONG cacheIndex;
LONG restartCount;
LONG signature;
LONG inheritedRightsMask; /* maximum access rights mask */
Zid_t trusteeOverflow; /* trustees that will not fit */
Zid_t visibilityOverflow; /* trustees that will not fit */
WORD numTrusteesAssigned;
WORD numVisibilityTrusteesAssigned;
ACLEntry_s ACL [MAX_TRUSTEES_IN_BEAST];
VisEntry_s visibilityList [MAX_VISIBILITY_TRUSTEES_IN_BEAST];
} NSS_MEDIA_STRUCTURE(ZASPersistentAuthInfo_s,visibilityList[MAX_VISIBILITY_TRUSTEES_IN_BEAST]) ZASPersistentAuthInfo_s;
/*
* The following structure is used during on-the-fly upgrading from version 1
* to version 2 of the auth structures. It can be removed when we are no
* longer doing the conversion in the ZAS unpack routines.
*/
typedef struct V1_ZASPersistentAuthInfo_s
{ /* this is a space for the z authorization system to use */
LONG cacheIndex;
LONG restartCount;
LONG signature;
LONG inheritedRightsMask; /* maximum access rights mask */
Zid_t trusteeOverflow; /* trustees that will not fit */
Zid_t visibilityOverflow; /* trustees that will not fit */
LONG extra; /* extra space for the future */
WORD numTrusteesAssigned;
WORD numVisibilityTrusteesAssigned;
} NSS_MEDIA_STRUCTURE(V1_ZASPersistentAuthInfo_s,numVisibilityTrusteesAssigned) V1_ZASPersistentAuthInfo_s;
/*
* NOTE: The latch used here keeps the cacheIndex, restartCount and signature
* from being read out of sync. It is not being checked when a beast is flushed
* to disk. This works because the restart count will invalidate these fields
* if we crash with only half of them written out.
*/
typedef struct ZASAuthorizeInfo_s
{ /* this is a space for the z authorization system to use */
Latch_s authLatch; /* latch for just authinfo */
BYTE flags; /* see definitions below */
ZASPersistentAuthInfo_s p;
} ZASAuthorizeInfo_s;
/* bit definitions for flags */
#define ZAS_ALLOW_FORCED_WRITE 0x01
#define VIS_ACTION_ADD 1
#define VIS_ACTION_REMOVE 2
#define AUTH_LOCK_MAGIC 0x414c434b
#define AUTH_LOCK_MAGIC_SIZE 4 /* sizeof(LONG) */
#define AUTH_LOCK_ZID_SIZE 8 /* sizeof(Zid_t) */
#define AUTH_LOCK_KEY_SIZE (AUTH_LOCK_MAGIC_SIZE + AUTH_LOCK_ZID_SIZE)
typedef struct FixVisibPLog_s
{
LONG purgeLogLoc[MAX_PLOG_LOCATION_SIZE];
} FixVisibPLog_s;
typedef struct FixVisibPurgeLogFsm_s
{
FsmLite_s fsm;
LONG action;
AuthBeast_s *parentBeast;
FixVisibPLog_s *purgeLogLocations;
NINT trusteeCount;
UserID_t *trusteeID;
struct Volume_s *volume;
} FixVisibPurgeLogFsm_s;
/*-------------------------------------------------------------------------
* Public Structures for the authorization model
*-------------------------------------------------------------------------*/
extern struct AuthModelOps_s ZASAuthorizeModelOps;
extern struct CommonBeastOps_s ACLO_ComnBeastOps;
extern struct CommonBeastOps_s VISO_ComnBeastOps;
//extern struct StoragePoolBeastOps_s ACLO_StoragePoolOps[];
//extern struct StoragePoolBeastOps_s VISO_StoragePoolOps[];
/*-------------------------------------------------------------------------
*
* Function prototypes for the PSS default authorization model
*
*-------------------------------------------------------------------------*/
struct NamingMsg_s;
extern STATUS ZAS_Startup(void);
extern void ZAS_Shutdown(void);
extern STATUS VAUTH_ConstructAuthBeast(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast);
extern void VAUTH_DestructAuthBeast(
struct AuthBeast_s *authBeast);
extern STATUS VAUTH_InsertAuthBeast(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast);
STATUS ZAS_ConvertVisFromVersionOne (
struct GeneralMsg_s *genMsg,
struct Xaction_s *passedInXaction,
struct AuthBeast_s *authBeast);
extern STATUS ZAS_FindVisibilityTrustee(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
struct Xaction_s *xaction,
UserID_t *trusteeID,
NINT latchType,
VisEntry_s **entryPtr,
NINT *entry,
struct ZasVisOverflowBeast_s **returnBeast,
Zid_t *parentZid);
extern STATUS ZAS_GetVisibilityEntries(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
NINT maxEntries,
struct VisEntry_s *visEntries,
NINT *numReturned);
extern STATUS VAUTH_AddAuthInfo(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
Zid_t parentZid,
struct Latch_s *parentLatch);
extern STATUS VAUTH_RemoveAuthInfo(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
Zid_t parentZid,
struct Xaction_s *xaction);
extern STATUS VAUTH_DeleteAuthInfo(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
Zid_t parentZid);
extern BOOL VAUTH_IsAuthInfo(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast);
extern NINT VAUTH_PackedSize(
struct AuthBeast_s *authBeast);
extern BYTE *VAUTH_PackAuthBeast(
struct AuthBeast_s *authBeast,
BYTE *storeBuffer);
extern void VAUTH_NoPackAuthBeastCleanup(
struct AuthBeast_s *authBeast);
extern BYTE *VAUTH_UnpackAuthBeast(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
BYTE *storeBuffer);
extern STATUS VAUTH_InitVolumeAuthInfo(
struct GeneralMsg_s *genMsg,
struct Volume_s *volBeast);
extern STATUS VAUTH_RemoveIDsFromAVolume(
struct GeneralMsg_s *genMsg,
struct NamingMsg_s *nameMsg,
UserID_t *IDlist,
NINT IDcount);
extern STATUS VAUTH_AddObjectNames(
struct GeneralMsg_s *genMsg,
struct Volume_s *volume,
struct AuthBeast_s *authBeast);
extern STATUS VAUTH_CheckUserIDs(
struct GeneralMsg_s *genMsg,
struct Volume_s *volume,
struct AuthBeast_s *authBeast);
extern STATUS VAUTH_InvalidateAuthInfo(
struct GeneralMsg_s *genMsg);
/*-------------------------------------------------------------------------
*
* Function prototypes for the PSS default authorization model support
* routines
*
*-------------------------------------------------------------------------*/
extern STATUS ZAS_CountACLs(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
NINT *count);
extern STATUS ZAS_GetAllACLs(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
ACLEntry_s *trusteeID,
NINT count);
extern STATUS ZAS_GetAnACL(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
NINT *sequence,
UserID_t *trusteeID,
NINT *rights,
NINT *attributes);
extern STATUS ZAS_AddACLEntry(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
UserID_t *trusteeID,
NINT rights,
NINT attributes);
extern STATUS ZAS_RemoveACLEntry(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
UserID_t *trusteeID,
NINT purgedFileFlag);
extern STATUS ZAS_CheckInheritedVisibility(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
NINT numIDs,
UserID_t *IDs);
extern void ZAS_VisibilityRebuildByName(
struct GeneralMsg_s *genMsg,
unicode_t *name);
extern STATUS ZAS_GetEffectiveRights(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
Zid_t parentZID,
NINT *effectiveRights);
extern STATUS ZAS_GetParentsEffectiveRights(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
Zid_t parentZID,
NINT *effectiveRights);
struct AuthCacheNode_s;
extern STATUS ZAS_GetEffectiveACL(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
Zid_t parentZID,
struct AuthCacheNode_s **effectiveACL,
BOOL canBlock,
BOOL *freeEACL);
extern STATUS ZAS_GetEffectiveRightsByIDs(
struct GeneralMsg_s *genMsg,
struct AuthBeast_s *authBeast,
Zid_t parentZID,
BOOL connectionZero,
BOOL supervisor,
NINT numIDs,
UserID_t *IDs,
NINT *effectiveRights);
extern STATUS ZAS_InvalidateEACLCacheEntries(
struct GeneralMsg_s *genMsg,
UserID_t *trusteeID,
BOOL checkXLSS);
extern STATUS ZAS_InvalidateEntireEACLCache(
struct GeneralMsg_s *genMsg,
BOOL checkXLSS);
#endif /* _ZASAUTHMODL_H_ */
Reference in New Issue View Git Blame Copy Permalink