author | Casper H.S. Dik <Casper.Dik@Sun.COM> |
Wed, 28 Apr 2010 10:01:37 +0200 | |
changeset 12273 | 63678502e95e |
parent 5058 | 97ac9f0ef0f9 |
permissions | -rw-r--r-- |
0 | 1 |
/* |
2 |
* CDDL HEADER START |
|
3 |
* |
|
4 |
* The contents of this file are subject to the terms of the |
|
5058 | 5 |
* Common Development and Distribution License (the "License"). |
6 |
* You may not use this file except in compliance with the License. |
|
0 | 7 |
* |
8 |
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 |
* or http://www.opensolaris.org/os/licensing. |
|
10 |
* See the License for the specific language governing permissions |
|
11 |
* and limitations under the License. |
|
12 |
* |
|
13 |
* When distributing Covered Code, include this CDDL HEADER in each |
|
14 |
* file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 |
* If applicable, add the following below this CDDL HEADER, with the |
|
16 |
* fields enclosed by brackets "[]" replaced with your own identifying |
|
17 |
* information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 |
* |
|
19 |
* CDDL HEADER END |
|
20 |
*/ |
|
21 |
/* |
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
5058
diff
changeset
|
22 |
* Copyright (c) 1993, 2010, Oracle and/or its affiliates. All rights reserved. |
0 | 23 |
*/ |
24 |
||
25 |
#ifndef _SYS_FS_UFS_ACL_H |
|
26 |
#define _SYS_FS_UFS_ACL_H |
|
27 |
||
28 |
#include <sys/types.h> |
|
29 |
#include <sys/cred.h> |
|
30 |
#include <sys/vfs.h> |
|
31 |
#include <sys/acl.h> |
|
32 |
#include <sys/fs/ufs_fs.h> |
|
33 |
||
34 |
#ifdef __cplusplus |
|
35 |
extern "C" { |
|
36 |
#endif |
|
37 |
||
38 |
/* |
|
39 |
* On-disk UFS ACL structure |
|
40 |
*/ |
|
41 |
||
42 |
typedef struct ufs_acl { |
|
43 |
union { |
|
44 |
uint32_t acl_next; /* Pad for old structure */ |
|
45 |
ushort_t acl_tag; /* Entry type */ |
|
46 |
} acl_un; |
|
47 |
o_mode_t acl_perm; /* Permission bits */ |
|
48 |
uid_t acl_who; /* User or group ID */ |
|
49 |
} ufs_acl_t; |
|
50 |
||
51 |
#define acl_tag acl_un.acl_tag |
|
52 |
#define acl_next acl_un.acl_next |
|
53 |
||
54 |
/* |
|
55 |
* In-core UFS ACL structure |
|
56 |
*/ |
|
57 |
||
58 |
typedef struct ufs_ic_acl { |
|
59 |
struct ufs_ic_acl *acl_ic_next; /* Next ACL for this inode */ |
|
60 |
o_mode_t acl_ic_perm; /* Permission bits */ |
|
61 |
uid_t acl_ic_who; /* User or group ID */ |
|
62 |
} ufs_ic_acl_t; |
|
63 |
||
64 |
/* |
|
65 |
* In-core ACL mask |
|
66 |
*/ |
|
67 |
typedef struct ufs_aclmask { |
|
68 |
short acl_ismask; /* Is mask defined? */ |
|
69 |
o_mode_t acl_maskbits; /* Permission mask */ |
|
70 |
} ufs_aclmask_t; |
|
71 |
||
72 |
/* |
|
73 |
* full acl |
|
74 |
*/ |
|
75 |
typedef struct ic_acl { |
|
76 |
ufs_ic_acl_t *owner; /* owner object */ |
|
77 |
ufs_ic_acl_t *group; /* group object */ |
|
78 |
ufs_ic_acl_t *other; /* other object */ |
|
79 |
ufs_ic_acl_t *users; /* list of users */ |
|
80 |
ufs_ic_acl_t *groups; /* list of groups */ |
|
81 |
ufs_aclmask_t mask; /* mask */ |
|
82 |
} ic_acl_t; |
|
83 |
||
84 |
/* |
|
85 |
* In-core shadow inode |
|
86 |
*/ |
|
87 |
typedef struct si { |
|
88 |
struct si *s_next; /* signature hash next */ |
|
89 |
struct si *s_forw; /* inode hash next */ |
|
90 |
struct si *s_fore; /* unref'd list next */ |
|
91 |
||
92 |
int s_flags; /* see below */ |
|
93 |
ino_t s_shadow; /* shadow inode number */ |
|
94 |
dev_t s_dev; /* device (major,minor) */ |
|
95 |
int s_signature; /* signature for all ACLs */ |
|
96 |
int s_use; /* on disk use count */ |
|
97 |
int s_ref; /* in core reference count */ |
|
98 |
krwlock_t s_lock; /* lock for this structure */ |
|
99 |
||
100 |
ic_acl_t s_a; /* acls */ |
|
101 |
ic_acl_t s_d; /* def acls */ |
|
102 |
} si_t; |
|
103 |
||
104 |
#define aowner s_a.owner |
|
105 |
#define agroup s_a.group |
|
106 |
#define aother s_a.other |
|
107 |
#define ausers s_a.users |
|
108 |
#define agroups s_a.groups |
|
109 |
#define aclass s_a.mask |
|
110 |
||
111 |
#define downer s_d.owner |
|
112 |
#define dgroup s_d.group |
|
113 |
#define dother s_d.other |
|
114 |
#define dusers s_d.users |
|
115 |
#define dgroups s_d.groups |
|
116 |
#define dclass s_d.mask |
|
117 |
||
118 |
#define s_prev s_forw |
|
119 |
||
120 |
/* |
|
121 |
* s_flags |
|
122 |
*/ |
|
123 |
#define SI_CACHED 0x0001 /* Is in si_cache */ |
|
124 |
||
125 |
/* |
|
126 |
* Header to identify data on disk |
|
127 |
*/ |
|
128 |
typedef struct ufs_fsd { |
|
129 |
int fsd_type; /* type of data */ |
|
130 |
int fsd_size; /* size in bytes of ufs_fsd and data */ |
|
131 |
char fsd_data[1]; /* data */ |
|
132 |
} ufs_fsd_t; |
|
133 |
||
134 |
/* |
|
135 |
* Data types (fsd_type) |
|
136 |
*/ |
|
137 |
#define FSD_FREE (0) /* Free entry */ |
|
138 |
#define FSD_ACL (1) /* Access Control Lists */ |
|
139 |
#define FSD_DFACL (2) /* reserved for future use */ |
|
140 |
#define FSD_RESERVED3 (3) /* reserved for future use */ |
|
141 |
#define FSD_RESERVED4 (4) /* reserved for future use */ |
|
142 |
#define FSD_RESERVED5 (5) /* reserved for future use */ |
|
143 |
#define FSD_RESERVED6 (6) /* reserved for future use */ |
|
144 |
#define FSD_RESERVED7 (7) /* reserved for future use */ |
|
145 |
||
146 |
/* |
|
147 |
* FSD manipulation macros |
|
148 |
* The FSD macros are aligned on integer boundary even if the preceeding |
|
149 |
* record had a byte aligned length. So the record length is always |
|
150 |
* integer length. All increments of the data pointers must use the |
|
151 |
* FSD_RECSZ macro. |
|
152 |
*/ |
|
153 |
#define FSD_TPSZ(fsdp) (sizeof (fsdp->fsd_type)) |
|
154 |
#define FSD_TPMSK(fsdp) (FSD_TPSZ(fsdp) - 1) |
|
155 |
#define FSD_RECSZ(fsdp, size) ((size + FSD_TPMSK(fsdp)) & ~FSD_TPMSK(fsdp)) |
|
156 |
/* |
|
157 |
* flags for acl_validate |
|
158 |
*/ |
|
159 |
#define ACL_CHECK 0x01 |
|
160 |
#define DEF_ACL_CHECK 0x02 |
|
161 |
||
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
5058
diff
changeset
|
162 |
#define MODE_CHECK(O, M, PERM, C, I) \ |
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
5058
diff
changeset
|
163 |
secpolicy_vnode_access2(C, ITOV(I), O, (PERM), M) |
0 | 164 |
|
165 |
/* |
|
166 |
* Check that the file type is one that accepts ACLs |
|
167 |
*/ |
|
168 |
#define CHECK_ACL_ALLOWED(MODE) (((MODE) == IFDIR) || ((MODE) == IFREG) || \ |
|
169 |
((MODE) == IFIFO) || ((MODE) == IFCHR) || \ |
|
170 |
((MODE) == IFBLK) || ((MODE) == IFATTRDIR)) |
|
171 |
||
5058 | 172 |
/* |
173 |
* Get ACL group permissions if the mask is not present, and the ACL |
|
174 |
* group permission intersected with the mask if the mask is present |
|
175 |
*/ |
|
176 |
#define MASK2MODE(ACL) \ |
|
177 |
((ACL)->aclass.acl_ismask ? \ |
|
178 |
((((ACL)->aclass.acl_maskbits & \ |
|
179 |
(ACL)->agroup->acl_ic_perm) & 07) << 3) : \ |
|
180 |
(((ACL)->agroup->acl_ic_perm & 07) << 3)) |
|
181 |
||
0 | 182 |
#define MODE2ACL(P, MODE, CRED) \ |
183 |
ASSERT((P)); \ |
|
184 |
(P)->acl_ic_next = NULL; \ |
|
185 |
(P)->acl_ic_perm &= ((MODE) & 7); \ |
|
186 |
(P)->acl_ic_who = (CRED); |
|
187 |
||
188 |
#define ACL_MOVE(P, T, B) \ |
|
189 |
{ \ |
|
190 |
ufs_ic_acl_t *acl; \ |
|
191 |
for (acl = (P); acl; acl = acl->acl_ic_next) { \ |
|
192 |
(B)->acl_tag = (T); \ |
|
193 |
(B)->acl_perm = acl->acl_ic_perm; \ |
|
194 |
(B)->acl_who = acl->acl_ic_who; \ |
|
195 |
(B)++; \ |
|
196 |
} \ |
|
197 |
} |
|
198 |
||
199 |
#ifdef __cplusplus |
|
200 |
} |
|
201 |
#endif |
|
202 |
||
203 |
#endif /* _SYS_FS_UFS_ACL_H */ |