376 lines
14 KiB
C
376 lines
14 KiB
C
|
/*
|
||
|
* Copyright (c) 2000-2019 Apple Inc. All rights reserved.
|
||
|
*
|
||
|
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
|
||
|
*
|
||
|
* This file contains Original Code and/or Modifications of Original Code
|
||
|
* as defined in and that are subject to the Apple Public Source License
|
||
|
* Version 2.0 (the 'License'). You may not use this file except in
|
||
|
* compliance with the License. The rights granted to you under the License
|
||
|
* may not be used to create, or enable the creation or redistribution of,
|
||
|
* unlawful or unlicensed copies of an Apple operating system, or to
|
||
|
* circumvent, violate, or enable the circumvention or violation of, any
|
||
|
* terms of an Apple operating system software license agreement.
|
||
|
*
|
||
|
* Please obtain a copy of the License at
|
||
|
* http://www.opensource.apple.com/apsl/ and read it before using this file.
|
||
|
*
|
||
|
* The Original Code and all software distributed under the License are
|
||
|
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
|
||
|
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
|
||
|
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
|
||
|
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
|
||
|
* Please see the License for the specific language governing rights and
|
||
|
* limitations under the License.
|
||
|
*
|
||
|
* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
|
||
|
*/
|
||
|
/*
|
||
|
* Copyright (c) 1982, 1986, 1993
|
||
|
* The Regents of the University of California. All rights reserved.
|
||
|
*
|
||
|
* This code is derived from software contributed to Berkeley by
|
||
|
* Robert Elz at The University of Melbourne.
|
||
|
*
|
||
|
* Redistribution and use in source and binary forms, with or without
|
||
|
* modification, are permitted provided that the following conditions
|
||
|
* are met:
|
||
|
* 1. Redistributions of source code must retain the above copyright
|
||
|
* notice, this list of conditions and the following disclaimer.
|
||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||
|
* notice, this list of conditions and the following disclaimer in the
|
||
|
* documentation and/or other materials provided with the distribution.
|
||
|
* 3. All advertising materials mentioning features or use of this software
|
||
|
* must display the following acknowledgement:
|
||
|
* This product includes software developed by the University of
|
||
|
* California, Berkeley and its contributors.
|
||
|
* 4. Neither the name of the University nor the names of its contributors
|
||
|
* may be used to endorse or promote products derived from this software
|
||
|
* without specific prior written permission.
|
||
|
*
|
||
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||
|
* SUCH DAMAGE.
|
||
|
*
|
||
|
* @(#)quota.h
|
||
|
* derived from @(#)ufs/ufs/quota.h 8.3 (Berkeley) 8/19/94
|
||
|
*/
|
||
|
|
||
|
#ifndef _SYS_QUOTA_H
|
||
|
#define _SYS_QUOTA_H
|
||
|
|
||
|
#include <sys/appleapiopts.h>
|
||
|
#include <sys/cdefs.h>
|
||
|
#include <sys/types.h> /* u_int32_t */
|
||
|
#ifdef KERNEL_PRIVATE
|
||
|
#include <kern/locks.h>
|
||
|
#endif
|
||
|
|
||
|
#include <mach/boolean.h>
|
||
|
|
||
|
#ifdef __APPLE_API_UNSTABLE
|
||
|
/*
|
||
|
* Definitions for disk quotas imposed on the average user
|
||
|
* (big brother finally hits UNIX).
|
||
|
*
|
||
|
* The following constants define the amount of time given a user before the
|
||
|
* soft limits are treated as hard limits (usually resulting in an allocation
|
||
|
* failure). The timer is started when the user crosses their soft limit, it
|
||
|
* is reset when they go below their soft limit.
|
||
|
*/
|
||
|
#define MAX_IQ_TIME (7*24*60*60) /* seconds in 1 week */
|
||
|
#define MAX_DQ_TIME (7*24*60*60) /* seconds in 1 week */
|
||
|
|
||
|
/*
|
||
|
* The following constants define the usage of the quota file array in the
|
||
|
* file system mount structure and dquot array in the inode structure. The semantics
|
||
|
* of the elements of these arrays are defined in the routine getinoquota;
|
||
|
* the remainder of the quota code treats them generically and need not be
|
||
|
* inspected when changing the size of the array.
|
||
|
*/
|
||
|
#define MAXQUOTAS 2
|
||
|
#define USRQUOTA 0 /* element used for user quotas */
|
||
|
#define GRPQUOTA 1 /* element used for group quotas */
|
||
|
|
||
|
/*
|
||
|
* Definitions for the default names of the quotas files.
|
||
|
*/
|
||
|
#define INITQFNAMES { \
|
||
|
"user", /* USRQUOTA */ \
|
||
|
"group", /* GRPQUOTA */ \
|
||
|
"undefined", \
|
||
|
};
|
||
|
#define QUOTAFILENAME ".quota"
|
||
|
#define QUOTAOPSNAME ".quota.ops"
|
||
|
#define QUOTAGROUP "operator"
|
||
|
|
||
|
/*
|
||
|
* Command definitions for the 'quotactl' system call. The commands are
|
||
|
* broken into a main command defined below and a subcommand that is used
|
||
|
* to convey the type of quota that is being manipulated (see above).
|
||
|
*/
|
||
|
#define SUBCMDMASK 0x00ff
|
||
|
#define SUBCMDSHIFT 8
|
||
|
#define QCMD(cmd, type) (((cmd) << SUBCMDSHIFT) | ((type) & SUBCMDMASK))
|
||
|
|
||
|
#define Q_QUOTAON 0x0100 /* enable quotas */
|
||
|
#define Q_QUOTAOFF 0x0200 /* disable quotas */
|
||
|
#define Q_GETQUOTA 0x0300 /* get limits and usage */
|
||
|
#define Q_SETQUOTA 0x0400 /* set limits and usage */
|
||
|
#define Q_SETUSE 0x0500 /* set usage */
|
||
|
#define Q_SYNC 0x0600 /* sync disk copy of a filesystems quotas */
|
||
|
#define Q_QUOTASTAT 0x0700 /* get quota on/off status */
|
||
|
|
||
|
/*
|
||
|
* The following two structures define the format of the disk
|
||
|
* quota file (as it appears on disk) - the file contains a
|
||
|
* header followed by a hash table of dqblk entries. To find
|
||
|
* a particular entry, the user or group number (id) is first
|
||
|
* converted to an index into this table by means of the hash
|
||
|
* function dqhash1. If there is a collision at that index
|
||
|
* location then a second hash value is computed which using
|
||
|
* dqhash2. This second hash value is then used as an offset
|
||
|
* to the next location to probe. ID = 0 is used to indicate
|
||
|
* an empty (unused) entry. So there can never be an entry in
|
||
|
* the quota file for user 0 or group 0 (which is OK since disk
|
||
|
* quotas are never enforced for user 0).
|
||
|
*
|
||
|
* The setquota system call establishes the vnode for each quota
|
||
|
* file (a pointer is retained in the filesystem mount structure).
|
||
|
*/
|
||
|
struct dqfilehdr {
|
||
|
u_int32_t dqh_magic;
|
||
|
u_int32_t dqh_version; /* == QF_VERSION */
|
||
|
u_int32_t dqh_maxentries; /* must be a power of 2 */
|
||
|
u_int32_t dqh_entrycnt; /* count of active entries */
|
||
|
u_int32_t dqh_flags; /* reserved for now (0) */
|
||
|
u_int32_t dqh_chktime; /* time of last quota check */
|
||
|
u_int32_t dqh_btime; /* time limit for excessive disk use */
|
||
|
u_int32_t dqh_itime; /* time limit for excessive files */
|
||
|
char dqh_string[16]; /* tag string */
|
||
|
u_int32_t dqh_spare[4]; /* pad struct to power of 2 */
|
||
|
};
|
||
|
|
||
|
struct dqblk {
|
||
|
u_int64_t dqb_bhardlimit; /* absolute limit on disk bytes alloc */
|
||
|
u_int64_t dqb_bsoftlimit; /* preferred limit on disk bytes */
|
||
|
u_int64_t dqb_curbytes; /* current byte count */
|
||
|
u_int32_t dqb_ihardlimit; /* maximum # allocated inodes + 1 */
|
||
|
u_int32_t dqb_isoftlimit; /* preferred inode limit */
|
||
|
u_int32_t dqb_curinodes; /* current # allocated inodes */
|
||
|
u_int32_t dqb_btime; /* time limit for excessive disk use */
|
||
|
u_int32_t dqb_itime; /* time limit for excessive files */
|
||
|
u_int32_t dqb_id; /* identifier (0 for empty entries) */
|
||
|
u_int32_t dqb_spare[4]; /* pad struct to power of 2 */
|
||
|
};
|
||
|
|
||
|
#ifdef KERNEL_PRIVATE
|
||
|
#include <machine/types.h> /* user_time_t */
|
||
|
/* LP64 version of struct dqblk. time_t is a long and must grow when
|
||
|
* we're dealing with a 64-bit process.
|
||
|
* WARNING - keep in sync with struct dqblk
|
||
|
*/
|
||
|
|
||
|
struct user_dqblk {
|
||
|
u_int64_t dqb_bhardlimit; /* absolute limit on disk bytes alloc */
|
||
|
u_int64_t dqb_bsoftlimit; /* preferred limit on disk bytes */
|
||
|
u_int64_t dqb_curbytes; /* current byte count */
|
||
|
u_int32_t dqb_ihardlimit; /* maximum # allocated inodes + 1 */
|
||
|
u_int32_t dqb_isoftlimit; /* preferred inode limit */
|
||
|
u_int32_t dqb_curinodes; /* current # allocated inodes */
|
||
|
u_int32_t dqb_btime; /* time limit for excessive disk use */
|
||
|
u_int32_t dqb_itime; /* time limit for excessive files */
|
||
|
u_int32_t dqb_id; /* identifier (0 for empty entries) */
|
||
|
u_int32_t dqb_spare[4]; /* pad struct to power of 2 */
|
||
|
};
|
||
|
#endif /* KERNEL_PRIVATE */
|
||
|
|
||
|
#define INITQMAGICS { \
|
||
|
0xff31ff35, /* USRQUOTA */ \
|
||
|
0xff31ff27, /* GRPQUOTA */ \
|
||
|
}
|
||
|
|
||
|
#define QF_VERSION 1
|
||
|
#define QF_STRING_TAG "QUOTA HASH FILE"
|
||
|
|
||
|
#define QF_USERS_PER_GB 256
|
||
|
#define QF_MIN_USERS 2048
|
||
|
#define QF_MAX_USERS (2048*1024)
|
||
|
|
||
|
#define QF_GROUPS_PER_GB 32
|
||
|
#define QF_MIN_GROUPS 2048
|
||
|
#define QF_MAX_GROUPS (256*1024)
|
||
|
|
||
|
|
||
|
/*
|
||
|
* The primary and secondary multiplicative hash functions are
|
||
|
* derived from Knuth (vol. 3). They use a prime that is in
|
||
|
* golden ratio to the machine's word size.
|
||
|
*/
|
||
|
#define dqhash1(id, shift, mask) \
|
||
|
((((id) * 2654435761U) >> (shift)) & (mask))
|
||
|
|
||
|
#define dqhash2(id, mask) \
|
||
|
(dqhash1((id), 11, (mask)>>1) | 1)
|
||
|
|
||
|
/*
|
||
|
* Compute a disk offset into a quota file.
|
||
|
*/
|
||
|
#define dqoffset(index) \
|
||
|
(sizeof (struct dqfilehdr) + ((index) * sizeof (struct dqblk)))
|
||
|
/*
|
||
|
* Compute the hash shift value.
|
||
|
* It is the word size, in bits, minus the hash table size, in bits.
|
||
|
*/
|
||
|
static __inline int dqhashshift(u_int32_t);
|
||
|
|
||
|
static __inline int
|
||
|
dqhashshift(u_int32_t size)
|
||
|
{
|
||
|
int shift;
|
||
|
|
||
|
for (shift = 32; size > 1; size >>= 1, --shift) {
|
||
|
continue;
|
||
|
}
|
||
|
return shift;
|
||
|
}
|
||
|
|
||
|
|
||
|
#ifndef KERNEL
|
||
|
__BEGIN_DECLS
|
||
|
int quotactl(const char *, int, int, caddr_t);
|
||
|
__END_DECLS
|
||
|
#endif /* !KERNEL */
|
||
|
|
||
|
#ifdef KERNEL_PRIVATE
|
||
|
#include <sys/queue.h>
|
||
|
|
||
|
|
||
|
|
||
|
/* Quota file info
|
||
|
*/
|
||
|
struct quotafile {
|
||
|
lck_mtx_t qf_lock; /* quota file mutex */
|
||
|
struct vnode *qf_vp; /* quota file vnode */
|
||
|
kauth_cred_t qf_cred; /* quota file access cred */
|
||
|
int qf_shift; /* primary hash shift */
|
||
|
int qf_maxentries; /* size of hash table (power of 2) */
|
||
|
int qf_entrycnt; /* count of active entries */
|
||
|
u_int32_t qf_btime; /* block quota time limit */
|
||
|
u_int32_t qf_itime; /* inode quota time limit */
|
||
|
|
||
|
/* the following 2 fields are protected */
|
||
|
/* by the quota list lock */
|
||
|
char qf_qflags; /* quota specific flags */
|
||
|
int qf_refcnt; /* count of dquot refs on this file */
|
||
|
};
|
||
|
|
||
|
/*
|
||
|
* Flags describing the runtime state of quotas.
|
||
|
* (in qf_qflags)
|
||
|
*/
|
||
|
#define QTF_OPENING 0x01 /* Q_QUOTAON in progress */
|
||
|
#define QTF_CLOSING 0x02 /* Q_QUOTAOFF in progress */
|
||
|
#define QTF_WANTED 0x04 /* waiting for change of state */
|
||
|
|
||
|
|
||
|
/*
|
||
|
* The following structure records disk usage for a user or group on a
|
||
|
* filesystem. There is one allocated for each quota that exists on any
|
||
|
* filesystem for the current user or group. A cache is kept of recently
|
||
|
* used entries.
|
||
|
*/
|
||
|
struct dquot {
|
||
|
LIST_ENTRY(dquot) dq_hash; /* hash list */
|
||
|
TAILQ_ENTRY(dquot) dq_freelist; /* free list */
|
||
|
u_int16_t dq_flags; /* flags, see below */
|
||
|
u_int16_t dq_cnt_unused; /* Replaced by dq_cnt below */
|
||
|
u_int16_t dq_lflags; /* protected by the quota list lock */
|
||
|
u_int16_t dq_type; /* quota type of this dquot */
|
||
|
u_int32_t dq_id; /* identifier this applies to */
|
||
|
u_int32_t dq_index; /* index into quota file */
|
||
|
struct quotafile *dq_qfile; /* quota file that this is taken from */
|
||
|
struct dqblk dq_dqb; /* actual usage & quotas */
|
||
|
uint32_t dq_cnt; /* count of active references */
|
||
|
};
|
||
|
|
||
|
/*
|
||
|
* dq_lflags values
|
||
|
*/
|
||
|
#define DQ_LLOCK 0x01 /* this quota locked (no MODS) */
|
||
|
#define DQ_LWANT 0x02 /* wakeup on unlock */
|
||
|
|
||
|
/*
|
||
|
* dq_flags values
|
||
|
*/
|
||
|
#define DQ_MOD 0x01 /* this quota modified since read */
|
||
|
#define DQ_FAKE 0x02 /* no limits here, just usage */
|
||
|
#define DQ_BLKS 0x04 /* has been warned about blk limit */
|
||
|
#define DQ_INODS 0x08 /* has been warned about inode limit */
|
||
|
|
||
|
/*
|
||
|
* Shorthand notation.
|
||
|
*/
|
||
|
#define dq_bhardlimit dq_dqb.dqb_bhardlimit
|
||
|
#define dq_bsoftlimit dq_dqb.dqb_bsoftlimit
|
||
|
#define dq_curbytes dq_dqb.dqb_curbytes
|
||
|
#define dq_ihardlimit dq_dqb.dqb_ihardlimit
|
||
|
#define dq_isoftlimit dq_dqb.dqb_isoftlimit
|
||
|
#define dq_curinodes dq_dqb.dqb_curinodes
|
||
|
#define dq_btime dq_dqb.dqb_btime
|
||
|
#define dq_itime dq_dqb.dqb_itime
|
||
|
|
||
|
/*
|
||
|
* If the system has never checked for a quota for this file, then it is
|
||
|
* set to NODQUOT. Once a write attempt is made the inode pointer is set
|
||
|
* to reference a dquot structure.
|
||
|
*/
|
||
|
#define NODQUOT NULL
|
||
|
|
||
|
/*
|
||
|
* Flags to chkdq() and chkiq()
|
||
|
*/
|
||
|
#define FORCE 0x01 /* force usage changes independent of limits */
|
||
|
#define CHOWN 0x02 /* (advisory) change initiated by chown */
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Functions that manage the in-core dquot and the
|
||
|
* on-disk dqblk data structures.
|
||
|
*/
|
||
|
__BEGIN_DECLS
|
||
|
void dqfileinit(struct quotafile *);
|
||
|
int dqfileopen(struct quotafile *, int);
|
||
|
void dqfileclose(struct quotafile *, int);
|
||
|
void dqflush(struct vnode *);
|
||
|
int dqget(u_int32_t, struct quotafile *, int, struct dquot **);
|
||
|
void dqhashinit(void);
|
||
|
int dqisinitialized(void);
|
||
|
void dqref(struct dquot *);
|
||
|
void dqrele(struct dquot *);
|
||
|
void dqreclaim(struct dquot *);
|
||
|
int dqsync(struct dquot *);
|
||
|
void dqsync_orphans(struct quotafile *);
|
||
|
void dqlock(struct dquot *);
|
||
|
void dqunlock(struct dquot *);
|
||
|
|
||
|
int qf_get(struct quotafile *, int type);
|
||
|
void qf_put(struct quotafile *, int type);
|
||
|
|
||
|
__private_extern__ void munge_dqblk(struct dqblk *dqblkp, struct user_dqblk *user_dqblkp, boolean_t to64);
|
||
|
__END_DECLS
|
||
|
|
||
|
#endif /* KERNEL_PRIVATE */
|
||
|
|
||
|
#endif /* __APPLE_API_UNSTABLE */
|
||
|
|
||
|
#endif /* !_SYS_QUOTA_H_ */
|