usr/src/uts/common/sys/fs/ufs_acl.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 1993, 2010, Oracle and/or its affiliates. All rights reserved.
  23  */
  24
  25 #ifndef _SYS_FS_UFS_ACL_H
  26 #define _SYS_FS_UFS_ACL_H
  27
  28 #include <sys/types.h>
  29 #include <sys/cred.h>
  30 #include <sys/vfs.h>
  31 #include <sys/acl.h>
  32 #include <sys/fs/ufs_fs.h>
  33
  34 #ifdef  __cplusplus
  35 extern "C" {
  36 #endif
  37
  38 /*
  39  * On-disk UFS ACL structure
  40  */
  41
  42 typedef struct ufs_acl {
  43         union {
  44                 uint32_t        acl_next;       /* Pad for old structure */
  45                 ushort_t        acl_tag;        /* Entry type */
  46         } acl_un;
  47         o_mode_t        acl_perm;               /* Permission bits */
  48         uid_t           acl_who;                /* User or group ID */
  49 } ufs_acl_t;
  50
  51 #define acl_tag acl_un.acl_tag
  52 #define acl_next acl_un.acl_next
  53
  54 /*
  55  * In-core UFS ACL structure
  56  */
  57
  58 typedef struct ufs_ic_acl {
  59         struct ufs_ic_acl       *acl_ic_next;   /* Next ACL for this inode */
  60         o_mode_t                acl_ic_perm;    /* Permission bits */
  61         uid_t                   acl_ic_who;     /* User or group ID */
  62 } ufs_ic_acl_t;
  63
  64 /*
  65  * In-core ACL mask
  66  */
  67 typedef struct ufs_aclmask {
  68         short           acl_ismask;     /* Is mask defined? */
  69         o_mode_t        acl_maskbits;   /* Permission mask */
  70 } ufs_aclmask_t;
  71
  72 /*
  73  * full acl
  74  */
  75 typedef struct ic_acl {
  76         ufs_ic_acl_t    *owner;         /* owner object */
  77         ufs_ic_acl_t    *group;         /* group object */
  78         ufs_ic_acl_t    *other;         /* other object */
  79         ufs_ic_acl_t    *users;         /* list of users */
  80         ufs_ic_acl_t    *groups;        /* list of groups */
  81         ufs_aclmask_t   mask;           /* mask */
  82 } ic_acl_t;
  83
  84 /*
  85  * In-core shadow inode
  86  */
  87 typedef struct si {
  88         struct si *s_next;              /* signature hash next */
  89         struct si *s_forw;              /* inode hash next */
  90         struct si *s_fore;              /* unref'd list next */
  91
  92         int     s_flags;                /* see below */
  93         ino_t   s_shadow;               /* shadow inode number */
  94         dev_t   s_dev;                  /* device (major,minor) */
  95         int     s_signature;            /* signature for all ACLs */
  96         int     s_use;                  /* on disk use count */
  97         int     s_ref;                  /* in core reference count */
  98         krwlock_t s_lock;               /* lock for this structure */
  99
 100         ic_acl_t  s_a;                  /* acls */
 101         ic_acl_t  s_d;                  /* def acls */
 102 } si_t;
 103
 104 #define aowner  s_a.owner
 105 #define agroup  s_a.group
 106 #define aother  s_a.other
 107 #define ausers  s_a.users
 108 #define agroups s_a.groups
 109 #define aclass  s_a.mask
 110
 111 #define downer  s_d.owner
 112 #define dgroup  s_d.group
 113 #define dother  s_d.other
 114 #define dusers  s_d.users
 115 #define dgroups s_d.groups
 116 #define dclass  s_d.mask
 117
 118 #define s_prev  s_forw
 119
 120 /*
 121  * s_flags
 122  */
 123 #define SI_CACHED 0x0001                /* Is in si_cache */
 124
 125 /*
 126  * Header to identify data on disk
 127  */
 128 typedef struct ufs_fsd {
 129         int     fsd_type;               /* type of data */
 130         int     fsd_size;               /* size in bytes of ufs_fsd and data */
 131         char    fsd_data[1];            /* data */
 132 } ufs_fsd_t;
 133
 134 /*
 135  * Data types  (fsd_type)
 136  */
 137 #define FSD_FREE        (0)             /* Free entry */
 138 #define FSD_ACL         (1)             /* Access Control Lists */
 139 #define FSD_DFACL       (2)             /* reserved for future use */
 140 #define FSD_RESERVED3   (3)             /* reserved for future use */
 141 #define FSD_RESERVED4   (4)             /* reserved for future use */
 142 #define FSD_RESERVED5   (5)             /* reserved for future use */
 143 #define FSD_RESERVED6   (6)             /* reserved for future use */
 144 #define FSD_RESERVED7   (7)             /* reserved for future use */
 145
 146 /*
 147  * FSD manipulation macros
 148  * The FSD macros are aligned on integer boundary even if the preceeding
 149  * record had a byte aligned length. So the record length is always
 150  * integer length. All increments of the data pointers must use the
 151  * FSD_RECSZ macro.
 152  */
 153 #define FSD_TPSZ(fsdp)          (sizeof (fsdp->fsd_type))
 154 #define FSD_TPMSK(fsdp)         (FSD_TPSZ(fsdp) - 1)
 155 #define FSD_RECSZ(fsdp, size)   ((size + FSD_TPMSK(fsdp)) & ~FSD_TPMSK(fsdp))
 156 /*
 157  * flags for acl_validate
 158  */
 159 #define ACL_CHECK       0x01
 160 #define DEF_ACL_CHECK   0x02
 161
 162 #define MODE_CHECK(O, M, PERM, C, I) \
 163     secpolicy_vnode_access2(C, ITOV(I), O, (PERM), M)
 164
 165 /*
 166  * Check that the file type is one that accepts ACLs
 167  */
 168 #define CHECK_ACL_ALLOWED(MODE) (((MODE) == IFDIR) || ((MODE) == IFREG) || \
 169                                 ((MODE) == IFIFO) || ((MODE) == IFCHR) || \
 170                                 ((MODE) == IFBLK) || ((MODE) == IFATTRDIR))
 171
 172 /*
 173  * Get ACL group permissions if the mask is not present, and the ACL
 174  * group permission intersected with the mask if the mask is present
 175  */
 176 #define MASK2MODE(ACL)                                                  \
 177         ((ACL)->aclass.acl_ismask ?                                     \
 178                 ((((ACL)->aclass.acl_maskbits &                         \
 179                         (ACL)->agroup->acl_ic_perm) & 07) << 3) :       \
 180                 (((ACL)->agroup->acl_ic_perm & 07) << 3))
 181
 182 #define MODE2ACL(P, MODE, CRED)                                 \
 183         ASSERT((P));                                            \
 184         (P)->acl_ic_next = NULL;                                \
 185         (P)->acl_ic_perm &= ((MODE) & 7);                       \
 186         (P)->acl_ic_who = (CRED);
 187
 188 #define ACL_MOVE(P, T, B)                                       \
 189 {                                                               \
 190         ufs_ic_acl_t *acl;                                      \
 191         for (acl = (P); acl; acl = acl->acl_ic_next) {          \
 192                 (B)->acl_tag = (T);                             \
 193                 (B)->acl_perm = acl->acl_ic_perm;               \
 194                 (B)->acl_who = acl->acl_ic_who;                 \
 195                 (B)++;                                          \
 196         }                                                       \
 197 }
 198
 199 #ifdef  __cplusplus
 200 }
 201 #endif
 202
 203 #endif  /* _SYS_FS_UFS_ACL_H */