da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Use is subject to license terms.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#pragma ident "%Z%%M% %I% %E% SMI"
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This file defines the NT compatible access control masks and values.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * An access mask as a 32-bit value arranged as shown below.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 31-28 Generic bits, interpreted per object type
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 27-26 Reserved, must-be-zero
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 25 Maximum allowed
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 24 System Security rights (SACL is SD)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 23-16 Standard access rights, generic to all object types
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 15-0 Specific access rights, object specific
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * +---------------+---------------+-------------------------------+
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * |G|G|G|G|Res'd|A| StandardRights| SpecificRights |
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * |R|W|E|A| |S| | |
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * +-+-------------+---------------+-------------------------------+
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwextern "C" {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Specific rights for files, pipes and directories.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#define FILE_CREATE_PIPE_INSTANCE (0x0004) /* named pipe */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Standard rights:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * DELETE The right to delete the object.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * READ_CONTROL The right to read the information in the object's security
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * descriptor, not including the information in the SACL.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * WRITE_DAC The right to modify the DACL in the object's security
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * descriptor.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * WRITE_OWNER The right to change the owner in the object's security
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * descriptor.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SYNCHRONIZE The right to use the object for synchronization. This enables
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * a thread to wait until the object is in the signaled state.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Miscellaneous bits: SACL access and maximum allowed access.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Generic rights. These are shorthands that are interpreted as
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * appropriate for the type of secured object being accessed.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * LSA policy desired access masks.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * SAM specific rights desired access masks. These definitions are listed
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * mostly as a convenience; they don't seem to be documented. Setting the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * desired access mask to GENERIC_EXECUTE and STANDARD_RIGHTS_EXECUTE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * seems to work when just looking up information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * File attributes
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Note: 0x00000008 is reserved for use for the old DOS VOLID (volume ID)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and is therefore not considered valid in NT.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Note: 0x00000010 is reserved for use for the old DOS SUBDIRECTORY flag
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and is therefore not considered valid in NT. This flag has
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * been disassociated with file attributes since the other flags are
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * protected with READ_ and WRITE_ATTRIBUTES access to the file.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Note: Note also that the order of these flags is set to allow both the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * FAT and the Pinball File Systems to directly set the attributes
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * flags in attributes words without having to pick each flag out
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * individually. The order of these flags should not be changed!
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The file attributes are defined in smbsrv/smb_vops.h
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/* Filesystem Attributes */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* _SMBSRV_NTACCESS_H */