xref: /illumos-gate/usr/src/uts/common/sys/fs/ufs_acl.h (revision a5f69788de7ac07553de47f7fec8c05a9a94c105)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 1992,1997-2003 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef	_SYS_FS_UFS_ACL_H
28 #define	_SYS_FS_UFS_ACL_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #include <sys/types.h>
33 #include <sys/cred.h>
34 #include <sys/vfs.h>
35 #include <sys/acl.h>
36 #include <sys/fs/ufs_fs.h>
37 
38 #ifdef	__cplusplus
39 extern "C" {
40 #endif
41 
42 /*
43  * On-disk UFS ACL structure
44  */
45 
46 typedef struct ufs_acl {
47 	union {
48 		uint32_t 	acl_next;	/* Pad for old structure */
49 		ushort_t	acl_tag;	/* Entry type */
50 	} acl_un;
51 	o_mode_t	acl_perm;		/* Permission bits */
52 	uid_t		acl_who;		/* User or group ID */
53 } ufs_acl_t;
54 
55 #define	acl_tag acl_un.acl_tag
56 #define	acl_next acl_un.acl_next
57 
58 /*
59  * In-core UFS ACL structure
60  */
61 
62 typedef struct ufs_ic_acl {
63 	struct ufs_ic_acl	*acl_ic_next;	/* Next ACL for this inode */
64 	o_mode_t		acl_ic_perm;	/* Permission bits */
65 	uid_t			acl_ic_who;	/* User or group ID */
66 } ufs_ic_acl_t;
67 
68 /*
69  * In-core ACL mask
70  */
71 typedef struct ufs_aclmask {
72 	short		acl_ismask;	/* Is mask defined? */
73 	o_mode_t	acl_maskbits;	/* Permission mask */
74 } ufs_aclmask_t;
75 
76 /*
77  * full acl
78  */
79 typedef struct ic_acl {
80 	ufs_ic_acl_t	*owner;		/* owner object */
81 	ufs_ic_acl_t	*group;		/* group object */
82 	ufs_ic_acl_t	*other;		/* other object */
83 	ufs_ic_acl_t	*users;		/* list of users */
84 	ufs_ic_acl_t	*groups;	/* list of groups */
85 	ufs_aclmask_t	mask;		/* mask */
86 } ic_acl_t;
87 
88 /*
89  * In-core shadow inode
90  */
91 typedef	struct si {
92 	struct si *s_next;		/* signature hash next */
93 	struct si *s_forw;		/* inode hash next */
94 	struct si *s_fore;		/* unref'd list next */
95 
96 	int	s_flags;		/* see below */
97 	ino_t	s_shadow;		/* shadow inode number */
98 	dev_t	s_dev;			/* device (major,minor) */
99 	int	s_signature;		/* signature for all ACLs */
100 	int 	s_use;			/* on disk use count */
101 	int	s_ref;			/* in core reference count */
102 	krwlock_t s_lock;		/* lock for this structure */
103 
104 	ic_acl_t  s_a;			/* acls */
105 	ic_acl_t  s_d;			/* def acls */
106 } si_t;
107 
108 #define	aowner	s_a.owner
109 #define	agroup	s_a.group
110 #define	aother	s_a.other
111 #define	ausers	s_a.users
112 #define	agroups	s_a.groups
113 #define	aclass	s_a.mask
114 
115 #define	downer	s_d.owner
116 #define	dgroup	s_d.group
117 #define	dother	s_d.other
118 #define	dusers	s_d.users
119 #define	dgroups	s_d.groups
120 #define	dclass	s_d.mask
121 
122 #define	s_prev	s_forw
123 
124 /*
125  * s_flags
126  */
127 #define	SI_CACHED 0x0001		/* Is in si_cache */
128 
129 /*
130  * Header to identify data on disk
131  */
132 typedef struct ufs_fsd {
133 	int	fsd_type;		/* type of data */
134 	int	fsd_size;		/* size in bytes of ufs_fsd and data */
135 	char	fsd_data[1];		/* data */
136 } ufs_fsd_t;
137 
138 /*
139  * Data types  (fsd_type)
140  */
141 #define	FSD_FREE	(0)		/* Free entry */
142 #define	FSD_ACL		(1)		/* Access Control Lists */
143 #define	FSD_DFACL	(2)		/* reserved for future use */
144 #define	FSD_RESERVED3	(3)		/* reserved for future use */
145 #define	FSD_RESERVED4	(4)		/* reserved for future use */
146 #define	FSD_RESERVED5	(5)		/* reserved for future use */
147 #define	FSD_RESERVED6	(6)		/* reserved for future use */
148 #define	FSD_RESERVED7	(7)		/* reserved for future use */
149 
150 /*
151  * FSD manipulation macros
152  * The FSD macros are aligned on integer boundary even if the preceeding
153  * record had a byte aligned length. So the record length is always
154  * integer length. All increments of the data pointers must use the
155  * FSD_RECSZ macro.
156  */
157 #define	FSD_TPSZ(fsdp)		(sizeof (fsdp->fsd_type))
158 #define	FSD_TPMSK(fsdp)		(FSD_TPSZ(fsdp) - 1)
159 #define	FSD_RECSZ(fsdp, size)	((size + FSD_TPMSK(fsdp)) & ~FSD_TPMSK(fsdp))
160 /*
161  * flags for acl_validate
162  */
163 #define	ACL_CHECK	0x01
164 #define	DEF_ACL_CHECK	0x02
165 
166 #define	MODE_CHECK(O, M, PERM, C, I) ((((M) & (PERM)) == (M)) ? 0 : \
167 			secpolicy_vnode_access(C, ITOV(I), O, (M) & ~(PERM)))
168 
169 /*
170  * Check that the file type is one that accepts ACLs
171  */
172 #define	CHECK_ACL_ALLOWED(MODE) (((MODE) == IFDIR) || ((MODE) == IFREG) || \
173 				((MODE) == IFIFO) || ((MODE) == IFCHR) || \
174 				((MODE) == IFBLK) || ((MODE) == IFATTRDIR))
175 
176 #define	MODE2ACL(P, MODE, CRED)					\
177 	ASSERT((P));						\
178 	(P)->acl_ic_next = NULL;				\
179 	(P)->acl_ic_perm &= ((MODE) & 7);			\
180 	(P)->acl_ic_who = (CRED);
181 
182 #define	ACL_MOVE(P, T, B)					\
183 {								\
184 	ufs_ic_acl_t *acl;					\
185 	for (acl = (P); acl; acl = acl->acl_ic_next) {		\
186 		(B)->acl_tag = (T);				\
187 		(B)->acl_perm = acl->acl_ic_perm;		\
188 		(B)->acl_who = acl->acl_ic_who;			\
189 		(B)++;						\
190 	}							\
191 }
192 
193 #ifdef	__cplusplus
194 }
195 #endif
196 
197 #endif	/* _SYS_FS_UFS_ACL_H */
198