author | marks |
Thu, 24 Aug 2006 07:46:56 -0700 | |
changeset 2604 | b2fb13f56fe7 |
parent 2113 | 0510bb40c993 |
child 2638 | 4f583dfeae92 |
permissions | -rw-r--r-- |
789 | 1 |
/* |
2 |
* CDDL HEADER START |
|
3 |
* |
|
4 |
* The contents of this file are subject to the terms of the |
|
1544 | 5 |
* Common Development and Distribution License (the "License"). |
6 |
* You may not use this file except in compliance with the License. |
|
789 | 7 |
* |
8 |
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 |
* or http://www.opensolaris.org/os/licensing. |
|
10 |
* See the License for the specific language governing permissions |
|
11 |
* and limitations under the License. |
|
12 |
* |
|
13 |
* When distributing Covered Code, include this CDDL HEADER in each |
|
14 |
* file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 |
* If applicable, add the following below this CDDL HEADER, with the |
|
16 |
* fields enclosed by brackets "[]" replaced with your own identifying |
|
17 |
* information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 |
* |
|
19 |
* CDDL HEADER END |
|
20 |
*/ |
|
21 |
/* |
|
1308
997e6a49c409
6362908 nfsv4-test: RENAME does not check PERM with NFSv4/ZFS
marks
parents:
975
diff
changeset
|
22 |
* Copyright 2006 Sun Microsystems, Inc. All rights reserved. |
789 | 23 |
* Use is subject to license terms. |
24 |
*/ |
|
25 |
||
26 |
#pragma ident "%Z%%M% %I% %E% SMI" |
|
27 |
||
28 |
#include <sys/types.h> |
|
29 |
#include <sys/param.h> |
|
30 |
#include <sys/time.h> |
|
31 |
#include <sys/systm.h> |
|
32 |
#include <sys/sysmacros.h> |
|
33 |
#include <sys/resource.h> |
|
34 |
#include <sys/vfs.h> |
|
35 |
#include <sys/vnode.h> |
|
36 |
#include <sys/file.h> |
|
37 |
#include <sys/stat.h> |
|
38 |
#include <sys/kmem.h> |
|
39 |
#include <sys/cmn_err.h> |
|
40 |
#include <sys/errno.h> |
|
41 |
#include <sys/unistd.h> |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
42 |
#include <sys/sdt.h> |
789 | 43 |
#include <sys/fs/zfs.h> |
44 |
#include <sys/mode.h> |
|
45 |
#include <sys/policy.h> |
|
46 |
#include <sys/zfs_znode.h> |
|
47 |
#include <sys/zfs_acl.h> |
|
48 |
#include <sys/zfs_dir.h> |
|
49 |
#include <sys/zfs_vfsops.h> |
|
50 |
#include <sys/dmu.h> |
|
51 |
#include <sys/zap.h> |
|
52 |
#include <util/qsort.h> |
|
53 |
#include "fs/fs_subr.h" |
|
54 |
#include <acl/acl_common.h> |
|
55 |
||
56 |
#define ALLOW ACE_ACCESS_ALLOWED_ACE_TYPE |
|
57 |
#define DENY ACE_ACCESS_DENIED_ACE_TYPE |
|
58 |
||
59 |
#define OWNING_GROUP (ACE_GROUP|ACE_IDENTIFIER_GROUP) |
|
60 |
#define EVERYONE_ALLOW_MASK (ACE_READ_ACL|ACE_READ_ATTRIBUTES | \ |
|
61 |
ACE_READ_NAMED_ATTRS|ACE_SYNCHRONIZE) |
|
62 |
#define EVERYONE_DENY_MASK (ACE_WRITE_ACL|ACE_WRITE_OWNER | \ |
|
63 |
ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS) |
|
64 |
#define OWNER_ALLOW_MASK (ACE_WRITE_ACL | ACE_WRITE_OWNER | \ |
|
65 |
ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS) |
|
66 |
#define WRITE_MASK (ACE_WRITE_DATA|ACE_APPEND_DATA|ACE_WRITE_NAMED_ATTRS| \ |
|
67 |
ACE_WRITE_ATTRIBUTES|ACE_WRITE_ACL|ACE_WRITE_OWNER) |
|
68 |
||
69 |
#define OGE_CLEAR (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ |
|
70 |
ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE) |
|
71 |
||
72 |
#define OKAY_MASK_BITS (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ |
|
73 |
ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE) |
|
74 |
||
75 |
#define ALL_INHERIT (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE | \ |
|
76 |
ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE) |
|
77 |
||
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
78 |
#define SECURE_CLEAR (ACE_WRITE_ACL|ACE_WRITE_OWNER) |
789 | 79 |
|
80 |
#define OGE_PAD 6 /* traditional owner/group/everyone ACES */ |
|
81 |
||
82 |
static int zfs_ace_can_use(znode_t *zp, ace_t *); |
|
83 |
||
84 |
static zfs_acl_t * |
|
85 |
zfs_acl_alloc(int slots) |
|
86 |
{ |
|
87 |
zfs_acl_t *aclp; |
|
88 |
||
89 |
aclp = kmem_zalloc(sizeof (zfs_acl_t), KM_SLEEP); |
|
90 |
if (slots != 0) { |
|
91 |
aclp->z_acl = kmem_alloc(ZFS_ACL_SIZE(slots), KM_SLEEP); |
|
92 |
aclp->z_acl_count = 0; |
|
93 |
aclp->z_state = ACL_DATA_ALLOCED; |
|
94 |
} else { |
|
95 |
aclp->z_state = 0; |
|
96 |
} |
|
97 |
aclp->z_slots = slots; |
|
98 |
return (aclp); |
|
99 |
} |
|
100 |
||
101 |
void |
|
102 |
zfs_acl_free(zfs_acl_t *aclp) |
|
103 |
{ |
|
104 |
if (aclp->z_state == ACL_DATA_ALLOCED) { |
|
105 |
kmem_free(aclp->z_acl, ZFS_ACL_SIZE(aclp->z_slots)); |
|
106 |
} |
|
107 |
kmem_free(aclp, sizeof (zfs_acl_t)); |
|
108 |
} |
|
109 |
||
110 |
static uint32_t |
|
111 |
zfs_v4_to_unix(uint32_t access_mask) |
|
112 |
{ |
|
113 |
uint32_t new_mask = 0; |
|
114 |
||
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
115 |
/* |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
116 |
* This is used for mapping v4 permissions into permissions |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
117 |
* that can be passed to secpolicy_vnode_access() |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
118 |
*/ |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
119 |
if (access_mask & (ACE_READ_DATA | ACE_LIST_DIRECTORY | |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
120 |
ACE_READ_ATTRIBUTES | ACE_READ_ACL)) |
789 | 121 |
new_mask |= S_IROTH; |
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
122 |
if (access_mask & (ACE_WRITE_DATA | ACE_APPEND_DATA | |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
123 |
ACE_WRITE_ATTRIBUTES | ACE_ADD_FILE | ACE_WRITE_NAMED_ATTRS)) |
789 | 124 |
new_mask |= S_IWOTH; |
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
125 |
if (access_mask & (ACE_EXECUTE | ACE_READ_NAMED_ATTRS)) |
789 | 126 |
new_mask |= S_IXOTH; |
127 |
||
128 |
return (new_mask); |
|
129 |
} |
|
130 |
||
131 |
/* |
|
132 |
* Convert unix access mask to v4 access mask |
|
133 |
*/ |
|
134 |
static uint32_t |
|
135 |
zfs_unix_to_v4(uint32_t access_mask) |
|
136 |
{ |
|
137 |
uint32_t new_mask = 0; |
|
138 |
||
139 |
if (access_mask & 01) |
|
140 |
new_mask |= (ACE_EXECUTE); |
|
141 |
if (access_mask & 02) { |
|
142 |
new_mask |= (ACE_WRITE_DATA); |
|
143 |
} if (access_mask & 04) { |
|
144 |
new_mask |= ACE_READ_DATA; |
|
145 |
} |
|
146 |
return (new_mask); |
|
147 |
} |
|
148 |
||
149 |
static void |
|
150 |
zfs_set_ace(ace_t *zacep, uint32_t access_mask, int access_type, |
|
151 |
uid_t uid, int entry_type) |
|
152 |
{ |
|
153 |
zacep->a_access_mask = access_mask; |
|
154 |
zacep->a_type = access_type; |
|
155 |
zacep->a_who = uid; |
|
156 |
zacep->a_flags = entry_type; |
|
157 |
} |
|
158 |
||
159 |
static uint64_t |
|
160 |
zfs_mode_compute(znode_t *zp, zfs_acl_t *aclp) |
|
161 |
{ |
|
162 |
int i; |
|
163 |
int entry_type; |
|
164 |
mode_t mode = (zp->z_phys->zp_mode & |
|
165 |
(S_IFMT | S_ISUID | S_ISGID | S_ISVTX)); |
|
166 |
mode_t seen = 0; |
|
167 |
ace_t *acep; |
|
168 |
||
169 |
for (i = 0, acep = aclp->z_acl; |
|
170 |
i != aclp->z_acl_count; i++, acep++) { |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
171 |
entry_type = (acep->a_flags & ACE_TYPE_FLAGS); |
789 | 172 |
if (entry_type == ACE_OWNER) { |
173 |
if ((acep->a_access_mask & ACE_READ_DATA) && |
|
174 |
(!(seen & S_IRUSR))) { |
|
175 |
seen |= S_IRUSR; |
|
176 |
if (acep->a_type == ALLOW) { |
|
177 |
mode |= S_IRUSR; |
|
178 |
} |
|
179 |
} |
|
180 |
if ((acep->a_access_mask & ACE_WRITE_DATA) && |
|
181 |
(!(seen & S_IWUSR))) { |
|
182 |
seen |= S_IWUSR; |
|
183 |
if (acep->a_type == ALLOW) { |
|
184 |
mode |= S_IWUSR; |
|
185 |
} |
|
186 |
} |
|
187 |
if ((acep->a_access_mask & ACE_EXECUTE) && |
|
188 |
(!(seen & S_IXUSR))) { |
|
189 |
seen |= S_IXUSR; |
|
190 |
if (acep->a_type == ALLOW) { |
|
191 |
mode |= S_IXUSR; |
|
192 |
} |
|
193 |
} |
|
194 |
} else if (entry_type == OWNING_GROUP) { |
|
195 |
if ((acep->a_access_mask & ACE_READ_DATA) && |
|
196 |
(!(seen & S_IRGRP))) { |
|
197 |
seen |= S_IRGRP; |
|
198 |
if (acep->a_type == ALLOW) { |
|
199 |
mode |= S_IRGRP; |
|
200 |
} |
|
201 |
} |
|
202 |
if ((acep->a_access_mask & ACE_WRITE_DATA) && |
|
203 |
(!(seen & S_IWGRP))) { |
|
204 |
seen |= S_IWGRP; |
|
205 |
if (acep->a_type == ALLOW) { |
|
206 |
mode |= S_IWGRP; |
|
207 |
} |
|
208 |
} |
|
209 |
if ((acep->a_access_mask & ACE_EXECUTE) && |
|
210 |
(!(seen & S_IXGRP))) { |
|
211 |
seen |= S_IXGRP; |
|
212 |
if (acep->a_type == ALLOW) { |
|
213 |
mode |= S_IXGRP; |
|
214 |
} |
|
215 |
} |
|
216 |
} else if (entry_type == ACE_EVERYONE) { |
|
217 |
if ((acep->a_access_mask & ACE_READ_DATA)) { |
|
218 |
if (!(seen & S_IRUSR)) { |
|
219 |
seen |= S_IRUSR; |
|
220 |
if (acep->a_type == ALLOW) { |
|
221 |
mode |= S_IRUSR; |
|
222 |
} |
|
223 |
} |
|
224 |
if (!(seen & S_IRGRP)) { |
|
225 |
seen |= S_IRGRP; |
|
226 |
if (acep->a_type == ALLOW) { |
|
227 |
mode |= S_IRGRP; |
|
228 |
} |
|
229 |
} |
|
230 |
if (!(seen & S_IROTH)) { |
|
231 |
seen |= S_IROTH; |
|
232 |
if (acep->a_type == ALLOW) { |
|
233 |
mode |= S_IROTH; |
|
234 |
} |
|
235 |
} |
|
236 |
} |
|
237 |
if ((acep->a_access_mask & ACE_WRITE_DATA)) { |
|
238 |
if (!(seen & S_IWUSR)) { |
|
239 |
seen |= S_IWUSR; |
|
240 |
if (acep->a_type == ALLOW) { |
|
241 |
mode |= S_IWUSR; |
|
242 |
} |
|
243 |
} |
|
244 |
if (!(seen & S_IWGRP)) { |
|
245 |
seen |= S_IWGRP; |
|
246 |
if (acep->a_type == ALLOW) { |
|
247 |
mode |= S_IWGRP; |
|
248 |
} |
|
249 |
} |
|
250 |
if (!(seen & S_IWOTH)) { |
|
251 |
seen |= S_IWOTH; |
|
252 |
if (acep->a_type == ALLOW) { |
|
253 |
mode |= S_IWOTH; |
|
254 |
} |
|
255 |
} |
|
256 |
} |
|
257 |
if ((acep->a_access_mask & ACE_EXECUTE)) { |
|
258 |
if (!(seen & S_IXUSR)) { |
|
259 |
seen |= S_IXUSR; |
|
260 |
if (acep->a_type == ALLOW) { |
|
261 |
mode |= S_IXUSR; |
|
262 |
} |
|
263 |
} |
|
264 |
if (!(seen & S_IXGRP)) { |
|
265 |
seen |= S_IXGRP; |
|
266 |
if (acep->a_type == ALLOW) { |
|
267 |
mode |= S_IXGRP; |
|
268 |
} |
|
269 |
} |
|
270 |
if (!(seen & S_IXOTH)) { |
|
271 |
seen |= S_IXOTH; |
|
272 |
if (acep->a_type == ALLOW) { |
|
273 |
mode |= S_IXOTH; |
|
274 |
} |
|
275 |
} |
|
276 |
} |
|
277 |
} |
|
278 |
} |
|
279 |
return (mode); |
|
280 |
} |
|
281 |
||
282 |
static zfs_acl_t * |
|
283 |
zfs_acl_node_read_internal(znode_t *zp) |
|
284 |
{ |
|
285 |
zfs_acl_t *aclp; |
|
286 |
||
287 |
aclp = zfs_acl_alloc(0); |
|
288 |
aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_count; |
|
289 |
aclp->z_acl = &zp->z_phys->zp_acl.z_ace_data[0]; |
|
290 |
||
291 |
return (aclp); |
|
292 |
} |
|
293 |
||
294 |
/* |
|
295 |
* Read an external acl object. |
|
296 |
*/ |
|
1544 | 297 |
static int |
298 |
zfs_acl_node_read(znode_t *zp, zfs_acl_t **aclpp) |
|
789 | 299 |
{ |
300 |
uint64_t extacl = zp->z_phys->zp_acl.z_acl_extern_obj; |
|
301 |
zfs_acl_t *aclp; |
|
1544 | 302 |
int error; |
789 | 303 |
|
304 |
ASSERT(MUTEX_HELD(&zp->z_acl_lock)); |
|
305 |
||
1544 | 306 |
if (zp->z_phys->zp_acl.z_acl_extern_obj == 0) { |
307 |
*aclpp = zfs_acl_node_read_internal(zp); |
|
308 |
return (0); |
|
309 |
} |
|
789 | 310 |
|
311 |
aclp = zfs_acl_alloc(zp->z_phys->zp_acl.z_acl_count); |
|
312 |
||
1544 | 313 |
error = dmu_read(zp->z_zfsvfs->z_os, extacl, 0, |
789 | 314 |
ZFS_ACL_SIZE(zp->z_phys->zp_acl.z_acl_count), aclp->z_acl); |
1544 | 315 |
if (error != 0) { |
316 |
zfs_acl_free(aclp); |
|
317 |
return (error); |
|
318 |
} |
|
789 | 319 |
|
320 |
aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_count; |
|
321 |
||
1544 | 322 |
*aclpp = aclp; |
323 |
return (0); |
|
789 | 324 |
} |
325 |
||
326 |
static boolean_t |
|
327 |
zfs_acl_valid(znode_t *zp, ace_t *uace, int aclcnt, int *inherit) |
|
328 |
{ |
|
329 |
ace_t *acep; |
|
330 |
int i; |
|
331 |
||
332 |
*inherit = 0; |
|
333 |
||
334 |
if (aclcnt > MAX_ACL_ENTRIES || aclcnt <= 0) { |
|
335 |
return (B_FALSE); |
|
336 |
} |
|
337 |
||
338 |
for (i = 0, acep = uace; i != aclcnt; i++, acep++) { |
|
339 |
||
340 |
/* |
|
341 |
* first check type of entry |
|
342 |
*/ |
|
343 |
||
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
344 |
switch (acep->a_flags & ACE_TYPE_FLAGS) { |
789 | 345 |
case ACE_OWNER: |
346 |
acep->a_who = -1; |
|
347 |
break; |
|
348 |
case (ACE_IDENTIFIER_GROUP | ACE_GROUP): |
|
349 |
case ACE_IDENTIFIER_GROUP: |
|
350 |
if (acep->a_flags & ACE_GROUP) { |
|
351 |
acep->a_who = -1; |
|
352 |
} |
|
353 |
break; |
|
354 |
case ACE_EVERYONE: |
|
355 |
acep->a_who = -1; |
|
356 |
break; |
|
357 |
} |
|
358 |
||
359 |
/* |
|
360 |
* next check inheritance level flags |
|
361 |
*/ |
|
362 |
||
363 |
if (acep->a_type != ALLOW && acep->a_type != DENY) |
|
364 |
return (B_FALSE); |
|
365 |
||
366 |
/* |
|
367 |
* Only directories should have inheritance flags. |
|
368 |
*/ |
|
369 |
if (ZTOV(zp)->v_type != VDIR && (acep->a_flags & |
|
370 |
(ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE| |
|
371 |
ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE))) { |
|
372 |
return (B_FALSE); |
|
373 |
} |
|
374 |
||
375 |
if (acep->a_flags & |
|
376 |
(ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE)) |
|
377 |
*inherit = 1; |
|
378 |
||
379 |
if (acep->a_flags & |
|
380 |
(ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) { |
|
381 |
if ((acep->a_flags & (ACE_FILE_INHERIT_ACE| |
|
382 |
ACE_DIRECTORY_INHERIT_ACE)) == 0) { |
|
383 |
return (B_FALSE); |
|
384 |
} |
|
385 |
} |
|
386 |
} |
|
387 |
||
388 |
return (B_TRUE); |
|
389 |
} |
|
390 |
/* |
|
391 |
* common code for setting acl's. |
|
392 |
* |
|
393 |
* This function is called from zfs_mode_update, zfs_perm_init, and zfs_setacl. |
|
394 |
* zfs_setacl passes a non-NULL inherit pointer (ihp) to indicate that it's |
|
395 |
* already checked the acl and knows whether to inherit. |
|
396 |
*/ |
|
397 |
int |
|
398 |
zfs_aclset_common(znode_t *zp, zfs_acl_t *aclp, dmu_tx_t *tx, int *ihp) |
|
399 |
{ |
|
400 |
int inherit = 0; |
|
401 |
int error; |
|
402 |
znode_phys_t *zphys = zp->z_phys; |
|
403 |
zfs_znode_acl_t *zacl = &zphys->zp_acl; |
|
404 |
uint32_t acl_phys_size = ZFS_ACL_SIZE(aclp->z_acl_count); |
|
405 |
zfsvfs_t *zfsvfs = zp->z_zfsvfs; |
|
406 |
uint64_t aoid = zphys->zp_acl.z_acl_extern_obj; |
|
407 |
||
408 |
ASSERT(MUTEX_HELD(&zp->z_lock)); |
|
409 |
ASSERT(MUTEX_HELD(&zp->z_acl_lock)); |
|
410 |
||
411 |
if (ihp) |
|
412 |
inherit = *ihp; /* already determined by caller */ |
|
413 |
else if (!zfs_acl_valid(zp, aclp->z_acl, |
|
414 |
aclp->z_acl_count, &inherit)) { |
|
415 |
return (EINVAL); |
|
416 |
} |
|
417 |
||
418 |
dmu_buf_will_dirty(zp->z_dbuf, tx); |
|
419 |
||
420 |
/* |
|
421 |
* Will ACL fit internally? |
|
422 |
*/ |
|
423 |
if (aclp->z_acl_count > ACE_SLOT_CNT) { |
|
424 |
if (aoid == 0) { |
|
425 |
aoid = dmu_object_alloc(zfsvfs->z_os, |
|
426 |
DMU_OT_ACL, acl_phys_size, DMU_OT_NONE, 0, tx); |
|
427 |
} else { |
|
428 |
(void) dmu_object_set_blocksize(zfsvfs->z_os, aoid, |
|
429 |
acl_phys_size, 0, tx); |
|
430 |
} |
|
431 |
zphys->zp_acl.z_acl_extern_obj = aoid; |
|
432 |
zphys->zp_acl.z_acl_count = aclp->z_acl_count; |
|
433 |
dmu_write(zfsvfs->z_os, aoid, 0, |
|
434 |
acl_phys_size, aclp->z_acl, tx); |
|
435 |
} else { |
|
436 |
/* |
|
437 |
* Migrating back embedded? |
|
438 |
*/ |
|
439 |
if (zphys->zp_acl.z_acl_extern_obj) { |
|
440 |
error = dmu_object_free(zfsvfs->z_os, |
|
441 |
zp->z_phys->zp_acl.z_acl_extern_obj, tx); |
|
442 |
if (error) |
|
443 |
return (error); |
|
444 |
zphys->zp_acl.z_acl_extern_obj = 0; |
|
445 |
} |
|
446 |
bcopy(aclp->z_acl, zacl->z_ace_data, |
|
447 |
aclp->z_acl_count * sizeof (ace_t)); |
|
448 |
zacl->z_acl_count = aclp->z_acl_count; |
|
449 |
} |
|
905
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
450 |
|
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
451 |
zp->z_phys->zp_flags &= ~(ZFS_ACL_TRIVIAL|ZFS_INHERIT_ACE); |
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
452 |
if (inherit) { |
789 | 453 |
zp->z_phys->zp_flags |= ZFS_INHERIT_ACE; |
905
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
454 |
} else if (ace_trivial(zacl->z_ace_data, zacl->z_acl_count) == 0) { |
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
455 |
zp->z_phys->zp_flags |= ZFS_ACL_TRIVIAL; |
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
456 |
} |
789 | 457 |
|
458 |
zphys->zp_mode = zfs_mode_compute(zp, aclp); |
|
459 |
zfs_time_stamper_locked(zp, STATE_CHANGED, tx); |
|
460 |
||
461 |
return (0); |
|
462 |
} |
|
463 |
||
464 |
/* |
|
465 |
* Create space for slots_needed ACEs to be append |
|
466 |
* to aclp. |
|
467 |
*/ |
|
468 |
static void |
|
469 |
zfs_acl_append(zfs_acl_t *aclp, int slots_needed) |
|
470 |
{ |
|
471 |
ace_t *newacep; |
|
472 |
ace_t *oldaclp; |
|
473 |
int slot_cnt; |
|
474 |
int slots_left = aclp->z_slots - aclp->z_acl_count; |
|
475 |
||
476 |
if (aclp->z_state == ACL_DATA_ALLOCED) |
|
477 |
ASSERT(aclp->z_slots >= aclp->z_acl_count); |
|
478 |
if (slots_left < slots_needed || aclp->z_state != ACL_DATA_ALLOCED) { |
|
479 |
slot_cnt = aclp->z_slots + 1 + (slots_needed - slots_left); |
|
480 |
newacep = kmem_alloc(ZFS_ACL_SIZE(slot_cnt), KM_SLEEP); |
|
481 |
bcopy(aclp->z_acl, newacep, |
|
482 |
ZFS_ACL_SIZE(aclp->z_acl_count)); |
|
483 |
oldaclp = aclp->z_acl; |
|
484 |
if (aclp->z_state == ACL_DATA_ALLOCED) |
|
485 |
kmem_free(oldaclp, ZFS_ACL_SIZE(aclp->z_slots)); |
|
486 |
aclp->z_acl = newacep; |
|
487 |
aclp->z_slots = slot_cnt; |
|
488 |
aclp->z_state = ACL_DATA_ALLOCED; |
|
489 |
} |
|
490 |
} |
|
491 |
||
492 |
/* |
|
493 |
* Remove "slot" ACE from aclp |
|
494 |
*/ |
|
495 |
static void |
|
496 |
zfs_ace_remove(zfs_acl_t *aclp, int slot) |
|
497 |
{ |
|
498 |
if (aclp->z_acl_count > 1) { |
|
499 |
(void) memmove(&aclp->z_acl[slot], |
|
500 |
&aclp->z_acl[slot +1], sizeof (ace_t) * |
|
501 |
(--aclp->z_acl_count - slot)); |
|
502 |
} else |
|
503 |
aclp->z_acl_count--; |
|
504 |
} |
|
505 |
||
506 |
/* |
|
507 |
* Update access mask for prepended ACE |
|
508 |
* |
|
509 |
* This applies the "groupmask" value for aclmode property. |
|
510 |
*/ |
|
511 |
static void |
|
512 |
zfs_acl_prepend_fixup(ace_t *acep, ace_t *origacep, mode_t mode, uid_t owner) |
|
513 |
{ |
|
514 |
||
515 |
int rmask, wmask, xmask; |
|
516 |
int user_ace; |
|
517 |
||
518 |
user_ace = (!(acep->a_flags & |
|
519 |
(ACE_OWNER|ACE_GROUP|ACE_IDENTIFIER_GROUP))); |
|
520 |
||
521 |
if (user_ace && (acep->a_who == owner)) { |
|
522 |
rmask = S_IRUSR; |
|
523 |
wmask = S_IWUSR; |
|
524 |
xmask = S_IXUSR; |
|
525 |
} else { |
|
526 |
rmask = S_IRGRP; |
|
527 |
wmask = S_IWGRP; |
|
528 |
xmask = S_IXGRP; |
|
529 |
} |
|
530 |
||
531 |
if (origacep->a_access_mask & ACE_READ_DATA) { |
|
532 |
if (mode & rmask) |
|
533 |
acep->a_access_mask &= ~ACE_READ_DATA; |
|
534 |
else |
|
535 |
acep->a_access_mask |= ACE_READ_DATA; |
|
536 |
} |
|
537 |
||
538 |
if (origacep->a_access_mask & ACE_WRITE_DATA) { |
|
539 |
if (mode & wmask) |
|
540 |
acep->a_access_mask &= ~ACE_WRITE_DATA; |
|
541 |
else |
|
542 |
acep->a_access_mask |= ACE_WRITE_DATA; |
|
543 |
} |
|
544 |
||
545 |
if (origacep->a_access_mask & ACE_APPEND_DATA) { |
|
546 |
if (mode & wmask) |
|
547 |
acep->a_access_mask &= ~ACE_APPEND_DATA; |
|
548 |
else |
|
549 |
acep->a_access_mask |= ACE_APPEND_DATA; |
|
550 |
} |
|
551 |
||
552 |
if (origacep->a_access_mask & ACE_EXECUTE) { |
|
553 |
if (mode & xmask) |
|
554 |
acep->a_access_mask &= ~ACE_EXECUTE; |
|
555 |
else |
|
556 |
acep->a_access_mask |= ACE_EXECUTE; |
|
557 |
} |
|
558 |
} |
|
559 |
||
560 |
/* |
|
561 |
* Apply mode to canonical six ACEs. |
|
562 |
*/ |
|
563 |
static void |
|
564 |
zfs_acl_fixup_canonical_six(zfs_acl_t *aclp, mode_t mode) |
|
565 |
{ |
|
566 |
int cnt; |
|
567 |
ace_t *acep; |
|
568 |
||
569 |
cnt = aclp->z_acl_count -1; |
|
570 |
acep = aclp->z_acl; |
|
571 |
||
572 |
/* |
|
573 |
* Fixup final ACEs to match the mode |
|
574 |
*/ |
|
575 |
||
576 |
ASSERT(cnt >= 5); |
|
577 |
adjust_ace_pair(&acep[cnt - 1], mode); /* everyone@ */ |
|
578 |
adjust_ace_pair(&acep[cnt - 3], (mode & 0070) >> 3); /* group@ */ |
|
579 |
adjust_ace_pair(&acep[cnt - 5], (mode & 0700) >> 6); /* owner@ */ |
|
580 |
} |
|
581 |
||
582 |
||
583 |
static int |
|
584 |
zfs_acl_ace_match(ace_t *acep, int allow_deny, int type, int mask) |
|
585 |
{ |
|
586 |
return (acep->a_access_mask == mask && acep->a_type == allow_deny && |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
587 |
((acep->a_flags & ACE_TYPE_FLAGS) == type)); |
789 | 588 |
} |
589 |
||
590 |
/* |
|
591 |
* Can prepended ACE be reused? |
|
592 |
*/ |
|
593 |
static int |
|
594 |
zfs_reuse_deny(ace_t *acep, int i) |
|
595 |
{ |
|
596 |
int okay_masks; |
|
597 |
||
598 |
if (i < 1) |
|
599 |
return (B_FALSE); |
|
600 |
||
601 |
if (acep[i-1].a_type != DENY) |
|
602 |
return (B_FALSE); |
|
603 |
||
604 |
if (acep[i-1].a_flags != (acep[i].a_flags & ACE_IDENTIFIER_GROUP)) |
|
605 |
return (B_FALSE); |
|
606 |
||
607 |
okay_masks = (acep[i].a_access_mask & OKAY_MASK_BITS); |
|
608 |
||
609 |
if (acep[i-1].a_access_mask & ~okay_masks) |
|
610 |
return (B_FALSE); |
|
611 |
||
612 |
return (B_TRUE); |
|
613 |
} |
|
614 |
||
615 |
/* |
|
616 |
* Create space to prepend an ACE |
|
617 |
*/ |
|
618 |
static void |
|
619 |
zfs_acl_prepend(zfs_acl_t *aclp, int i) |
|
620 |
{ |
|
621 |
ace_t *oldaclp = NULL; |
|
622 |
ace_t *to, *from; |
|
623 |
int slots_left = aclp->z_slots - aclp->z_acl_count; |
|
624 |
int oldslots; |
|
625 |
int need_free = 0; |
|
626 |
||
627 |
if (aclp->z_state == ACL_DATA_ALLOCED) |
|
628 |
ASSERT(aclp->z_slots >= aclp->z_acl_count); |
|
629 |
||
630 |
if (slots_left == 0 || aclp->z_state != ACL_DATA_ALLOCED) { |
|
631 |
||
632 |
to = kmem_alloc(ZFS_ACL_SIZE(aclp->z_acl_count + |
|
633 |
OGE_PAD), KM_SLEEP); |
|
634 |
if (aclp->z_state == ACL_DATA_ALLOCED) |
|
635 |
need_free++; |
|
636 |
from = aclp->z_acl; |
|
637 |
oldaclp = aclp->z_acl; |
|
638 |
(void) memmove(to, from, |
|
639 |
sizeof (ace_t) * aclp->z_acl_count); |
|
640 |
aclp->z_state = ACL_DATA_ALLOCED; |
|
641 |
} else { |
|
642 |
from = aclp->z_acl; |
|
643 |
to = aclp->z_acl; |
|
644 |
} |
|
645 |
||
646 |
||
647 |
(void) memmove(&to[i + 1], &from[i], |
|
648 |
sizeof (ace_t) * (aclp->z_acl_count - i)); |
|
649 |
||
650 |
if (oldaclp) { |
|
651 |
aclp->z_acl = to; |
|
652 |
oldslots = aclp->z_slots; |
|
653 |
aclp->z_slots = aclp->z_acl_count + OGE_PAD; |
|
654 |
if (need_free) |
|
655 |
kmem_free(oldaclp, ZFS_ACL_SIZE(oldslots)); |
|
656 |
} |
|
657 |
||
658 |
} |
|
659 |
||
660 |
/* |
|
661 |
* Prepend deny ACE |
|
662 |
*/ |
|
663 |
static void |
|
664 |
zfs_acl_prepend_deny(znode_t *zp, zfs_acl_t *aclp, int i, |
|
665 |
mode_t mode) |
|
666 |
{ |
|
667 |
ace_t *acep; |
|
668 |
||
669 |
zfs_acl_prepend(aclp, i); |
|
670 |
||
671 |
acep = aclp->z_acl; |
|
672 |
zfs_set_ace(&acep[i], 0, DENY, acep[i + 1].a_who, |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
673 |
(acep[i + 1].a_flags & ACE_TYPE_FLAGS)); |
789 | 674 |
zfs_acl_prepend_fixup(&acep[i], &acep[i+1], mode, zp->z_phys->zp_uid); |
675 |
aclp->z_acl_count++; |
|
676 |
} |
|
677 |
||
678 |
/* |
|
679 |
* Split an inherited ACE into inherit_only ACE |
|
680 |
* and original ACE with inheritance flags stripped off. |
|
681 |
*/ |
|
682 |
static void |
|
683 |
zfs_acl_split_ace(zfs_acl_t *aclp, int i) |
|
684 |
{ |
|
685 |
ace_t *acep = aclp->z_acl; |
|
686 |
||
687 |
zfs_acl_prepend(aclp, i); |
|
688 |
acep = aclp->z_acl; |
|
689 |
acep[i] = acep[i + 1]; |
|
690 |
acep[i].a_flags |= ACE_INHERIT_ONLY_ACE; |
|
691 |
acep[i + 1].a_flags &= ~ALL_INHERIT; |
|
692 |
aclp->z_acl_count++; |
|
693 |
} |
|
694 |
||
695 |
/* |
|
696 |
* Are ACES started at index i, the canonical six ACES? |
|
697 |
*/ |
|
698 |
static int |
|
699 |
zfs_have_canonical_six(zfs_acl_t *aclp, int i) |
|
700 |
{ |
|
701 |
ace_t *acep = aclp->z_acl; |
|
702 |
||
703 |
if ((zfs_acl_ace_match(&acep[i], |
|
704 |
DENY, ACE_OWNER, 0) && |
|
705 |
zfs_acl_ace_match(&acep[i + 1], ALLOW, ACE_OWNER, |
|
706 |
OWNER_ALLOW_MASK) && zfs_acl_ace_match(&acep[i + 2], |
|
707 |
DENY, OWNING_GROUP, 0) && zfs_acl_ace_match(&acep[i + 3], |
|
708 |
ALLOW, OWNING_GROUP, 0) && zfs_acl_ace_match(&acep[i + 4], |
|
709 |
DENY, ACE_EVERYONE, EVERYONE_DENY_MASK) && |
|
710 |
zfs_acl_ace_match(&acep[i + 5], ALLOW, ACE_EVERYONE, |
|
711 |
EVERYONE_ALLOW_MASK))) { |
|
712 |
return (1); |
|
713 |
} else { |
|
714 |
return (0); |
|
715 |
} |
|
716 |
} |
|
717 |
||
718 |
/* |
|
719 |
* Apply step 1g, to group entries |
|
720 |
* |
|
721 |
* Need to deal with corner case where group may have |
|
722 |
* greater permissions than owner. If so then limit |
|
723 |
* group permissions, based on what extra permissions |
|
724 |
* group has. |
|
725 |
*/ |
|
726 |
static void |
|
727 |
zfs_fixup_group_entries(ace_t *acep, mode_t mode) |
|
728 |
{ |
|
729 |
mode_t extramode = (mode >> 3) & 07; |
|
730 |
mode_t ownermode = (mode >> 6); |
|
731 |
||
732 |
if (acep[0].a_flags & ACE_IDENTIFIER_GROUP) { |
|
733 |
||
734 |
extramode &= ~ownermode; |
|
735 |
||
736 |
if (extramode) { |
|
737 |
if (extramode & 04) { |
|
738 |
acep[0].a_access_mask &= ~ACE_READ_DATA; |
|
739 |
acep[1].a_access_mask &= ~ACE_READ_DATA; |
|
740 |
} |
|
741 |
if (extramode & 02) { |
|
742 |
acep[0].a_access_mask &= |
|
743 |
~(ACE_WRITE_DATA|ACE_APPEND_DATA); |
|
744 |
acep[1].a_access_mask &= |
|
745 |
~(ACE_WRITE_DATA|ACE_APPEND_DATA); |
|
746 |
} |
|
747 |
if (extramode & 01) { |
|
748 |
acep[0].a_access_mask &= ~ACE_EXECUTE; |
|
749 |
acep[1].a_access_mask &= ~ACE_EXECUTE; |
|
750 |
} |
|
751 |
} |
|
752 |
} |
|
753 |
} |
|
754 |
||
755 |
/* |
|
756 |
* Apply the chmod algorithm as described |
|
757 |
* in PSARC/2002/240 |
|
758 |
*/ |
|
759 |
static int |
|
760 |
zfs_acl_chmod(znode_t *zp, uint64_t mode, zfs_acl_t *aclp, |
|
761 |
dmu_tx_t *tx) |
|
762 |
{ |
|
763 |
zfsvfs_t *zfsvfs = zp->z_zfsvfs; |
|
764 |
ace_t *acep; |
|
765 |
int i; |
|
766 |
int error; |
|
767 |
int entry_type; |
|
768 |
int reuse_deny; |
|
769 |
int need_canonical_six = 1; |
|
905
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
770 |
int inherit = 0; |
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
771 |
int iflags; |
789 | 772 |
|
773 |
ASSERT(MUTEX_HELD(&zp->z_acl_lock)); |
|
774 |
ASSERT(MUTEX_HELD(&zp->z_lock)); |
|
775 |
||
776 |
i = 0; |
|
777 |
while (i < aclp->z_acl_count) { |
|
778 |
acep = aclp->z_acl; |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
779 |
entry_type = (acep[i].a_flags & ACE_TYPE_FLAGS); |
905
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
780 |
iflags = (acep[i].a_flags & ALL_INHERIT); |
789 | 781 |
|
782 |
if ((acep[i].a_type != ALLOW && acep[i].a_type != DENY) || |
|
905
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
783 |
(iflags & ACE_INHERIT_ONLY_ACE)) { |
789 | 784 |
i++; |
905
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
785 |
if (iflags) |
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
786 |
inherit = 1; |
789 | 787 |
continue; |
788 |
} |
|
789 |
||
790 |
||
791 |
if (zfsvfs->z_acl_mode == DISCARD) { |
|
792 |
zfs_ace_remove(aclp, i); |
|
793 |
continue; |
|
794 |
} |
|
795 |
||
796 |
/* |
|
797 |
* Need to split ace into two? |
|
798 |
*/ |
|
905
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
799 |
if ((iflags & (ACE_FILE_INHERIT_ACE| |
789 | 800 |
ACE_DIRECTORY_INHERIT_ACE)) && |
905
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
801 |
(!(iflags & ACE_INHERIT_ONLY_ACE))) { |
789 | 802 |
zfs_acl_split_ace(aclp, i); |
803 |
i++; |
|
905
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
804 |
inherit = 1; |
789 | 805 |
continue; |
806 |
} |
|
807 |
||
808 |
if (entry_type == ACE_OWNER || entry_type == ACE_EVERYONE || |
|
809 |
(entry_type == OWNING_GROUP)) { |
|
810 |
acep[i].a_access_mask &= ~OGE_CLEAR; |
|
811 |
i++; |
|
812 |
continue; |
|
813 |
||
814 |
} else { |
|
815 |
if (acep[i].a_type == ALLOW) { |
|
816 |
||
817 |
/* |
|
818 |
* Check preceding ACE if any, to see |
|
819 |
* if we need to prepend a DENY ACE. |
|
820 |
* This is only applicable when the acl_mode |
|
821 |
* property == groupmask. |
|
822 |
*/ |
|
823 |
if (zfsvfs->z_acl_mode == GROUPMASK) { |
|
824 |
||
825 |
reuse_deny = zfs_reuse_deny(acep, i); |
|
826 |
||
827 |
if (reuse_deny == B_FALSE) { |
|
828 |
zfs_acl_prepend_deny(zp, aclp, |
|
829 |
i, mode); |
|
830 |
i++; |
|
831 |
acep = aclp->z_acl; |
|
832 |
} else { |
|
833 |
zfs_acl_prepend_fixup( |
|
834 |
&acep[i - 1], |
|
835 |
&acep[i], mode, |
|
836 |
zp->z_phys->zp_uid); |
|
837 |
} |
|
838 |
zfs_fixup_group_entries(&acep[i - 1], |
|
839 |
mode); |
|
840 |
} |
|
841 |
} |
|
842 |
i++; |
|
843 |
} |
|
844 |
} |
|
845 |
||
846 |
/* |
|
847 |
* Check out last six aces, if we have six. |
|
848 |
*/ |
|
849 |
||
850 |
if (aclp->z_acl_count >= 6) { |
|
851 |
i = aclp->z_acl_count - 6; |
|
852 |
||
853 |
if (zfs_have_canonical_six(aclp, i)) { |
|
854 |
need_canonical_six = 0; |
|
855 |
} |
|
856 |
} |
|
857 |
||
858 |
if (need_canonical_six) { |
|
859 |
||
860 |
zfs_acl_append(aclp, 6); |
|
861 |
i = aclp->z_acl_count; |
|
862 |
acep = aclp->z_acl; |
|
863 |
zfs_set_ace(&acep[i++], 0, DENY, -1, ACE_OWNER); |
|
864 |
zfs_set_ace(&acep[i++], OWNER_ALLOW_MASK, ALLOW, -1, ACE_OWNER); |
|
865 |
zfs_set_ace(&acep[i++], 0, DENY, -1, OWNING_GROUP); |
|
866 |
zfs_set_ace(&acep[i++], 0, ALLOW, -1, OWNING_GROUP); |
|
867 |
zfs_set_ace(&acep[i++], EVERYONE_DENY_MASK, |
|
868 |
DENY, -1, ACE_EVERYONE); |
|
869 |
zfs_set_ace(&acep[i++], EVERYONE_ALLOW_MASK, |
|
870 |
ALLOW, -1, ACE_EVERYONE); |
|
871 |
aclp->z_acl_count += 6; |
|
872 |
} |
|
873 |
||
874 |
zfs_acl_fixup_canonical_six(aclp, mode); |
|
875 |
||
876 |
zp->z_phys->zp_mode = mode; |
|
905
920e9b2e0899
6347134 zfs_zaccess() is killing ZFS stat() performance
marks
parents:
865
diff
changeset
|
877 |
error = zfs_aclset_common(zp, aclp, tx, &inherit); |
789 | 878 |
return (error); |
879 |
} |
|
880 |
||
881 |
||
882 |
int |
|
883 |
zfs_acl_chmod_setattr(znode_t *zp, uint64_t mode, dmu_tx_t *tx) |
|
884 |
{ |
|
1544 | 885 |
zfs_acl_t *aclp = NULL; |
789 | 886 |
int error; |
887 |
||
888 |
ASSERT(MUTEX_HELD(&zp->z_lock)); |
|
889 |
mutex_enter(&zp->z_acl_lock); |
|
1544 | 890 |
error = zfs_acl_node_read(zp, &aclp); |
891 |
if (error == 0) |
|
892 |
error = zfs_acl_chmod(zp, mode, aclp, tx); |
|
789 | 893 |
mutex_exit(&zp->z_acl_lock); |
1544 | 894 |
if (aclp) |
895 |
zfs_acl_free(aclp); |
|
789 | 896 |
return (error); |
897 |
} |
|
898 |
||
899 |
/* |
|
900 |
* strip off write_owner and write_acl |
|
901 |
*/ |
|
902 |
static void |
|
903 |
zfs_securemode_update(zfsvfs_t *zfsvfs, ace_t *acep) |
|
904 |
{ |
|
905 |
if ((zfsvfs->z_acl_inherit == SECURE) && |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
906 |
(acep->a_type == ALLOW)) |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
907 |
acep->a_access_mask &= ~SECURE_CLEAR; |
789 | 908 |
} |
909 |
||
910 |
/* |
|
911 |
* inherit inheritable ACEs from parent |
|
912 |
*/ |
|
913 |
static zfs_acl_t * |
|
914 |
zfs_acl_inherit(znode_t *zp, zfs_acl_t *paclp) |
|
915 |
{ |
|
916 |
zfsvfs_t *zfsvfs = zp->z_zfsvfs; |
|
917 |
ace_t *pacep; |
|
918 |
ace_t *acep; |
|
919 |
int ace_cnt = 0; |
|
920 |
int pace_cnt; |
|
921 |
int i, j; |
|
922 |
zfs_acl_t *aclp = NULL; |
|
923 |
||
924 |
i = j = 0; |
|
925 |
pace_cnt = paclp->z_acl_count; |
|
926 |
pacep = paclp->z_acl; |
|
927 |
if (zfsvfs->z_acl_inherit != DISCARD) { |
|
928 |
for (i = 0; i != pace_cnt; i++) { |
|
929 |
||
930 |
if (zfsvfs->z_acl_inherit == NOALLOW && |
|
931 |
pacep[i].a_type == ALLOW) |
|
932 |
continue; |
|
933 |
||
934 |
if (zfs_ace_can_use(zp, &pacep[i])) { |
|
935 |
ace_cnt++; |
|
936 |
if (!(pacep[i].a_flags & |
|
937 |
ACE_NO_PROPAGATE_INHERIT_ACE)) |
|
938 |
ace_cnt++; |
|
939 |
} |
|
940 |
} |
|
941 |
} |
|
942 |
||
943 |
aclp = zfs_acl_alloc(ace_cnt + OGE_PAD); |
|
944 |
if (ace_cnt && zfsvfs->z_acl_inherit != DISCARD) { |
|
945 |
acep = aclp->z_acl; |
|
946 |
pacep = paclp->z_acl; |
|
947 |
for (i = 0; i != pace_cnt; i++) { |
|
948 |
||
949 |
if (zfsvfs->z_acl_inherit == NOALLOW && |
|
950 |
pacep[i].a_type == ALLOW) |
|
951 |
continue; |
|
952 |
||
953 |
if (zfs_ace_can_use(zp, &pacep[i])) { |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
954 |
|
789 | 955 |
/* |
956 |
* Now create entry for inherited ace |
|
957 |
*/ |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
958 |
|
789 | 959 |
acep[j] = pacep[i]; |
960 |
||
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
961 |
/* |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
962 |
* When AUDIT/ALARM a_types are supported |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
963 |
* they should be inherited here. |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
964 |
*/ |
789 | 965 |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
966 |
if ((pacep[i].a_flags & |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
967 |
ACE_NO_PROPAGATE_INHERIT_ACE) || |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
968 |
(ZTOV(zp)->v_type != VDIR)) { |
789 | 969 |
acep[j].a_flags &= ~ALL_INHERIT; |
970 |
zfs_securemode_update(zfsvfs, &acep[j]); |
|
971 |
j++; |
|
972 |
continue; |
|
973 |
} |
|
974 |
||
975 |
ASSERT(ZTOV(zp)->v_type == VDIR); |
|
976 |
||
977 |
/* |
|
978 |
* If we are inheriting an ACE targeted for |
|
865
4223fbdac5f3
6344681 chmod file_inherit should not added the specified ACE to new create subdirectores.
marks
parents:
789
diff
changeset
|
979 |
* only files, then make sure inherit_only |
4223fbdac5f3
6344681 chmod file_inherit should not added the specified ACE to new create subdirectores.
marks
parents:
789
diff
changeset
|
980 |
* is on for future propagation. |
789 | 981 |
*/ |
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
982 |
if ((pacep[i].a_flags & (ACE_FILE_INHERIT_ACE | |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
983 |
ACE_DIRECTORY_INHERIT_ACE)) != |
865
4223fbdac5f3
6344681 chmod file_inherit should not added the specified ACE to new create subdirectores.
marks
parents:
789
diff
changeset
|
984 |
ACE_FILE_INHERIT_ACE) { |
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
985 |
j++; |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
986 |
acep[j] = acep[j-1]; |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
987 |
acep[j-1].a_flags |= |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
988 |
ACE_INHERIT_ONLY_ACE; |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
989 |
acep[j].a_flags &= ~ALL_INHERIT; |
865
4223fbdac5f3
6344681 chmod file_inherit should not added the specified ACE to new create subdirectores.
marks
parents:
789
diff
changeset
|
990 |
} else { |
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
991 |
acep[j].a_flags |= ACE_INHERIT_ONLY_ACE; |
865
4223fbdac5f3
6344681 chmod file_inherit should not added the specified ACE to new create subdirectores.
marks
parents:
789
diff
changeset
|
992 |
} |
789 | 993 |
zfs_securemode_update(zfsvfs, &acep[j]); |
994 |
j++; |
|
995 |
} |
|
996 |
} |
|
997 |
} |
|
998 |
aclp->z_acl_count = j; |
|
999 |
ASSERT(aclp->z_slots >= aclp->z_acl_count); |
|
1000 |
||
1001 |
return (aclp); |
|
1002 |
} |
|
1003 |
||
1004 |
/* |
|
1005 |
* Create file system object initial permissions |
|
1006 |
* including inheritable ACEs. |
|
1007 |
*/ |
|
1008 |
void |
|
1009 |
zfs_perm_init(znode_t *zp, znode_t *parent, int flag, |
|
1010 |
vattr_t *vap, dmu_tx_t *tx, cred_t *cr) |
|
1011 |
{ |
|
1012 |
uint64_t mode; |
|
1013 |
uid_t uid; |
|
1014 |
gid_t gid; |
|
1015 |
int error; |
|
1016 |
int pull_down; |
|
1017 |
zfs_acl_t *aclp, *paclp; |
|
1018 |
||
1019 |
mode = MAKEIMODE(vap->va_type, vap->va_mode); |
|
1020 |
||
1021 |
/* |
|
1022 |
* Determine uid and gid. |
|
1023 |
*/ |
|
1024 |
if ((flag & (IS_ROOT_NODE | IS_REPLAY)) || |
|
1025 |
((flag & IS_XATTR) && (vap->va_type == VDIR))) { |
|
1026 |
uid = vap->va_uid; |
|
1027 |
gid = vap->va_gid; |
|
1028 |
} else { |
|
1029 |
uid = crgetuid(cr); |
|
1030 |
if ((vap->va_mask & AT_GID) && |
|
1031 |
((vap->va_gid == parent->z_phys->zp_gid) || |
|
1032 |
groupmember(vap->va_gid, cr) || |
|
2058
40d3788a5679
6362990 server returns OK on NVERIFY of maxlink/maxfilesize with NFSv4/ZFS
xs154138
parents:
1576
diff
changeset
|
1033 |
secpolicy_vnode_create_gid(cr) == 0)) |
789 | 1034 |
gid = vap->va_gid; |
1035 |
else |
|
1036 |
gid = (parent->z_phys->zp_mode & S_ISGID) ? |
|
1037 |
parent->z_phys->zp_gid : crgetgid(cr); |
|
1038 |
} |
|
1039 |
||
1040 |
/* |
|
1041 |
* If we're creating a directory, and the parent directory has the |
|
1042 |
* set-GID bit set, set in on the new directory. |
|
1043 |
* Otherwise, if the user is neither privileged nor a member of the |
|
1044 |
* file's new group, clear the file's set-GID bit. |
|
1045 |
*/ |
|
1046 |
||
1047 |
if ((parent->z_phys->zp_mode & S_ISGID) && (vap->va_type == VDIR)) |
|
1048 |
mode |= S_ISGID; |
|
1049 |
else { |
|
1050 |
if ((mode & S_ISGID) && |
|
1051 |
secpolicy_vnode_setids_setgids(cr, gid) != 0) |
|
1052 |
mode &= ~S_ISGID; |
|
1053 |
} |
|
1054 |
||
1055 |
zp->z_phys->zp_uid = uid; |
|
1056 |
zp->z_phys->zp_gid = gid; |
|
1057 |
zp->z_phys->zp_mode = mode; |
|
1058 |
||
1059 |
mutex_enter(&parent->z_lock); |
|
1060 |
pull_down = (parent->z_phys->zp_flags & ZFS_INHERIT_ACE); |
|
1061 |
if (pull_down) { |
|
1062 |
mutex_enter(&parent->z_acl_lock); |
|
1544 | 1063 |
VERIFY(0 == zfs_acl_node_read(parent, &paclp)); |
789 | 1064 |
mutex_exit(&parent->z_acl_lock); |
1065 |
aclp = zfs_acl_inherit(zp, paclp); |
|
1066 |
zfs_acl_free(paclp); |
|
1067 |
} else { |
|
1068 |
aclp = zfs_acl_alloc(6); |
|
1069 |
} |
|
1070 |
mutex_exit(&parent->z_lock); |
|
1071 |
mutex_enter(&zp->z_lock); |
|
1072 |
mutex_enter(&zp->z_acl_lock); |
|
1073 |
error = zfs_acl_chmod(zp, mode, aclp, tx); |
|
1074 |
mutex_exit(&zp->z_lock); |
|
1075 |
mutex_exit(&zp->z_acl_lock); |
|
1076 |
ASSERT3U(error, ==, 0); |
|
1077 |
zfs_acl_free(aclp); |
|
1078 |
} |
|
1079 |
||
1080 |
/* |
|
975
f1c1d0819d85
6350871 chmod doesn't work correctly when creating a directory and inheriting file_inherit/no_propagate.
marks
parents:
905
diff
changeset
|
1081 |
* Should ACE be inherited? |
789 | 1082 |
*/ |
1083 |
static int |
|
1084 |
zfs_ace_can_use(znode_t *zp, ace_t *acep) |
|
1085 |
{ |
|
1086 |
int vtype = ZTOV(zp)->v_type; |
|
1087 |
||
1088 |
int iflags = (acep->a_flags & 0xf); |
|
1089 |
||
1090 |
if ((vtype == VDIR) && (iflags & ACE_DIRECTORY_INHERIT_ACE)) |
|
1091 |
return (1); |
|
1092 |
else if (iflags & ACE_FILE_INHERIT_ACE) |
|
975
f1c1d0819d85
6350871 chmod doesn't work correctly when creating a directory and inheriting file_inherit/no_propagate.
marks
parents:
905
diff
changeset
|
1093 |
return (!((vtype == VDIR) && |
f1c1d0819d85
6350871 chmod doesn't work correctly when creating a directory and inheriting file_inherit/no_propagate.
marks
parents:
905
diff
changeset
|
1094 |
(iflags & ACE_NO_PROPAGATE_INHERIT_ACE))); |
789 | 1095 |
return (0); |
1096 |
} |
|
1097 |
||
1098 |
/* |
|
1099 |
* Retrieve a files ACL |
|
1100 |
*/ |
|
1101 |
int |
|
1102 |
zfs_getacl(znode_t *zp, vsecattr_t *vsecp, cred_t *cr) |
|
1103 |
{ |
|
1104 |
zfs_acl_t *aclp; |
|
1105 |
ulong_t mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT); |
|
1106 |
int error; |
|
1107 |
||
1108 |
if (error = zfs_zaccess(zp, ACE_READ_ACL, cr)) { |
|
1109 |
/* |
|
1110 |
* If owner of file then allow reading of the |
|
1111 |
* ACL. |
|
1112 |
*/ |
|
1113 |
if (crgetuid(cr) != zp->z_phys->zp_uid) |
|
1114 |
return (error); |
|
1115 |
} |
|
1116 |
||
1117 |
if (mask == 0) |
|
1118 |
return (ENOSYS); |
|
1119 |
||
1120 |
mutex_enter(&zp->z_acl_lock); |
|
1121 |
||
1544 | 1122 |
error = zfs_acl_node_read(zp, &aclp); |
1123 |
if (error != 0) { |
|
1124 |
mutex_exit(&zp->z_acl_lock); |
|
1125 |
return (error); |
|
1126 |
} |
|
1127 |
||
789 | 1128 |
|
1129 |
if (mask & VSA_ACECNT) { |
|
1130 |
vsecp->vsa_aclcnt = aclp->z_acl_count; |
|
1131 |
} |
|
1132 |
||
1133 |
if (mask & VSA_ACE) { |
|
1134 |
vsecp->vsa_aclentp = kmem_alloc(aclp->z_acl_count * |
|
1135 |
sizeof (ace_t), KM_SLEEP); |
|
1136 |
bcopy(aclp->z_acl, vsecp->vsa_aclentp, |
|
1137 |
aclp->z_acl_count * sizeof (ace_t)); |
|
1138 |
} |
|
1139 |
||
1140 |
mutex_exit(&zp->z_acl_lock); |
|
1141 |
||
1142 |
zfs_acl_free(aclp); |
|
1143 |
||
1144 |
return (0); |
|
1145 |
} |
|
1146 |
||
1147 |
/* |
|
1148 |
* Set a files ACL |
|
1149 |
*/ |
|
1150 |
int |
|
1151 |
zfs_setacl(znode_t *zp, vsecattr_t *vsecp, cred_t *cr) |
|
1152 |
{ |
|
1153 |
zfsvfs_t *zfsvfs = zp->z_zfsvfs; |
|
1154 |
zilog_t *zilog = zfsvfs->z_log; |
|
1155 |
ace_t *acep = vsecp->vsa_aclentp; |
|
1156 |
int aclcnt = vsecp->vsa_aclcnt; |
|
1157 |
ulong_t mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT); |
|
1158 |
dmu_tx_t *tx; |
|
1159 |
int error; |
|
1160 |
int inherit; |
|
1161 |
zfs_acl_t *aclp; |
|
1162 |
uint64_t seq = 0; |
|
1163 |
||
1164 |
if (mask == 0) |
|
1165 |
return (EINVAL); |
|
1166 |
||
1167 |
if (!zfs_acl_valid(zp, acep, aclcnt, &inherit)) |
|
1168 |
return (EINVAL); |
|
1169 |
top: |
|
1170 |
error = zfs_zaccess_v4_perm(zp, ACE_WRITE_ACL, cr); |
|
1171 |
if (error == EACCES || error == ACCESS_UNDETERMINED) { |
|
1172 |
if ((error = secpolicy_vnode_setdac(cr, |
|
1173 |
zp->z_phys->zp_uid)) != 0) { |
|
1174 |
return (error); |
|
1175 |
} |
|
1176 |
} else if (error) { |
|
1177 |
return (error == EROFS ? error : EPERM); |
|
1178 |
} |
|
1179 |
||
1180 |
mutex_enter(&zp->z_lock); |
|
1181 |
mutex_enter(&zp->z_acl_lock); |
|
1182 |
||
1183 |
tx = dmu_tx_create(zfsvfs->z_os); |
|
1184 |
dmu_tx_hold_bonus(tx, zp->z_id); |
|
1185 |
||
1186 |
if (zp->z_phys->zp_acl.z_acl_extern_obj) { |
|
1187 |
dmu_tx_hold_write(tx, zp->z_phys->zp_acl.z_acl_extern_obj, |
|
1188 |
0, ZFS_ACL_SIZE(aclcnt)); |
|
1189 |
} else if (aclcnt > ACE_SLOT_CNT) { |
|
1190 |
dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, ZFS_ACL_SIZE(aclcnt)); |
|
1191 |
} |
|
1192 |
||
1193 |
error = dmu_tx_assign(tx, zfsvfs->z_assign); |
|
1194 |
if (error) { |
|
1195 |
mutex_exit(&zp->z_acl_lock); |
|
1196 |
mutex_exit(&zp->z_lock); |
|
1197 |
||
1198 |
if (error == ERESTART && zfsvfs->z_assign == TXG_NOWAIT) { |
|
2113
0510bb40c993
6430121 3-way deadlock involving tc_lock within zfs
ahrens
parents:
2058
diff
changeset
|
1199 |
dmu_tx_wait(tx); |
0510bb40c993
6430121 3-way deadlock involving tc_lock within zfs
ahrens
parents:
2058
diff
changeset
|
1200 |
dmu_tx_abort(tx); |
789 | 1201 |
goto top; |
1202 |
} |
|
2113
0510bb40c993
6430121 3-way deadlock involving tc_lock within zfs
ahrens
parents:
2058
diff
changeset
|
1203 |
dmu_tx_abort(tx); |
789 | 1204 |
return (error); |
1205 |
} |
|
1206 |
||
1207 |
aclp = zfs_acl_alloc(aclcnt); |
|
1208 |
bcopy(acep, aclp->z_acl, sizeof (ace_t) * aclcnt); |
|
1209 |
aclp->z_acl_count = aclcnt; |
|
1210 |
error = zfs_aclset_common(zp, aclp, tx, &inherit); |
|
1211 |
ASSERT(error == 0); |
|
1212 |
||
1213 |
zfs_acl_free(aclp); |
|
1214 |
seq = zfs_log_acl(zilog, tx, TX_ACL, zp, aclcnt, acep); |
|
1215 |
dmu_tx_commit(tx); |
|
1216 |
done: |
|
1217 |
mutex_exit(&zp->z_acl_lock); |
|
1218 |
mutex_exit(&zp->z_lock); |
|
1219 |
||
1220 |
zil_commit(zilog, seq, 0); |
|
1221 |
||
1222 |
return (error); |
|
1223 |
} |
|
1224 |
||
1225 |
static int |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1226 |
zfs_ace_access(ace_t *zacep, int *working_mode) |
789 | 1227 |
{ |
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1228 |
if (*working_mode == 0) { |
789 | 1229 |
return (0); |
1230 |
} |
|
1231 |
||
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1232 |
if (zacep->a_access_mask & *working_mode) { |
789 | 1233 |
if (zacep->a_type == ALLOW) { |
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1234 |
*working_mode &= |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1235 |
~(*working_mode & zacep->a_access_mask); |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1236 |
if (*working_mode == 0) |
789 | 1237 |
return (0); |
1238 |
} else if (zacep->a_type == DENY) { |
|
1239 |
return (EACCES); |
|
1240 |
} |
|
1241 |
} |
|
1242 |
||
1243 |
/* |
|
1244 |
* haven't been specifcally denied at this point |
|
1245 |
* so return UNDETERMINED. |
|
1246 |
*/ |
|
1247 |
||
1248 |
return (ACCESS_UNDETERMINED); |
|
1249 |
} |
|
1250 |
||
1251 |
||
1252 |
static int |
|
1253 |
zfs_zaccess_common(znode_t *zp, int v4_mode, int *working_mode, cred_t *cr) |
|
1254 |
{ |
|
1255 |
zfs_acl_t *aclp; |
|
1256 |
zfsvfs_t *zfsvfs = zp->z_zfsvfs; |
|
1257 |
ace_t *zacep; |
|
1258 |
gid_t gid; |
|
1259 |
int cnt; |
|
1260 |
int i; |
|
1544 | 1261 |
int error; |
789 | 1262 |
int access_deny = ACCESS_UNDETERMINED; |
1263 |
uint_t entry_type; |
|
1264 |
uid_t uid = crgetuid(cr); |
|
1265 |
||
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1266 |
*working_mode = v4_mode; |
789 | 1267 |
|
1268 |
if (zfsvfs->z_assign >= TXG_INITIAL) /* ZIL replay */ |
|
1269 |
return (0); |
|
1270 |
||
1271 |
if ((v4_mode & WRITE_MASK) && |
|
1272 |
(zp->z_zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) && |
|
1273 |
(!IS_DEVVP(ZTOV(zp)))) { |
|
1274 |
return (EROFS); |
|
1275 |
} |
|
1276 |
||
1277 |
mutex_enter(&zp->z_acl_lock); |
|
1278 |
||
1544 | 1279 |
error = zfs_acl_node_read(zp, &aclp); |
1280 |
if (error != 0) { |
|
1281 |
mutex_exit(&zp->z_acl_lock); |
|
1282 |
return (error); |
|
1283 |
} |
|
1284 |
||
789 | 1285 |
|
1286 |
zacep = aclp->z_acl; |
|
1287 |
cnt = aclp->z_acl_count; |
|
1288 |
||
1289 |
for (i = 0; i != cnt; i++) { |
|
1290 |
||
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1291 |
DTRACE_PROBE2(zfs__access__common, |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1292 |
ace_t *, &zacep[i], int, *working_mode); |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1293 |
|
789 | 1294 |
if (zacep[i].a_flags & ACE_INHERIT_ONLY_ACE) |
1295 |
continue; |
|
1296 |
||
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1297 |
entry_type = (zacep[i].a_flags & ACE_TYPE_FLAGS); |
789 | 1298 |
switch (entry_type) { |
1299 |
case ACE_OWNER: |
|
1300 |
if (uid == zp->z_phys->zp_uid) { |
|
1301 |
access_deny = zfs_ace_access(&zacep[i], |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1302 |
working_mode); |
789 | 1303 |
} |
1304 |
break; |
|
1305 |
case (ACE_IDENTIFIER_GROUP | ACE_GROUP): |
|
1306 |
case ACE_IDENTIFIER_GROUP: |
|
1307 |
/* |
|
1308 |
* Owning group gid is in znode not ACL |
|
1309 |
*/ |
|
1310 |
if (entry_type == (ACE_IDENTIFIER_GROUP | ACE_GROUP)) |
|
1311 |
gid = zp->z_phys->zp_gid; |
|
1312 |
else |
|
1313 |
gid = zacep[i].a_who; |
|
1314 |
||
1315 |
if (groupmember(gid, cr)) { |
|
1316 |
access_deny = zfs_ace_access(&zacep[i], |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1317 |
working_mode); |
789 | 1318 |
} |
1319 |
break; |
|
1320 |
case ACE_EVERYONE: |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1321 |
access_deny = zfs_ace_access(&zacep[i], working_mode); |
789 | 1322 |
break; |
1323 |
||
1324 |
/* USER Entry */ |
|
1325 |
default: |
|
1326 |
if (entry_type == 0) { |
|
1327 |
if (uid == zacep[i].a_who) { |
|
1328 |
access_deny = zfs_ace_access(&zacep[i], |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1329 |
working_mode); |
789 | 1330 |
} |
1331 |
break; |
|
1332 |
} |
|
1333 |
zfs_acl_free(aclp); |
|
1334 |
mutex_exit(&zp->z_acl_lock); |
|
1335 |
return (EIO); |
|
1336 |
} |
|
1337 |
||
1338 |
if (access_deny != ACCESS_UNDETERMINED) |
|
1339 |
break; |
|
1340 |
} |
|
1341 |
||
1342 |
mutex_exit(&zp->z_acl_lock); |
|
1343 |
zfs_acl_free(aclp); |
|
1344 |
||
1345 |
return (access_deny); |
|
1346 |
} |
|
1347 |
||
1348 |
||
1349 |
/* |
|
1350 |
* Determine whether Access should be granted/denied, invoking least |
|
1351 |
* priv subsytem when a deny is determined. |
|
1352 |
*/ |
|
1353 |
int |
|
1354 |
zfs_zaccess(znode_t *zp, int mode, cred_t *cr) |
|
1355 |
{ |
|
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1356 |
int working_mode; |
789 | 1357 |
int error; |
1358 |
int is_attr; |
|
1359 |
znode_t *xzp; |
|
1360 |
znode_t *check_zp = zp; |
|
1361 |
||
1362 |
is_attr = ((zp->z_phys->zp_flags & ZFS_XATTR) && |
|
1363 |
(ZTOV(zp)->v_type == VDIR)); |
|
1364 |
||
1365 |
/* |
|
1366 |
* If attribute then validate against base file |
|
1367 |
*/ |
|
1368 |
if (is_attr) { |
|
1369 |
if ((error = zfs_zget(zp->z_zfsvfs, |
|
1370 |
zp->z_phys->zp_parent, &xzp)) != 0) { |
|
1371 |
return (error); |
|
1372 |
} |
|
1373 |
check_zp = xzp; |
|
1374 |
/* |
|
1375 |
* fixup mode to map to xattr perms |
|
1376 |
*/ |
|
1377 |
||
1378 |
if (mode & (ACE_WRITE_DATA|ACE_APPEND_DATA)) { |
|
1379 |
mode &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA); |
|
1380 |
mode |= ACE_WRITE_NAMED_ATTRS; |
|
1381 |
} |
|
1382 |
||
1383 |
if (mode & (ACE_READ_DATA|ACE_EXECUTE)) { |
|
1384 |
mode &= ~(ACE_READ_DATA|ACE_EXECUTE); |
|
1385 |
mode |= ACE_READ_NAMED_ATTRS; |
|
1386 |
} |
|
1387 |
} |
|
1388 |
||
1389 |
error = zfs_zaccess_common(check_zp, mode, &working_mode, cr); |
|
1390 |
||
1391 |
if (error == EROFS) { |
|
1392 |
if (is_attr) |
|
1393 |
VN_RELE(ZTOV(xzp)); |
|
1394 |
return (error); |
|
1395 |
} |
|
1396 |
||
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1397 |
if (error || working_mode) { |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1398 |
working_mode = (zfs_v4_to_unix(working_mode) << 6); |
789 | 1399 |
error = secpolicy_vnode_access(cr, ZTOV(check_zp), |
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1400 |
check_zp->z_phys->zp_uid, working_mode); |
789 | 1401 |
} |
1402 |
||
1403 |
if (is_attr) |
|
1404 |
VN_RELE(ZTOV(xzp)); |
|
1405 |
||
1406 |
return (error); |
|
1407 |
} |
|
1408 |
||
1409 |
/* |
|
1410 |
* Special zaccess function to check for special nfsv4 perm. |
|
1411 |
* doesn't call secpolicy_vnode_access() for failure, since that |
|
1412 |
* would probably be the wrong policy function to call. |
|
1413 |
* instead its up to the caller to handle that situation. |
|
1414 |
*/ |
|
1415 |
||
1416 |
int |
|
1417 |
zfs_zaccess_v4_perm(znode_t *zp, int mode, cred_t *cr) |
|
1418 |
{ |
|
1419 |
int working_mode = 0; |
|
1420 |
return (zfs_zaccess_common(zp, mode, &working_mode, cr)); |
|
1421 |
} |
|
1422 |
||
1423 |
/* |
|
1424 |
* Translate tradition unix VREAD/VWRITE/VEXEC mode into |
|
1425 |
* native ACL format and call zfs_zaccess() |
|
1426 |
*/ |
|
1427 |
int |
|
1428 |
zfs_zaccess_rwx(znode_t *zp, mode_t mode, cred_t *cr) |
|
1429 |
{ |
|
1430 |
int v4_mode = zfs_unix_to_v4(mode >> 6); |
|
1431 |
||
1432 |
return (zfs_zaccess(zp, v4_mode, cr)); |
|
1433 |
} |
|
1434 |
||
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1435 |
static int |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1436 |
zfs_delete_final_check(znode_t *zp, znode_t *dzp, cred_t *cr) |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1437 |
{ |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1438 |
int error; |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1439 |
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1440 |
error = secpolicy_vnode_access(cr, ZTOV(zp), |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1441 |
dzp->z_phys->zp_uid, S_IWRITE|S_IEXEC); |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1442 |
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1443 |
if (error == 0) |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1444 |
error = zfs_sticky_remove_access(dzp, zp, cr); |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1445 |
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1446 |
return (error); |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1447 |
} |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1448 |
|
789 | 1449 |
/* |
1450 |
* Determine whether Access should be granted/deny, without |
|
1451 |
* consulting least priv subsystem. |
|
1452 |
* |
|
1453 |
* |
|
1454 |
* The following chart is the recommended NFSv4 enforcement for |
|
1455 |
* ability to delete an object. |
|
1456 |
* |
|
1457 |
* ------------------------------------------------------- |
|
1458 |
* | Parent Dir | Target Object Permissions | |
|
1459 |
* | permissions | | |
|
1460 |
* ------------------------------------------------------- |
|
1461 |
* | | ACL Allows | ACL Denies| Delete | |
|
1462 |
* | | Delete | Delete | unspecified| |
|
1463 |
* ------------------------------------------------------- |
|
1464 |
* | ACL Allows | Permit | Permit | Permit | |
|
1465 |
* | DELETE_CHILD | | |
|
1466 |
* ------------------------------------------------------- |
|
1467 |
* | ACL Denies | Permit | Deny | Deny | |
|
1468 |
* | DELETE_CHILD | | | | |
|
1469 |
* ------------------------------------------------------- |
|
1470 |
* | ACL specifies | | | | |
|
1471 |
* | only allow | Permit | Permit | Permit | |
|
1472 |
* | write and | | | | |
|
1473 |
* | execute | | | | |
|
1474 |
* ------------------------------------------------------- |
|
1475 |
* | ACL denies | | | | |
|
1476 |
* | write and | Permit | Deny | Deny | |
|
1477 |
* | execute | | | | |
|
1478 |
* ------------------------------------------------------- |
|
1479 |
* ^ |
|
1480 |
* | |
|
1481 |
* No search privilege, can't even look up file? |
|
1482 |
* |
|
1483 |
*/ |
|
1484 |
int |
|
1485 |
zfs_zaccess_delete(znode_t *dzp, znode_t *zp, cred_t *cr) |
|
1486 |
{ |
|
1487 |
int dzp_working_mode = 0; |
|
1488 |
int zp_working_mode = 0; |
|
1489 |
int dzp_error, zp_error; |
|
1490 |
||
1491 |
/* |
|
1492 |
* Arghh, this check is going to require a couple of questions |
|
1493 |
* to be asked. We want specific DELETE permissions to |
|
1494 |
* take precedence over WRITE/EXECUTE. We don't |
|
1495 |
* want an ACL such as this to mess us up. |
|
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1496 |
* user:joe:write_data:deny,user:joe:delete:allow |
789 | 1497 |
* |
1498 |
* However, deny permissions may ultimately be overridden |
|
1499 |
* by secpolicy_vnode_access(). |
|
1500 |
*/ |
|
1501 |
||
1502 |
dzp_error = zfs_zaccess_common(dzp, ACE_DELETE_CHILD, |
|
1503 |
&dzp_working_mode, cr); |
|
1504 |
zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode, cr); |
|
1505 |
||
1506 |
if (dzp_error == EROFS || zp_error == EROFS) |
|
1507 |
return (dzp_error); |
|
1508 |
||
1509 |
/* |
|
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1510 |
* First check the first row. |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1511 |
* We only need to see if parent Allows delete_child |
789 | 1512 |
*/ |
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1513 |
if ((dzp_working_mode & ACE_DELETE_CHILD) == 0) |
789 | 1514 |
return (0); |
1515 |
||
1516 |
/* |
|
1517 |
* Second row |
|
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1518 |
* we already have the necessary information in |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1519 |
* zp_working_mode, zp_error and dzp_error. |
789 | 1520 |
*/ |
1521 |
||
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1522 |
if ((zp_working_mode & ACE_DELETE) == 0) |
789 | 1523 |
return (0); |
1524 |
||
1525 |
/* |
|
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1526 |
* Now zp_error should either be EACCES which indicates |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1527 |
* a "deny" delete entry or ACCESS_UNDETERMINED if the "delete" |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1528 |
* entry exists on the target. |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1529 |
* |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1530 |
* dzp_error should be either EACCES which indicates a "deny" |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1531 |
* entry for delete_child or ACCESS_UNDETERMINED if no delete_child |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1532 |
* entry exists. If value is EACCES then we are done |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1533 |
* and zfs_delete_final_check() will make the final decision |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1534 |
* regarding to allow the delete. |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1535 |
*/ |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1536 |
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1537 |
ASSERT(zp_error != 0 && dzp_error != 0); |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1538 |
if (dzp_error == EACCES) |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1539 |
return (zfs_delete_final_check(zp, dzp, cr)); |
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1540 |
|
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1541 |
/* |
789 | 1542 |
* Third Row |
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1543 |
* Only need to check for write/execute on parent |
789 | 1544 |
*/ |
1545 |
||
1546 |
dzp_error = zfs_zaccess_common(dzp, ACE_WRITE_DATA|ACE_EXECUTE, |
|
1547 |
&dzp_working_mode, cr); |
|
1548 |
||
1549 |
if (dzp_error == EROFS) |
|
1550 |
return (dzp_error); |
|
1551 |
||
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1552 |
if ((dzp_working_mode & (ACE_WRITE_DATA|ACE_EXECUTE)) == 0) |
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1553 |
return (zfs_sticky_remove_access(dzp, zp, cr)); |
789 | 1554 |
|
1555 |
/* |
|
1556 |
* Fourth Row |
|
1557 |
*/ |
|
1558 |
||
1576
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1559 |
if (((dzp_working_mode & (ACE_WRITE_DATA|ACE_EXECUTE)) != 0) && |
0364d1928a7f
6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes
marks
parents:
1544
diff
changeset
|
1560 |
((zp_working_mode & ACE_DELETE) == 0)) |
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1561 |
return (zfs_sticky_remove_access(dzp, zp, cr)); |
789 | 1562 |
|
2604
b2fb13f56fe7
6461609 zfs delete permissions are not working correctly
marks
parents:
2113
diff
changeset
|
1563 |
return (zfs_delete_final_check(zp, dzp, cr)); |
789 | 1564 |
} |
1565 |
||
1566 |
int |
|
1567 |
zfs_zaccess_rename(znode_t *sdzp, znode_t *szp, znode_t *tdzp, |
|
1568 |
znode_t *tzp, cred_t *cr) |
|
1569 |
{ |
|
1570 |
int add_perm; |
|
1571 |
int error; |
|
1572 |
||
1573 |
add_perm = (ZTOV(szp)->v_type == VDIR) ? |
|
1574 |
ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE; |
|
1575 |
||
1576 |
/* |
|
1577 |
* Rename permissions are combination of delete permission + |
|
1578 |
* add file/subdir permission. |
|
1579 |
*/ |
|
1580 |
||
1581 |
/* |
|
1582 |
* first make sure we do the delete portion. |
|
1583 |
* |
|
1584 |
* If that succeeds then check for add_file/add_subdir permissions |
|
1585 |
*/ |
|
1586 |
||
1587 |
if (error = zfs_zaccess_delete(sdzp, szp, cr)) |
|
1588 |
return (error); |
|
1589 |
||
1590 |
/* |
|
1591 |
* If we have a tzp, see if we can delete it? |
|
1592 |
*/ |
|
1593 |
if (tzp) { |
|
1594 |
if (error = zfs_zaccess_delete(tdzp, tzp, cr)) |
|
1595 |
return (error); |
|
1596 |
} |
|
1597 |
||
1598 |
/* |
|
1599 |
* Now check for add permissions |
|
1600 |
*/ |
|
1308
997e6a49c409
6362908 nfsv4-test: RENAME does not check PERM with NFSv4/ZFS
marks
parents:
975
diff
changeset
|
1601 |
error = zfs_zaccess(tdzp, add_perm, cr); |
789 | 1602 |
|
1603 |
return (error); |
|
1604 |
} |