upstream/illumos/illumos-gate: usr/src/uts/common/fs/zfs/zfs

789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2	* CDDL HEADER START
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	3	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	4	* The contents of this file are subject to the terms of the
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	5	* Common Development and Distribution License (the "License").
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	6	* You may not use this file except in compliance with the License.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	7	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	8	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	9	* or http://www.opensolaris.org/os/licensing.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	10	* See the License for the specific language governing permissions
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	11	* and limitations under the License.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	12	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	13	* When distributing Covered Code, include this CDDL HEADER in each
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	14	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	15	* If applicable, add the following below this CDDL HEADER, with the
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	16	* fields enclosed by brackets "[]" replaced with your own identifying
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	17	* information: Portions Copyright [yyyy] [name of copyright owner]
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	18	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	19	* CDDL HEADER END
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	20	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	21	/*
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	22	* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	23	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	24
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	25	#include <sys/types.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	26	#include <sys/param.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	27	#include <sys/time.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	28	#include <sys/systm.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	29	#include <sys/sysmacros.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	30	#include <sys/resource.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	31	#include <sys/vfs.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	32	#include <sys/vnode.h>
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	33	#include <sys/sid.h>
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	34	#include <sys/file.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	35	#include <sys/stat.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	36	#include <sys/kmem.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	37	#include <sys/cmn_err.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	38	#include <sys/errno.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	39	#include <sys/unistd.h>
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	40	#include <sys/sdt.h>
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	41	#include <sys/fs/zfs.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	42	#include <sys/mode.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	43	#include <sys/policy.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	44	#include <sys/zfs_znode.h>
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	45	#include <sys/zfs_fuid.h>
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	46	#include <sys/zfs_acl.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	47	#include <sys/zfs_dir.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	48	#include <sys/zfs_vfsops.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	49	#include <sys/dmu.h>
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	50	#include <sys/dnode.h>
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	51	#include <sys/zap.h>
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	52	#include <sys/sa.h>
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	53	#include "fs/fs_subr.h"
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	54	#include <acl/acl_common.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	55
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	56	#define ALLOW ACE_ACCESS_ALLOWED_ACE_TYPE
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	57	#define DENY ACE_ACCESS_DENIED_ACE_TYPE
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	58	#define MAX_ACE_TYPE ACE_SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE
7559 a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	59	#define MIN_ACE_TYPE ALLOW
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	60
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	61	#define OWNING_GROUP (ACE_GROUP\|ACE_IDENTIFIER_GROUP)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	62	#define EVERYONE_ALLOW_MASK (ACE_READ_ACL\|ACE_READ_ATTRIBUTES \| \
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	63	ACE_READ_NAMED_ATTRS\|ACE_SYNCHRONIZE)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	64	#define EVERYONE_DENY_MASK (ACE_WRITE_ACL\|ACE_WRITE_OWNER \| \
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	65	ACE_WRITE_ATTRIBUTES\|ACE_WRITE_NAMED_ATTRS)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	66	#define OWNER_ALLOW_MASK (ACE_WRITE_ACL \| ACE_WRITE_OWNER \| \
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	67	ACE_WRITE_ATTRIBUTES\|ACE_WRITE_NAMED_ATTRS)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	68
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	69	#define ZFS_CHECKED_MASKS (ACE_READ_ACL\|ACE_READ_ATTRIBUTES\|ACE_READ_DATA\| \
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	70	ACE_READ_NAMED_ATTRS\|ACE_WRITE_DATA\|ACE_WRITE_ATTRIBUTES\| \
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	71	ACE_WRITE_NAMED_ATTRS\|ACE_APPEND_DATA\|ACE_EXECUTE\|ACE_WRITE_OWNER\| \
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	72	ACE_WRITE_ACL\|ACE_DELETE\|ACE_DELETE_CHILD\|ACE_SYNCHRONIZE)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	73
8952 c2f95230b0ff 6809529 dirtying snapshot! rears its head again Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8227 diff changeset	74	#define WRITE_MASK_DATA (ACE_WRITE_DATA\|ACE_APPEND_DATA\|ACE_WRITE_NAMED_ATTRS)
c2f95230b0ff 6809529 dirtying snapshot! rears its head again Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8227 diff changeset	75	#define WRITE_MASK_ATTRS (ACE_WRITE_ACL\|ACE_WRITE_OWNER\|ACE_WRITE_ATTRIBUTES\| \
c2f95230b0ff 6809529 dirtying snapshot! rears its head again Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8227 diff changeset	76	ACE_DELETE\|ACE_DELETE_CHILD)
c2f95230b0ff 6809529 dirtying snapshot! rears its head again Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8227 diff changeset	77	#define WRITE_MASK (WRITE_MASK_DATA\|WRITE_MASK_ATTRS)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	78
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	79	#define OGE_CLEAR (ACE_READ_DATA\|ACE_LIST_DIRECTORY\|ACE_WRITE_DATA\| \
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	80	ACE_ADD_FILE\|ACE_APPEND_DATA\|ACE_ADD_SUBDIRECTORY\|ACE_EXECUTE)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	81
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	82	#define OKAY_MASK_BITS (ACE_READ_DATA\|ACE_LIST_DIRECTORY\|ACE_WRITE_DATA\| \
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	83	ACE_ADD_FILE\|ACE_APPEND_DATA\|ACE_ADD_SUBDIRECTORY\|ACE_EXECUTE)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	84
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	85	#define ALL_INHERIT (ACE_FILE_INHERIT_ACE\|ACE_DIRECTORY_INHERIT_ACE \| \
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	86	ACE_NO_PROPAGATE_INHERIT_ACE\|ACE_INHERIT_ONLY_ACE\|ACE_INHERITED_ACE)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	87
6385 5437941ec5a1 PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules marks parents: 6257 diff changeset	88	#define RESTRICTED_CLEAR (ACE_WRITE_ACL\|ACE_WRITE_OWNER)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	89
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	90	#define V4_ACL_WIDE_FLAGS (ZFS_ACL_AUTO_INHERIT\|ZFS_ACL_DEFAULTED\|\
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	91	ZFS_ACL_PROTECTED)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	92
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	93	#define ZFS_ACL_WIDE_FLAGS (V4_ACL_WIDE_FLAGS\|ZFS_ACL_TRIVIAL\|ZFS_INHERIT_ACE\|\
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	94	ZFS_ACL_OBJ_ACE)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	95
10143 d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	96	#define ALL_MODE_EXECS (S_IXUSR \| S_IXGRP \| S_IXOTH)
d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	97
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	98	static uint16_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	99	zfs_ace_v0_get_type(void *acep)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	100	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	101	return (((zfs_oldace_t *)acep)->z_type);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	102	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	103
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	104	static uint16_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	105	zfs_ace_v0_get_flags(void *acep)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	106	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	107	return (((zfs_oldace_t *)acep)->z_flags);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	108	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	109
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	110	static uint32_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	111	zfs_ace_v0_get_mask(void *acep)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	112	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	113	return (((zfs_oldace_t *)acep)->z_access_mask);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	114	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	115
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	116	static uint64_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	117	zfs_ace_v0_get_who(void *acep)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	118	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	119	return (((zfs_oldace_t *)acep)->z_fuid);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	120	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	121
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	122	static void
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	123	zfs_ace_v0_set_type(void *acep, uint16_t type)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	124	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	125	((zfs_oldace_t *)acep)->z_type = type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	126	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	127
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	128	static void
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	129	zfs_ace_v0_set_flags(void *acep, uint16_t flags)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	130	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	131	((zfs_oldace_t *)acep)->z_flags = flags;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	132	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	133
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	134	static void
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	135	zfs_ace_v0_set_mask(void *acep, uint32_t mask)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	136	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	137	((zfs_oldace_t *)acep)->z_access_mask = mask;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	138	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	139
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	140	static void
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	141	zfs_ace_v0_set_who(void *acep, uint64_t who)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	142	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	143	((zfs_oldace_t *)acep)->z_fuid = who;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	144	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	145
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	146	/ARGSUSED/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	147	static size_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	148	zfs_ace_v0_size(void *acep)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	149	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	150	return (sizeof (zfs_oldace_t));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	151	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	152
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	153	static size_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	154	zfs_ace_v0_abstract_size(void)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	155	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	156	return (sizeof (zfs_oldace_t));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	157	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	158
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	159	static int
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	160	zfs_ace_v0_mask_off(void)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	161	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	162	return (offsetof(zfs_oldace_t, z_access_mask));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	163	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	164
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	165	/ARGSUSED/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	166	static int
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	167	zfs_ace_v0_data(void acep, void *datap)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	168	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	169	*datap = NULL;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	170	return (0);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	171	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	172
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	173	static acl_ops_t zfs_acl_v0_ops = {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	174	zfs_ace_v0_get_mask,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	175	zfs_ace_v0_set_mask,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	176	zfs_ace_v0_get_flags,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	177	zfs_ace_v0_set_flags,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	178	zfs_ace_v0_get_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	179	zfs_ace_v0_set_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	180	zfs_ace_v0_get_who,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	181	zfs_ace_v0_set_who,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	182	zfs_ace_v0_size,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	183	zfs_ace_v0_abstract_size,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	184	zfs_ace_v0_mask_off,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	185	zfs_ace_v0_data
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	186	};
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	187
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	188	static uint16_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	189	zfs_ace_fuid_get_type(void *acep)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	190	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	191	return (((zfs_ace_hdr_t *)acep)->z_type);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	192	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	193
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	194	static uint16_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	195	zfs_ace_fuid_get_flags(void *acep)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	196	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	197	return (((zfs_ace_hdr_t *)acep)->z_flags);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	198	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	199
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	200	static uint32_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	201	zfs_ace_fuid_get_mask(void *acep)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	202	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	203	return (((zfs_ace_hdr_t *)acep)->z_access_mask);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	204	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	205
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	206	static uint64_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	207	zfs_ace_fuid_get_who(void *args)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	208	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	209	uint16_t entry_type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	210	zfs_ace_t *acep = args;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	211
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	212	entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	213
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	214	if (entry_type == ACE_OWNER \|\| entry_type == OWNING_GROUP \|\|
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	215	entry_type == ACE_EVERYONE)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	216	return (-1);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	217	return (((zfs_ace_t *)acep)->z_fuid);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	218	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	219
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	220	static void
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	221	zfs_ace_fuid_set_type(void *acep, uint16_t type)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	222	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	223	((zfs_ace_hdr_t *)acep)->z_type = type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	224	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	225
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	226	static void
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	227	zfs_ace_fuid_set_flags(void *acep, uint16_t flags)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	228	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	229	((zfs_ace_hdr_t *)acep)->z_flags = flags;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	230	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	231
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	232	static void
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	233	zfs_ace_fuid_set_mask(void *acep, uint32_t mask)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	234	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	235	((zfs_ace_hdr_t *)acep)->z_access_mask = mask;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	236	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	237
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	238	static void
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	239	zfs_ace_fuid_set_who(void *arg, uint64_t who)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	240	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	241	zfs_ace_t *acep = arg;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	242
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	243	uint16_t entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	244
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	245	if (entry_type == ACE_OWNER \|\| entry_type == OWNING_GROUP \|\|
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	246	entry_type == ACE_EVERYONE)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	247	return;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	248	acep->z_fuid = who;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	249	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	250
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	251	static size_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	252	zfs_ace_fuid_size(void *acep)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	253	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	254	zfs_ace_hdr_t *zacep = acep;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	255	uint16_t entry_type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	256
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	257	switch (zacep->z_type) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	258	case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	259	case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	260	case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	261	case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	262	return (sizeof (zfs_object_ace_t));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	263	case ALLOW:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	264	case DENY:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	265	entry_type =
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	266	(((zfs_ace_hdr_t *)acep)->z_flags & ACE_TYPE_FLAGS);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	267	if (entry_type == ACE_OWNER \|\|
7328 6bdcaa4505ac 6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7294 diff changeset	268	entry_type == OWNING_GROUP \|\|
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	269	entry_type == ACE_EVERYONE)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	270	return (sizeof (zfs_ace_hdr_t));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	271	/FALLTHROUGH/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	272	default:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	273	return (sizeof (zfs_ace_t));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	274	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	275	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	276
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	277	static size_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	278	zfs_ace_fuid_abstract_size(void)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	279	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	280	return (sizeof (zfs_ace_hdr_t));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	281	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	282
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	283	static int
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	284	zfs_ace_fuid_mask_off(void)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	285	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	286	return (offsetof(zfs_ace_hdr_t, z_access_mask));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	287	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	288
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	289	static int
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	290	zfs_ace_fuid_data(void acep, void *datap)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	291	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	292	zfs_ace_t *zacep = acep;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	293	zfs_object_ace_t *zobjp;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	294
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	295	switch (zacep->z_hdr.z_type) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	296	case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	297	case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	298	case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	299	case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	300	zobjp = acep;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	301	*datap = (caddr_t)zobjp + sizeof (zfs_ace_t);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	302	return (sizeof (zfs_object_ace_t) - sizeof (zfs_ace_t));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	303	default:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	304	*datap = NULL;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	305	return (0);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	306	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	307	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	308
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	309	static acl_ops_t zfs_acl_fuid_ops = {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	310	zfs_ace_fuid_get_mask,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	311	zfs_ace_fuid_set_mask,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	312	zfs_ace_fuid_get_flags,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	313	zfs_ace_fuid_set_flags,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	314	zfs_ace_fuid_get_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	315	zfs_ace_fuid_set_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	316	zfs_ace_fuid_get_who,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	317	zfs_ace_fuid_set_who,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	318	zfs_ace_fuid_size,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	319	zfs_ace_fuid_abstract_size,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	320	zfs_ace_fuid_mask_off,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	321	zfs_ace_fuid_data
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	322	};
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	323
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	324	/*
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	325	* The following three functions are provided for compatibility with
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	326	* older ZPL version in order to determine if the file use to have
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	327	* an external ACL and what version of ACL previously existed on the
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	328	* file. Would really be nice to not need this, sigh.
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	329	*/
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	330	uint64_t
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	331	zfs_external_acl(znode_t *zp)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	332	{
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	333	zfs_acl_phys_t acl_phys;
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	334	int error;
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	335
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	336	if (zp->z_is_sa)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	337	return (0);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	338
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	339	/*
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	340	* Need to deal with a potential
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	341	* race where zfs_sa_upgrade could cause
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	342	* z_isa_sa to change.
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	343	*
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	344	* If the lookup fails then the state of z_is_sa should have
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	345	* changed.
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	346	*/
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	347
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	348	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs),
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	349	&acl_phys, sizeof (acl_phys))) == 0)
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	350	return (acl_phys.z_acl_extern_obj);
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	351	else {
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	352	/*
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	353	* after upgrade the SA_ZPL_ZNODE_ACL should have been
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	354	* removed
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	355	*/
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	356	VERIFY(zp->z_is_sa && error == ENOENT);
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	357	return (0);
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	358	}
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	359	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	360
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	361	/*
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	362	* Determine size of ACL in bytes
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	363	*
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	364	* This is more complicated than it should be since we have to deal
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	365	* with old external ACLs.
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	366	*/
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	367	static int
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	368	zfs_acl_znode_info(znode_t zp, int aclsize, int *aclcount,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	369	zfs_acl_phys_t *aclphys)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	370	{
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	371	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	372	uint64_t acl_count;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	373	int size;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	374	int error;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	375
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	376	ASSERT(MUTEX_HELD(&zp->z_acl_lock));
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	377	if (zp->z_is_sa) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	378	if ((error = sa_size(zp->z_sa_hdl, SA_ZPL_DACL_ACES(zfsvfs),
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	379	&size)) != 0)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	380	return (error);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	381	*aclsize = size;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	382	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_DACL_COUNT(zfsvfs),
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	383	&acl_count, sizeof (acl_count))) != 0)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	384	return (error);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	385	*aclcount = acl_count;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	386	} else {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	387	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zfsvfs),
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	388	aclphys, sizeof (*aclphys))) != 0)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	389	return (error);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	390
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	391	if (aclphys->z_acl_version == ZFS_ACL_VERSION_INITIAL) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	392	*aclsize = ZFS_ACL_SIZE(aclphys->z_acl_size);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	393	*aclcount = aclphys->z_acl_size;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	394	} else {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	395	*aclsize = aclphys->z_acl_size;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	396	*aclcount = aclphys->z_acl_count;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	397	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	398	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	399	return (0);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	400	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	401
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	402	int
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	403	zfs_znode_acl_version(znode_t *zp)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	404	{
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	405	zfs_acl_phys_t acl_phys;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	406
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	407	if (zp->z_is_sa)
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	408	return (ZFS_ACL_VERSION_FUID);
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	409	else {
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	410	int error;
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	411
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	412	/*
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	413	* Need to deal with a potential
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	414	* race where zfs_sa_upgrade could cause
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	415	* z_isa_sa to change.
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	416	*
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	417	* If the lookup fails then the state of z_is_sa should have
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	418	* changed.
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	419	*/
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	420	if ((error = sa_lookup(zp->z_sa_hdl,
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	421	SA_ZPL_ZNODE_ACL(zp->z_zfsvfs),
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	422	&acl_phys, sizeof (acl_phys))) == 0)
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	423	return (acl_phys.z_acl_version);
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	424	else {
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	425	/*
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	426	* After upgrade SA_ZPL_ZNODE_ACL should have
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	427	* been removed.
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	428	*/
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	429	VERIFY(zp->z_is_sa && error == ENOENT);
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	430	return (ZFS_ACL_VERSION_FUID);
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	431	}
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	432	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	433	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	434
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	435	static int
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	436	zfs_acl_version(int version)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	437	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	438	if (version < ZPL_VERSION_FUID)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	439	return (ZFS_ACL_VERSION_INITIAL);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	440	else
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	441	return (ZFS_ACL_VERSION_FUID);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	442	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	443
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	444	static int
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	445	zfs_acl_version_zp(znode_t *zp)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	446	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	447	return (zfs_acl_version(zp->z_zfsvfs->z_version));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	448	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	449
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	450	zfs_acl_t *
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	451	zfs_acl_alloc(int vers)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	452	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	453	zfs_acl_t *aclp;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	454
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	455	aclp = kmem_zalloc(sizeof (zfs_acl_t), KM_SLEEP);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	456	list_create(&aclp->z_acl, sizeof (zfs_acl_node_t),
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	457	offsetof(zfs_acl_node_t, z_next));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	458	aclp->z_version = vers;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	459	if (vers == ZFS_ACL_VERSION_FUID)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	460	aclp->z_ops = zfs_acl_fuid_ops;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	461	else
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	462	aclp->z_ops = zfs_acl_v0_ops;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	463	return (aclp);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	464	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	465
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	466	zfs_acl_node_t *
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	467	zfs_acl_node_alloc(size_t bytes)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	468	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	469	zfs_acl_node_t *aclnode;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	470
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	471	aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	472	if (bytes) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	473	aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	474	aclnode->z_allocdata = aclnode->z_acldata;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	475	aclnode->z_allocsize = bytes;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	476	aclnode->z_size = bytes;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	477	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	478
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	479	return (aclnode);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	480	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	481
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	482	static void
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	483	zfs_acl_node_free(zfs_acl_node_t *aclnode)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	484	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	485	if (aclnode->z_allocsize)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	486	kmem_free(aclnode->z_allocdata, aclnode->z_allocsize);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	487	kmem_free(aclnode, sizeof (zfs_acl_node_t));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	488	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	489
5489 25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	490	static void
25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	491	zfs_acl_release_nodes(zfs_acl_t *aclp)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	492	{
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	493	zfs_acl_node_t *aclnode;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	494
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	495	while (aclnode = list_head(&aclp->z_acl)) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	496	list_remove(&aclp->z_acl, aclnode);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	497	zfs_acl_node_free(aclnode);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	498	}
5489 25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	499	aclp->z_acl_count = 0;
25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	500	aclp->z_acl_bytes = 0;
25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	501	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	502
5489 25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	503	void
25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	504	zfs_acl_free(zfs_acl_t *aclp)
25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	505	{
25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	506	zfs_acl_release_nodes(aclp);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	507	list_destroy(&aclp->z_acl);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	508	kmem_free(aclp, sizeof (zfs_acl_t));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	509	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	510
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	511	static boolean_t
7559 a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	512	zfs_acl_valid_ace_type(uint_t type, uint_t flags)
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	513	{
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	514	uint16_t entry_type;
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	515
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	516	switch (type) {
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	517	case ALLOW:
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	518	case DENY:
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	519	case ACE_SYSTEM_AUDIT_ACE_TYPE:
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	520	case ACE_SYSTEM_ALARM_ACE_TYPE:
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	521	entry_type = flags & ACE_TYPE_FLAGS;
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	522	return (entry_type == ACE_OWNER \|\|
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	523	entry_type == OWNING_GROUP \|\|
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	524	entry_type == ACE_EVERYONE \|\| entry_type == 0 \|\|
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	525	entry_type == ACE_IDENTIFIER_GROUP);
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	526	default:
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	527	if (type >= MIN_ACE_TYPE && type <= MAX_ACE_TYPE)
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	528	return (B_TRUE);
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	529	}
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	530	return (B_FALSE);
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	531	}
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	532
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	533	static boolean_t
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	534	zfs_ace_valid(vtype_t obj_type, zfs_acl_t *aclp, uint16_t type, uint16_t iflags)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	535	{
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	536	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	537	* first check type of entry
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	538	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	539
7559 a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	540	if (!zfs_acl_valid_ace_type(type, iflags))
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	541	return (B_FALSE);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	542
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	543	switch (type) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	544	case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	545	case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	546	case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	547	case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	548	if (aclp->z_version < ZFS_ACL_VERSION_FUID)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	549	return (B_FALSE);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	550	aclp->z_hints \|= ZFS_ACL_OBJ_ACE;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	551	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	552
7559 a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	553	/*
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	554	* next check inheritance level flags
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	555	*/
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	556
7057 d3fa1d6dbef7 PSARC/2008/342 Further SID support marks parents: 6385 diff changeset	557	if (obj_type == VDIR &&
d3fa1d6dbef7 PSARC/2008/342 Further SID support marks parents: 6385 diff changeset	558	(iflags & (ACE_FILE_INHERIT_ACE\|ACE_DIRECTORY_INHERIT_ACE)))
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	559	aclp->z_hints \|= ZFS_INHERIT_ACE;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	560
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	561	if (iflags & (ACE_INHERIT_ONLY_ACE\|ACE_NO_PROPAGATE_INHERIT_ACE)) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	562	if ((iflags & (ACE_FILE_INHERIT_ACE\|
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	563	ACE_DIRECTORY_INHERIT_ACE)) == 0) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	564	return (B_FALSE);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	565	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	566	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	567
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	568	return (B_TRUE);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	569	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	570
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	571	static void *
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	572	zfs_acl_next_ace(zfs_acl_t aclp, void start, uint64_t *who,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	573	uint32_t access_mask, uint16_t iflags, uint16_t *type)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	574	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	575	zfs_acl_node_t *aclnode;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	576
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	577	ASSERT(aclp);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	578
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	579	if (start == NULL) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	580	aclnode = list_head(&aclp->z_acl);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	581	if (aclnode == NULL)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	582	return (NULL);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	583
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	584	aclp->z_next_ace = aclnode->z_acldata;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	585	aclp->z_curr_node = aclnode;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	586	aclnode->z_ace_idx = 0;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	587	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	588
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	589	aclnode = aclp->z_curr_node;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	590
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	591	if (aclnode == NULL)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	592	return (NULL);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	593
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	594	if (aclnode->z_ace_idx >= aclnode->z_ace_count) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	595	aclnode = list_next(&aclp->z_acl, aclnode);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	596	if (aclnode == NULL)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	597	return (NULL);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	598	else {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	599	aclp->z_curr_node = aclnode;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	600	aclnode->z_ace_idx = 0;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	601	aclp->z_next_ace = aclnode->z_acldata;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	602	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	603	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	604
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	605	if (aclnode->z_ace_idx < aclnode->z_ace_count) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	606	void *acep = aclp->z_next_ace;
7559 a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	607	size_t ace_size;
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	608
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	609	/*
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	610	* Make sure we don't overstep our bounds
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	611	*/
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	612	ace_size = aclp->z_ops.ace_size(acep);
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	613
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	614	if (((caddr_t)acep + ace_size) >
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	615	((caddr_t)aclnode->z_acldata + aclnode->z_size)) {
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	616	return (NULL);
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	617	}
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	618
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	619	*iflags = aclp->z_ops.ace_flags_get(acep);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	620	*type = aclp->z_ops.ace_type_get(acep);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	621	*access_mask = aclp->z_ops.ace_mask_get(acep);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	622	*who = aclp->z_ops.ace_who_get(acep);
7559 a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	623	aclp->z_next_ace = (caddr_t)aclp->z_next_ace + ace_size;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	624	aclnode->z_ace_idx++;
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	625
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	626	return ((void *)acep);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	627	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	628	return (NULL);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	629	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	630
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	631	/ARGSUSED/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	632	static uint64_t
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	633	zfs_ace_walk(void *datap, uint64_t cookie, int aclcnt,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	634	uint16_t flags, uint16_t type, uint32_t *mask)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	635	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	636	zfs_acl_t *aclp = datap;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	637	zfs_ace_hdr_t acep = (zfs_ace_hdr_t )(uintptr_t)cookie;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	638	uint64_t who;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	639
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	640	acep = zfs_acl_next_ace(aclp, acep, &who, mask,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	641	flags, type);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	642	return ((uint64_t)(uintptr_t)acep);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	643	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	644
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	645	static zfs_acl_node_t *
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	646	zfs_acl_curr_node(zfs_acl_t *aclp)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	647	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	648	ASSERT(aclp->z_curr_node);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	649	return (aclp->z_curr_node);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	650	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	651
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	652	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	653	* Copy ACE to internal ZFS format.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	654	* While processing the ACL each ACE will be validated for correctness.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	655	* ACE FUIDs will be created later.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	656	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	657	int
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	658	zfs_copy_ace_2_fuid(zfsvfs_t zfsvfs, vtype_t obj_type, zfs_acl_t aclp,
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	659	void datap, zfs_ace_t z_acl, uint64_t aclcnt, size_t *size,
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	660	zfs_fuid_info_t *fuidp, cred_t cr)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	661	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	662	int i;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	663	uint16_t entry_type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	664	zfs_ace_t *aceptr = z_acl;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	665	ace_t *acep = datap;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	666	zfs_object_ace_t *zobjacep;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	667	ace_object_t *aceobjp;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	668
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	669	for (i = 0; i != aclcnt; i++) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	670	aceptr->z_hdr.z_access_mask = acep->a_access_mask;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	671	aceptr->z_hdr.z_flags = acep->a_flags;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	672	aceptr->z_hdr.z_type = acep->a_type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	673	entry_type = aceptr->z_hdr.z_flags & ACE_TYPE_FLAGS;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	674	if (entry_type != ACE_OWNER && entry_type != OWNING_GROUP &&
5824 1d2d522d19b5 6603908 can't change mode if FS/dir is out of quota marks parents: 5771 diff changeset	675	entry_type != ACE_EVERYONE) {
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	676	aceptr->z_fuid = zfs_fuid_create(zfsvfs, acep->a_who,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	677	cr, (entry_type == 0) ?
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	678	ZFS_ACE_USER : ZFS_ACE_GROUP, fuidp);
5824 1d2d522d19b5 6603908 can't change mode if FS/dir is out of quota marks parents: 5771 diff changeset	679	}
1d2d522d19b5 6603908 can't change mode if FS/dir is out of quota marks parents: 5771 diff changeset	680
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	681	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	682	* Make sure ACE is valid
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	683	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	684	if (zfs_ace_valid(obj_type, aclp, aceptr->z_hdr.z_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	685	aceptr->z_hdr.z_flags) != B_TRUE)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	686	return (EINVAL);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	687
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	688	switch (acep->a_type) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	689	case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	690	case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	691	case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	692	case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	693	zobjacep = (zfs_object_ace_t *)aceptr;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	694	aceobjp = (ace_object_t *)acep;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	695
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	696	bcopy(aceobjp->a_obj_type, zobjacep->z_object_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	697	sizeof (aceobjp->a_obj_type));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	698	bcopy(aceobjp->a_inherit_obj_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	699	zobjacep->z_inherit_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	700	sizeof (aceobjp->a_inherit_obj_type));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	701	acep = (ace_t *)((caddr_t)acep + sizeof (ace_object_t));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	702	break;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	703	default:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	704	acep = (ace_t *)((caddr_t)acep + sizeof (ace_t));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	705	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	706
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	707	aceptr = (zfs_ace_t *)((caddr_t)aceptr +
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	708	aclp->z_ops.ace_size(aceptr));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	709	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	710
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	711	*size = (caddr_t)aceptr - (caddr_t)z_acl;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	712
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	713	return (0);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	714	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	715
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	716	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	717	* Copy ZFS ACEs to fixed size ace_t layout
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	718	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	719	static void
5771 7ba3a2c57d6a 6552639 Each zone should have it's own idmapd jp151216 parents: 5762 diff changeset	720	zfs_copy_fuid_2_ace(zfsvfs_t zfsvfs, zfs_acl_t aclp, cred_t *cr,
7ba3a2c57d6a 6552639 Each zone should have it's own idmapd jp151216 parents: 5762 diff changeset	721	void *datap, int filter)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	722	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	723	uint64_t who;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	724	uint32_t access_mask;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	725	uint16_t iflags, type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	726	zfs_ace_hdr_t *zacep = NULL;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	727	ace_t *acep = datap;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	728	ace_object_t *objacep;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	729	zfs_object_ace_t *zobjacep;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	730	size_t ace_size;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	731	uint16_t entry_type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	732
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	733	while (zacep = zfs_acl_next_ace(aclp, zacep,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	734	&who, &access_mask, &iflags, &type)) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	735
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	736	switch (type) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	737	case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	738	case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	739	case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	740	case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	741	if (filter) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	742	continue;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	743	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	744	zobjacep = (zfs_object_ace_t *)zacep;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	745	objacep = (ace_object_t *)acep;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	746	bcopy(zobjacep->z_object_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	747	objacep->a_obj_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	748	sizeof (zobjacep->z_object_type));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	749	bcopy(zobjacep->z_inherit_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	750	objacep->a_inherit_obj_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	751	sizeof (zobjacep->z_inherit_type));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	752	ace_size = sizeof (ace_object_t);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	753	break;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	754	default:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	755	ace_size = sizeof (ace_t);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	756	break;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	757	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	758
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	759	entry_type = (iflags & ACE_TYPE_FLAGS);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	760	if ((entry_type != ACE_OWNER &&
7328 6bdcaa4505ac 6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7294 diff changeset	761	entry_type != OWNING_GROUP &&
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	762	entry_type != ACE_EVERYONE)) {
1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	763	acep->a_who = zfs_fuid_map_id(zfsvfs, who,
1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	764	cr, (entry_type & ACE_IDENTIFIER_GROUP) ?
1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	765	ZFS_ACE_GROUP : ZFS_ACE_USER);
1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	766	} else {
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	767	acep->a_who = (uid_t)(int64_t)who;
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	768	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	769	acep->a_access_mask = access_mask;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	770	acep->a_flags = iflags;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	771	acep->a_type = type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	772	acep = (ace_t *)((caddr_t)acep + ace_size);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	773	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	774	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	775
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	776	static int
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	777	zfs_copy_ace_2_oldace(vtype_t obj_type, zfs_acl_t aclp, ace_t acep,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	778	zfs_oldace_t z_acl, int aclcnt, size_t size)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	779	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	780	int i;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	781	zfs_oldace_t *aceptr = z_acl;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	782
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	783	for (i = 0; i != aclcnt; i++, aceptr++) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	784	aceptr->z_access_mask = acep[i].a_access_mask;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	785	aceptr->z_type = acep[i].a_type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	786	aceptr->z_flags = acep[i].a_flags;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	787	aceptr->z_fuid = acep[i].a_who;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	788	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	789	* Make sure ACE is valid
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	790	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	791	if (zfs_ace_valid(obj_type, aclp, aceptr->z_type,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	792	aceptr->z_flags) != B_TRUE)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	793	return (EINVAL);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	794	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	795	*size = (caddr_t)aceptr - (caddr_t)z_acl;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	796	return (0);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	797	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	798
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	799	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	800	* convert old ACL format to new
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	801	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	802	void
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	803	zfs_acl_xform(znode_t zp, zfs_acl_t aclp, cred_t *cr)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	804	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	805	zfs_oldace_t *oldaclp;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	806	int i;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	807	uint16_t type, iflags;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	808	uint32_t access_mask;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	809	uint64_t who;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	810	void *cookie = NULL;
5489 25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	811	zfs_acl_node_t *newaclnode;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	812
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	813	ASSERT(aclp->z_version == ZFS_ACL_VERSION_INITIAL);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	814	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	815	* First create the ACE in a contiguous piece of memory
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	816	* for zfs_copy_ace_2_fuid().
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	817	*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	818	* We only convert an ACL once, so this won't happen
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	819	* everytime.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	820	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	821	oldaclp = kmem_alloc(sizeof (zfs_oldace_t) * aclp->z_acl_count,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	822	KM_SLEEP);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	823	i = 0;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	824	while (cookie = zfs_acl_next_ace(aclp, cookie, &who,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	825	&access_mask, &iflags, &type)) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	826	oldaclp[i].z_flags = iflags;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	827	oldaclp[i].z_type = type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	828	oldaclp[i].z_fuid = who;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	829	oldaclp[i++].z_access_mask = access_mask;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	830	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	831
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	832	newaclnode = zfs_acl_node_alloc(aclp->z_acl_count *
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	833	sizeof (zfs_object_ace_t));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	834	aclp->z_ops = zfs_acl_fuid_ops;
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	835	VERIFY(zfs_copy_ace_2_fuid(zp->z_zfsvfs, ZTOV(zp)->v_type, aclp,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	836	oldaclp, newaclnode->z_acldata, aclp->z_acl_count,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	837	&newaclnode->z_size, NULL, cr) == 0);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	838	newaclnode->z_ace_count = aclp->z_acl_count;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	839	aclp->z_version = ZFS_ACL_VERSION;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	840	kmem_free(oldaclp, aclp->z_acl_count * sizeof (zfs_oldace_t));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	841
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	842	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	843	* Release all previous ACL nodes
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	844	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	845
5489 25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	846	zfs_acl_release_nodes(aclp);
25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	847
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	848	list_insert_head(&aclp->z_acl, newaclnode);
5489 25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	849
25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	850	aclp->z_acl_bytes = newaclnode->z_size;
25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	851	aclp->z_acl_count = newaclnode->z_ace_count;
25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	852
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	853	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	854
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	855	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	856	* Convert unix access mask to v4 access mask
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	857	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	858	static uint32_t
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	859	zfs_unix_to_v4(uint32_t access_mask)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	860	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	861	uint32_t new_mask = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	862
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	863	if (access_mask & S_IXOTH)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	864	new_mask \|= ACE_EXECUTE;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	865	if (access_mask & S_IWOTH)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	866	new_mask \|= ACE_WRITE_DATA;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	867	if (access_mask & S_IROTH)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	868	new_mask \|= ACE_READ_DATA;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	869	return (new_mask);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	870	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	871
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	872	static void
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	873	zfs_set_ace(zfs_acl_t aclp, void acep, uint32_t access_mask,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	874	uint16_t access_type, uint64_t fuid, uint16_t entry_type)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	875	{
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	876	uint16_t type = entry_type & ACE_TYPE_FLAGS;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	877
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	878	aclp->z_ops.ace_mask_set(acep, access_mask);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	879	aclp->z_ops.ace_type_set(acep, access_type);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	880	aclp->z_ops.ace_flags_set(acep, entry_type);
7328 6bdcaa4505ac 6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7294 diff changeset	881	if ((type != ACE_OWNER && type != OWNING_GROUP &&
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	882	type != ACE_EVERYONE))
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	883	aclp->z_ops.ace_who_set(acep, fuid);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	884	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	885
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	886	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	887	* Determine mode of file based on ACL.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	888	* Also, create FUIDs for any User/Group ACEs
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	889	*/
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	890	uint64_t
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	891	zfs_mode_compute(uint64_t fmode, zfs_acl_t *aclp,
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	892	uint64_t *pflags, uint64_t fuid, uint64_t fgid)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	893	{
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	894	int entry_type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	895	mode_t mode;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	896	mode_t seen = 0;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	897	zfs_ace_hdr_t *acep = NULL;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	898	uint64_t who;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	899	uint16_t iflags, type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	900	uint32_t access_mask;
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	901	boolean_t an_exec_denied = B_FALSE;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	902
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	903	mode = (fmode & (S_IFMT \| S_ISUID \| S_ISGID \| S_ISVTX));
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	904
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	905	while (acep = zfs_acl_next_ace(aclp, acep, &who,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	906	&access_mask, &iflags, &type)) {
4869 f123f22fc641 6590376 Fails to chmod on a zfs volume with windows ACL marks parents: 4321 diff changeset	907
7559 a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	908	if (!zfs_acl_valid_ace_type(type, iflags))
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	909	continue;
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	910
7328 6bdcaa4505ac 6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7294 diff changeset	911	entry_type = (iflags & ACE_TYPE_FLAGS);
6bdcaa4505ac 6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7294 diff changeset	912
4869 f123f22fc641 6590376 Fails to chmod on a zfs volume with windows ACL marks parents: 4321 diff changeset	913	/*
7328 6bdcaa4505ac 6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7294 diff changeset	914	* Skip over owner@, group@ or everyone@ inherit only ACEs
4869 f123f22fc641 6590376 Fails to chmod on a zfs volume with windows ACL marks parents: 4321 diff changeset	915	*/
7328 6bdcaa4505ac 6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7294 diff changeset	916	if ((iflags & ACE_INHERIT_ONLY_ACE) &&
6bdcaa4505ac 6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7294 diff changeset	917	(entry_type == ACE_OWNER \|\| entry_type == ACE_EVERYONE \|\|
6bdcaa4505ac 6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7294 diff changeset	918	entry_type == OWNING_GROUP))
4869 f123f22fc641 6590376 Fails to chmod on a zfs volume with windows ACL marks parents: 4321 diff changeset	919	continue;
f123f22fc641 6590376 Fails to chmod on a zfs volume with windows ACL marks parents: 4321 diff changeset	920
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	921	if (entry_type == ACE_OWNER \|\| (entry_type == 0 &&
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	922	who == fuid)) {
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	923	if ((access_mask & ACE_READ_DATA) &&
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	924	(!(seen & S_IRUSR))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	925	seen \|= S_IRUSR;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	926	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	927	mode \|= S_IRUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	928	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	929	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	930	if ((access_mask & ACE_WRITE_DATA) &&
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	931	(!(seen & S_IWUSR))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	932	seen \|= S_IWUSR;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	933	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	934	mode \|= S_IWUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	935	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	936	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	937	if ((access_mask & ACE_EXECUTE) &&
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	938	(!(seen & S_IXUSR))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	939	seen \|= S_IXUSR;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	940	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	941	mode \|= S_IXUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	942	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	943	}
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	944	} else if (entry_type == OWNING_GROUP \|\|
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	945	(entry_type == ACE_IDENTIFIER_GROUP && who == fgid)) {
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	946	if ((access_mask & ACE_READ_DATA) &&
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	947	(!(seen & S_IRGRP))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	948	seen \|= S_IRGRP;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	949	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	950	mode \|= S_IRGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	951	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	952	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	953	if ((access_mask & ACE_WRITE_DATA) &&
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	954	(!(seen & S_IWGRP))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	955	seen \|= S_IWGRP;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	956	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	957	mode \|= S_IWGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	958	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	959	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	960	if ((access_mask & ACE_EXECUTE) &&
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	961	(!(seen & S_IXGRP))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	962	seen \|= S_IXGRP;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	963	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	964	mode \|= S_IXGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	965	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	966	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	967	} else if (entry_type == ACE_EVERYONE) {
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	968	if ((access_mask & ACE_READ_DATA)) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	969	if (!(seen & S_IRUSR)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	970	seen \|= S_IRUSR;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	971	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	972	mode \|= S_IRUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	973	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	974	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	975	if (!(seen & S_IRGRP)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	976	seen \|= S_IRGRP;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	977	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	978	mode \|= S_IRGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	979	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	980	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	981	if (!(seen & S_IROTH)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	982	seen \|= S_IROTH;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	983	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	984	mode \|= S_IROTH;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	985	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	986	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	987	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	988	if ((access_mask & ACE_WRITE_DATA)) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	989	if (!(seen & S_IWUSR)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	990	seen \|= S_IWUSR;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	991	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	992	mode \|= S_IWUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	993	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	994	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	995	if (!(seen & S_IWGRP)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	996	seen \|= S_IWGRP;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	997	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	998	mode \|= S_IWGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	999	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1000	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1001	if (!(seen & S_IWOTH)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1002	seen \|= S_IWOTH;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1003	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1004	mode \|= S_IWOTH;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1005	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1006	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1007	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1008	if ((access_mask & ACE_EXECUTE)) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1009	if (!(seen & S_IXUSR)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1010	seen \|= S_IXUSR;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1011	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1012	mode \|= S_IXUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1013	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1014	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1015	if (!(seen & S_IXGRP)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1016	seen \|= S_IXGRP;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1017	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1018	mode \|= S_IXGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1019	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1020	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1021	if (!(seen & S_IXOTH)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1022	seen \|= S_IXOTH;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1023	if (type == ALLOW) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1024	mode \|= S_IXOTH;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1025	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1026	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1027	}
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1028	} else {
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1029	/*
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1030	* Only care if this IDENTIFIER_GROUP or
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1031	* USER ACE denies execute access to someone,
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1032	* mode is not affected
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1033	*/
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1034	if ((access_mask & ACE_EXECUTE) && type == DENY)
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1035	an_exec_denied = B_TRUE;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1036	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1037	}
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1038
10143 d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1039	/*
d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1040	* Failure to allow is effectively a deny, so execute permission
d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1041	* is denied if it was never mentioned or if we explicitly
d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1042	* weren't allowed it.
d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1043	*/
d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1044	if (!an_exec_denied &&
d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1045	((seen & ALL_MODE_EXECS) != ALL_MODE_EXECS \|\|
d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1046	(mode & ALL_MODE_EXECS) != ALL_MODE_EXECS))
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1047	an_exec_denied = B_TRUE;
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1048
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1049	if (an_exec_denied)
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1050	*pflags &= ~ZFS_NO_EXECS_DENIED;
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1051	else
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1052	*pflags \|= ZFS_NO_EXECS_DENIED;
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1053
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1054	return (mode);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1055	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1056
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1057	/*
10143 d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1058	* Read an external acl object. If the intent is to modify, always
d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1059	* create a new acl and leave any cached acl in place.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1060	*/
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1061	static int
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1062	zfs_acl_node_read(znode_t zp, boolean_t have_lock, zfs_acl_t *aclpp,
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1063	boolean_t will_modify)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1064	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1065	zfs_acl_t *aclp;
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1066	int aclsize;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1067	int acl_count;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1068	zfs_acl_node_t *aclnode;
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1069	zfs_acl_phys_t znode_acl;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1070	int version;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1071	int error;
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1072	boolean_t drop_lock = B_FALSE;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1073
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1074	ASSERT(MUTEX_HELD(&zp->z_acl_lock));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1075
10143 d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1076	if (zp->z_acl_cached && !will_modify) {
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1077	*aclpp = zp->z_acl_cached;
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1078	return (0);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1079	}
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1080
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1081	/*
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1082	* close race where znode could be upgrade while trying to
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1083	* read the znode attributes.
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1084	*
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1085	* But this could only happen if the file isn't already an SA
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1086	* znode
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1087	*/
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1088	if (!zp->z_is_sa && !have_lock) {
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1089	mutex_enter(&zp->z_lock);
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1090	drop_lock = B_TRUE;
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1091	}
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1092	version = zfs_znode_acl_version(zp);
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1093
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1094	if ((error = zfs_acl_znode_info(zp, &aclsize,
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1095	&acl_count, &znode_acl)) != 0) {
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1096	goto done;
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1097	}
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1098
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1099	aclp = zfs_acl_alloc(version);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1100
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1101	aclp->z_acl_count = acl_count;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1102	aclp->z_acl_bytes = aclsize;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1103
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1104	aclnode = zfs_acl_node_alloc(aclsize);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1105	aclnode->z_ace_count = aclp->z_acl_count;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1106	aclnode->z_size = aclsize;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1107
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1108	if (!zp->z_is_sa) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1109	if (znode_acl.z_acl_extern_obj) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1110	error = dmu_read(zp->z_zfsvfs->z_os,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1111	znode_acl.z_acl_extern_obj, 0, aclnode->z_size,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1112	aclnode->z_acldata, DMU_READ_PREFETCH);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1113	} else {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1114	bcopy(znode_acl.z_ace_data, aclnode->z_acldata,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1115	aclnode->z_size);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1116	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1117	} else {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1118	error = sa_lookup(zp->z_sa_hdl, SA_ZPL_DACL_ACES(zp->z_zfsvfs),
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1119	aclnode->z_acldata, aclnode->z_size);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1120	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1121
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1122	if (error != 0) {
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1123	zfs_acl_free(aclp);
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1124	zfs_acl_node_free(aclnode);
7294 c9c31ef4c960 PSARC 2008/486 Intent log replay failure handling perrin parents: 7163 diff changeset	1125	/* convert checksum errors into IO errors */
c9c31ef4c960 PSARC 2008/486 Intent log replay failure handling perrin parents: 7163 diff changeset	1126	if (error == ECKSUM)
c9c31ef4c960 PSARC 2008/486 Intent log replay failure handling perrin parents: 7163 diff changeset	1127	error = EIO;
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1128	goto done;
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1129	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1130
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1131	list_insert_head(&aclp->z_acl, aclnode);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1132
10143 d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1133	*aclpp = aclp;
d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1134	if (!will_modify)
d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1135	zp->z_acl_cached = aclp;
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1136	done:
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1137	if (drop_lock)
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1138	mutex_exit(&zp->z_lock);
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1139	return (error);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1140	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1141
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1142	/ARGSUSED/
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1143	void
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1144	zfs_acl_data_locator(void *dataptr, uint32_t length, uint32_t buflen,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1145	boolean_t start, void *userdata)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1146	{
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1147	zfs_acl_locator_cb_t cb = (zfs_acl_locator_cb_t )userdata;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1148
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1149	if (start) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1150	cb->cb_acl_node = list_head(&cb->cb_aclp->z_acl);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1151	} else {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1152	cb->cb_acl_node = list_next(&cb->cb_aclp->z_acl,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1153	cb->cb_acl_node);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1154	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1155	*dataptr = cb->cb_acl_node->z_acldata;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1156	*length = cb->cb_acl_node->z_size;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1157	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1158
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1159	int
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1160	zfs_acl_chown_setattr(znode_t *zp)
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1161	{
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1162	int error;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1163	zfs_acl_t *aclp;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1164
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1165	ASSERT(MUTEX_HELD(&zp->z_lock));
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1166	ASSERT(MUTEX_HELD(&zp->z_acl_lock));
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1167
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1168	if ((error = zfs_acl_node_read(zp, B_TRUE, &aclp, B_FALSE)) == 0)
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1169	zp->z_mode = zfs_mode_compute(zp->z_mode, aclp,
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	1170	&zp->z_pflags, zp->z_uid, zp->z_gid);
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1171	return (error);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1172	}
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1173
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1174	/*
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1175	* common code for setting ACLs.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1176	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1177	* This function is called from zfs_mode_update, zfs_perm_init, and zfs_setacl.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1178	* zfs_setacl passes a non-NULL inherit pointer (ihp) to indicate that it's
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1179	* already checked the acl and knows whether to inherit.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1180	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1181	int
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1182	zfs_aclset_common(znode_t zp, zfs_acl_t aclp, cred_t cr, dmu_tx_t tx)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1183	{
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1184	int error;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1185	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1186	dmu_object_type_t otype;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1187	zfs_acl_locator_cb_t locate = { 0 };
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1188	uint64_t mode;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1189	sa_bulk_attr_t bulk[5];
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1190	uint64_t ctime[2];
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1191	int count = 0;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1192
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1193	mode = zp->z_mode;
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1194
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	1195	mode = zfs_mode_compute(mode, aclp, &zp->z_pflags,
79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	1196	zp->z_uid, zp->z_gid);
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1197
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1198	zp->z_mode = mode;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1199	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs), NULL,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1200	&mode, sizeof (mode));
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1201	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1202	&zp->z_pflags, sizeof (zp->z_pflags));
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1203	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1204	&ctime, sizeof (ctime));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1205
10143 d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	1206	if (zp->z_acl_cached) {
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1207	zfs_acl_free(zp->z_acl_cached);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1208	zp->z_acl_cached = NULL;
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1209	}
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	1210
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1211	/*
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1212	* Upgrade needed?
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1213	*/
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1214	if (!zfsvfs->z_use_fuids) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1215	otype = DMU_OT_OLDACL;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1216	} else {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1217	if ((aclp->z_version == ZFS_ACL_VERSION_INITIAL) &&
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1218	(zfsvfs->z_version >= ZPL_VERSION_FUID))
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1219	zfs_acl_xform(zp, aclp, cr);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1220	ASSERT(aclp->z_version >= ZFS_ACL_VERSION_FUID);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1221	otype = DMU_OT_ACL;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1222	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1223
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1224	/*
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1225	* Arrgh, we have to handle old on disk format
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1226	* as well as newer (preferred) SA format.
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1227	*/
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1228
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1229	if (zp->z_is_sa) { /* the easy case, just update the ACL attribute */
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1230	locate.cb_aclp = aclp;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1231	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_DACL_ACES(zfsvfs),
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1232	zfs_acl_data_locator, &locate, aclp->z_acl_bytes);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1233	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_DACL_COUNT(zfsvfs),
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1234	NULL, &aclp->z_acl_count, sizeof (uint64_t));
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1235	} else { /* Painful legacy way */
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1236	zfs_acl_node_t *aclnode;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1237	uint64_t off = 0;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1238	zfs_acl_phys_t acl_phys;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1239	uint64_t aoid;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1240
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1241	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zfsvfs),
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1242	&acl_phys, sizeof (acl_phys))) != 0)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1243	return (error);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1244
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1245	aoid = acl_phys.z_acl_extern_obj;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1246
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1247	if (aclp->z_acl_bytes > ZFS_ACE_SPACE) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1248	/*
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1249	* If ACL was previously external and we are now
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1250	* converting to new ACL format then release old
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1251	* ACL object and create a new one.
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1252	*/
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1253	if (aoid &&
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1254	aclp->z_version != acl_phys.z_acl_version) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1255	error = dmu_object_free(zfsvfs->z_os, aoid, tx);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1256	if (error)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1257	return (error);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1258	aoid = 0;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1259	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1260	if (aoid == 0) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1261	aoid = dmu_object_alloc(zfsvfs->z_os,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1262	otype, aclp->z_acl_bytes,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1263	otype == DMU_OT_ACL ?
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1264	DMU_OT_SYSACL : DMU_OT_NONE,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1265	otype == DMU_OT_ACL ?
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1266	DN_MAX_BONUSLEN : 0, tx);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1267	} else {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1268	(void) dmu_object_set_blocksize(zfsvfs->z_os,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1269	aoid, aclp->z_acl_bytes, 0, tx);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1270	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1271	acl_phys.z_acl_extern_obj = aoid;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1272	for (aclnode = list_head(&aclp->z_acl); aclnode;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1273	aclnode = list_next(&aclp->z_acl, aclnode)) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1274	if (aclnode->z_ace_count == 0)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1275	continue;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1276	dmu_write(zfsvfs->z_os, aoid, off,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1277	aclnode->z_size, aclnode->z_acldata, tx);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1278	off += aclnode->z_size;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1279	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1280	} else {
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1281	void *start = acl_phys.z_ace_data;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1282	/*
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1283	* Migrating back embedded?
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1284	*/
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1285	if (acl_phys.z_acl_extern_obj) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1286	error = dmu_object_free(zfsvfs->z_os,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1287	acl_phys.z_acl_extern_obj, tx);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1288	if (error)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1289	return (error);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1290	acl_phys.z_acl_extern_obj = 0;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1291	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1292
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1293	for (aclnode = list_head(&aclp->z_acl); aclnode;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1294	aclnode = list_next(&aclp->z_acl, aclnode)) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1295	if (aclnode->z_ace_count == 0)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1296	continue;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1297	bcopy(aclnode->z_acldata, start,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1298	aclnode->z_size);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1299	start = (caddr_t)start + aclnode->z_size;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1300	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1301	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1302	/*
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1303	* If Old version then swap count/bytes to match old
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1304	* layout of znode_acl_phys_t.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1305	*/
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1306	if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1307	acl_phys.z_acl_size = aclp->z_acl_count;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1308	acl_phys.z_acl_count = aclp->z_acl_bytes;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1309	} else {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1310	acl_phys.z_acl_size = aclp->z_acl_bytes;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1311	acl_phys.z_acl_count = aclp->z_acl_count;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1312	}
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1313	acl_phys.z_acl_version = aclp->z_version;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1314
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1315	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_ZNODE_ACL(zfsvfs), NULL,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1316	&acl_phys, sizeof (acl_phys));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1317	}
905 920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	1318
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1319	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1320	* Replace ACL wide bits, but first clear them.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1321	*/
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1322	zp->z_pflags &= ~ZFS_ACL_WIDE_FLAGS;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1323
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1324	zp->z_pflags \|= aclp->z_hints;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1325
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1326	if (ace_trivial_common(aclp, 0, zfs_ace_walk) == 0)
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1327	zp->z_pflags \|= ZFS_ACL_TRIVIAL;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1328
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1329	zfs_tstamp_update_setup(zp, STATE_CHANGED, NULL, ctime, B_TRUE);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1330	return (sa_bulk_update(zp->z_sa_hdl, bulk, count, tx));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1331	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1332
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1333	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1334	* Update access mask for prepended ACE
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1335	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1336	* This applies the "groupmask" value for aclmode property.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1337	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1338	static void
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1339	zfs_acl_prepend_fixup(zfs_acl_t aclp, void acep, void *origacep,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1340	mode_t mode, uint64_t owner)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1341	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1342	int rmask, wmask, xmask;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1343	int user_ace;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1344	uint16_t aceflags;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1345	uint32_t origmask, acepmask;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1346	uint64_t fuid;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1347
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1348	aceflags = aclp->z_ops.ace_flags_get(acep);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1349	fuid = aclp->z_ops.ace_who_get(acep);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1350	origmask = aclp->z_ops.ace_mask_get(origacep);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1351	acepmask = aclp->z_ops.ace_mask_get(acep);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1352
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1353	user_ace = (!(aceflags &
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1354	(ACE_OWNER\|ACE_GROUP\|ACE_IDENTIFIER_GROUP)));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1355
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1356	if (user_ace && (fuid == owner)) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1357	rmask = S_IRUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1358	wmask = S_IWUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1359	xmask = S_IXUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1360	} else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1361	rmask = S_IRGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1362	wmask = S_IWGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1363	xmask = S_IXGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1364	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1365
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1366	if (origmask & ACE_READ_DATA) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1367	if (mode & rmask) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1368	acepmask &= ~ACE_READ_DATA;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1369	} else {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1370	acepmask \|= ACE_READ_DATA;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1371	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1372	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1373
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1374	if (origmask & ACE_WRITE_DATA) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1375	if (mode & wmask) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1376	acepmask &= ~ACE_WRITE_DATA;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1377	} else {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1378	acepmask \|= ACE_WRITE_DATA;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1379	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1380	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1381
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1382	if (origmask & ACE_APPEND_DATA) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1383	if (mode & wmask) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1384	acepmask &= ~ACE_APPEND_DATA;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1385	} else {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1386	acepmask \|= ACE_APPEND_DATA;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1387	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1388	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1389
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1390	if (origmask & ACE_EXECUTE) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1391	if (mode & xmask) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1392	acepmask &= ~ACE_EXECUTE;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1393	} else {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1394	acepmask \|= ACE_EXECUTE;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1395	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1396	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1397	aclp->z_ops.ace_mask_set(acep, acepmask);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1398	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1399
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1400	static void
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1401	zfs_acl_chmod(zfsvfs_t zfsvfs, uint64_t mode, zfs_acl_t aclp)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1402	{
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1403	void *acep = NULL;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1404	uint64_t who;
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1405	int new_count, new_bytes;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1406	int ace_size;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1407	int entry_type;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1408	uint16_t iflags, type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1409	uint32_t access_mask;
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1410	zfs_acl_node_t *newnode;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1411	size_t abstract_size = aclp->z_ops.ace_abstract_size();
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1412	void *zacep;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1413	uint32_t owner, group, everyone;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1414	uint32_t deny1, deny2, allow0;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1415
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1416	new_count = new_bytes = 0;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1417
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1418	acl_trivial_access_masks((mode_t)mode, &allow0, &deny1, &deny2,
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1419	&owner, &group, &everyone);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1420
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1421	newnode = zfs_acl_node_alloc((abstract_size * 6) + aclp->z_acl_bytes);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1422
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1423	zacep = newnode->z_acldata;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1424	if (allow0) {
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1425	zfs_set_ace(aclp, zacep, allow0, ALLOW, -1, ACE_OWNER);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1426	zacep = (void *)((uintptr_t)zacep + abstract_size);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1427	new_count++;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1428	new_bytes += abstract_size;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1429	} if (deny1) {
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1430	zfs_set_ace(aclp, zacep, deny1, DENY, -1, ACE_OWNER);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1431	zacep = (void *)((uintptr_t)zacep + abstract_size);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1432	new_count++;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1433	new_bytes += abstract_size;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1434	}
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1435	if (deny2) {
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1436	zfs_set_ace(aclp, zacep, deny2, DENY, -1, OWNING_GROUP);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1437	zacep = (void *)((uintptr_t)zacep + abstract_size);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1438	new_count++;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1439	new_bytes += abstract_size;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1440	}
5489 25bfaf065197 6601830 mismatch between zfs_mount() behavior and comment marks parents: 5435 diff changeset	1441
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1442	while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1443	&iflags, &type)) {
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1444	uint16_t inherit_flags;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1445
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1446	entry_type = (iflags & ACE_TYPE_FLAGS);
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1447	inherit_flags = (iflags & ALL_INHERIT);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1448
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1449	if ((entry_type == ACE_OWNER \|\| entry_type == ACE_EVERYONE \|\|
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1450	(entry_type == OWNING_GROUP)) &&
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1451	((inherit_flags & ACE_INHERIT_ONLY_ACE) == 0)) {
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1452	continue;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1453	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1454
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1455	if ((type != ALLOW && type != DENY) \|\|
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1456	(inherit_flags & ACE_INHERIT_ONLY_ACE)) {
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1457	if (inherit_flags)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1458	aclp->z_hints \|= ZFS_INHERIT_ACE;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1459	switch (type) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1460	case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1461	case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1462	case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1463	case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1464	aclp->z_hints \|= ZFS_ACL_OBJ_ACE;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1465	break;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1466	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1467	} else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1468
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1469	/*
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1470	* Limit permissions to be no greater than
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1471	* group permissions
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1472	*/
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1473	if (zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED) {
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1474	if (!(mode & S_IRGRP))
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1475	access_mask &= ~ACE_READ_DATA;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1476	if (!(mode & S_IWGRP))
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1477	access_mask &=
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1478	~(ACE_WRITE_DATA\|ACE_APPEND_DATA);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1479	if (!(mode & S_IXGRP))
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1480	access_mask &= ~ACE_EXECUTE;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1481	access_mask &=
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1482	~(ACE_WRITE_OWNER\|ACE_WRITE_ACL\|
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1483	ACE_WRITE_ATTRIBUTES\|ACE_WRITE_NAMED_ATTRS);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1484	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1485	}
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1486	zfs_set_ace(aclp, zacep, access_mask, type, who, iflags);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1487	ace_size = aclp->z_ops.ace_size(acep);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1488	zacep = (void *)((uintptr_t)zacep + ace_size);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1489	new_count++;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1490	new_bytes += ace_size;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1491	}
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1492	zfs_set_ace(aclp, zacep, owner, 0, -1, ACE_OWNER);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1493	zacep = (void *)((uintptr_t)zacep + abstract_size);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1494	zfs_set_ace(aclp, zacep, group, 0, -1, OWNING_GROUP);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1495	zacep = (void *)((uintptr_t)zacep + abstract_size);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1496	zfs_set_ace(aclp, zacep, everyone, 0, -1, ACE_EVERYONE);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1497
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1498	new_count += 3;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1499	new_bytes += abstract_size * 3;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1500	zfs_acl_release_nodes(aclp);
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1501	aclp->z_acl_count = new_count;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1502	aclp->z_acl_bytes = new_bytes;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1503	newnode->z_ace_count = new_count;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1504	newnode->z_size = new_bytes;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1505	list_insert_tail(&aclp->z_acl, newnode);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1506	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1507
13101 08bbd228b732 6975482 assertion failed: error == 0 (0x2 == 0x0), file: ../../common/fs/zfs/zfs_vnops.c, line: 1630 Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13081 diff changeset	1508	void
5824 1d2d522d19b5 6603908 can't change mode if FS/dir is out of quota marks parents: 5771 diff changeset	1509	zfs_acl_chmod_setattr(znode_t zp, zfs_acl_t *aclp, uint64_t mode)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1510	{
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1511	mutex_enter(&zp->z_acl_lock);
5824 1d2d522d19b5 6603908 can't change mode if FS/dir is out of quota marks parents: 5771 diff changeset	1512	mutex_enter(&zp->z_lock);
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1513	*aclp = zfs_acl_alloc(zfs_acl_version_zp(zp));
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1514	(*aclp)->z_hints = zp->z_pflags & V4_ACL_WIDE_FLAGS;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1515	zfs_acl_chmod(zp->z_zfsvfs, mode, *aclp);
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1516	mutex_exit(&zp->z_lock);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1517	mutex_exit(&zp->z_acl_lock);
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1518	ASSERT(*aclp);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1519	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1520
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1521	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1522	* strip off write_owner and write_acl
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1523	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1524	static void
6385 5437941ec5a1 PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules marks parents: 6257 diff changeset	1525	zfs_restricted_update(zfsvfs_t zfsvfs, zfs_acl_t aclp, void *acep)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1526	{
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1527	uint32_t mask = aclp->z_ops.ace_mask_get(acep);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1528
6385 5437941ec5a1 PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules marks parents: 6257 diff changeset	1529	if ((zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED) &&
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1530	(aclp->z_ops.ace_type_get(acep) == ALLOW)) {
6385 5437941ec5a1 PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules marks parents: 6257 diff changeset	1531	mask &= ~RESTRICTED_CLEAR;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1532	aclp->z_ops.ace_mask_set(acep, mask);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1533	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1534	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1535
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1536	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1537	* Should ACE be inherited?
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1538	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1539	static int
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1540	zfs_ace_can_use(vtype_t vtype, uint16_t acep_flags)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1541	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1542	int iflags = (acep_flags & 0xf);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1543
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1544	if ((vtype == VDIR) && (iflags & ACE_DIRECTORY_INHERIT_ACE))
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1545	return (1);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1546	else if (iflags & ACE_FILE_INHERIT_ACE)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1547	return (!((vtype == VDIR) &&
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1548	(iflags & ACE_NO_PROPAGATE_INHERIT_ACE)));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1549	return (0);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1550	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1551
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1552	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1553	* inherit inheritable ACEs from parent
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1554	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1555	static zfs_acl_t *
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1556	zfs_acl_inherit(zfsvfs_t zfsvfs, vtype_t vtype, zfs_acl_t paclp,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1557	uint64_t mode, boolean_t *need_chmod)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1558	{
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1559	void *pacep;
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1560	void *acep;
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1561	zfs_acl_node_t *aclnode;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1562	zfs_acl_t *aclp = NULL;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1563	uint64_t who;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1564	uint32_t access_mask;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1565	uint16_t iflags, newflags, type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1566	size_t ace_size;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1567	void data1, data2;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1568	size_t data1sz, data2sz;
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1569	boolean_t vdir = vtype == VDIR;
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1570	boolean_t vreg = vtype == VREG;
8053 271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1571	boolean_t passthrough, passthrough_x, noallow;
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1572
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1573	passthrough_x =
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1574	zfsvfs->z_acl_inherit == ZFS_ACL_PASSTHROUGH_X;
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1575	passthrough = passthrough_x \|\|
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1576	zfsvfs->z_acl_inherit == ZFS_ACL_PASSTHROUGH;
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1577	noallow =
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1578	zfsvfs->z_acl_inherit == ZFS_ACL_NOALLOW;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1579
6385 5437941ec5a1 PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules marks parents: 6257 diff changeset	1580	*need_chmod = B_TRUE;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1581	pacep = NULL;
7559 a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	1582	aclp = zfs_acl_alloc(paclp->z_version);
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1583	if (zfsvfs->z_acl_inherit == ZFS_ACL_DISCARD \|\| vtype == VLNK)
8053 271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1584	return (aclp);
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1585	while (pacep = zfs_acl_next_ace(paclp, pacep, &who,
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1586	&access_mask, &iflags, &type)) {
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1587
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1588	/*
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1589	* don't inherit bogus ACEs
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1590	*/
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1591	if (!zfs_acl_valid_ace_type(type, iflags))
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1592	continue;
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1593
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1594	if (noallow && type == ALLOW)
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1595	continue;
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1596
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1597	ace_size = aclp->z_ops.ace_size(pacep);
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1598
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1599	if (!zfs_ace_can_use(vtype, iflags))
8053 271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1600	continue;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1601
8053 271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1602	/*
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1603	* If owner@, group@, or everyone@ inheritable
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1604	* then zfs_acl_chmod() isn't needed.
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1605	*/
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1606	if (passthrough &&
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1607	((iflags & (ACE_OWNER\|ACE_EVERYONE)) \|\|
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1608	((iflags & OWNING_GROUP) ==
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1609	OWNING_GROUP)) && (vreg \|\| (vdir && (iflags &
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1610	ACE_DIRECTORY_INHERIT_ACE)))) {
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1611	*need_chmod = B_FALSE;
11969 cdd98a239cd1 PSARC/2010/009 Modified ZFS passthrough-x ACL inheritance Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11935 diff changeset	1612	}
cdd98a239cd1 PSARC/2010/009 Modified ZFS passthrough-x ACL inheritance Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11935 diff changeset	1613
cdd98a239cd1 PSARC/2010/009 Modified ZFS passthrough-x ACL inheritance Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11935 diff changeset	1614	if (!vdir && passthrough_x &&
cdd98a239cd1 PSARC/2010/009 Modified ZFS passthrough-x ACL inheritance Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11935 diff changeset	1615	((mode & (S_IXUSR \| S_IXGRP \| S_IXOTH)) == 0)) {
cdd98a239cd1 PSARC/2010/009 Modified ZFS passthrough-x ACL inheritance Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11935 diff changeset	1616	access_mask &= ~ACE_EXECUTE;
8053 271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1617	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1618
8053 271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1619	aclnode = zfs_acl_node_alloc(ace_size);
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1620	list_insert_tail(&aclp->z_acl, aclnode);
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1621	acep = aclnode->z_acldata;
6385 5437941ec5a1 PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules marks parents: 6257 diff changeset	1622
8053 271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1623	zfs_set_ace(aclp, acep, access_mask, type,
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1624	who, iflags\|ACE_INHERITED_ACE);
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1625
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1626	/*
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1627	* Copy special opaque data if any
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1628	*/
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1629	if ((data1sz = paclp->z_ops.ace_data(pacep, &data1)) != 0) {
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1630	VERIFY((data2sz = aclp->z_ops.ace_data(acep,
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1631	&data2)) == data1sz);
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1632	bcopy(data1, data2, data2sz);
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1633	}
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1634
8053 271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1635	aclp->z_acl_count++;
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1636	aclnode->z_ace_count++;
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1637	aclp->z_acl_bytes += aclnode->z_size;
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1638	newflags = aclp->z_ops.ace_flags_get(acep);
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1639
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1640	if (vdir)
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1641	aclp->z_hints \|= ZFS_INHERIT_ACE;
6385 5437941ec5a1 PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules marks parents: 6257 diff changeset	1642
8053 271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1643	if ((iflags & ACE_NO_PROPAGATE_INHERIT_ACE) \|\| !vdir) {
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1644	newflags &= ~ALL_INHERIT;
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1645	aclp->z_ops.ace_flags_set(acep,
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1646	newflags\|ACE_INHERITED_ACE);
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1647	zfs_restricted_update(zfsvfs, aclp, acep);
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1648	continue;
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1649	}
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1650
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1651	ASSERT(vdir);
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1652
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1653	/*
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1654	* If only FILE_INHERIT is set then turn on
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1655	* inherit_only
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1656	*/
8053 271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1657	if ((iflags & (ACE_FILE_INHERIT_ACE \|
12322 2d0b03fa06b5 6947609 not inheriting inherit_only directories correctly Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 12273 diff changeset	1658	ACE_DIRECTORY_INHERIT_ACE)) == ACE_FILE_INHERIT_ACE) {
8053 271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1659	newflags \|= ACE_INHERIT_ONLY_ACE;
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1660	aclp->z_ops.ace_flags_set(acep,
271f44d3de11 PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7624 diff changeset	1661	newflags\|ACE_INHERITED_ACE);
12322 2d0b03fa06b5 6947609 not inheriting inherit_only directories correctly Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 12273 diff changeset	1662	} else {
2d0b03fa06b5 6947609 not inheriting inherit_only directories correctly Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 12273 diff changeset	1663	newflags &= ~ACE_INHERIT_ONLY_ACE;
2d0b03fa06b5 6947609 not inheriting inherit_only directories correctly Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 12273 diff changeset	1664	aclp->z_ops.ace_flags_set(acep,
2d0b03fa06b5 6947609 not inheriting inherit_only directories correctly Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 12273 diff changeset	1665	newflags\|ACE_INHERITED_ACE);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1666	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1667	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1668	return (aclp);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1669	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1670
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1671	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1672	* Create file system object initial permissions
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1673	* including inheritable ACEs.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1674	*/
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1675	int
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1676	zfs_acl_ids_create(znode_t dzp, int flag, vattr_t vap, cred_t *cr,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1677	vsecattr_t vsecp, zfs_acl_ids_t acl_ids)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1678	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1679	int error;
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1680	zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1681	zfs_acl_t *paclp;
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	1682	gid_t gid;
6385 5437941ec5a1 PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules marks parents: 6257 diff changeset	1683	boolean_t need_chmod = B_TRUE;
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1684	boolean_t inherited = B_FALSE;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1685
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1686	bzero(acl_ids, sizeof (zfs_acl_ids_t));
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1687	acl_ids->z_mode = MAKEIMODE(vap->va_type, vap->va_mode);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1688
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1689	if (vsecp)
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1690	if ((error = zfs_vsec_2_aclp(zfsvfs, vap->va_type, vsecp, cr,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1691	&acl_ids->z_fuidp, &acl_ids->z_aclp)) != 0)
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1692	return (error);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1693	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1694	* Determine uid and gid.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1695	*/
11249 6c30f7dfc97b 6906110 bad trap panic in zil_replay_log_record Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 10295 diff changeset	1696	if ((flag & IS_ROOT_NODE) \|\| zfsvfs->z_replay \|\|
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1697	((flag & IS_XATTR) && (vap->va_type == VDIR))) {
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1698	acl_ids->z_fuid = zfs_fuid_create(zfsvfs,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1699	(uint64_t)vap->va_uid, cr,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1700	ZFS_OWNER, &acl_ids->z_fuidp);
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1701	acl_ids->z_fgid = zfs_fuid_create(zfsvfs,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1702	(uint64_t)vap->va_gid, cr,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1703	ZFS_GROUP, &acl_ids->z_fuidp);
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	1704	gid = vap->va_gid;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1705	} else {
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1706	acl_ids->z_fuid = zfs_fuid_create_cred(zfsvfs, ZFS_OWNER,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1707	cr, &acl_ids->z_fuidp);
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1708	acl_ids->z_fgid = 0;
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	1709	if (vap->va_mask & AT_GID) {
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1710	acl_ids->z_fgid = zfs_fuid_create(zfsvfs,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1711	(uint64_t)vap->va_gid,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1712	cr, ZFS_GROUP, &acl_ids->z_fuidp);
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	1713	gid = vap->va_gid;
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	1714	if (acl_ids->z_fgid != dzp->z_gid &&
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	1715	!groupmember(vap->va_gid, cr) &&
1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	1716	secpolicy_vnode_create_gid(cr) != 0)
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1717	acl_ids->z_fgid = 0;
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	1718	}
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1719	if (acl_ids->z_fgid == 0) {
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1720	if (dzp->z_mode & S_ISGID) {
11574 42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1721	char *domain;
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1722	uint32_t rid;
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1723
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	1724	acl_ids->z_fgid = dzp->z_gid;
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1725	gid = zfs_fuid_map_id(zfsvfs, acl_ids->z_fgid,
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	1726	cr, ZFS_GROUP);
11574 42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1727
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1728	if (zfsvfs->z_use_fuids &&
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1729	IS_EPHEMERAL(acl_ids->z_fgid)) {
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1730	domain = zfs_fuid_idx_domain(
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1731	&zfsvfs->z_fuid_idx,
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1732	FUID_INDEX(acl_ids->z_fgid));
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1733	rid = FUID_RID(acl_ids->z_fgid);
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1734	zfs_fuid_node_add(&acl_ids->z_fuidp,
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1735	domain, rid,
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1736	FUID_INDEX(acl_ids->z_fgid),
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1737	acl_ids->z_fgid, ZFS_GROUP);
42fda5f95dac 6901694 Panic attempting to write zfs credentials John Harres <John.Harres@Sun.COM> parents: 11249 diff changeset	1738	}
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	1739	} else {
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1740	acl_ids->z_fgid = zfs_fuid_create_cred(zfsvfs,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1741	ZFS_GROUP, cr, &acl_ids->z_fuidp);
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	1742	gid = crgetgid(cr);
1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	1743	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1744	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1745	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1746
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1747	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1748	* If we're creating a directory, and the parent directory has the
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1749	* set-GID bit set, set in on the new directory.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1750	* Otherwise, if the user is neither privileged nor a member of the
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1751	* file's new group, clear the file's set-GID bit.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1752	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1753
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1754	if (!(flag & IS_ROOT_NODE) && (dzp->z_mode & S_ISGID) &&
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1755	(vap->va_type == VDIR)) {
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1756	acl_ids->z_mode \|= S_ISGID;
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	1757	} else {
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1758	if ((acl_ids->z_mode & S_ISGID) &&
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1759	secpolicy_vnode_setids_setgids(cr, gid) != 0)
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1760	acl_ids->z_mode &= ~S_ISGID;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1761	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1762
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1763	if (acl_ids->z_aclp == NULL) {
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1764	mutex_enter(&dzp->z_acl_lock);
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1765	mutex_enter(&dzp->z_lock);
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1766	if (!(flag & IS_ROOT_NODE) && (ZTOV(dzp)->v_type == VDIR &&
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1767	(dzp->z_pflags & ZFS_INHERIT_ACE)) &&
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1768	!(dzp->z_pflags & ZFS_XATTR)) {
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1769	VERIFY(0 == zfs_acl_node_read(dzp, B_TRUE,
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1770	&paclp, B_FALSE));
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1771	acl_ids->z_aclp = zfs_acl_inherit(zfsvfs,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1772	vap->va_type, paclp, acl_ids->z_mode, &need_chmod);
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1773	inherited = B_TRUE;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1774	} else {
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1775	acl_ids->z_aclp =
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1776	zfs_acl_alloc(zfs_acl_version_zp(dzp));
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1777	acl_ids->z_aclp->z_hints \|= ZFS_ACL_TRIVIAL;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1778	}
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1779	mutex_exit(&dzp->z_lock);
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1780	mutex_exit(&dzp->z_acl_lock);
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1781	if (need_chmod) {
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1782	acl_ids->z_aclp->z_hints \|= (vap->va_type == VDIR) ?
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1783	ZFS_ACL_AUTO_INHERIT : 0;
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1784	zfs_acl_chmod(zfsvfs, acl_ids->z_mode, acl_ids->z_aclp);
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1785	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1786	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1787
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1788	if (inherited \|\| vsecp) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1789	acl_ids->z_mode = zfs_mode_compute(acl_ids->z_mode,
12164 0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1790	acl_ids->z_aclp, &acl_ids->z_aclp->z_hints,
0eb8d6741e37 PSARC/2010/029 Improved ACL interoperability Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11969 diff changeset	1791	acl_ids->z_fuid, acl_ids->z_fgid);
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1792	if (ace_trivial_common(acl_ids->z_aclp, 0, zfs_ace_walk) == 0)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1793	acl_ids->z_aclp->z_hints \|= ZFS_ACL_TRIVIAL;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1794	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1795
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1796	return (0);
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1797	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1798
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1799	/*
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1800	* Free ACL and fuid_infop, but not the acl_ids structure
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1801	*/
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1802	void
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1803	zfs_acl_ids_free(zfs_acl_ids_t *acl_ids)
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1804	{
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1805	if (acl_ids->z_aclp)
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1806	zfs_acl_free(acl_ids->z_aclp);
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1807	if (acl_ids->z_fuidp)
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1808	zfs_fuid_info_free(acl_ids->z_fuidp);
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1809	acl_ids->z_aclp = NULL;
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1810	acl_ids->z_fuidp = NULL;
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1811	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1812
9396 f41cf682d0d3 PSARC/2009/204 ZFS user/group quotas & space accounting Matthew Ahrens <Matthew.Ahrens@Sun.COM> parents: 9179 diff changeset	1813	boolean_t
f41cf682d0d3 PSARC/2009/204 ZFS user/group quotas & space accounting Matthew Ahrens <Matthew.Ahrens@Sun.COM> parents: 9179 diff changeset	1814	zfs_acl_ids_overquota(zfsvfs_t zfsvfs, zfs_acl_ids_t acl_ids)
f41cf682d0d3 PSARC/2009/204 ZFS user/group quotas & space accounting Matthew Ahrens <Matthew.Ahrens@Sun.COM> parents: 9179 diff changeset	1815	{
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1816	return (zfs_fuid_overquota(zfsvfs, B_FALSE, acl_ids->z_fuid) \|\|
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1817	zfs_fuid_overquota(zfsvfs, B_TRUE, acl_ids->z_fgid));
9396 f41cf682d0d3 PSARC/2009/204 ZFS user/group quotas & space accounting Matthew Ahrens <Matthew.Ahrens@Sun.COM> parents: 9179 diff changeset	1818	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1819
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1820	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1821	* Retrieve a files ACL
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1822	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1823	int
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1824	zfs_getacl(znode_t zp, vsecattr_t vsecp, boolean_t skipaclchk, cred_t *cr)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1825	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1826	zfs_acl_t *aclp;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1827	ulong_t mask;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1828	int error;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1829	int count = 0;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1830	int largeace = 0;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1831
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1832	mask = vsecp->vsa_mask & (VSA_ACE \| VSA_ACECNT \|
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1833	VSA_ACE_ACLFLAGS \| VSA_ACE_ALLTYPES);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1834
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1835	if (mask == 0)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1836	return (ENOSYS);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1837
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1838	if (error = zfs_zaccess(zp, ACE_READ_ACL, 0, skipaclchk, cr))
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1839	return (error);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1840
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1841	mutex_enter(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1842
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1843	error = zfs_acl_node_read(zp, B_FALSE, &aclp, B_FALSE);
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1844	if (error != 0) {
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1845	mutex_exit(&zp->z_acl_lock);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1846	return (error);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1847	}
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1848
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1849	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1850	* Scan ACL to determine number of ACEs
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1851	*/
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1852	if ((zp->z_pflags & ZFS_ACL_OBJ_ACE) && !(mask & VSA_ACE_ALLTYPES)) {
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1853	void *zacep = NULL;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1854	uint64_t who;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1855	uint32_t access_mask;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1856	uint16_t type, iflags;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1857
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1858	while (zacep = zfs_acl_next_ace(aclp, zacep,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1859	&who, &access_mask, &iflags, &type)) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1860	switch (type) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1861	case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1862	case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1863	case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1864	case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1865	largeace++;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1866	continue;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1867	default:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1868	count++;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1869	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1870	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1871	vsecp->vsa_aclcnt = count;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1872	} else
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1873	count = (int)aclp->z_acl_count;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1874
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1875	if (mask & VSA_ACECNT) {
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1876	vsecp->vsa_aclcnt = count;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1877	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1878
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1879	if (mask & VSA_ACE) {
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1880	size_t aclsz;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1881
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1882	aclsz = count * sizeof (ace_t) +
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1883	sizeof (ace_object_t) * largeace;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1884
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1885	vsecp->vsa_aclentp = kmem_alloc(aclsz, KM_SLEEP);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1886	vsecp->vsa_aclentsz = aclsz;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1887
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1888	if (aclp->z_version == ZFS_ACL_VERSION_FUID)
5771 7ba3a2c57d6a 6552639 Each zone should have it's own idmapd jp151216 parents: 5762 diff changeset	1889	zfs_copy_fuid_2_ace(zp->z_zfsvfs, aclp, cr,
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1890	vsecp->vsa_aclentp, !(mask & VSA_ACE_ALLTYPES));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1891	else {
10295 f7a18a1e9610 6870564 panic in zfs_getsecattr Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 10232 diff changeset	1892	zfs_acl_node_t *aclnode;
f7a18a1e9610 6870564 panic in zfs_getsecattr Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 10232 diff changeset	1893	void *start = vsecp->vsa_aclentp;
f7a18a1e9610 6870564 panic in zfs_getsecattr Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 10232 diff changeset	1894
f7a18a1e9610 6870564 panic in zfs_getsecattr Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 10232 diff changeset	1895	for (aclnode = list_head(&aclp->z_acl); aclnode;
f7a18a1e9610 6870564 panic in zfs_getsecattr Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 10232 diff changeset	1896	aclnode = list_next(&aclp->z_acl, aclnode)) {
f7a18a1e9610 6870564 panic in zfs_getsecattr Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 10232 diff changeset	1897	bcopy(aclnode->z_acldata, start,
f7a18a1e9610 6870564 panic in zfs_getsecattr Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 10232 diff changeset	1898	aclnode->z_size);
f7a18a1e9610 6870564 panic in zfs_getsecattr Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 10232 diff changeset	1899	start = (caddr_t)start + aclnode->z_size;
f7a18a1e9610 6870564 panic in zfs_getsecattr Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 10232 diff changeset	1900	}
f7a18a1e9610 6870564 panic in zfs_getsecattr Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 10232 diff changeset	1901	ASSERT((caddr_t)start - (caddr_t)vsecp->vsa_aclentp ==
f7a18a1e9610 6870564 panic in zfs_getsecattr Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 10232 diff changeset	1902	aclp->z_acl_bytes);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1903	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1904	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1905	if (mask & VSA_ACE_ACLFLAGS) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1906	vsecp->vsa_aclflags = 0;
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1907	if (zp->z_pflags & ZFS_ACL_DEFAULTED)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1908	vsecp->vsa_aclflags \|= ACL_DEFAULTED;
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1909	if (zp->z_pflags & ZFS_ACL_PROTECTED)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1910	vsecp->vsa_aclflags \|= ACL_PROTECTED;
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1911	if (zp->z_pflags & ZFS_ACL_AUTO_INHERIT)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1912	vsecp->vsa_aclflags \|= ACL_AUTO_INHERIT;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1913	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1914
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1915	mutex_exit(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1916
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1917	return (0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1918	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1919
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1920	int
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1921	zfs_vsec_2_aclp(zfsvfs_t *zfsvfs, vtype_t obj_type,
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1922	vsecattr_t vsecp, cred_t cr, zfs_fuid_info_t fuidp, zfs_acl_t zaclp)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1923	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1924	zfs_acl_t *aclp;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1925	zfs_acl_node_t *aclnode;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1926	int aclcnt = vsecp->vsa_aclcnt;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1927	int error;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1928
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1929	if (vsecp->vsa_aclcnt > MAX_ACL_ENTRIES \|\| vsecp->vsa_aclcnt <= 0)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1930	return (EINVAL);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1931
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1932	aclp = zfs_acl_alloc(zfs_acl_version(zfsvfs->z_version));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1933
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1934	aclp->z_hints = 0;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1935	aclnode = zfs_acl_node_alloc(aclcnt * sizeof (zfs_object_ace_t));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1936	if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1937	if ((error = zfs_copy_ace_2_oldace(obj_type, aclp,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1938	(ace_t *)vsecp->vsa_aclentp, aclnode->z_acldata,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1939	aclcnt, &aclnode->z_size)) != 0) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1940	zfs_acl_free(aclp);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1941	zfs_acl_node_free(aclnode);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1942	return (error);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1943	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1944	} else {
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1945	if ((error = zfs_copy_ace_2_fuid(zfsvfs, obj_type, aclp,
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1946	vsecp->vsa_aclentp, aclnode->z_acldata, aclcnt,
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1947	&aclnode->z_size, fuidp, cr)) != 0) {
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1948	zfs_acl_free(aclp);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1949	zfs_acl_node_free(aclnode);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1950	return (error);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1951	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1952	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1953	aclp->z_acl_bytes = aclnode->z_size;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1954	aclnode->z_ace_count = aclcnt;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1955	aclp->z_acl_count = aclcnt;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1956	list_insert_head(&aclp->z_acl, aclnode);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1957
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1958	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1959	* If flags are being set then add them to z_hints
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1960	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1961	if (vsecp->vsa_mask & VSA_ACE_ACLFLAGS) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1962	if (vsecp->vsa_aclflags & ACL_PROTECTED)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1963	aclp->z_hints \|= ZFS_ACL_PROTECTED;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1964	if (vsecp->vsa_aclflags & ACL_DEFAULTED)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1965	aclp->z_hints \|= ZFS_ACL_DEFAULTED;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1966	if (vsecp->vsa_aclflags & ACL_AUTO_INHERIT)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1967	aclp->z_hints \|= ZFS_ACL_AUTO_INHERIT;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1968	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1969
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1970	*zaclp = aclp;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1971
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1972	return (0);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1973	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1974
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1975	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1976	* Set a files ACL
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1977	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1978	int
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1979	zfs_setacl(znode_t zp, vsecattr_t vsecp, boolean_t skipaclchk, cred_t *cr)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1980	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1981	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1982	zilog_t *zilog = zfsvfs->z_log;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1983	ulong_t mask = vsecp->vsa_mask & (VSA_ACE \| VSA_ACECNT);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1984	dmu_tx_t *tx;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1985	int error;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1986	zfs_acl_t *aclp;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1987	zfs_fuid_info_t *fuidp = NULL;
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	1988	boolean_t fuid_dirtied;
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	1989	uint64_t acl_obj;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1990
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1991	if (mask == 0)
4300 d74de773d6e6 6528189 cp -p invalid argument issue on Redhat linux AS 3.0 NFS client against ZFS NFS directory marks parents: 2676 diff changeset	1992	return (ENOSYS);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1993
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	1994	if (zp->z_pflags & ZFS_IMMUTABLE)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1995	return (EPERM);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1996
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1997	if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr))
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1998	return (error);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	1999
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	2000	error = zfs_vsec_2_aclp(zfsvfs, ZTOV(zp)->v_type, vsecp, cr, &fuidp,
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	2001	&aclp);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2002	if (error)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2003	return (error);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2004
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2005	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2006	* If ACL wide flags aren't being set then preserve any
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2007	* existing flags.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2008	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2009	if (!(vsecp->vsa_mask & VSA_ACE_ACLFLAGS)) {
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2010	aclp->z_hints \|=
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2011	(zp->z_pflags & V4_ACL_WIDE_FLAGS);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2012	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2013	top:
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	2014	mutex_enter(&zp->z_acl_lock);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2015	mutex_enter(&zp->z_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2016
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2017	tx = dmu_tx_create(zfsvfs->z_os);
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2018
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2019	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2020
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	2021	fuid_dirtied = zfsvfs->z_fuid_dirty;
9396 f41cf682d0d3 PSARC/2009/204 ZFS user/group quotas & space accounting Matthew Ahrens <Matthew.Ahrens@Sun.COM> parents: 9179 diff changeset	2022	if (fuid_dirtied)
f41cf682d0d3 PSARC/2009/204 ZFS user/group quotas & space accounting Matthew Ahrens <Matthew.Ahrens@Sun.COM> parents: 9179 diff changeset	2023	zfs_fuid_txhold(zfsvfs, tx);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2024
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2025	/*
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2026	* If old version and ACL won't fit in bonus and we aren't
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2027	* upgrading then take out necessary DMU holds
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2028	*/
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2029
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	2030	if ((acl_obj = zfs_external_acl(zp)) != 0) {
13058 f653a0d643ec 6973827 ACL upgrade from zpl version 2 -> 4 don't grab all the necessary tx holds. Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12620 diff changeset	2031	if (zfsvfs->z_version >= ZPL_VERSION_FUID &&
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	2032	zfs_znode_acl_version(zp) <= ZFS_ACL_VERSION_INITIAL) {
12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	2033	dmu_tx_hold_free(tx, acl_obj, 0,
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2034	DMU_OBJECT_END);
13058 f653a0d643ec 6973827 ACL upgrade from zpl version 2 -> 4 don't grab all the necessary tx holds. Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12620 diff changeset	2035	dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
f653a0d643ec 6973827 ACL upgrade from zpl version 2 -> 4 don't grab all the necessary tx holds. Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12620 diff changeset	2036	aclp->z_acl_bytes);
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2037	} else {
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	2038	dmu_tx_hold_write(tx, acl_obj, 0, aclp->z_acl_bytes);
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2039	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2040	} else if (!zp->z_is_sa && aclp->z_acl_bytes > ZFS_ACE_SPACE) {
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2041	dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, aclp->z_acl_bytes);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2042	}
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2043
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2044	zfs_sa_upgrade_txholds(tx, zp);
8227 f7d7be9b1f56 6765294 Refactor replay Neil Perrin <Neil.Perrin@Sun.COM> parents: 8053 diff changeset	2045	error = dmu_tx_assign(tx, TXG_NOWAIT);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2046	if (error) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2047	mutex_exit(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2048	mutex_exit(&zp->z_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2049
8227 f7d7be9b1f56 6765294 Refactor replay Neil Perrin <Neil.Perrin@Sun.COM> parents: 8053 diff changeset	2050	if (error == ERESTART) {
2113 0510bb40c993 6430121 3-way deadlock involving tc_lock within zfs ahrens parents: 2058 diff changeset	2051	dmu_tx_wait(tx);
0510bb40c993 6430121 3-way deadlock involving tc_lock within zfs ahrens parents: 2058 diff changeset	2052	dmu_tx_abort(tx);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2053	goto top;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2054	}
2113 0510bb40c993 6430121 3-way deadlock involving tc_lock within zfs ahrens parents: 2058 diff changeset	2055	dmu_tx_abort(tx);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2056	zfs_acl_free(aclp);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2057	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2058	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2059
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	2060	error = zfs_aclset_common(zp, aclp, cr, tx);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2061	ASSERT(error == 0);
13101 08bbd228b732 6975482 assertion failed: error == 0 (0x2 == 0x0), file: ../../common/fs/zfs/zfs_vnops.c, line: 1630 Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13081 diff changeset	2062	ASSERT(zp->z_acl_cached == NULL);
10143 d2d432dfe597 6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc Tim Haley <Tim.Haley@Sun.COM> parents: 9981 diff changeset	2063	zp->z_acl_cached = aclp;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2064
9179 d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	2065	if (fuid_dirtied)
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	2066	zfs_fuid_sync(zfsvfs, tx);
d8fbd96b79b3 6790064 zfs needs to determine uid and gid earlier in create process Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 8952 diff changeset	2067
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2068	zfs_log_acl(zilog, tx, zp, vsecp, fuidp);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2069
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2070	if (fuidp)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2071	zfs_fuid_info_free(fuidp);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2072	dmu_tx_commit(tx);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2073	done:
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	2074	mutex_exit(&zp->z_lock);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2075	mutex_exit(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2076
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2077	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2078	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2079
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2080	/*
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2081	* Check accesses of interest (AoI) against attributes of the dataset
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2082	* such as read-only. Returns zero if no AoI conflict with dataset
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2083	* attributes, otherwise an appropriate errno is returned.
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2084	*/
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2085	static int
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2086	zfs_zaccess_dataset_check(znode_t *zp, uint32_t v4_mode)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2087	{
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2088	if ((v4_mode & WRITE_MASK) &&
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2089	(zp->z_zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) &&
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2090	(!IS_DEVVP(ZTOV(zp)) \|\|
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2091	(IS_DEVVP(ZTOV(zp)) && (v4_mode & WRITE_MASK_ATTRS)))) {
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2092	return (EROFS);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2093	}
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2094
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2095	/*
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2096	* Only check for READONLY on non-directories.
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2097	*/
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2098	if ((v4_mode & WRITE_MASK_DATA) &&
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2099	(((ZTOV(zp)->v_type != VDIR) &&
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2100	(zp->z_pflags & (ZFS_READONLY \| ZFS_IMMUTABLE))) \|\|
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2101	(ZTOV(zp)->v_type == VDIR &&
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2102	(zp->z_pflags & ZFS_IMMUTABLE)))) {
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2103	return (EPERM);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2104	}
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2105
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2106	if ((v4_mode & (ACE_DELETE \| ACE_DELETE_CHILD)) &&
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2107	(zp->z_pflags & ZFS_NOUNLINK)) {
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2108	return (EPERM);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2109	}
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2110
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2111	if (((v4_mode & (ACE_READ_DATA\|ACE_EXECUTE)) &&
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2112	(zp->z_pflags & ZFS_AV_QUARANTINED))) {
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2113	return (EACCES);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2114	}
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2115
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2116	return (0);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2117	}
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2118
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2119	/*
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2120	* The primary usage of this function is to loop through all of the
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2121	* ACEs in the znode, determining what accesses of interest (AoI) to
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2122	* the caller are allowed or denied. The AoI are expressed as bits in
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2123	* the working_mode parameter. As each ACE is processed, bits covered
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2124	* by that ACE are removed from the working_mode. This removal
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2125	* facilitates two things. The first is that when the working mode is
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2126	* empty (= 0), we know we've looked at all the AoI. The second is
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2127	* that the ACE interpretation rules don't allow a later ACE to undo
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2128	* something granted or denied by an earlier ACE. Removing the
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2129	* discovered access or denial enforces this rule. At the end of
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2130	* processing the ACEs, all AoI that were found to be denied are
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2131	* placed into the working_mode, giving the caller a mask of denied
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2132	* accesses. Returns:
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2133	* 0 if all AoI granted
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2134	* EACCESS if the denied mask is non-zero
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2135	* other error if abnormal failure (e.g., IO error)
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2136	*
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2137	* A secondary usage of the function is to determine if any of the
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2138	* AoI are granted. If an ACE grants any access in
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2139	* the working_mode, we immediately short circuit out of the function.
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2140	* This mode is chosen by setting anyaccess to B_TRUE. The
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2141	* working_mode is not a denied access mask upon exit if the function
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2142	* is used in this manner.
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2143	*/
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2144	static int
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2145	zfs_zaccess_aces_check(znode_t zp, uint32_t working_mode,
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2146	boolean_t anyaccess, cred_t *cr)
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2147	{
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2148	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2149	zfs_acl_t *aclp;
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	2150	int error;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2151	uid_t uid = crgetuid(cr);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2152	uint64_t who;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2153	uint16_t type, iflags;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2154	uint16_t entry_type;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2155	uint32_t access_mask;
6056 37f30782c577 6664536 zfs O_RDWR access check more stringent than tmpfs or ufs marks parents: 5959 diff changeset	2156	uint32_t deny_mask = 0;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2157	zfs_ace_hdr_t *acep = NULL;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2158	boolean_t checkit;
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2159	uid_t gowner;
79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2160	uid_t fowner;
79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2161
79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2162	zfs_fuid_map_ids(zp, cr, &fowner, &gowner);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2163
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2164	mutex_enter(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2165
12620 12fcd99a642d 6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs) Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 12322 diff changeset	2166	error = zfs_acl_node_read(zp, B_FALSE, &aclp, B_FALSE);
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	2167	if (error != 0) {
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	2168	mutex_exit(&zp->z_acl_lock);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	2169	return (error);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	2170	}
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	2171
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2172	ASSERT(zp->z_acl_cached);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2173
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2174	while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2175	&iflags, &type)) {
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2176	uint32_t mask_matched;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2177
7559 a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	2178	if (!zfs_acl_valid_ace_type(type, iflags))
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	2179	continue;
a2e9a3201169 6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7328 diff changeset	2180
7057 d3fa1d6dbef7 PSARC/2008/342 Further SID support marks parents: 6385 diff changeset	2181	if (ZTOV(zp)->v_type == VDIR && (iflags & ACE_INHERIT_ONLY_ACE))
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2182	continue;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2183
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2184	/* Skip ACE if it does not affect any AoI */
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2185	mask_matched = (access_mask & *working_mode);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2186	if (!mask_matched)
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2187	continue;
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2188
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2189	entry_type = (iflags & ACE_TYPE_FLAGS);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2190
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2191	checkit = B_FALSE;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2192
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2193	switch (entry_type) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2194	case ACE_OWNER:
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2195	if (uid == fowner)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2196	checkit = B_TRUE;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2197	break;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2198	case OWNING_GROUP:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2199	who = gowner;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2200	/FALLTHROUGH/
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2201	case ACE_IDENTIFIER_GROUP:
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2202	checkit = zfs_groupmember(zfsvfs, who, cr);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2203	break;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2204	case ACE_EVERYONE:
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2205	checkit = B_TRUE;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2206	break;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2207
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2208	/* USER Entry */
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2209	default:
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2210	if (entry_type == 0) {
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2211	uid_t newid;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2212
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	2213	newid = zfs_fuid_map_id(zfsvfs, who, cr,
1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	2214	ZFS_ACE_USER);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2215	if (newid != IDMAP_WK_CREATOR_OWNER_UID &&
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2216	uid == newid)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2217	checkit = B_TRUE;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2218	break;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2219	} else {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2220	mutex_exit(&zp->z_acl_lock);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2221	return (EIO);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2222	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2223	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2224
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2225	if (checkit) {
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2226	if (type == DENY) {
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2227	DTRACE_PROBE3(zfs__ace__denies,
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2228	znode_t *, zp,
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2229	zfs_ace_hdr_t *, acep,
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2230	uint32_t, mask_matched);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2231	deny_mask \|= mask_matched;
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2232	} else {
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2233	DTRACE_PROBE3(zfs__ace__allows,
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2234	znode_t *, zp,
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2235	zfs_ace_hdr_t *, acep,
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2236	uint32_t, mask_matched);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2237	if (anyaccess) {
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2238	mutex_exit(&zp->z_acl_lock);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2239	return (0);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2240	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2241	}
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2242	*working_mode &= ~mask_matched;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2243	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2244
6056 37f30782c577 6664536 zfs O_RDWR access check more stringent than tmpfs or ufs marks parents: 5959 diff changeset	2245	/* Are we done? */
37f30782c577 6664536 zfs O_RDWR access check more stringent than tmpfs or ufs marks parents: 5959 diff changeset	2246	if (*working_mode == 0)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2247	break;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2248	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2249
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2250	mutex_exit(&zp->z_acl_lock);
6056 37f30782c577 6664536 zfs O_RDWR access check more stringent than tmpfs or ufs marks parents: 5959 diff changeset	2251
37f30782c577 6664536 zfs O_RDWR access check more stringent than tmpfs or ufs marks parents: 5959 diff changeset	2252	/* Put the found 'denies' back on the working mode */
7163 b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2253	if (deny_mask) {
b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2254	*working_mode \|= deny_mask;
6056 37f30782c577 6664536 zfs O_RDWR access check more stringent than tmpfs or ufs marks parents: 5959 diff changeset	2255	return (EACCES);
7163 b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2256	} else if (*working_mode) {
b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2257	return (-1);
b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2258	}
6056 37f30782c577 6664536 zfs O_RDWR access check more stringent than tmpfs or ufs marks parents: 5959 diff changeset	2259
37f30782c577 6664536 zfs O_RDWR access check more stringent than tmpfs or ufs marks parents: 5959 diff changeset	2260	return (0);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2261	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2262
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2263	/*
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2264	* Return true if any access whatsoever granted, we don't actually
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2265	* care what access is granted.
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2266	*/
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2267	boolean_t
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2268	zfs_has_access(znode_t zp, cred_t cr)
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2269	{
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2270	uint32_t have = ACE_ALL_PERMS;
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2271
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2272	if (zfs_zaccess_aces_check(zp, &have, B_TRUE, cr) != 0) {
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2273	uid_t owner;
79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2274
79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2275	owner = zfs_fuid_map_id(zp->z_zfsvfs, zp->z_uid, cr, ZFS_OWNER);
79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2276	return (secpolicy_vnode_any_access(cr, ZTOV(zp), owner) == 0);
9749 105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2277	}
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2278	return (B_TRUE);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2279	}
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2280
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2281	static int
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2282	zfs_zaccess_common(znode_t zp, uint32_t v4_mode, uint32_t working_mode,
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2283	boolean_t check_privs, boolean_t skipaclchk, cred_t cr)
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2284	{
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2285	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2286	int err;
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2287
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2288	*working_mode = v4_mode;
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2289	*check_privs = B_TRUE;
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2290
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2291	/*
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2292	* Short circuit empty requests
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2293	*/
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2294	if (v4_mode == 0 \|\| zfsvfs->z_replay) {
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2295	*working_mode = 0;
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2296	return (0);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2297	}
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2298
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2299	if ((err = zfs_zaccess_dataset_check(zp, v4_mode)) != 0) {
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2300	*check_privs = B_FALSE;
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2301	return (err);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2302	}
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2303
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2304	/*
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2305	* The caller requested that the ACL check be skipped. This
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2306	* would only happen if the caller checked VOP_ACCESS() with a
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2307	* 32 bit ACE mask and already had the appropriate permissions.
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2308	*/
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2309	if (skipaclchk) {
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2310	*working_mode = 0;
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2311	return (0);
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2312	}
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2313
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2314	return (zfs_zaccess_aces_check(zp, working_mode, B_FALSE, cr));
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2315	}
105f407a2680 PSARC 2009/246 ZFS support for Access Based Enumeration Tim Haley <Tim.Haley@Sun.COM> parents: 9512 diff changeset	2316
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2317	static int
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2318	zfs_zaccess_append(znode_t zp, uint32_t working_mode, boolean_t *check_privs,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2319	cred_t *cr)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2320	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2321	if (*working_mode != ACE_WRITE_DATA)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2322	return (EACCES);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2323
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2324	return (zfs_zaccess_common(zp, ACE_APPEND_DATA, working_mode,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2325	check_privs, B_FALSE, cr));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2326	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2327
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2328	int
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2329	zfs_fastaccesschk_execute(znode_t zdp, cred_t cr)
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2330	{
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2331	boolean_t owner = B_FALSE;
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2332	boolean_t groupmbr = B_FALSE;
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2333	boolean_t is_attr;
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2334	uid_t uid = crgetuid(cr);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2335	int error;
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2336
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2337	if (zdp->z_pflags & ZFS_AV_QUARANTINED)
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2338	return (EACCES);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2339
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2340	is_attr = ((zdp->z_pflags & ZFS_XATTR) &&
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2341	(ZTOV(zdp)->v_type == VDIR));
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2342	if (is_attr)
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2343	goto slow;
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2344
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2345
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2346	mutex_enter(&zdp->z_acl_lock);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2347
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2348	if (zdp->z_pflags & ZFS_NO_EXECS_DENIED) {
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2349	mutex_exit(&zdp->z_acl_lock);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2350	return (0);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2351	}
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2352
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2353	if (FUID_INDEX(zdp->z_uid) != 0 \|\| FUID_INDEX(zdp->z_gid) != 0) {
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2354	mutex_exit(&zdp->z_acl_lock);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2355	goto slow;
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2356	}
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2357
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2358	if (uid == zdp->z_uid) {
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2359	owner = B_TRUE;
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2360	if (zdp->z_mode & S_IXUSR) {
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2361	mutex_exit(&zdp->z_acl_lock);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2362	return (0);
10232 f37b85f7e03e 6865875 zfs sometimes incorrectly giving search access to a dir Tim Haley <Tim.Haley@Sun.COM> parents: 10143 diff changeset	2363	} else {
f37b85f7e03e 6865875 zfs sometimes incorrectly giving search access to a dir Tim Haley <Tim.Haley@Sun.COM> parents: 10143 diff changeset	2364	mutex_exit(&zdp->z_acl_lock);
f37b85f7e03e 6865875 zfs sometimes incorrectly giving search access to a dir Tim Haley <Tim.Haley@Sun.COM> parents: 10143 diff changeset	2365	goto slow;
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2366	}
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2367	}
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2368	if (groupmember(zdp->z_gid, cr)) {
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2369	groupmbr = B_TRUE;
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2370	if (zdp->z_mode & S_IXGRP) {
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2371	mutex_exit(&zdp->z_acl_lock);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2372	return (0);
10232 f37b85f7e03e 6865875 zfs sometimes incorrectly giving search access to a dir Tim Haley <Tim.Haley@Sun.COM> parents: 10143 diff changeset	2373	} else {
f37b85f7e03e 6865875 zfs sometimes incorrectly giving search access to a dir Tim Haley <Tim.Haley@Sun.COM> parents: 10143 diff changeset	2374	mutex_exit(&zdp->z_acl_lock);
f37b85f7e03e 6865875 zfs sometimes incorrectly giving search access to a dir Tim Haley <Tim.Haley@Sun.COM> parents: 10143 diff changeset	2375	goto slow;
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2376	}
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2377	}
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2378	if (!owner && !groupmbr) {
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2379	if (zdp->z_mode & S_IXOTH) {
9981 b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2380	mutex_exit(&zdp->z_acl_lock);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2381	return (0);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2382	}
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2383	}
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2384
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2385	mutex_exit(&zdp->z_acl_lock);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2386
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2387	slow:
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2388	DTRACE_PROBE(zfs__fastpath__execute__access__miss);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2389	ZFS_ENTER(zdp->z_zfsvfs);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2390	error = zfs_zaccess(zdp, ACE_EXECUTE, 0, B_FALSE, cr);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2391	ZFS_EXIT(zdp->z_zfsvfs);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2392	return (error);
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2393	}
b4907297e740 6775100 stat() performance on files on zfs should be improved Tim Haley <Tim.Haley@Sun.COM> parents: 9866 diff changeset	2394
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2395	/*
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2396	* Determine whether Access should be granted/denied.
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2397	* The least priv subsytem is always consulted as a basic privilege
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2398	* can define any form of access.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2399	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2400	int
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2401	zfs_zaccess(znode_t zp, int mode, int flags, boolean_t skipaclchk, cred_t cr)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2402	{
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2403	uint32_t working_mode;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2404	int error;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2405	int is_attr;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2406	boolean_t check_privs;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2407	znode_t *xzp;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2408	znode_t *check_zp = zp;
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2409	mode_t needed_bits;
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2410	uid_t owner;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2411
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2412	is_attr = ((zp->z_pflags & ZFS_XATTR) && (ZTOV(zp)->v_type == VDIR));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2413
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2414	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2415	* If attribute then validate against base file
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2416	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2417	if (is_attr) {
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2418	uint64_t parent;
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2419
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2420	if ((error = sa_lookup(zp->z_sa_hdl,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2421	SA_ZPL_PARENT(zp->z_zfsvfs), &parent,
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2422	sizeof (parent))) != 0)
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2423	return (error);
538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2424
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2425	if ((error = zfs_zget(zp->z_zfsvfs,
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2426	parent, &xzp)) != 0) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2427	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2428	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2429
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2430	check_zp = xzp;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2431
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2432	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2433	* fixup mode to map to xattr perms
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2434	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2435
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2436	if (mode & (ACE_WRITE_DATA\|ACE_APPEND_DATA)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2437	mode &= ~(ACE_WRITE_DATA\|ACE_APPEND_DATA);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2438	mode \|= ACE_WRITE_NAMED_ATTRS;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2439	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2440
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2441	if (mode & (ACE_READ_DATA\|ACE_EXECUTE)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2442	mode &= ~(ACE_READ_DATA\|ACE_EXECUTE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2443	mode \|= ACE_READ_NAMED_ATTRS;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2444	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2445	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2446
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2447	owner = zfs_fuid_map_id(zp->z_zfsvfs, zp->z_uid, cr, ZFS_OWNER);
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2448	/*
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2449	* Map the bits required to the standard vnode flags VREAD\|VWRITE\|VEXEC
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2450	* in needed_bits. Map the bits mapped by working_mode (currently
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2451	* missing) in missing_bits.
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2452	* Call secpolicy_vnode_access2() with (needed_bits & ~checkmode),
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2453	* needed_bits.
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2454	*/
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2455	needed_bits = 0;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2456
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2457	working_mode = mode;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2458	if ((working_mode & (ACE_READ_ACL\|ACE_READ_ATTRIBUTES)) &&
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2459	owner == crgetuid(cr))
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2460	working_mode &= ~(ACE_READ_ACL\|ACE_READ_ATTRIBUTES);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2461
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2462	if (working_mode & (ACE_READ_DATA\|ACE_READ_NAMED_ATTRS\|
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2463	ACE_READ_ACL\|ACE_READ_ATTRIBUTES\|ACE_SYNCHRONIZE))
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2464	needed_bits \|= VREAD;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2465	if (working_mode & (ACE_WRITE_DATA\|ACE_WRITE_NAMED_ATTRS\|
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2466	ACE_APPEND_DATA\|ACE_WRITE_ATTRIBUTES\|ACE_SYNCHRONIZE))
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2467	needed_bits \|= VWRITE;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2468	if (working_mode & ACE_EXECUTE)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2469	needed_bits \|= VEXEC;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2470
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2471	if ((error = zfs_zaccess_common(check_zp, mode, &working_mode,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2472	&check_privs, skipaclchk, cr)) == 0) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2473	if (is_attr)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2474	VN_RELE(ZTOV(xzp));
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2475	return (secpolicy_vnode_access2(cr, ZTOV(zp), owner,
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2476	needed_bits, needed_bits));
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2477	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2478
5959 1e1904b8526d 6650192 zfs ACL/fuid code could use some minor cleanup marks parents: 5824 diff changeset	2479	if (error && !check_privs) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2480	if (is_attr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2481	VN_RELE(ZTOV(xzp));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2482	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2483	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2484
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2485	if (error && (flags & V_APPEND)) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2486	error = zfs_zaccess_append(zp, &working_mode, &check_privs, cr);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2487	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2488
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2489	if (error && check_privs) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2490	mode_t checkmode = 0;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2491
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2492	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2493	* First check for implicit owner permission on
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2494	* read_acl/read_attributes
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2495	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2496
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2497	error = 0;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2498	ASSERT(working_mode != 0);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2499
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2500	if ((working_mode & (ACE_READ_ACL\|ACE_READ_ATTRIBUTES) &&
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2501	owner == crgetuid(cr)))
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2502	working_mode &= ~(ACE_READ_ACL\|ACE_READ_ATTRIBUTES);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2503
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2504	if (working_mode & (ACE_READ_DATA\|ACE_READ_NAMED_ATTRS\|
7624 0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7559 diff changeset	2505	ACE_READ_ACL\|ACE_READ_ATTRIBUTES\|ACE_SYNCHRONIZE))
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2506	checkmode \|= VREAD;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2507	if (working_mode & (ACE_WRITE_DATA\|ACE_WRITE_NAMED_ATTRS\|
7624 0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7559 diff changeset	2508	ACE_APPEND_DATA\|ACE_WRITE_ATTRIBUTES\|ACE_SYNCHRONIZE))
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2509	checkmode \|= VWRITE;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2510	if (working_mode & ACE_EXECUTE)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2511	checkmode \|= VEXEC;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2512
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2513	error = secpolicy_vnode_access2(cr, ZTOV(check_zp), owner,
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2514	needed_bits & ~checkmode, needed_bits);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2515
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2516	if (error == 0 && (working_mode & ACE_WRITE_OWNER))
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2517	error = secpolicy_vnode_chown(cr, owner);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2518	if (error == 0 && (working_mode & ACE_WRITE_ACL))
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2519	error = secpolicy_vnode_setdac(cr, owner);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2520
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2521	if (error == 0 && (working_mode &
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2522	(ACE_DELETE\|ACE_DELETE_CHILD)))
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2523	error = secpolicy_vnode_remove(cr);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2524
7624 0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7559 diff changeset	2525	if (error == 0 && (working_mode & ACE_SYNCHRONIZE)) {
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2526	error = secpolicy_vnode_chown(cr, owner);
7624 0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7559 diff changeset	2527	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2528	if (error == 0) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2529	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2530	* See if any bits other than those already checked
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2531	* for are still present. If so then return EACCES
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2532	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2533	if (working_mode & ~(ZFS_CHECKED_MASKS)) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2534	error = EACCES;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2535	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2536	}
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2537	} else if (error == 0) {
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2538	error = secpolicy_vnode_access2(cr, ZTOV(zp), owner,
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2539	needed_bits, needed_bits);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2540	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2541
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2542
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2543	if (is_attr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2544	VN_RELE(ZTOV(xzp));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2545
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2546	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2547	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2548
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2549	/*
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2550	* Translate traditional unix VREAD/VWRITE/VEXEC mode into
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2551	* native ACL format and call zfs_zaccess()
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2552	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2553	int
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2554	zfs_zaccess_rwx(znode_t zp, mode_t mode, int flags, cred_t cr)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2555	{
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2556	return (zfs_zaccess(zp, zfs_unix_to_v4(mode >> 6), flags, B_FALSE, cr));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2557	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2558
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2559	/*
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2560	* Access function for secpolicy_vnode_setattr
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2561	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2562	int
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2563	zfs_zaccess_unix(znode_t zp, mode_t mode, cred_t cr)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2564	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2565	int v4_mode = zfs_unix_to_v4(mode >> 6);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2566
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2567	return (zfs_zaccess(zp, v4_mode, 0, B_FALSE, cr));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2568	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2569
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2570	static int
6257 0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2571	zfs_delete_final_check(znode_t zp, znode_t dzp,
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2572	mode_t available_perms, cred_t *cr)
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2573	{
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2574	int error;
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2575	uid_t downer;
79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2576
79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2577	downer = zfs_fuid_map_id(dzp->z_zfsvfs, dzp->z_uid, cr, ZFS_OWNER);
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2578
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2579	error = secpolicy_vnode_access2(cr, ZTOV(dzp),
13081 79b387e27d99 6971929 Unable to add/remove ACE after doing idmap flush -a Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM> parents: 13058 diff changeset	2580	downer, available_perms, VWRITE\|VEXEC);
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2581
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2582	if (error == 0)
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2583	error = zfs_sticky_remove_access(dzp, zp, cr);
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2584
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2585	return (error);
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2586	}
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2587
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2588	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2589	* Determine whether Access should be granted/deny, without
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2590	* consulting least priv subsystem.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2591	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2592	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2593	* The following chart is the recommended NFSv4 enforcement for
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2594	* ability to delete an object.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2595	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2596	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2597	* \| Parent Dir \| Target Object Permissions \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2598	* \| permissions \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2599	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2600	* \| \| ACL Allows \| ACL Denies\| Delete \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2601	* \| \| Delete \| Delete \| unspecified\|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2602	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2603	* \| ACL Allows \| Permit \| Permit \| Permit \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2604	* \| DELETE_CHILD \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2605	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2606	* \| ACL Denies \| Permit \| Deny \| Deny \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2607	* \| DELETE_CHILD \| \| \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2608	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2609	* \| ACL specifies \| \| \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2610	* \| only allow \| Permit \| Permit \| Permit \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2611	* \| write and \| \| \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2612	* \| execute \| \| \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2613	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2614	* \| ACL denies \| \| \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2615	* \| write and \| Permit \| Deny \| Deny \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2616	* \| execute \| \| \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2617	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2618	* ^
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2619	* \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2620	* No search privilege, can't even look up file?
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2621	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2622	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2623	int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2624	zfs_zaccess_delete(znode_t dzp, znode_t zp, cred_t *cr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2625	{
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2626	uint32_t dzp_working_mode = 0;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2627	uint32_t zp_working_mode = 0;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2628	int dzp_error, zp_error;
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2629	mode_t available_perms;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2630	boolean_t dzpcheck_privs = B_TRUE;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2631	boolean_t zpcheck_privs = B_TRUE;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2632
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2633	/*
6257 0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2634	* We want specific DELETE permissions to
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2635	* take precedence over WRITE/EXECUTE. We don't
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2636	* want an ACL such as this to mess us up.
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2637	* user:joe:write_data:deny,user:joe:delete:allow
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2638	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2639	* However, deny permissions may ultimately be overridden
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2640	* by secpolicy_vnode_access().
6257 0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2641	*
0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2642	* We will ask for all of the necessary permissions and then
0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2643	* look at the working modes from the directory and target object
0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2644	* to determine what was found.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2645	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2646
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2647	if (zp->z_pflags & (ZFS_IMMUTABLE \| ZFS_NOUNLINK))
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2648	return (EPERM);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2649
6257 0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2650	/*
7163 b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2651	* First row
6257 0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2652	* If the directory permissions allow the delete, we are done.
0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2653	*/
7163 b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2654	if ((dzp_error = zfs_zaccess_common(dzp, ACE_DELETE_CHILD,
6257 0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2655	&dzp_working_mode, &dzpcheck_privs, B_FALSE, cr)) == 0)
0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2656	return (0);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2657
6257 0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2658	/*
0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2659	* If target object has delete permission then we are done
0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2660	*/
0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2661	if ((zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode,
0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2662	&zpcheck_privs, B_FALSE, cr)) == 0)
0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2663	return (0);
0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2664
7163 b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2665	ASSERT(dzp_error && zp_error);
b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2666
6257 0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2667	if (!dzpcheck_privs)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2668	return (dzp_error);
7163 b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2669	if (!zpcheck_privs)
6257 0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2670	return (zp_error);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2671
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2672	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2673	* Second row
7163 b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2674	*
b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2675	* If directory returns EACCES then delete_child was denied
b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2676	* due to deny delete_child. In this case send the request through
b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2677	* secpolicy_vnode_remove(). We don't use zfs_delete_final_check()
b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2678	* since that could allow the delete based on write/execute permission
b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2679	* and we want delete permissions to override write/execute.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2680	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2681
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2682	if (dzp_error == EACCES)
7163 b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2683	return (secpolicy_vnode_remove(cr));
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2684
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	2685	/*
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2686	* Third Row
6257 0c7475fa4852 6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode marks parents: 6056 diff changeset	2687	* only need to see if we have write/execute on directory.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2688	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2689
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2690	dzp_error = zfs_zaccess_common(dzp, ACE_EXECUTE\|ACE_WRITE_DATA,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2691	&dzp_working_mode, &dzpcheck_privs, B_FALSE, cr);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2692
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2693	if (dzp_error != 0 && !dzpcheck_privs)
7163 b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2694	return (dzp_error);
b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2695
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2696	/*
7163 b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2697	* Fourth row
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2698	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2699
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2700	available_perms = (dzp_working_mode & ACE_WRITE_DATA) ? 0 : VWRITE;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2701	available_perms \|= (dzp_working_mode & ACE_EXECUTE) ? 0 : VEXEC;
7163 b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2702
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12218 diff changeset	2703	return (zfs_delete_final_check(zp, dzp, available_perms, cr));
7163 b0960f193b35 6723181 delete deny permissions broken marks parents: 7057 diff changeset	2704
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2705	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2706
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2707	int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2708	zfs_zaccess_rename(znode_t sdzp, znode_t szp, znode_t *tdzp,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2709	znode_t tzp, cred_t cr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2710	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2711	int add_perm;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2712	int error;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2713
11935 538c866aaac6 6716117 ZFS needs native system attribute infrastructure Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 11574 diff changeset	2714	if (szp->z_pflags & ZFS_AV_QUARANTINED)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2715	return (EACCES);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2716
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2717	add_perm = (ZTOV(szp)->v_type == VDIR) ?
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2718	ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2719
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2720	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2721	* Rename permissions are combination of delete permission +
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2722	* add file/subdir permission.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2723	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2724
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2725	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2726	* first make sure we do the delete portion.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2727	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2728	* If that succeeds then check for add_file/add_subdir permissions
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2729	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2730
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2731	if (error = zfs_zaccess_delete(sdzp, szp, cr))
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2732	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2733
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2734	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2735	* If we have a tzp, see if we can delete it?
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2736	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2737	if (tzp) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2738	if (error = zfs_zaccess_delete(tdzp, tzp, cr))
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2739	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2740	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2741
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2742	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2743	* Now check for add permissions
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2744	*/
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4869 diff changeset	2745	error = zfs_zaccess(tdzp, add_perm, 0, B_FALSE, cr);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2746
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2747	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2748	}

author	Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
	Thu, 12 Aug 2010 13:32:15 -0600
changeset 13101	08bbd228b732
parent 13081	79b387e27d99
child 13370	8c04143bd318
permissions	-rw-r--r--