author | Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> |
Thu, 26 Mar 2009 13:13:24 -0600 | |
changeset 9179 | d8fbd96b79b3 |
parent 8053 | 271f44d3de11 |
child 9396 | f41cf682d0d3 |
permissions | -rw-r--r-- |
789 | 1 |
/* |
2 |
* CDDL HEADER START |
|
3 |
* |
|
4 |
* The contents of this file are subject to the terms of the |
|
1544 | 5 |
* Common Development and Distribution License (the "License"). |
6 |
* You may not use this file except in compliance with the License. |
|
789 | 7 |
* |
8 |
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 |
* or http://www.opensolaris.org/os/licensing. |
|
10 |
* See the License for the specific language governing permissions |
|
11 |
* and limitations under the License. |
|
12 |
* |
|
13 |
* When distributing Covered Code, include this CDDL HEADER in each |
|
14 |
* file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 |
* If applicable, add the following below this CDDL HEADER, with the |
|
16 |
* fields enclosed by brackets "[]" replaced with your own identifying |
|
17 |
* information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 |
* |
|
19 |
* CDDL HEADER END |
|
20 |
*/ |
|
21 |
/* |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
22 |
* Copyright 2009 Sun Microsystems, Inc. All rights reserved. |
789 | 23 |
* Use is subject to license terms. |
24 |
*/ |
|
25 |
||
26 |
#ifndef _SYS_FS_ZFS_ACL_H |
|
27 |
#define _SYS_FS_ZFS_ACL_H |
|
28 |
||
29 |
#ifdef _KERNEL |
|
30 |
#include <sys/isa_defs.h> |
|
31 |
#include <sys/types32.h> |
|
32 |
#endif |
|
33 |
#include <sys/acl.h> |
|
34 |
#include <sys/dmu.h> |
|
5331 | 35 |
#include <sys/zfs_fuid.h> |
789 | 36 |
|
37 |
#ifdef __cplusplus |
|
38 |
extern "C" { |
|
39 |
#endif |
|
40 |
||
41 |
struct znode_phys; |
|
42 |
||
43 |
#define ACE_SLOT_CNT 6 |
|
5331 | 44 |
#define ZFS_ACL_VERSION_INITIAL 0ULL |
45 |
#define ZFS_ACL_VERSION_FUID 1ULL |
|
46 |
#define ZFS_ACL_VERSION ZFS_ACL_VERSION_FUID |
|
789 | 47 |
|
5331 | 48 |
/* |
49 |
* ZFS ACLs are store in various forms. |
|
50 |
* Files created with ACL version ZFS_ACL_VERSION_INITIAL |
|
51 |
* will all be created with fixed length ACEs of type |
|
52 |
* zfs_oldace_t. |
|
53 |
* |
|
54 |
* Files with ACL version ZFS_ACL_VERSION_FUID will be created |
|
55 |
* with various sized ACEs. The abstraction entries will utilize |
|
56 |
* zfs_ace_hdr_t, normal user/group entries will use zfs_ace_t |
|
57 |
* and some specialized CIFS ACEs will use zfs_object_ace_t. |
|
58 |
*/ |
|
789 | 59 |
|
5331 | 60 |
/* |
61 |
* All ACEs have a common hdr. For |
|
62 |
* owner@, group@, and everyone@ this is all |
|
63 |
* thats needed. |
|
64 |
*/ |
|
65 |
typedef struct zfs_ace_hdr { |
|
66 |
uint16_t z_type; |
|
67 |
uint16_t z_flags; |
|
68 |
uint32_t z_access_mask; |
|
69 |
} zfs_ace_hdr_t; |
|
70 |
||
71 |
typedef zfs_ace_hdr_t zfs_ace_abstract_t; |
|
72 |
||
73 |
/* |
|
74 |
* Standard ACE |
|
75 |
*/ |
|
76 |
typedef struct zfs_ace { |
|
77 |
zfs_ace_hdr_t z_hdr; |
|
78 |
uint64_t z_fuid; |
|
79 |
} zfs_ace_t; |
|
789 | 80 |
|
81 |
/* |
|
5331 | 82 |
* The following type only applies to ACE_ACCESS_ALLOWED|DENIED_OBJECT_ACE_TYPE |
83 |
* and will only be set/retrieved in a CIFS context. |
|
789 | 84 |
*/ |
5331 | 85 |
|
86 |
typedef struct zfs_object_ace { |
|
87 |
zfs_ace_t z_ace; |
|
88 |
uint8_t z_object_type[16]; /* object type */ |
|
89 |
uint8_t z_inherit_type[16]; /* inherited object type */ |
|
90 |
} zfs_object_ace_t; |
|
91 |
||
92 |
typedef struct zfs_oldace { |
|
93 |
uint32_t z_fuid; /* "who" */ |
|
94 |
uint32_t z_access_mask; /* access mask */ |
|
95 |
uint16_t z_flags; /* flags, i.e inheritance */ |
|
96 |
uint16_t z_type; /* type of entry allow/deny */ |
|
97 |
} zfs_oldace_t; |
|
98 |
||
99 |
typedef struct zfs_acl_phys_v0 { |
|
100 |
uint64_t z_acl_extern_obj; /* ext acl pieces */ |
|
101 |
uint32_t z_acl_count; /* Number of ACEs */ |
|
102 |
uint16_t z_acl_version; /* acl version */ |
|
103 |
uint16_t z_acl_pad; /* pad */ |
|
104 |
zfs_oldace_t z_ace_data[ACE_SLOT_CNT]; /* 6 standard ACEs */ |
|
105 |
} zfs_acl_phys_v0_t; |
|
106 |
||
107 |
#define ZFS_ACE_SPACE (sizeof (zfs_oldace_t) * ACE_SLOT_CNT) |
|
108 |
||
109 |
typedef struct zfs_acl_phys { |
|
110 |
uint64_t z_acl_extern_obj; /* ext acl pieces */ |
|
111 |
uint32_t z_acl_size; /* Number of bytes in ACL */ |
|
112 |
uint16_t z_acl_version; /* acl version */ |
|
113 |
uint16_t z_acl_count; /* ace count */ |
|
114 |
uint8_t z_ace_data[ZFS_ACE_SPACE]; /* space for embedded ACEs */ |
|
115 |
} zfs_acl_phys_t; |
|
116 |
||
117 |
typedef struct acl_ops { |
|
118 |
uint32_t (*ace_mask_get) (void *acep); /* get access mask */ |
|
119 |
void (*ace_mask_set) (void *acep, |
|
120 |
uint32_t mask); /* set access mask */ |
|
121 |
uint16_t (*ace_flags_get) (void *acep); /* get flags */ |
|
122 |
void (*ace_flags_set) (void *acep, |
|
123 |
uint16_t flags); /* set flags */ |
|
124 |
uint16_t (*ace_type_get)(void *acep); /* get type */ |
|
125 |
void (*ace_type_set)(void *acep, |
|
126 |
uint16_t type); /* set type */ |
|
127 |
uint64_t (*ace_who_get)(void *acep); /* get who/fuid */ |
|
128 |
void (*ace_who_set)(void *acep, |
|
129 |
uint64_t who); /* set who/fuid */ |
|
130 |
size_t (*ace_size)(void *acep); /* how big is this ace */ |
|
131 |
size_t (*ace_abstract_size)(void); /* sizeof abstract entry */ |
|
132 |
int (*ace_mask_off)(void); /* off of access mask in ace */ |
|
133 |
int (*ace_data)(void *acep, void **datap); |
|
134 |
/* ptr to data if any */ |
|
135 |
} acl_ops_t; |
|
136 |
||
137 |
/* |
|
138 |
* A zfs_acl_t structure is composed of a list of zfs_acl_node_t's. |
|
139 |
* Each node will have one or more ACEs associated with it. You will |
|
140 |
* only have multiple nodes during a chmod operation. Normally only |
|
141 |
* one node is required. |
|
142 |
*/ |
|
143 |
typedef struct zfs_acl_node { |
|
144 |
list_node_t z_next; /* Next chunk of ACEs */ |
|
145 |
void *z_acldata; /* pointer into actual ACE(s) */ |
|
146 |
void *z_allocdata; /* pointer to kmem allocated memory */ |
|
147 |
size_t z_allocsize; /* Size of blob in bytes */ |
|
148 |
size_t z_size; /* length of ACL data */ |
|
149 |
int z_ace_count; /* number of ACEs in this acl node */ |
|
150 |
int z_ace_idx; /* ace iterator positioned on */ |
|
151 |
} zfs_acl_node_t; |
|
789 | 152 |
|
153 |
typedef struct zfs_acl { |
|
5331 | 154 |
int z_acl_count; /* Number of ACEs */ |
155 |
size_t z_acl_bytes; /* Number of bytes in ACL */ |
|
156 |
uint_t z_version; /* version of ACL */ |
|
157 |
void *z_next_ace; /* pointer to next ACE */ |
|
158 |
int z_hints; /* ACL hints (ZFS_INHERIT_ACE ...) */ |
|
159 |
zfs_acl_node_t *z_curr_node; /* current node iterator is handling */ |
|
160 |
list_t z_acl; /* chunks of ACE data */ |
|
161 |
acl_ops_t z_ops; /* ACL operations */ |
|
789 | 162 |
} zfs_acl_t; |
163 |
||
5331 | 164 |
#define ACL_DATA_ALLOCED 0x1 |
789 | 165 |
#define ZFS_ACL_SIZE(aclcnt) (sizeof (ace_t) * (aclcnt)) |
166 |
||
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
167 |
struct zfs_fuid_info; |
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
168 |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
169 |
typedef struct zfs_acl_ids_t { |
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
170 |
uint64_t z_fuid; /* file owner fuid */ |
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
171 |
uint64_t z_fgid; /* file group owner fuid */ |
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
172 |
uint64_t z_mode; /* mode to set on create */ |
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
173 |
zfs_acl_t *z_aclp; /* ACL to create with file */ |
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
174 |
struct zfs_fuid_info *z_fuidp; /* for tracking fuids for log */ |
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
175 |
} zfs_acl_ids_t; |
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
176 |
|
789 | 177 |
/* |
178 |
* Property values for acl_mode and acl_inherit. |
|
179 |
* |
|
180 |
* acl_mode can take discard, noallow, groupmask and passthrough. |
|
181 |
* whereas acl_inherit has secure instead of groupmask. |
|
182 |
*/ |
|
183 |
||
2676 | 184 |
#define ZFS_ACL_DISCARD 0 |
185 |
#define ZFS_ACL_NOALLOW 1 |
|
186 |
#define ZFS_ACL_GROUPMASK 2 |
|
187 |
#define ZFS_ACL_PASSTHROUGH 3 |
|
6385
5437941ec5a1
PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules
marks
parents:
6257
diff
changeset
|
188 |
#define ZFS_ACL_RESTRICTED 4 |
8053
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
6385
diff
changeset
|
189 |
#define ZFS_ACL_PASSTHROUGH_X 5 |
789 | 190 |
|
191 |
struct znode; |
|
5331 | 192 |
struct zfsvfs; |
789 | 193 |
|
194 |
#ifdef _KERNEL |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
195 |
int zfs_acl_ids_create(struct znode *, int, vattr_t *, |
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
196 |
cred_t *, vsecattr_t *, zfs_acl_ids_t *); |
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
197 |
void zfs_acl_ids_free(zfs_acl_ids_t *); |
5331 | 198 |
int zfs_getacl(struct znode *, vsecattr_t *, boolean_t, cred_t *); |
199 |
int zfs_setacl(struct znode *, vsecattr_t *, boolean_t, cred_t *); |
|
789 | 200 |
void zfs_acl_rele(void *); |
5331 | 201 |
void zfs_oldace_byteswap(ace_t *, int); |
202 |
void zfs_ace_byteswap(void *, size_t, boolean_t); |
|
203 |
extern int zfs_zaccess(struct znode *, int, int, boolean_t, cred_t *); |
|
204 |
extern int zfs_zaccess_rwx(struct znode *, mode_t, int, cred_t *); |
|
205 |
extern int zfs_zaccess_unix(struct znode *, mode_t, cred_t *); |
|
789 | 206 |
extern int zfs_acl_access(struct znode *, int, cred_t *); |
5824 | 207 |
int zfs_acl_chmod_setattr(struct znode *, zfs_acl_t **, uint64_t); |
789 | 208 |
int zfs_zaccess_delete(struct znode *, struct znode *, cred_t *); |
209 |
int zfs_zaccess_rename(struct znode *, struct znode *, |
|
210 |
struct znode *, struct znode *, cred_t *cr); |
|
211 |
void zfs_acl_free(zfs_acl_t *); |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
212 |
int zfs_vsec_2_aclp(struct zfsvfs *, vtype_t, vsecattr_t *, cred_t *, |
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
213 |
struct zfs_fuid_info **, zfs_acl_t **); |
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8053
diff
changeset
|
214 |
int zfs_aclset_common(struct znode *, zfs_acl_t *, cred_t *, dmu_tx_t *); |
789 | 215 |
|
216 |
#endif |
|
217 |
||
218 |
#ifdef __cplusplus |
|
219 |
} |
|
220 |
#endif |
|
221 |
#endif /* _SYS_FS_ZFS_ACL_H */ |