Home | History | Annotate | Download | only in fs
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License (the "License").
      6  * You may not use this file except in compliance with the License.
      7  *
      8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9  * or http://www.opensolaris.org/os/licensing.
     10  * See the License for the specific language governing permissions
     11  * and limitations under the License.
     12  *
     13  * When distributing Covered Code, include this CDDL HEADER in each
     14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15  * If applicable, add the following below this CDDL HEADER, with the
     16  * fields enclosed by brackets "[]" replaced with your own identifying
     17  * information: Portions Copyright [yyyy] [name of copyright owner]
     18  *
     19  * CDDL HEADER END
     20  */
     21 /*
     22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
     23  * Use is subject to license terms.
     24  */
     25 
     26 #ifndef	_SYS_FS_UFS_ACL_H
     27 #define	_SYS_FS_UFS_ACL_H
     28 
     29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
     30 
     31 #include <sys/types.h>
     32 #include <sys/cred.h>
     33 #include <sys/vfs.h>
     34 #include <sys/acl.h>
     35 #include <sys/fs/ufs_fs.h>
     36 
     37 #ifdef	__cplusplus
     38 extern "C" {
     39 #endif
     40 
     41 /*
     42  * On-disk UFS ACL structure
     43  */
     44 
     45 typedef struct ufs_acl {
     46 	union {
     47 		uint32_t 	acl_next;	/* Pad for old structure */
     48 		ushort_t	acl_tag;	/* Entry type */
     49 	} acl_un;
     50 	o_mode_t	acl_perm;		/* Permission bits */
     51 	uid_t		acl_who;		/* User or group ID */
     52 } ufs_acl_t;
     53 
     54 #define	acl_tag acl_un.acl_tag
     55 #define	acl_next acl_un.acl_next
     56 
     57 /*
     58  * In-core UFS ACL structure
     59  */
     60 
     61 typedef struct ufs_ic_acl {
     62 	struct ufs_ic_acl	*acl_ic_next;	/* Next ACL for this inode */
     63 	o_mode_t		acl_ic_perm;	/* Permission bits */
     64 	uid_t			acl_ic_who;	/* User or group ID */
     65 } ufs_ic_acl_t;
     66 
     67 /*
     68  * In-core ACL mask
     69  */
     70 typedef struct ufs_aclmask {
     71 	short		acl_ismask;	/* Is mask defined? */
     72 	o_mode_t	acl_maskbits;	/* Permission mask */
     73 } ufs_aclmask_t;
     74 
     75 /*
     76  * full acl
     77  */
     78 typedef struct ic_acl {
     79 	ufs_ic_acl_t	*owner;		/* owner object */
     80 	ufs_ic_acl_t	*group;		/* group object */
     81 	ufs_ic_acl_t	*other;		/* other object */
     82 	ufs_ic_acl_t	*users;		/* list of users */
     83 	ufs_ic_acl_t	*groups;	/* list of groups */
     84 	ufs_aclmask_t	mask;		/* mask */
     85 } ic_acl_t;
     86 
     87 /*
     88  * In-core shadow inode
     89  */
     90 typedef	struct si {
     91 	struct si *s_next;		/* signature hash next */
     92 	struct si *s_forw;		/* inode hash next */
     93 	struct si *s_fore;		/* unref'd list next */
     94 
     95 	int	s_flags;		/* see below */
     96 	ino_t	s_shadow;		/* shadow inode number */
     97 	dev_t	s_dev;			/* device (major,minor) */
     98 	int	s_signature;		/* signature for all ACLs */
     99 	int 	s_use;			/* on disk use count */
    100 	int	s_ref;			/* in core reference count */
    101 	krwlock_t s_lock;		/* lock for this structure */
    102 
    103 	ic_acl_t  s_a;			/* acls */
    104 	ic_acl_t  s_d;			/* def acls */
    105 } si_t;
    106 
    107 #define	aowner	s_a.owner
    108 #define	agroup	s_a.group
    109 #define	aother	s_a.other
    110 #define	ausers	s_a.users
    111 #define	agroups	s_a.groups
    112 #define	aclass	s_a.mask
    113 
    114 #define	downer	s_d.owner
    115 #define	dgroup	s_d.group
    116 #define	dother	s_d.other
    117 #define	dusers	s_d.users
    118 #define	dgroups	s_d.groups
    119 #define	dclass	s_d.mask
    120 
    121 #define	s_prev	s_forw
    122 
    123 /*
    124  * s_flags
    125  */
    126 #define	SI_CACHED 0x0001		/* Is in si_cache */
    127 
    128 /*
    129  * Header to identify data on disk
    130  */
    131 typedef struct ufs_fsd {
    132 	int	fsd_type;		/* type of data */
    133 	int	fsd_size;		/* size in bytes of ufs_fsd and data */
    134 	char	fsd_data[1];		/* data */
    135 } ufs_fsd_t;
    136 
    137 /*
    138  * Data types  (fsd_type)
    139  */
    140 #define	FSD_FREE	(0)		/* Free entry */
    141 #define	FSD_ACL		(1)		/* Access Control Lists */
    142 #define	FSD_DFACL	(2)		/* reserved for future use */
    143 #define	FSD_RESERVED3	(3)		/* reserved for future use */
    144 #define	FSD_RESERVED4	(4)		/* reserved for future use */
    145 #define	FSD_RESERVED5	(5)		/* reserved for future use */
    146 #define	FSD_RESERVED6	(6)		/* reserved for future use */
    147 #define	FSD_RESERVED7	(7)		/* reserved for future use */
    148 
    149 /*
    150  * FSD manipulation macros
    151  * The FSD macros are aligned on integer boundary even if the preceeding
    152  * record had a byte aligned length. So the record length is always
    153  * integer length. All increments of the data pointers must use the
    154  * FSD_RECSZ macro.
    155  */
    156 #define	FSD_TPSZ(fsdp)		(sizeof (fsdp->fsd_type))
    157 #define	FSD_TPMSK(fsdp)		(FSD_TPSZ(fsdp) - 1)
    158 #define	FSD_RECSZ(fsdp, size)	((size + FSD_TPMSK(fsdp)) & ~FSD_TPMSK(fsdp))
    159 /*
    160  * flags for acl_validate
    161  */
    162 #define	ACL_CHECK	0x01
    163 #define	DEF_ACL_CHECK	0x02
    164 
    165 #define	MODE_CHECK(O, M, PERM, C, I) ((((M) & (PERM)) == (M)) ? 0 : \
    166 			secpolicy_vnode_access(C, ITOV(I), O, (M) & ~(PERM)))
    167 
    168 /*
    169  * Check that the file type is one that accepts ACLs
    170  */
    171 #define	CHECK_ACL_ALLOWED(MODE) (((MODE) == IFDIR) || ((MODE) == IFREG) || \
    172 				((MODE) == IFIFO) || ((MODE) == IFCHR) || \
    173 				((MODE) == IFBLK) || ((MODE) == IFATTRDIR))
    174 
    175 /*
    176  * Get ACL group permissions if the mask is not present, and the ACL
    177  * group permission intersected with the mask if the mask is present
    178  */
    179 #define	MASK2MODE(ACL)							\
    180 	((ACL)->aclass.acl_ismask ?					\
    181 		((((ACL)->aclass.acl_maskbits &				\
    182 			(ACL)->agroup->acl_ic_perm) & 07) << 3) :	\
    183 		(((ACL)->agroup->acl_ic_perm & 07) << 3))
    184 
    185 #define	MODE2ACL(P, MODE, CRED)					\
    186 	ASSERT((P));						\
    187 	(P)->acl_ic_next = NULL;				\
    188 	(P)->acl_ic_perm &= ((MODE) & 7);			\
    189 	(P)->acl_ic_who = (CRED);
    190 
    191 #define	ACL_MOVE(P, T, B)					\
    192 {								\
    193 	ufs_ic_acl_t *acl;					\
    194 	for (acl = (P); acl; acl = acl->acl_ic_next) {		\
    195 		(B)->acl_tag = (T);				\
    196 		(B)->acl_perm = acl->acl_ic_perm;		\
    197 		(B)->acl_who = acl->acl_ic_who;			\
    198 		(B)++;						\
    199 	}							\
    200 }
    201 
    202 #ifdef	__cplusplus
    203 }
    204 #endif
    205 
    206 #endif	/* _SYS_FS_UFS_ACL_H */
    207