summaryrefslogtreecommitdiffstats
path: root/libglusterfs/src/glusterfs-acl.h
blob: 6194f320ab059d1c9dd396f4c8f9b545c4db8f93 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
/*
  Copyright (c) 2013 Red Hat, Inc. <http://www.redhat.com>
  This file is part of GlusterFS.

  This file is licensed to you under your choice of the GNU Lesser
  General Public License, version 3 or any later version (LGPLv3 or
  later), or the GNU General Public License, version 2 (GPLv2), in all
  cases as published by the Free Software Foundation.
*/

#ifndef _GLUSTERFS_ACL_H
#define _GLUSTERFS_ACL_H


/* WARNING: Much if this code is restricted to Linux usage.
 *
 * It would be much cleaner to replace the code with something that is based on
 * libacl (or its libc implementation on *BSD).
 *
 * Initial work for replacing this Linux specific implementation has been
 * started as part of the "Improve POSIX ACLs" feature. Functionality for this
 * feature has been added to the end of this file.
 */

#include <stdint.h>
#include <sys/types.h> /* For uid_t */

#include "locking.h" /* For gf_lock_t in struct posix_acl_conf */

#define ACL_PROGRAM    100227
#define ACLV3_VERSION  3

#define POSIX_ACL_MINIMAL_ACE_COUNT   3

#define POSIX_ACL_READ                (0x04)
#define POSIX_ACL_WRITE               (0x02)
#define POSIX_ACL_EXECUTE             (0x01)

#define POSIX_ACL_UNDEFINED_TAG       (0x00)
#define POSIX_ACL_USER_OBJ            (0x01)
#define POSIX_ACL_USER                (0x02)
#define POSIX_ACL_GROUP_OBJ           (0x04)
#define POSIX_ACL_GROUP               (0x08)
#define POSIX_ACL_MASK                (0x10)
#define POSIX_ACL_OTHER               (0x20)

#define POSIX_ACL_UNDEFINED_ID        (-1)

#define POSIX_ACL_XATTR_VERSION       (0x02)

#define POSIX_ACL_ACCESS_XATTR        "system.posix_acl_access"
#define POSIX_ACL_DEFAULT_XATTR       "system.posix_acl_default"

struct posix_acl_xattr_entry {
        uint16_t            tag;
        uint16_t            perm;
        uint32_t            id;
};

struct posix_acl_xattr_header {
        uint32_t                        version;
        struct posix_acl_xattr_entry    entries[];
};

typedef struct posix_acl_xattr_entry  posix_acl_xattr_entry;
typedef struct posix_acl_xattr_header posix_acl_xattr_header;

static inline size_t
posix_acl_xattr_size (unsigned int count)
{
        return (sizeof(posix_acl_xattr_header) +
                       (count * sizeof(posix_acl_xattr_entry)));
}

static inline ssize_t
posix_acl_xattr_count (size_t size)
{
        if (size < sizeof(posix_acl_xattr_header))
                return (-1);
        size -= sizeof(posix_acl_xattr_header);
        if (size % sizeof(posix_acl_xattr_entry))
                return (-1);
        return (size / sizeof(posix_acl_xattr_entry));
}

struct posix_ace {
        uint16_t     tag;
        uint16_t     perm;
        uint32_t     id;
};


struct posix_acl {
        int               refcnt;
        int               count;
        struct posix_ace  entries[];
};

struct posix_acl_ctx {
        uid_t             uid;
        gid_t             gid;
        mode_t            perm;
        glusterfs_fop_t   fop;
        struct posix_acl *acl_access;
        struct posix_acl *acl_default;
};

struct posix_acl_conf {
        gf_lock_t         acl_lock;
        uid_t             super_uid;
        struct posix_acl *minimal_acl;
};


/* Above this comment, the legacy POSIX ACL support is kept until it is not
 * used anymore. Below you will find the more portable version to support POSIX
 * ACls based on the implementation of libacl (see sys/acl.h). */

/* virtual xattrs passed over RPC, not stored on disk */
#define GF_POSIX_ACL_ACCESS       "glusterfs.posix.acl"
#define GF_POSIX_ACL_DEFAULT      "glusterfs.posix.default_acl"
#define GF_POSIX_ACL_REQUEST(key) \
        (!strncmp(key, GF_POSIX_ACL_ACCESS, SLEN (GF_POSIX_ACL_ACCESS)) || \
         !strncmp(key, GF_POSIX_ACL_DEFAULT, SLEN (GF_POSIX_ACL_DEFAULT)))

#ifdef HAVE_SYS_ACL_H /* only NetBSD does not support POSIX ACLs */

#include <sys/acl.h>

static inline const char*
gf_posix_acl_get_key (const acl_type_t type)
{
        char *acl_key = NULL;

        switch (type) {
        case ACL_TYPE_ACCESS:
                acl_key = GF_POSIX_ACL_ACCESS;
                break;
        case ACL_TYPE_DEFAULT:
                acl_key = GF_POSIX_ACL_DEFAULT;
                break;
        default:
                errno = EINVAL;
        }

        return acl_key;
}

static inline const acl_type_t
gf_posix_acl_get_type (const char *key)
{
        acl_type_t type = 0;

        if (!strncmp (key, GF_POSIX_ACL_ACCESS, SLEN (GF_POSIX_ACL_ACCESS)))
                type = ACL_TYPE_ACCESS;
        else if (!strncmp (key, GF_POSIX_ACL_DEFAULT,
                           SLEN (GF_POSIX_ACL_DEFAULT)))
                type = ACL_TYPE_DEFAULT;
        else
                errno = EINVAL;

        return type;
}

#endif /* HAVE_SYS_ACL_H */
#endif /* _GLUSTERFS_ACL_H */