| author | Albert Lee <trisk@nexenta.com> |
| Sat, 14 May 2011 00:29:13 -0400 | |
| changeset 13370 | 8c04143bd318 |
| parent 13101 | 08bbd228b732 |
| child 13980 | d7059eb1884c |
| permissions | -rw-r--r-- |
| 789 | 1 |
/* |
2 |
* CDDL HEADER START |
|
3 |
* |
|
4 |
* The contents of this file are subject to the terms of the |
|
| 1544 | 5 |
* Common Development and Distribution License (the "License"). |
6 |
* You may not use this file except in compliance with the License. |
|
| 789 | 7 |
* |
8 |
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 |
* or http://www.opensolaris.org/os/licensing. |
|
10 |
* See the License for the specific language governing permissions |
|
11 |
* and limitations under the License. |
|
12 |
* |
|
13 |
* When distributing Covered Code, include this CDDL HEADER in each |
|
14 |
* file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 |
* If applicable, add the following below this CDDL HEADER, with the |
|
16 |
* fields enclosed by brackets "[]" replaced with your own identifying |
|
17 |
* information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 |
* |
|
19 |
* CDDL HEADER END |
|
20 |
*/ |
|
21 |
/* |
|
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
22 |
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
23 |
* Copyright 2011 Nexenta Systems, Inc. All rights reserved. |
| 789 | 24 |
*/ |
25 |
||
26 |
#include <sys/types.h> |
|
27 |
#include <sys/param.h> |
|
28 |
#include <sys/time.h> |
|
29 |
#include <sys/systm.h> |
|
30 |
#include <sys/sysmacros.h> |
|
31 |
#include <sys/resource.h> |
|
32 |
#include <sys/vfs.h> |
|
33 |
#include <sys/vnode.h> |
|
| 5331 | 34 |
#include <sys/sid.h> |
| 789 | 35 |
#include <sys/file.h> |
36 |
#include <sys/stat.h> |
|
37 |
#include <sys/kmem.h> |
|
38 |
#include <sys/cmn_err.h> |
|
39 |
#include <sys/errno.h> |
|
40 |
#include <sys/unistd.h> |
|
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
41 |
#include <sys/sdt.h> |
| 789 | 42 |
#include <sys/fs/zfs.h> |
43 |
#include <sys/mode.h> |
|
44 |
#include <sys/policy.h> |
|
45 |
#include <sys/zfs_znode.h> |
|
| 5331 | 46 |
#include <sys/zfs_fuid.h> |
| 789 | 47 |
#include <sys/zfs_acl.h> |
48 |
#include <sys/zfs_dir.h> |
|
49 |
#include <sys/zfs_vfsops.h> |
|
50 |
#include <sys/dmu.h> |
|
| 5331 | 51 |
#include <sys/dnode.h> |
| 789 | 52 |
#include <sys/zap.h> |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
53 |
#include <sys/sa.h> |
| 789 | 54 |
#include "fs/fs_subr.h" |
55 |
#include <acl/acl_common.h> |
|
56 |
||
57 |
#define ALLOW ACE_ACCESS_ALLOWED_ACE_TYPE |
|
58 |
#define DENY ACE_ACCESS_DENIED_ACE_TYPE |
|
| 5331 | 59 |
#define MAX_ACE_TYPE ACE_SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE |
|
7559
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
60 |
#define MIN_ACE_TYPE ALLOW |
| 789 | 61 |
|
62 |
#define OWNING_GROUP (ACE_GROUP|ACE_IDENTIFIER_GROUP) |
|
63 |
#define EVERYONE_ALLOW_MASK (ACE_READ_ACL|ACE_READ_ATTRIBUTES | \ |
|
64 |
ACE_READ_NAMED_ATTRS|ACE_SYNCHRONIZE) |
|
65 |
#define EVERYONE_DENY_MASK (ACE_WRITE_ACL|ACE_WRITE_OWNER | \ |
|
66 |
ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS) |
|
67 |
#define OWNER_ALLOW_MASK (ACE_WRITE_ACL | ACE_WRITE_OWNER | \ |
|
68 |
ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS) |
|
| 5331 | 69 |
|
70 |
#define ZFS_CHECKED_MASKS (ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_DATA| \ |
|
71 |
ACE_READ_NAMED_ATTRS|ACE_WRITE_DATA|ACE_WRITE_ATTRIBUTES| \ |
|
72 |
ACE_WRITE_NAMED_ATTRS|ACE_APPEND_DATA|ACE_EXECUTE|ACE_WRITE_OWNER| \ |
|
73 |
ACE_WRITE_ACL|ACE_DELETE|ACE_DELETE_CHILD|ACE_SYNCHRONIZE) |
|
74 |
||
|
8952
c2f95230b0ff
6809529 dirtying snapshot! rears its head again
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8227
diff
changeset
|
75 |
#define WRITE_MASK_DATA (ACE_WRITE_DATA|ACE_APPEND_DATA|ACE_WRITE_NAMED_ATTRS) |
|
c2f95230b0ff
6809529 dirtying snapshot! rears its head again
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8227
diff
changeset
|
76 |
#define WRITE_MASK_ATTRS (ACE_WRITE_ACL|ACE_WRITE_OWNER|ACE_WRITE_ATTRIBUTES| \ |
|
c2f95230b0ff
6809529 dirtying snapshot! rears its head again
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8227
diff
changeset
|
77 |
ACE_DELETE|ACE_DELETE_CHILD) |
|
c2f95230b0ff
6809529 dirtying snapshot! rears its head again
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8227
diff
changeset
|
78 |
#define WRITE_MASK (WRITE_MASK_DATA|WRITE_MASK_ATTRS) |
| 789 | 79 |
|
80 |
#define OGE_CLEAR (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ |
|
81 |
ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE) |
|
82 |
||
83 |
#define OKAY_MASK_BITS (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ |
|
84 |
ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE) |
|
85 |
||
86 |
#define ALL_INHERIT (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE | \ |
|
| 5331 | 87 |
ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE|ACE_INHERITED_ACE) |
| 789 | 88 |
|
|
6385
5437941ec5a1
PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules
marks
parents:
6257
diff
changeset
|
89 |
#define RESTRICTED_CLEAR (ACE_WRITE_ACL|ACE_WRITE_OWNER) |
| 789 | 90 |
|
| 5331 | 91 |
#define V4_ACL_WIDE_FLAGS (ZFS_ACL_AUTO_INHERIT|ZFS_ACL_DEFAULTED|\ |
92 |
ZFS_ACL_PROTECTED) |
|
93 |
||
94 |
#define ZFS_ACL_WIDE_FLAGS (V4_ACL_WIDE_FLAGS|ZFS_ACL_TRIVIAL|ZFS_INHERIT_ACE|\ |
|
95 |
ZFS_ACL_OBJ_ACE) |
|
96 |
||
|
10143
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
97 |
#define ALL_MODE_EXECS (S_IXUSR | S_IXGRP | S_IXOTH) |
|
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
98 |
|
| 5331 | 99 |
static uint16_t |
100 |
zfs_ace_v0_get_type(void *acep) |
|
101 |
{
|
|
102 |
return (((zfs_oldace_t *)acep)->z_type); |
|
103 |
} |
|
104 |
||
105 |
static uint16_t |
|
106 |
zfs_ace_v0_get_flags(void *acep) |
|
107 |
{
|
|
108 |
return (((zfs_oldace_t *)acep)->z_flags); |
|
109 |
} |
|
110 |
||
111 |
static uint32_t |
|
112 |
zfs_ace_v0_get_mask(void *acep) |
|
113 |
{
|
|
114 |
return (((zfs_oldace_t *)acep)->z_access_mask); |
|
115 |
} |
|
116 |
||
117 |
static uint64_t |
|
118 |
zfs_ace_v0_get_who(void *acep) |
|
119 |
{
|
|
120 |
return (((zfs_oldace_t *)acep)->z_fuid); |
|
121 |
} |
|
122 |
||
123 |
static void |
|
124 |
zfs_ace_v0_set_type(void *acep, uint16_t type) |
|
125 |
{
|
|
126 |
((zfs_oldace_t *)acep)->z_type = type; |
|
127 |
} |
|
128 |
||
129 |
static void |
|
130 |
zfs_ace_v0_set_flags(void *acep, uint16_t flags) |
|
131 |
{
|
|
132 |
((zfs_oldace_t *)acep)->z_flags = flags; |
|
133 |
} |
|
134 |
||
135 |
static void |
|
136 |
zfs_ace_v0_set_mask(void *acep, uint32_t mask) |
|
137 |
{
|
|
138 |
((zfs_oldace_t *)acep)->z_access_mask = mask; |
|
139 |
} |
|
140 |
||
141 |
static void |
|
142 |
zfs_ace_v0_set_who(void *acep, uint64_t who) |
|
143 |
{
|
|
144 |
((zfs_oldace_t *)acep)->z_fuid = who; |
|
145 |
} |
|
146 |
||
147 |
/*ARGSUSED*/ |
|
148 |
static size_t |
|
149 |
zfs_ace_v0_size(void *acep) |
|
150 |
{
|
|
151 |
return (sizeof (zfs_oldace_t)); |
|
152 |
} |
|
153 |
||
154 |
static size_t |
|
155 |
zfs_ace_v0_abstract_size(void) |
|
156 |
{
|
|
157 |
return (sizeof (zfs_oldace_t)); |
|
158 |
} |
|
159 |
||
160 |
static int |
|
161 |
zfs_ace_v0_mask_off(void) |
|
162 |
{
|
|
163 |
return (offsetof(zfs_oldace_t, z_access_mask)); |
|
164 |
} |
|
165 |
||
166 |
/*ARGSUSED*/ |
|
167 |
static int |
|
168 |
zfs_ace_v0_data(void *acep, void **datap) |
|
169 |
{
|
|
170 |
*datap = NULL; |
|
171 |
return (0); |
|
172 |
} |
|
173 |
||
174 |
static acl_ops_t zfs_acl_v0_ops = {
|
|
175 |
zfs_ace_v0_get_mask, |
|
176 |
zfs_ace_v0_set_mask, |
|
177 |
zfs_ace_v0_get_flags, |
|
178 |
zfs_ace_v0_set_flags, |
|
179 |
zfs_ace_v0_get_type, |
|
180 |
zfs_ace_v0_set_type, |
|
181 |
zfs_ace_v0_get_who, |
|
182 |
zfs_ace_v0_set_who, |
|
183 |
zfs_ace_v0_size, |
|
184 |
zfs_ace_v0_abstract_size, |
|
185 |
zfs_ace_v0_mask_off, |
|
186 |
zfs_ace_v0_data |
|
187 |
}; |
|
188 |
||
189 |
static uint16_t |
|
190 |
zfs_ace_fuid_get_type(void *acep) |
|
191 |
{
|
|
192 |
return (((zfs_ace_hdr_t *)acep)->z_type); |
|
193 |
} |
|
194 |
||
195 |
static uint16_t |
|
196 |
zfs_ace_fuid_get_flags(void *acep) |
|
197 |
{
|
|
198 |
return (((zfs_ace_hdr_t *)acep)->z_flags); |
|
199 |
} |
|
200 |
||
201 |
static uint32_t |
|
202 |
zfs_ace_fuid_get_mask(void *acep) |
|
203 |
{
|
|
204 |
return (((zfs_ace_hdr_t *)acep)->z_access_mask); |
|
205 |
} |
|
206 |
||
207 |
static uint64_t |
|
208 |
zfs_ace_fuid_get_who(void *args) |
|
209 |
{
|
|
210 |
uint16_t entry_type; |
|
211 |
zfs_ace_t *acep = args; |
|
212 |
||
213 |
entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS; |
|
| 789 | 214 |
|
| 5331 | 215 |
if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP || |
216 |
entry_type == ACE_EVERYONE) |
|
217 |
return (-1); |
|
218 |
return (((zfs_ace_t *)acep)->z_fuid); |
|
219 |
} |
|
220 |
||
221 |
static void |
|
222 |
zfs_ace_fuid_set_type(void *acep, uint16_t type) |
|
223 |
{
|
|
224 |
((zfs_ace_hdr_t *)acep)->z_type = type; |
|
225 |
} |
|
226 |
||
227 |
static void |
|
228 |
zfs_ace_fuid_set_flags(void *acep, uint16_t flags) |
|
229 |
{
|
|
230 |
((zfs_ace_hdr_t *)acep)->z_flags = flags; |
|
231 |
} |
|
232 |
||
233 |
static void |
|
234 |
zfs_ace_fuid_set_mask(void *acep, uint32_t mask) |
|
235 |
{
|
|
236 |
((zfs_ace_hdr_t *)acep)->z_access_mask = mask; |
|
237 |
} |
|
238 |
||
239 |
static void |
|
240 |
zfs_ace_fuid_set_who(void *arg, uint64_t who) |
|
241 |
{
|
|
242 |
zfs_ace_t *acep = arg; |
|
243 |
||
244 |
uint16_t entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS; |
|
245 |
||
246 |
if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP || |
|
247 |
entry_type == ACE_EVERYONE) |
|
248 |
return; |
|
249 |
acep->z_fuid = who; |
|
250 |
} |
|
251 |
||
252 |
static size_t |
|
253 |
zfs_ace_fuid_size(void *acep) |
|
254 |
{
|
|
255 |
zfs_ace_hdr_t *zacep = acep; |
|
256 |
uint16_t entry_type; |
|
257 |
||
258 |
switch (zacep->z_type) {
|
|
259 |
case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: |
|
260 |
case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: |
|
261 |
case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: |
|
262 |
case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: |
|
263 |
return (sizeof (zfs_object_ace_t)); |
|
264 |
case ALLOW: |
|
265 |
case DENY: |
|
266 |
entry_type = |
|
267 |
(((zfs_ace_hdr_t *)acep)->z_flags & ACE_TYPE_FLAGS); |
|
268 |
if (entry_type == ACE_OWNER || |
|
|
7328
6bdcaa4505ac
6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7294
diff
changeset
|
269 |
entry_type == OWNING_GROUP || |
| 5331 | 270 |
entry_type == ACE_EVERYONE) |
271 |
return (sizeof (zfs_ace_hdr_t)); |
|
272 |
/*FALLTHROUGH*/ |
|
273 |
default: |
|
274 |
return (sizeof (zfs_ace_t)); |
|
275 |
} |
|
276 |
} |
|
277 |
||
278 |
static size_t |
|
279 |
zfs_ace_fuid_abstract_size(void) |
|
280 |
{
|
|
281 |
return (sizeof (zfs_ace_hdr_t)); |
|
282 |
} |
|
283 |
||
284 |
static int |
|
285 |
zfs_ace_fuid_mask_off(void) |
|
286 |
{
|
|
287 |
return (offsetof(zfs_ace_hdr_t, z_access_mask)); |
|
288 |
} |
|
289 |
||
290 |
static int |
|
291 |
zfs_ace_fuid_data(void *acep, void **datap) |
|
292 |
{
|
|
293 |
zfs_ace_t *zacep = acep; |
|
294 |
zfs_object_ace_t *zobjp; |
|
295 |
||
296 |
switch (zacep->z_hdr.z_type) {
|
|
297 |
case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: |
|
298 |
case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: |
|
299 |
case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: |
|
300 |
case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: |
|
301 |
zobjp = acep; |
|
302 |
*datap = (caddr_t)zobjp + sizeof (zfs_ace_t); |
|
303 |
return (sizeof (zfs_object_ace_t) - sizeof (zfs_ace_t)); |
|
304 |
default: |
|
305 |
*datap = NULL; |
|
306 |
return (0); |
|
307 |
} |
|
308 |
} |
|
309 |
||
310 |
static acl_ops_t zfs_acl_fuid_ops = {
|
|
311 |
zfs_ace_fuid_get_mask, |
|
312 |
zfs_ace_fuid_set_mask, |
|
313 |
zfs_ace_fuid_get_flags, |
|
314 |
zfs_ace_fuid_set_flags, |
|
315 |
zfs_ace_fuid_get_type, |
|
316 |
zfs_ace_fuid_set_type, |
|
317 |
zfs_ace_fuid_get_who, |
|
318 |
zfs_ace_fuid_set_who, |
|
319 |
zfs_ace_fuid_size, |
|
320 |
zfs_ace_fuid_abstract_size, |
|
321 |
zfs_ace_fuid_mask_off, |
|
322 |
zfs_ace_fuid_data |
|
323 |
}; |
|
324 |
||
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
325 |
/* |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
326 |
* The following three functions are provided for compatibility with |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
327 |
* older ZPL version in order to determine if the file use to have |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
328 |
* an external ACL and what version of ACL previously existed on the |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
329 |
* file. Would really be nice to not need this, sigh. |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
330 |
*/ |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
331 |
uint64_t |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
332 |
zfs_external_acl(znode_t *zp) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
333 |
{
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
334 |
zfs_acl_phys_t acl_phys; |
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
335 |
int error; |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
336 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
337 |
if (zp->z_is_sa) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
338 |
return (0); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
339 |
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
340 |
/* |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
341 |
* Need to deal with a potential |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
342 |
* race where zfs_sa_upgrade could cause |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
343 |
* z_isa_sa to change. |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
344 |
* |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
345 |
* If the lookup fails then the state of z_is_sa should have |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
346 |
* changed. |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
347 |
*/ |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
348 |
|
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
349 |
if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs), |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
350 |
&acl_phys, sizeof (acl_phys))) == 0) |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
351 |
return (acl_phys.z_acl_extern_obj); |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
352 |
else {
|
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
353 |
/* |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
354 |
* after upgrade the SA_ZPL_ZNODE_ACL should have been |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
355 |
* removed |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
356 |
*/ |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
357 |
VERIFY(zp->z_is_sa && error == ENOENT); |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
358 |
return (0); |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
359 |
} |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
360 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
361 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
362 |
/* |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
363 |
* Determine size of ACL in bytes |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
364 |
* |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
365 |
* This is more complicated than it should be since we have to deal |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
366 |
* with old external ACLs. |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
367 |
*/ |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
368 |
static int |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
369 |
zfs_acl_znode_info(znode_t *zp, int *aclsize, int *aclcount, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
370 |
zfs_acl_phys_t *aclphys) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
371 |
{
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
372 |
zfsvfs_t *zfsvfs = zp->z_zfsvfs; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
373 |
uint64_t acl_count; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
374 |
int size; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
375 |
int error; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
376 |
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
377 |
ASSERT(MUTEX_HELD(&zp->z_acl_lock)); |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
378 |
if (zp->z_is_sa) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
379 |
if ((error = sa_size(zp->z_sa_hdl, SA_ZPL_DACL_ACES(zfsvfs), |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
380 |
&size)) != 0) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
381 |
return (error); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
382 |
*aclsize = size; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
383 |
if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_DACL_COUNT(zfsvfs), |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
384 |
&acl_count, sizeof (acl_count))) != 0) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
385 |
return (error); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
386 |
*aclcount = acl_count; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
387 |
} else {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
388 |
if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zfsvfs), |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
389 |
aclphys, sizeof (*aclphys))) != 0) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
390 |
return (error); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
391 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
392 |
if (aclphys->z_acl_version == ZFS_ACL_VERSION_INITIAL) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
393 |
*aclsize = ZFS_ACL_SIZE(aclphys->z_acl_size); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
394 |
*aclcount = aclphys->z_acl_size; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
395 |
} else {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
396 |
*aclsize = aclphys->z_acl_size; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
397 |
*aclcount = aclphys->z_acl_count; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
398 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
399 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
400 |
return (0); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
401 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
402 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
403 |
int |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
404 |
zfs_znode_acl_version(znode_t *zp) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
405 |
{
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
406 |
zfs_acl_phys_t acl_phys; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
407 |
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
408 |
if (zp->z_is_sa) |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
409 |
return (ZFS_ACL_VERSION_FUID); |
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
410 |
else {
|
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
411 |
int error; |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
412 |
|
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
413 |
/* |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
414 |
* Need to deal with a potential |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
415 |
* race where zfs_sa_upgrade could cause |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
416 |
* z_isa_sa to change. |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
417 |
* |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
418 |
* If the lookup fails then the state of z_is_sa should have |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
419 |
* changed. |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
420 |
*/ |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
421 |
if ((error = sa_lookup(zp->z_sa_hdl, |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
422 |
SA_ZPL_ZNODE_ACL(zp->z_zfsvfs), |
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
423 |
&acl_phys, sizeof (acl_phys))) == 0) |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
424 |
return (acl_phys.z_acl_version); |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
425 |
else {
|
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
426 |
/* |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
427 |
* After upgrade SA_ZPL_ZNODE_ACL should have |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
428 |
* been removed. |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
429 |
*/ |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
430 |
VERIFY(zp->z_is_sa && error == ENOENT); |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
431 |
return (ZFS_ACL_VERSION_FUID); |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
432 |
} |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
433 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
434 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
435 |
|
| 5331 | 436 |
static int |
437 |
zfs_acl_version(int version) |
|
438 |
{
|
|
439 |
if (version < ZPL_VERSION_FUID) |
|
440 |
return (ZFS_ACL_VERSION_INITIAL); |
|
441 |
else |
|
442 |
return (ZFS_ACL_VERSION_FUID); |
|
443 |
} |
|
444 |
||
445 |
static int |
|
446 |
zfs_acl_version_zp(znode_t *zp) |
|
447 |
{
|
|
448 |
return (zfs_acl_version(zp->z_zfsvfs->z_version)); |
|
449 |
} |
|
| 789 | 450 |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
451 |
zfs_acl_t * |
| 5331 | 452 |
zfs_acl_alloc(int vers) |
| 789 | 453 |
{
|
454 |
zfs_acl_t *aclp; |
|
455 |
||
456 |
aclp = kmem_zalloc(sizeof (zfs_acl_t), KM_SLEEP); |
|
| 5331 | 457 |
list_create(&aclp->z_acl, sizeof (zfs_acl_node_t), |
458 |
offsetof(zfs_acl_node_t, z_next)); |
|
459 |
aclp->z_version = vers; |
|
460 |
if (vers == ZFS_ACL_VERSION_FUID) |
|
461 |
aclp->z_ops = zfs_acl_fuid_ops; |
|
462 |
else |
|
463 |
aclp->z_ops = zfs_acl_v0_ops; |
|
464 |
return (aclp); |
|
465 |
} |
|
466 |
||
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
467 |
zfs_acl_node_t * |
| 5331 | 468 |
zfs_acl_node_alloc(size_t bytes) |
469 |
{
|
|
470 |
zfs_acl_node_t *aclnode; |
|
471 |
||
472 |
aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP); |
|
473 |
if (bytes) {
|
|
474 |
aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP); |
|
475 |
aclnode->z_allocdata = aclnode->z_acldata; |
|
476 |
aclnode->z_allocsize = bytes; |
|
477 |
aclnode->z_size = bytes; |
|
| 789 | 478 |
} |
| 5331 | 479 |
|
480 |
return (aclnode); |
|
481 |
} |
|
482 |
||
483 |
static void |
|
484 |
zfs_acl_node_free(zfs_acl_node_t *aclnode) |
|
485 |
{
|
|
486 |
if (aclnode->z_allocsize) |
|
487 |
kmem_free(aclnode->z_allocdata, aclnode->z_allocsize); |
|
488 |
kmem_free(aclnode, sizeof (zfs_acl_node_t)); |
|
| 789 | 489 |
} |
490 |
||
|
5489
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
491 |
static void |
|
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
492 |
zfs_acl_release_nodes(zfs_acl_t *aclp) |
| 789 | 493 |
{
|
| 5331 | 494 |
zfs_acl_node_t *aclnode; |
495 |
||
496 |
while (aclnode = list_head(&aclp->z_acl)) {
|
|
497 |
list_remove(&aclp->z_acl, aclnode); |
|
498 |
zfs_acl_node_free(aclnode); |
|
| 789 | 499 |
} |
|
5489
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
500 |
aclp->z_acl_count = 0; |
|
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
501 |
aclp->z_acl_bytes = 0; |
|
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
502 |
} |
| 5331 | 503 |
|
|
5489
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
504 |
void |
|
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
505 |
zfs_acl_free(zfs_acl_t *aclp) |
|
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
506 |
{
|
|
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
507 |
zfs_acl_release_nodes(aclp); |
| 5331 | 508 |
list_destroy(&aclp->z_acl); |
| 789 | 509 |
kmem_free(aclp, sizeof (zfs_acl_t)); |
510 |
} |
|
511 |
||
| 5331 | 512 |
static boolean_t |
|
7559
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
513 |
zfs_acl_valid_ace_type(uint_t type, uint_t flags) |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
514 |
{
|
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
515 |
uint16_t entry_type; |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
516 |
|
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
517 |
switch (type) {
|
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
518 |
case ALLOW: |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
519 |
case DENY: |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
520 |
case ACE_SYSTEM_AUDIT_ACE_TYPE: |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
521 |
case ACE_SYSTEM_ALARM_ACE_TYPE: |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
522 |
entry_type = flags & ACE_TYPE_FLAGS; |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
523 |
return (entry_type == ACE_OWNER || |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
524 |
entry_type == OWNING_GROUP || |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
525 |
entry_type == ACE_EVERYONE || entry_type == 0 || |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
526 |
entry_type == ACE_IDENTIFIER_GROUP); |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
527 |
default: |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
528 |
if (type >= MIN_ACE_TYPE && type <= MAX_ACE_TYPE) |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
529 |
return (B_TRUE); |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
530 |
} |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
531 |
return (B_FALSE); |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
532 |
} |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
533 |
|
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
534 |
static boolean_t |
| 5331 | 535 |
zfs_ace_valid(vtype_t obj_type, zfs_acl_t *aclp, uint16_t type, uint16_t iflags) |
| 789 | 536 |
{
|
| 5331 | 537 |
/* |
538 |
* first check type of entry |
|
539 |
*/ |
|
540 |
||
|
7559
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
541 |
if (!zfs_acl_valid_ace_type(type, iflags)) |
| 5331 | 542 |
return (B_FALSE); |
543 |
||
544 |
switch (type) {
|
|
545 |
case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: |
|
546 |
case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: |
|
547 |
case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: |
|
548 |
case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: |
|
549 |
if (aclp->z_version < ZFS_ACL_VERSION_FUID) |
|
550 |
return (B_FALSE); |
|
551 |
aclp->z_hints |= ZFS_ACL_OBJ_ACE; |
|
552 |
} |
|
| 789 | 553 |
|
|
7559
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
554 |
/* |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
555 |
* next check inheritance level flags |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
556 |
*/ |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
557 |
|
| 7057 | 558 |
if (obj_type == VDIR && |
559 |
(iflags & (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE))) |
|
| 5331 | 560 |
aclp->z_hints |= ZFS_INHERIT_ACE; |
561 |
||
562 |
if (iflags & (ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) {
|
|
563 |
if ((iflags & (ACE_FILE_INHERIT_ACE| |
|
564 |
ACE_DIRECTORY_INHERIT_ACE)) == 0) {
|
|
565 |
return (B_FALSE); |
|
566 |
} |
|
567 |
} |
|
568 |
||
569 |
return (B_TRUE); |
|
570 |
} |
|
571 |
||
572 |
static void * |
|
573 |
zfs_acl_next_ace(zfs_acl_t *aclp, void *start, uint64_t *who, |
|
574 |
uint32_t *access_mask, uint16_t *iflags, uint16_t *type) |
|
575 |
{
|
|
576 |
zfs_acl_node_t *aclnode; |
|
577 |
||
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
578 |
ASSERT(aclp); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
579 |
|
| 5331 | 580 |
if (start == NULL) {
|
581 |
aclnode = list_head(&aclp->z_acl); |
|
582 |
if (aclnode == NULL) |
|
583 |
return (NULL); |
|
584 |
||
585 |
aclp->z_next_ace = aclnode->z_acldata; |
|
586 |
aclp->z_curr_node = aclnode; |
|
587 |
aclnode->z_ace_idx = 0; |
|
588 |
} |
|
589 |
||
590 |
aclnode = aclp->z_curr_node; |
|
591 |
||
592 |
if (aclnode == NULL) |
|
593 |
return (NULL); |
|
594 |
||
595 |
if (aclnode->z_ace_idx >= aclnode->z_ace_count) {
|
|
596 |
aclnode = list_next(&aclp->z_acl, aclnode); |
|
597 |
if (aclnode == NULL) |
|
598 |
return (NULL); |
|
599 |
else {
|
|
600 |
aclp->z_curr_node = aclnode; |
|
601 |
aclnode->z_ace_idx = 0; |
|
602 |
aclp->z_next_ace = aclnode->z_acldata; |
|
603 |
} |
|
604 |
} |
|
605 |
||
606 |
if (aclnode->z_ace_idx < aclnode->z_ace_count) {
|
|
607 |
void *acep = aclp->z_next_ace; |
|
|
7559
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
608 |
size_t ace_size; |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
609 |
|
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
610 |
/* |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
611 |
* Make sure we don't overstep our bounds |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
612 |
*/ |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
613 |
ace_size = aclp->z_ops.ace_size(acep); |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
614 |
|
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
615 |
if (((caddr_t)acep + ace_size) > |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
616 |
((caddr_t)aclnode->z_acldata + aclnode->z_size)) {
|
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
617 |
return (NULL); |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
618 |
} |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
619 |
|
| 5331 | 620 |
*iflags = aclp->z_ops.ace_flags_get(acep); |
621 |
*type = aclp->z_ops.ace_type_get(acep); |
|
622 |
*access_mask = aclp->z_ops.ace_mask_get(acep); |
|
623 |
*who = aclp->z_ops.ace_who_get(acep); |
|
|
7559
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
624 |
aclp->z_next_ace = (caddr_t)aclp->z_next_ace + ace_size; |
| 5331 | 625 |
aclnode->z_ace_idx++; |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
626 |
|
| 5331 | 627 |
return ((void *)acep); |
628 |
} |
|
629 |
return (NULL); |
|
630 |
} |
|
631 |
||
632 |
/*ARGSUSED*/ |
|
633 |
static uint64_t |
|
634 |
zfs_ace_walk(void *datap, uint64_t cookie, int aclcnt, |
|
635 |
uint16_t *flags, uint16_t *type, uint32_t *mask) |
|
636 |
{
|
|
637 |
zfs_acl_t *aclp = datap; |
|
638 |
zfs_ace_hdr_t *acep = (zfs_ace_hdr_t *)(uintptr_t)cookie; |
|
639 |
uint64_t who; |
|
640 |
||
641 |
acep = zfs_acl_next_ace(aclp, acep, &who, mask, |
|
642 |
flags, type); |
|
643 |
return ((uint64_t)(uintptr_t)acep); |
|
644 |
} |
|
645 |
||
646 |
static zfs_acl_node_t * |
|
647 |
zfs_acl_curr_node(zfs_acl_t *aclp) |
|
648 |
{
|
|
649 |
ASSERT(aclp->z_curr_node); |
|
650 |
return (aclp->z_curr_node); |
|
651 |
} |
|
652 |
||
653 |
/* |
|
654 |
* Copy ACE to internal ZFS format. |
|
655 |
* While processing the ACL each ACE will be validated for correctness. |
|
656 |
* ACE FUIDs will be created later. |
|
657 |
*/ |
|
658 |
int |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
659 |
zfs_copy_ace_2_fuid(zfsvfs_t *zfsvfs, vtype_t obj_type, zfs_acl_t *aclp, |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
660 |
void *datap, zfs_ace_t *z_acl, uint64_t aclcnt, size_t *size, |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
661 |
zfs_fuid_info_t **fuidp, cred_t *cr) |
| 5331 | 662 |
{
|
663 |
int i; |
|
664 |
uint16_t entry_type; |
|
665 |
zfs_ace_t *aceptr = z_acl; |
|
666 |
ace_t *acep = datap; |
|
667 |
zfs_object_ace_t *zobjacep; |
|
668 |
ace_object_t *aceobjp; |
|
669 |
||
670 |
for (i = 0; i != aclcnt; i++) {
|
|
671 |
aceptr->z_hdr.z_access_mask = acep->a_access_mask; |
|
672 |
aceptr->z_hdr.z_flags = acep->a_flags; |
|
673 |
aceptr->z_hdr.z_type = acep->a_type; |
|
674 |
entry_type = aceptr->z_hdr.z_flags & ACE_TYPE_FLAGS; |
|
675 |
if (entry_type != ACE_OWNER && entry_type != OWNING_GROUP && |
|
| 5824 | 676 |
entry_type != ACE_EVERYONE) {
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
677 |
aceptr->z_fuid = zfs_fuid_create(zfsvfs, acep->a_who, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
678 |
cr, (entry_type == 0) ? |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
679 |
ZFS_ACE_USER : ZFS_ACE_GROUP, fuidp); |
| 5824 | 680 |
} |
681 |
||
| 5331 | 682 |
/* |
683 |
* Make sure ACE is valid |
|
684 |
*/ |
|
685 |
if (zfs_ace_valid(obj_type, aclp, aceptr->z_hdr.z_type, |
|
686 |
aceptr->z_hdr.z_flags) != B_TRUE) |
|
687 |
return (EINVAL); |
|
688 |
||
689 |
switch (acep->a_type) {
|
|
690 |
case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: |
|
691 |
case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: |
|
692 |
case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: |
|
693 |
case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: |
|
694 |
zobjacep = (zfs_object_ace_t *)aceptr; |
|
695 |
aceobjp = (ace_object_t *)acep; |
|
696 |
||
697 |
bcopy(aceobjp->a_obj_type, zobjacep->z_object_type, |
|
698 |
sizeof (aceobjp->a_obj_type)); |
|
699 |
bcopy(aceobjp->a_inherit_obj_type, |
|
700 |
zobjacep->z_inherit_type, |
|
701 |
sizeof (aceobjp->a_inherit_obj_type)); |
|
702 |
acep = (ace_t *)((caddr_t)acep + sizeof (ace_object_t)); |
|
703 |
break; |
|
704 |
default: |
|
705 |
acep = (ace_t *)((caddr_t)acep + sizeof (ace_t)); |
|
706 |
} |
|
707 |
||
708 |
aceptr = (zfs_ace_t *)((caddr_t)aceptr + |
|
709 |
aclp->z_ops.ace_size(aceptr)); |
|
710 |
} |
|
711 |
||
712 |
*size = (caddr_t)aceptr - (caddr_t)z_acl; |
|
| 789 | 713 |
|
| 5331 | 714 |
return (0); |
715 |
} |
|
716 |
||
717 |
/* |
|
718 |
* Copy ZFS ACEs to fixed size ace_t layout |
|
719 |
*/ |
|
720 |
static void |
|
| 5771 | 721 |
zfs_copy_fuid_2_ace(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, cred_t *cr, |
722 |
void *datap, int filter) |
|
| 5331 | 723 |
{
|
724 |
uint64_t who; |
|
725 |
uint32_t access_mask; |
|
726 |
uint16_t iflags, type; |
|
727 |
zfs_ace_hdr_t *zacep = NULL; |
|
728 |
ace_t *acep = datap; |
|
729 |
ace_object_t *objacep; |
|
730 |
zfs_object_ace_t *zobjacep; |
|
731 |
size_t ace_size; |
|
732 |
uint16_t entry_type; |
|
733 |
||
734 |
while (zacep = zfs_acl_next_ace(aclp, zacep, |
|
735 |
&who, &access_mask, &iflags, &type)) {
|
|
736 |
||
737 |
switch (type) {
|
|
738 |
case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: |
|
739 |
case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: |
|
740 |
case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: |
|
741 |
case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: |
|
742 |
if (filter) {
|
|
743 |
continue; |
|
744 |
} |
|
745 |
zobjacep = (zfs_object_ace_t *)zacep; |
|
746 |
objacep = (ace_object_t *)acep; |
|
747 |
bcopy(zobjacep->z_object_type, |
|
748 |
objacep->a_obj_type, |
|
749 |
sizeof (zobjacep->z_object_type)); |
|
750 |
bcopy(zobjacep->z_inherit_type, |
|
751 |
objacep->a_inherit_obj_type, |
|
752 |
sizeof (zobjacep->z_inherit_type)); |
|
753 |
ace_size = sizeof (ace_object_t); |
|
754 |
break; |
|
755 |
default: |
|
756 |
ace_size = sizeof (ace_t); |
|
757 |
break; |
|
758 |
} |
|
759 |
||
760 |
entry_type = (iflags & ACE_TYPE_FLAGS); |
|
761 |
if ((entry_type != ACE_OWNER && |
|
|
7328
6bdcaa4505ac
6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7294
diff
changeset
|
762 |
entry_type != OWNING_GROUP && |
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
763 |
entry_type != ACE_EVERYONE)) {
|
|
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
764 |
acep->a_who = zfs_fuid_map_id(zfsvfs, who, |
|
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
765 |
cr, (entry_type & ACE_IDENTIFIER_GROUP) ? |
|
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
766 |
ZFS_ACE_GROUP : ZFS_ACE_USER); |
|
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
767 |
} else {
|
| 5331 | 768 |
acep->a_who = (uid_t)(int64_t)who; |
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
769 |
} |
| 5331 | 770 |
acep->a_access_mask = access_mask; |
771 |
acep->a_flags = iflags; |
|
772 |
acep->a_type = type; |
|
773 |
acep = (ace_t *)((caddr_t)acep + ace_size); |
|
774 |
} |
|
775 |
} |
|
776 |
||
777 |
static int |
|
778 |
zfs_copy_ace_2_oldace(vtype_t obj_type, zfs_acl_t *aclp, ace_t *acep, |
|
779 |
zfs_oldace_t *z_acl, int aclcnt, size_t *size) |
|
780 |
{
|
|
781 |
int i; |
|
782 |
zfs_oldace_t *aceptr = z_acl; |
|
783 |
||
784 |
for (i = 0; i != aclcnt; i++, aceptr++) {
|
|
785 |
aceptr->z_access_mask = acep[i].a_access_mask; |
|
786 |
aceptr->z_type = acep[i].a_type; |
|
787 |
aceptr->z_flags = acep[i].a_flags; |
|
788 |
aceptr->z_fuid = acep[i].a_who; |
|
789 |
/* |
|
790 |
* Make sure ACE is valid |
|
791 |
*/ |
|
792 |
if (zfs_ace_valid(obj_type, aclp, aceptr->z_type, |
|
793 |
aceptr->z_flags) != B_TRUE) |
|
794 |
return (EINVAL); |
|
795 |
} |
|
796 |
*size = (caddr_t)aceptr - (caddr_t)z_acl; |
|
797 |
return (0); |
|
798 |
} |
|
799 |
||
800 |
/* |
|
801 |
* convert old ACL format to new |
|
802 |
*/ |
|
803 |
void |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
804 |
zfs_acl_xform(znode_t *zp, zfs_acl_t *aclp, cred_t *cr) |
| 5331 | 805 |
{
|
806 |
zfs_oldace_t *oldaclp; |
|
807 |
int i; |
|
808 |
uint16_t type, iflags; |
|
809 |
uint32_t access_mask; |
|
810 |
uint64_t who; |
|
811 |
void *cookie = NULL; |
|
|
5489
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
812 |
zfs_acl_node_t *newaclnode; |
| 5331 | 813 |
|
814 |
ASSERT(aclp->z_version == ZFS_ACL_VERSION_INITIAL); |
|
815 |
/* |
|
816 |
* First create the ACE in a contiguous piece of memory |
|
817 |
* for zfs_copy_ace_2_fuid(). |
|
818 |
* |
|
819 |
* We only convert an ACL once, so this won't happen |
|
820 |
* everytime. |
|
821 |
*/ |
|
822 |
oldaclp = kmem_alloc(sizeof (zfs_oldace_t) * aclp->z_acl_count, |
|
823 |
KM_SLEEP); |
|
824 |
i = 0; |
|
825 |
while (cookie = zfs_acl_next_ace(aclp, cookie, &who, |
|
826 |
&access_mask, &iflags, &type)) {
|
|
827 |
oldaclp[i].z_flags = iflags; |
|
828 |
oldaclp[i].z_type = type; |
|
829 |
oldaclp[i].z_fuid = who; |
|
830 |
oldaclp[i++].z_access_mask = access_mask; |
|
831 |
} |
|
832 |
||
833 |
newaclnode = zfs_acl_node_alloc(aclp->z_acl_count * |
|
834 |
sizeof (zfs_object_ace_t)); |
|
835 |
aclp->z_ops = zfs_acl_fuid_ops; |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
836 |
VERIFY(zfs_copy_ace_2_fuid(zp->z_zfsvfs, ZTOV(zp)->v_type, aclp, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
837 |
oldaclp, newaclnode->z_acldata, aclp->z_acl_count, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
838 |
&newaclnode->z_size, NULL, cr) == 0); |
| 5331 | 839 |
newaclnode->z_ace_count = aclp->z_acl_count; |
840 |
aclp->z_version = ZFS_ACL_VERSION; |
|
841 |
kmem_free(oldaclp, aclp->z_acl_count * sizeof (zfs_oldace_t)); |
|
842 |
||
843 |
/* |
|
844 |
* Release all previous ACL nodes |
|
845 |
*/ |
|
846 |
||
|
5489
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
847 |
zfs_acl_release_nodes(aclp); |
|
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
848 |
|
| 5331 | 849 |
list_insert_head(&aclp->z_acl, newaclnode); |
|
5489
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
850 |
|
|
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
851 |
aclp->z_acl_bytes = newaclnode->z_size; |
|
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
852 |
aclp->z_acl_count = newaclnode->z_ace_count; |
|
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
853 |
|
| 789 | 854 |
} |
855 |
||
856 |
/* |
|
857 |
* Convert unix access mask to v4 access mask |
|
858 |
*/ |
|
859 |
static uint32_t |
|
860 |
zfs_unix_to_v4(uint32_t access_mask) |
|
861 |
{
|
|
862 |
uint32_t new_mask = 0; |
|
863 |
||
| 5331 | 864 |
if (access_mask & S_IXOTH) |
865 |
new_mask |= ACE_EXECUTE; |
|
866 |
if (access_mask & S_IWOTH) |
|
867 |
new_mask |= ACE_WRITE_DATA; |
|
868 |
if (access_mask & S_IROTH) |
|
| 789 | 869 |
new_mask |= ACE_READ_DATA; |
870 |
return (new_mask); |
|
871 |
} |
|
872 |
||
873 |
static void |
|
| 5331 | 874 |
zfs_set_ace(zfs_acl_t *aclp, void *acep, uint32_t access_mask, |
875 |
uint16_t access_type, uint64_t fuid, uint16_t entry_type) |
|
| 789 | 876 |
{
|
| 5331 | 877 |
uint16_t type = entry_type & ACE_TYPE_FLAGS; |
878 |
||
879 |
aclp->z_ops.ace_mask_set(acep, access_mask); |
|
880 |
aclp->z_ops.ace_type_set(acep, access_type); |
|
881 |
aclp->z_ops.ace_flags_set(acep, entry_type); |
|
|
7328
6bdcaa4505ac
6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7294
diff
changeset
|
882 |
if ((type != ACE_OWNER && type != OWNING_GROUP && |
| 5331 | 883 |
type != ACE_EVERYONE)) |
884 |
aclp->z_ops.ace_who_set(acep, fuid); |
|
| 789 | 885 |
} |
886 |
||
| 5331 | 887 |
/* |
888 |
* Determine mode of file based on ACL. |
|
889 |
* Also, create FUIDs for any User/Group ACEs |
|
890 |
*/ |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
891 |
uint64_t |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
892 |
zfs_mode_compute(uint64_t fmode, zfs_acl_t *aclp, |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
893 |
uint64_t *pflags, uint64_t fuid, uint64_t fgid) |
| 789 | 894 |
{
|
| 5331 | 895 |
int entry_type; |
896 |
mode_t mode; |
|
897 |
mode_t seen = 0; |
|
898 |
zfs_ace_hdr_t *acep = NULL; |
|
899 |
uint64_t who; |
|
900 |
uint16_t iflags, type; |
|
901 |
uint32_t access_mask; |
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
902 |
boolean_t an_exec_denied = B_FALSE; |
| 789 | 903 |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
904 |
mode = (fmode & (S_IFMT | S_ISUID | S_ISGID | S_ISVTX)); |
| 5331 | 905 |
|
906 |
while (acep = zfs_acl_next_ace(aclp, acep, &who, |
|
907 |
&access_mask, &iflags, &type)) {
|
|
|
4869
f123f22fc641
6590376 Fails to chmod on a zfs volume with windows ACL
marks
parents:
4321
diff
changeset
|
908 |
|
|
7559
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
909 |
if (!zfs_acl_valid_ace_type(type, iflags)) |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
910 |
continue; |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
911 |
|
|
7328
6bdcaa4505ac
6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7294
diff
changeset
|
912 |
entry_type = (iflags & ACE_TYPE_FLAGS); |
|
6bdcaa4505ac
6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7294
diff
changeset
|
913 |
|
|
4869
f123f22fc641
6590376 Fails to chmod on a zfs volume with windows ACL
marks
parents:
4321
diff
changeset
|
914 |
/* |
|
7328
6bdcaa4505ac
6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7294
diff
changeset
|
915 |
* Skip over owner@, group@ or everyone@ inherit only ACEs |
|
4869
f123f22fc641
6590376 Fails to chmod on a zfs volume with windows ACL
marks
parents:
4321
diff
changeset
|
916 |
*/ |
|
7328
6bdcaa4505ac
6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7294
diff
changeset
|
917 |
if ((iflags & ACE_INHERIT_ONLY_ACE) && |
|
6bdcaa4505ac
6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7294
diff
changeset
|
918 |
(entry_type == ACE_OWNER || entry_type == ACE_EVERYONE || |
|
6bdcaa4505ac
6736457 dmu_tx_dirty_buf+297 panic while Win2003 is copying i386 folder from win2003 CD-ROM to Nevada
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7294
diff
changeset
|
919 |
entry_type == OWNING_GROUP)) |
|
4869
f123f22fc641
6590376 Fails to chmod on a zfs volume with windows ACL
marks
parents:
4321
diff
changeset
|
920 |
continue; |
|
f123f22fc641
6590376 Fails to chmod on a zfs volume with windows ACL
marks
parents:
4321
diff
changeset
|
921 |
|
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
922 |
if (entry_type == ACE_OWNER || (entry_type == 0 && |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
923 |
who == fuid)) {
|
| 5331 | 924 |
if ((access_mask & ACE_READ_DATA) && |
| 789 | 925 |
(!(seen & S_IRUSR))) {
|
926 |
seen |= S_IRUSR; |
|
| 5331 | 927 |
if (type == ALLOW) {
|
| 789 | 928 |
mode |= S_IRUSR; |
929 |
} |
|
930 |
} |
|
| 5331 | 931 |
if ((access_mask & ACE_WRITE_DATA) && |
| 789 | 932 |
(!(seen & S_IWUSR))) {
|
933 |
seen |= S_IWUSR; |
|
| 5331 | 934 |
if (type == ALLOW) {
|
| 789 | 935 |
mode |= S_IWUSR; |
936 |
} |
|
937 |
} |
|
| 5331 | 938 |
if ((access_mask & ACE_EXECUTE) && |
| 789 | 939 |
(!(seen & S_IXUSR))) {
|
940 |
seen |= S_IXUSR; |
|
| 5331 | 941 |
if (type == ALLOW) {
|
| 789 | 942 |
mode |= S_IXUSR; |
943 |
} |
|
944 |
} |
|
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
945 |
} else if (entry_type == OWNING_GROUP || |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
946 |
(entry_type == ACE_IDENTIFIER_GROUP && who == fgid)) {
|
| 5331 | 947 |
if ((access_mask & ACE_READ_DATA) && |
| 789 | 948 |
(!(seen & S_IRGRP))) {
|
949 |
seen |= S_IRGRP; |
|
| 5331 | 950 |
if (type == ALLOW) {
|
| 789 | 951 |
mode |= S_IRGRP; |
952 |
} |
|
953 |
} |
|
| 5331 | 954 |
if ((access_mask & ACE_WRITE_DATA) && |
| 789 | 955 |
(!(seen & S_IWGRP))) {
|
956 |
seen |= S_IWGRP; |
|
| 5331 | 957 |
if (type == ALLOW) {
|
| 789 | 958 |
mode |= S_IWGRP; |
959 |
} |
|
960 |
} |
|
| 5331 | 961 |
if ((access_mask & ACE_EXECUTE) && |
| 789 | 962 |
(!(seen & S_IXGRP))) {
|
963 |
seen |= S_IXGRP; |
|
| 5331 | 964 |
if (type == ALLOW) {
|
| 789 | 965 |
mode |= S_IXGRP; |
966 |
} |
|
967 |
} |
|
968 |
} else if (entry_type == ACE_EVERYONE) {
|
|
| 5331 | 969 |
if ((access_mask & ACE_READ_DATA)) {
|
| 789 | 970 |
if (!(seen & S_IRUSR)) {
|
971 |
seen |= S_IRUSR; |
|
| 5331 | 972 |
if (type == ALLOW) {
|
| 789 | 973 |
mode |= S_IRUSR; |
974 |
} |
|
975 |
} |
|
976 |
if (!(seen & S_IRGRP)) {
|
|
977 |
seen |= S_IRGRP; |
|
| 5331 | 978 |
if (type == ALLOW) {
|
| 789 | 979 |
mode |= S_IRGRP; |
980 |
} |
|
981 |
} |
|
982 |
if (!(seen & S_IROTH)) {
|
|
983 |
seen |= S_IROTH; |
|
| 5331 | 984 |
if (type == ALLOW) {
|
| 789 | 985 |
mode |= S_IROTH; |
986 |
} |
|
987 |
} |
|
988 |
} |
|
| 5331 | 989 |
if ((access_mask & ACE_WRITE_DATA)) {
|
| 789 | 990 |
if (!(seen & S_IWUSR)) {
|
991 |
seen |= S_IWUSR; |
|
| 5331 | 992 |
if (type == ALLOW) {
|
| 789 | 993 |
mode |= S_IWUSR; |
994 |
} |
|
995 |
} |
|
996 |
if (!(seen & S_IWGRP)) {
|
|
997 |
seen |= S_IWGRP; |
|
| 5331 | 998 |
if (type == ALLOW) {
|
| 789 | 999 |
mode |= S_IWGRP; |
1000 |
} |
|
1001 |
} |
|
1002 |
if (!(seen & S_IWOTH)) {
|
|
1003 |
seen |= S_IWOTH; |
|
| 5331 | 1004 |
if (type == ALLOW) {
|
| 789 | 1005 |
mode |= S_IWOTH; |
1006 |
} |
|
1007 |
} |
|
1008 |
} |
|
| 5331 | 1009 |
if ((access_mask & ACE_EXECUTE)) {
|
| 789 | 1010 |
if (!(seen & S_IXUSR)) {
|
1011 |
seen |= S_IXUSR; |
|
| 5331 | 1012 |
if (type == ALLOW) {
|
| 789 | 1013 |
mode |= S_IXUSR; |
1014 |
} |
|
1015 |
} |
|
1016 |
if (!(seen & S_IXGRP)) {
|
|
1017 |
seen |= S_IXGRP; |
|
| 5331 | 1018 |
if (type == ALLOW) {
|
| 789 | 1019 |
mode |= S_IXGRP; |
1020 |
} |
|
1021 |
} |
|
1022 |
if (!(seen & S_IXOTH)) {
|
|
1023 |
seen |= S_IXOTH; |
|
| 5331 | 1024 |
if (type == ALLOW) {
|
| 789 | 1025 |
mode |= S_IXOTH; |
1026 |
} |
|
1027 |
} |
|
1028 |
} |
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1029 |
} else {
|
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1030 |
/* |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1031 |
* Only care if this IDENTIFIER_GROUP or |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1032 |
* USER ACE denies execute access to someone, |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1033 |
* mode is not affected |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1034 |
*/ |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1035 |
if ((access_mask & ACE_EXECUTE) && type == DENY) |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1036 |
an_exec_denied = B_TRUE; |
| 789 | 1037 |
} |
1038 |
} |
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1039 |
|
|
10143
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1040 |
/* |
|
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1041 |
* Failure to allow is effectively a deny, so execute permission |
|
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1042 |
* is denied if it was never mentioned or if we explicitly |
|
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1043 |
* weren't allowed it. |
|
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1044 |
*/ |
|
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1045 |
if (!an_exec_denied && |
|
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1046 |
((seen & ALL_MODE_EXECS) != ALL_MODE_EXECS || |
|
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1047 |
(mode & ALL_MODE_EXECS) != ALL_MODE_EXECS)) |
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1048 |
an_exec_denied = B_TRUE; |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1049 |
|
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1050 |
if (an_exec_denied) |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1051 |
*pflags &= ~ZFS_NO_EXECS_DENIED; |
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1052 |
else |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1053 |
*pflags |= ZFS_NO_EXECS_DENIED; |
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1054 |
|
| 789 | 1055 |
return (mode); |
1056 |
} |
|
1057 |
||
1058 |
/* |
|
|
10143
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1059 |
* Read an external acl object. If the intent is to modify, always |
|
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1060 |
* create a new acl and leave any cached acl in place. |
| 789 | 1061 |
*/ |
| 1544 | 1062 |
static int |
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1063 |
zfs_acl_node_read(znode_t *zp, boolean_t have_lock, zfs_acl_t **aclpp, |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1064 |
boolean_t will_modify) |
| 789 | 1065 |
{
|
1066 |
zfs_acl_t *aclp; |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1067 |
int aclsize; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1068 |
int acl_count; |
| 5331 | 1069 |
zfs_acl_node_t *aclnode; |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1070 |
zfs_acl_phys_t znode_acl; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1071 |
int version; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1072 |
int error; |
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1073 |
boolean_t drop_lock = B_FALSE; |
| 789 | 1074 |
|
1075 |
ASSERT(MUTEX_HELD(&zp->z_acl_lock)); |
|
1076 |
||
|
10143
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1077 |
if (zp->z_acl_cached && !will_modify) {
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1078 |
*aclpp = zp->z_acl_cached; |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1079 |
return (0); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1080 |
} |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1081 |
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1082 |
/* |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1083 |
* close race where znode could be upgrade while trying to |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1084 |
* read the znode attributes. |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1085 |
* |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1086 |
* But this could only happen if the file isn't already an SA |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1087 |
* znode |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1088 |
*/ |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1089 |
if (!zp->z_is_sa && !have_lock) {
|
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1090 |
mutex_enter(&zp->z_lock); |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1091 |
drop_lock = B_TRUE; |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1092 |
} |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1093 |
version = zfs_znode_acl_version(zp); |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1094 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1095 |
if ((error = zfs_acl_znode_info(zp, &aclsize, |
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1096 |
&acl_count, &znode_acl)) != 0) {
|
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1097 |
goto done; |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1098 |
} |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1099 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1100 |
aclp = zfs_acl_alloc(version); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1101 |
|
| 5331 | 1102 |
aclp->z_acl_count = acl_count; |
1103 |
aclp->z_acl_bytes = aclsize; |
|
1104 |
||
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1105 |
aclnode = zfs_acl_node_alloc(aclsize); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1106 |
aclnode->z_ace_count = aclp->z_acl_count; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1107 |
aclnode->z_size = aclsize; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1108 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1109 |
if (!zp->z_is_sa) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1110 |
if (znode_acl.z_acl_extern_obj) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1111 |
error = dmu_read(zp->z_zfsvfs->z_os, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1112 |
znode_acl.z_acl_extern_obj, 0, aclnode->z_size, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1113 |
aclnode->z_acldata, DMU_READ_PREFETCH); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1114 |
} else {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1115 |
bcopy(znode_acl.z_ace_data, aclnode->z_acldata, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1116 |
aclnode->z_size); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1117 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1118 |
} else {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1119 |
error = sa_lookup(zp->z_sa_hdl, SA_ZPL_DACL_ACES(zp->z_zfsvfs), |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1120 |
aclnode->z_acldata, aclnode->z_size); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1121 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1122 |
|
| 1544 | 1123 |
if (error != 0) {
|
1124 |
zfs_acl_free(aclp); |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1125 |
zfs_acl_node_free(aclnode); |
| 7294 | 1126 |
/* convert checksum errors into IO errors */ |
1127 |
if (error == ECKSUM) |
|
1128 |
error = EIO; |
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1129 |
goto done; |
| 1544 | 1130 |
} |
| 789 | 1131 |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1132 |
list_insert_head(&aclp->z_acl, aclnode); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1133 |
|
|
10143
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1134 |
*aclpp = aclp; |
|
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1135 |
if (!will_modify) |
|
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1136 |
zp->z_acl_cached = aclp; |
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1137 |
done: |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1138 |
if (drop_lock) |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1139 |
mutex_exit(&zp->z_lock); |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1140 |
return (error); |
| 789 | 1141 |
} |
1142 |
||
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1143 |
/*ARGSUSED*/ |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1144 |
void |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1145 |
zfs_acl_data_locator(void **dataptr, uint32_t *length, uint32_t buflen, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1146 |
boolean_t start, void *userdata) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1147 |
{
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1148 |
zfs_acl_locator_cb_t *cb = (zfs_acl_locator_cb_t *)userdata; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1149 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1150 |
if (start) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1151 |
cb->cb_acl_node = list_head(&cb->cb_aclp->z_acl); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1152 |
} else {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1153 |
cb->cb_acl_node = list_next(&cb->cb_aclp->z_acl, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1154 |
cb->cb_acl_node); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1155 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1156 |
*dataptr = cb->cb_acl_node->z_acldata; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1157 |
*length = cb->cb_acl_node->z_size; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1158 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1159 |
|
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1160 |
int |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1161 |
zfs_acl_chown_setattr(znode_t *zp) |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1162 |
{
|
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1163 |
int error; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1164 |
zfs_acl_t *aclp; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1165 |
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1166 |
ASSERT(MUTEX_HELD(&zp->z_lock)); |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1167 |
ASSERT(MUTEX_HELD(&zp->z_acl_lock)); |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1168 |
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1169 |
if ((error = zfs_acl_node_read(zp, B_TRUE, &aclp, B_FALSE)) == 0) |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1170 |
zp->z_mode = zfs_mode_compute(zp->z_mode, aclp, |
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
1171 |
&zp->z_pflags, zp->z_uid, zp->z_gid); |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1172 |
return (error); |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1173 |
} |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1174 |
|
| 789 | 1175 |
/* |
| 5331 | 1176 |
* common code for setting ACLs. |
| 789 | 1177 |
* |
1178 |
* This function is called from zfs_mode_update, zfs_perm_init, and zfs_setacl. |
|
1179 |
* zfs_setacl passes a non-NULL inherit pointer (ihp) to indicate that it's |
|
1180 |
* already checked the acl and knows whether to inherit. |
|
1181 |
*/ |
|
1182 |
int |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1183 |
zfs_aclset_common(znode_t *zp, zfs_acl_t *aclp, cred_t *cr, dmu_tx_t *tx) |
| 789 | 1184 |
{
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1185 |
int error; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1186 |
zfsvfs_t *zfsvfs = zp->z_zfsvfs; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1187 |
dmu_object_type_t otype; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1188 |
zfs_acl_locator_cb_t locate = { 0 };
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1189 |
uint64_t mode; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1190 |
sa_bulk_attr_t bulk[5]; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1191 |
uint64_t ctime[2]; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1192 |
int count = 0; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1193 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1194 |
mode = zp->z_mode; |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1195 |
|
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
1196 |
mode = zfs_mode_compute(mode, aclp, &zp->z_pflags, |
|
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
1197 |
zp->z_uid, zp->z_gid); |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1198 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1199 |
zp->z_mode = mode; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1200 |
SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs), NULL, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1201 |
&mode, sizeof (mode)); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1202 |
SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1203 |
&zp->z_pflags, sizeof (zp->z_pflags)); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1204 |
SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1205 |
&ctime, sizeof (ctime)); |
| 789 | 1206 |
|
|
10143
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
1207 |
if (zp->z_acl_cached) {
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1208 |
zfs_acl_free(zp->z_acl_cached); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1209 |
zp->z_acl_cached = NULL; |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1210 |
} |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
1211 |
|
| 789 | 1212 |
/* |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1213 |
* Upgrade needed? |
| 789 | 1214 |
*/ |
| 5331 | 1215 |
if (!zfsvfs->z_use_fuids) {
|
1216 |
otype = DMU_OT_OLDACL; |
|
1217 |
} else {
|
|
1218 |
if ((aclp->z_version == ZFS_ACL_VERSION_INITIAL) && |
|
1219 |
(zfsvfs->z_version >= ZPL_VERSION_FUID)) |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1220 |
zfs_acl_xform(zp, aclp, cr); |
| 5331 | 1221 |
ASSERT(aclp->z_version >= ZFS_ACL_VERSION_FUID); |
1222 |
otype = DMU_OT_ACL; |
|
1223 |
} |
|
1224 |
||
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1225 |
/* |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1226 |
* Arrgh, we have to handle old on disk format |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1227 |
* as well as newer (preferred) SA format. |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1228 |
*/ |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1229 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1230 |
if (zp->z_is_sa) { /* the easy case, just update the ACL attribute */
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1231 |
locate.cb_aclp = aclp; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1232 |
SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_DACL_ACES(zfsvfs), |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1233 |
zfs_acl_data_locator, &locate, aclp->z_acl_bytes); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1234 |
SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_DACL_COUNT(zfsvfs), |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1235 |
NULL, &aclp->z_acl_count, sizeof (uint64_t)); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1236 |
} else { /* Painful legacy way */
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1237 |
zfs_acl_node_t *aclnode; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1238 |
uint64_t off = 0; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1239 |
zfs_acl_phys_t acl_phys; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1240 |
uint64_t aoid; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1241 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1242 |
if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zfsvfs), |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1243 |
&acl_phys, sizeof (acl_phys))) != 0) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1244 |
return (error); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1245 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1246 |
aoid = acl_phys.z_acl_extern_obj; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1247 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1248 |
if (aclp->z_acl_bytes > ZFS_ACE_SPACE) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1249 |
/* |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1250 |
* If ACL was previously external and we are now |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1251 |
* converting to new ACL format then release old |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1252 |
* ACL object and create a new one. |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1253 |
*/ |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1254 |
if (aoid && |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1255 |
aclp->z_version != acl_phys.z_acl_version) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1256 |
error = dmu_object_free(zfsvfs->z_os, aoid, tx); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1257 |
if (error) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1258 |
return (error); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1259 |
aoid = 0; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1260 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1261 |
if (aoid == 0) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1262 |
aoid = dmu_object_alloc(zfsvfs->z_os, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1263 |
otype, aclp->z_acl_bytes, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1264 |
otype == DMU_OT_ACL ? |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1265 |
DMU_OT_SYSACL : DMU_OT_NONE, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1266 |
otype == DMU_OT_ACL ? |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1267 |
DN_MAX_BONUSLEN : 0, tx); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1268 |
} else {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1269 |
(void) dmu_object_set_blocksize(zfsvfs->z_os, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1270 |
aoid, aclp->z_acl_bytes, 0, tx); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1271 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1272 |
acl_phys.z_acl_extern_obj = aoid; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1273 |
for (aclnode = list_head(&aclp->z_acl); aclnode; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1274 |
aclnode = list_next(&aclp->z_acl, aclnode)) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1275 |
if (aclnode->z_ace_count == 0) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1276 |
continue; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1277 |
dmu_write(zfsvfs->z_os, aoid, off, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1278 |
aclnode->z_size, aclnode->z_acldata, tx); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1279 |
off += aclnode->z_size; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1280 |
} |
| 789 | 1281 |
} else {
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1282 |
void *start = acl_phys.z_ace_data; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1283 |
/* |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1284 |
* Migrating back embedded? |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1285 |
*/ |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1286 |
if (acl_phys.z_acl_extern_obj) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1287 |
error = dmu_object_free(zfsvfs->z_os, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1288 |
acl_phys.z_acl_extern_obj, tx); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1289 |
if (error) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1290 |
return (error); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1291 |
acl_phys.z_acl_extern_obj = 0; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1292 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1293 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1294 |
for (aclnode = list_head(&aclp->z_acl); aclnode; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1295 |
aclnode = list_next(&aclp->z_acl, aclnode)) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1296 |
if (aclnode->z_ace_count == 0) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1297 |
continue; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1298 |
bcopy(aclnode->z_acldata, start, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1299 |
aclnode->z_size); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1300 |
start = (caddr_t)start + aclnode->z_size; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1301 |
} |
| 5331 | 1302 |
} |
| 789 | 1303 |
/* |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1304 |
* If Old version then swap count/bytes to match old |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1305 |
* layout of znode_acl_phys_t. |
| 789 | 1306 |
*/ |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1307 |
if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1308 |
acl_phys.z_acl_size = aclp->z_acl_count; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1309 |
acl_phys.z_acl_count = aclp->z_acl_bytes; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1310 |
} else {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1311 |
acl_phys.z_acl_size = aclp->z_acl_bytes; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1312 |
acl_phys.z_acl_count = aclp->z_acl_count; |
| 789 | 1313 |
} |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1314 |
acl_phys.z_acl_version = aclp->z_version; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1315 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1316 |
SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_ZNODE_ACL(zfsvfs), NULL, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1317 |
&acl_phys, sizeof (acl_phys)); |
| 789 | 1318 |
} |
|
905
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
1319 |
|
| 5331 | 1320 |
/* |
1321 |
* Replace ACL wide bits, but first clear them. |
|
1322 |
*/ |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1323 |
zp->z_pflags &= ~ZFS_ACL_WIDE_FLAGS; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1324 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1325 |
zp->z_pflags |= aclp->z_hints; |
| 5331 | 1326 |
|
1327 |
if (ace_trivial_common(aclp, 0, zfs_ace_walk) == 0) |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1328 |
zp->z_pflags |= ZFS_ACL_TRIVIAL; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1329 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1330 |
zfs_tstamp_update_setup(zp, STATE_CHANGED, NULL, ctime, B_TRUE); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1331 |
return (sa_bulk_update(zp->z_sa_hdl, bulk, count, tx)); |
| 789 | 1332 |
} |
1333 |
||
1334 |
static void |
|
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1335 |
zfs_acl_chmod(vtype_t vtype, uint64_t mode, boolean_t trim, zfs_acl_t *aclp) |
| 789 | 1336 |
{
|
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1337 |
void *acep = NULL; |
| 5331 | 1338 |
uint64_t who; |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1339 |
int new_count, new_bytes; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1340 |
int ace_size; |
| 789 | 1341 |
int entry_type; |
| 5331 | 1342 |
uint16_t iflags, type; |
1343 |
uint32_t access_mask; |
|
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1344 |
zfs_acl_node_t *newnode; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1345 |
size_t abstract_size = aclp->z_ops.ace_abstract_size(); |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1346 |
void *zacep; |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1347 |
boolean_t isdir; |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1348 |
trivial_acl_t masks; |
| 789 | 1349 |
|
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1350 |
new_count = new_bytes = 0; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1351 |
|
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1352 |
isdir = (vtype == VDIR); |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1353 |
|
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1354 |
acl_trivial_access_masks((mode_t)mode, isdir, &masks); |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1355 |
|
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1356 |
newnode = zfs_acl_node_alloc((abstract_size * 6) + aclp->z_acl_bytes); |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1357 |
|
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1358 |
zacep = newnode->z_acldata; |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1359 |
if (masks.allow0) {
|
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1360 |
zfs_set_ace(aclp, zacep, masks.allow0, ALLOW, -1, ACE_OWNER); |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1361 |
zacep = (void *)((uintptr_t)zacep + abstract_size); |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1362 |
new_count++; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1363 |
new_bytes += abstract_size; |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1364 |
} if (masks.deny1) {
|
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1365 |
zfs_set_ace(aclp, zacep, masks.deny1, DENY, -1, ACE_OWNER); |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1366 |
zacep = (void *)((uintptr_t)zacep + abstract_size); |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1367 |
new_count++; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1368 |
new_bytes += abstract_size; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1369 |
} |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1370 |
if (masks.deny2) {
|
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1371 |
zfs_set_ace(aclp, zacep, masks.deny2, DENY, -1, OWNING_GROUP); |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1372 |
zacep = (void *)((uintptr_t)zacep + abstract_size); |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1373 |
new_count++; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1374 |
new_bytes += abstract_size; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1375 |
} |
|
5489
25bfaf065197
6601830 mismatch between zfs_mount() behavior and comment
marks
parents:
5435
diff
changeset
|
1376 |
|
| 5331 | 1377 |
while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask, |
1378 |
&iflags, &type)) {
|
|
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1379 |
uint16_t inherit_flags; |
| 5331 | 1380 |
|
1381 |
entry_type = (iflags & ACE_TYPE_FLAGS); |
|
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1382 |
inherit_flags = (iflags & ALL_INHERIT); |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1383 |
|
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1384 |
if ((entry_type == ACE_OWNER || entry_type == ACE_EVERYONE || |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1385 |
(entry_type == OWNING_GROUP)) && |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1386 |
((inherit_flags & ACE_INHERIT_ONLY_ACE) == 0)) {
|
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1387 |
continue; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1388 |
} |
| 789 | 1389 |
|
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1390 |
/* |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1391 |
* If this ACL has any inheritable ACEs, mark that in |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1392 |
* the hints (which are later masked into the pflags) |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1393 |
* so create knows to do inheritance. |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1394 |
*/ |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1395 |
if (isdir && (inherit_flags & |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1396 |
(ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE))) |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1397 |
aclp->z_hints |= ZFS_INHERIT_ACE; |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1398 |
|
| 5331 | 1399 |
if ((type != ALLOW && type != DENY) || |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1400 |
(inherit_flags & ACE_INHERIT_ONLY_ACE)) {
|
| 5331 | 1401 |
switch (type) {
|
1402 |
case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: |
|
1403 |
case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: |
|
1404 |
case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: |
|
1405 |
case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: |
|
1406 |
aclp->z_hints |= ZFS_ACL_OBJ_ACE; |
|
1407 |
break; |
|
1408 |
} |
|
| 789 | 1409 |
} else {
|
1410 |
||
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1411 |
/* |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1412 |
* Limit permissions to be no greater than |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1413 |
* group permissions. |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1414 |
* The "aclinherit" and "aclmode" properties |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1415 |
* affect policy for create and chmod(2), |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1416 |
* respectively. |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1417 |
*/ |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1418 |
if ((type == ALLOW) && trim) |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1419 |
access_mask &= masks.group; |
| 789 | 1420 |
} |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1421 |
zfs_set_ace(aclp, zacep, access_mask, type, who, iflags); |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1422 |
ace_size = aclp->z_ops.ace_size(acep); |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1423 |
zacep = (void *)((uintptr_t)zacep + ace_size); |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1424 |
new_count++; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1425 |
new_bytes += ace_size; |
| 789 | 1426 |
} |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1427 |
zfs_set_ace(aclp, zacep, masks.owner, 0, -1, ACE_OWNER); |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1428 |
zacep = (void *)((uintptr_t)zacep + abstract_size); |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1429 |
zfs_set_ace(aclp, zacep, masks.group, 0, -1, OWNING_GROUP); |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1430 |
zacep = (void *)((uintptr_t)zacep + abstract_size); |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1431 |
zfs_set_ace(aclp, zacep, masks.everyone, 0, -1, ACE_EVERYONE); |
| 789 | 1432 |
|
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1433 |
new_count += 3; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1434 |
new_bytes += abstract_size * 3; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1435 |
zfs_acl_release_nodes(aclp); |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1436 |
aclp->z_acl_count = new_count; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1437 |
aclp->z_acl_bytes = new_bytes; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1438 |
newnode->z_ace_count = new_count; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1439 |
newnode->z_size = new_bytes; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1440 |
list_insert_tail(&aclp->z_acl, newnode); |
| 789 | 1441 |
} |
1442 |
||
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1443 |
int |
| 5824 | 1444 |
zfs_acl_chmod_setattr(znode_t *zp, zfs_acl_t **aclp, uint64_t mode) |
| 789 | 1445 |
{
|
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1446 |
int error = 0; |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1447 |
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1448 |
mutex_enter(&zp->z_acl_lock); |
| 5824 | 1449 |
mutex_enter(&zp->z_lock); |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1450 |
if (zp->z_zfsvfs->z_acl_mode == ZFS_ACL_DISCARD) |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1451 |
*aclp = zfs_acl_alloc(zfs_acl_version_zp(zp)); |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1452 |
else |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1453 |
error = zfs_acl_node_read(zp, B_TRUE, aclp, B_TRUE); |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1454 |
|
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1455 |
if (error == 0) {
|
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1456 |
(*aclp)->z_hints = zp->z_pflags & V4_ACL_WIDE_FLAGS; |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1457 |
zfs_acl_chmod(ZTOV(zp)->v_type, mode, |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1458 |
(zp->z_zfsvfs->z_acl_mode == ZFS_ACL_GROUPMASK), *aclp); |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1459 |
} |
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1460 |
mutex_exit(&zp->z_lock); |
| 789 | 1461 |
mutex_exit(&zp->z_acl_lock); |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1462 |
|
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1463 |
return (error); |
| 789 | 1464 |
} |
1465 |
||
1466 |
/* |
|
1467 |
* strip off write_owner and write_acl |
|
1468 |
*/ |
|
1469 |
static void |
|
|
6385
5437941ec5a1
PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules
marks
parents:
6257
diff
changeset
|
1470 |
zfs_restricted_update(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, void *acep) |
| 789 | 1471 |
{
|
| 5331 | 1472 |
uint32_t mask = aclp->z_ops.ace_mask_get(acep); |
1473 |
||
|
6385
5437941ec5a1
PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules
marks
parents:
6257
diff
changeset
|
1474 |
if ((zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED) && |
| 5331 | 1475 |
(aclp->z_ops.ace_type_get(acep) == ALLOW)) {
|
|
6385
5437941ec5a1
PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules
marks
parents:
6257
diff
changeset
|
1476 |
mask &= ~RESTRICTED_CLEAR; |
| 5331 | 1477 |
aclp->z_ops.ace_mask_set(acep, mask); |
1478 |
} |
|
1479 |
} |
|
1480 |
||
1481 |
/* |
|
1482 |
* Should ACE be inherited? |
|
1483 |
*/ |
|
1484 |
static int |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1485 |
zfs_ace_can_use(vtype_t vtype, uint16_t acep_flags) |
| 5331 | 1486 |
{
|
1487 |
int iflags = (acep_flags & 0xf); |
|
1488 |
||
1489 |
if ((vtype == VDIR) && (iflags & ACE_DIRECTORY_INHERIT_ACE)) |
|
1490 |
return (1); |
|
1491 |
else if (iflags & ACE_FILE_INHERIT_ACE) |
|
1492 |
return (!((vtype == VDIR) && |
|
1493 |
(iflags & ACE_NO_PROPAGATE_INHERIT_ACE))); |
|
1494 |
return (0); |
|
| 789 | 1495 |
} |
1496 |
||
1497 |
/* |
|
1498 |
* inherit inheritable ACEs from parent |
|
1499 |
*/ |
|
1500 |
static zfs_acl_t * |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1501 |
zfs_acl_inherit(zfsvfs_t *zfsvfs, vtype_t vtype, zfs_acl_t *paclp, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1502 |
uint64_t mode, boolean_t *need_chmod) |
| 789 | 1503 |
{
|
| 5331 | 1504 |
void *pacep; |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1505 |
void *acep; |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1506 |
zfs_acl_node_t *aclnode; |
| 789 | 1507 |
zfs_acl_t *aclp = NULL; |
| 5331 | 1508 |
uint64_t who; |
1509 |
uint32_t access_mask; |
|
1510 |
uint16_t iflags, newflags, type; |
|
1511 |
size_t ace_size; |
|
1512 |
void *data1, *data2; |
|
1513 |
size_t data1sz, data2sz; |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1514 |
boolean_t vdir = vtype == VDIR; |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1515 |
boolean_t vreg = vtype == VREG; |
|
8053
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1516 |
boolean_t passthrough, passthrough_x, noallow; |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1517 |
|
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1518 |
passthrough_x = |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1519 |
zfsvfs->z_acl_inherit == ZFS_ACL_PASSTHROUGH_X; |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1520 |
passthrough = passthrough_x || |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1521 |
zfsvfs->z_acl_inherit == ZFS_ACL_PASSTHROUGH; |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1522 |
noallow = |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1523 |
zfsvfs->z_acl_inherit == ZFS_ACL_NOALLOW; |
| 789 | 1524 |
|
|
6385
5437941ec5a1
PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules
marks
parents:
6257
diff
changeset
|
1525 |
*need_chmod = B_TRUE; |
| 5331 | 1526 |
pacep = NULL; |
|
7559
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
1527 |
aclp = zfs_acl_alloc(paclp->z_version); |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1528 |
if (zfsvfs->z_acl_inherit == ZFS_ACL_DISCARD || vtype == VLNK) |
|
8053
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1529 |
return (aclp); |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1530 |
while (pacep = zfs_acl_next_ace(paclp, pacep, &who, |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1531 |
&access_mask, &iflags, &type)) {
|
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1532 |
|
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1533 |
/* |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1534 |
* don't inherit bogus ACEs |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1535 |
*/ |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1536 |
if (!zfs_acl_valid_ace_type(type, iflags)) |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1537 |
continue; |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1538 |
|
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1539 |
if (noallow && type == ALLOW) |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1540 |
continue; |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1541 |
|
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1542 |
ace_size = aclp->z_ops.ace_size(pacep); |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1543 |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1544 |
if (!zfs_ace_can_use(vtype, iflags)) |
|
8053
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1545 |
continue; |
| 789 | 1546 |
|
|
8053
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1547 |
/* |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1548 |
* If owner@, group@, or everyone@ inheritable |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1549 |
* then zfs_acl_chmod() isn't needed. |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1550 |
*/ |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1551 |
if (passthrough && |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1552 |
((iflags & (ACE_OWNER|ACE_EVERYONE)) || |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1553 |
((iflags & OWNING_GROUP) == |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1554 |
OWNING_GROUP)) && (vreg || (vdir && (iflags & |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1555 |
ACE_DIRECTORY_INHERIT_ACE)))) {
|
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1556 |
*need_chmod = B_FALSE; |
|
11969
cdd98a239cd1
PSARC/2010/009 Modified ZFS passthrough-x ACL inheritance
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11935
diff
changeset
|
1557 |
} |
|
cdd98a239cd1
PSARC/2010/009 Modified ZFS passthrough-x ACL inheritance
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11935
diff
changeset
|
1558 |
|
|
cdd98a239cd1
PSARC/2010/009 Modified ZFS passthrough-x ACL inheritance
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11935
diff
changeset
|
1559 |
if (!vdir && passthrough_x && |
|
cdd98a239cd1
PSARC/2010/009 Modified ZFS passthrough-x ACL inheritance
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11935
diff
changeset
|
1560 |
((mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0)) {
|
|
cdd98a239cd1
PSARC/2010/009 Modified ZFS passthrough-x ACL inheritance
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11935
diff
changeset
|
1561 |
access_mask &= ~ACE_EXECUTE; |
|
8053
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1562 |
} |
| 789 | 1563 |
|
|
8053
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1564 |
aclnode = zfs_acl_node_alloc(ace_size); |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1565 |
list_insert_tail(&aclp->z_acl, aclnode); |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1566 |
acep = aclnode->z_acldata; |
|
6385
5437941ec5a1
PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules
marks
parents:
6257
diff
changeset
|
1567 |
|
|
8053
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1568 |
zfs_set_ace(aclp, acep, access_mask, type, |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1569 |
who, iflags|ACE_INHERITED_ACE); |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1570 |
|
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1571 |
/* |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1572 |
* Copy special opaque data if any |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1573 |
*/ |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1574 |
if ((data1sz = paclp->z_ops.ace_data(pacep, &data1)) != 0) {
|
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1575 |
VERIFY((data2sz = aclp->z_ops.ace_data(acep, |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1576 |
&data2)) == data1sz); |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1577 |
bcopy(data1, data2, data2sz); |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1578 |
} |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1579 |
|
|
8053
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1580 |
aclp->z_acl_count++; |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1581 |
aclnode->z_ace_count++; |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1582 |
aclp->z_acl_bytes += aclnode->z_size; |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1583 |
newflags = aclp->z_ops.ace_flags_get(acep); |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1584 |
|
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1585 |
if (vdir) |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1586 |
aclp->z_hints |= ZFS_INHERIT_ACE; |
|
6385
5437941ec5a1
PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules
marks
parents:
6257
diff
changeset
|
1587 |
|
|
8053
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1588 |
if ((iflags & ACE_NO_PROPAGATE_INHERIT_ACE) || !vdir) {
|
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1589 |
newflags &= ~ALL_INHERIT; |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1590 |
aclp->z_ops.ace_flags_set(acep, |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1591 |
newflags|ACE_INHERITED_ACE); |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1592 |
zfs_restricted_update(zfsvfs, aclp, acep); |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1593 |
continue; |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1594 |
} |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1595 |
|
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1596 |
ASSERT(vdir); |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1597 |
|
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1598 |
/* |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1599 |
* If only FILE_INHERIT is set then turn on |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1600 |
* inherit_only |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1601 |
*/ |
|
8053
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1602 |
if ((iflags & (ACE_FILE_INHERIT_ACE | |
|
12322
2d0b03fa06b5
6947609 not inheriting inherit_only directories correctly
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
12273
diff
changeset
|
1603 |
ACE_DIRECTORY_INHERIT_ACE)) == ACE_FILE_INHERIT_ACE) {
|
|
8053
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1604 |
newflags |= ACE_INHERIT_ONLY_ACE; |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1605 |
aclp->z_ops.ace_flags_set(acep, |
|
271f44d3de11
PSARC/2008/659 New ZFS "passthrough-x" ACL inheritance rules
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7624
diff
changeset
|
1606 |
newflags|ACE_INHERITED_ACE); |
|
12322
2d0b03fa06b5
6947609 not inheriting inherit_only directories correctly
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
12273
diff
changeset
|
1607 |
} else {
|
|
2d0b03fa06b5
6947609 not inheriting inherit_only directories correctly
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
12273
diff
changeset
|
1608 |
newflags &= ~ACE_INHERIT_ONLY_ACE; |
|
2d0b03fa06b5
6947609 not inheriting inherit_only directories correctly
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
12273
diff
changeset
|
1609 |
aclp->z_ops.ace_flags_set(acep, |
|
2d0b03fa06b5
6947609 not inheriting inherit_only directories correctly
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
12273
diff
changeset
|
1610 |
newflags|ACE_INHERITED_ACE); |
| 789 | 1611 |
} |
1612 |
} |
|
1613 |
return (aclp); |
|
1614 |
} |
|
1615 |
||
1616 |
/* |
|
1617 |
* Create file system object initial permissions |
|
1618 |
* including inheritable ACEs. |
|
1619 |
*/ |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1620 |
int |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1621 |
zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1622 |
vsecattr_t *vsecp, zfs_acl_ids_t *acl_ids) |
| 789 | 1623 |
{
|
1624 |
int error; |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1625 |
zfsvfs_t *zfsvfs = dzp->z_zfsvfs; |
| 5331 | 1626 |
zfs_acl_t *paclp; |
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
1627 |
gid_t gid; |
|
6385
5437941ec5a1
PSARC/2008/231 New ZFS "passthrough" ACL inheritance rules
marks
parents:
6257
diff
changeset
|
1628 |
boolean_t need_chmod = B_TRUE; |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1629 |
boolean_t inherited = B_FALSE; |
| 5331 | 1630 |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1631 |
bzero(acl_ids, sizeof (zfs_acl_ids_t)); |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1632 |
acl_ids->z_mode = MAKEIMODE(vap->va_type, vap->va_mode); |
| 789 | 1633 |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1634 |
if (vsecp) |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1635 |
if ((error = zfs_vsec_2_aclp(zfsvfs, vap->va_type, vsecp, cr, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1636 |
&acl_ids->z_fuidp, &acl_ids->z_aclp)) != 0) |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1637 |
return (error); |
| 789 | 1638 |
/* |
1639 |
* Determine uid and gid. |
|
1640 |
*/ |
|
|
11249
6c30f7dfc97b
6906110 bad trap panic in zil_replay_log_record
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
10295
diff
changeset
|
1641 |
if ((flag & IS_ROOT_NODE) || zfsvfs->z_replay || |
| 789 | 1642 |
((flag & IS_XATTR) && (vap->va_type == VDIR))) {
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1643 |
acl_ids->z_fuid = zfs_fuid_create(zfsvfs, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1644 |
(uint64_t)vap->va_uid, cr, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1645 |
ZFS_OWNER, &acl_ids->z_fuidp); |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1646 |
acl_ids->z_fgid = zfs_fuid_create(zfsvfs, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1647 |
(uint64_t)vap->va_gid, cr, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1648 |
ZFS_GROUP, &acl_ids->z_fuidp); |
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
1649 |
gid = vap->va_gid; |
| 789 | 1650 |
} else {
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1651 |
acl_ids->z_fuid = zfs_fuid_create_cred(zfsvfs, ZFS_OWNER, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1652 |
cr, &acl_ids->z_fuidp); |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1653 |
acl_ids->z_fgid = 0; |
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
1654 |
if (vap->va_mask & AT_GID) {
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1655 |
acl_ids->z_fgid = zfs_fuid_create(zfsvfs, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1656 |
(uint64_t)vap->va_gid, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1657 |
cr, ZFS_GROUP, &acl_ids->z_fuidp); |
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
1658 |
gid = vap->va_gid; |
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
1659 |
if (acl_ids->z_fgid != dzp->z_gid && |
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
1660 |
!groupmember(vap->va_gid, cr) && |
|
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
1661 |
secpolicy_vnode_create_gid(cr) != 0) |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1662 |
acl_ids->z_fgid = 0; |
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
1663 |
} |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1664 |
if (acl_ids->z_fgid == 0) {
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1665 |
if (dzp->z_mode & S_ISGID) {
|
|
11574
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1666 |
char *domain; |
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1667 |
uint32_t rid; |
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1668 |
|
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
1669 |
acl_ids->z_fgid = dzp->z_gid; |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1670 |
gid = zfs_fuid_map_id(zfsvfs, acl_ids->z_fgid, |
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
1671 |
cr, ZFS_GROUP); |
|
11574
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1672 |
|
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1673 |
if (zfsvfs->z_use_fuids && |
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1674 |
IS_EPHEMERAL(acl_ids->z_fgid)) {
|
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1675 |
domain = zfs_fuid_idx_domain( |
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1676 |
&zfsvfs->z_fuid_idx, |
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1677 |
FUID_INDEX(acl_ids->z_fgid)); |
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1678 |
rid = FUID_RID(acl_ids->z_fgid); |
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1679 |
zfs_fuid_node_add(&acl_ids->z_fuidp, |
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1680 |
domain, rid, |
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1681 |
FUID_INDEX(acl_ids->z_fgid), |
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1682 |
acl_ids->z_fgid, ZFS_GROUP); |
|
42fda5f95dac
6901694 Panic attempting to write zfs credentials
John Harres <John.Harres@Sun.COM>
parents:
11249
diff
changeset
|
1683 |
} |
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
1684 |
} else {
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1685 |
acl_ids->z_fgid = zfs_fuid_create_cred(zfsvfs, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1686 |
ZFS_GROUP, cr, &acl_ids->z_fuidp); |
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
1687 |
gid = crgetgid(cr); |
|
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
1688 |
} |
| 5331 | 1689 |
} |
| 789 | 1690 |
} |
1691 |
||
1692 |
/* |
|
1693 |
* If we're creating a directory, and the parent directory has the |
|
1694 |
* set-GID bit set, set in on the new directory. |
|
1695 |
* Otherwise, if the user is neither privileged nor a member of the |
|
1696 |
* file's new group, clear the file's set-GID bit. |
|
1697 |
*/ |
|
1698 |
||
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1699 |
if (!(flag & IS_ROOT_NODE) && (dzp->z_mode & S_ISGID) && |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1700 |
(vap->va_type == VDIR)) {
|
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1701 |
acl_ids->z_mode |= S_ISGID; |
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
1702 |
} else {
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1703 |
if ((acl_ids->z_mode & S_ISGID) && |
| 789 | 1704 |
secpolicy_vnode_setids_setgids(cr, gid) != 0) |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1705 |
acl_ids->z_mode &= ~S_ISGID; |
| 789 | 1706 |
} |
1707 |
||
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1708 |
if (acl_ids->z_aclp == NULL) {
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1709 |
mutex_enter(&dzp->z_acl_lock); |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1710 |
mutex_enter(&dzp->z_lock); |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1711 |
if (!(flag & IS_ROOT_NODE) && |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1712 |
(dzp->z_pflags & ZFS_INHERIT_ACE) && |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1713 |
!(dzp->z_pflags & ZFS_XATTR)) {
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1714 |
VERIFY(0 == zfs_acl_node_read(dzp, B_TRUE, |
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1715 |
&paclp, B_FALSE)); |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1716 |
acl_ids->z_aclp = zfs_acl_inherit(zfsvfs, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1717 |
vap->va_type, paclp, acl_ids->z_mode, &need_chmod); |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1718 |
inherited = B_TRUE; |
| 5331 | 1719 |
} else {
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1720 |
acl_ids->z_aclp = |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1721 |
zfs_acl_alloc(zfs_acl_version_zp(dzp)); |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1722 |
acl_ids->z_aclp->z_hints |= ZFS_ACL_TRIVIAL; |
| 5331 | 1723 |
} |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1724 |
mutex_exit(&dzp->z_lock); |
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1725 |
mutex_exit(&dzp->z_acl_lock); |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1726 |
if (need_chmod) {
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1727 |
acl_ids->z_aclp->z_hints |= (vap->va_type == VDIR) ? |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1728 |
ZFS_ACL_AUTO_INHERIT : 0; |
|
13370
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1729 |
zfs_acl_chmod(vap->va_type, acl_ids->z_mode, |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1730 |
(zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED), |
|
8c04143bd318
742 Resurrect the ZFS "aclmode" property
Albert Lee <trisk@nexenta.com>
parents:
13101
diff
changeset
|
1731 |
acl_ids->z_aclp); |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1732 |
} |
| 789 | 1733 |
} |
| 5331 | 1734 |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1735 |
if (inherited || vsecp) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1736 |
acl_ids->z_mode = zfs_mode_compute(acl_ids->z_mode, |
|
12164
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1737 |
acl_ids->z_aclp, &acl_ids->z_aclp->z_hints, |
|
0eb8d6741e37
PSARC/2010/029 Improved ACL interoperability
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11969
diff
changeset
|
1738 |
acl_ids->z_fuid, acl_ids->z_fgid); |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1739 |
if (ace_trivial_common(acl_ids->z_aclp, 0, zfs_ace_walk) == 0) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1740 |
acl_ids->z_aclp->z_hints |= ZFS_ACL_TRIVIAL; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1741 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1742 |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1743 |
return (0); |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1744 |
} |
| 5331 | 1745 |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1746 |
/* |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1747 |
* Free ACL and fuid_infop, but not the acl_ids structure |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1748 |
*/ |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1749 |
void |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1750 |
zfs_acl_ids_free(zfs_acl_ids_t *acl_ids) |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1751 |
{
|
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1752 |
if (acl_ids->z_aclp) |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1753 |
zfs_acl_free(acl_ids->z_aclp); |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1754 |
if (acl_ids->z_fuidp) |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1755 |
zfs_fuid_info_free(acl_ids->z_fuidp); |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1756 |
acl_ids->z_aclp = NULL; |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1757 |
acl_ids->z_fuidp = NULL; |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1758 |
} |
| 5331 | 1759 |
|
|
9396
f41cf682d0d3
PSARC/2009/204 ZFS user/group quotas & space accounting
Matthew Ahrens <Matthew.Ahrens@Sun.COM>
parents:
9179
diff
changeset
|
1760 |
boolean_t |
|
f41cf682d0d3
PSARC/2009/204 ZFS user/group quotas & space accounting
Matthew Ahrens <Matthew.Ahrens@Sun.COM>
parents:
9179
diff
changeset
|
1761 |
zfs_acl_ids_overquota(zfsvfs_t *zfsvfs, zfs_acl_ids_t *acl_ids) |
|
f41cf682d0d3
PSARC/2009/204 ZFS user/group quotas & space accounting
Matthew Ahrens <Matthew.Ahrens@Sun.COM>
parents:
9179
diff
changeset
|
1762 |
{
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1763 |
return (zfs_fuid_overquota(zfsvfs, B_FALSE, acl_ids->z_fuid) || |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1764 |
zfs_fuid_overquota(zfsvfs, B_TRUE, acl_ids->z_fgid)); |
|
9396
f41cf682d0d3
PSARC/2009/204 ZFS user/group quotas & space accounting
Matthew Ahrens <Matthew.Ahrens@Sun.COM>
parents:
9179
diff
changeset
|
1765 |
} |
| 789 | 1766 |
|
1767 |
/* |
|
1768 |
* Retrieve a files ACL |
|
1769 |
*/ |
|
1770 |
int |
|
| 5331 | 1771 |
zfs_getacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr) |
| 789 | 1772 |
{
|
1773 |
zfs_acl_t *aclp; |
|
| 5331 | 1774 |
ulong_t mask; |
| 789 | 1775 |
int error; |
| 5331 | 1776 |
int count = 0; |
1777 |
int largeace = 0; |
|
| 789 | 1778 |
|
| 5331 | 1779 |
mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT | |
1780 |
VSA_ACE_ACLFLAGS | VSA_ACE_ALLTYPES); |
|
1781 |
||
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1782 |
if (mask == 0) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1783 |
return (ENOSYS); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1784 |
|
| 5331 | 1785 |
if (error = zfs_zaccess(zp, ACE_READ_ACL, 0, skipaclchk, cr)) |
1786 |
return (error); |
|
| 789 | 1787 |
|
1788 |
mutex_enter(&zp->z_acl_lock); |
|
1789 |
||
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1790 |
error = zfs_acl_node_read(zp, B_FALSE, &aclp, B_FALSE); |
| 1544 | 1791 |
if (error != 0) {
|
1792 |
mutex_exit(&zp->z_acl_lock); |
|
1793 |
return (error); |
|
1794 |
} |
|
1795 |
||
| 5331 | 1796 |
/* |
1797 |
* Scan ACL to determine number of ACEs |
|
1798 |
*/ |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1799 |
if ((zp->z_pflags & ZFS_ACL_OBJ_ACE) && !(mask & VSA_ACE_ALLTYPES)) {
|
| 5331 | 1800 |
void *zacep = NULL; |
1801 |
uint64_t who; |
|
1802 |
uint32_t access_mask; |
|
1803 |
uint16_t type, iflags; |
|
1804 |
||
1805 |
while (zacep = zfs_acl_next_ace(aclp, zacep, |
|
1806 |
&who, &access_mask, &iflags, &type)) {
|
|
1807 |
switch (type) {
|
|
1808 |
case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: |
|
1809 |
case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: |
|
1810 |
case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: |
|
1811 |
case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: |
|
1812 |
largeace++; |
|
1813 |
continue; |
|
1814 |
default: |
|
1815 |
count++; |
|
1816 |
} |
|
1817 |
} |
|
1818 |
vsecp->vsa_aclcnt = count; |
|
1819 |
} else |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1820 |
count = (int)aclp->z_acl_count; |
| 789 | 1821 |
|
1822 |
if (mask & VSA_ACECNT) {
|
|
| 5331 | 1823 |
vsecp->vsa_aclcnt = count; |
| 789 | 1824 |
} |
1825 |
||
1826 |
if (mask & VSA_ACE) {
|
|
| 5331 | 1827 |
size_t aclsz; |
1828 |
||
1829 |
aclsz = count * sizeof (ace_t) + |
|
1830 |
sizeof (ace_object_t) * largeace; |
|
1831 |
||
1832 |
vsecp->vsa_aclentp = kmem_alloc(aclsz, KM_SLEEP); |
|
1833 |
vsecp->vsa_aclentsz = aclsz; |
|
1834 |
||
1835 |
if (aclp->z_version == ZFS_ACL_VERSION_FUID) |
|
| 5771 | 1836 |
zfs_copy_fuid_2_ace(zp->z_zfsvfs, aclp, cr, |
| 5331 | 1837 |
vsecp->vsa_aclentp, !(mask & VSA_ACE_ALLTYPES)); |
1838 |
else {
|
|
|
10295
f7a18a1e9610
6870564 panic in zfs_getsecattr
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
10232
diff
changeset
|
1839 |
zfs_acl_node_t *aclnode; |
|
f7a18a1e9610
6870564 panic in zfs_getsecattr
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
10232
diff
changeset
|
1840 |
void *start = vsecp->vsa_aclentp; |
|
f7a18a1e9610
6870564 panic in zfs_getsecattr
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
10232
diff
changeset
|
1841 |
|
|
f7a18a1e9610
6870564 panic in zfs_getsecattr
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
10232
diff
changeset
|
1842 |
for (aclnode = list_head(&aclp->z_acl); aclnode; |
|
f7a18a1e9610
6870564 panic in zfs_getsecattr
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
10232
diff
changeset
|
1843 |
aclnode = list_next(&aclp->z_acl, aclnode)) {
|
|
f7a18a1e9610
6870564 panic in zfs_getsecattr
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
10232
diff
changeset
|
1844 |
bcopy(aclnode->z_acldata, start, |
|
f7a18a1e9610
6870564 panic in zfs_getsecattr
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
10232
diff
changeset
|
1845 |
aclnode->z_size); |
|
f7a18a1e9610
6870564 panic in zfs_getsecattr
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
10232
diff
changeset
|
1846 |
start = (caddr_t)start + aclnode->z_size; |
|
f7a18a1e9610
6870564 panic in zfs_getsecattr
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
10232
diff
changeset
|
1847 |
} |
|
f7a18a1e9610
6870564 panic in zfs_getsecattr
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
10232
diff
changeset
|
1848 |
ASSERT((caddr_t)start - (caddr_t)vsecp->vsa_aclentp == |
|
f7a18a1e9610
6870564 panic in zfs_getsecattr
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
10232
diff
changeset
|
1849 |
aclp->z_acl_bytes); |
| 5331 | 1850 |
} |
1851 |
} |
|
1852 |
if (mask & VSA_ACE_ACLFLAGS) {
|
|
1853 |
vsecp->vsa_aclflags = 0; |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1854 |
if (zp->z_pflags & ZFS_ACL_DEFAULTED) |
| 5331 | 1855 |
vsecp->vsa_aclflags |= ACL_DEFAULTED; |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1856 |
if (zp->z_pflags & ZFS_ACL_PROTECTED) |
| 5331 | 1857 |
vsecp->vsa_aclflags |= ACL_PROTECTED; |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1858 |
if (zp->z_pflags & ZFS_ACL_AUTO_INHERIT) |
| 5331 | 1859 |
vsecp->vsa_aclflags |= ACL_AUTO_INHERIT; |
| 789 | 1860 |
} |
1861 |
||
1862 |
mutex_exit(&zp->z_acl_lock); |
|
1863 |
||
1864 |
return (0); |
|
1865 |
} |
|
1866 |
||
| 5331 | 1867 |
int |
1868 |
zfs_vsec_2_aclp(zfsvfs_t *zfsvfs, vtype_t obj_type, |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1869 |
vsecattr_t *vsecp, cred_t *cr, zfs_fuid_info_t **fuidp, zfs_acl_t **zaclp) |
| 5331 | 1870 |
{
|
1871 |
zfs_acl_t *aclp; |
|
1872 |
zfs_acl_node_t *aclnode; |
|
1873 |
int aclcnt = vsecp->vsa_aclcnt; |
|
1874 |
int error; |
|
1875 |
||
1876 |
if (vsecp->vsa_aclcnt > MAX_ACL_ENTRIES || vsecp->vsa_aclcnt <= 0) |
|
1877 |
return (EINVAL); |
|
1878 |
||
1879 |
aclp = zfs_acl_alloc(zfs_acl_version(zfsvfs->z_version)); |
|
1880 |
||
1881 |
aclp->z_hints = 0; |
|
1882 |
aclnode = zfs_acl_node_alloc(aclcnt * sizeof (zfs_object_ace_t)); |
|
1883 |
if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) {
|
|
1884 |
if ((error = zfs_copy_ace_2_oldace(obj_type, aclp, |
|
1885 |
(ace_t *)vsecp->vsa_aclentp, aclnode->z_acldata, |
|
1886 |
aclcnt, &aclnode->z_size)) != 0) {
|
|
1887 |
zfs_acl_free(aclp); |
|
1888 |
zfs_acl_node_free(aclnode); |
|
1889 |
return (error); |
|
1890 |
} |
|
1891 |
} else {
|
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1892 |
if ((error = zfs_copy_ace_2_fuid(zfsvfs, obj_type, aclp, |
| 5331 | 1893 |
vsecp->vsa_aclentp, aclnode->z_acldata, aclcnt, |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1894 |
&aclnode->z_size, fuidp, cr)) != 0) {
|
| 5331 | 1895 |
zfs_acl_free(aclp); |
1896 |
zfs_acl_node_free(aclnode); |
|
1897 |
return (error); |
|
1898 |
} |
|
1899 |
} |
|
1900 |
aclp->z_acl_bytes = aclnode->z_size; |
|
1901 |
aclnode->z_ace_count = aclcnt; |
|
1902 |
aclp->z_acl_count = aclcnt; |
|
1903 |
list_insert_head(&aclp->z_acl, aclnode); |
|
1904 |
||
1905 |
/* |
|
1906 |
* If flags are being set then add them to z_hints |
|
1907 |
*/ |
|
1908 |
if (vsecp->vsa_mask & VSA_ACE_ACLFLAGS) {
|
|
1909 |
if (vsecp->vsa_aclflags & ACL_PROTECTED) |
|
1910 |
aclp->z_hints |= ZFS_ACL_PROTECTED; |
|
1911 |
if (vsecp->vsa_aclflags & ACL_DEFAULTED) |
|
1912 |
aclp->z_hints |= ZFS_ACL_DEFAULTED; |
|
1913 |
if (vsecp->vsa_aclflags & ACL_AUTO_INHERIT) |
|
1914 |
aclp->z_hints |= ZFS_ACL_AUTO_INHERIT; |
|
1915 |
} |
|
1916 |
||
1917 |
*zaclp = aclp; |
|
1918 |
||
1919 |
return (0); |
|
1920 |
} |
|
1921 |
||
| 789 | 1922 |
/* |
1923 |
* Set a files ACL |
|
1924 |
*/ |
|
1925 |
int |
|
| 5331 | 1926 |
zfs_setacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr) |
| 789 | 1927 |
{
|
1928 |
zfsvfs_t *zfsvfs = zp->z_zfsvfs; |
|
1929 |
zilog_t *zilog = zfsvfs->z_log; |
|
1930 |
ulong_t mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT); |
|
1931 |
dmu_tx_t *tx; |
|
1932 |
int error; |
|
1933 |
zfs_acl_t *aclp; |
|
| 5331 | 1934 |
zfs_fuid_info_t *fuidp = NULL; |
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1935 |
boolean_t fuid_dirtied; |
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1936 |
uint64_t acl_obj; |
| 789 | 1937 |
|
1938 |
if (mask == 0) |
|
|
4300
d74de773d6e6
6528189 cp -p invalid argument issue on Redhat linux AS 3.0 NFS client against ZFS NFS directory
marks
parents:
2676
diff
changeset
|
1939 |
return (ENOSYS); |
| 789 | 1940 |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1941 |
if (zp->z_pflags & ZFS_IMMUTABLE) |
| 5331 | 1942 |
return (EPERM); |
1943 |
||
1944 |
if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr)) |
|
1945 |
return (error); |
|
1946 |
||
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1947 |
error = zfs_vsec_2_aclp(zfsvfs, ZTOV(zp)->v_type, vsecp, cr, &fuidp, |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1948 |
&aclp); |
| 5331 | 1949 |
if (error) |
1950 |
return (error); |
|
1951 |
||
1952 |
/* |
|
1953 |
* If ACL wide flags aren't being set then preserve any |
|
1954 |
* existing flags. |
|
1955 |
*/ |
|
1956 |
if (!(vsecp->vsa_mask & VSA_ACE_ACLFLAGS)) {
|
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1957 |
aclp->z_hints |= |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1958 |
(zp->z_pflags & V4_ACL_WIDE_FLAGS); |
| 5331 | 1959 |
} |
| 789 | 1960 |
top: |
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1961 |
mutex_enter(&zp->z_acl_lock); |
| 789 | 1962 |
mutex_enter(&zp->z_lock); |
1963 |
||
1964 |
tx = dmu_tx_create(zfsvfs->z_os); |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1965 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1966 |
dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1967 |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
1968 |
fuid_dirtied = zfsvfs->z_fuid_dirty; |
|
9396
f41cf682d0d3
PSARC/2009/204 ZFS user/group quotas & space accounting
Matthew Ahrens <Matthew.Ahrens@Sun.COM>
parents:
9179
diff
changeset
|
1969 |
if (fuid_dirtied) |
|
f41cf682d0d3
PSARC/2009/204 ZFS user/group quotas & space accounting
Matthew Ahrens <Matthew.Ahrens@Sun.COM>
parents:
9179
diff
changeset
|
1970 |
zfs_fuid_txhold(zfsvfs, tx); |
| 789 | 1971 |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1972 |
/* |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1973 |
* If old version and ACL won't fit in bonus and we aren't |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1974 |
* upgrading then take out necessary DMU holds |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1975 |
*/ |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1976 |
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1977 |
if ((acl_obj = zfs_external_acl(zp)) != 0) {
|
|
13058
f653a0d643ec
6973827 ACL upgrade from zpl version 2 -> 4 don't grab all the necessary tx holds.
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12620
diff
changeset
|
1978 |
if (zfsvfs->z_version >= ZPL_VERSION_FUID && |
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1979 |
zfs_znode_acl_version(zp) <= ZFS_ACL_VERSION_INITIAL) {
|
|
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1980 |
dmu_tx_hold_free(tx, acl_obj, 0, |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1981 |
DMU_OBJECT_END); |
|
13058
f653a0d643ec
6973827 ACL upgrade from zpl version 2 -> 4 don't grab all the necessary tx holds.
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12620
diff
changeset
|
1982 |
dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, |
|
f653a0d643ec
6973827 ACL upgrade from zpl version 2 -> 4 don't grab all the necessary tx holds.
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12620
diff
changeset
|
1983 |
aclp->z_acl_bytes); |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1984 |
} else {
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
1985 |
dmu_tx_hold_write(tx, acl_obj, 0, aclp->z_acl_bytes); |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1986 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1987 |
} else if (!zp->z_is_sa && aclp->z_acl_bytes > ZFS_ACE_SPACE) {
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1988 |
dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, aclp->z_acl_bytes); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1989 |
} |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1990 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
1991 |
zfs_sa_upgrade_txholds(tx, zp); |
| 8227 | 1992 |
error = dmu_tx_assign(tx, TXG_NOWAIT); |
| 789 | 1993 |
if (error) {
|
1994 |
mutex_exit(&zp->z_acl_lock); |
|
1995 |
mutex_exit(&zp->z_lock); |
|
1996 |
||
| 8227 | 1997 |
if (error == ERESTART) {
|
|
2113
0510bb40c993
6430121 3-way deadlock involving tc_lock within zfs
ahrens
parents:
2058
diff
changeset
|
1998 |
dmu_tx_wait(tx); |
|
0510bb40c993
6430121 3-way deadlock involving tc_lock within zfs
ahrens
parents:
2058
diff
changeset
|
1999 |
dmu_tx_abort(tx); |
| 789 | 2000 |
goto top; |
2001 |
} |
|
|
2113
0510bb40c993
6430121 3-way deadlock involving tc_lock within zfs
ahrens
parents:
2058
diff
changeset
|
2002 |
dmu_tx_abort(tx); |
| 5331 | 2003 |
zfs_acl_free(aclp); |
| 789 | 2004 |
return (error); |
2005 |
} |
|
2006 |
||
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
2007 |
error = zfs_aclset_common(zp, aclp, cr, tx); |
| 789 | 2008 |
ASSERT(error == 0); |
|
13101
08bbd228b732
6975482 assertion failed: error == 0 (0x2 == 0x0), file: ../../common/fs/zfs/zfs_vnops.c, line: 1630
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13081
diff
changeset
|
2009 |
ASSERT(zp->z_acl_cached == NULL); |
|
10143
d2d432dfe597
6857433 memory leaks found at: zfs_acl_alloc/zfs_acl_node_alloc
Tim Haley <Tim.Haley@Sun.COM>
parents:
9981
diff
changeset
|
2010 |
zp->z_acl_cached = aclp; |
| 789 | 2011 |
|
|
9179
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
2012 |
if (fuid_dirtied) |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
2013 |
zfs_fuid_sync(zfsvfs, tx); |
|
d8fbd96b79b3
6790064 zfs needs to determine uid and gid earlier in create process
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
8952
diff
changeset
|
2014 |
|
| 5331 | 2015 |
zfs_log_acl(zilog, tx, zp, vsecp, fuidp); |
2016 |
||
2017 |
if (fuidp) |
|
2018 |
zfs_fuid_info_free(fuidp); |
|
| 789 | 2019 |
dmu_tx_commit(tx); |
2020 |
done: |
|
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
2021 |
mutex_exit(&zp->z_lock); |
| 789 | 2022 |
mutex_exit(&zp->z_acl_lock); |
2023 |
||
2024 |
return (error); |
|
2025 |
} |
|
2026 |
||
| 5331 | 2027 |
/* |
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2028 |
* Check accesses of interest (AoI) against attributes of the dataset |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2029 |
* such as read-only. Returns zero if no AoI conflict with dataset |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2030 |
* attributes, otherwise an appropriate errno is returned. |
| 5331 | 2031 |
*/ |
| 789 | 2032 |
static int |
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2033 |
zfs_zaccess_dataset_check(znode_t *zp, uint32_t v4_mode) |
| 789 | 2034 |
{
|
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2035 |
if ((v4_mode & WRITE_MASK) && |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2036 |
(zp->z_zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) && |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2037 |
(!IS_DEVVP(ZTOV(zp)) || |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2038 |
(IS_DEVVP(ZTOV(zp)) && (v4_mode & WRITE_MASK_ATTRS)))) {
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2039 |
return (EROFS); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2040 |
} |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2041 |
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2042 |
/* |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2043 |
* Only check for READONLY on non-directories. |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2044 |
*/ |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2045 |
if ((v4_mode & WRITE_MASK_DATA) && |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2046 |
(((ZTOV(zp)->v_type != VDIR) && |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2047 |
(zp->z_pflags & (ZFS_READONLY | ZFS_IMMUTABLE))) || |
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2048 |
(ZTOV(zp)->v_type == VDIR && |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2049 |
(zp->z_pflags & ZFS_IMMUTABLE)))) {
|
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2050 |
return (EPERM); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2051 |
} |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2052 |
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2053 |
if ((v4_mode & (ACE_DELETE | ACE_DELETE_CHILD)) && |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2054 |
(zp->z_pflags & ZFS_NOUNLINK)) {
|
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2055 |
return (EPERM); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2056 |
} |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2057 |
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2058 |
if (((v4_mode & (ACE_READ_DATA|ACE_EXECUTE)) && |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2059 |
(zp->z_pflags & ZFS_AV_QUARANTINED))) {
|
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2060 |
return (EACCES); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2061 |
} |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2062 |
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2063 |
return (0); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2064 |
} |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2065 |
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2066 |
/* |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2067 |
* The primary usage of this function is to loop through all of the |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2068 |
* ACEs in the znode, determining what accesses of interest (AoI) to |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2069 |
* the caller are allowed or denied. The AoI are expressed as bits in |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2070 |
* the working_mode parameter. As each ACE is processed, bits covered |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2071 |
* by that ACE are removed from the working_mode. This removal |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2072 |
* facilitates two things. The first is that when the working mode is |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2073 |
* empty (= 0), we know we've looked at all the AoI. The second is |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2074 |
* that the ACE interpretation rules don't allow a later ACE to undo |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2075 |
* something granted or denied by an earlier ACE. Removing the |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2076 |
* discovered access or denial enforces this rule. At the end of |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2077 |
* processing the ACEs, all AoI that were found to be denied are |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2078 |
* placed into the working_mode, giving the caller a mask of denied |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2079 |
* accesses. Returns: |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2080 |
* 0 if all AoI granted |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2081 |
* EACCESS if the denied mask is non-zero |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2082 |
* other error if abnormal failure (e.g., IO error) |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2083 |
* |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2084 |
* A secondary usage of the function is to determine if any of the |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2085 |
* AoI are granted. If an ACE grants any access in |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2086 |
* the working_mode, we immediately short circuit out of the function. |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2087 |
* This mode is chosen by setting anyaccess to B_TRUE. The |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2088 |
* working_mode is not a denied access mask upon exit if the function |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2089 |
* is used in this manner. |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2090 |
*/ |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2091 |
static int |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2092 |
zfs_zaccess_aces_check(znode_t *zp, uint32_t *working_mode, |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2093 |
boolean_t anyaccess, cred_t *cr) |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2094 |
{
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2095 |
zfsvfs_t *zfsvfs = zp->z_zfsvfs; |
| 789 | 2096 |
zfs_acl_t *aclp; |
| 1544 | 2097 |
int error; |
| 789 | 2098 |
uid_t uid = crgetuid(cr); |
| 5331 | 2099 |
uint64_t who; |
2100 |
uint16_t type, iflags; |
|
2101 |
uint16_t entry_type; |
|
2102 |
uint32_t access_mask; |
|
|
6056
37f30782c577
6664536 zfs O_RDWR access check more stringent than tmpfs or ufs
marks
parents:
5959
diff
changeset
|
2103 |
uint32_t deny_mask = 0; |
| 5331 | 2104 |
zfs_ace_hdr_t *acep = NULL; |
2105 |
boolean_t checkit; |
|
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2106 |
uid_t gowner; |
|
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2107 |
uid_t fowner; |
|
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2108 |
|
|
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2109 |
zfs_fuid_map_ids(zp, cr, &fowner, &gowner); |
| 5331 | 2110 |
|
| 789 | 2111 |
mutex_enter(&zp->z_acl_lock); |
2112 |
||
|
12620
12fcd99a642d
6957974 assertion failed: 0 == sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs)
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
12322
diff
changeset
|
2113 |
error = zfs_acl_node_read(zp, B_FALSE, &aclp, B_FALSE); |
| 1544 | 2114 |
if (error != 0) {
|
2115 |
mutex_exit(&zp->z_acl_lock); |
|
2116 |
return (error); |
|
2117 |
} |
|
2118 |
||
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2119 |
ASSERT(zp->z_acl_cached); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2120 |
|
| 5331 | 2121 |
while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask, |
2122 |
&iflags, &type)) {
|
|
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2123 |
uint32_t mask_matched; |
| 789 | 2124 |
|
|
7559
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
2125 |
if (!zfs_acl_valid_ace_type(type, iflags)) |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
2126 |
continue; |
|
a2e9a3201169
6746456 ZFS doesn't inherit old ACLs correctly on upgraded file system
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7328
diff
changeset
|
2127 |
|
| 7057 | 2128 |
if (ZTOV(zp)->v_type == VDIR && (iflags & ACE_INHERIT_ONLY_ACE)) |
| 789 | 2129 |
continue; |
2130 |
||
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2131 |
/* Skip ACE if it does not affect any AoI */ |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2132 |
mask_matched = (access_mask & *working_mode); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2133 |
if (!mask_matched) |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2134 |
continue; |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2135 |
|
| 5331 | 2136 |
entry_type = (iflags & ACE_TYPE_FLAGS); |
2137 |
||
2138 |
checkit = B_FALSE; |
|
2139 |
||
| 789 | 2140 |
switch (entry_type) {
|
2141 |
case ACE_OWNER: |
|
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2142 |
if (uid == fowner) |
| 5331 | 2143 |
checkit = B_TRUE; |
| 789 | 2144 |
break; |
| 5331 | 2145 |
case OWNING_GROUP: |
2146 |
who = gowner; |
|
2147 |
/*FALLTHROUGH*/ |
|
| 789 | 2148 |
case ACE_IDENTIFIER_GROUP: |
| 5331 | 2149 |
checkit = zfs_groupmember(zfsvfs, who, cr); |
| 789 | 2150 |
break; |
2151 |
case ACE_EVERYONE: |
|
| 5331 | 2152 |
checkit = B_TRUE; |
| 789 | 2153 |
break; |
2154 |
||
2155 |
/* USER Entry */ |
|
2156 |
default: |
|
2157 |
if (entry_type == 0) {
|
|
| 5331 | 2158 |
uid_t newid; |
2159 |
||
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
2160 |
newid = zfs_fuid_map_id(zfsvfs, who, cr, |
|
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
2161 |
ZFS_ACE_USER); |
| 5331 | 2162 |
if (newid != IDMAP_WK_CREATOR_OWNER_UID && |
2163 |
uid == newid) |
|
2164 |
checkit = B_TRUE; |
|
| 789 | 2165 |
break; |
| 5331 | 2166 |
} else {
|
2167 |
mutex_exit(&zp->z_acl_lock); |
|
2168 |
return (EIO); |
|
| 789 | 2169 |
} |
| 5331 | 2170 |
} |
2171 |
||
2172 |
if (checkit) {
|
|
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2173 |
if (type == DENY) {
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2174 |
DTRACE_PROBE3(zfs__ace__denies, |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2175 |
znode_t *, zp, |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2176 |
zfs_ace_hdr_t *, acep, |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2177 |
uint32_t, mask_matched); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2178 |
deny_mask |= mask_matched; |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2179 |
} else {
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2180 |
DTRACE_PROBE3(zfs__ace__allows, |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2181 |
znode_t *, zp, |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2182 |
zfs_ace_hdr_t *, acep, |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2183 |
uint32_t, mask_matched); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2184 |
if (anyaccess) {
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2185 |
mutex_exit(&zp->z_acl_lock); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2186 |
return (0); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2187 |
} |
| 5331 | 2188 |
} |
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2189 |
*working_mode &= ~mask_matched; |
| 789 | 2190 |
} |
2191 |
||
|
6056
37f30782c577
6664536 zfs O_RDWR access check more stringent than tmpfs or ufs
marks
parents:
5959
diff
changeset
|
2192 |
/* Are we done? */ |
|
37f30782c577
6664536 zfs O_RDWR access check more stringent than tmpfs or ufs
marks
parents:
5959
diff
changeset
|
2193 |
if (*working_mode == 0) |
| 789 | 2194 |
break; |
2195 |
} |
|
2196 |
||
2197 |
mutex_exit(&zp->z_acl_lock); |
|
|
6056
37f30782c577
6664536 zfs O_RDWR access check more stringent than tmpfs or ufs
marks
parents:
5959
diff
changeset
|
2198 |
|
|
37f30782c577
6664536 zfs O_RDWR access check more stringent than tmpfs or ufs
marks
parents:
5959
diff
changeset
|
2199 |
/* Put the found 'denies' back on the working mode */ |
| 7163 | 2200 |
if (deny_mask) {
|
2201 |
*working_mode |= deny_mask; |
|
|
6056
37f30782c577
6664536 zfs O_RDWR access check more stringent than tmpfs or ufs
marks
parents:
5959
diff
changeset
|
2202 |
return (EACCES); |
| 7163 | 2203 |
} else if (*working_mode) {
|
2204 |
return (-1); |
|
2205 |
} |
|
|
6056
37f30782c577
6664536 zfs O_RDWR access check more stringent than tmpfs or ufs
marks
parents:
5959
diff
changeset
|
2206 |
|
|
37f30782c577
6664536 zfs O_RDWR access check more stringent than tmpfs or ufs
marks
parents:
5959
diff
changeset
|
2207 |
return (0); |
| 789 | 2208 |
} |
2209 |
||
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2210 |
/* |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2211 |
* Return true if any access whatsoever granted, we don't actually |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2212 |
* care what access is granted. |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2213 |
*/ |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2214 |
boolean_t |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2215 |
zfs_has_access(znode_t *zp, cred_t *cr) |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2216 |
{
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2217 |
uint32_t have = ACE_ALL_PERMS; |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2218 |
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2219 |
if (zfs_zaccess_aces_check(zp, &have, B_TRUE, cr) != 0) {
|
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2220 |
uid_t owner; |
|
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2221 |
|
|
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2222 |
owner = zfs_fuid_map_id(zp->z_zfsvfs, zp->z_uid, cr, ZFS_OWNER); |
|
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2223 |
return (secpolicy_vnode_any_access(cr, ZTOV(zp), owner) == 0); |
|
9749
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2224 |
} |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2225 |
return (B_TRUE); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2226 |
} |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2227 |
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2228 |
static int |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2229 |
zfs_zaccess_common(znode_t *zp, uint32_t v4_mode, uint32_t *working_mode, |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2230 |
boolean_t *check_privs, boolean_t skipaclchk, cred_t *cr) |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2231 |
{
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2232 |
zfsvfs_t *zfsvfs = zp->z_zfsvfs; |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2233 |
int err; |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2234 |
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2235 |
*working_mode = v4_mode; |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2236 |
*check_privs = B_TRUE; |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2237 |
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2238 |
/* |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2239 |
* Short circuit empty requests |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2240 |
*/ |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2241 |
if (v4_mode == 0 || zfsvfs->z_replay) {
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2242 |
*working_mode = 0; |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2243 |
return (0); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2244 |
} |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2245 |
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2246 |
if ((err = zfs_zaccess_dataset_check(zp, v4_mode)) != 0) {
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2247 |
*check_privs = B_FALSE; |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2248 |
return (err); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2249 |
} |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2250 |
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2251 |
/* |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2252 |
* The caller requested that the ACL check be skipped. This |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2253 |
* would only happen if the caller checked VOP_ACCESS() with a |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2254 |
* 32 bit ACE mask and already had the appropriate permissions. |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2255 |
*/ |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2256 |
if (skipaclchk) {
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2257 |
*working_mode = 0; |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2258 |
return (0); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2259 |
} |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2260 |
|
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2261 |
return (zfs_zaccess_aces_check(zp, working_mode, B_FALSE, cr)); |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2262 |
} |
|
105f407a2680
PSARC 2009/246 ZFS support for Access Based Enumeration
Tim Haley <Tim.Haley@Sun.COM>
parents:
9512
diff
changeset
|
2263 |
|
| 5331 | 2264 |
static int |
2265 |
zfs_zaccess_append(znode_t *zp, uint32_t *working_mode, boolean_t *check_privs, |
|
2266 |
cred_t *cr) |
|
2267 |
{
|
|
2268 |
if (*working_mode != ACE_WRITE_DATA) |
|
2269 |
return (EACCES); |
|
2270 |
||
2271 |
return (zfs_zaccess_common(zp, ACE_APPEND_DATA, working_mode, |
|
2272 |
check_privs, B_FALSE, cr)); |
|
2273 |
} |
|
| 789 | 2274 |
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2275 |
int |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2276 |
zfs_fastaccesschk_execute(znode_t *zdp, cred_t *cr) |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2277 |
{
|
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2278 |
boolean_t owner = B_FALSE; |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2279 |
boolean_t groupmbr = B_FALSE; |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2280 |
boolean_t is_attr; |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2281 |
uid_t uid = crgetuid(cr); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2282 |
int error; |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2283 |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2284 |
if (zdp->z_pflags & ZFS_AV_QUARANTINED) |
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2285 |
return (EACCES); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2286 |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2287 |
is_attr = ((zdp->z_pflags & ZFS_XATTR) && |
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2288 |
(ZTOV(zdp)->v_type == VDIR)); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2289 |
if (is_attr) |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2290 |
goto slow; |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2291 |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2292 |
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2293 |
mutex_enter(&zdp->z_acl_lock); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2294 |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2295 |
if (zdp->z_pflags & ZFS_NO_EXECS_DENIED) {
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2296 |
mutex_exit(&zdp->z_acl_lock); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2297 |
return (0); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2298 |
} |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2299 |
|
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2300 |
if (FUID_INDEX(zdp->z_uid) != 0 || FUID_INDEX(zdp->z_gid) != 0) {
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2301 |
mutex_exit(&zdp->z_acl_lock); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2302 |
goto slow; |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2303 |
} |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2304 |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2305 |
if (uid == zdp->z_uid) {
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2306 |
owner = B_TRUE; |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2307 |
if (zdp->z_mode & S_IXUSR) {
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2308 |
mutex_exit(&zdp->z_acl_lock); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2309 |
return (0); |
|
10232
f37b85f7e03e
6865875 zfs sometimes incorrectly giving search access to a dir
Tim Haley <Tim.Haley@Sun.COM>
parents:
10143
diff
changeset
|
2310 |
} else {
|
|
f37b85f7e03e
6865875 zfs sometimes incorrectly giving search access to a dir
Tim Haley <Tim.Haley@Sun.COM>
parents:
10143
diff
changeset
|
2311 |
mutex_exit(&zdp->z_acl_lock); |
|
f37b85f7e03e
6865875 zfs sometimes incorrectly giving search access to a dir
Tim Haley <Tim.Haley@Sun.COM>
parents:
10143
diff
changeset
|
2312 |
goto slow; |
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2313 |
} |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2314 |
} |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2315 |
if (groupmember(zdp->z_gid, cr)) {
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2316 |
groupmbr = B_TRUE; |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2317 |
if (zdp->z_mode & S_IXGRP) {
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2318 |
mutex_exit(&zdp->z_acl_lock); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2319 |
return (0); |
|
10232
f37b85f7e03e
6865875 zfs sometimes incorrectly giving search access to a dir
Tim Haley <Tim.Haley@Sun.COM>
parents:
10143
diff
changeset
|
2320 |
} else {
|
|
f37b85f7e03e
6865875 zfs sometimes incorrectly giving search access to a dir
Tim Haley <Tim.Haley@Sun.COM>
parents:
10143
diff
changeset
|
2321 |
mutex_exit(&zdp->z_acl_lock); |
|
f37b85f7e03e
6865875 zfs sometimes incorrectly giving search access to a dir
Tim Haley <Tim.Haley@Sun.COM>
parents:
10143
diff
changeset
|
2322 |
goto slow; |
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2323 |
} |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2324 |
} |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2325 |
if (!owner && !groupmbr) {
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2326 |
if (zdp->z_mode & S_IXOTH) {
|
|
9981
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2327 |
mutex_exit(&zdp->z_acl_lock); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2328 |
return (0); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2329 |
} |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2330 |
} |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2331 |
|
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2332 |
mutex_exit(&zdp->z_acl_lock); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2333 |
|
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2334 |
slow: |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2335 |
DTRACE_PROBE(zfs__fastpath__execute__access__miss); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2336 |
ZFS_ENTER(zdp->z_zfsvfs); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2337 |
error = zfs_zaccess(zdp, ACE_EXECUTE, 0, B_FALSE, cr); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2338 |
ZFS_EXIT(zdp->z_zfsvfs); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2339 |
return (error); |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2340 |
} |
|
b4907297e740
6775100 stat() performance on files on zfs should be improved
Tim Haley <Tim.Haley@Sun.COM>
parents:
9866
diff
changeset
|
2341 |
|
| 789 | 2342 |
/* |
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2343 |
* Determine whether Access should be granted/denied. |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2344 |
* The least priv subsytem is always consulted as a basic privilege |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2345 |
* can define any form of access. |
| 789 | 2346 |
*/ |
2347 |
int |
|
| 5331 | 2348 |
zfs_zaccess(znode_t *zp, int mode, int flags, boolean_t skipaclchk, cred_t *cr) |
| 789 | 2349 |
{
|
| 5331 | 2350 |
uint32_t working_mode; |
2351 |
int error; |
|
2352 |
int is_attr; |
|
2353 |
boolean_t check_privs; |
|
2354 |
znode_t *xzp; |
|
2355 |
znode_t *check_zp = zp; |
|
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2356 |
mode_t needed_bits; |
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2357 |
uid_t owner; |
| 789 | 2358 |
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2359 |
is_attr = ((zp->z_pflags & ZFS_XATTR) && (ZTOV(zp)->v_type == VDIR)); |
| 789 | 2360 |
|
2361 |
/* |
|
2362 |
* If attribute then validate against base file |
|
2363 |
*/ |
|
2364 |
if (is_attr) {
|
|
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2365 |
uint64_t parent; |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2366 |
|
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2367 |
if ((error = sa_lookup(zp->z_sa_hdl, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2368 |
SA_ZPL_PARENT(zp->z_zfsvfs), &parent, |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2369 |
sizeof (parent))) != 0) |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2370 |
return (error); |
|
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2371 |
|
| 789 | 2372 |
if ((error = zfs_zget(zp->z_zfsvfs, |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2373 |
parent, &xzp)) != 0) {
|
| 789 | 2374 |
return (error); |
2375 |
} |
|
| 5331 | 2376 |
|
| 789 | 2377 |
check_zp = xzp; |
| 5331 | 2378 |
|
| 789 | 2379 |
/* |
2380 |
* fixup mode to map to xattr perms |
|
2381 |
*/ |
|
2382 |
||
2383 |
if (mode & (ACE_WRITE_DATA|ACE_APPEND_DATA)) {
|
|
2384 |
mode &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA); |
|
2385 |
mode |= ACE_WRITE_NAMED_ATTRS; |
|
2386 |
} |
|
2387 |
||
2388 |
if (mode & (ACE_READ_DATA|ACE_EXECUTE)) {
|
|
2389 |
mode &= ~(ACE_READ_DATA|ACE_EXECUTE); |
|
2390 |
mode |= ACE_READ_NAMED_ATTRS; |
|
2391 |
} |
|
2392 |
} |
|
2393 |
||
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2394 |
owner = zfs_fuid_map_id(zp->z_zfsvfs, zp->z_uid, cr, ZFS_OWNER); |
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2395 |
/* |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2396 |
* Map the bits required to the standard vnode flags VREAD|VWRITE|VEXEC |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2397 |
* in needed_bits. Map the bits mapped by working_mode (currently |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2398 |
* missing) in missing_bits. |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2399 |
* Call secpolicy_vnode_access2() with (needed_bits & ~checkmode), |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2400 |
* needed_bits. |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2401 |
*/ |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2402 |
needed_bits = 0; |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2403 |
|
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2404 |
working_mode = mode; |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2405 |
if ((working_mode & (ACE_READ_ACL|ACE_READ_ATTRIBUTES)) && |
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2406 |
owner == crgetuid(cr)) |
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2407 |
working_mode &= ~(ACE_READ_ACL|ACE_READ_ATTRIBUTES); |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2408 |
|
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2409 |
if (working_mode & (ACE_READ_DATA|ACE_READ_NAMED_ATTRS| |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2410 |
ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_SYNCHRONIZE)) |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2411 |
needed_bits |= VREAD; |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2412 |
if (working_mode & (ACE_WRITE_DATA|ACE_WRITE_NAMED_ATTRS| |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2413 |
ACE_APPEND_DATA|ACE_WRITE_ATTRIBUTES|ACE_SYNCHRONIZE)) |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2414 |
needed_bits |= VWRITE; |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2415 |
if (working_mode & ACE_EXECUTE) |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2416 |
needed_bits |= VEXEC; |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2417 |
|
| 5331 | 2418 |
if ((error = zfs_zaccess_common(check_zp, mode, &working_mode, |
2419 |
&check_privs, skipaclchk, cr)) == 0) {
|
|
2420 |
if (is_attr) |
|
2421 |
VN_RELE(ZTOV(xzp)); |
|
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2422 |
return (secpolicy_vnode_access2(cr, ZTOV(zp), owner, |
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2423 |
needed_bits, needed_bits)); |
| 5331 | 2424 |
} |
| 789 | 2425 |
|
|
5959
1e1904b8526d
6650192 zfs ACL/fuid code could use some minor cleanup
marks
parents:
5824
diff
changeset
|
2426 |
if (error && !check_privs) {
|
| 789 | 2427 |
if (is_attr) |
2428 |
VN_RELE(ZTOV(xzp)); |
|
2429 |
return (error); |
|
2430 |
} |
|
2431 |
||
| 5331 | 2432 |
if (error && (flags & V_APPEND)) {
|
2433 |
error = zfs_zaccess_append(zp, &working_mode, &check_privs, cr); |
|
2434 |
} |
|
2435 |
||
2436 |
if (error && check_privs) {
|
|
2437 |
mode_t checkmode = 0; |
|
2438 |
||
2439 |
/* |
|
2440 |
* First check for implicit owner permission on |
|
2441 |
* read_acl/read_attributes |
|
2442 |
*/ |
|
2443 |
||
2444 |
error = 0; |
|
2445 |
ASSERT(working_mode != 0); |
|
2446 |
||
2447 |
if ((working_mode & (ACE_READ_ACL|ACE_READ_ATTRIBUTES) && |
|
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2448 |
owner == crgetuid(cr))) |
| 5331 | 2449 |
working_mode &= ~(ACE_READ_ACL|ACE_READ_ATTRIBUTES); |
2450 |
||
2451 |
if (working_mode & (ACE_READ_DATA|ACE_READ_NAMED_ATTRS| |
|
|
7624
0a59f685e81b
6744510 Should not allow to rename a file/folder when a user does not have permission
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7559
diff
changeset
|
2452 |
ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_SYNCHRONIZE)) |
| 5331 | 2453 |
checkmode |= VREAD; |
2454 |
if (working_mode & (ACE_WRITE_DATA|ACE_WRITE_NAMED_ATTRS| |
|
|
7624
0a59f685e81b
6744510 Should not allow to rename a file/folder when a user does not have permission
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7559
diff
changeset
|
2455 |
ACE_APPEND_DATA|ACE_WRITE_ATTRIBUTES|ACE_SYNCHRONIZE)) |
| 5331 | 2456 |
checkmode |= VWRITE; |
2457 |
if (working_mode & ACE_EXECUTE) |
|
2458 |
checkmode |= VEXEC; |
|
2459 |
||
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2460 |
error = secpolicy_vnode_access2(cr, ZTOV(check_zp), owner, |
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2461 |
needed_bits & ~checkmode, needed_bits); |
| 5331 | 2462 |
|
2463 |
if (error == 0 && (working_mode & ACE_WRITE_OWNER)) |
|
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2464 |
error = secpolicy_vnode_chown(cr, owner); |
| 5331 | 2465 |
if (error == 0 && (working_mode & ACE_WRITE_ACL)) |
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2466 |
error = secpolicy_vnode_setdac(cr, owner); |
| 5331 | 2467 |
|
2468 |
if (error == 0 && (working_mode & |
|
2469 |
(ACE_DELETE|ACE_DELETE_CHILD))) |
|
2470 |
error = secpolicy_vnode_remove(cr); |
|
2471 |
||
|
7624
0a59f685e81b
6744510 Should not allow to rename a file/folder when a user does not have permission
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7559
diff
changeset
|
2472 |
if (error == 0 && (working_mode & ACE_SYNCHRONIZE)) {
|
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2473 |
error = secpolicy_vnode_chown(cr, owner); |
|
7624
0a59f685e81b
6744510 Should not allow to rename a file/folder when a user does not have permission
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
7559
diff
changeset
|
2474 |
} |
| 5331 | 2475 |
if (error == 0) {
|
2476 |
/* |
|
2477 |
* See if any bits other than those already checked |
|
2478 |
* for are still present. If so then return EACCES |
|
2479 |
*/ |
|
2480 |
if (working_mode & ~(ZFS_CHECKED_MASKS)) {
|
|
2481 |
error = EACCES; |
|
2482 |
} |
|
2483 |
} |
|
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2484 |
} else if (error == 0) {
|
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2485 |
error = secpolicy_vnode_access2(cr, ZTOV(zp), owner, |
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2486 |
needed_bits, needed_bits); |
| 789 | 2487 |
} |
2488 |
||
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2489 |
|
| 789 | 2490 |
if (is_attr) |
2491 |
VN_RELE(ZTOV(xzp)); |
|
2492 |
||
2493 |
return (error); |
|
2494 |
} |
|
2495 |
||
2496 |
/* |
|
| 5331 | 2497 |
* Translate traditional unix VREAD/VWRITE/VEXEC mode into |
2498 |
* native ACL format and call zfs_zaccess() |
|
| 789 | 2499 |
*/ |
2500 |
int |
|
| 5331 | 2501 |
zfs_zaccess_rwx(znode_t *zp, mode_t mode, int flags, cred_t *cr) |
| 789 | 2502 |
{
|
| 5331 | 2503 |
return (zfs_zaccess(zp, zfs_unix_to_v4(mode >> 6), flags, B_FALSE, cr)); |
| 789 | 2504 |
} |
2505 |
||
2506 |
/* |
|
| 5331 | 2507 |
* Access function for secpolicy_vnode_setattr |
| 789 | 2508 |
*/ |
2509 |
int |
|
| 5331 | 2510 |
zfs_zaccess_unix(znode_t *zp, mode_t mode, cred_t *cr) |
| 789 | 2511 |
{
|
2512 |
int v4_mode = zfs_unix_to_v4(mode >> 6); |
|
2513 |
||
| 5331 | 2514 |
return (zfs_zaccess(zp, v4_mode, 0, B_FALSE, cr)); |
| 789 | 2515 |
} |
2516 |
||
|
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2517 |
static int |
|
6257
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2518 |
zfs_delete_final_check(znode_t *zp, znode_t *dzp, |
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2519 |
mode_t available_perms, cred_t *cr) |
|
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2520 |
{
|
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2521 |
int error; |
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2522 |
uid_t downer; |
|
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2523 |
|
|
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2524 |
downer = zfs_fuid_map_id(dzp->z_zfsvfs, dzp->z_uid, cr, ZFS_OWNER); |
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2525 |
|
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2526 |
error = secpolicy_vnode_access2(cr, ZTOV(dzp), |
|
13081
79b387e27d99
6971929 Unable to add/remove ACE after doing idmap flush -a
Mark Shellenbaum <Mark.Shellenbaum@Oracle.COM>
parents:
13058
diff
changeset
|
2527 |
downer, available_perms, VWRITE|VEXEC); |
|
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2528 |
|
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2529 |
if (error == 0) |
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2530 |
error = zfs_sticky_remove_access(dzp, zp, cr); |
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2531 |
|
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2532 |
return (error); |
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2533 |
} |
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2534 |
|
| 789 | 2535 |
/* |
2536 |
* Determine whether Access should be granted/deny, without |
|
2537 |
* consulting least priv subsystem. |
|
2538 |
* |
|
2539 |
* |
|
2540 |
* The following chart is the recommended NFSv4 enforcement for |
|
2541 |
* ability to delete an object. |
|
2542 |
* |
|
2543 |
* ------------------------------------------------------- |
|
2544 |
* | Parent Dir | Target Object Permissions | |
|
2545 |
* | permissions | | |
|
2546 |
* ------------------------------------------------------- |
|
2547 |
* | | ACL Allows | ACL Denies| Delete | |
|
2548 |
* | | Delete | Delete | unspecified| |
|
2549 |
* ------------------------------------------------------- |
|
2550 |
* | ACL Allows | Permit | Permit | Permit | |
|
2551 |
* | DELETE_CHILD | | |
|
2552 |
* ------------------------------------------------------- |
|
2553 |
* | ACL Denies | Permit | Deny | Deny | |
|
2554 |
* | DELETE_CHILD | | | | |
|
2555 |
* ------------------------------------------------------- |
|
2556 |
* | ACL specifies | | | | |
|
2557 |
* | only allow | Permit | Permit | Permit | |
|
2558 |
* | write and | | | | |
|
2559 |
* | execute | | | | |
|
2560 |
* ------------------------------------------------------- |
|
2561 |
* | ACL denies | | | | |
|
2562 |
* | write and | Permit | Deny | Deny | |
|
2563 |
* | execute | | | | |
|
2564 |
* ------------------------------------------------------- |
|
2565 |
* ^ |
|
2566 |
* | |
|
2567 |
* No search privilege, can't even look up file? |
|
2568 |
* |
|
2569 |
*/ |
|
2570 |
int |
|
2571 |
zfs_zaccess_delete(znode_t *dzp, znode_t *zp, cred_t *cr) |
|
2572 |
{
|
|
| 5331 | 2573 |
uint32_t dzp_working_mode = 0; |
2574 |
uint32_t zp_working_mode = 0; |
|
| 789 | 2575 |
int dzp_error, zp_error; |
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2576 |
mode_t available_perms; |
| 5331 | 2577 |
boolean_t dzpcheck_privs = B_TRUE; |
2578 |
boolean_t zpcheck_privs = B_TRUE; |
|
| 789 | 2579 |
|
2580 |
/* |
|
|
6257
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2581 |
* We want specific DELETE permissions to |
| 789 | 2582 |
* take precedence over WRITE/EXECUTE. We don't |
2583 |
* want an ACL such as this to mess us up. |
|
|
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2584 |
* user:joe:write_data:deny,user:joe:delete:allow |
| 789 | 2585 |
* |
2586 |
* However, deny permissions may ultimately be overridden |
|
2587 |
* by secpolicy_vnode_access(). |
|
|
6257
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2588 |
* |
|
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2589 |
* We will ask for all of the necessary permissions and then |
|
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2590 |
* look at the working modes from the directory and target object |
|
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2591 |
* to determine what was found. |
| 789 | 2592 |
*/ |
2593 |
||
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2594 |
if (zp->z_pflags & (ZFS_IMMUTABLE | ZFS_NOUNLINK)) |
| 5331 | 2595 |
return (EPERM); |
2596 |
||
|
6257
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2597 |
/* |
| 7163 | 2598 |
* First row |
|
6257
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2599 |
* If the directory permissions allow the delete, we are done. |
|
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2600 |
*/ |
| 7163 | 2601 |
if ((dzp_error = zfs_zaccess_common(dzp, ACE_DELETE_CHILD, |
|
6257
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2602 |
&dzp_working_mode, &dzpcheck_privs, B_FALSE, cr)) == 0) |
|
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2603 |
return (0); |
| 789 | 2604 |
|
|
6257
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2605 |
/* |
|
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2606 |
* If target object has delete permission then we are done |
|
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2607 |
*/ |
|
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2608 |
if ((zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode, |
|
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2609 |
&zpcheck_privs, B_FALSE, cr)) == 0) |
|
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2610 |
return (0); |
|
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2611 |
|
| 7163 | 2612 |
ASSERT(dzp_error && zp_error); |
2613 |
||
|
6257
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2614 |
if (!dzpcheck_privs) |
| 789 | 2615 |
return (dzp_error); |
| 7163 | 2616 |
if (!zpcheck_privs) |
|
6257
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2617 |
return (zp_error); |
| 789 | 2618 |
|
2619 |
/* |
|
2620 |
* Second row |
|
| 7163 | 2621 |
* |
2622 |
* If directory returns EACCES then delete_child was denied |
|
2623 |
* due to deny delete_child. In this case send the request through |
|
2624 |
* secpolicy_vnode_remove(). We don't use zfs_delete_final_check() |
|
2625 |
* since that *could* allow the delete based on write/execute permission |
|
2626 |
* and we want delete permissions to override write/execute. |
|
| 789 | 2627 |
*/ |
2628 |
||
|
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2629 |
if (dzp_error == EACCES) |
| 7163 | 2630 |
return (secpolicy_vnode_remove(cr)); |
|
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2631 |
|
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
2632 |
/* |
| 789 | 2633 |
* Third Row |
|
6257
0c7475fa4852
6674548 zfs_delete_final_check calls secpolicy_vnode_access on wrong vnode
marks
parents:
6056
diff
changeset
|
2634 |
* only need to see if we have write/execute on directory. |
| 789 | 2635 |
*/ |
2636 |
||
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2637 |
dzp_error = zfs_zaccess_common(dzp, ACE_EXECUTE|ACE_WRITE_DATA, |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2638 |
&dzp_working_mode, &dzpcheck_privs, B_FALSE, cr); |
| 789 | 2639 |
|
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2640 |
if (dzp_error != 0 && !dzpcheck_privs) |
| 7163 | 2641 |
return (dzp_error); |
2642 |
||
| 789 | 2643 |
/* |
| 7163 | 2644 |
* Fourth row |
| 789 | 2645 |
*/ |
2646 |
||
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2647 |
available_perms = (dzp_working_mode & ACE_WRITE_DATA) ? 0 : VWRITE; |
|
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2648 |
available_perms |= (dzp_working_mode & ACE_EXECUTE) ? 0 : VEXEC; |
| 7163 | 2649 |
|
|
12273
63678502e95e
PSARC 2009/377 In-kernel pfexec implementation.
Casper H.S. Dik <Casper.Dik@Sun.COM>
parents:
12218
diff
changeset
|
2650 |
return (zfs_delete_final_check(zp, dzp, available_perms, cr)); |
| 7163 | 2651 |
|
| 789 | 2652 |
} |
2653 |
||
2654 |
int |
|
2655 |
zfs_zaccess_rename(znode_t *sdzp, znode_t *szp, znode_t *tdzp, |
|
2656 |
znode_t *tzp, cred_t *cr) |
|
2657 |
{
|
|
2658 |
int add_perm; |
|
2659 |
int error; |
|
2660 |
||
|
11935
538c866aaac6
6716117 ZFS needs native system attribute infrastructure
Mark Shellenbaum <Mark.Shellenbaum@Sun.COM>
parents:
11574
diff
changeset
|
2661 |
if (szp->z_pflags & ZFS_AV_QUARANTINED) |
| 5331 | 2662 |
return (EACCES); |
2663 |
||
| 789 | 2664 |
add_perm = (ZTOV(szp)->v_type == VDIR) ? |
2665 |
ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE; |
|
2666 |
||
2667 |
/* |
|
2668 |
* Rename permissions are combination of delete permission + |
|
2669 |
* add file/subdir permission. |
|
2670 |
*/ |
|
2671 |
||
2672 |
/* |
|
2673 |
* first make sure we do the delete portion. |
|
2674 |
* |
|
2675 |
* If that succeeds then check for add_file/add_subdir permissions |
|
2676 |
*/ |
|
2677 |
||
2678 |
if (error = zfs_zaccess_delete(sdzp, szp, cr)) |
|
2679 |
return (error); |
|
2680 |
||
2681 |
/* |
|
2682 |
* If we have a tzp, see if we can delete it? |
|
2683 |
*/ |
|
2684 |
if (tzp) {
|
|
2685 |
if (error = zfs_zaccess_delete(tdzp, tzp, cr)) |
|
2686 |
return (error); |
|
2687 |
} |
|
2688 |
||
2689 |
/* |
|
2690 |
* Now check for add permissions |
|
2691 |
*/ |
|
| 5331 | 2692 |
error = zfs_zaccess(tdzp, add_perm, 0, B_FALSE, cr); |
| 789 | 2693 |
|
2694 |
return (error); |
|
2695 |
} |