1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1993, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 #ifndef _SYS_FS_UFS_ACL_H 26 #define _SYS_FS_UFS_ACL_H 27 28 #include <sys/types.h> 29 #include <sys/cred.h> 30 #include <sys/vfs.h> 31 #include <sys/acl.h> 32 #include <sys/fs/ufs_fs.h> 33 34 #ifdef __cplusplus 35 extern "C" { 36 #endif 37 38 /* 39 * On-disk UFS ACL structure 40 */ 41 42 typedef struct ufs_acl { 43 union { 44 uint32_t acl_next; /* Pad for old structure */ 45 ushort_t acl_tag; /* Entry type */ 46 } acl_un; 47 o_mode_t acl_perm; /* Permission bits */ 48 uid_t acl_who; /* User or group ID */ 49 } ufs_acl_t; 50 51 #define acl_tag acl_un.acl_tag 52 #define acl_next acl_un.acl_next 53 54 /* 55 * In-core UFS ACL structure 56 */ 57 58 typedef struct ufs_ic_acl { 59 struct ufs_ic_acl *acl_ic_next; /* Next ACL for this inode */ 60 o_mode_t acl_ic_perm; /* Permission bits */ 61 uid_t acl_ic_who; /* User or group ID */ 62 } ufs_ic_acl_t; 63 64 /* 65 * In-core ACL mask 66 */ 67 typedef struct ufs_aclmask { 68 short acl_ismask; /* Is mask defined? */ 69 o_mode_t acl_maskbits; /* Permission mask */ 70 } ufs_aclmask_t; 71 72 /* 73 * full acl 74 */ 75 typedef struct ic_acl { 76 ufs_ic_acl_t *owner; /* owner object */ 77 ufs_ic_acl_t *group; /* group object */ 78 ufs_ic_acl_t *other; /* other object */ 79 ufs_ic_acl_t *users; /* list of users */ 80 ufs_ic_acl_t *groups; /* list of groups */ 81 ufs_aclmask_t mask; /* mask */ 82 } ic_acl_t; 83 84 /* 85 * In-core shadow inode 86 */ 87 typedef struct si { 88 struct si *s_next; /* signature hash next */ 89 struct si *s_forw; /* inode hash next */ 90 struct si *s_fore; /* unref'd list next */ 91 92 int s_flags; /* see below */ 93 ino_t s_shadow; /* shadow inode number */ 94 dev_t s_dev; /* device (major,minor) */ 95 int s_signature; /* signature for all ACLs */ 96 int s_use; /* on disk use count */ 97 int s_ref; /* in core reference count */ 98 krwlock_t s_lock; /* lock for this structure */ 99 100 ic_acl_t s_a; /* acls */ 101 ic_acl_t s_d; /* def acls */ 102 } si_t; 103 104 #define aowner s_a.owner 105 #define agroup s_a.group 106 #define aother s_a.other 107 #define ausers s_a.users 108 #define agroups s_a.groups 109 #define aclass s_a.mask 110 111 #define downer s_d.owner 112 #define dgroup s_d.group 113 #define dother s_d.other 114 #define dusers s_d.users 115 #define dgroups s_d.groups 116 #define dclass s_d.mask 117 118 #define s_prev s_forw 119 120 /* 121 * s_flags 122 */ 123 #define SI_CACHED 0x0001 /* Is in si_cache */ 124 125 /* 126 * Header to identify data on disk 127 */ 128 typedef struct ufs_fsd { 129 int fsd_type; /* type of data */ 130 int fsd_size; /* size in bytes of ufs_fsd and data */ 131 char fsd_data[1]; /* data */ 132 } ufs_fsd_t; 133 134 /* 135 * Data types (fsd_type) 136 */ 137 #define FSD_FREE (0) /* Free entry */ 138 #define FSD_ACL (1) /* Access Control Lists */ 139 #define FSD_DFACL (2) /* reserved for future use */ 140 #define FSD_RESERVED3 (3) /* reserved for future use */ 141 #define FSD_RESERVED4 (4) /* reserved for future use */ 142 #define FSD_RESERVED5 (5) /* reserved for future use */ 143 #define FSD_RESERVED6 (6) /* reserved for future use */ 144 #define FSD_RESERVED7 (7) /* reserved for future use */ 145 146 /* 147 * FSD manipulation macros 148 * The FSD macros are aligned on integer boundary even if the preceeding 149 * record had a byte aligned length. So the record length is always 150 * integer length. All increments of the data pointers must use the 151 * FSD_RECSZ macro. 152 */ 153 #define FSD_TPSZ(fsdp) (sizeof (fsdp->fsd_type)) 154 #define FSD_TPMSK(fsdp) (FSD_TPSZ(fsdp) - 1) 155 #define FSD_RECSZ(fsdp, size) ((size + FSD_TPMSK(fsdp)) & ~FSD_TPMSK(fsdp)) 156 /* 157 * flags for acl_validate 158 */ 159 #define ACL_CHECK 0x01 160 #define DEF_ACL_CHECK 0x02 161 162 #define MODE_CHECK(O, M, PERM, C, I) \ 163 secpolicy_vnode_access2(C, ITOV(I), O, (PERM), M) 164 165 /* 166 * Check that the file type is one that accepts ACLs 167 */ 168 #define CHECK_ACL_ALLOWED(MODE) (((MODE) == IFDIR) || ((MODE) == IFREG) || \ 169 ((MODE) == IFIFO) || ((MODE) == IFCHR) || \ 170 ((MODE) == IFBLK) || ((MODE) == IFATTRDIR)) 171 172 /* 173 * Get ACL group permissions if the mask is not present, and the ACL 174 * group permission intersected with the mask if the mask is present 175 */ 176 #define MASK2MODE(ACL) \ 177 ((ACL)->aclass.acl_ismask ? \ 178 ((((ACL)->aclass.acl_maskbits & \ 179 (ACL)->agroup->acl_ic_perm) & 07) << 3) : \ 180 (((ACL)->agroup->acl_ic_perm & 07) << 3)) 181 182 #define MODE2ACL(P, MODE, CRED) \ 183 ASSERT((P)); \ 184 (P)->acl_ic_next = NULL; \ 185 (P)->acl_ic_perm &= ((MODE) & 7); \ 186 (P)->acl_ic_who = (CRED); 187 188 #define ACL_MOVE(P, T, B) \ 189 { \ 190 ufs_ic_acl_t *acl; \ 191 for (acl = (P); acl; acl = acl->acl_ic_next) { \ 192 (B)->acl_tag = (T); \ 193 (B)->acl_perm = acl->acl_ic_perm; \ 194 (B)->acl_who = acl->acl_ic_who; \ 195 (B)++; \ 196 } \ 197 } 198 199 #ifdef __cplusplus 200 } 201 #endif 202 203 #endif /* _SYS_FS_UFS_ACL_H */ 204