author | eschrock |
Mon, 21 May 2012 13:37:21 -0700 | |
changeset 13701 | 1949b688d5fb |
parent 13246 | fe5d6e0b0bce |
permissions | -rw-r--r-- |
4543 | 1 |
/* |
2 |
* CDDL HEADER START |
|
3 |
* |
|
4 |
* The contents of this file are subject to the terms of the |
|
5 |
* Common Development and Distribution License (the "License"). |
|
6 |
* You may not use this file except in compliance with the License. |
|
7 |
* |
|
8 |
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 |
* or http://www.opensolaris.org/os/licensing. |
|
10 |
* See the License for the specific language governing permissions |
|
11 |
* and limitations under the License. |
|
12 |
* |
|
13 |
* When distributing Covered Code, include this CDDL HEADER in each |
|
14 |
* file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 |
* If applicable, add the following below this CDDL HEADER, with the |
|
16 |
* fields enclosed by brackets "[]" replaced with your own identifying |
|
17 |
* information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 |
* |
|
19 |
* CDDL HEADER END |
|
20 |
*/ |
|
21 |
/* |
|
13055 | 22 |
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. |
13246
fe5d6e0b0bce
278 get rid zfs of python and pyzfs dependencies
Alexander Stetsenko <ams@nexenta.com>
parents:
13055
diff
changeset
|
23 |
* Copyright 2010 Nexenta Systems, Inc. All rights reserved. |
4543 | 24 |
*/ |
25 |
||
26 |
#if defined(_KERNEL) |
|
27 |
#include <sys/systm.h> |
|
28 |
#include <sys/sunddi.h> |
|
29 |
#include <sys/ctype.h> |
|
30 |
#else |
|
31 |
#include <stdio.h> |
|
32 |
#include <unistd.h> |
|
33 |
#include <strings.h> |
|
34 |
#include <libnvpair.h> |
|
35 |
#include <ctype.h> |
|
36 |
#endif |
|
4787 | 37 |
/* XXX includes zfs_context.h, so why bother with the above? */ |
4543 | 38 |
#include <sys/dsl_deleg.h> |
4787 | 39 |
#include "zfs_prop.h" |
4543 | 40 |
#include "zfs_deleg.h" |
41 |
#include "zfs_namecheck.h" |
|
42 |
||
43 |
/* |
|
44 |
* permission table |
|
5993 | 45 |
* |
46 |
* Keep this table in sorted order |
|
47 |
* |
|
48 |
* This table is used for displaying all permissions for |
|
49 |
* zfs allow |
|
4543 | 50 |
*/ |
51 |
||
5993 | 52 |
zfs_deleg_perm_tab_t zfs_deleg_perm_tab[] = { |
53 |
{ZFS_DELEG_PERM_ALLOW, ZFS_DELEG_NOTE_ALLOW}, |
|
54 |
{ZFS_DELEG_PERM_CLONE, ZFS_DELEG_NOTE_CLONE }, |
|
55 |
{ZFS_DELEG_PERM_CREATE, ZFS_DELEG_NOTE_CREATE }, |
|
56 |
{ZFS_DELEG_PERM_DESTROY, ZFS_DELEG_NOTE_DESTROY }, |
|
57 |
{ZFS_DELEG_PERM_MOUNT, ZFS_DELEG_NOTE_MOUNT }, |
|
58 |
{ZFS_DELEG_PERM_PROMOTE, ZFS_DELEG_NOTE_PROMOTE }, |
|
59 |
{ZFS_DELEG_PERM_RECEIVE, ZFS_DELEG_NOTE_RECEIVE }, |
|
60 |
{ZFS_DELEG_PERM_RENAME, ZFS_DELEG_NOTE_RENAME }, |
|
61 |
{ZFS_DELEG_PERM_ROLLBACK, ZFS_DELEG_NOTE_ROLLBACK }, |
|
62 |
{ZFS_DELEG_PERM_SNAPSHOT, ZFS_DELEG_NOTE_SNAPSHOT }, |
|
63 |
{ZFS_DELEG_PERM_SHARE, ZFS_DELEG_NOTE_SHARE }, |
|
13246
fe5d6e0b0bce
278 get rid zfs of python and pyzfs dependencies
Alexander Stetsenko <ams@nexenta.com>
parents:
13055
diff
changeset
|
64 |
{ZFS_DELEG_PERM_SEND, ZFS_DELEG_NOTE_SEND }, |
5993 | 65 |
{ZFS_DELEG_PERM_USERPROP, ZFS_DELEG_NOTE_USERPROP }, |
9396
f41cf682d0d3
PSARC/2009/204 ZFS user/group quotas & space accounting
Matthew Ahrens <Matthew.Ahrens@Sun.COM>
parents:
5993
diff
changeset
|
66 |
{ZFS_DELEG_PERM_USERQUOTA, ZFS_DELEG_NOTE_USERQUOTA }, |
f41cf682d0d3
PSARC/2009/204 ZFS user/group quotas & space accounting
Matthew Ahrens <Matthew.Ahrens@Sun.COM>
parents:
5993
diff
changeset
|
67 |
{ZFS_DELEG_PERM_GROUPQUOTA, ZFS_DELEG_NOTE_GROUPQUOTA }, |
f41cf682d0d3
PSARC/2009/204 ZFS user/group quotas & space accounting
Matthew Ahrens <Matthew.Ahrens@Sun.COM>
parents:
5993
diff
changeset
|
68 |
{ZFS_DELEG_PERM_USERUSED, ZFS_DELEG_NOTE_USERUSED }, |
f41cf682d0d3
PSARC/2009/204 ZFS user/group quotas & space accounting
Matthew Ahrens <Matthew.Ahrens@Sun.COM>
parents:
5993
diff
changeset
|
69 |
{ZFS_DELEG_PERM_GROUPUSED, ZFS_DELEG_NOTE_GROUPUSED }, |
10242
c40d075fbca6
PSARC/2009/297 zfs snapshot holds
Chris Kirby <chris.kirby@sun.com>
parents:
9396
diff
changeset
|
70 |
{ZFS_DELEG_PERM_HOLD, ZFS_DELEG_NOTE_HOLD }, |
c40d075fbca6
PSARC/2009/297 zfs snapshot holds
Chris Kirby <chris.kirby@sun.com>
parents:
9396
diff
changeset
|
71 |
{ZFS_DELEG_PERM_RELEASE, ZFS_DELEG_NOTE_RELEASE }, |
13055 | 72 |
{ZFS_DELEG_PERM_DIFF, ZFS_DELEG_NOTE_DIFF}, |
5993 | 73 |
{NULL, ZFS_DELEG_NOTE_NONE } |
4543 | 74 |
}; |
75 |
||
4787 | 76 |
static int |
77 |
zfs_valid_permission_name(const char *perm) |
|
4543 | 78 |
{ |
4787 | 79 |
if (zfs_deleg_canonicalize_perm(perm)) |
80 |
return (0); |
|
81 |
||
82 |
return (permset_namecheck(perm, NULL, NULL)); |
|
4543 | 83 |
} |
84 |
||
4787 | 85 |
const char * |
86 |
zfs_deleg_canonicalize_perm(const char *perm) |
|
4543 | 87 |
{ |
88 |
int i; |
|
4787 | 89 |
zfs_prop_t prop; |
90 |
||
5993 | 91 |
for (i = 0; zfs_deleg_perm_tab[i].z_perm != NULL; i++) { |
92 |
if (strcmp(perm, zfs_deleg_perm_tab[i].z_perm) == 0) |
|
4787 | 93 |
return (perm); |
4543 | 94 |
} |
95 |
||
4787 | 96 |
prop = zfs_name_to_prop(perm); |
5094 | 97 |
if (prop != ZPROP_INVAL && zfs_prop_delegatable(prop)) |
4787 | 98 |
return (zfs_prop_to_name(prop)); |
99 |
return (NULL); |
|
100 |
||
4543 | 101 |
} |
102 |
||
103 |
static int |
|
104 |
zfs_validate_who(char *who) |
|
105 |
{ |
|
106 |
char *p; |
|
107 |
||
4787 | 108 |
if (who[2] != ZFS_DELEG_FIELD_SEP_CHR) |
109 |
return (-1); |
|
110 |
||
111 |
switch (who[0]) { |
|
4543 | 112 |
case ZFS_DELEG_USER: |
113 |
case ZFS_DELEG_GROUP: |
|
114 |
case ZFS_DELEG_USER_SETS: |
|
115 |
case ZFS_DELEG_GROUP_SETS: |
|
4787 | 116 |
if (who[1] != ZFS_DELEG_LOCAL && who[1] != ZFS_DELEG_DESCENDENT) |
117 |
return (-1); |
|
118 |
for (p = &who[3]; *p; p++) |
|
119 |
if (!isdigit(*p)) |
|
120 |
return (-1); |
|
121 |
break; |
|
4543 | 122 |
|
123 |
case ZFS_DELEG_NAMED_SET: |
|
124 |
case ZFS_DELEG_NAMED_SET_SETS: |
|
4787 | 125 |
if (who[1] != ZFS_DELEG_NA) |
126 |
return (-1); |
|
127 |
return (permset_namecheck(&who[3], NULL, NULL)); |
|
4543 | 128 |
|
129 |
case ZFS_DELEG_CREATE: |
|
130 |
case ZFS_DELEG_CREATE_SETS: |
|
4787 | 131 |
if (who[1] != ZFS_DELEG_NA) |
132 |
return (-1); |
|
133 |
if (who[3] != '\0') |
|
134 |
return (-1); |
|
135 |
break; |
|
136 |
||
4543 | 137 |
case ZFS_DELEG_EVERYONE: |
138 |
case ZFS_DELEG_EVERYONE_SETS: |
|
4787 | 139 |
if (who[1] != ZFS_DELEG_LOCAL && who[1] != ZFS_DELEG_DESCENDENT) |
140 |
return (-1); |
|
4543 | 141 |
if (who[3] != '\0') |
4787 | 142 |
return (-1); |
4543 | 143 |
break; |
4787 | 144 |
|
4543 | 145 |
default: |
4787 | 146 |
return (-1); |
4543 | 147 |
} |
148 |
||
149 |
return (0); |
|
150 |
} |
|
151 |
||
152 |
int |
|
153 |
zfs_deleg_verify_nvlist(nvlist_t *nvp) |
|
154 |
{ |
|
155 |
nvpair_t *who, *perm_name; |
|
156 |
nvlist_t *perms; |
|
157 |
int error; |
|
158 |
||
159 |
if (nvp == NULL) |
|
160 |
return (-1); |
|
161 |
||
162 |
who = nvlist_next_nvpair(nvp, NULL); |
|
163 |
if (who == NULL) |
|
164 |
return (-1); |
|
165 |
||
166 |
do { |
|
167 |
if (zfs_validate_who(nvpair_name(who))) |
|
168 |
return (-1); |
|
169 |
||
170 |
error = nvlist_lookup_nvlist(nvp, nvpair_name(who), &perms); |
|
171 |
||
172 |
if (error && error != ENOENT) |
|
173 |
return (-1); |
|
174 |
if (error == ENOENT) |
|
175 |
continue; |
|
176 |
||
177 |
perm_name = nvlist_next_nvpair(perms, NULL); |
|
178 |
if (perm_name == NULL) { |
|
179 |
return (-1); |
|
180 |
} |
|
181 |
do { |
|
182 |
error = zfs_valid_permission_name( |
|
183 |
nvpair_name(perm_name)); |
|
4787 | 184 |
if (error) |
4543 | 185 |
return (-1); |
186 |
} while (perm_name = nvlist_next_nvpair(perms, perm_name)); |
|
187 |
} while (who = nvlist_next_nvpair(nvp, who)); |
|
188 |
return (0); |
|
189 |
} |
|
190 |
||
191 |
/* |
|
192 |
* Construct the base attribute name. The base attribute names |
|
193 |
* are the "key" to locate the jump objects which contain the actual |
|
194 |
* permissions. The base attribute names are encoded based on |
|
195 |
* type of entry and whether it is a local or descendent permission. |
|
196 |
* |
|
197 |
* Arguments: |
|
198 |
* attr - attribute name return string, attribute is assumed to be |
|
199 |
* ZFS_MAX_DELEG_NAME long. |
|
200 |
* type - type of entry to construct |
|
201 |
* inheritchr - inheritance type (local,descendent, or NA for create and |
|
202 |
* permission set definitions |
|
203 |
* data - is either a permission set name or a 64 bit uid/gid. |
|
204 |
*/ |
|
205 |
void |
|
4787 | 206 |
zfs_deleg_whokey(char *attr, zfs_deleg_who_type_t type, |
207 |
char inheritchr, void *data) |
|
4543 | 208 |
{ |
209 |
int len = ZFS_MAX_DELEG_NAME; |
|
210 |
uint64_t *id = data; |
|
211 |
||
212 |
switch (type) { |
|
213 |
case ZFS_DELEG_USER: |
|
214 |
case ZFS_DELEG_GROUP: |
|
215 |
case ZFS_DELEG_USER_SETS: |
|
216 |
case ZFS_DELEG_GROUP_SETS: |
|
217 |
(void) snprintf(attr, len, "%c%c%c%lld", type, inheritchr, |
|
218 |
ZFS_DELEG_FIELD_SEP_CHR, (longlong_t)*id); |
|
219 |
break; |
|
220 |
case ZFS_DELEG_NAMED_SET_SETS: |
|
221 |
case ZFS_DELEG_NAMED_SET: |
|
222 |
(void) snprintf(attr, len, "%c-%c%s", type, |
|
223 |
ZFS_DELEG_FIELD_SEP_CHR, (char *)data); |
|
224 |
break; |
|
225 |
case ZFS_DELEG_CREATE: |
|
226 |
case ZFS_DELEG_CREATE_SETS: |
|
227 |
(void) snprintf(attr, len, "%c-%c", type, |
|
228 |
ZFS_DELEG_FIELD_SEP_CHR); |
|
229 |
break; |
|
4787 | 230 |
case ZFS_DELEG_EVERYONE: |
231 |
case ZFS_DELEG_EVERYONE_SETS: |
|
4543 | 232 |
(void) snprintf(attr, len, "%c%c%c", type, inheritchr, |
233 |
ZFS_DELEG_FIELD_SEP_CHR); |
|
4787 | 234 |
break; |
235 |
default: |
|
236 |
ASSERT(!"bad zfs_deleg_who_type_t"); |
|
4543 | 237 |
} |
238 |
} |