1789Sahrens /* 2789Sahrens * CDDL HEADER START 3789Sahrens * 4789Sahrens * The contents of this file are subject to the terms of the 51544Seschrock * Common Development and Distribution License (the "License"). 61544Seschrock * You may not use this file except in compliance with the License. 7789Sahrens * 8789Sahrens * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9789Sahrens * or http://www.opensolaris.org/os/licensing. 10789Sahrens * See the License for the specific language governing permissions 11789Sahrens * and limitations under the License. 12789Sahrens * 13789Sahrens * When distributing Covered Code, include this CDDL HEADER in each 14789Sahrens * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15789Sahrens * If applicable, add the following below this CDDL HEADER, with the 16789Sahrens * fields enclosed by brackets "[]" replaced with your own identifying 17789Sahrens * information: Portions Copyright [yyyy] [name of copyright owner] 18789Sahrens * 19789Sahrens * CDDL HEADER END 20789Sahrens */ 21789Sahrens /* 2212164SMark.Shellenbaum@Sun.COM * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 23789Sahrens */ 24789Sahrens 25789Sahrens #ifndef _SYS_FS_ZFS_ACL_H 26789Sahrens #define _SYS_FS_ZFS_ACL_H 27789Sahrens 28789Sahrens #ifdef _KERNEL 29789Sahrens #include <sys/isa_defs.h> 30789Sahrens #include <sys/types32.h> 31789Sahrens #endif 32789Sahrens #include <sys/acl.h> 33789Sahrens #include <sys/dmu.h> 345331Samw #include <sys/zfs_fuid.h> 3511935SMark.Shellenbaum@Sun.COM #include <sys/sa.h> 36789Sahrens 37789Sahrens #ifdef __cplusplus 38789Sahrens extern "C" { 39789Sahrens #endif 40789Sahrens 41789Sahrens struct znode_phys; 42789Sahrens 43789Sahrens #define ACE_SLOT_CNT 6 445331Samw #define ZFS_ACL_VERSION_INITIAL 0ULL 455331Samw #define ZFS_ACL_VERSION_FUID 1ULL 465331Samw #define ZFS_ACL_VERSION ZFS_ACL_VERSION_FUID 47789Sahrens 485331Samw /* 495331Samw * ZFS ACLs are store in various forms. 505331Samw * Files created with ACL version ZFS_ACL_VERSION_INITIAL 515331Samw * will all be created with fixed length ACEs of type 525331Samw * zfs_oldace_t. 535331Samw * 545331Samw * Files with ACL version ZFS_ACL_VERSION_FUID will be created 555331Samw * with various sized ACEs. The abstraction entries will utilize 565331Samw * zfs_ace_hdr_t, normal user/group entries will use zfs_ace_t 575331Samw * and some specialized CIFS ACEs will use zfs_object_ace_t. 585331Samw */ 59789Sahrens 605331Samw /* 615331Samw * All ACEs have a common hdr. For 625331Samw * owner@, group@, and everyone@ this is all 635331Samw * thats needed. 645331Samw */ 655331Samw typedef struct zfs_ace_hdr { 665331Samw uint16_t z_type; 675331Samw uint16_t z_flags; 685331Samw uint32_t z_access_mask; 695331Samw } zfs_ace_hdr_t; 705331Samw 715331Samw typedef zfs_ace_hdr_t zfs_ace_abstract_t; 725331Samw 735331Samw /* 745331Samw * Standard ACE 755331Samw */ 765331Samw typedef struct zfs_ace { 775331Samw zfs_ace_hdr_t z_hdr; 785331Samw uint64_t z_fuid; 795331Samw } zfs_ace_t; 80789Sahrens 81789Sahrens /* 825331Samw * The following type only applies to ACE_ACCESS_ALLOWED|DENIED_OBJECT_ACE_TYPE 835331Samw * and will only be set/retrieved in a CIFS context. 84789Sahrens */ 855331Samw 865331Samw typedef struct zfs_object_ace { 875331Samw zfs_ace_t z_ace; 885331Samw uint8_t z_object_type[16]; /* object type */ 895331Samw uint8_t z_inherit_type[16]; /* inherited object type */ 905331Samw } zfs_object_ace_t; 915331Samw 925331Samw typedef struct zfs_oldace { 935331Samw uint32_t z_fuid; /* "who" */ 945331Samw uint32_t z_access_mask; /* access mask */ 955331Samw uint16_t z_flags; /* flags, i.e inheritance */ 965331Samw uint16_t z_type; /* type of entry allow/deny */ 975331Samw } zfs_oldace_t; 985331Samw 995331Samw typedef struct zfs_acl_phys_v0 { 1005331Samw uint64_t z_acl_extern_obj; /* ext acl pieces */ 1015331Samw uint32_t z_acl_count; /* Number of ACEs */ 1025331Samw uint16_t z_acl_version; /* acl version */ 1035331Samw uint16_t z_acl_pad; /* pad */ 1045331Samw zfs_oldace_t z_ace_data[ACE_SLOT_CNT]; /* 6 standard ACEs */ 1055331Samw } zfs_acl_phys_v0_t; 1065331Samw 1075331Samw #define ZFS_ACE_SPACE (sizeof (zfs_oldace_t) * ACE_SLOT_CNT) 1085331Samw 10911935SMark.Shellenbaum@Sun.COM /* 11011935SMark.Shellenbaum@Sun.COM * Size of ACL count is always 2 bytes. 11111935SMark.Shellenbaum@Sun.COM * Necessary to for dealing with both V0 ACL and V1 ACL layout 11211935SMark.Shellenbaum@Sun.COM */ 11311935SMark.Shellenbaum@Sun.COM #define ZFS_ACL_COUNT_SIZE (sizeof (uint16_t)) 11411935SMark.Shellenbaum@Sun.COM 1155331Samw typedef struct zfs_acl_phys { 1165331Samw uint64_t z_acl_extern_obj; /* ext acl pieces */ 1175331Samw uint32_t z_acl_size; /* Number of bytes in ACL */ 1185331Samw uint16_t z_acl_version; /* acl version */ 1195331Samw uint16_t z_acl_count; /* ace count */ 12011935SMark.Shellenbaum@Sun.COM uint8_t z_ace_data[ZFS_ACE_SPACE]; /* space for embedded ACEs */ 1215331Samw } zfs_acl_phys_t; 1225331Samw 1235331Samw typedef struct acl_ops { 1245331Samw uint32_t (*ace_mask_get) (void *acep); /* get access mask */ 1255331Samw void (*ace_mask_set) (void *acep, 1265331Samw uint32_t mask); /* set access mask */ 1275331Samw uint16_t (*ace_flags_get) (void *acep); /* get flags */ 1285331Samw void (*ace_flags_set) (void *acep, 1295331Samw uint16_t flags); /* set flags */ 1305331Samw uint16_t (*ace_type_get)(void *acep); /* get type */ 1315331Samw void (*ace_type_set)(void *acep, 1325331Samw uint16_t type); /* set type */ 1335331Samw uint64_t (*ace_who_get)(void *acep); /* get who/fuid */ 1345331Samw void (*ace_who_set)(void *acep, 1355331Samw uint64_t who); /* set who/fuid */ 1365331Samw size_t (*ace_size)(void *acep); /* how big is this ace */ 1375331Samw size_t (*ace_abstract_size)(void); /* sizeof abstract entry */ 1385331Samw int (*ace_mask_off)(void); /* off of access mask in ace */ 1395331Samw int (*ace_data)(void *acep, void **datap); 1405331Samw /* ptr to data if any */ 1415331Samw } acl_ops_t; 1425331Samw 1435331Samw /* 1445331Samw * A zfs_acl_t structure is composed of a list of zfs_acl_node_t's. 1455331Samw * Each node will have one or more ACEs associated with it. You will 1465331Samw * only have multiple nodes during a chmod operation. Normally only 1475331Samw * one node is required. 1485331Samw */ 1495331Samw typedef struct zfs_acl_node { 1505331Samw list_node_t z_next; /* Next chunk of ACEs */ 1515331Samw void *z_acldata; /* pointer into actual ACE(s) */ 1525331Samw void *z_allocdata; /* pointer to kmem allocated memory */ 1535331Samw size_t z_allocsize; /* Size of blob in bytes */ 1545331Samw size_t z_size; /* length of ACL data */ 15511935SMark.Shellenbaum@Sun.COM uint64_t z_ace_count; /* number of ACEs in this acl node */ 1565331Samw int z_ace_idx; /* ace iterator positioned on */ 1575331Samw } zfs_acl_node_t; 158789Sahrens 159789Sahrens typedef struct zfs_acl { 16011935SMark.Shellenbaum@Sun.COM uint64_t z_acl_count; /* Number of ACEs */ 1615331Samw size_t z_acl_bytes; /* Number of bytes in ACL */ 1625331Samw uint_t z_version; /* version of ACL */ 1635331Samw void *z_next_ace; /* pointer to next ACE */ 16411935SMark.Shellenbaum@Sun.COM uint64_t z_hints; /* ACL hints (ZFS_INHERIT_ACE ...) */ 1655331Samw zfs_acl_node_t *z_curr_node; /* current node iterator is handling */ 1665331Samw list_t z_acl; /* chunks of ACE data */ 1675331Samw acl_ops_t z_ops; /* ACL operations */ 168789Sahrens } zfs_acl_t; 169789Sahrens 17011935SMark.Shellenbaum@Sun.COM typedef struct acl_locator_cb { 17111935SMark.Shellenbaum@Sun.COM zfs_acl_t *cb_aclp; 17211935SMark.Shellenbaum@Sun.COM zfs_acl_node_t *cb_acl_node; 17311935SMark.Shellenbaum@Sun.COM } zfs_acl_locator_cb_t; 17411935SMark.Shellenbaum@Sun.COM 1755331Samw #define ACL_DATA_ALLOCED 0x1 176789Sahrens #define ZFS_ACL_SIZE(aclcnt) (sizeof (ace_t) * (aclcnt)) 177789Sahrens 1789179SMark.Shellenbaum@Sun.COM struct zfs_fuid_info; 1799179SMark.Shellenbaum@Sun.COM 1809396SMatthew.Ahrens@Sun.COM typedef struct zfs_acl_ids { 1819179SMark.Shellenbaum@Sun.COM uint64_t z_fuid; /* file owner fuid */ 1829179SMark.Shellenbaum@Sun.COM uint64_t z_fgid; /* file group owner fuid */ 1839179SMark.Shellenbaum@Sun.COM uint64_t z_mode; /* mode to set on create */ 1849179SMark.Shellenbaum@Sun.COM zfs_acl_t *z_aclp; /* ACL to create with file */ 1859179SMark.Shellenbaum@Sun.COM struct zfs_fuid_info *z_fuidp; /* for tracking fuids for log */ 1869179SMark.Shellenbaum@Sun.COM } zfs_acl_ids_t; 1879179SMark.Shellenbaum@Sun.COM 188789Sahrens /* 189789Sahrens * Property values for acl_mode and acl_inherit. 190789Sahrens * 191789Sahrens * acl_mode can take discard, noallow, groupmask and passthrough. 192789Sahrens * whereas acl_inherit has secure instead of groupmask. 193789Sahrens */ 194789Sahrens 1952676Seschrock #define ZFS_ACL_DISCARD 0 1962676Seschrock #define ZFS_ACL_NOALLOW 1 1972676Seschrock #define ZFS_ACL_GROUPMASK 2 1982676Seschrock #define ZFS_ACL_PASSTHROUGH 3 1996385Smarks #define ZFS_ACL_RESTRICTED 4 2008053SMark.Shellenbaum@Sun.COM #define ZFS_ACL_PASSTHROUGH_X 5 201789Sahrens 202789Sahrens struct znode; 2035331Samw struct zfsvfs; 204789Sahrens 205789Sahrens #ifdef _KERNEL 2069179SMark.Shellenbaum@Sun.COM int zfs_acl_ids_create(struct znode *, int, vattr_t *, 2079179SMark.Shellenbaum@Sun.COM cred_t *, vsecattr_t *, zfs_acl_ids_t *); 2089179SMark.Shellenbaum@Sun.COM void zfs_acl_ids_free(zfs_acl_ids_t *); 2099396SMatthew.Ahrens@Sun.COM boolean_t zfs_acl_ids_overquota(struct zfsvfs *, zfs_acl_ids_t *); 2105331Samw int zfs_getacl(struct znode *, vsecattr_t *, boolean_t, cred_t *); 2115331Samw int zfs_setacl(struct znode *, vsecattr_t *, boolean_t, cred_t *); 212789Sahrens void zfs_acl_rele(void *); 2135331Samw void zfs_oldace_byteswap(ace_t *, int); 2145331Samw void zfs_ace_byteswap(void *, size_t, boolean_t); 2159749STim.Haley@Sun.COM extern boolean_t zfs_has_access(struct znode *zp, cred_t *cr); 2165331Samw extern int zfs_zaccess(struct znode *, int, int, boolean_t, cred_t *); 2179981STim.Haley@Sun.COM int zfs_fastaccesschk_execute(struct znode *, cred_t *); 2185331Samw extern int zfs_zaccess_rwx(struct znode *, mode_t, int, cred_t *); 2195331Samw extern int zfs_zaccess_unix(struct znode *, mode_t, cred_t *); 220789Sahrens extern int zfs_acl_access(struct znode *, int, cred_t *); 221*13089SMark.Shellenbaum@Oracle.COM void zfs_acl_chmod_setattr(struct znode *, zfs_acl_t **, uint64_t); 222789Sahrens int zfs_zaccess_delete(struct znode *, struct znode *, cred_t *); 223789Sahrens int zfs_zaccess_rename(struct znode *, struct znode *, 224789Sahrens struct znode *, struct znode *, cred_t *cr); 225789Sahrens void zfs_acl_free(zfs_acl_t *); 2269179SMark.Shellenbaum@Sun.COM int zfs_vsec_2_aclp(struct zfsvfs *, vtype_t, vsecattr_t *, cred_t *, 2279179SMark.Shellenbaum@Sun.COM struct zfs_fuid_info **, zfs_acl_t **); 2289179SMark.Shellenbaum@Sun.COM int zfs_aclset_common(struct znode *, zfs_acl_t *, cred_t *, dmu_tx_t *); 22911935SMark.Shellenbaum@Sun.COM uint64_t zfs_external_acl(struct znode *); 23011935SMark.Shellenbaum@Sun.COM int zfs_znode_acl_version(struct znode *); 23111935SMark.Shellenbaum@Sun.COM int zfs_acl_size(struct znode *, int *); 23211935SMark.Shellenbaum@Sun.COM zfs_acl_t *zfs_acl_alloc(int); 23311935SMark.Shellenbaum@Sun.COM zfs_acl_node_t *zfs_acl_node_alloc(size_t); 23411935SMark.Shellenbaum@Sun.COM void zfs_acl_xform(struct znode *, zfs_acl_t *, cred_t *); 23511935SMark.Shellenbaum@Sun.COM void zfs_acl_data_locator(void **, uint32_t *, uint32_t, boolean_t, void *); 23612164SMark.Shellenbaum@Sun.COM uint64_t zfs_mode_compute(uint64_t, zfs_acl_t *, 23712164SMark.Shellenbaum@Sun.COM uint64_t *, uint64_t, uint64_t); 23812164SMark.Shellenbaum@Sun.COM int zfs_acl_chown_setattr(struct znode *); 239789Sahrens 240789Sahrens #endif 241789Sahrens 242789Sahrens #ifdef __cplusplus 243789Sahrens } 244789Sahrens #endif 245789Sahrens #endif /* _SYS_FS_ZFS_ACL_H */ 246