--- a/usr/src/uts/common/fs/zfs/zfs_acl.c Fri Feb 01 10:11:12 2008 -0800
+++ b/usr/src/uts/common/fs/zfs/zfs_acl.c Fri Feb 01 12:13:54 2008 -0800
@@ -545,8 +545,7 @@
if (entry_type != ACE_OWNER && entry_type != OWNING_GROUP &&
entry_type != ACE_EVERYONE) {
if (!aclp->z_has_fuids)
- aclp->z_has_fuids = IS_EPHEMERAL(acep->a_who) ?
- B_TRUE : B_FALSE;
+ aclp->z_has_fuids = IS_EPHEMERAL(acep->a_who);
aceptr->z_fuid = (uint64_t)acep->a_who;
}
@@ -599,7 +598,6 @@
ace_t *acep = datap;
ace_object_t *objacep;
zfs_object_ace_t *zobjacep;
- zfs_fuid_hdl_t hdl = { 0 };
size_t ace_size;
uint16_t entry_type;
@@ -632,18 +630,18 @@
entry_type = (iflags & ACE_TYPE_FLAGS);
if ((entry_type != ACE_OWNER &&
entry_type != (ACE_GROUP | ACE_IDENTIFIER_GROUP) &&
- entry_type != ACE_EVERYONE))
- zfs_fuid_queue_map_id(zfsvfs, &hdl, who, cr,
- (entry_type & ACE_IDENTIFIER_GROUP) ?
- ZFS_ACE_GROUP : ZFS_ACE_USER, &acep->a_who);
- else
+ entry_type != ACE_EVERYONE)) {
+ acep->a_who = zfs_fuid_map_id(zfsvfs, who,
+ cr, (entry_type & ACE_IDENTIFIER_GROUP) ?
+ ZFS_ACE_GROUP : ZFS_ACE_USER);
+ } else {
acep->a_who = (uid_t)(int64_t)who;
+ }
acep->a_access_mask = access_mask;
acep->a_flags = iflags;
acep->a_type = type;
acep = (ace_t *)((caddr_t)acep + ace_size);
}
- zfs_fuid_get_mappings(&hdl);
}
static int
@@ -897,8 +895,8 @@
if (entry_type == 0 || entry_type == ACE_IDENTIFIER_GROUP) {
aclp->z_ops.ace_who_set(acep,
zfs_fuid_create(zp->z_zfsvfs, who, cr,
- entry_type == 0 ? ZFS_ACE_USER : ZFS_ACE_GROUP, tx,
- fuidp));
+ (entry_type == 0) ? ZFS_ACE_USER : ZFS_ACE_GROUP,
+ tx, fuidp));
}
}
return (mode);
@@ -1535,7 +1533,7 @@
reuse_deny = zfs_reuse_deny(aclp, acep,
prevacep);
- if (reuse_deny == B_FALSE) {
+ if (!reuse_deny) {
prevacep =
zfs_acl_prepend_deny(zp,
aclp, acep, mode);
@@ -1766,15 +1764,13 @@
vattr_t *vap, dmu_tx_t *tx, cred_t *cr,
zfs_acl_t *setaclp, zfs_fuid_info_t **fuidp)
{
- uint64_t mode;
- uint64_t uid;
- uint64_t gid;
+ uint64_t mode, fuid, fgid;
int error;
- int pull_down;
zfsvfs_t *zfsvfs = zp->z_zfsvfs;
zfs_acl_t *aclp = NULL;
zfs_acl_t *paclp;
xvattr_t *xvap = (xvattr_t *)vap;
+ gid_t gid;
if (setaclp)
aclp = setaclp;
@@ -1786,24 +1782,33 @@
*/
if ((flag & (IS_ROOT_NODE | IS_REPLAY)) ||
((flag & IS_XATTR) && (vap->va_type == VDIR))) {
- uid = zfs_fuid_create(zfsvfs, vap->va_uid, cr,
+ fuid = zfs_fuid_create(zfsvfs, vap->va_uid, cr,
ZFS_OWNER, tx, fuidp);
- gid = zfs_fuid_create(zfsvfs, vap->va_gid, cr,
+ fgid = zfs_fuid_create(zfsvfs, vap->va_gid, cr,
ZFS_GROUP, tx, fuidp);
+ gid = vap->va_gid;
} else {
- uid = zfs_fuid_create_cred(zfsvfs, crgetuid(cr),
- ZFS_OWNER, tx, cr, fuidp);
- if ((vap->va_mask & AT_GID) &&
- ((vap->va_gid == parent->z_phys->zp_gid) ||
- groupmember(vap->va_gid, cr) ||
- secpolicy_vnode_create_gid(cr) == 0)) {
- gid = zfs_fuid_create_cred(zfsvfs, vap->va_gid,
- ZFS_GROUP, tx, cr, fuidp);
- } else {
- gid = (parent->z_phys->zp_mode & S_ISGID) ?
- parent->z_phys->zp_gid : crgetgid(cr);
- gid = zfs_fuid_create_cred(zfsvfs, gid,
- ZFS_GROUP, tx, cr, fuidp);
+ fuid = zfs_fuid_create_cred(zfsvfs, ZFS_OWNER, tx, cr, fuidp);
+ fgid = 0;
+ if (vap->va_mask & AT_GID) {
+ fgid = zfs_fuid_create(zfsvfs, vap->va_gid, cr,
+ ZFS_GROUP, tx, fuidp);
+ gid = vap->va_gid;
+ if (fgid != parent->z_phys->zp_gid &&
+ !groupmember(vap->va_gid, cr) &&
+ secpolicy_vnode_create_gid(cr) != 0)
+ fgid = 0;
+ }
+ if (fgid == 0) {
+ if (parent->z_phys->zp_mode & S_ISGID) {
+ fgid = parent->z_phys->zp_gid;
+ gid = zfs_fuid_map_id(zfsvfs, fgid,
+ cr, ZFS_GROUP);
+ } else {
+ fgid = zfs_fuid_create_cred(zfsvfs,
+ ZFS_GROUP, tx, cr, fuidp);
+ gid = crgetgid(cr);
+ }
}
}
@@ -1814,22 +1819,21 @@
* file's new group, clear the file's set-GID bit.
*/
- if ((parent->z_phys->zp_mode & S_ISGID) && (vap->va_type == VDIR))
+ if ((parent->z_phys->zp_mode & S_ISGID) && (vap->va_type == VDIR)) {
mode |= S_ISGID;
- else {
+ } else {
if ((mode & S_ISGID) &&
secpolicy_vnode_setids_setgids(cr, gid) != 0)
mode &= ~S_ISGID;
}
- zp->z_phys->zp_uid = uid;
- zp->z_phys->zp_gid = gid;
+ zp->z_phys->zp_uid = fuid;
+ zp->z_phys->zp_gid = fgid;
zp->z_phys->zp_mode = mode;
if (aclp == NULL) {
mutex_enter(&parent->z_lock);
- pull_down = (parent->z_phys->zp_flags & ZFS_INHERIT_ACE);
- if (pull_down) {
+ if (parent->z_phys->zp_flags & ZFS_INHERIT_ACE) {
mutex_enter(&parent->z_acl_lock);
VERIFY(0 == zfs_acl_node_read(parent, &paclp, B_FALSE));
mutex_exit(&parent->z_acl_lock);
@@ -1861,9 +1865,8 @@
mutex_exit(&zp->z_acl_lock);
ASSERT3U(error, ==, 0);
- if (aclp != setaclp) {
+ if (aclp != setaclp)
zfs_acl_free(aclp);
- }
}
/*
@@ -2242,8 +2245,8 @@
if (entry_type == 0) {
uid_t newid;
- zfs_fuid_map_id(zfsvfs, who, cr,
- ZFS_ACE_USER, &newid);
+ newid = zfs_fuid_map_id(zfsvfs, who, cr,
+ ZFS_ACE_USER);
if (newid != IDMAP_WK_CREATOR_OWNER_UID &&
uid == newid)
checkit = B_TRUE;
@@ -2341,7 +2344,7 @@
return (0);
}
- if (error && check_privs == B_FALSE) {
+ if (error && !check_privs) {
if (is_attr)
VN_RELE(ZTOV(xzp));
return (error);
@@ -2355,8 +2358,8 @@
uid_t owner;
mode_t checkmode = 0;
- zfs_fuid_map_id(zfsvfs, check_zp->z_phys->zp_uid, cr,
- ZFS_OWNER, &owner);
+ owner = zfs_fuid_map_id(zfsvfs, check_zp->z_phys->zp_uid, cr,
+ ZFS_OWNER);
/*
* First check for implicit owner permission on
@@ -2440,7 +2443,7 @@
uid_t downer;
zfsvfs_t *zfsvfs = zp->z_zfsvfs;
- zfs_fuid_map_id(zfsvfs, dzp->z_phys->zp_uid, cr, ZFS_OWNER, &downer);
+ downer = zfs_fuid_map_id(zfsvfs, dzp->z_phys->zp_uid, cr, ZFS_OWNER);
error = secpolicy_vnode_access(cr, ZTOV(zp), downer, S_IWRITE|S_IEXEC);
@@ -2513,8 +2516,7 @@
zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode,
&zpcheck_privs, B_FALSE, cr);
- if ((dzp_error && dzpcheck_privs == B_FALSE) ||
- (zp_error && zpcheck_privs == B_FALSE))
+ if ((dzp_error && !dzpcheck_privs) || (zp_error && !zpcheck_privs))
return (dzp_error);
/*
@@ -2557,7 +2559,7 @@
dzp_error = zfs_zaccess_common(dzp, ACE_WRITE_DATA|ACE_EXECUTE,
&dzp_working_mode, &dzpcheck_privs, B_FALSE, cr);
- if (dzp_error && dzpcheck_privs == B_FALSE)
+ if (dzp_error && !dzpcheck_privs)
return (dzp_error);
if ((dzp_working_mode & (ACE_WRITE_DATA|ACE_EXECUTE)) == 0)