upstream/illumos/illumos-gate: usr/src/uts/common/fs/zfs/zfs

789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	2	* CDDL HEADER START
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	3	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	4	* The contents of this file are subject to the terms of the
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	5	* Common Development and Distribution License (the "License").
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	6	* You may not use this file except in compliance with the License.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	7	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	8	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	9	* or http://www.opensolaris.org/os/licensing.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	10	* See the License for the specific language governing permissions
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	11	* and limitations under the License.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	12	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	13	* When distributing Covered Code, include this CDDL HEADER in each
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	14	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	15	* If applicable, add the following below this CDDL HEADER, with the
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	16	* fields enclosed by brackets "[]" replaced with your own identifying
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	17	* information: Portions Copyright [yyyy] [name of copyright owner]
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	18	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	19	* CDDL HEADER END
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	20	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	21	/*
1308 997e6a49c409 6362908 nfsv4-test: RENAME does not check PERM with NFSv4/ZFS marks parents: 975 diff changeset	22	* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	23	* Use is subject to license terms.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	24	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	25
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	26	#pragma ident "%Z%%M% %I% %E% SMI"
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	27
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	28	#include <sys/types.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	29	#include <sys/param.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	30	#include <sys/time.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	31	#include <sys/systm.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	32	#include <sys/sysmacros.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	33	#include <sys/resource.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	34	#include <sys/vfs.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	35	#include <sys/vnode.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	36	#include <sys/file.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	37	#include <sys/stat.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	38	#include <sys/kmem.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	39	#include <sys/cmn_err.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	40	#include <sys/errno.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	41	#include <sys/unistd.h>
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	42	#include <sys/sdt.h>
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	43	#include <sys/fs/zfs.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	44	#include <sys/mode.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	45	#include <sys/policy.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	46	#include <sys/zfs_znode.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	47	#include <sys/zfs_acl.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	48	#include <sys/zfs_dir.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	49	#include <sys/zfs_vfsops.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	50	#include <sys/dmu.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	51	#include <sys/zap.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	52	#include <util/qsort.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	53	#include "fs/fs_subr.h"
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	54	#include <acl/acl_common.h>
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	55
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	56	#define ALLOW ACE_ACCESS_ALLOWED_ACE_TYPE
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	57	#define DENY ACE_ACCESS_DENIED_ACE_TYPE
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	58
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	59	#define OWNING_GROUP (ACE_GROUP\|ACE_IDENTIFIER_GROUP)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	60	#define EVERYONE_ALLOW_MASK (ACE_READ_ACL\|ACE_READ_ATTRIBUTES \| \
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	61	ACE_READ_NAMED_ATTRS\|ACE_SYNCHRONIZE)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	62	#define EVERYONE_DENY_MASK (ACE_WRITE_ACL\|ACE_WRITE_OWNER \| \
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	63	ACE_WRITE_ATTRIBUTES\|ACE_WRITE_NAMED_ATTRS)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	64	#define OWNER_ALLOW_MASK (ACE_WRITE_ACL \| ACE_WRITE_OWNER \| \
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	65	ACE_WRITE_ATTRIBUTES\|ACE_WRITE_NAMED_ATTRS)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	66	#define WRITE_MASK (ACE_WRITE_DATA\|ACE_APPEND_DATA\|ACE_WRITE_NAMED_ATTRS\| \
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	67	ACE_WRITE_ATTRIBUTES\|ACE_WRITE_ACL\|ACE_WRITE_OWNER)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	68
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	69	#define OGE_CLEAR (ACE_READ_DATA\|ACE_LIST_DIRECTORY\|ACE_WRITE_DATA\| \
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	70	ACE_ADD_FILE\|ACE_APPEND_DATA\|ACE_ADD_SUBDIRECTORY\|ACE_EXECUTE)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	71
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	72	#define OKAY_MASK_BITS (ACE_READ_DATA\|ACE_LIST_DIRECTORY\|ACE_WRITE_DATA\| \
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	73	ACE_ADD_FILE\|ACE_APPEND_DATA\|ACE_ADD_SUBDIRECTORY\|ACE_EXECUTE)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	74
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	75	#define ALL_INHERIT (ACE_FILE_INHERIT_ACE\|ACE_DIRECTORY_INHERIT_ACE \| \
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	76	ACE_NO_PROPAGATE_INHERIT_ACE\|ACE_INHERIT_ONLY_ACE)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	77
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	78	#define SECURE_CLEAR (ACE_WRITE_ACL\|ACE_WRITE_OWNER)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	79
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	80	#define OGE_PAD 6 /* traditional owner/group/everyone ACES */
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	81
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	82	static int zfs_ace_can_use(znode_t zp, ace_t );
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	83
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	84	static zfs_acl_t *
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	85	zfs_acl_alloc(int slots)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	86	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	87	zfs_acl_t *aclp;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	88
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	89	aclp = kmem_zalloc(sizeof (zfs_acl_t), KM_SLEEP);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	90	if (slots != 0) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	91	aclp->z_acl = kmem_alloc(ZFS_ACL_SIZE(slots), KM_SLEEP);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	92	aclp->z_acl_count = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	93	aclp->z_state = ACL_DATA_ALLOCED;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	94	} else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	95	aclp->z_state = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	96	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	97	aclp->z_slots = slots;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	98	return (aclp);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	99	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	100
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	101	void
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	102	zfs_acl_free(zfs_acl_t *aclp)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	103	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	104	if (aclp->z_state == ACL_DATA_ALLOCED) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	105	kmem_free(aclp->z_acl, ZFS_ACL_SIZE(aclp->z_slots));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	106	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	107	kmem_free(aclp, sizeof (zfs_acl_t));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	108	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	109
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	110	static uint32_t
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	111	zfs_v4_to_unix(uint32_t access_mask)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	112	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	113	uint32_t new_mask = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	114
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	115	/*
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	116	* This is used for mapping v4 permissions into permissions
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	117	* that can be passed to secpolicy_vnode_access()
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	118	*/
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	119	if (access_mask & (ACE_READ_DATA \| ACE_LIST_DIRECTORY \|
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	120	ACE_READ_ATTRIBUTES \| ACE_READ_ACL))
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	121	new_mask \|= S_IROTH;
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	122	if (access_mask & (ACE_WRITE_DATA \| ACE_APPEND_DATA \|
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	123	ACE_WRITE_ATTRIBUTES \| ACE_ADD_FILE \| ACE_WRITE_NAMED_ATTRS))
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	124	new_mask \|= S_IWOTH;
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	125	if (access_mask & (ACE_EXECUTE \| ACE_READ_NAMED_ATTRS))
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	126	new_mask \|= S_IXOTH;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	127
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	128	return (new_mask);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	129	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	130
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	131	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	132	* Convert unix access mask to v4 access mask
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	133	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	134	static uint32_t
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	135	zfs_unix_to_v4(uint32_t access_mask)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	136	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	137	uint32_t new_mask = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	138
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	139	if (access_mask & 01)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	140	new_mask \|= (ACE_EXECUTE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	141	if (access_mask & 02) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	142	new_mask \|= (ACE_WRITE_DATA);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	143	} if (access_mask & 04) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	144	new_mask \|= ACE_READ_DATA;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	145	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	146	return (new_mask);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	147	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	148
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	149	static void
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	150	zfs_set_ace(ace_t *zacep, uint32_t access_mask, int access_type,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	151	uid_t uid, int entry_type)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	152	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	153	zacep->a_access_mask = access_mask;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	154	zacep->a_type = access_type;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	155	zacep->a_who = uid;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	156	zacep->a_flags = entry_type;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	157	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	158
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	159	static uint64_t
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	160	zfs_mode_compute(znode_t zp, zfs_acl_t aclp)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	161	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	162	int i;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	163	int entry_type;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	164	mode_t mode = (zp->z_phys->zp_mode &
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	165	(S_IFMT \| S_ISUID \| S_ISGID \| S_ISVTX));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	166	mode_t seen = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	167	ace_t *acep;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	168
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	169	for (i = 0, acep = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	170	i != aclp->z_acl_count; i++, acep++) {
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	171	entry_type = (acep->a_flags & ACE_TYPE_FLAGS);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	172	if (entry_type == ACE_OWNER) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	173	if ((acep->a_access_mask & ACE_READ_DATA) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	174	(!(seen & S_IRUSR))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	175	seen \|= S_IRUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	176	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	177	mode \|= S_IRUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	178	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	179	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	180	if ((acep->a_access_mask & ACE_WRITE_DATA) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	181	(!(seen & S_IWUSR))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	182	seen \|= S_IWUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	183	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	184	mode \|= S_IWUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	185	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	186	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	187	if ((acep->a_access_mask & ACE_EXECUTE) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	188	(!(seen & S_IXUSR))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	189	seen \|= S_IXUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	190	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	191	mode \|= S_IXUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	192	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	193	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	194	} else if (entry_type == OWNING_GROUP) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	195	if ((acep->a_access_mask & ACE_READ_DATA) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	196	(!(seen & S_IRGRP))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	197	seen \|= S_IRGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	198	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	199	mode \|= S_IRGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	200	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	201	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	202	if ((acep->a_access_mask & ACE_WRITE_DATA) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	203	(!(seen & S_IWGRP))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	204	seen \|= S_IWGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	205	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	206	mode \|= S_IWGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	207	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	208	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	209	if ((acep->a_access_mask & ACE_EXECUTE) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	210	(!(seen & S_IXGRP))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	211	seen \|= S_IXGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	212	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	213	mode \|= S_IXGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	214	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	215	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	216	} else if (entry_type == ACE_EVERYONE) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	217	if ((acep->a_access_mask & ACE_READ_DATA)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	218	if (!(seen & S_IRUSR)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	219	seen \|= S_IRUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	220	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	221	mode \|= S_IRUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	222	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	223	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	224	if (!(seen & S_IRGRP)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	225	seen \|= S_IRGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	226	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	227	mode \|= S_IRGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	228	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	229	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	230	if (!(seen & S_IROTH)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	231	seen \|= S_IROTH;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	232	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	233	mode \|= S_IROTH;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	234	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	235	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	236	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	237	if ((acep->a_access_mask & ACE_WRITE_DATA)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	238	if (!(seen & S_IWUSR)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	239	seen \|= S_IWUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	240	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	241	mode \|= S_IWUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	242	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	243	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	244	if (!(seen & S_IWGRP)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	245	seen \|= S_IWGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	246	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	247	mode \|= S_IWGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	248	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	249	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	250	if (!(seen & S_IWOTH)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	251	seen \|= S_IWOTH;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	252	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	253	mode \|= S_IWOTH;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	254	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	255	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	256	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	257	if ((acep->a_access_mask & ACE_EXECUTE)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	258	if (!(seen & S_IXUSR)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	259	seen \|= S_IXUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	260	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	261	mode \|= S_IXUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	262	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	263	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	264	if (!(seen & S_IXGRP)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	265	seen \|= S_IXGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	266	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	267	mode \|= S_IXGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	268	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	269	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	270	if (!(seen & S_IXOTH)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	271	seen \|= S_IXOTH;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	272	if (acep->a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	273	mode \|= S_IXOTH;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	274	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	275	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	276	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	277	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	278	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	279	return (mode);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	280	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	281
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	282	static zfs_acl_t *
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	283	zfs_acl_node_read_internal(znode_t *zp)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	284	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	285	zfs_acl_t *aclp;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	286
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	287	aclp = zfs_acl_alloc(0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	288	aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_count;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	289	aclp->z_acl = &zp->z_phys->zp_acl.z_ace_data[0];
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	290
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	291	return (aclp);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	292	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	293
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	294	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	295	* Read an external acl object.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	296	*/
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	297	static int
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	298	zfs_acl_node_read(znode_t zp, zfs_acl_t *aclpp)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	299	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	300	uint64_t extacl = zp->z_phys->zp_acl.z_acl_extern_obj;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	301	zfs_acl_t *aclp;
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	302	int error;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	303
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	304	ASSERT(MUTEX_HELD(&zp->z_acl_lock));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	305
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	306	if (zp->z_phys->zp_acl.z_acl_extern_obj == 0) {
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	307	*aclpp = zfs_acl_node_read_internal(zp);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	308	return (0);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	309	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	310
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	311	aclp = zfs_acl_alloc(zp->z_phys->zp_acl.z_acl_count);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	312
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	313	error = dmu_read(zp->z_zfsvfs->z_os, extacl, 0,
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	314	ZFS_ACL_SIZE(zp->z_phys->zp_acl.z_acl_count), aclp->z_acl);
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	315	if (error != 0) {
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	316	zfs_acl_free(aclp);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	317	return (error);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	318	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	319
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	320	aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_count;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	321
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	322	*aclpp = aclp;
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	323	return (0);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	324	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	325
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	326	static boolean_t
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	327	zfs_acl_valid(znode_t zp, ace_t uace, int aclcnt, int *inherit)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	328	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	329	ace_t *acep;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	330	int i;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	331
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	332	*inherit = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	333
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	334	if (aclcnt > MAX_ACL_ENTRIES \|\| aclcnt <= 0) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	335	return (B_FALSE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	336	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	337
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	338	for (i = 0, acep = uace; i != aclcnt; i++, acep++) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	339
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	340	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	341	* first check type of entry
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	342	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	343
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	344	switch (acep->a_flags & ACE_TYPE_FLAGS) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	345	case ACE_OWNER:
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	346	acep->a_who = -1;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	347	break;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	348	case (ACE_IDENTIFIER_GROUP \| ACE_GROUP):
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	349	case ACE_IDENTIFIER_GROUP:
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	350	if (acep->a_flags & ACE_GROUP) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	351	acep->a_who = -1;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	352	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	353	break;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	354	case ACE_EVERYONE:
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	355	acep->a_who = -1;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	356	break;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	357	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	358
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	359	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	360	* next check inheritance level flags
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	361	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	362
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	363	if (acep->a_type != ALLOW && acep->a_type != DENY)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	364	return (B_FALSE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	365
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	366	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	367	* Only directories should have inheritance flags.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	368	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	369	if (ZTOV(zp)->v_type != VDIR && (acep->a_flags &
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	370	(ACE_FILE_INHERIT_ACE\|ACE_DIRECTORY_INHERIT_ACE\|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	371	ACE_INHERIT_ONLY_ACE\|ACE_NO_PROPAGATE_INHERIT_ACE))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	372	return (B_FALSE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	373	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	374
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	375	if (acep->a_flags &
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	376	(ACE_FILE_INHERIT_ACE\|ACE_DIRECTORY_INHERIT_ACE))
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	377	*inherit = 1;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	378
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	379	if (acep->a_flags &
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	380	(ACE_INHERIT_ONLY_ACE\|ACE_NO_PROPAGATE_INHERIT_ACE)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	381	if ((acep->a_flags & (ACE_FILE_INHERIT_ACE\|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	382	ACE_DIRECTORY_INHERIT_ACE)) == 0) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	383	return (B_FALSE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	384	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	385	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	386	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	387
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	388	return (B_TRUE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	389	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	390	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	391	* common code for setting acl's.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	392	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	393	* This function is called from zfs_mode_update, zfs_perm_init, and zfs_setacl.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	394	* zfs_setacl passes a non-NULL inherit pointer (ihp) to indicate that it's
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	395	* already checked the acl and knows whether to inherit.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	396	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	397	int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	398	zfs_aclset_common(znode_t zp, zfs_acl_t aclp, dmu_tx_t tx, int ihp)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	399	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	400	int inherit = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	401	int error;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	402	znode_phys_t *zphys = zp->z_phys;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	403	zfs_znode_acl_t *zacl = &zphys->zp_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	404	uint32_t acl_phys_size = ZFS_ACL_SIZE(aclp->z_acl_count);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	405	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	406	uint64_t aoid = zphys->zp_acl.z_acl_extern_obj;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	407
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	408	ASSERT(MUTEX_HELD(&zp->z_lock));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	409	ASSERT(MUTEX_HELD(&zp->z_acl_lock));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	410
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	411	if (ihp)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	412	inherit = ihp; / already determined by caller */
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	413	else if (!zfs_acl_valid(zp, aclp->z_acl,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	414	aclp->z_acl_count, &inherit)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	415	return (EINVAL);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	416	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	417
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	418	dmu_buf_will_dirty(zp->z_dbuf, tx);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	419
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	420	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	421	* Will ACL fit internally?
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	422	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	423	if (aclp->z_acl_count > ACE_SLOT_CNT) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	424	if (aoid == 0) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	425	aoid = dmu_object_alloc(zfsvfs->z_os,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	426	DMU_OT_ACL, acl_phys_size, DMU_OT_NONE, 0, tx);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	427	} else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	428	(void) dmu_object_set_blocksize(zfsvfs->z_os, aoid,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	429	acl_phys_size, 0, tx);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	430	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	431	zphys->zp_acl.z_acl_extern_obj = aoid;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	432	zphys->zp_acl.z_acl_count = aclp->z_acl_count;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	433	dmu_write(zfsvfs->z_os, aoid, 0,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	434	acl_phys_size, aclp->z_acl, tx);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	435	} else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	436	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	437	* Migrating back embedded?
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	438	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	439	if (zphys->zp_acl.z_acl_extern_obj) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	440	error = dmu_object_free(zfsvfs->z_os,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	441	zp->z_phys->zp_acl.z_acl_extern_obj, tx);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	442	if (error)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	443	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	444	zphys->zp_acl.z_acl_extern_obj = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	445	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	446	bcopy(aclp->z_acl, zacl->z_ace_data,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	447	aclp->z_acl_count * sizeof (ace_t));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	448	zacl->z_acl_count = aclp->z_acl_count;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	449	}
905 920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	450
920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	451	zp->z_phys->zp_flags &= ~(ZFS_ACL_TRIVIAL\|ZFS_INHERIT_ACE);
920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	452	if (inherit) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	453	zp->z_phys->zp_flags \|= ZFS_INHERIT_ACE;
905 920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	454	} else if (ace_trivial(zacl->z_ace_data, zacl->z_acl_count) == 0) {
920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	455	zp->z_phys->zp_flags \|= ZFS_ACL_TRIVIAL;
920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	456	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	457
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	458	zphys->zp_mode = zfs_mode_compute(zp, aclp);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	459	zfs_time_stamper_locked(zp, STATE_CHANGED, tx);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	460
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	461	return (0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	462	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	463
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	464	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	465	* Create space for slots_needed ACEs to be append
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	466	* to aclp.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	467	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	468	static void
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	469	zfs_acl_append(zfs_acl_t *aclp, int slots_needed)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	470	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	471	ace_t *newacep;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	472	ace_t *oldaclp;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	473	int slot_cnt;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	474	int slots_left = aclp->z_slots - aclp->z_acl_count;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	475
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	476	if (aclp->z_state == ACL_DATA_ALLOCED)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	477	ASSERT(aclp->z_slots >= aclp->z_acl_count);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	478	if (slots_left < slots_needed \|\| aclp->z_state != ACL_DATA_ALLOCED) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	479	slot_cnt = aclp->z_slots + 1 + (slots_needed - slots_left);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	480	newacep = kmem_alloc(ZFS_ACL_SIZE(slot_cnt), KM_SLEEP);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	481	bcopy(aclp->z_acl, newacep,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	482	ZFS_ACL_SIZE(aclp->z_acl_count));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	483	oldaclp = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	484	if (aclp->z_state == ACL_DATA_ALLOCED)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	485	kmem_free(oldaclp, ZFS_ACL_SIZE(aclp->z_slots));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	486	aclp->z_acl = newacep;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	487	aclp->z_slots = slot_cnt;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	488	aclp->z_state = ACL_DATA_ALLOCED;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	489	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	490	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	491
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	492	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	493	* Remove "slot" ACE from aclp
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	494	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	495	static void
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	496	zfs_ace_remove(zfs_acl_t *aclp, int slot)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	497	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	498	if (aclp->z_acl_count > 1) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	499	(void) memmove(&aclp->z_acl[slot],
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	500	&aclp->z_acl[slot +1], sizeof (ace_t) *
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	501	(--aclp->z_acl_count - slot));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	502	} else
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	503	aclp->z_acl_count--;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	504	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	505
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	506	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	507	* Update access mask for prepended ACE
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	508	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	509	* This applies the "groupmask" value for aclmode property.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	510	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	511	static void
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	512	zfs_acl_prepend_fixup(ace_t acep, ace_t origacep, mode_t mode, uid_t owner)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	513	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	514
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	515	int rmask, wmask, xmask;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	516	int user_ace;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	517
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	518	user_ace = (!(acep->a_flags &
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	519	(ACE_OWNER\|ACE_GROUP\|ACE_IDENTIFIER_GROUP)));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	520
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	521	if (user_ace && (acep->a_who == owner)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	522	rmask = S_IRUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	523	wmask = S_IWUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	524	xmask = S_IXUSR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	525	} else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	526	rmask = S_IRGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	527	wmask = S_IWGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	528	xmask = S_IXGRP;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	529	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	530
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	531	if (origacep->a_access_mask & ACE_READ_DATA) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	532	if (mode & rmask)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	533	acep->a_access_mask &= ~ACE_READ_DATA;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	534	else
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	535	acep->a_access_mask \|= ACE_READ_DATA;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	536	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	537
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	538	if (origacep->a_access_mask & ACE_WRITE_DATA) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	539	if (mode & wmask)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	540	acep->a_access_mask &= ~ACE_WRITE_DATA;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	541	else
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	542	acep->a_access_mask \|= ACE_WRITE_DATA;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	543	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	544
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	545	if (origacep->a_access_mask & ACE_APPEND_DATA) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	546	if (mode & wmask)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	547	acep->a_access_mask &= ~ACE_APPEND_DATA;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	548	else
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	549	acep->a_access_mask \|= ACE_APPEND_DATA;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	550	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	551
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	552	if (origacep->a_access_mask & ACE_EXECUTE) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	553	if (mode & xmask)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	554	acep->a_access_mask &= ~ACE_EXECUTE;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	555	else
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	556	acep->a_access_mask \|= ACE_EXECUTE;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	557	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	558	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	559
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	560	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	561	* Apply mode to canonical six ACEs.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	562	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	563	static void
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	564	zfs_acl_fixup_canonical_six(zfs_acl_t *aclp, mode_t mode)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	565	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	566	int cnt;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	567	ace_t *acep;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	568
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	569	cnt = aclp->z_acl_count -1;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	570	acep = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	571
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	572	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	573	* Fixup final ACEs to match the mode
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	574	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	575
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	576	ASSERT(cnt >= 5);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	577	adjust_ace_pair(&acep[cnt - 1], mode); /* everyone@ */
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	578	adjust_ace_pair(&acep[cnt - 3], (mode & 0070) >> 3); /* group@ */
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	579	adjust_ace_pair(&acep[cnt - 5], (mode & 0700) >> 6); /* owner@ */
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	580	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	581
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	582
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	583	static int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	584	zfs_acl_ace_match(ace_t *acep, int allow_deny, int type, int mask)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	585	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	586	return (acep->a_access_mask == mask && acep->a_type == allow_deny &&
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	587	((acep->a_flags & ACE_TYPE_FLAGS) == type));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	588	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	589
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	590	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	591	* Can prepended ACE be reused?
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	592	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	593	static int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	594	zfs_reuse_deny(ace_t *acep, int i)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	595	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	596	int okay_masks;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	597
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	598	if (i < 1)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	599	return (B_FALSE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	600
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	601	if (acep[i-1].a_type != DENY)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	602	return (B_FALSE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	603
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	604	if (acep[i-1].a_flags != (acep[i].a_flags & ACE_IDENTIFIER_GROUP))
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	605	return (B_FALSE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	606
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	607	okay_masks = (acep[i].a_access_mask & OKAY_MASK_BITS);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	608
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	609	if (acep[i-1].a_access_mask & ~okay_masks)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	610	return (B_FALSE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	611
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	612	return (B_TRUE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	613	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	614
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	615	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	616	* Create space to prepend an ACE
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	617	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	618	static void
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	619	zfs_acl_prepend(zfs_acl_t *aclp, int i)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	620	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	621	ace_t *oldaclp = NULL;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	622	ace_t to, from;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	623	int slots_left = aclp->z_slots - aclp->z_acl_count;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	624	int oldslots;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	625	int need_free = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	626
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	627	if (aclp->z_state == ACL_DATA_ALLOCED)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	628	ASSERT(aclp->z_slots >= aclp->z_acl_count);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	629
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	630	if (slots_left == 0 \|\| aclp->z_state != ACL_DATA_ALLOCED) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	631
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	632	to = kmem_alloc(ZFS_ACL_SIZE(aclp->z_acl_count +
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	633	OGE_PAD), KM_SLEEP);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	634	if (aclp->z_state == ACL_DATA_ALLOCED)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	635	need_free++;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	636	from = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	637	oldaclp = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	638	(void) memmove(to, from,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	639	sizeof (ace_t) * aclp->z_acl_count);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	640	aclp->z_state = ACL_DATA_ALLOCED;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	641	} else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	642	from = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	643	to = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	644	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	645
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	646
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	647	(void) memmove(&to[i + 1], &from[i],
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	648	sizeof (ace_t) * (aclp->z_acl_count - i));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	649
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	650	if (oldaclp) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	651	aclp->z_acl = to;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	652	oldslots = aclp->z_slots;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	653	aclp->z_slots = aclp->z_acl_count + OGE_PAD;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	654	if (need_free)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	655	kmem_free(oldaclp, ZFS_ACL_SIZE(oldslots));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	656	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	657
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	658	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	659
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	660	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	661	* Prepend deny ACE
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	662	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	663	static void
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	664	zfs_acl_prepend_deny(znode_t zp, zfs_acl_t aclp, int i,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	665	mode_t mode)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	666	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	667	ace_t *acep;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	668
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	669	zfs_acl_prepend(aclp, i);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	670
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	671	acep = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	672	zfs_set_ace(&acep[i], 0, DENY, acep[i + 1].a_who,
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	673	(acep[i + 1].a_flags & ACE_TYPE_FLAGS));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	674	zfs_acl_prepend_fixup(&acep[i], &acep[i+1], mode, zp->z_phys->zp_uid);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	675	aclp->z_acl_count++;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	676	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	677
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	678	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	679	* Split an inherited ACE into inherit_only ACE
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	680	* and original ACE with inheritance flags stripped off.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	681	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	682	static void
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	683	zfs_acl_split_ace(zfs_acl_t *aclp, int i)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	684	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	685	ace_t *acep = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	686
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	687	zfs_acl_prepend(aclp, i);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	688	acep = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	689	acep[i] = acep[i + 1];
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	690	acep[i].a_flags \|= ACE_INHERIT_ONLY_ACE;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	691	acep[i + 1].a_flags &= ~ALL_INHERIT;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	692	aclp->z_acl_count++;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	693	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	694
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	695	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	696	* Are ACES started at index i, the canonical six ACES?
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	697	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	698	static int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	699	zfs_have_canonical_six(zfs_acl_t *aclp, int i)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	700	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	701	ace_t *acep = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	702
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	703	if ((zfs_acl_ace_match(&acep[i],
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	704	DENY, ACE_OWNER, 0) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	705	zfs_acl_ace_match(&acep[i + 1], ALLOW, ACE_OWNER,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	706	OWNER_ALLOW_MASK) && zfs_acl_ace_match(&acep[i + 2],
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	707	DENY, OWNING_GROUP, 0) && zfs_acl_ace_match(&acep[i + 3],
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	708	ALLOW, OWNING_GROUP, 0) && zfs_acl_ace_match(&acep[i + 4],
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	709	DENY, ACE_EVERYONE, EVERYONE_DENY_MASK) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	710	zfs_acl_ace_match(&acep[i + 5], ALLOW, ACE_EVERYONE,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	711	EVERYONE_ALLOW_MASK))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	712	return (1);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	713	} else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	714	return (0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	715	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	716	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	717
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	718	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	719	* Apply step 1g, to group entries
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	720	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	721	* Need to deal with corner case where group may have
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	722	* greater permissions than owner. If so then limit
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	723	* group permissions, based on what extra permissions
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	724	* group has.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	725	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	726	static void
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	727	zfs_fixup_group_entries(ace_t *acep, mode_t mode)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	728	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	729	mode_t extramode = (mode >> 3) & 07;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	730	mode_t ownermode = (mode >> 6);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	731
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	732	if (acep[0].a_flags & ACE_IDENTIFIER_GROUP) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	733
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	734	extramode &= ~ownermode;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	735
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	736	if (extramode) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	737	if (extramode & 04) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	738	acep[0].a_access_mask &= ~ACE_READ_DATA;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	739	acep[1].a_access_mask &= ~ACE_READ_DATA;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	740	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	741	if (extramode & 02) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	742	acep[0].a_access_mask &=
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	743	~(ACE_WRITE_DATA\|ACE_APPEND_DATA);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	744	acep[1].a_access_mask &=
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	745	~(ACE_WRITE_DATA\|ACE_APPEND_DATA);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	746	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	747	if (extramode & 01) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	748	acep[0].a_access_mask &= ~ACE_EXECUTE;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	749	acep[1].a_access_mask &= ~ACE_EXECUTE;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	750	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	751	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	752	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	753	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	754
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	755	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	756	* Apply the chmod algorithm as described
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	757	* in PSARC/2002/240
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	758	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	759	static int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	760	zfs_acl_chmod(znode_t zp, uint64_t mode, zfs_acl_t aclp,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	761	dmu_tx_t *tx)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	762	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	763	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	764	ace_t *acep;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	765	int i;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	766	int error;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	767	int entry_type;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	768	int reuse_deny;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	769	int need_canonical_six = 1;
905 920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	770	int inherit = 0;
920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	771	int iflags;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	772
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	773	ASSERT(MUTEX_HELD(&zp->z_acl_lock));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	774	ASSERT(MUTEX_HELD(&zp->z_lock));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	775
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	776	i = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	777	while (i < aclp->z_acl_count) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	778	acep = aclp->z_acl;
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	779	entry_type = (acep[i].a_flags & ACE_TYPE_FLAGS);
905 920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	780	iflags = (acep[i].a_flags & ALL_INHERIT);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	781
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	782	if ((acep[i].a_type != ALLOW && acep[i].a_type != DENY) \|\|
905 920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	783	(iflags & ACE_INHERIT_ONLY_ACE)) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	784	i++;
905 920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	785	if (iflags)
920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	786	inherit = 1;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	787	continue;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	788	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	789
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	790
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	791	if (zfsvfs->z_acl_mode == DISCARD) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	792	zfs_ace_remove(aclp, i);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	793	continue;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	794	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	795
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	796	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	797	* Need to split ace into two?
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	798	*/
905 920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	799	if ((iflags & (ACE_FILE_INHERIT_ACE\|
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	800	ACE_DIRECTORY_INHERIT_ACE)) &&
905 920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	801	(!(iflags & ACE_INHERIT_ONLY_ACE))) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	802	zfs_acl_split_ace(aclp, i);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	803	i++;
905 920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	804	inherit = 1;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	805	continue;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	806	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	807
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	808	if (entry_type == ACE_OWNER \|\| entry_type == ACE_EVERYONE \|\|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	809	(entry_type == OWNING_GROUP)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	810	acep[i].a_access_mask &= ~OGE_CLEAR;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	811	i++;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	812	continue;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	813
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	814	} else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	815	if (acep[i].a_type == ALLOW) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	816
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	817	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	818	* Check preceding ACE if any, to see
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	819	* if we need to prepend a DENY ACE.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	820	* This is only applicable when the acl_mode
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	821	* property == groupmask.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	822	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	823	if (zfsvfs->z_acl_mode == GROUPMASK) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	824
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	825	reuse_deny = zfs_reuse_deny(acep, i);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	826
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	827	if (reuse_deny == B_FALSE) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	828	zfs_acl_prepend_deny(zp, aclp,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	829	i, mode);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	830	i++;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	831	acep = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	832	} else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	833	zfs_acl_prepend_fixup(
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	834	&acep[i - 1],
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	835	&acep[i], mode,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	836	zp->z_phys->zp_uid);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	837	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	838	zfs_fixup_group_entries(&acep[i - 1],
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	839	mode);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	840	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	841	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	842	i++;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	843	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	844	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	845
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	846	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	847	* Check out last six aces, if we have six.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	848	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	849
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	850	if (aclp->z_acl_count >= 6) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	851	i = aclp->z_acl_count - 6;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	852
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	853	if (zfs_have_canonical_six(aclp, i)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	854	need_canonical_six = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	855	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	856	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	857
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	858	if (need_canonical_six) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	859
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	860	zfs_acl_append(aclp, 6);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	861	i = aclp->z_acl_count;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	862	acep = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	863	zfs_set_ace(&acep[i++], 0, DENY, -1, ACE_OWNER);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	864	zfs_set_ace(&acep[i++], OWNER_ALLOW_MASK, ALLOW, -1, ACE_OWNER);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	865	zfs_set_ace(&acep[i++], 0, DENY, -1, OWNING_GROUP);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	866	zfs_set_ace(&acep[i++], 0, ALLOW, -1, OWNING_GROUP);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	867	zfs_set_ace(&acep[i++], EVERYONE_DENY_MASK,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	868	DENY, -1, ACE_EVERYONE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	869	zfs_set_ace(&acep[i++], EVERYONE_ALLOW_MASK,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	870	ALLOW, -1, ACE_EVERYONE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	871	aclp->z_acl_count += 6;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	872	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	873
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	874	zfs_acl_fixup_canonical_six(aclp, mode);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	875
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	876	zp->z_phys->zp_mode = mode;
905 920e9b2e0899 6347134 zfs_zaccess() is killing ZFS stat() performance marks parents: 865 diff changeset	877	error = zfs_aclset_common(zp, aclp, tx, &inherit);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	878	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	879	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	880
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	881
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	882	int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	883	zfs_acl_chmod_setattr(znode_t zp, uint64_t mode, dmu_tx_t tx)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	884	{
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	885	zfs_acl_t *aclp = NULL;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	886	int error;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	887
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	888	ASSERT(MUTEX_HELD(&zp->z_lock));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	889	mutex_enter(&zp->z_acl_lock);
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	890	error = zfs_acl_node_read(zp, &aclp);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	891	if (error == 0)
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	892	error = zfs_acl_chmod(zp, mode, aclp, tx);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	893	mutex_exit(&zp->z_acl_lock);
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	894	if (aclp)
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	895	zfs_acl_free(aclp);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	896	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	897	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	898
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	899	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	900	* strip off write_owner and write_acl
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	901	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	902	static void
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	903	zfs_securemode_update(zfsvfs_t zfsvfs, ace_t acep)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	904	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	905	if ((zfsvfs->z_acl_inherit == SECURE) &&
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	906	(acep->a_type == ALLOW))
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	907	acep->a_access_mask &= ~SECURE_CLEAR;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	908	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	909
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	910	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	911	* inherit inheritable ACEs from parent
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	912	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	913	static zfs_acl_t *
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	914	zfs_acl_inherit(znode_t zp, zfs_acl_t paclp)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	915	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	916	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	917	ace_t *pacep;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	918	ace_t *acep;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	919	int ace_cnt = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	920	int pace_cnt;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	921	int i, j;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	922	zfs_acl_t *aclp = NULL;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	923
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	924	i = j = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	925	pace_cnt = paclp->z_acl_count;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	926	pacep = paclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	927	if (zfsvfs->z_acl_inherit != DISCARD) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	928	for (i = 0; i != pace_cnt; i++) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	929
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	930	if (zfsvfs->z_acl_inherit == NOALLOW &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	931	pacep[i].a_type == ALLOW)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	932	continue;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	933
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	934	if (zfs_ace_can_use(zp, &pacep[i])) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	935	ace_cnt++;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	936	if (!(pacep[i].a_flags &
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	937	ACE_NO_PROPAGATE_INHERIT_ACE))
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	938	ace_cnt++;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	939	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	940	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	941	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	942
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	943	aclp = zfs_acl_alloc(ace_cnt + OGE_PAD);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	944	if (ace_cnt && zfsvfs->z_acl_inherit != DISCARD) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	945	acep = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	946	pacep = paclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	947	for (i = 0; i != pace_cnt; i++) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	948
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	949	if (zfsvfs->z_acl_inherit == NOALLOW &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	950	pacep[i].a_type == ALLOW)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	951	continue;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	952
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	953	if (zfs_ace_can_use(zp, &pacep[i])) {
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	954
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	955	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	956	* Now create entry for inherited ace
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	957	*/
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	958
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	959	acep[j] = pacep[i];
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	960
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	961	/*
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	962	* When AUDIT/ALARM a_types are supported
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	963	* they should be inherited here.
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	964	*/
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	965
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	966	if ((pacep[i].a_flags &
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	967	ACE_NO_PROPAGATE_INHERIT_ACE) \|\|
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	968	(ZTOV(zp)->v_type != VDIR)) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	969	acep[j].a_flags &= ~ALL_INHERIT;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	970	zfs_securemode_update(zfsvfs, &acep[j]);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	971	j++;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	972	continue;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	973	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	974
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	975	ASSERT(ZTOV(zp)->v_type == VDIR);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	976
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	977	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	978	* If we are inheriting an ACE targeted for
865 4223fbdac5f3 6344681 chmod file_inherit should not added the specified ACE to new create subdirectores. marks parents: 789 diff changeset	979	* only files, then make sure inherit_only
4223fbdac5f3 6344681 chmod file_inherit should not added the specified ACE to new create subdirectores. marks parents: 789 diff changeset	980	* is on for future propagation.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	981	*/
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	982	if ((pacep[i].a_flags & (ACE_FILE_INHERIT_ACE \|
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	983	ACE_DIRECTORY_INHERIT_ACE)) !=
865 4223fbdac5f3 6344681 chmod file_inherit should not added the specified ACE to new create subdirectores. marks parents: 789 diff changeset	984	ACE_FILE_INHERIT_ACE) {
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	985	j++;
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	986	acep[j] = acep[j-1];
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	987	acep[j-1].a_flags \|=
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	988	ACE_INHERIT_ONLY_ACE;
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	989	acep[j].a_flags &= ~ALL_INHERIT;
865 4223fbdac5f3 6344681 chmod file_inherit should not added the specified ACE to new create subdirectores. marks parents: 789 diff changeset	990	} else {
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	991	acep[j].a_flags \|= ACE_INHERIT_ONLY_ACE;
865 4223fbdac5f3 6344681 chmod file_inherit should not added the specified ACE to new create subdirectores. marks parents: 789 diff changeset	992	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	993	zfs_securemode_update(zfsvfs, &acep[j]);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	994	j++;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	995	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	996	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	997	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	998	aclp->z_acl_count = j;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	999	ASSERT(aclp->z_slots >= aclp->z_acl_count);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1000
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1001	return (aclp);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1002	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1003
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1004	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1005	* Create file system object initial permissions
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1006	* including inheritable ACEs.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1007	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1008	void
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1009	zfs_perm_init(znode_t zp, znode_t parent, int flag,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1010	vattr_t vap, dmu_tx_t tx, cred_t *cr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1011	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1012	uint64_t mode;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1013	uid_t uid;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1014	gid_t gid;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1015	int error;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1016	int pull_down;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1017	zfs_acl_t aclp, paclp;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1018
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1019	mode = MAKEIMODE(vap->va_type, vap->va_mode);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1020
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1021	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1022	* Determine uid and gid.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1023	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1024	if ((flag & (IS_ROOT_NODE \| IS_REPLAY)) \|\|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1025	((flag & IS_XATTR) && (vap->va_type == VDIR))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1026	uid = vap->va_uid;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1027	gid = vap->va_gid;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1028	} else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1029	uid = crgetuid(cr);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1030	if ((vap->va_mask & AT_GID) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1031	((vap->va_gid == parent->z_phys->zp_gid) \|\|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1032	groupmember(vap->va_gid, cr) \|\|
2058 40d3788a5679 6362990 server returns OK on NVERIFY of maxlink/maxfilesize with NFSv4/ZFS xs154138 parents: 1576 diff changeset	1033	secpolicy_vnode_create_gid(cr) == 0))
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1034	gid = vap->va_gid;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1035	else
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1036	gid = (parent->z_phys->zp_mode & S_ISGID) ?
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1037	parent->z_phys->zp_gid : crgetgid(cr);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1038	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1039
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1040	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1041	* If we're creating a directory, and the parent directory has the
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1042	* set-GID bit set, set in on the new directory.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1043	* Otherwise, if the user is neither privileged nor a member of the
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1044	* file's new group, clear the file's set-GID bit.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1045	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1046
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1047	if ((parent->z_phys->zp_mode & S_ISGID) && (vap->va_type == VDIR))
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1048	mode \|= S_ISGID;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1049	else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1050	if ((mode & S_ISGID) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1051	secpolicy_vnode_setids_setgids(cr, gid) != 0)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1052	mode &= ~S_ISGID;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1053	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1054
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1055	zp->z_phys->zp_uid = uid;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1056	zp->z_phys->zp_gid = gid;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1057	zp->z_phys->zp_mode = mode;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1058
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1059	mutex_enter(&parent->z_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1060	pull_down = (parent->z_phys->zp_flags & ZFS_INHERIT_ACE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1061	if (pull_down) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1062	mutex_enter(&parent->z_acl_lock);
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1063	VERIFY(0 == zfs_acl_node_read(parent, &paclp));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1064	mutex_exit(&parent->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1065	aclp = zfs_acl_inherit(zp, paclp);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1066	zfs_acl_free(paclp);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1067	} else {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1068	aclp = zfs_acl_alloc(6);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1069	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1070	mutex_exit(&parent->z_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1071	mutex_enter(&zp->z_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1072	mutex_enter(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1073	error = zfs_acl_chmod(zp, mode, aclp, tx);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1074	mutex_exit(&zp->z_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1075	mutex_exit(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1076	ASSERT3U(error, ==, 0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1077	zfs_acl_free(aclp);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1078	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1079
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1080	/*
975 f1c1d0819d85 6350871 chmod doesn't work correctly when creating a directory and inheriting file_inherit/no_propagate. marks parents: 905 diff changeset	1081	* Should ACE be inherited?
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1082	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1083	static int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1084	zfs_ace_can_use(znode_t zp, ace_t acep)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1085	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1086	int vtype = ZTOV(zp)->v_type;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1087
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1088	int iflags = (acep->a_flags & 0xf);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1089
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1090	if ((vtype == VDIR) && (iflags & ACE_DIRECTORY_INHERIT_ACE))
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1091	return (1);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1092	else if (iflags & ACE_FILE_INHERIT_ACE)
975 f1c1d0819d85 6350871 chmod doesn't work correctly when creating a directory and inheriting file_inherit/no_propagate. marks parents: 905 diff changeset	1093	return (!((vtype == VDIR) &&
f1c1d0819d85 6350871 chmod doesn't work correctly when creating a directory and inheriting file_inherit/no_propagate. marks parents: 905 diff changeset	1094	(iflags & ACE_NO_PROPAGATE_INHERIT_ACE)));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1095	return (0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1096	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1097
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1098	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1099	* Retrieve a files ACL
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1100	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1101	int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1102	zfs_getacl(znode_t zp, vsecattr_t vsecp, cred_t *cr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1103	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1104	zfs_acl_t *aclp;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1105	ulong_t mask = vsecp->vsa_mask & (VSA_ACE \| VSA_ACECNT);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1106	int error;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1107
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1108	if (error = zfs_zaccess(zp, ACE_READ_ACL, cr)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1109	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1110	* If owner of file then allow reading of the
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1111	* ACL.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1112	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1113	if (crgetuid(cr) != zp->z_phys->zp_uid)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1114	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1115	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1116
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1117	if (mask == 0)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1118	return (ENOSYS);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1119
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1120	mutex_enter(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1121
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1122	error = zfs_acl_node_read(zp, &aclp);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1123	if (error != 0) {
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1124	mutex_exit(&zp->z_acl_lock);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1125	return (error);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1126	}
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1127
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1128
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1129	if (mask & VSA_ACECNT) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1130	vsecp->vsa_aclcnt = aclp->z_acl_count;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1131	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1132
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1133	if (mask & VSA_ACE) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1134	vsecp->vsa_aclentp = kmem_alloc(aclp->z_acl_count *
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1135	sizeof (ace_t), KM_SLEEP);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1136	bcopy(aclp->z_acl, vsecp->vsa_aclentp,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1137	aclp->z_acl_count * sizeof (ace_t));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1138	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1139
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1140	mutex_exit(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1141
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1142	zfs_acl_free(aclp);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1143
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1144	return (0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1145	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1146
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1147	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1148	* Set a files ACL
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1149	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1150	int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1151	zfs_setacl(znode_t zp, vsecattr_t vsecp, cred_t *cr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1152	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1153	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1154	zilog_t *zilog = zfsvfs->z_log;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1155	ace_t *acep = vsecp->vsa_aclentp;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1156	int aclcnt = vsecp->vsa_aclcnt;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1157	ulong_t mask = vsecp->vsa_mask & (VSA_ACE \| VSA_ACECNT);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1158	dmu_tx_t *tx;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1159	int error;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1160	int inherit;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1161	zfs_acl_t *aclp;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1162	uint64_t seq = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1163
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1164	if (mask == 0)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1165	return (EINVAL);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1166
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1167	if (!zfs_acl_valid(zp, acep, aclcnt, &inherit))
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1168	return (EINVAL);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1169	top:
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1170	error = zfs_zaccess_v4_perm(zp, ACE_WRITE_ACL, cr);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1171	if (error == EACCES \|\| error == ACCESS_UNDETERMINED) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1172	if ((error = secpolicy_vnode_setdac(cr,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1173	zp->z_phys->zp_uid)) != 0) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1174	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1175	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1176	} else if (error) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1177	return (error == EROFS ? error : EPERM);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1178	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1179
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1180	mutex_enter(&zp->z_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1181	mutex_enter(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1182
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1183	tx = dmu_tx_create(zfsvfs->z_os);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1184	dmu_tx_hold_bonus(tx, zp->z_id);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1185
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1186	if (zp->z_phys->zp_acl.z_acl_extern_obj) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1187	dmu_tx_hold_write(tx, zp->z_phys->zp_acl.z_acl_extern_obj,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1188	0, ZFS_ACL_SIZE(aclcnt));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1189	} else if (aclcnt > ACE_SLOT_CNT) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1190	dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, ZFS_ACL_SIZE(aclcnt));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1191	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1192
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1193	error = dmu_tx_assign(tx, zfsvfs->z_assign);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1194	if (error) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1195	mutex_exit(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1196	mutex_exit(&zp->z_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1197
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1198	if (error == ERESTART && zfsvfs->z_assign == TXG_NOWAIT) {
2113 0510bb40c993 6430121 3-way deadlock involving tc_lock within zfs ahrens parents: 2058 diff changeset	1199	dmu_tx_wait(tx);
0510bb40c993 6430121 3-way deadlock involving tc_lock within zfs ahrens parents: 2058 diff changeset	1200	dmu_tx_abort(tx);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1201	goto top;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1202	}
2113 0510bb40c993 6430121 3-way deadlock involving tc_lock within zfs ahrens parents: 2058 diff changeset	1203	dmu_tx_abort(tx);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1204	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1205	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1206
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1207	aclp = zfs_acl_alloc(aclcnt);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1208	bcopy(acep, aclp->z_acl, sizeof (ace_t) * aclcnt);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1209	aclp->z_acl_count = aclcnt;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1210	error = zfs_aclset_common(zp, aclp, tx, &inherit);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1211	ASSERT(error == 0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1212
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1213	zfs_acl_free(aclp);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1214	seq = zfs_log_acl(zilog, tx, TX_ACL, zp, aclcnt, acep);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1215	dmu_tx_commit(tx);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1216	done:
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1217	mutex_exit(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1218	mutex_exit(&zp->z_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1219
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1220	zil_commit(zilog, seq, 0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1221
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1222	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1223	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1224
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1225	static int
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1226	zfs_ace_access(ace_t zacep, int working_mode)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1227	{
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1228	if (*working_mode == 0) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1229	return (0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1230	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1231
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1232	if (zacep->a_access_mask & *working_mode) {
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1233	if (zacep->a_type == ALLOW) {
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1234	*working_mode &=
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1235	~(*working_mode & zacep->a_access_mask);
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1236	if (*working_mode == 0)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1237	return (0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1238	} else if (zacep->a_type == DENY) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1239	return (EACCES);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1240	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1241	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1242
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1243	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1244	* haven't been specifcally denied at this point
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1245	* so return UNDETERMINED.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1246	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1247
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1248	return (ACCESS_UNDETERMINED);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1249	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1250
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1251
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1252	static int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1253	zfs_zaccess_common(znode_t zp, int v4_mode, int working_mode, cred_t *cr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1254	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1255	zfs_acl_t *aclp;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1256	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1257	ace_t *zacep;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1258	gid_t gid;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1259	int cnt;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1260	int i;
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1261	int error;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1262	int access_deny = ACCESS_UNDETERMINED;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1263	uint_t entry_type;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1264	uid_t uid = crgetuid(cr);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1265
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1266	*working_mode = v4_mode;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1267
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1268	if (zfsvfs->z_assign >= TXG_INITIAL) /* ZIL replay */
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1269	return (0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1270
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1271	if ((v4_mode & WRITE_MASK) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1272	(zp->z_zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1273	(!IS_DEVVP(ZTOV(zp)))) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1274	return (EROFS);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1275	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1276
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1277	mutex_enter(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1278
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1279	error = zfs_acl_node_read(zp, &aclp);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1280	if (error != 0) {
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1281	mutex_exit(&zp->z_acl_lock);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1282	return (error);
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1283	}
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1308 diff changeset	1284
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1285
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1286	zacep = aclp->z_acl;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1287	cnt = aclp->z_acl_count;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1288
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1289	for (i = 0; i != cnt; i++) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1290
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1291	DTRACE_PROBE2(zfs__access__common,
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1292	ace_t , &zacep[i], int, working_mode);
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1293
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1294	if (zacep[i].a_flags & ACE_INHERIT_ONLY_ACE)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1295	continue;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1296
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1297	entry_type = (zacep[i].a_flags & ACE_TYPE_FLAGS);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1298	switch (entry_type) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1299	case ACE_OWNER:
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1300	if (uid == zp->z_phys->zp_uid) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1301	access_deny = zfs_ace_access(&zacep[i],
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1302	working_mode);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1303	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1304	break;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1305	case (ACE_IDENTIFIER_GROUP \| ACE_GROUP):
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1306	case ACE_IDENTIFIER_GROUP:
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1307	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1308	* Owning group gid is in znode not ACL
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1309	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1310	if (entry_type == (ACE_IDENTIFIER_GROUP \| ACE_GROUP))
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1311	gid = zp->z_phys->zp_gid;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1312	else
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1313	gid = zacep[i].a_who;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1314
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1315	if (groupmember(gid, cr)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1316	access_deny = zfs_ace_access(&zacep[i],
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1317	working_mode);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1318	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1319	break;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1320	case ACE_EVERYONE:
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1321	access_deny = zfs_ace_access(&zacep[i], working_mode);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1322	break;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1323
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1324	/* USER Entry */
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1325	default:
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1326	if (entry_type == 0) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1327	if (uid == zacep[i].a_who) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1328	access_deny = zfs_ace_access(&zacep[i],
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1329	working_mode);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1330	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1331	break;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1332	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1333	zfs_acl_free(aclp);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1334	mutex_exit(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1335	return (EIO);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1336	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1337
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1338	if (access_deny != ACCESS_UNDETERMINED)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1339	break;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1340	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1341
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1342	mutex_exit(&zp->z_acl_lock);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1343	zfs_acl_free(aclp);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1344
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1345	return (access_deny);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1346	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1347
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1348
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1349	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1350	* Determine whether Access should be granted/denied, invoking least
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1351	* priv subsytem when a deny is determined.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1352	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1353	int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1354	zfs_zaccess(znode_t zp, int mode, cred_t cr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1355	{
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1356	int working_mode;
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1357	int error;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1358	int is_attr;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1359	znode_t *xzp;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1360	znode_t *check_zp = zp;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1361
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1362	is_attr = ((zp->z_phys->zp_flags & ZFS_XATTR) &&
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1363	(ZTOV(zp)->v_type == VDIR));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1364
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1365	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1366	* If attribute then validate against base file
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1367	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1368	if (is_attr) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1369	if ((error = zfs_zget(zp->z_zfsvfs,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1370	zp->z_phys->zp_parent, &xzp)) != 0) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1371	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1372	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1373	check_zp = xzp;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1374	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1375	* fixup mode to map to xattr perms
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1376	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1377
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1378	if (mode & (ACE_WRITE_DATA\|ACE_APPEND_DATA)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1379	mode &= ~(ACE_WRITE_DATA\|ACE_APPEND_DATA);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1380	mode \|= ACE_WRITE_NAMED_ATTRS;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1381	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1382
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1383	if (mode & (ACE_READ_DATA\|ACE_EXECUTE)) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1384	mode &= ~(ACE_READ_DATA\|ACE_EXECUTE);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1385	mode \|= ACE_READ_NAMED_ATTRS;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1386	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1387	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1388
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1389	error = zfs_zaccess_common(check_zp, mode, &working_mode, cr);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1390
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1391	if (error == EROFS) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1392	if (is_attr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1393	VN_RELE(ZTOV(xzp));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1394	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1395	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1396
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1397	if (error \|\| working_mode) {
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1398	working_mode = (zfs_v4_to_unix(working_mode) << 6);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1399	error = secpolicy_vnode_access(cr, ZTOV(check_zp),
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1400	check_zp->z_phys->zp_uid, working_mode);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1401	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1402
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1403	if (is_attr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1404	VN_RELE(ZTOV(xzp));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1405
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1406	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1407	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1408
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1409	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1410	* Special zaccess function to check for special nfsv4 perm.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1411	* doesn't call secpolicy_vnode_access() for failure, since that
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1412	* would probably be the wrong policy function to call.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1413	* instead its up to the caller to handle that situation.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1414	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1415
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1416	int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1417	zfs_zaccess_v4_perm(znode_t zp, int mode, cred_t cr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1418	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1419	int working_mode = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1420	return (zfs_zaccess_common(zp, mode, &working_mode, cr));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1421	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1422
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1423	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1424	* Translate tradition unix VREAD/VWRITE/VEXEC mode into
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1425	* native ACL format and call zfs_zaccess()
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1426	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1427	int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1428	zfs_zaccess_rwx(znode_t zp, mode_t mode, cred_t cr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1429	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1430	int v4_mode = zfs_unix_to_v4(mode >> 6);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1431
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1432	return (zfs_zaccess(zp, v4_mode, cr));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1433	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1434
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1435	static int
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1436	zfs_delete_final_check(znode_t zp, znode_t dzp, cred_t *cr)
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1437	{
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1438	int error;
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1439
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1440	error = secpolicy_vnode_access(cr, ZTOV(zp),
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1441	dzp->z_phys->zp_uid, S_IWRITE\|S_IEXEC);
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1442
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1443	if (error == 0)
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1444	error = zfs_sticky_remove_access(dzp, zp, cr);
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1445
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1446	return (error);
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1447	}
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1448
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1449	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1450	* Determine whether Access should be granted/deny, without
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1451	* consulting least priv subsystem.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1452	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1453	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1454	* The following chart is the recommended NFSv4 enforcement for
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1455	* ability to delete an object.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1456	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1457	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1458	* \| Parent Dir \| Target Object Permissions \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1459	* \| permissions \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1460	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1461	* \| \| ACL Allows \| ACL Denies\| Delete \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1462	* \| \| Delete \| Delete \| unspecified\|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1463	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1464	* \| ACL Allows \| Permit \| Permit \| Permit \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1465	* \| DELETE_CHILD \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1466	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1467	* \| ACL Denies \| Permit \| Deny \| Deny \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1468	* \| DELETE_CHILD \| \| \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1469	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1470	* \| ACL specifies \| \| \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1471	* \| only allow \| Permit \| Permit \| Permit \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1472	* \| write and \| \| \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1473	* \| execute \| \| \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1474	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1475	* \| ACL denies \| \| \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1476	* \| write and \| Permit \| Deny \| Deny \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1477	* \| execute \| \| \| \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1478	* -------------------------------------------------------
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1479	* ^
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1480	* \|
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1481	* No search privilege, can't even look up file?
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1482	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1483	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1484	int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1485	zfs_zaccess_delete(znode_t dzp, znode_t zp, cred_t *cr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1486	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1487	int dzp_working_mode = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1488	int zp_working_mode = 0;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1489	int dzp_error, zp_error;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1490
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1491	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1492	* Arghh, this check is going to require a couple of questions
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1493	* to be asked. We want specific DELETE permissions to
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1494	* take precedence over WRITE/EXECUTE. We don't
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1495	* want an ACL such as this to mess us up.
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1496	* user:joe:write_data:deny,user:joe:delete:allow
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1497	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1498	* However, deny permissions may ultimately be overridden
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1499	* by secpolicy_vnode_access().
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1500	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1501
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1502	dzp_error = zfs_zaccess_common(dzp, ACE_DELETE_CHILD,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1503	&dzp_working_mode, cr);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1504	zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode, cr);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1505
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1506	if (dzp_error == EROFS \|\| zp_error == EROFS)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1507	return (dzp_error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1508
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1509	/*
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1510	* First check the first row.
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1511	* We only need to see if parent Allows delete_child
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1512	*/
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1513	if ((dzp_working_mode & ACE_DELETE_CHILD) == 0)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1514	return (0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1515
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1516	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1517	* Second row
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1518	* we already have the necessary information in
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1519	* zp_working_mode, zp_error and dzp_error.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1520	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1521
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1522	if ((zp_working_mode & ACE_DELETE) == 0)
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1523	return (0);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1524
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1525	/*
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1526	* Now zp_error should either be EACCES which indicates
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1527	* a "deny" delete entry or ACCESS_UNDETERMINED if the "delete"
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1528	* entry exists on the target.
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1529	*
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1530	* dzp_error should be either EACCES which indicates a "deny"
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1531	* entry for delete_child or ACCESS_UNDETERMINED if no delete_child
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1532	* entry exists. If value is EACCES then we are done
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1533	* and zfs_delete_final_check() will make the final decision
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1534	* regarding to allow the delete.
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1535	*/
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1536
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1537	ASSERT(zp_error != 0 && dzp_error != 0);
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1538	if (dzp_error == EACCES)
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1539	return (zfs_delete_final_check(zp, dzp, cr));
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1540
b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1541	/*
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1542	* Third Row
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1543	* Only need to check for write/execute on parent
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1544	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1545
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1546	dzp_error = zfs_zaccess_common(dzp, ACE_WRITE_DATA\|ACE_EXECUTE,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1547	&dzp_working_mode, cr);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1548
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1549	if (dzp_error == EROFS)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1550	return (dzp_error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1551
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1552	if ((dzp_working_mode & (ACE_WRITE_DATA\|ACE_EXECUTE)) == 0)
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1553	return (zfs_sticky_remove_access(dzp, zp, cr));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1554
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1555	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1556	* Fourth Row
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1557	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1558
1576 0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1559	if (((dzp_working_mode & (ACE_WRITE_DATA\|ACE_EXECUTE)) != 0) &&
0364d1928a7f 6380036 zfs does not clear S_ISUID and S_ISGID bits on successful writes marks parents: 1544 diff changeset	1560	((zp_working_mode & ACE_DELETE) == 0))
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1561	return (zfs_sticky_remove_access(dzp, zp, cr));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1562
2604 b2fb13f56fe7 6461609 zfs delete permissions are not working correctly marks parents: 2113 diff changeset	1563	return (zfs_delete_final_check(zp, dzp, cr));
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1564	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1565
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1566	int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1567	zfs_zaccess_rename(znode_t sdzp, znode_t szp, znode_t *tdzp,
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1568	znode_t tzp, cred_t cr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1569	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1570	int add_perm;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1571	int error;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1572
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1573	add_perm = (ZTOV(szp)->v_type == VDIR) ?
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1574	ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE;
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1575
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1576	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1577	* Rename permissions are combination of delete permission +
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1578	* add file/subdir permission.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1579	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1580
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1581	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1582	* first make sure we do the delete portion.
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1583	*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1584	* If that succeeds then check for add_file/add_subdir permissions
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1585	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1586
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1587	if (error = zfs_zaccess_delete(sdzp, szp, cr))
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1588	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1589
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1590	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1591	* If we have a tzp, see if we can delete it?
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1592	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1593	if (tzp) {
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1594	if (error = zfs_zaccess_delete(tdzp, tzp, cr))
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1595	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1596	}
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1597
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1598	/*
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1599	* Now check for add permissions
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1600	*/
1308 997e6a49c409 6362908 nfsv4-test: RENAME does not check PERM with NFSv4/ZFS marks parents: 975 diff changeset	1601	error = zfs_zaccess(tdzp, add_perm, cr);
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1602
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1603	return (error);
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: diff changeset	1604	}

author	marks
	Thu, 24 Aug 2006 07:46:56 -0700
changeset 2604	b2fb13f56fe7
parent 2113	0510bb40c993
child 2638	4f583dfeae92
permissions	-rw-r--r--