1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_FS_UFS_ACL_H 27 #define _SYS_FS_UFS_ACL_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 #include <sys/types.h> 32 #include <sys/cred.h> 33 #include <sys/vfs.h> 34 #include <sys/acl.h> 35 #include <sys/fs/ufs_fs.h> 36 37 #ifdef __cplusplus 38 extern "C" { 39 #endif 40 41 /* 42 * On-disk UFS ACL structure 43 */ 44 45 typedef struct ufs_acl { 46 union { 47 uint32_t acl_next; /* Pad for old structure */ 48 ushort_t acl_tag; /* Entry type */ 49 } acl_un; 50 o_mode_t acl_perm; /* Permission bits */ 51 uid_t acl_who; /* User or group ID */ 52 } ufs_acl_t; 53 54 #define acl_tag acl_un.acl_tag 55 #define acl_next acl_un.acl_next 56 57 /* 58 * In-core UFS ACL structure 59 */ 60 61 typedef struct ufs_ic_acl { 62 struct ufs_ic_acl *acl_ic_next; /* Next ACL for this inode */ 63 o_mode_t acl_ic_perm; /* Permission bits */ 64 uid_t acl_ic_who; /* User or group ID */ 65 } ufs_ic_acl_t; 66 67 /* 68 * In-core ACL mask 69 */ 70 typedef struct ufs_aclmask { 71 short acl_ismask; /* Is mask defined? */ 72 o_mode_t acl_maskbits; /* Permission mask */ 73 } ufs_aclmask_t; 74 75 /* 76 * full acl 77 */ 78 typedef struct ic_acl { 79 ufs_ic_acl_t *owner; /* owner object */ 80 ufs_ic_acl_t *group; /* group object */ 81 ufs_ic_acl_t *other; /* other object */ 82 ufs_ic_acl_t *users; /* list of users */ 83 ufs_ic_acl_t *groups; /* list of groups */ 84 ufs_aclmask_t mask; /* mask */ 85 } ic_acl_t; 86 87 /* 88 * In-core shadow inode 89 */ 90 typedef struct si { 91 struct si *s_next; /* signature hash next */ 92 struct si *s_forw; /* inode hash next */ 93 struct si *s_fore; /* unref'd list next */ 94 95 int s_flags; /* see below */ 96 ino_t s_shadow; /* shadow inode number */ 97 dev_t s_dev; /* device (major,minor) */ 98 int s_signature; /* signature for all ACLs */ 99 int s_use; /* on disk use count */ 100 int s_ref; /* in core reference count */ 101 krwlock_t s_lock; /* lock for this structure */ 102 103 ic_acl_t s_a; /* acls */ 104 ic_acl_t s_d; /* def acls */ 105 } si_t; 106 107 #define aowner s_a.owner 108 #define agroup s_a.group 109 #define aother s_a.other 110 #define ausers s_a.users 111 #define agroups s_a.groups 112 #define aclass s_a.mask 113 114 #define downer s_d.owner 115 #define dgroup s_d.group 116 #define dother s_d.other 117 #define dusers s_d.users 118 #define dgroups s_d.groups 119 #define dclass s_d.mask 120 121 #define s_prev s_forw 122 123 /* 124 * s_flags 125 */ 126 #define SI_CACHED 0x0001 /* Is in si_cache */ 127 128 /* 129 * Header to identify data on disk 130 */ 131 typedef struct ufs_fsd { 132 int fsd_type; /* type of data */ 133 int fsd_size; /* size in bytes of ufs_fsd and data */ 134 char fsd_data[1]; /* data */ 135 } ufs_fsd_t; 136 137 /* 138 * Data types (fsd_type) 139 */ 140 #define FSD_FREE (0) /* Free entry */ 141 #define FSD_ACL (1) /* Access Control Lists */ 142 #define FSD_DFACL (2) /* reserved for future use */ 143 #define FSD_RESERVED3 (3) /* reserved for future use */ 144 #define FSD_RESERVED4 (4) /* reserved for future use */ 145 #define FSD_RESERVED5 (5) /* reserved for future use */ 146 #define FSD_RESERVED6 (6) /* reserved for future use */ 147 #define FSD_RESERVED7 (7) /* reserved for future use */ 148 149 /* 150 * FSD manipulation macros 151 * The FSD macros are aligned on integer boundary even if the preceeding 152 * record had a byte aligned length. So the record length is always 153 * integer length. All increments of the data pointers must use the 154 * FSD_RECSZ macro. 155 */ 156 #define FSD_TPSZ(fsdp) (sizeof (fsdp->fsd_type)) 157 #define FSD_TPMSK(fsdp) (FSD_TPSZ(fsdp) - 1) 158 #define FSD_RECSZ(fsdp, size) ((size + FSD_TPMSK(fsdp)) & ~FSD_TPMSK(fsdp)) 159 /* 160 * flags for acl_validate 161 */ 162 #define ACL_CHECK 0x01 163 #define DEF_ACL_CHECK 0x02 164 165 #define MODE_CHECK(O, M, PERM, C, I) ((((M) & (PERM)) == (M)) ? 0 : \ 166 secpolicy_vnode_access(C, ITOV(I), O, (M) & ~(PERM))) 167 168 /* 169 * Check that the file type is one that accepts ACLs 170 */ 171 #define CHECK_ACL_ALLOWED(MODE) (((MODE) == IFDIR) || ((MODE) == IFREG) || \ 172 ((MODE) == IFIFO) || ((MODE) == IFCHR) || \ 173 ((MODE) == IFBLK) || ((MODE) == IFATTRDIR)) 174 175 /* 176 * Get ACL group permissions if the mask is not present, and the ACL 177 * group permission intersected with the mask if the mask is present 178 */ 179 #define MASK2MODE(ACL) \ 180 ((ACL)->aclass.acl_ismask ? \ 181 ((((ACL)->aclass.acl_maskbits & \ 182 (ACL)->agroup->acl_ic_perm) & 07) << 3) : \ 183 (((ACL)->agroup->acl_ic_perm & 07) << 3)) 184 185 #define MODE2ACL(P, MODE, CRED) \ 186 ASSERT((P)); \ 187 (P)->acl_ic_next = NULL; \ 188 (P)->acl_ic_perm &= ((MODE) & 7); \ 189 (P)->acl_ic_who = (CRED); 190 191 #define ACL_MOVE(P, T, B) \ 192 { \ 193 ufs_ic_acl_t *acl; \ 194 for (acl = (P); acl; acl = acl->acl_ic_next) { \ 195 (B)->acl_tag = (T); \ 196 (B)->acl_perm = acl->acl_ic_perm; \ 197 (B)->acl_who = acl->acl_ic_who; \ 198 (B)++; \ 199 } \ 200 } 201 202 #ifdef __cplusplus 203 } 204 #endif 205 206 #endif /* _SYS_FS_UFS_ACL_H */ 207