equal
deleted
inserted
replaced
18 * |
18 * |
19 * CDDL HEADER END |
19 * CDDL HEADER END |
20 */ |
20 */ |
21 /* |
21 /* |
22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. |
22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. |
|
23 * Copyright (c) 2011 by Delphix. All rights reserved. |
23 */ |
24 */ |
24 |
25 |
25 /* |
26 /* |
26 * DSL permissions are stored in a two level zap attribute |
27 * DSL permissions are stored in a two level zap attribute |
27 * mechanism. The first level identifies the "class" of |
28 * mechanism. The first level identifies the "class" of |
523 ZFS_DELEG_GROUP_SETS, checkflag, &id, avl); |
524 ZFS_DELEG_GROUP_SETS, checkflag, &id, avl); |
524 } |
525 } |
525 } |
526 } |
526 |
527 |
527 /* |
528 /* |
528 * Check if user has requested permission. |
529 * Check if user has requested permission. If descendent is set, must have |
|
530 * descendent perms. |
529 */ |
531 */ |
530 int |
532 int |
531 dsl_deleg_access_impl(dsl_dataset_t *ds, const char *perm, cred_t *cr) |
533 dsl_deleg_access_impl(dsl_dataset_t *ds, boolean_t descendent, const char *perm, |
|
534 cred_t *cr) |
532 { |
535 { |
533 dsl_dir_t *dd; |
536 dsl_dir_t *dd; |
534 dsl_pool_t *dp; |
537 dsl_pool_t *dp; |
535 void *cookie; |
538 void *cookie; |
536 int error; |
539 int error; |
547 |
550 |
548 if (spa_version(dmu_objset_spa(dp->dp_meta_objset)) < |
551 if (spa_version(dmu_objset_spa(dp->dp_meta_objset)) < |
549 SPA_VERSION_DELEGATED_PERMS) |
552 SPA_VERSION_DELEGATED_PERMS) |
550 return (EPERM); |
553 return (EPERM); |
551 |
554 |
552 if (dsl_dataset_is_snapshot(ds)) { |
555 if (dsl_dataset_is_snapshot(ds) || descendent) { |
553 /* |
556 /* |
554 * Snapshots are treated as descendents only, |
557 * Snapshots are treated as descendents only, |
555 * local permissions do not apply. |
558 * local permissions do not apply. |
556 */ |
559 */ |
557 checkflag = ZFS_DELEG_DESCENDENT; |
560 checkflag = ZFS_DELEG_DESCENDENT; |
640 |
643 |
641 error = dsl_dataset_hold(dsname, FTAG, &ds); |
644 error = dsl_dataset_hold(dsname, FTAG, &ds); |
642 if (error) |
645 if (error) |
643 return (error); |
646 return (error); |
644 |
647 |
645 error = dsl_deleg_access_impl(ds, perm, cr); |
648 error = dsl_deleg_access_impl(ds, B_FALSE, perm, cr); |
646 dsl_dataset_rele(ds, FTAG); |
649 dsl_dataset_rele(ds, FTAG); |
647 |
650 |
648 return (error); |
651 return (error); |
649 } |
652 } |
650 |
653 |