Commit dde73943 authored by Harald Sitter's avatar Harald Sitter 🏳️‍🌈
Browse files

samba ACL support

depends on a proprietary kio-extras special() interface

implements a new plugin for remote permissions that shows SMB/NT ACEs
that either come from a samba server with posix ACL support or windows
proper

BUG: 40892
parent 64e0b858
Pipeline #186968 passed with stage
in 44 seconds
......@@ -4,6 +4,9 @@ project(filesharing)
set(QT_MIN_VERSION "5.14.0")
set(KF5_MIN_VERSION "5.81.0")
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
find_package(ECM ${KF5_MIN_VERSION} CONFIG REQUIRED)
set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake ${ECM_MODULE_PATH})
......
Copyright (c) <year> <owner>.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Creative Commons Legal Code
CC0 1.0 Universal
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
HEREUNDER.
Statement of Purpose
The laws of most jurisdictions throughout the world automatically confer
exclusive Copyright and Related Rights (defined below) upon the creator
and subsequent owner(s) (each and all, an "owner") of an original work of
authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for
the purpose of contributing to a commons of creative, cultural and
scientific works ("Commons") that the public can reliably and without fear
of later claims of infringement build upon, modify, incorporate in other
works, reuse and redistribute as freely as possible in any form whatsoever
and for any purposes, including without limitation commercial purposes.
These owners may contribute to the Commons to promote the ideal of a free
culture and the further production of creative, cultural and scientific
works, or to gain reputation or greater distribution for their Work in
part through the use and efforts of others.
For these and/or other purposes and motivations, and without any
expectation of additional consideration or compensation, the person
associating CC0 with a Work (the "Affirmer"), to the extent that he or she
is an owner of Copyright and Related Rights in the Work, voluntarily
elects to apply CC0 to the Work and publicly distribute the Work under its
terms, with knowledge of his or her Copyright and Related Rights in the
Work and the meaning and intended legal effect of CC0 on those rights.
1. Copyright and Related Rights. A Work made available under CC0 may be
protected by copyright and related or neighboring rights ("Copyright and
Related Rights"). Copyright and Related Rights include, but are not
limited to, the following:
i. the right to reproduce, adapt, distribute, perform, display,
communicate, and translate a Work;
ii. moral rights retained by the original author(s) and/or performer(s);
iii. publicity and privacy rights pertaining to a person's image or
likeness depicted in a Work;
iv. rights protecting against unfair competition in regards to a Work,
subject to the limitations in paragraph 4(a), below;
v. rights protecting the extraction, dissemination, use and reuse of data
in a Work;
vi. database rights (such as those arising under Directive 96/9/EC of the
European Parliament and of the Council of 11 March 1996 on the legal
protection of databases, and under any national implementation
thereof, including any amended or successor version of such
directive); and
vii. other similar, equivalent or corresponding rights throughout the
world based on applicable law or treaty, and any national
implementations thereof.
2. Waiver. To the greatest extent permitted by, but not in contravention
of, applicable law, Affirmer hereby overtly, fully, permanently,
irrevocably and unconditionally waives, abandons, and surrenders all of
Affirmer's Copyright and Related Rights and associated claims and causes
of action, whether now known or unknown (including existing as well as
future claims and causes of action), in the Work (i) in all territories
worldwide, (ii) for the maximum duration provided by applicable law or
treaty (including future time extensions), (iii) in any current or future
medium and for any number of copies, and (iv) for any purpose whatsoever,
including without limitation commercial, advertising or promotional
purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
member of the public at large and to the detriment of Affirmer's heirs and
successors, fully intending that such Waiver shall not be subject to
revocation, rescission, cancellation, termination, or any other legal or
equitable action to disrupt the quiet enjoyment of the Work by the public
as contemplated by Affirmer's express Statement of Purpose.
3. Public License Fallback. Should any part of the Waiver for any reason
be judged legally invalid or ineffective under applicable law, then the
Waiver shall be preserved to the maximum extent permitted taking into
account Affirmer's express Statement of Purpose. In addition, to the
extent the Waiver is so judged Affirmer hereby grants to each affected
person a royalty-free, non transferable, non sublicensable, non exclusive,
irrevocable and unconditional license to exercise Affirmer's Copyright and
Related Rights in the Work (i) in all territories worldwide, (ii) for the
maximum duration provided by applicable law or treaty (including future
time extensions), (iii) in any current or future medium and for any number
of copies, and (iv) for any purpose whatsoever, including without
limitation commercial, advertising or promotional purposes (the
"License"). The License shall be deemed effective as of the date CC0 was
applied by Affirmer to the Work. Should any part of the License for any
reason be judged legally invalid or ineffective under applicable law, such
partial invalidity or ineffectiveness shall not invalidate the remainder
of the License, and in such case Affirmer hereby affirms that he or she
will not (i) exercise any of his or her remaining Copyright and Related
Rights in the Work or (ii) assert any associated claims and causes of
action with respect to the Work, in either case contrary to Affirmer's
express Statement of Purpose.
4. Limitations and Disclaimers.
a. No trademark or patent rights held by Affirmer are waived, abandoned,
surrendered, licensed or otherwise affected by this document.
b. Affirmer offers the Work as-is and makes no representations or
warranties of any kind concerning the Work, express, implied,
statutory or otherwise, including without limitation warranties of
title, merchantability, fitness for a particular purpose, non
infringement, or the absence of latent or other defects, accuracy, or
the present or absence of errors, whether or not discoverable, all to
the greatest extent permissible under applicable law.
c. Affirmer disclaims responsibility for clearing rights of other persons
that may apply to the Work or any use thereof, including without
limitation any person's Copyright and Related Rights in the Work.
Further, Affirmer disclaims responsibility for obtaining any necessary
consents, permissions or other rights required for any use of the
Work.
d. Affirmer understands and acknowledges that Creative Commons is not a
party to this document and has no duty or obligation with respect to
this CC0 or use of the Work.
This diff is collapsed.
This diff is collapsed.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the license or (at your option) any later version
that is accepted by the membership of KDE e.V. (or its successor
approved by the membership of KDE e.V.), which shall act as a
proxy as defined in Section 6 of version 3 of the license.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
MIT License
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
add_subdirectory(aclproperties)
add_subdirectory(filepropertiesplugin)
# SPDX-License-Identifier: BSD-3-Clause
# SPDX-FileCopyrightText: 2020-2021 Harald Sitter <sitter@kde.org>
add_library(SambaAcl MODULE plugin.cpp qml/qml.qrc debug.cpp model.cpp aceobject.cpp)
target_link_libraries(SambaAcl
KF5::CoreAddons
KF5::I18n
KF5::KIOWidgets
KF5::KIOCore
KF5::Declarative
Qt5::Qml
Qt5::QuickWidgets
)
install(TARGETS SambaAcl DESTINATION ${PLUGIN_INSTALL_DIR}/kf5/propertiesdialog/)
<!--
SPDX-License-Identifier: CC0-1.0
SPDX-FileCopyrightText: 2020-2022 Harald Sitter <sitter@kde.org>
-->
# Requirements
- samba or windows server
- samba server needs to share off of a file system with POSIX ACLs enabled.
e.g. btrfs, or ext4 with acl enabled. also see https://help.ubuntu.com/community/FilePermissionsACLs
# Test
- browse shared folder that has ACLs enabled (`getfacl $folder` to check it has ACLs on host)
- right click empty space
- properties
- nt acl tab
# Notes
- POSIX ACL only represent a subset of NT ACL and therefore do not map terribly
well with the windows-like UI since the three rwx bits are mapped to numerous
windows bits
// SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
// SPDX-FileCopyrightText: 2020-2022 Harald Sitter <sitter@kde.org>
#pragma once
// From winnt.h in mingw
#define ACTRL_RESERVED 0x00000000
#define ACTRL_PERM_1 0x00000001
#define ACTRL_PERM_2 0x00000002
#define ACTRL_PERM_3 0x00000004
#define ACTRL_PERM_4 0x00000008
#define ACTRL_PERM_5 0x00000010
#define ACTRL_PERM_6 0x00000020
#define ACTRL_PERM_7 0x00000040
#define ACTRL_PERM_8 0x00000080
#define ACTRL_PERM_9 0x00000100
#define ACTRL_PERM_10 0x00000200
#define ACTRL_PERM_11 0x00000400
#define ACTRL_PERM_12 0x00000800
#define ACTRL_PERM_13 0x00001000
#define ACTRL_PERM_14 0x00002000
#define ACTRL_PERM_15 0x00004000
#define ACTRL_PERM_16 0x00008000
#define ACTRL_PERM_17 0x00010000
#define ACTRL_PERM_18 0x00020000
#define ACTRL_PERM_19 0x00040000
#define ACTRL_PERM_20 0x00080000
#define ACTRL_ACCESS_ALLOWED 0x00000001
#define ACTRL_ACCESS_DENIED 0x00000002
#define ACTRL_AUDIT_SUCCESS 0x00000004
#define ACTRL_AUDIT_FAILURE 0x00000008
#define ACTRL_ACCESS_PROTECTED 0x00000001
#define ACTRL_SYSTEM_ACCESS 0x04000000
#define ACTRL_DELETE 0x08000000
#define ACTRL_READ_CONTROL 0x10000000
#define ACTRL_CHANGE_ACCESS 0x20000000
#define ACTRL_CHANGE_OWNER 0x40000000
#define ACTRL_SYNCHRONIZE 0x80000000
#define ACTRL_STD_RIGHTS_ALL 0xf8000000
#define ACTRL_STD_RIGHT_REQUIRED (ACTRL_STD_RIGHTS_ALL & ~ACTRL_SYNCHRONIZE)
#ifndef _DS_CONTROL_BITS_DEFINED_
#define _DS_CONTROL_BITS_DEFINED_
#define ACTRL_DS_OPEN ACTRL_RESERVED
#define ACTRL_DS_CREATE_CHILD ACTRL_PERM_1
#define ACTRL_DS_DELETE_CHILD ACTRL_PERM_2
#define ACTRL_DS_LIST ACTRL_PERM_3
#define ACTRL_DS_SELF ACTRL_PERM_4
#define ACTRL_DS_READ_PROP ACTRL_PERM_5
#define ACTRL_DS_WRITE_PROP ACTRL_PERM_6
#define ACTRL_DS_DELETE_TREE ACTRL_PERM_7
#define ACTRL_DS_LIST_OBJECT ACTRL_PERM_8
#define ACTRL_DS_CONTROL_ACCESS ACTRL_PERM_9
#endif
#define ACTRL_FILE_READ ACTRL_PERM_1
#define ACTRL_FILE_WRITE ACTRL_PERM_2
#define ACTRL_FILE_APPEND ACTRL_PERM_3
#define ACTRL_FILE_READ_PROP ACTRL_PERM_4
#define ACTRL_FILE_WRITE_PROP ACTRL_PERM_5
#define ACTRL_FILE_EXECUTE ACTRL_PERM_6
#define ACTRL_FILE_READ_ATTRIB ACTRL_PERM_8
#define ACTRL_FILE_WRITE_ATTRIB ACTRL_PERM_9
#define ACTRL_FILE_CREATE_PIPE ACTRL_PERM_10
#define ACTRL_DIR_LIST ACTRL_PERM_1
#define ACTRL_DIR_CREATE_OBJECT ACTRL_PERM_2
#define ACTRL_DIR_CREATE_CHILD ACTRL_PERM_3
#define ACTRL_DIR_DELETE_CHILD ACTRL_PERM_7
#define ACTRL_DIR_TRAVERSE ACTRL_PERM_6
#define ACTRL_KERNEL_TERMINATE ACTRL_PERM_1
#define ACTRL_KERNEL_THREAD ACTRL_PERM_2
#define ACTRL_KERNEL_VM ACTRL_PERM_3
#define ACTRL_KERNEL_VM_READ ACTRL_PERM_4
#define ACTRL_KERNEL_VM_WRITE ACTRL_PERM_5
#define ACTRL_KERNEL_DUP_HANDLE ACTRL_PERM_6
#define ACTRL_KERNEL_PROCESS ACTRL_PERM_7
#define ACTRL_KERNEL_SET_INFO ACTRL_PERM_8
#define ACTRL_KERNEL_GET_INFO ACTRL_PERM_9
#define ACTRL_KERNEL_CONTROL ACTRL_PERM_10
#define ACTRL_KERNEL_ALERT ACTRL_PERM_11
#define ACTRL_KERNEL_GET_CONTEXT ACTRL_PERM_12
#define ACTRL_KERNEL_SET_CONTEXT ACTRL_PERM_13
#define ACTRL_KERNEL_TOKEN ACTRL_PERM_14
#define ACTRL_KERNEL_IMPERSONATE ACTRL_PERM_15
#define ACTRL_KERNEL_DIMPERSONATE ACTRL_PERM_16
#define ACTRL_PRINT_SADMIN ACTRL_PERM_1
#define ACTRL_PRINT_SLIST ACTRL_PERM_2
#define ACTRL_PRINT_PADMIN ACTRL_PERM_3
#define ACTRL_PRINT_PUSE ACTRL_PERM_4
#define ACTRL_PRINT_JADMIN ACTRL_PERM_5
#define ACTRL_SVC_GET_INFO ACTRL_PERM_1
#define ACTRL_SVC_SET_INFO ACTRL_PERM_2
#define ACTRL_SVC_STATUS ACTRL_PERM_3
#define ACTRL_SVC_LIST ACTRL_PERM_4
#define ACTRL_SVC_START ACTRL_PERM_5
#define ACTRL_SVC_STOP ACTRL_PERM_6
#define ACTRL_SVC_PAUSE ACTRL_PERM_7
#define ACTRL_SVC_INTERROGATE ACTRL_PERM_8
#define ACTRL_SVC_UCONTROL ACTRL_PERM_9
#define ACTRL_REG_QUERY ACTRL_PERM_1
#define ACTRL_REG_SET ACTRL_PERM_2
#define ACTRL_REG_CREATE_CHILD ACTRL_PERM_3
#define ACTRL_REG_LIST ACTRL_PERM_4
#define ACTRL_REG_NOTIFY ACTRL_PERM_5
#define ACTRL_REG_LINK ACTRL_PERM_6
#define ACTRL_WIN_CLIPBRD ACTRL_PERM_1
#define ACTRL_WIN_GLOBAL_ATOMS ACTRL_PERM_2
#define ACTRL_WIN_CREATE ACTRL_PERM_3
#define ACTRL_WIN_LIST_DESK ACTRL_PERM_4
#define ACTRL_WIN_LIST ACTRL_PERM_5
#define ACTRL_WIN_READ_ATTRIBS ACTRL_PERM_6
#define ACTRL_WIN_WRITE_ATTRIBS ACTRL_PERM_7
#define ACTRL_WIN_SCREEN ACTRL_PERM_8
#define ACTRL_WIN_EXIT ACTRL_PERM_9
// SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
// SPDX-FileCopyrightText: 2020-2022 Harald Sitter <sitter@kde.org>
#pragma once
#include <cstdint>
#include <QString>
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header
struct ACE { // roughly _ACE_HEADER
ACE(const QString &sid_, uint8_t type_, uint8_t flags_, uint32_t mask_)
: sid(sid_)
, type(type_)
, flags(flags_)
, mask(mask_)
, originalXattr(toSMBXattr())
{
}
const QString sid;
uint8_t type; // BYTE
uint8_t flags; // BYTE
uint32_t mask; // DWORD
const QString originalXattr; // toSMBXattr at construction time
QString toSMBXattr() const
{
// NB: the mask should be 0xHEX to be the same as the input format.
// libsmbc doesn't correctly parse 0xHEX masks though and ends up
// setting 0x0. Specifically it calls sscanf with %u even when it
// explicitly verified the input is 0x and would require %x to
// correctly parse it.
return QStringLiteral("%1/%2/%3").arg(type).arg(flags).arg(mask);
}
};
// SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
// SPDX-FileCopyrightText: 2020-2022 Harald Sitter <sitter@kde.org>
#include "aceobject.h"
#include <QDebug>
#include <QMetaEnum>
#include <KLocalizedString>
static int flagsToInheritance(uint8_t flags)
{
const auto inheritanceEnum = QMetaEnum::fromType<ACEObject::Inheritance>();
for (int i = 0; i < inheritanceEnum.keyCount(); ++i) {
const int value = inheritanceEnum.value(i);
if ((flags & value) == value) {
return value;
}
}
return static_cast<int>(ACEObject::Inheritance::None);
}
ACEObject::ACEObject(const std::shared_ptr<ACE> &ace, QObject *parent)
: QObject(parent)
, m_ace(ace)
, m_inherited(ace->flags & INHERITED_ACE)
{
}
unsigned int ACEObject::type() const
{
return m_ace->type;
}
void ACEObject::setType(unsigned int type)
{
m_ace->type = type;
Q_ASSERT(m_ace->type == type);
Q_EMIT typeChanged();
}
int ACEObject::inheritance() const
{
return flagsToInheritance(m_ace->flags);
}
void ACEObject::setInheritance(int intInheritance)
{
m_ace->flags = (m_ace->flags ^ inheritance()) | intInheritance;
Q_EMIT inheritanceChanged();
}
bool ACEObject::noPropagate() const
{
return m_ace->flags & NO_PROPAGATE_INHERIT_ACE;
}
void ACEObject::setNoPropagate(bool noPropagate)
{
m_ace->flags = noPropagate ? (m_ace->flags | NO_PROPAGATE_INHERIT_ACE) : (m_ace->flags ^ NO_PROPAGATE_INHERIT_ACE);
Q_EMIT noPropagateChanged();
}
// SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
// SPDX-FileCopyrightText: 2020-2022 Harald Sitter <sitter@kde.org>
#pragma once
#include <memory>
#include <QObject>
#include "acccrtl.h"
#include "ace.h"
#include "debug.h"
#include "winnt.h"
class ACEObject : public QObject
{
Q_OBJECT
public:
enum class Type {
Deny = ACCESS_DENIED_ACE_TYPE,
Allow = ACCESS_ALLOWED_ACE_TYPE,
// Audit = SYSTEM_AUDIT_ACE_TYPE,
// Alarm = SYSTEM_ALARM_ACE_TYPE,
// MandatoryLabel = SYSTEM_MANDATORY_LABEL_ACE_TYPE,
};
Q_ENUM(Type)
enum class Inheritance {
// NB: order by amount of flags, a match for a|b|c should outscore a|b
SubfoldersFiles = INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
Subfolders = INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE,
Files = INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE,
FolderSubfoldersFiles = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE,
FolderSubfolders = CONTAINER_INHERIT_ACE,
FolderFiles = OBJECT_INHERIT_ACE,
None = 0x0,
};
Q_ENUM(Inheritance)
explicit ACEObject(const std::shared_ptr<ACE> &ace, QObject *parent = nullptr);
std::shared_ptr<ACE> m_ace;
Q_PROPERTY(bool inherited MEMBER m_inherited CONSTANT)
const bool m_inherited;
Q_PROPERTY(unsigned int type READ type WRITE setType NOTIFY typeChanged)
unsigned int type() const;
void setType(unsigned int type);
Q_SIGNAL void typeChanged();
Q_PROPERTY(int inheritance READ inheritance WRITE setInheritance NOTIFY inheritanceChanged)
int inheritance() const;
void setInheritance(int intInheritance);
Q_SIGNAL void inheritanceChanged();
Q_PROPERTY(bool noPropagate READ noPropagate WRITE setNoPropagate NOTIFY noPropagateChanged)
bool noPropagate() const;
void setNoPropagate(bool noPropagate);
Q_SIGNAL void noPropagateChanged();
#define MASK_PROPERTY(name, value) \
Q_PROPERTY(bool name READ name WRITE set_##name NOTIFY name##Changed); \
\
public: \
Q_SIGNAL void name##Changed(); \
[[nodiscard]] bool name() \
{ \
return (m_ace->mask & (value)); \
} \
void set_##name(bool check) \
{ \
fprintf_binary(stderr, m_ace->mask); \
m_ace->mask = check ? (m_ace->mask | (value)) : (m_ace->mask ^ (value)); \
fprintf_binary(stderr, m_ace->mask); \
Q_EMIT name##Changed(); \
}
MASK_PROPERTY(takeOwnership, WRITE_OWNER)
MASK_PROPERTY(changePermissions, WRITE_DAC)
MASK_PROPERTY(readPermissions, READ_CONTROL)
MASK_PROPERTY(canDelete, DELETE)
MASK_PROPERTY(canDeleteData, ACTRL_DIR_DELETE_CHILD) // not a thing for files
MASK_PROPERTY(writeExtendedAttributes, ACTRL_FILE_WRITE_PROP)
MASK_PROPERTY(writeAttributes, ACTRL_FILE_WRITE_ATTRIB)
MASK_PROPERTY(appendData, ACTRL_FILE_APPEND) // aka ACTRL_DIR_CREATE_CHILD
MASK_PROPERTY(writeData, ACTRL_FILE_WRITE)
MASK_PROPERTY(readExtendedAttributes, ACTRL_FILE_READ_PROP)
MASK_PROPERTY(readAttributes, ACTRL_FILE_READ_ATTRIB)
MASK_PROPERTY(readData, ACTRL_FILE_READ) // aka ACTRL_DIR_LIS
MASK_PROPERTY(execute, ACTRL_FILE_EXECUTE) // aka ACTRL_DIR_TRAVERSE
#undef MASK_PROPERTY
};
// SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
// SPDX-FileCopyrightText: 2020-2022 Harald Sitter <sitter@kde.org>
#include "debug.h"
#include <cstdint>
#include <QDebug>
#include "acccrtl.h"
#include "ace.h"
#include "winnt.h"
// Various helpful resources:
// https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-entries
// https://docs.microsoft.com/en-us/windows/win32/secauthz/access-rights-and-access-masks
// https://docs.microsoft.com/en-us/windows/win32/secauthz/directory-services-access-rights
// https://docs.microsoft.com/en-us/windows/win32/ad/example-code-for-setting-an-ace-on-a-directory-object
// https://docs.microsoft.com/en-us/windows/win32/ad/control-access-rights
// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/628ebb1d-c509-4ea0-a10f-77ef97ca4586
// https://docs.microsoft.com/en-us/archive/blogs/openspecification/about-the-access_mask-structure
// https://cpp.hotexamples.com/examples/-/-/GetAce/cpp-getace-function-examples.html
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_allowed_ace
// https://docs.microsoft.com/en-us/windows/win32/secauthz/authorization-data-types
void fprintf_binary(FILE *o, uint32_t v, bool newline)
{
uint32_t mask = 1 << ((sizeof(uint32_t) << 3) - 1);
while (mask) {
(void)fprintf(o, "%d", (v & mask ? 1 : 0));
mask >>= 1;
}
if (newline) {
(void)fprintf(o, "\n");
}
}
void printType(const ACE &ace)
{
(void)fprintf(stderr, "ACE TYPE: %d :: ", ace.type);
fprintf_binary(stderr, ace.type);
switch (ace.type) {
case ACCESS_ALLOWED_ACE_TYPE:
qDebug() << "ACCESS_ALLOWED_ACE_TYPE";
break;
case ACCESS_DENIED_ACE_TYPE:
qDebug() << "ACCESS_DENIED_ACE_TYPE";
break;
case SYSTEM_AUDIT_ACE_TYPE:
qDebug() << "SYSTEM_AUDIT_ACE_TYPE";
break;
case SYSTEM_ALARM_ACE_TYPE:
qDebug() << "SYSTEM_ALARM_ACE_TYPE";
break;
case SYSTEM_MANDATORY_LABEL_ACE_TYPE:
qDebug() << "SYSTEM_MANDATORY_LABEL_ACE_TYPE";
break;
}
// There's actually more, albeit not in winnt.h
// Unclear if modeled inside samba.
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header
}
QString check(unsigned int value)
{
if (value){
return QStringLiteral("☒");
}
return QStringLiteral("☐");
}
void printMaskValue(const std::string_view name, unsigned int value)
{
qDebug() << qUtf8Printable(check(value)) << name.data();
}
#define MASK_VALUE(name) printMaskValue(#name, (m & name))
void printFlags(const ACE &ace)
{
(void)fprintf(stderr, "ACE FLAGS: %d :: ", ace.flags);
fprintf_binary(stderr, ace.flags);
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header