source: gpfs_3.1_ker2.6.20/lpp/mmfs/src/ibm-kxi/cxiAclUser.h @ 195

Last change on this file since 195 was 16, checked in by rock, 17 years ago
File size: 22.3 KB
Line 
1/***************************************************************************
2 *
3 * Copyright (C) 2001 International Business Machines
4 * All rights reserved.
5 *
6 * This file is part of the GPFS mmfslinux kernel module.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 *  1. Redistributions of source code must retain the above copyright notice,
13 *     this list of conditions and the following disclaimer.
14 *  2. Redistributions in binary form must reproduce the above copyright
15 *     notice, this list of conditions and the following disclaimer in the
16 *     documentation and/or other materials provided with the distribution.
17 *  3. The name of the author may not be used to endorse or promote products
18 *     derived from this software without specific prior written
19 *     permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
26 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
27 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
28 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
29 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
30 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 *
32 *************************************************************************** */
33#ifndef _h_cxiAclUser
34#define _h_cxiAclUser
35/* @(#)02       1.21  src/avs/fs/mmfs/ts/kernext/ibm-kxi/cxiAclUser.h, mmfs, avs_rgpfs24, rgpfs240610b 10/10/05 15:44:03 */
36/****************************************************************************
37 *
38 * Acl User data
39 *
40 * Contains Tiger Shark Access Control List definitions.
41 * Some of the definitions in this file are exportable data items,
42 * if POSIX compliance is claimed.
43 *
44 ***************************************************************************/
45
46#include <cxiCred.h>
47
48/* An ACL entry's permission set is defined as a set of 8 bits.
49   Bits seven and eight are currently unused.
50   Bits six, five, and four are delete, insert, and control access.
51   Bits three, two, and one are read, write, and execute/search access.
52   If any of these bits are set, the corresponding access is granted.
53   Otherwise, access is denied.
54   Note: This data type is non-exportable data. */
55typedef unsigned char acl_permset_t;
56
57/* This data type is used to distinguish different types of ACLs.
58   Note: This data type is exportable data. */
59typedef unsigned char  internal_acl_type_t;
60#define ACL_TYPE_ACCESS            1
61#define ACL_TYPE_DEFAULT           2
62
63#ifdef NFS4_ACL_TEST
64// For testing NFS4 ACLS only
65#define ACL_TYPE_NFS4_ACL_TEST   250
66#define ACL_TYPE_NFS4_ACL_TEST_SIZE 14
67#endif /* NFS4_ACL_TEST */
68
69// The following are for internal use only
70#define ACL_TYPE_NFS4            251 /* an NFSv4 ACL */
71#define ACL_TYPE_ACCESS_DELETE   252
72#define ACL_TYPE_DEFAULT_DELETE  253
73#define EXTENDED_ACCESS_ONLY     254
74#define INTERNAL_FORMAT          255
75
76/* acl_permset_t bits
77 */
78#define ACL_PERM_EXECUTE  001
79#define ACL_PERM_WRITE    002
80#define ACL_PERM_READ     004
81#define ACL_PERM_CONTROL  010
82#define ACL_PERM_INSERT   020   /* Version 2 ACL permission only     */
83#define ACL_PERM_DELETE   040   /* Version 2 ACL permission only     */
84
85#define ACL_PERM_LOOKUP(credP) ACL_PERM_EXECUTE
86#define ACL_PERM_MASK     077   /* Mask includes all permissions     */
87
88#define ACL_PERM_UMODE    007   /* Mask includes only UNIX mode bits */
89
90/* VNOP extended access modes that can be checked (gpfs_v_access()).
91 */
92#define C_ACC   ACL_PERM_CONTROL
93#define I_ACC   ACL_PERM_INSERT
94#define D_ACC   ACL_PERM_DELETE
95
96/* An ACL entry's tag type is defined as a one byte value.
97   It is used to distinguish different types of ACL entries.
98   Note: This data type is exportable data. */
99typedef unsigned char  acl_tag_t;
100#define ACL_USER_OBJ        1   /* aceShort ACL entry */
101#define ACL_GROUP_OBJ       2   /* aceShort ACL entry */
102#define ACL_OTHER           3   /* aceShort ACL entry */
103#define ACL_MASK            4   /* aceShort ACL entry */
104#define ACL_USER            5   /* aceShort ACL entry */
105#define ACL_GROUP           6   /* aceShort ACL entry */
106#define ACL_FOREIGN_OTHER   7   /* Version 2 ACL entry type (use aceLong)  */
107#define ACL_ANY_OTHER       8   /* Version 2 ACL entry type (use aceShort) */
108#define ACL_FOREIGN_USER    9   /* Version 2 ACL entry type (use aceLong)  */
109#define ACL_FOREIGN_GROUP  10   /* Version 2 ACL entry type (use aceLong)  */
110#define ACL_UDEFINED_TAG  255
111
112struct acenodce
113 {
114  char        aceComments[1];  /* Short ACL entry                  */
115 };
116struct acedce
117 {
118  ext_id_t    aceRealm;        /* DCE cell specification           */
119  char        aceComments[1];  /* Version 2 ACL foreign ACL entry  */
120 };
121
122/* An ACL entry consists of a fixed part - ACL entry length, permission set,
123   entry tag type, entry qualifier (uid or gid), and followed by an optional
124   character string.
125   Note: This data type is non-exportable data. */
126typedef struct
127{
128  UInt16          aceLength;
129  acl_permset_t   acePermissions;
130  acl_tag_t       aceTagType;
131  cxiUid_t        aceQualifier;
132  union
133  {
134    struct acenodce  aceShort;
135    struct acedce aceLong;
136  };
137} acl_entry_t;
138
139#define SHORT_ACE_SIZE PTR_TO_INT32(&(((acl_entry_t *) 0)->aceShort.aceComments[0]))
140#define LONG_ACE_SIZE  PTR_TO_INT32(&(((acl_entry_t *) 0)->aceLong.aceComments[0]))
141
142struct aclv1
143{
144  acl_entry_t   aclEntry[1];
145};
146
147struct aclv2
148{
149  UInt32    aclFlags;
150
151#define ACLV2_RESERVED_MASK   0xfe000000
152#define ACLV2_ACLEXTMODE_MASK 0x01ff0000
153#define ACLV2_UNUSED_MASK     0x0000ffff
154#define ACLV2_ACLEXTMODE_GET(flags) (((flags) & ACLV2_ACLEXTMODE_MASK) >> 16)
155#define ACLV2_ACLEXTMODE_PUT(flags, mode) \
156  (flags = ((flags) & ~ACLV2_ACLEXTMODE_MASK) | ((mode) << 16))
157
158  UInt16        aclOtherAceCnt;    // number of any_other & foreign_other
159  ext_id_t      defaultRealm;      // Default ACL cell
160  acl_entry_t   aclEntry[1];       // zero or more ACL entries
161};
162
163/* NFSv4 ACL structures:
164 * Internally, GPFS stores all ACLs in its "ACL" structure which includes a
165 * variable-length area where aclVersion-specific information is stored.
166 * For NFSv4 ACLs, this variable area contains a list of acl4_entry_t structures.
167 * The following types and defines are used in the acl4_entry_t structure.
168 */
169
170/* Allowing for the NFSv4 ACE to be variable length. */
171typedef UInt16 ace4_length_t; /* Length of an individual ACE */
172
173typedef UInt16 ace4_type_t; /* The type of mask in the ACE */
174/* See gpfs.h for defintions for this field.
175   The following are not yet supported but in code under ifdef */
176#define ACE4_TYPE_AUDIT 2
177#define ACE4_TYPE_ALARM 3
178
179typedef unsigned int ace4_flag_t;
180/* See gpfs.h for defintions for this field.
181   The following ACE FLAG values are not externalized. */
182#define ACE4_FLAG_NO_PROPAGATE    0x00000004
183#define ACE4_FLAG_SUCCESSFUL      0x00000010
184#define ACE4_FLAG_FAILED          0x00000020
185#define ACE4_FLAG_EXTERNAL        0x0000004B
186
187/* The following ACE IFLAG values are not externalized. */
188#define ACE4_IFLAG_EXCLUDE_FILES  0x40000000
189#define ACE4_IFLAG_EXCLUDE_DIRS   0x20000000
190#define ACE4_IFLAG_EXTERNAL       0x80000000
191
192
193/* Variations to permit/deny/audit/alarm. */
194typedef unsigned int ace4_mask_t; 
195/* See gpfs.h for defintions for this field. */
196
197/* NFSv4 "who" strings are translated by nfsd4 to locally-defined ids.
198 * These can be a uid, a gid (if ACE4_FLAG_GROUP_ID is specified), or one
199 * of the "special identifiers" (if ACE4_IFLAG_SPECIAL_ID is specified).
200 */
201typedef cxiUid_t ace4_who_t;
202/* See gpfs.h for SPECIAL_ID defintions for this field.
203   The following ACE special who values are not supported (AIX does not
204   provide the required information in the cred. */
205#define ACE4_SPECIAL_INTERACTIVE        4
206#define ACE4_SPECIAL_NETWORK            5
207#define ACE4_SPECIAL_DIALUP             6
208#define ACE4_SPECIAL_BATCH              7
209#define ACE4_SPECIAL_ANONYMOUS          8
210#define ACE4_SPECIAL_AUTHENTICATED      9
211#define ACE4_SPECIAL_SERVICE           10
212
213/* ACEs can be chained together (for speed of processing reasons) by
214 * including the offset to the next ACE in the chain. */
215typedef Int32 ace4_link_t;
216
217
218
219#ifdef NFS4_ACL_DEBUG
220#define ACE4_IFLAG_USER_OBJ       0x10000000
221#define ACE4_IFLAG_GROUP_OBJ      0x08000000
222#define ACE4_IFLAG_OTHER          0x04000000
223#define ACE4_IFLAG_MASK           0x02000000
224#define ACE4_IFLAG_USER           0x01000000
225#define ACE4_IFLAG_GROUP          0x00800000
226#else
227#define ACE4_IFLAG_USER_OBJ       0x00000000
228#define ACE4_IFLAG_GROUP_OBJ      0x00000000
229#define ACE4_IFLAG_OTHER          0x00000000
230#define ACE4_IFLAG_MASK           0x00000000
231#define ACE4_IFLAG_USER           0x00000000
232#define ACE4_IFLAG_GROUP          0x00000000
233#endif /* NFS4_ACL_DEBUG */
234
235/* These are the supported iherit flags.  aceFlags can be OR'ed against
236 * this combination to see if any of the inherit flags are specified.
237 */
238#define ACE4_FLAG_INHERIT (ACE4_FLAG_FILE_INHERIT | ACE4_FLAG_DIR_INHERIT |\
239                           ACE4_FLAG_INHERIT_ONLY)
240
241#define ACE4_SUPPORTED_FLAGS (ACE4_FLAG_INHERIT | ACE4_FLAG_GROUP_ID |\
242                              ACE4_FLAG_SUCCESSFUL | ACE4_FLAG_FAILED)
243
244/* Other IFlags are internal-only */
245#ifdef NFS4_ACL_DEBUG
246#define ACE4_SUPPORTED_IFLAGS (ACE4_IFLAG_SPECIAL_ID | ACE4_IFLAG_EXCLUDE_FILES |\
247                               ACE4_IFLAG_EXCLUDE_DIRS | ACE4_IFLAG_USER_OBJ |\
248                               ACE4_IFLAG_GROUP_OBJ | ACE4_IFLAG_OTHER |\
249                               ACE4_IFLAG_MASK | ACE4_IFLAG_USER |\
250                               ACE4_IFLAG_GROUP)
251#else
252#define ACE4_SUPPORTED_IFLAGS (ACE4_IFLAG_SPECIAL_ID | ACE4_IFLAG_EXCLUDE_FILES |\
253                               ACE4_IFLAG_EXCLUDE_DIRS)
254#endif
255
256
257/* GPFS commonly used mask combinations */
258/* READ/WRITE of NAMED ATTRIBUTES are not covered yet */
259#define ACE4_POSIX_READ        (ACE4_MASK_READ)
260#define ACE4_POSIX_WRITE       (ACE4_MASK_WRITE | ACE4_MASK_APPEND)
261#define ACE4_POSIX_EXECUTE     (ACE4_MASK_EXECUTE)
262#define ACE4_POSIX_CONTROL     (ACE4_MASK_WRITE_ACL)
263#define ACE4_POSIX_READ_DIR    (ACE4_MASK_LIST_DIR)
264#define ACE4_POSIX_WRITE_DIR   (ACE4_MASK_ADD_FILE | ACE4_MASK_ADD_SUBDIR |\
265                                ACE4_MASK_DELETE_CHILD)
266#define ACE4_POSIX_EXECUTE_DIR (ACE4_MASK_SEARCH)
267#define ACE4_POSIX_CONTROL_DIR (ACE4_MASK_WRITE_ACL)
268#define ACE4_POSIX_OWNER       (ACE4_MASK_WRITE_ACL | ACE4_MASK_WRITE_ATTR)
269#define ACE4_POSIX_EVERYONE    (ACE4_MASK_READ_ACL | ACE4_MASK_SYNCHRONIZE)
270
271/* Some mask values are represented in posix by permissions on the parent. */
272#define ACE4_POSIX_PARENT      (ACE4_MASK_DELETE | ACE4_MASK_READ_ATTR)
273
274/* Convenience macros for testing the NFSv4 flags, masks, and special who values.
275 * Note that these macros are bilingual.  If a local-endian ACL is available, an
276 * ACEP can be provided.  Reading of an ACL directly from the disk buffer is also
277 * possible given the AclLocalEndian (ALE) object.  While most use of the ACL
278 * (such as iaccess checks) is done via the ALE, user read/write of the ACL is
279 * done via the AclLocalEndian::exportAcl method with subsequent interpretation
280 * of the ACL then done using the byteSwapped ACL.
281 */
282
283#define USE_ALE ((acl4_entry_t *)NULL)    /* Dummy ACEP */
284
285#define getV4Who(ACEP,ALE)    (ACEP)? ((ACEP)->aceWho)   : ((ALE).aceWho())
286#define getV4Type(ACEP,ALE)   (ACEP)? ((ACEP)->aceType)  : ((ALE).aceType())
287#define getV4Flags(ACEP,ALE)  (ACEP)? ((ACEP)->aceFlags) : ((ALE).aceFlags())
288#define getV4IFlags(ACEP,ALE) (ACEP)? ((ACEP)->aceIFlags): ((ALE).aceIFlags())
289#define getV4Mask(ACEP,ALE)   (ACEP)? ((ACEP)->aceMask)  : ((ALE).aceMask())
290
291#define isV4Bit(WORD, BIT)      (0 != ((WORD) & (BIT)))
292#define isV4AllBits(WORD, BITS) (BITS == ((WORD) & (BITS)))
293
294#define isV4Type(ACEP, ALE, VALUE) ((getV4Type(ACEP, ALE)) == (VALUE))
295#define isV4Who(ACEP, ALE, VALUE)  ((getV4Who(ACEP, ALE)) == (VALUE))
296
297#define isV4Allow(ACEP,ALE)        isV4Type(ACEP, ALE, ACE4_TYPE_ALLOW)
298#define isV4Deny(ACEP,ALE)         isV4Type(ACEP, ALE, ACE4_TYPE_DENY)
299#define isV4Audit(ACEP,ALE)        isV4Type(ACEP, ALE, ACE4_TYPE_AUDIT)
300#define isV4Alarm(ACEP,ALE)        isV4Type(ACEP, ALE, ACE4_TYPE_ALARM)
301
302#define isV4FileInherit(ACEP,ALE)  isV4Bit(getV4Flags(ACEP,ALE),ACE4_FLAG_FILE_INHERIT)
303#define isV4DirInherit(ACEP,ALE)   isV4Bit(getV4Flags(ACEP,ALE),ACE4_FLAG_DIR_INHERIT)
304#define isV4NoPropagate(ACEP,ALE)  isV4Bit(getV4Flags(ACEP,ALE),ACE4_FLAG_NO_PROPAGATE)
305#define isV4InheritOnly(ACEP,ALE)  isV4Bit(getV4Flags(ACEP,ALE),ACE4_FLAG_INHERIT_ONLY)
306#define isV4AuditSuccess(ACEP,ALE) isV4Bit(getV4Flags(ACEP,ALE),ACE4_FLAG_SUCCESSFUL)
307#define isV4AuditFailure(ACEP,ALE) isV4Bit(getV4Flags(ACEP,ALE),ACE4_FLAG_FAILED)
308#define isV4GroupId(ACEP,ALE)      isV4Bit(getV4Flags(ACEP,ALE),ACE4_FLAG_GROUP_ID)
309#define isV4Inherit(ACEP,ALE)      isV4Bit(getV4Flags(ACEP,ALE),ACE4_FLAG_INHERIT)
310
311#define isV4SpecialId(ACEP,ALE)    isV4Bit(getV4IFlags(ACEP,ALE),ACE4_IFLAG_SPECIAL_ID)
312#define isV4FileApplicable(ACEP, ALE) \
313        (!isV4Bit(getV4IFlags(ACEP,ALE),ACE4_IFLAG_EXCLUDE_FILES))
314#define isV4DirApplicable(ACEP, ALE)  \
315        (!isV4Bit(getV4IFlags(ACEP,ALE),ACE4_IFLAG_EXCLUDE_DIRS))
316
317/* Inherit entries may have originally been identified as FILE_INHERIT or
318 * DIR_INHERIT.  When such an ACL becomes a default, the entries become
319 * applicable to the object in addition to being inherittable.  Such entries
320 * may then need to be marked as not being applicable for files or dirs.
321 * When returning such an ACL, non-applicable entries are removed (they are
322 * here only so there can be a single, common, default ACL).
323 *
324 * The ACE is applicable if
325 * 1) The object is a directory and the entry is either directly applicable
326 *    to directories, OR it is inherittable by files.
327 * 2) The object is a file and the entry is directly applicable to files AND
328 *    it is not an InheritOnly entry.
329 */
330
331#define isV4Applicable(ACEP, ALE, ISDIR) \
332        (( ISDIR && (isV4DirApplicable(ACEP,ALE) || isV4FileInherit(ACEP,ALE))) || \
333         (!ISDIR && (isV4FileApplicable(ACEP,ALE) && !isV4InheritOnly(ACEP,ALE))))
334
335#define isV4Read(ACEP,ALE)        isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_READ)
336#define isV4List(ACEP,ALE)        isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_LIST_DIR)
337#define isV4Write(ACEP,ALE)       isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_WRITE)
338#define isV4AddFile(ACEP,ALE)     isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_ADD_FILE)
339#define isV4Append(ACEP,ALE)      isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_APPEND)
340#define isV4AddSubdir(ACEP,ALE)   isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_ADD_SUBDIR)
341#define isV4ReadNamed(ACEP,ALE)   isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_READ_NAMED)
342#define isV4WriteNamed(ACEP,ALE)  isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_WRITE_NAMED)
343#define isV4Execute(ACEP,ALE)     isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_EXECUTE)
344#define isV4Search(ACEP,ALE)      isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_SEARCH)
345#define isV4DeleteChild(ACEP,ALE) isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_DELETE_CHILD)
346#define isV4ReadAttr(ACEP,ALE)    isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_READ_ATTR)
347#define isV4WriteAttr(ACEP,ALE)   isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_WRITE_ATTR)
348#define isV4Delete(ACEP,ALE)      isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_DELETE)
349#define isV4ReadAcl(ACEP,ALE)     isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_READ_ACL)
350#define isV4WriteAcl(ACEP,ALE)    isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_WRITE_ACL)
351#define isV4WriteOwner(ACEP,ALE)  isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_WRITE_OWNER)
352#define isV4Synchronize(ACEP,ALE) isV4Bit(getV4Mask(ACEP,ALE),ACE4_MASK_SYNCHRONIZE)
353
354#define isV4Owner(ACEP,ALE)       isV4Who(ACEP,ALE,ACE4_SPECIAL_OWNER)
355#define isV4Group(ACEP,ALE)       isV4Who(ACEP,ALE,ACE4_SPECIAL_GROUP)
356#define isV4Everyone(ACEP,ALE)    isV4Who(ACEP,ALE,ACE4_SPECIAL_EVERYONE)
357#define isV4Interactive(ACEP,ALE) isV4Who(ACEP,ALE,ACE4_SPECIAL_INTERACTIVE)
358#define isV4Network(ACEP,ALE)     isV4Who(ACEP,ALE,ACE4_SPECIAL_NETWORK)
359#define isV4Dialup(ACEP,ALE)      isV4Who(ACEP,ALE,ACE4_SPECIAL_DIALUP)
360#define isV4Batch(ACEP,ALE)       isV4Who(ACEP,ALE,ACE4_SPECIAL_BATCH)
361#define isV4Anonymous(ACEP,ALE)   isV4Who(ACEP,ALE,ACE4_SPECIAL_ANONYMOUS)
362#define isV4Authentic(ACEP,ALE)   isV4Who(ACEP,ALE,ACE4_SPECIAL_AUTHENTICATED)
363#define isV4Service(ACEP,ALE)     isV4Who(ACEP,ALE,ACE4_SPECIAL_SERVICE)
364
365/* Flag values for gpfs_getacl/NFSv4_getMode */
366#define GETACL_NFSV4          0x00000001
367#define GETACL_POSIX          0x00000002
368#define GETACL_NATIVE         0x00000004
369#define GETACL_OWNER_IN_GROUP 0x00000008
370#define GETACL_DONOT_BLD_ACL  0x00000010
371
372/* The non-opaque/external ACL struct should be used in the
373 * gpfs_getacl and gpfs_putacl calls.  While these are defined
374 * in gpfs.h along with the interfaces, we are reserving the
375 * bits here as well in this list of internal-only flags just
376 * to make sure they don't get reused.
377 */
378#define GETACL_STRUCT_RESERVED 0X00000020
379#define PUTACL_STRUCT_RESERVED 0X00000020
380
381typedef struct
382{
383  ace4_length_t   aceLength;
384  ace4_type_t     aceType;   /* allow, deny, audit, alarm */
385  ace4_flag_t     aceFlags;  /* V4 flags */
386  ace4_flag_t     aceIFlags; /* Internal (GPFS flags) */
387  ace4_mask_t     aceMask;   /* extended "mode" bits */
388  ace4_who_t      aceWho;    /* uid, gid, or special identifier */
389  ace4_link_t     aceNextAA; /* Next Audit or Alarm ACE */
390} acl4_entry_t;
391
392struct aclv4
393{
394  Int32         aceCount;          // Total number of ACEs
395  ace4_link_t   aaListOffset;      // Offset to first Audit/Alarm ACE
396  acl4_entry_t  aclEntry[1];       // zero or more ACL entries
397};
398
399
400/* An ACL consists of header information (length, type, etc.).
401   followed by at least three, but may be more, ACL entries.
402   The three required entries must be ACL_USER_OBJ, ACL_GROUP_OBJ,
403   and ACL_OTHER. The first four bytes of the ACL header must always
404   be the length of the entire ACL.
405   Note: This data type is non-exportable data. */
406typedef struct
407{
408  UInt32            aclLength;          // total length (hdr + acl entries)
409  UInt16            aclVersion;         // version number
410  internal_acl_type_t aclType;          // type of ACL: default or access
411 
412  /* NT format ACLs (aclVersion == ACL_NT_VERSION) are opaque strings
413   * starting here (&aclBuf[0]).  The version-unique portions of the other
414   * ACL versions are at the end of this struct (v1 and v2 below).
415   */
416  union
417  {
418    char            aclBuf[1];          // Opaque NT ACL used by NSS
419    acl_permset_t   aclMask;            // ACL_MASK entry
420    acl_permset_t   aclGroupObj;        // ACL_GROUP_OBJ entry
421  };
422  cxiMode_t         aclMode;            // file mode (at acl create time)
423  UInt32            aclUserAceCnt;      // number of ACL_USER entries
424  UInt32            aclGroupAceCnt;     // number of ACL_GROUP entries
425  UInt32            aclFlags;
426
427#define ACL_NEW_MODE_ATTR_BIT 0x00000001 // if set, replace the current mode
428#define ACL_GROUP_CONTROL_BIT 0x00000002 // ACL_GROUP_OBJ control bit
429#define ACL_OTHER_CONTROL_BIT 0x00000004 // ACL_OTHER     control bit
430#define ACL_MASK_CONTROL_BIT  0X00000008 // ACL_MASK      control bit
431#define RESERVED_MASK         0xfffffff0 // guaranteed to be zero
432
433  union
434  {
435    struct aclv1  v1;
436    struct aclv2  v2;
437#ifdef NFS4_ACL
438    struct aclv4  v4;
439#endif /* NFS4_ACL */
440  };
441} ACL;
442
443/* The following is used as a pointer to an ACL in working storage.
444   Note: This data type is non-exportable data. */
445typedef ACL *acl_t;
446
447#define ACL_HEADER_SIZE_V1   PTR_TO_INT32(&(((acl_t) 0)->v1.aclEntry[0]))
448#define ACL_HEADER_SIZE_V2   PTR_TO_INT32(&(((acl_t) 0)->v2.aclEntry[0]))
449
450#ifdef NFS4_ACL
451/* Offset to gpfs_ace4_t structs in the NFSv4 ACL we externalize */
452#define ACL_EXT_HEADER_SIZE_V4 PTR_TO_INT32(&(((acl_t) 0)->aclBuf[0]))
453
454/* Offset to acl4_entry_t structs in our internal ACL format. */
455#define ACL_HEADER_SIZE_V4 PTR_TO_INT32(&(((acl_t) 0)->v4.aclEntry[0]))
456
457/* Next ACE in an NFSv4 ACL (internal, local-endian format only) */
458#define ACL4_ENTRY_NEXT(ACEP) (acl4_entry_t *)((caddr_t)ACEP + ACEP->aceLength)
459
460#define ACL_ENTRY_START(ACLP,VER) \
461          (acl_entry_t *)((VER == GPFS_ACL_VERSION_NFS4) ? \
462            (caddr_t)ACLP + ACL_HEADER_SIZE_V4 :  \
463                         ((VER == ACL_FIRST_VERSION) ? \
464            (caddr_t)ACLP + ACL_HEADER_SIZE_V1 :  \
465            (caddr_t)ACLP + ACL_HEADER_SIZE_V2));
466#else
467#define ACL_ENTRY_START(ACLP,VER) \
468          (acl_entry_t *)((VER == ACL_FIRST_VERSION) ? \
469            (caddr_t)ACLP + ACL_HEADER_SIZE_V1 :  \
470            (caddr_t)ACLP + ACL_HEADER_SIZE_V2);
471#endif /* NFS4_ACL */
472
473/* Upper bound on the size of a base acl (header + 4 entries for base
474   permissions and mask).  The correct value would be
475     ACL_HEADER_SIZE + 4*SHORT_ACE_SIZE
476   However, ACL_BASE_SIZE_MAX needs to be a compile-time constant, because
477   it is used to declare a char array on the stack as temporary buffer for
478   assembling a base acl.  Unfortunately, the compiler does not accept the
479   offset calculations in the ACL_HEADER_SIZE and SHORT_ACE_SIZE macros as
480   constants.  The definition below slightly over-estimates the base acl size,
481   but is sufficient for our purpose, since we only need an upper bound. */
482#define ACL_BASE_SIZE_MAX (sizeof(ACL) + 3*sizeof(acl_entry_t))
483
484/* acl format versions */
485#define ACL_FIRST_VERSION     1
486#define ACL_SECOND_VERSION    2
487
488#ifdef NFS4_ACL
489#define ACL_VERSION           4
490#else
491#define ACL_VERSION           2
492#endif /* NFS4_ACL */
493
494#ifdef NFS4_ACL
495#define GPFS_ACL_VERSION_NFS4 4
496#endif /* NFS4_ACL */
497
498#define DEFAULT_ACLMASK_V2    077       // rwxcid
499#define DEFAULT_ACLMASK_V1    017       // rwxc
500
501#define ACLMASK(_VERSION) \
502          (((_VERSION) == ACL_FIRST_VERSION) ? DEFAULT_ACLMASK_V1 :  \
503                                               DEFAULT_ACLMASK_V2);
504#define MASK_SET           0x80
505
506/* Mapping for the index tables used by the verifyTSAcl routine.
507   Note: This data type is non-exportable data. */
508typedef struct
509{
510  acl_entry_t     *aceP;
511  cxiUid_t         key;
512  ext_id_t         extKey; /* cell */
513  caddr_t          nxt;
514} aceIndxTable_t;
515
516/* Macro to test whether the ACL_MASK is explicitly set */
517#define ACLMASK_SET(_aclMask) (((_aclMask) & MASK_SET) != 0)
518
519#define REM_STAT_REMOTE_FS 1
520
521typedef struct
522{
523  UInt32 flags;
524  UInt32 sgUIDHigh;
525  UInt32 sgUIDLow;
526  UInt32 inum;
527  UInt32 mode;
528  UInt32 uid;
529  UInt32 gid;
530} rem_stat_t;
531 
532
533#endif /* _h_cxiAclUser */
534
Note: See TracBrowser for help on using the repository browser.