xref: /illumos-gate/usr/src/uts/common/sys/fs/ufs_acl.h (revision 134a1f4e)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 1993, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 #ifndef	_SYS_FS_UFS_ACL_H
26 #define	_SYS_FS_UFS_ACL_H
27 
28 #include <sys/types.h>
29 #include <sys/cred.h>
30 #include <sys/vfs.h>
31 #include <sys/acl.h>
32 #include <sys/fs/ufs_fs.h>
33 
34 #ifdef	__cplusplus
35 extern "C" {
36 #endif
37 
38 /*
39  * On-disk UFS ACL structure
40  */
41 
42 typedef struct ufs_acl {
43 	union {
44 		uint32_t 	acl_next;	/* Pad for old structure */
45 		ushort_t	acl_tag;	/* Entry type */
46 	} acl_un;
47 	o_mode_t	acl_perm;		/* Permission bits */
48 	uid_t		acl_who;		/* User or group ID */
49 } ufs_acl_t;
50 
51 #define	acl_tag acl_un.acl_tag
52 #define	acl_next acl_un.acl_next
53 
54 /*
55  * In-core UFS ACL structure
56  */
57 
58 typedef struct ufs_ic_acl {
59 	struct ufs_ic_acl	*acl_ic_next;	/* Next ACL for this inode */
60 	o_mode_t		acl_ic_perm;	/* Permission bits */
61 	uid_t			acl_ic_who;	/* User or group ID */
62 } ufs_ic_acl_t;
63 
64 /*
65  * In-core ACL mask
66  */
67 typedef struct ufs_aclmask {
68 	short		acl_ismask;	/* Is mask defined? */
69 	o_mode_t	acl_maskbits;	/* Permission mask */
70 } ufs_aclmask_t;
71 
72 /*
73  * full acl
74  */
75 typedef struct ic_acl {
76 	ufs_ic_acl_t	*owner;		/* owner object */
77 	ufs_ic_acl_t	*group;		/* group object */
78 	ufs_ic_acl_t	*other;		/* other object */
79 	ufs_ic_acl_t	*users;		/* list of users */
80 	ufs_ic_acl_t	*groups;	/* list of groups */
81 	ufs_aclmask_t	mask;		/* mask */
82 } ic_acl_t;
83 
84 /*
85  * In-core shadow inode
86  */
87 typedef	struct si {
88 	struct si *s_next;		/* signature hash next */
89 	struct si *s_forw;		/* inode hash next */
90 	struct si *s_fore;		/* unref'd list next */
91 
92 	int	s_flags;		/* see below */
93 	ino_t	s_shadow;		/* shadow inode number */
94 	dev_t	s_dev;			/* device (major,minor) */
95 	int	s_signature;		/* signature for all ACLs */
96 	int 	s_use;			/* on disk use count */
97 	int	s_ref;			/* in core reference count */
98 	krwlock_t s_lock;		/* lock for this structure */
99 
100 	ic_acl_t  s_a;			/* acls */
101 	ic_acl_t  s_d;			/* def acls */
102 } si_t;
103 
104 #define	aowner	s_a.owner
105 #define	agroup	s_a.group
106 #define	aother	s_a.other
107 #define	ausers	s_a.users
108 #define	agroups	s_a.groups
109 #define	aclass	s_a.mask
110 
111 #define	downer	s_d.owner
112 #define	dgroup	s_d.group
113 #define	dother	s_d.other
114 #define	dusers	s_d.users
115 #define	dgroups	s_d.groups
116 #define	dclass	s_d.mask
117 
118 #define	s_prev	s_forw
119 
120 /*
121  * s_flags
122  */
123 #define	SI_CACHED 0x0001		/* Is in si_cache */
124 
125 /*
126  * Header to identify data on disk
127  */
128 typedef struct ufs_fsd {
129 	int	fsd_type;		/* type of data */
130 	int	fsd_size;		/* size in bytes of ufs_fsd and data */
131 	char	fsd_data[1];		/* data */
132 } ufs_fsd_t;
133 
134 /*
135  * Data types  (fsd_type)
136  */
137 #define	FSD_FREE	(0)		/* Free entry */
138 #define	FSD_ACL		(1)		/* Access Control Lists */
139 #define	FSD_DFACL	(2)		/* reserved for future use */
140 #define	FSD_RESERVED3	(3)		/* reserved for future use */
141 #define	FSD_RESERVED4	(4)		/* reserved for future use */
142 #define	FSD_RESERVED5	(5)		/* reserved for future use */
143 #define	FSD_RESERVED6	(6)		/* reserved for future use */
144 #define	FSD_RESERVED7	(7)		/* reserved for future use */
145 
146 /*
147  * FSD manipulation macros
148  * The FSD macros are aligned on integer boundary even if the preceeding
149  * record had a byte aligned length. So the record length is always
150  * integer length. All increments of the data pointers must use the
151  * FSD_RECSZ macro.
152  */
153 #define	FSD_TPSZ(fsdp)		(sizeof (fsdp->fsd_type))
154 #define	FSD_TPMSK(fsdp)		(FSD_TPSZ(fsdp) - 1)
155 #define	FSD_RECSZ(fsdp, size)	((size + FSD_TPMSK(fsdp)) & ~FSD_TPMSK(fsdp))
156 /*
157  * flags for acl_validate
158  */
159 #define	ACL_CHECK	0x01
160 #define	DEF_ACL_CHECK	0x02
161 
162 #define	MODE_CHECK(O, M, PERM, C, I) \
163     secpolicy_vnode_access2(C, ITOV(I), O, (PERM), M)
164 
165 /*
166  * Check that the file type is one that accepts ACLs
167  */
168 #define	CHECK_ACL_ALLOWED(MODE) (((MODE) == IFDIR) || ((MODE) == IFREG) || \
169 				((MODE) == IFIFO) || ((MODE) == IFCHR) || \
170 				((MODE) == IFBLK) || ((MODE) == IFATTRDIR))
171 
172 /*
173  * Get ACL group permissions if the mask is not present, and the ACL
174  * group permission intersected with the mask if the mask is present
175  */
176 #define	MASK2MODE(ACL)							\
177 	((ACL)->aclass.acl_ismask ?					\
178 		((((ACL)->aclass.acl_maskbits &				\
179 			(ACL)->agroup->acl_ic_perm) & 07) << 3) :	\
180 		(((ACL)->agroup->acl_ic_perm & 07) << 3))
181 
182 #define	MODE2ACL(P, MODE, CRED)					\
183 	ASSERT((P));						\
184 	(P)->acl_ic_next = NULL;				\
185 	(P)->acl_ic_perm &= ((MODE) & 7);			\
186 	(P)->acl_ic_who = (CRED);
187 
188 #define	ACL_MOVE(P, T, B)					\
189 {								\
190 	ufs_ic_acl_t *acl;					\
191 	for (acl = (P); acl; acl = acl->acl_ic_next) {		\
192 		(B)->acl_tag = (T);				\
193 		(B)->acl_perm = acl->acl_ic_perm;		\
194 		(B)->acl_who = acl->acl_ic_who;			\
195 		(B)++;						\
196 	}							\
197 }
198 
199 #ifdef	__cplusplus
200 }
201 #endif
202 
203 #endif	/* _SYS_FS_UFS_ACL_H */
204