]>
Commit | Line | Data |
---|---|---|
34dc7c2f BB |
1 | /* |
2 | * CDDL HEADER START | |
3 | * | |
4 | * The contents of this file are subject to the terms of the | |
5 | * Common Development and Distribution License (the "License"). | |
6 | * You may not use this file except in compliance with the License. | |
7 | * | |
8 | * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
9 | * or http://www.opensolaris.org/os/licensing. | |
10 | * See the License for the specific language governing permissions | |
11 | * and limitations under the License. | |
12 | * | |
13 | * When distributing Covered Code, include this CDDL HEADER in each | |
14 | * file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
15 | * If applicable, add the following below this CDDL HEADER, with the | |
16 | * fields enclosed by brackets "[]" replaced with your own identifying | |
17 | * information: Portions Copyright [yyyy] [name of copyright owner] | |
18 | * | |
19 | * CDDL HEADER END | |
20 | */ | |
21 | /* | |
428870ff | 22 | * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. |
a08ee875 | 23 | * Copyright (c) 2013 by Delphix. All rights reserved. |
34dc7c2f BB |
24 | */ |
25 | ||
60101509 | 26 | |
34dc7c2f BB |
27 | #include <sys/types.h> |
28 | #include <sys/param.h> | |
29 | #include <sys/time.h> | |
30 | #include <sys/systm.h> | |
31 | #include <sys/sysmacros.h> | |
32 | #include <sys/resource.h> | |
33 | #include <sys/vfs.h> | |
34 | #include <sys/vnode.h> | |
35 | #include <sys/sid.h> | |
36 | #include <sys/file.h> | |
37 | #include <sys/stat.h> | |
38 | #include <sys/kmem.h> | |
39 | #include <sys/cmn_err.h> | |
40 | #include <sys/errno.h> | |
41 | #include <sys/unistd.h> | |
42 | #include <sys/sdt.h> | |
43 | #include <sys/fs/zfs.h> | |
44 | #include <sys/mode.h> | |
45 | #include <sys/policy.h> | |
46 | #include <sys/zfs_znode.h> | |
47 | #include <sys/zfs_fuid.h> | |
48 | #include <sys/zfs_acl.h> | |
49 | #include <sys/zfs_dir.h> | |
50 | #include <sys/zfs_vfsops.h> | |
51 | #include <sys/dmu.h> | |
52 | #include <sys/dnode.h> | |
53 | #include <sys/zap.h> | |
428870ff | 54 | #include <sys/sa.h> |
ea04106b | 55 | #include <sys/trace_acl.h> |
34dc7c2f | 56 | #include "fs/fs_subr.h" |
34dc7c2f BB |
57 | |
58 | #define ALLOW ACE_ACCESS_ALLOWED_ACE_TYPE | |
59 | #define DENY ACE_ACCESS_DENIED_ACE_TYPE | |
60 | #define MAX_ACE_TYPE ACE_SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE | |
b128c09f | 61 | #define MIN_ACE_TYPE ALLOW |
34dc7c2f BB |
62 | |
63 | #define OWNING_GROUP (ACE_GROUP|ACE_IDENTIFIER_GROUP) | |
64 | #define EVERYONE_ALLOW_MASK (ACE_READ_ACL|ACE_READ_ATTRIBUTES | \ | |
65 | ACE_READ_NAMED_ATTRS|ACE_SYNCHRONIZE) | |
66 | #define EVERYONE_DENY_MASK (ACE_WRITE_ACL|ACE_WRITE_OWNER | \ | |
67 | ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS) | |
68 | #define OWNER_ALLOW_MASK (ACE_WRITE_ACL | ACE_WRITE_OWNER | \ | |
69 | ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS) | |
34dc7c2f BB |
70 | |
71 | #define ZFS_CHECKED_MASKS (ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_DATA| \ | |
72 | ACE_READ_NAMED_ATTRS|ACE_WRITE_DATA|ACE_WRITE_ATTRIBUTES| \ | |
73 | ACE_WRITE_NAMED_ATTRS|ACE_APPEND_DATA|ACE_EXECUTE|ACE_WRITE_OWNER| \ | |
74 | ACE_WRITE_ACL|ACE_DELETE|ACE_DELETE_CHILD|ACE_SYNCHRONIZE) | |
75 | ||
9babb374 BB |
76 | #define WRITE_MASK_DATA (ACE_WRITE_DATA|ACE_APPEND_DATA|ACE_WRITE_NAMED_ATTRS) |
77 | #define WRITE_MASK_ATTRS (ACE_WRITE_ACL|ACE_WRITE_OWNER|ACE_WRITE_ATTRIBUTES| \ | |
78 | ACE_DELETE|ACE_DELETE_CHILD) | |
79 | #define WRITE_MASK (WRITE_MASK_DATA|WRITE_MASK_ATTRS) | |
34dc7c2f BB |
80 | |
81 | #define OGE_CLEAR (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ | |
82 | ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE) | |
83 | ||
84 | #define OKAY_MASK_BITS (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ | |
85 | ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE) | |
86 | ||
87 | #define ALL_INHERIT (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE | \ | |
88 | ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE|ACE_INHERITED_ACE) | |
89 | ||
90 | #define RESTRICTED_CLEAR (ACE_WRITE_ACL|ACE_WRITE_OWNER) | |
91 | ||
92 | #define V4_ACL_WIDE_FLAGS (ZFS_ACL_AUTO_INHERIT|ZFS_ACL_DEFAULTED|\ | |
93 | ZFS_ACL_PROTECTED) | |
94 | ||
95 | #define ZFS_ACL_WIDE_FLAGS (V4_ACL_WIDE_FLAGS|ZFS_ACL_TRIVIAL|ZFS_INHERIT_ACE|\ | |
96 | ZFS_ACL_OBJ_ACE) | |
97 | ||
45d1cae3 BB |
98 | #define ALL_MODE_EXECS (S_IXUSR | S_IXGRP | S_IXOTH) |
99 | ||
34dc7c2f BB |
100 | static uint16_t |
101 | zfs_ace_v0_get_type(void *acep) | |
102 | { | |
103 | return (((zfs_oldace_t *)acep)->z_type); | |
104 | } | |
105 | ||
106 | static uint16_t | |
107 | zfs_ace_v0_get_flags(void *acep) | |
108 | { | |
109 | return (((zfs_oldace_t *)acep)->z_flags); | |
110 | } | |
111 | ||
112 | static uint32_t | |
113 | zfs_ace_v0_get_mask(void *acep) | |
114 | { | |
115 | return (((zfs_oldace_t *)acep)->z_access_mask); | |
116 | } | |
117 | ||
118 | static uint64_t | |
119 | zfs_ace_v0_get_who(void *acep) | |
120 | { | |
121 | return (((zfs_oldace_t *)acep)->z_fuid); | |
122 | } | |
123 | ||
124 | static void | |
125 | zfs_ace_v0_set_type(void *acep, uint16_t type) | |
126 | { | |
127 | ((zfs_oldace_t *)acep)->z_type = type; | |
128 | } | |
129 | ||
130 | static void | |
131 | zfs_ace_v0_set_flags(void *acep, uint16_t flags) | |
132 | { | |
133 | ((zfs_oldace_t *)acep)->z_flags = flags; | |
134 | } | |
135 | ||
136 | static void | |
137 | zfs_ace_v0_set_mask(void *acep, uint32_t mask) | |
138 | { | |
139 | ((zfs_oldace_t *)acep)->z_access_mask = mask; | |
140 | } | |
141 | ||
142 | static void | |
143 | zfs_ace_v0_set_who(void *acep, uint64_t who) | |
144 | { | |
145 | ((zfs_oldace_t *)acep)->z_fuid = who; | |
146 | } | |
147 | ||
148 | /*ARGSUSED*/ | |
149 | static size_t | |
150 | zfs_ace_v0_size(void *acep) | |
151 | { | |
152 | return (sizeof (zfs_oldace_t)); | |
153 | } | |
154 | ||
155 | static size_t | |
156 | zfs_ace_v0_abstract_size(void) | |
157 | { | |
158 | return (sizeof (zfs_oldace_t)); | |
159 | } | |
160 | ||
161 | static int | |
162 | zfs_ace_v0_mask_off(void) | |
163 | { | |
164 | return (offsetof(zfs_oldace_t, z_access_mask)); | |
165 | } | |
166 | ||
167 | /*ARGSUSED*/ | |
168 | static int | |
169 | zfs_ace_v0_data(void *acep, void **datap) | |
170 | { | |
171 | *datap = NULL; | |
172 | return (0); | |
173 | } | |
174 | ||
175 | static acl_ops_t zfs_acl_v0_ops = { | |
176 | zfs_ace_v0_get_mask, | |
177 | zfs_ace_v0_set_mask, | |
178 | zfs_ace_v0_get_flags, | |
179 | zfs_ace_v0_set_flags, | |
180 | zfs_ace_v0_get_type, | |
181 | zfs_ace_v0_set_type, | |
182 | zfs_ace_v0_get_who, | |
183 | zfs_ace_v0_set_who, | |
184 | zfs_ace_v0_size, | |
185 | zfs_ace_v0_abstract_size, | |
186 | zfs_ace_v0_mask_off, | |
187 | zfs_ace_v0_data | |
188 | }; | |
189 | ||
190 | static uint16_t | |
191 | zfs_ace_fuid_get_type(void *acep) | |
192 | { | |
193 | return (((zfs_ace_hdr_t *)acep)->z_type); | |
194 | } | |
195 | ||
196 | static uint16_t | |
197 | zfs_ace_fuid_get_flags(void *acep) | |
198 | { | |
199 | return (((zfs_ace_hdr_t *)acep)->z_flags); | |
200 | } | |
201 | ||
202 | static uint32_t | |
203 | zfs_ace_fuid_get_mask(void *acep) | |
204 | { | |
205 | return (((zfs_ace_hdr_t *)acep)->z_access_mask); | |
206 | } | |
207 | ||
208 | static uint64_t | |
209 | zfs_ace_fuid_get_who(void *args) | |
210 | { | |
211 | uint16_t entry_type; | |
212 | zfs_ace_t *acep = args; | |
213 | ||
214 | entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS; | |
215 | ||
216 | if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP || | |
217 | entry_type == ACE_EVERYONE) | |
218 | return (-1); | |
219 | return (((zfs_ace_t *)acep)->z_fuid); | |
220 | } | |
221 | ||
222 | static void | |
223 | zfs_ace_fuid_set_type(void *acep, uint16_t type) | |
224 | { | |
225 | ((zfs_ace_hdr_t *)acep)->z_type = type; | |
226 | } | |
227 | ||
228 | static void | |
229 | zfs_ace_fuid_set_flags(void *acep, uint16_t flags) | |
230 | { | |
231 | ((zfs_ace_hdr_t *)acep)->z_flags = flags; | |
232 | } | |
233 | ||
234 | static void | |
235 | zfs_ace_fuid_set_mask(void *acep, uint32_t mask) | |
236 | { | |
237 | ((zfs_ace_hdr_t *)acep)->z_access_mask = mask; | |
238 | } | |
239 | ||
240 | static void | |
241 | zfs_ace_fuid_set_who(void *arg, uint64_t who) | |
242 | { | |
243 | zfs_ace_t *acep = arg; | |
244 | ||
245 | uint16_t entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS; | |
246 | ||
247 | if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP || | |
248 | entry_type == ACE_EVERYONE) | |
249 | return; | |
250 | acep->z_fuid = who; | |
251 | } | |
252 | ||
253 | static size_t | |
254 | zfs_ace_fuid_size(void *acep) | |
255 | { | |
256 | zfs_ace_hdr_t *zacep = acep; | |
257 | uint16_t entry_type; | |
258 | ||
259 | switch (zacep->z_type) { | |
260 | case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: | |
261 | case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: | |
262 | case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: | |
263 | case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: | |
264 | return (sizeof (zfs_object_ace_t)); | |
265 | case ALLOW: | |
266 | case DENY: | |
267 | entry_type = | |
268 | (((zfs_ace_hdr_t *)acep)->z_flags & ACE_TYPE_FLAGS); | |
269 | if (entry_type == ACE_OWNER || | |
b128c09f | 270 | entry_type == OWNING_GROUP || |
34dc7c2f BB |
271 | entry_type == ACE_EVERYONE) |
272 | return (sizeof (zfs_ace_hdr_t)); | |
273 | /*FALLTHROUGH*/ | |
274 | default: | |
275 | return (sizeof (zfs_ace_t)); | |
276 | } | |
277 | } | |
278 | ||
279 | static size_t | |
280 | zfs_ace_fuid_abstract_size(void) | |
281 | { | |
282 | return (sizeof (zfs_ace_hdr_t)); | |
283 | } | |
284 | ||
285 | static int | |
286 | zfs_ace_fuid_mask_off(void) | |
287 | { | |
288 | return (offsetof(zfs_ace_hdr_t, z_access_mask)); | |
289 | } | |
290 | ||
291 | static int | |
292 | zfs_ace_fuid_data(void *acep, void **datap) | |
293 | { | |
294 | zfs_ace_t *zacep = acep; | |
295 | zfs_object_ace_t *zobjp; | |
296 | ||
297 | switch (zacep->z_hdr.z_type) { | |
298 | case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: | |
299 | case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: | |
300 | case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: | |
301 | case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: | |
302 | zobjp = acep; | |
303 | *datap = (caddr_t)zobjp + sizeof (zfs_ace_t); | |
304 | return (sizeof (zfs_object_ace_t) - sizeof (zfs_ace_t)); | |
305 | default: | |
306 | *datap = NULL; | |
307 | return (0); | |
308 | } | |
309 | } | |
310 | ||
311 | static acl_ops_t zfs_acl_fuid_ops = { | |
312 | zfs_ace_fuid_get_mask, | |
313 | zfs_ace_fuid_set_mask, | |
314 | zfs_ace_fuid_get_flags, | |
315 | zfs_ace_fuid_set_flags, | |
316 | zfs_ace_fuid_get_type, | |
317 | zfs_ace_fuid_set_type, | |
318 | zfs_ace_fuid_get_who, | |
319 | zfs_ace_fuid_set_who, | |
320 | zfs_ace_fuid_size, | |
321 | zfs_ace_fuid_abstract_size, | |
322 | zfs_ace_fuid_mask_off, | |
323 | zfs_ace_fuid_data | |
324 | }; | |
325 | ||
428870ff BB |
326 | /* |
327 | * The following three functions are provided for compatibility with | |
328 | * older ZPL version in order to determine if the file use to have | |
329 | * an external ACL and what version of ACL previously existed on the | |
330 | * file. Would really be nice to not need this, sigh. | |
331 | */ | |
428870ff BB |
332 | uint64_t |
333 | zfs_external_acl(znode_t *zp) | |
334 | { | |
335 | zfs_acl_phys_t acl_phys; | |
572e2857 | 336 | int error; |
428870ff BB |
337 | |
338 | if (zp->z_is_sa) | |
339 | return (0); | |
340 | ||
572e2857 BB |
341 | /* |
342 | * Need to deal with a potential | |
343 | * race where zfs_sa_upgrade could cause | |
344 | * z_isa_sa to change. | |
345 | * | |
346 | * If the lookup fails then the state of z_is_sa should have | |
347 | * changed. | |
348 | */ | |
428870ff | 349 | |
3558fd73 | 350 | if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(ZTOZSB(zp)), |
572e2857 BB |
351 | &acl_phys, sizeof (acl_phys))) == 0) |
352 | return (acl_phys.z_acl_extern_obj); | |
353 | else { | |
354 | /* | |
355 | * after upgrade the SA_ZPL_ZNODE_ACL should have been | |
356 | * removed | |
357 | */ | |
358 | VERIFY(zp->z_is_sa && error == ENOENT); | |
359 | return (0); | |
360 | } | |
428870ff BB |
361 | } |
362 | ||
363 | /* | |
364 | * Determine size of ACL in bytes | |
365 | * | |
366 | * This is more complicated than it should be since we have to deal | |
367 | * with old external ACLs. | |
368 | */ | |
369 | static int | |
370 | zfs_acl_znode_info(znode_t *zp, int *aclsize, int *aclcount, | |
371 | zfs_acl_phys_t *aclphys) | |
372 | { | |
3558fd73 | 373 | zfs_sb_t *zsb = ZTOZSB(zp); |
428870ff BB |
374 | uint64_t acl_count; |
375 | int size; | |
376 | int error; | |
377 | ||
572e2857 | 378 | ASSERT(MUTEX_HELD(&zp->z_acl_lock)); |
428870ff | 379 | if (zp->z_is_sa) { |
3558fd73 | 380 | if ((error = sa_size(zp->z_sa_hdl, SA_ZPL_DACL_ACES(zsb), |
428870ff BB |
381 | &size)) != 0) |
382 | return (error); | |
383 | *aclsize = size; | |
3558fd73 | 384 | if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_DACL_COUNT(zsb), |
428870ff BB |
385 | &acl_count, sizeof (acl_count))) != 0) |
386 | return (error); | |
387 | *aclcount = acl_count; | |
388 | } else { | |
3558fd73 | 389 | if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zsb), |
428870ff BB |
390 | aclphys, sizeof (*aclphys))) != 0) |
391 | return (error); | |
392 | ||
393 | if (aclphys->z_acl_version == ZFS_ACL_VERSION_INITIAL) { | |
394 | *aclsize = ZFS_ACL_SIZE(aclphys->z_acl_size); | |
395 | *aclcount = aclphys->z_acl_size; | |
396 | } else { | |
397 | *aclsize = aclphys->z_acl_size; | |
398 | *aclcount = aclphys->z_acl_count; | |
399 | } | |
400 | } | |
401 | return (0); | |
402 | } | |
403 | ||
404 | int | |
405 | zfs_znode_acl_version(znode_t *zp) | |
406 | { | |
407 | zfs_acl_phys_t acl_phys; | |
408 | ||
572e2857 | 409 | if (zp->z_is_sa) |
428870ff | 410 | return (ZFS_ACL_VERSION_FUID); |
572e2857 BB |
411 | else { |
412 | int error; | |
413 | ||
414 | /* | |
415 | * Need to deal with a potential | |
416 | * race where zfs_sa_upgrade could cause | |
417 | * z_isa_sa to change. | |
418 | * | |
419 | * If the lookup fails then the state of z_is_sa should have | |
420 | * changed. | |
421 | */ | |
422 | if ((error = sa_lookup(zp->z_sa_hdl, | |
3558fd73 | 423 | SA_ZPL_ZNODE_ACL(ZTOZSB(zp)), |
572e2857 BB |
424 | &acl_phys, sizeof (acl_phys))) == 0) |
425 | return (acl_phys.z_acl_version); | |
426 | else { | |
427 | /* | |
428 | * After upgrade SA_ZPL_ZNODE_ACL should have | |
429 | * been removed. | |
430 | */ | |
431 | VERIFY(zp->z_is_sa && error == ENOENT); | |
432 | return (ZFS_ACL_VERSION_FUID); | |
433 | } | |
428870ff BB |
434 | } |
435 | } | |
436 | ||
34dc7c2f BB |
437 | static int |
438 | zfs_acl_version(int version) | |
439 | { | |
440 | if (version < ZPL_VERSION_FUID) | |
441 | return (ZFS_ACL_VERSION_INITIAL); | |
442 | else | |
443 | return (ZFS_ACL_VERSION_FUID); | |
444 | } | |
445 | ||
446 | static int | |
447 | zfs_acl_version_zp(znode_t *zp) | |
448 | { | |
3558fd73 | 449 | return (zfs_acl_version(ZTOZSB(zp)->z_version)); |
34dc7c2f BB |
450 | } |
451 | ||
428870ff | 452 | zfs_acl_t * |
34dc7c2f BB |
453 | zfs_acl_alloc(int vers) |
454 | { | |
455 | zfs_acl_t *aclp; | |
456 | ||
ea04106b | 457 | aclp = kmem_zalloc(sizeof (zfs_acl_t), KM_SLEEP); |
34dc7c2f BB |
458 | list_create(&aclp->z_acl, sizeof (zfs_acl_node_t), |
459 | offsetof(zfs_acl_node_t, z_next)); | |
460 | aclp->z_version = vers; | |
461 | if (vers == ZFS_ACL_VERSION_FUID) | |
0a6b03d3 | 462 | aclp->z_ops = &zfs_acl_fuid_ops; |
34dc7c2f | 463 | else |
0a6b03d3 | 464 | aclp->z_ops = &zfs_acl_v0_ops; |
34dc7c2f BB |
465 | return (aclp); |
466 | } | |
467 | ||
428870ff | 468 | zfs_acl_node_t * |
34dc7c2f BB |
469 | zfs_acl_node_alloc(size_t bytes) |
470 | { | |
471 | zfs_acl_node_t *aclnode; | |
472 | ||
ea04106b | 473 | aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP); |
34dc7c2f | 474 | if (bytes) { |
ea04106b | 475 | aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP); |
34dc7c2f BB |
476 | aclnode->z_allocdata = aclnode->z_acldata; |
477 | aclnode->z_allocsize = bytes; | |
478 | aclnode->z_size = bytes; | |
479 | } | |
480 | ||
481 | return (aclnode); | |
482 | } | |
483 | ||
484 | static void | |
485 | zfs_acl_node_free(zfs_acl_node_t *aclnode) | |
486 | { | |
487 | if (aclnode->z_allocsize) | |
488 | kmem_free(aclnode->z_allocdata, aclnode->z_allocsize); | |
489 | kmem_free(aclnode, sizeof (zfs_acl_node_t)); | |
490 | } | |
491 | ||
492 | static void | |
493 | zfs_acl_release_nodes(zfs_acl_t *aclp) | |
494 | { | |
495 | zfs_acl_node_t *aclnode; | |
496 | ||
149e873a | 497 | while ((aclnode = list_head(&aclp->z_acl))) { |
34dc7c2f BB |
498 | list_remove(&aclp->z_acl, aclnode); |
499 | zfs_acl_node_free(aclnode); | |
500 | } | |
501 | aclp->z_acl_count = 0; | |
502 | aclp->z_acl_bytes = 0; | |
503 | } | |
504 | ||
505 | void | |
506 | zfs_acl_free(zfs_acl_t *aclp) | |
507 | { | |
508 | zfs_acl_release_nodes(aclp); | |
509 | list_destroy(&aclp->z_acl); | |
510 | kmem_free(aclp, sizeof (zfs_acl_t)); | |
511 | } | |
512 | ||
513 | static boolean_t | |
b128c09f | 514 | zfs_acl_valid_ace_type(uint_t type, uint_t flags) |
34dc7c2f | 515 | { |
b128c09f | 516 | uint16_t entry_type; |
34dc7c2f | 517 | |
b128c09f BB |
518 | switch (type) { |
519 | case ALLOW: | |
520 | case DENY: | |
521 | case ACE_SYSTEM_AUDIT_ACE_TYPE: | |
522 | case ACE_SYSTEM_ALARM_ACE_TYPE: | |
523 | entry_type = flags & ACE_TYPE_FLAGS; | |
524 | return (entry_type == ACE_OWNER || | |
525 | entry_type == OWNING_GROUP || | |
526 | entry_type == ACE_EVERYONE || entry_type == 0 || | |
527 | entry_type == ACE_IDENTIFIER_GROUP); | |
34dc7c2f | 528 | default: |
b128c09f BB |
529 | if (type >= MIN_ACE_TYPE && type <= MAX_ACE_TYPE) |
530 | return (B_TRUE); | |
34dc7c2f | 531 | } |
b128c09f BB |
532 | return (B_FALSE); |
533 | } | |
34dc7c2f | 534 | |
b128c09f | 535 | static boolean_t |
3558fd73 | 536 | zfs_ace_valid(umode_t obj_mode, zfs_acl_t *aclp, uint16_t type, uint16_t iflags) |
b128c09f | 537 | { |
34dc7c2f | 538 | /* |
b128c09f | 539 | * first check type of entry |
34dc7c2f BB |
540 | */ |
541 | ||
b128c09f | 542 | if (!zfs_acl_valid_ace_type(type, iflags)) |
34dc7c2f | 543 | return (B_FALSE); |
34dc7c2f BB |
544 | |
545 | switch (type) { | |
546 | case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: | |
547 | case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: | |
548 | case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: | |
549 | case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: | |
550 | if (aclp->z_version < ZFS_ACL_VERSION_FUID) | |
551 | return (B_FALSE); | |
552 | aclp->z_hints |= ZFS_ACL_OBJ_ACE; | |
553 | } | |
554 | ||
555 | /* | |
b128c09f | 556 | * next check inheritance level flags |
34dc7c2f | 557 | */ |
34dc7c2f | 558 | |
3558fd73 | 559 | if (S_ISDIR(obj_mode) && |
b128c09f | 560 | (iflags & (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE))) |
34dc7c2f BB |
561 | aclp->z_hints |= ZFS_INHERIT_ACE; |
562 | ||
563 | if (iflags & (ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) { | |
564 | if ((iflags & (ACE_FILE_INHERIT_ACE| | |
565 | ACE_DIRECTORY_INHERIT_ACE)) == 0) { | |
566 | return (B_FALSE); | |
567 | } | |
568 | } | |
569 | ||
570 | return (B_TRUE); | |
571 | } | |
572 | ||
573 | static void * | |
574 | zfs_acl_next_ace(zfs_acl_t *aclp, void *start, uint64_t *who, | |
575 | uint32_t *access_mask, uint16_t *iflags, uint16_t *type) | |
576 | { | |
577 | zfs_acl_node_t *aclnode; | |
578 | ||
428870ff BB |
579 | ASSERT(aclp); |
580 | ||
34dc7c2f BB |
581 | if (start == NULL) { |
582 | aclnode = list_head(&aclp->z_acl); | |
583 | if (aclnode == NULL) | |
584 | return (NULL); | |
585 | ||
586 | aclp->z_next_ace = aclnode->z_acldata; | |
587 | aclp->z_curr_node = aclnode; | |
588 | aclnode->z_ace_idx = 0; | |
589 | } | |
590 | ||
591 | aclnode = aclp->z_curr_node; | |
592 | ||
593 | if (aclnode == NULL) | |
594 | return (NULL); | |
595 | ||
596 | if (aclnode->z_ace_idx >= aclnode->z_ace_count) { | |
597 | aclnode = list_next(&aclp->z_acl, aclnode); | |
598 | if (aclnode == NULL) | |
599 | return (NULL); | |
600 | else { | |
601 | aclp->z_curr_node = aclnode; | |
602 | aclnode->z_ace_idx = 0; | |
603 | aclp->z_next_ace = aclnode->z_acldata; | |
604 | } | |
605 | } | |
606 | ||
607 | if (aclnode->z_ace_idx < aclnode->z_ace_count) { | |
608 | void *acep = aclp->z_next_ace; | |
b128c09f BB |
609 | size_t ace_size; |
610 | ||
611 | /* | |
612 | * Make sure we don't overstep our bounds | |
613 | */ | |
0a6b03d3 | 614 | ace_size = aclp->z_ops->ace_size(acep); |
b128c09f BB |
615 | |
616 | if (((caddr_t)acep + ace_size) > | |
617 | ((caddr_t)aclnode->z_acldata + aclnode->z_size)) { | |
618 | return (NULL); | |
619 | } | |
620 | ||
0a6b03d3 RY |
621 | *iflags = aclp->z_ops->ace_flags_get(acep); |
622 | *type = aclp->z_ops->ace_type_get(acep); | |
623 | *access_mask = aclp->z_ops->ace_mask_get(acep); | |
624 | *who = aclp->z_ops->ace_who_get(acep); | |
b128c09f | 625 | aclp->z_next_ace = (caddr_t)aclp->z_next_ace + ace_size; |
34dc7c2f | 626 | aclnode->z_ace_idx++; |
428870ff | 627 | |
34dc7c2f BB |
628 | return ((void *)acep); |
629 | } | |
630 | return (NULL); | |
631 | } | |
632 | ||
633 | /*ARGSUSED*/ | |
634 | static uint64_t | |
635 | zfs_ace_walk(void *datap, uint64_t cookie, int aclcnt, | |
636 | uint16_t *flags, uint16_t *type, uint32_t *mask) | |
637 | { | |
638 | zfs_acl_t *aclp = datap; | |
639 | zfs_ace_hdr_t *acep = (zfs_ace_hdr_t *)(uintptr_t)cookie; | |
640 | uint64_t who; | |
641 | ||
642 | acep = zfs_acl_next_ace(aclp, acep, &who, mask, | |
643 | flags, type); | |
644 | return ((uint64_t)(uintptr_t)acep); | |
645 | } | |
646 | ||
34dc7c2f BB |
647 | /* |
648 | * Copy ACE to internal ZFS format. | |
649 | * While processing the ACL each ACE will be validated for correctness. | |
650 | * ACE FUIDs will be created later. | |
651 | */ | |
652 | int | |
3558fd73 | 653 | zfs_copy_ace_2_fuid(zfs_sb_t *zsb, umode_t obj_mode, zfs_acl_t *aclp, |
428870ff | 654 | void *datap, zfs_ace_t *z_acl, uint64_t aclcnt, size_t *size, |
9babb374 | 655 | zfs_fuid_info_t **fuidp, cred_t *cr) |
34dc7c2f BB |
656 | { |
657 | int i; | |
658 | uint16_t entry_type; | |
659 | zfs_ace_t *aceptr = z_acl; | |
660 | ace_t *acep = datap; | |
661 | zfs_object_ace_t *zobjacep; | |
662 | ace_object_t *aceobjp; | |
663 | ||
664 | for (i = 0; i != aclcnt; i++) { | |
665 | aceptr->z_hdr.z_access_mask = acep->a_access_mask; | |
666 | aceptr->z_hdr.z_flags = acep->a_flags; | |
667 | aceptr->z_hdr.z_type = acep->a_type; | |
668 | entry_type = aceptr->z_hdr.z_flags & ACE_TYPE_FLAGS; | |
669 | if (entry_type != ACE_OWNER && entry_type != OWNING_GROUP && | |
670 | entry_type != ACE_EVERYONE) { | |
3558fd73 | 671 | aceptr->z_fuid = zfs_fuid_create(zsb, acep->a_who, |
9babb374 BB |
672 | cr, (entry_type == 0) ? |
673 | ZFS_ACE_USER : ZFS_ACE_GROUP, fuidp); | |
34dc7c2f BB |
674 | } |
675 | ||
676 | /* | |
677 | * Make sure ACE is valid | |
678 | */ | |
3558fd73 | 679 | if (zfs_ace_valid(obj_mode, aclp, aceptr->z_hdr.z_type, |
34dc7c2f | 680 | aceptr->z_hdr.z_flags) != B_TRUE) |
a08ee875 | 681 | return (SET_ERROR(EINVAL)); |
34dc7c2f BB |
682 | |
683 | switch (acep->a_type) { | |
684 | case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: | |
685 | case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: | |
686 | case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: | |
687 | case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: | |
688 | zobjacep = (zfs_object_ace_t *)aceptr; | |
689 | aceobjp = (ace_object_t *)acep; | |
690 | ||
691 | bcopy(aceobjp->a_obj_type, zobjacep->z_object_type, | |
692 | sizeof (aceobjp->a_obj_type)); | |
693 | bcopy(aceobjp->a_inherit_obj_type, | |
694 | zobjacep->z_inherit_type, | |
695 | sizeof (aceobjp->a_inherit_obj_type)); | |
696 | acep = (ace_t *)((caddr_t)acep + sizeof (ace_object_t)); | |
697 | break; | |
698 | default: | |
699 | acep = (ace_t *)((caddr_t)acep + sizeof (ace_t)); | |
700 | } | |
701 | ||
702 | aceptr = (zfs_ace_t *)((caddr_t)aceptr + | |
0a6b03d3 | 703 | aclp->z_ops->ace_size(aceptr)); |
34dc7c2f BB |
704 | } |
705 | ||
706 | *size = (caddr_t)aceptr - (caddr_t)z_acl; | |
707 | ||
708 | return (0); | |
709 | } | |
710 | ||
711 | /* | |
712 | * Copy ZFS ACEs to fixed size ace_t layout | |
713 | */ | |
714 | static void | |
3558fd73 | 715 | zfs_copy_fuid_2_ace(zfs_sb_t *zsb, zfs_acl_t *aclp, cred_t *cr, |
34dc7c2f BB |
716 | void *datap, int filter) |
717 | { | |
718 | uint64_t who; | |
719 | uint32_t access_mask; | |
720 | uint16_t iflags, type; | |
721 | zfs_ace_hdr_t *zacep = NULL; | |
722 | ace_t *acep = datap; | |
723 | ace_object_t *objacep; | |
724 | zfs_object_ace_t *zobjacep; | |
725 | size_t ace_size; | |
726 | uint16_t entry_type; | |
727 | ||
149e873a BB |
728 | while ((zacep = zfs_acl_next_ace(aclp, zacep, |
729 | &who, &access_mask, &iflags, &type))) { | |
34dc7c2f BB |
730 | |
731 | switch (type) { | |
732 | case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: | |
733 | case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: | |
734 | case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: | |
735 | case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: | |
736 | if (filter) { | |
737 | continue; | |
738 | } | |
739 | zobjacep = (zfs_object_ace_t *)zacep; | |
740 | objacep = (ace_object_t *)acep; | |
741 | bcopy(zobjacep->z_object_type, | |
742 | objacep->a_obj_type, | |
743 | sizeof (zobjacep->z_object_type)); | |
744 | bcopy(zobjacep->z_inherit_type, | |
745 | objacep->a_inherit_obj_type, | |
746 | sizeof (zobjacep->z_inherit_type)); | |
747 | ace_size = sizeof (ace_object_t); | |
748 | break; | |
749 | default: | |
750 | ace_size = sizeof (ace_t); | |
751 | break; | |
752 | } | |
753 | ||
754 | entry_type = (iflags & ACE_TYPE_FLAGS); | |
755 | if ((entry_type != ACE_OWNER && | |
b128c09f | 756 | entry_type != OWNING_GROUP && |
34dc7c2f | 757 | entry_type != ACE_EVERYONE)) { |
3558fd73 | 758 | acep->a_who = zfs_fuid_map_id(zsb, who, |
34dc7c2f BB |
759 | cr, (entry_type & ACE_IDENTIFIER_GROUP) ? |
760 | ZFS_ACE_GROUP : ZFS_ACE_USER); | |
761 | } else { | |
762 | acep->a_who = (uid_t)(int64_t)who; | |
763 | } | |
764 | acep->a_access_mask = access_mask; | |
765 | acep->a_flags = iflags; | |
766 | acep->a_type = type; | |
767 | acep = (ace_t *)((caddr_t)acep + ace_size); | |
768 | } | |
769 | } | |
770 | ||
771 | static int | |
3558fd73 | 772 | zfs_copy_ace_2_oldace(umode_t obj_mode, zfs_acl_t *aclp, ace_t *acep, |
34dc7c2f BB |
773 | zfs_oldace_t *z_acl, int aclcnt, size_t *size) |
774 | { | |
775 | int i; | |
776 | zfs_oldace_t *aceptr = z_acl; | |
777 | ||
778 | for (i = 0; i != aclcnt; i++, aceptr++) { | |
779 | aceptr->z_access_mask = acep[i].a_access_mask; | |
780 | aceptr->z_type = acep[i].a_type; | |
781 | aceptr->z_flags = acep[i].a_flags; | |
782 | aceptr->z_fuid = acep[i].a_who; | |
783 | /* | |
784 | * Make sure ACE is valid | |
785 | */ | |
3558fd73 | 786 | if (zfs_ace_valid(obj_mode, aclp, aceptr->z_type, |
34dc7c2f | 787 | aceptr->z_flags) != B_TRUE) |
a08ee875 | 788 | return (SET_ERROR(EINVAL)); |
34dc7c2f BB |
789 | } |
790 | *size = (caddr_t)aceptr - (caddr_t)z_acl; | |
791 | return (0); | |
792 | } | |
793 | ||
794 | /* | |
795 | * convert old ACL format to new | |
796 | */ | |
797 | void | |
9babb374 | 798 | zfs_acl_xform(znode_t *zp, zfs_acl_t *aclp, cred_t *cr) |
34dc7c2f BB |
799 | { |
800 | zfs_oldace_t *oldaclp; | |
801 | int i; | |
802 | uint16_t type, iflags; | |
803 | uint32_t access_mask; | |
804 | uint64_t who; | |
805 | void *cookie = NULL; | |
806 | zfs_acl_node_t *newaclnode; | |
807 | ||
808 | ASSERT(aclp->z_version == ZFS_ACL_VERSION_INITIAL); | |
809 | /* | |
810 | * First create the ACE in a contiguous piece of memory | |
811 | * for zfs_copy_ace_2_fuid(). | |
812 | * | |
813 | * We only convert an ACL once, so this won't happen | |
814 | * everytime. | |
815 | */ | |
816 | oldaclp = kmem_alloc(sizeof (zfs_oldace_t) * aclp->z_acl_count, | |
817 | KM_SLEEP); | |
818 | i = 0; | |
149e873a BB |
819 | while ((cookie = zfs_acl_next_ace(aclp, cookie, &who, |
820 | &access_mask, &iflags, &type))) { | |
34dc7c2f BB |
821 | oldaclp[i].z_flags = iflags; |
822 | oldaclp[i].z_type = type; | |
823 | oldaclp[i].z_fuid = who; | |
824 | oldaclp[i++].z_access_mask = access_mask; | |
825 | } | |
826 | ||
827 | newaclnode = zfs_acl_node_alloc(aclp->z_acl_count * | |
828 | sizeof (zfs_object_ace_t)); | |
0a6b03d3 | 829 | aclp->z_ops = &zfs_acl_fuid_ops; |
3558fd73 BB |
830 | VERIFY(zfs_copy_ace_2_fuid(ZTOZSB(zp), ZTOI(zp)->i_mode, |
831 | aclp, oldaclp, newaclnode->z_acldata, aclp->z_acl_count, | |
9babb374 | 832 | &newaclnode->z_size, NULL, cr) == 0); |
34dc7c2f BB |
833 | newaclnode->z_ace_count = aclp->z_acl_count; |
834 | aclp->z_version = ZFS_ACL_VERSION; | |
835 | kmem_free(oldaclp, aclp->z_acl_count * sizeof (zfs_oldace_t)); | |
836 | ||
837 | /* | |
838 | * Release all previous ACL nodes | |
839 | */ | |
840 | ||
841 | zfs_acl_release_nodes(aclp); | |
842 | ||
843 | list_insert_head(&aclp->z_acl, newaclnode); | |
844 | ||
845 | aclp->z_acl_bytes = newaclnode->z_size; | |
846 | aclp->z_acl_count = newaclnode->z_ace_count; | |
847 | ||
848 | } | |
849 | ||
850 | /* | |
851 | * Convert unix access mask to v4 access mask | |
852 | */ | |
853 | static uint32_t | |
854 | zfs_unix_to_v4(uint32_t access_mask) | |
855 | { | |
856 | uint32_t new_mask = 0; | |
857 | ||
858 | if (access_mask & S_IXOTH) | |
859 | new_mask |= ACE_EXECUTE; | |
860 | if (access_mask & S_IWOTH) | |
861 | new_mask |= ACE_WRITE_DATA; | |
862 | if (access_mask & S_IROTH) | |
863 | new_mask |= ACE_READ_DATA; | |
864 | return (new_mask); | |
865 | } | |
866 | ||
867 | static void | |
868 | zfs_set_ace(zfs_acl_t *aclp, void *acep, uint32_t access_mask, | |
869 | uint16_t access_type, uint64_t fuid, uint16_t entry_type) | |
870 | { | |
871 | uint16_t type = entry_type & ACE_TYPE_FLAGS; | |
872 | ||
0a6b03d3 RY |
873 | aclp->z_ops->ace_mask_set(acep, access_mask); |
874 | aclp->z_ops->ace_type_set(acep, access_type); | |
875 | aclp->z_ops->ace_flags_set(acep, entry_type); | |
b128c09f | 876 | if ((type != ACE_OWNER && type != OWNING_GROUP && |
34dc7c2f | 877 | type != ACE_EVERYONE)) |
0a6b03d3 | 878 | aclp->z_ops->ace_who_set(acep, fuid); |
34dc7c2f BB |
879 | } |
880 | ||
881 | /* | |
882 | * Determine mode of file based on ACL. | |
883 | * Also, create FUIDs for any User/Group ACEs | |
884 | */ | |
428870ff BB |
885 | uint64_t |
886 | zfs_mode_compute(uint64_t fmode, zfs_acl_t *aclp, | |
887 | uint64_t *pflags, uint64_t fuid, uint64_t fgid) | |
34dc7c2f BB |
888 | { |
889 | int entry_type; | |
890 | mode_t mode; | |
891 | mode_t seen = 0; | |
892 | zfs_ace_hdr_t *acep = NULL; | |
893 | uint64_t who; | |
894 | uint16_t iflags, type; | |
895 | uint32_t access_mask; | |
45d1cae3 | 896 | boolean_t an_exec_denied = B_FALSE; |
34dc7c2f | 897 | |
428870ff | 898 | mode = (fmode & (S_IFMT | S_ISUID | S_ISGID | S_ISVTX)); |
34dc7c2f | 899 | |
149e873a BB |
900 | while ((acep = zfs_acl_next_ace(aclp, acep, &who, |
901 | &access_mask, &iflags, &type))) { | |
34dc7c2f | 902 | |
b128c09f | 903 | if (!zfs_acl_valid_ace_type(type, iflags)) |
34dc7c2f BB |
904 | continue; |
905 | ||
906 | entry_type = (iflags & ACE_TYPE_FLAGS); | |
907 | ||
b128c09f BB |
908 | /* |
909 | * Skip over owner@, group@ or everyone@ inherit only ACEs | |
910 | */ | |
911 | if ((iflags & ACE_INHERIT_ONLY_ACE) && | |
912 | (entry_type == ACE_OWNER || entry_type == ACE_EVERYONE || | |
913 | entry_type == OWNING_GROUP)) | |
914 | continue; | |
915 | ||
428870ff BB |
916 | if (entry_type == ACE_OWNER || (entry_type == 0 && |
917 | who == fuid)) { | |
34dc7c2f BB |
918 | if ((access_mask & ACE_READ_DATA) && |
919 | (!(seen & S_IRUSR))) { | |
920 | seen |= S_IRUSR; | |
921 | if (type == ALLOW) { | |
922 | mode |= S_IRUSR; | |
923 | } | |
924 | } | |
925 | if ((access_mask & ACE_WRITE_DATA) && | |
926 | (!(seen & S_IWUSR))) { | |
927 | seen |= S_IWUSR; | |
928 | if (type == ALLOW) { | |
929 | mode |= S_IWUSR; | |
930 | } | |
931 | } | |
932 | if ((access_mask & ACE_EXECUTE) && | |
933 | (!(seen & S_IXUSR))) { | |
934 | seen |= S_IXUSR; | |
935 | if (type == ALLOW) { | |
936 | mode |= S_IXUSR; | |
937 | } | |
938 | } | |
428870ff BB |
939 | } else if (entry_type == OWNING_GROUP || |
940 | (entry_type == ACE_IDENTIFIER_GROUP && who == fgid)) { | |
34dc7c2f BB |
941 | if ((access_mask & ACE_READ_DATA) && |
942 | (!(seen & S_IRGRP))) { | |
943 | seen |= S_IRGRP; | |
944 | if (type == ALLOW) { | |
945 | mode |= S_IRGRP; | |
946 | } | |
947 | } | |
948 | if ((access_mask & ACE_WRITE_DATA) && | |
949 | (!(seen & S_IWGRP))) { | |
950 | seen |= S_IWGRP; | |
951 | if (type == ALLOW) { | |
952 | mode |= S_IWGRP; | |
953 | } | |
954 | } | |
955 | if ((access_mask & ACE_EXECUTE) && | |
956 | (!(seen & S_IXGRP))) { | |
957 | seen |= S_IXGRP; | |
958 | if (type == ALLOW) { | |
959 | mode |= S_IXGRP; | |
960 | } | |
961 | } | |
962 | } else if (entry_type == ACE_EVERYONE) { | |
963 | if ((access_mask & ACE_READ_DATA)) { | |
964 | if (!(seen & S_IRUSR)) { | |
965 | seen |= S_IRUSR; | |
966 | if (type == ALLOW) { | |
967 | mode |= S_IRUSR; | |
968 | } | |
969 | } | |
970 | if (!(seen & S_IRGRP)) { | |
971 | seen |= S_IRGRP; | |
972 | if (type == ALLOW) { | |
973 | mode |= S_IRGRP; | |
974 | } | |
975 | } | |
976 | if (!(seen & S_IROTH)) { | |
977 | seen |= S_IROTH; | |
978 | if (type == ALLOW) { | |
979 | mode |= S_IROTH; | |
980 | } | |
981 | } | |
982 | } | |
983 | if ((access_mask & ACE_WRITE_DATA)) { | |
984 | if (!(seen & S_IWUSR)) { | |
985 | seen |= S_IWUSR; | |
986 | if (type == ALLOW) { | |
987 | mode |= S_IWUSR; | |
988 | } | |
989 | } | |
990 | if (!(seen & S_IWGRP)) { | |
991 | seen |= S_IWGRP; | |
992 | if (type == ALLOW) { | |
993 | mode |= S_IWGRP; | |
994 | } | |
995 | } | |
996 | if (!(seen & S_IWOTH)) { | |
997 | seen |= S_IWOTH; | |
998 | if (type == ALLOW) { | |
999 | mode |= S_IWOTH; | |
1000 | } | |
1001 | } | |
1002 | } | |
1003 | if ((access_mask & ACE_EXECUTE)) { | |
1004 | if (!(seen & S_IXUSR)) { | |
1005 | seen |= S_IXUSR; | |
1006 | if (type == ALLOW) { | |
1007 | mode |= S_IXUSR; | |
1008 | } | |
1009 | } | |
1010 | if (!(seen & S_IXGRP)) { | |
1011 | seen |= S_IXGRP; | |
1012 | if (type == ALLOW) { | |
1013 | mode |= S_IXGRP; | |
1014 | } | |
1015 | } | |
1016 | if (!(seen & S_IXOTH)) { | |
1017 | seen |= S_IXOTH; | |
1018 | if (type == ALLOW) { | |
1019 | mode |= S_IXOTH; | |
1020 | } | |
1021 | } | |
1022 | } | |
45d1cae3 BB |
1023 | } else { |
1024 | /* | |
1025 | * Only care if this IDENTIFIER_GROUP or | |
1026 | * USER ACE denies execute access to someone, | |
1027 | * mode is not affected | |
1028 | */ | |
1029 | if ((access_mask & ACE_EXECUTE) && type == DENY) | |
1030 | an_exec_denied = B_TRUE; | |
34dc7c2f | 1031 | } |
34dc7c2f | 1032 | } |
45d1cae3 BB |
1033 | |
1034 | /* | |
1035 | * Failure to allow is effectively a deny, so execute permission | |
1036 | * is denied if it was never mentioned or if we explicitly | |
1037 | * weren't allowed it. | |
1038 | */ | |
1039 | if (!an_exec_denied && | |
1040 | ((seen & ALL_MODE_EXECS) != ALL_MODE_EXECS || | |
1041 | (mode & ALL_MODE_EXECS) != ALL_MODE_EXECS)) | |
1042 | an_exec_denied = B_TRUE; | |
1043 | ||
1044 | if (an_exec_denied) | |
428870ff | 1045 | *pflags &= ~ZFS_NO_EXECS_DENIED; |
45d1cae3 | 1046 | else |
428870ff | 1047 | *pflags |= ZFS_NO_EXECS_DENIED; |
45d1cae3 | 1048 | |
34dc7c2f BB |
1049 | return (mode); |
1050 | } | |
1051 | ||
34dc7c2f | 1052 | /* |
45d1cae3 BB |
1053 | * Read an external acl object. If the intent is to modify, always |
1054 | * create a new acl and leave any cached acl in place. | |
34dc7c2f BB |
1055 | */ |
1056 | static int | |
572e2857 BB |
1057 | zfs_acl_node_read(znode_t *zp, boolean_t have_lock, zfs_acl_t **aclpp, |
1058 | boolean_t will_modify) | |
34dc7c2f | 1059 | { |
34dc7c2f | 1060 | zfs_acl_t *aclp; |
ddc07fa5 CW |
1061 | int aclsize = 0; |
1062 | int acl_count = 0; | |
34dc7c2f | 1063 | zfs_acl_node_t *aclnode; |
428870ff BB |
1064 | zfs_acl_phys_t znode_acl; |
1065 | int version; | |
1066 | int error; | |
572e2857 | 1067 | boolean_t drop_lock = B_FALSE; |
34dc7c2f BB |
1068 | |
1069 | ASSERT(MUTEX_HELD(&zp->z_acl_lock)); | |
1070 | ||
45d1cae3 BB |
1071 | if (zp->z_acl_cached && !will_modify) { |
1072 | *aclpp = zp->z_acl_cached; | |
1073 | return (0); | |
1074 | } | |
1075 | ||
572e2857 BB |
1076 | /* |
1077 | * close race where znode could be upgrade while trying to | |
1078 | * read the znode attributes. | |
1079 | * | |
1080 | * But this could only happen if the file isn't already an SA | |
1081 | * znode | |
1082 | */ | |
1083 | if (!zp->z_is_sa && !have_lock) { | |
1084 | mutex_enter(&zp->z_lock); | |
1085 | drop_lock = B_TRUE; | |
1086 | } | |
1087 | version = zfs_znode_acl_version(zp); | |
34dc7c2f | 1088 | |
428870ff | 1089 | if ((error = zfs_acl_znode_info(zp, &aclsize, |
572e2857 BB |
1090 | &acl_count, &znode_acl)) != 0) { |
1091 | goto done; | |
1092 | } | |
428870ff BB |
1093 | |
1094 | aclp = zfs_acl_alloc(version); | |
34dc7c2f | 1095 | |
34dc7c2f BB |
1096 | aclp->z_acl_count = acl_count; |
1097 | aclp->z_acl_bytes = aclsize; | |
1098 | ||
428870ff BB |
1099 | aclnode = zfs_acl_node_alloc(aclsize); |
1100 | aclnode->z_ace_count = aclp->z_acl_count; | |
1101 | aclnode->z_size = aclsize; | |
1102 | ||
1103 | if (!zp->z_is_sa) { | |
1104 | if (znode_acl.z_acl_extern_obj) { | |
3558fd73 | 1105 | error = dmu_read(ZTOZSB(zp)->z_os, |
428870ff BB |
1106 | znode_acl.z_acl_extern_obj, 0, aclnode->z_size, |
1107 | aclnode->z_acldata, DMU_READ_PREFETCH); | |
1108 | } else { | |
1109 | bcopy(znode_acl.z_ace_data, aclnode->z_acldata, | |
1110 | aclnode->z_size); | |
1111 | } | |
1112 | } else { | |
3558fd73 | 1113 | error = sa_lookup(zp->z_sa_hdl, SA_ZPL_DACL_ACES(ZTOZSB(zp)), |
428870ff BB |
1114 | aclnode->z_acldata, aclnode->z_size); |
1115 | } | |
1116 | ||
34dc7c2f BB |
1117 | if (error != 0) { |
1118 | zfs_acl_free(aclp); | |
428870ff | 1119 | zfs_acl_node_free(aclnode); |
b128c09f BB |
1120 | /* convert checksum errors into IO errors */ |
1121 | if (error == ECKSUM) | |
a08ee875 | 1122 | error = SET_ERROR(EIO); |
572e2857 | 1123 | goto done; |
34dc7c2f BB |
1124 | } |
1125 | ||
428870ff BB |
1126 | list_insert_head(&aclp->z_acl, aclnode); |
1127 | ||
34dc7c2f | 1128 | *aclpp = aclp; |
45d1cae3 BB |
1129 | if (!will_modify) |
1130 | zp->z_acl_cached = aclp; | |
572e2857 BB |
1131 | done: |
1132 | if (drop_lock) | |
1133 | mutex_exit(&zp->z_lock); | |
1134 | return (error); | |
34dc7c2f BB |
1135 | } |
1136 | ||
428870ff BB |
1137 | /*ARGSUSED*/ |
1138 | void | |
1139 | zfs_acl_data_locator(void **dataptr, uint32_t *length, uint32_t buflen, | |
1140 | boolean_t start, void *userdata) | |
1141 | { | |
1142 | zfs_acl_locator_cb_t *cb = (zfs_acl_locator_cb_t *)userdata; | |
1143 | ||
1144 | if (start) { | |
1145 | cb->cb_acl_node = list_head(&cb->cb_aclp->z_acl); | |
1146 | } else { | |
1147 | cb->cb_acl_node = list_next(&cb->cb_aclp->z_acl, | |
1148 | cb->cb_acl_node); | |
1149 | } | |
1150 | *dataptr = cb->cb_acl_node->z_acldata; | |
1151 | *length = cb->cb_acl_node->z_size; | |
1152 | } | |
1153 | ||
428870ff BB |
1154 | int |
1155 | zfs_acl_chown_setattr(znode_t *zp) | |
1156 | { | |
1157 | int error; | |
1158 | zfs_acl_t *aclp; | |
428870ff | 1159 | |
a08ee875 LG |
1160 | if (ZTOZSB(zp)->z_acl_type == ZFS_ACLTYPE_POSIXACL) |
1161 | return (0); | |
1162 | ||
572e2857 BB |
1163 | ASSERT(MUTEX_HELD(&zp->z_lock)); |
1164 | ASSERT(MUTEX_HELD(&zp->z_acl_lock)); | |
428870ff | 1165 | |
ea04106b AX |
1166 | error = zfs_acl_node_read(zp, B_TRUE, &aclp, B_FALSE); |
1167 | if (error == 0 && aclp->z_acl_count > 0) | |
428870ff | 1168 | zp->z_mode = zfs_mode_compute(zp->z_mode, aclp, |
572e2857 | 1169 | &zp->z_pflags, zp->z_uid, zp->z_gid); |
a08ee875 LG |
1170 | |
1171 | /* | |
1172 | * Some ZFS implementations (ZEVO) create neither a ZNODE_ACL | |
1173 | * nor a DACL_ACES SA in which case ENOENT is returned from | |
1174 | * zfs_acl_node_read() when the SA can't be located. | |
1175 | * Allow chown/chgrp to succeed in these cases rather than | |
1176 | * returning an error that makes no sense in the context of | |
1177 | * the caller. | |
1178 | */ | |
1179 | if (error == ENOENT) | |
1180 | return (0); | |
1181 | ||
428870ff BB |
1182 | return (error); |
1183 | } | |
1184 | ||
538f669f BB |
1185 | static void |
1186 | acl_trivial_access_masks(mode_t mode, uint32_t *allow0, uint32_t *deny1, | |
1187 | uint32_t *deny2, uint32_t *owner, uint32_t *group, uint32_t *everyone) | |
1188 | { | |
1189 | *deny1 = *deny2 = *allow0 = *group = 0; | |
1190 | ||
1191 | if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH))) | |
1192 | *deny1 |= ACE_READ_DATA; | |
1193 | if (!(mode & S_IWUSR) && (mode & (S_IWGRP|S_IWOTH))) | |
1194 | *deny1 |= ACE_WRITE_DATA; | |
1195 | if (!(mode & S_IXUSR) && (mode & (S_IXGRP|S_IXOTH))) | |
1196 | *deny1 |= ACE_EXECUTE; | |
1197 | ||
1198 | if (!(mode & S_IRGRP) && (mode & S_IROTH)) | |
1199 | *deny2 = ACE_READ_DATA; | |
1200 | if (!(mode & S_IWGRP) && (mode & S_IWOTH)) | |
1201 | *deny2 |= ACE_WRITE_DATA; | |
1202 | if (!(mode & S_IXGRP) && (mode & S_IXOTH)) | |
1203 | *deny2 |= ACE_EXECUTE; | |
1204 | ||
1205 | if ((mode & S_IRUSR) && (!(mode & S_IRGRP) && (mode & S_IROTH))) | |
1206 | *allow0 |= ACE_READ_DATA; | |
1207 | if ((mode & S_IWUSR) && (!(mode & S_IWGRP) && (mode & S_IWOTH))) | |
1208 | *allow0 |= ACE_WRITE_DATA; | |
1209 | if ((mode & S_IXUSR) && (!(mode & S_IXGRP) && (mode & S_IXOTH))) | |
1210 | *allow0 |= ACE_EXECUTE; | |
1211 | ||
1212 | *owner = ACE_WRITE_ATTRIBUTES|ACE_WRITE_OWNER|ACE_WRITE_ACL| | |
1213 | ACE_WRITE_NAMED_ATTRS|ACE_READ_ACL|ACE_READ_ATTRIBUTES| | |
1214 | ACE_READ_NAMED_ATTRS|ACE_SYNCHRONIZE; | |
1215 | if (mode & S_IRUSR) | |
1216 | *owner |= ACE_READ_DATA; | |
1217 | if (mode & S_IWUSR) | |
1218 | *owner |= ACE_WRITE_DATA|ACE_APPEND_DATA; | |
1219 | if (mode & S_IXUSR) | |
1220 | *owner |= ACE_EXECUTE; | |
1221 | ||
1222 | *group = ACE_READ_ACL|ACE_READ_ATTRIBUTES| ACE_READ_NAMED_ATTRS| | |
1223 | ACE_SYNCHRONIZE; | |
1224 | if (mode & S_IRGRP) | |
1225 | *group |= ACE_READ_DATA; | |
1226 | if (mode & S_IWGRP) | |
1227 | *group |= ACE_WRITE_DATA|ACE_APPEND_DATA; | |
1228 | if (mode & S_IXGRP) | |
1229 | *group |= ACE_EXECUTE; | |
1230 | ||
1231 | *everyone = ACE_READ_ACL|ACE_READ_ATTRIBUTES| ACE_READ_NAMED_ATTRS| | |
1232 | ACE_SYNCHRONIZE; | |
1233 | if (mode & S_IROTH) | |
1234 | *everyone |= ACE_READ_DATA; | |
1235 | if (mode & S_IWOTH) | |
1236 | *everyone |= ACE_WRITE_DATA|ACE_APPEND_DATA; | |
1237 | if (mode & S_IXOTH) | |
1238 | *everyone |= ACE_EXECUTE; | |
1239 | } | |
1240 | ||
1241 | /* | |
1242 | * ace_trivial: | |
1243 | * determine whether an ace_t acl is trivial | |
1244 | * | |
1245 | * Trivialness implies that the acl is composed of only | |
1246 | * owner, group, everyone entries. ACL can't | |
1247 | * have read_acl denied, and write_owner/write_acl/write_attributes | |
1248 | * can only be owner@ entry. | |
1249 | */ | |
1250 | static int | |
1251 | ace_trivial_common(void *acep, int aclcnt, | |
1252 | uint64_t (*walk)(void *, uint64_t, int aclcnt, | |
1253 | uint16_t *, uint16_t *, uint32_t *)) | |
1254 | { | |
1255 | uint16_t flags; | |
1256 | uint32_t mask; | |
1257 | uint16_t type; | |
1258 | uint64_t cookie = 0; | |
1259 | ||
1260 | while ((cookie = walk(acep, cookie, aclcnt, &flags, &type, &mask))) { | |
1261 | switch (flags & ACE_TYPE_FLAGS) { | |
1262 | case ACE_OWNER: | |
1263 | case ACE_GROUP|ACE_IDENTIFIER_GROUP: | |
1264 | case ACE_EVERYONE: | |
1265 | break; | |
1266 | default: | |
1267 | return (1); | |
1268 | } | |
1269 | ||
1270 | if (flags & (ACE_FILE_INHERIT_ACE| | |
1271 | ACE_DIRECTORY_INHERIT_ACE|ACE_NO_PROPAGATE_INHERIT_ACE| | |
1272 | ACE_INHERIT_ONLY_ACE)) | |
1273 | return (1); | |
1274 | ||
1275 | /* | |
1276 | * Special check for some special bits | |
1277 | * | |
1278 | * Don't allow anybody to deny reading basic | |
1279 | * attributes or a files ACL. | |
1280 | */ | |
1281 | if ((mask & (ACE_READ_ACL|ACE_READ_ATTRIBUTES)) && | |
1282 | (type == ACE_ACCESS_DENIED_ACE_TYPE)) | |
1283 | return (1); | |
1284 | ||
1285 | /* | |
1286 | * Delete permissions are never set by default | |
1287 | */ | |
1288 | if (mask & (ACE_DELETE|ACE_DELETE_CHILD)) | |
1289 | return (1); | |
1290 | /* | |
1291 | * only allow owner@ to have | |
1292 | * write_acl/write_owner/write_attributes/write_xattr/ | |
1293 | */ | |
1294 | if (type == ACE_ACCESS_ALLOWED_ACE_TYPE && | |
1295 | (!(flags & ACE_OWNER) && (mask & | |
1296 | (ACE_WRITE_OWNER|ACE_WRITE_ACL| ACE_WRITE_ATTRIBUTES| | |
1297 | ACE_WRITE_NAMED_ATTRS)))) | |
1298 | return (1); | |
1299 | ||
1300 | } | |
1301 | ||
1302 | return (0); | |
1303 | } | |
1304 | ||
34dc7c2f BB |
1305 | /* |
1306 | * common code for setting ACLs. | |
1307 | * | |
1308 | * This function is called from zfs_mode_update, zfs_perm_init, and zfs_setacl. | |
1309 | * zfs_setacl passes a non-NULL inherit pointer (ihp) to indicate that it's | |
1310 | * already checked the acl and knows whether to inherit. | |
1311 | */ | |
1312 | int | |
9babb374 | 1313 | zfs_aclset_common(znode_t *zp, zfs_acl_t *aclp, cred_t *cr, dmu_tx_t *tx) |
34dc7c2f | 1314 | { |
428870ff | 1315 | int error; |
3558fd73 | 1316 | zfs_sb_t *zsb = ZTOZSB(zp); |
428870ff BB |
1317 | dmu_object_type_t otype; |
1318 | zfs_acl_locator_cb_t locate = { 0 }; | |
1319 | uint64_t mode; | |
1320 | sa_bulk_attr_t bulk[5]; | |
1321 | uint64_t ctime[2]; | |
1322 | int count = 0; | |
428870ff BB |
1323 | |
1324 | mode = zp->z_mode; | |
1325 | ||
572e2857 BB |
1326 | mode = zfs_mode_compute(mode, aclp, &zp->z_pflags, |
1327 | zp->z_uid, zp->z_gid); | |
34dc7c2f | 1328 | |
428870ff | 1329 | zp->z_mode = mode; |
3558fd73 | 1330 | SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zsb), NULL, |
428870ff | 1331 | &mode, sizeof (mode)); |
3558fd73 | 1332 | SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zsb), NULL, |
428870ff | 1333 | &zp->z_pflags, sizeof (zp->z_pflags)); |
3558fd73 | 1334 | SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zsb), NULL, |
428870ff | 1335 | &ctime, sizeof (ctime)); |
34dc7c2f | 1336 | |
45d1cae3 BB |
1337 | if (zp->z_acl_cached) { |
1338 | zfs_acl_free(zp->z_acl_cached); | |
1339 | zp->z_acl_cached = NULL; | |
1340 | } | |
1341 | ||
34dc7c2f | 1342 | /* |
428870ff | 1343 | * Upgrade needed? |
34dc7c2f | 1344 | */ |
3558fd73 | 1345 | if (!zsb->z_use_fuids) { |
34dc7c2f BB |
1346 | otype = DMU_OT_OLDACL; |
1347 | } else { | |
1348 | if ((aclp->z_version == ZFS_ACL_VERSION_INITIAL) && | |
3558fd73 | 1349 | (zsb->z_version >= ZPL_VERSION_FUID)) |
9babb374 | 1350 | zfs_acl_xform(zp, aclp, cr); |
34dc7c2f BB |
1351 | ASSERT(aclp->z_version >= ZFS_ACL_VERSION_FUID); |
1352 | otype = DMU_OT_ACL; | |
1353 | } | |
1354 | ||
428870ff BB |
1355 | /* |
1356 | * Arrgh, we have to handle old on disk format | |
1357 | * as well as newer (preferred) SA format. | |
1358 | */ | |
1359 | ||
1360 | if (zp->z_is_sa) { /* the easy case, just update the ACL attribute */ | |
1361 | locate.cb_aclp = aclp; | |
3558fd73 | 1362 | SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_DACL_ACES(zsb), |
428870ff | 1363 | zfs_acl_data_locator, &locate, aclp->z_acl_bytes); |
3558fd73 | 1364 | SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_DACL_COUNT(zsb), |
428870ff BB |
1365 | NULL, &aclp->z_acl_count, sizeof (uint64_t)); |
1366 | } else { /* Painful legacy way */ | |
1367 | zfs_acl_node_t *aclnode; | |
1368 | uint64_t off = 0; | |
1369 | zfs_acl_phys_t acl_phys; | |
1370 | uint64_t aoid; | |
1371 | ||
3558fd73 | 1372 | if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zsb), |
428870ff BB |
1373 | &acl_phys, sizeof (acl_phys))) != 0) |
1374 | return (error); | |
1375 | ||
1376 | aoid = acl_phys.z_acl_extern_obj; | |
1377 | ||
1378 | if (aclp->z_acl_bytes > ZFS_ACE_SPACE) { | |
1379 | /* | |
1380 | * If ACL was previously external and we are now | |
1381 | * converting to new ACL format then release old | |
1382 | * ACL object and create a new one. | |
1383 | */ | |
1384 | if (aoid && | |
1385 | aclp->z_version != acl_phys.z_acl_version) { | |
3558fd73 | 1386 | error = dmu_object_free(zsb->z_os, aoid, tx); |
428870ff BB |
1387 | if (error) |
1388 | return (error); | |
1389 | aoid = 0; | |
1390 | } | |
1391 | if (aoid == 0) { | |
3558fd73 | 1392 | aoid = dmu_object_alloc(zsb->z_os, |
428870ff BB |
1393 | otype, aclp->z_acl_bytes, |
1394 | otype == DMU_OT_ACL ? | |
1395 | DMU_OT_SYSACL : DMU_OT_NONE, | |
1396 | otype == DMU_OT_ACL ? | |
1397 | DN_MAX_BONUSLEN : 0, tx); | |
1398 | } else { | |
3558fd73 | 1399 | (void) dmu_object_set_blocksize(zsb->z_os, |
428870ff BB |
1400 | aoid, aclp->z_acl_bytes, 0, tx); |
1401 | } | |
1402 | acl_phys.z_acl_extern_obj = aoid; | |
1403 | for (aclnode = list_head(&aclp->z_acl); aclnode; | |
1404 | aclnode = list_next(&aclp->z_acl, aclnode)) { | |
1405 | if (aclnode->z_ace_count == 0) | |
1406 | continue; | |
3558fd73 | 1407 | dmu_write(zsb->z_os, aoid, off, |
428870ff BB |
1408 | aclnode->z_size, aclnode->z_acldata, tx); |
1409 | off += aclnode->z_size; | |
1410 | } | |
34dc7c2f | 1411 | } else { |
428870ff BB |
1412 | void *start = acl_phys.z_ace_data; |
1413 | /* | |
1414 | * Migrating back embedded? | |
1415 | */ | |
1416 | if (acl_phys.z_acl_extern_obj) { | |
3558fd73 | 1417 | error = dmu_object_free(zsb->z_os, |
428870ff BB |
1418 | acl_phys.z_acl_extern_obj, tx); |
1419 | if (error) | |
1420 | return (error); | |
1421 | acl_phys.z_acl_extern_obj = 0; | |
1422 | } | |
1423 | ||
1424 | for (aclnode = list_head(&aclp->z_acl); aclnode; | |
1425 | aclnode = list_next(&aclp->z_acl, aclnode)) { | |
1426 | if (aclnode->z_ace_count == 0) | |
1427 | continue; | |
1428 | bcopy(aclnode->z_acldata, start, | |
1429 | aclnode->z_size); | |
1430 | start = (caddr_t)start + aclnode->z_size; | |
1431 | } | |
34dc7c2f | 1432 | } |
34dc7c2f | 1433 | /* |
428870ff BB |
1434 | * If Old version then swap count/bytes to match old |
1435 | * layout of znode_acl_phys_t. | |
34dc7c2f | 1436 | */ |
428870ff BB |
1437 | if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) { |
1438 | acl_phys.z_acl_size = aclp->z_acl_count; | |
1439 | acl_phys.z_acl_count = aclp->z_acl_bytes; | |
1440 | } else { | |
1441 | acl_phys.z_acl_size = aclp->z_acl_bytes; | |
1442 | acl_phys.z_acl_count = aclp->z_acl_count; | |
34dc7c2f | 1443 | } |
428870ff | 1444 | acl_phys.z_acl_version = aclp->z_version; |
34dc7c2f | 1445 | |
3558fd73 | 1446 | SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_ZNODE_ACL(zsb), NULL, |
428870ff | 1447 | &acl_phys, sizeof (acl_phys)); |
34dc7c2f BB |
1448 | } |
1449 | ||
34dc7c2f BB |
1450 | /* |
1451 | * Replace ACL wide bits, but first clear them. | |
1452 | */ | |
428870ff | 1453 | zp->z_pflags &= ~ZFS_ACL_WIDE_FLAGS; |
34dc7c2f | 1454 | |
428870ff | 1455 | zp->z_pflags |= aclp->z_hints; |
34dc7c2f BB |
1456 | |
1457 | if (ace_trivial_common(aclp, 0, zfs_ace_walk) == 0) | |
428870ff | 1458 | zp->z_pflags |= ZFS_ACL_TRIVIAL; |
34dc7c2f | 1459 | |
428870ff BB |
1460 | zfs_tstamp_update_setup(zp, STATE_CHANGED, NULL, ctime, B_TRUE); |
1461 | return (sa_bulk_update(zp->z_sa_hdl, bulk, count, tx)); | |
34dc7c2f BB |
1462 | } |
1463 | ||
34dc7c2f | 1464 | static void |
3558fd73 | 1465 | zfs_acl_chmod(zfs_sb_t *zsb, uint64_t mode, zfs_acl_t *aclp) |
34dc7c2f | 1466 | { |
428870ff | 1467 | void *acep = NULL; |
34dc7c2f | 1468 | uint64_t who; |
428870ff BB |
1469 | int new_count, new_bytes; |
1470 | int ace_size; | |
3558fd73 | 1471 | int entry_type; |
34dc7c2f BB |
1472 | uint16_t iflags, type; |
1473 | uint32_t access_mask; | |
428870ff | 1474 | zfs_acl_node_t *newnode; |
0a6b03d3 | 1475 | size_t abstract_size = aclp->z_ops->ace_abstract_size(); |
3558fd73 BB |
1476 | void *zacep; |
1477 | uint32_t owner, group, everyone; | |
428870ff BB |
1478 | uint32_t deny1, deny2, allow0; |
1479 | ||
1480 | new_count = new_bytes = 0; | |
1481 | ||
1482 | acl_trivial_access_masks((mode_t)mode, &allow0, &deny1, &deny2, | |
1483 | &owner, &group, &everyone); | |
1484 | ||
1485 | newnode = zfs_acl_node_alloc((abstract_size * 6) + aclp->z_acl_bytes); | |
1486 | ||
1487 | zacep = newnode->z_acldata; | |
1488 | if (allow0) { | |
1489 | zfs_set_ace(aclp, zacep, allow0, ALLOW, -1, ACE_OWNER); | |
1490 | zacep = (void *)((uintptr_t)zacep + abstract_size); | |
1491 | new_count++; | |
1492 | new_bytes += abstract_size; | |
a08ee875 LG |
1493 | } |
1494 | if (deny1) { | |
428870ff BB |
1495 | zfs_set_ace(aclp, zacep, deny1, DENY, -1, ACE_OWNER); |
1496 | zacep = (void *)((uintptr_t)zacep + abstract_size); | |
1497 | new_count++; | |
1498 | new_bytes += abstract_size; | |
1499 | } | |
1500 | if (deny2) { | |
1501 | zfs_set_ace(aclp, zacep, deny2, DENY, -1, OWNING_GROUP); | |
1502 | zacep = (void *)((uintptr_t)zacep + abstract_size); | |
1503 | new_count++; | |
1504 | new_bytes += abstract_size; | |
1505 | } | |
34dc7c2f | 1506 | |
149e873a BB |
1507 | while ((acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask, |
1508 | &iflags, &type))) { | |
428870ff | 1509 | uint16_t inherit_flags; |
34dc7c2f BB |
1510 | |
1511 | entry_type = (iflags & ACE_TYPE_FLAGS); | |
428870ff BB |
1512 | inherit_flags = (iflags & ALL_INHERIT); |
1513 | ||
1514 | if ((entry_type == ACE_OWNER || entry_type == ACE_EVERYONE || | |
1515 | (entry_type == OWNING_GROUP)) && | |
1516 | ((inherit_flags & ACE_INHERIT_ONLY_ACE) == 0)) { | |
1517 | continue; | |
1518 | } | |
34dc7c2f BB |
1519 | |
1520 | if ((type != ALLOW && type != DENY) || | |
428870ff BB |
1521 | (inherit_flags & ACE_INHERIT_ONLY_ACE)) { |
1522 | if (inherit_flags) | |
34dc7c2f BB |
1523 | aclp->z_hints |= ZFS_INHERIT_ACE; |
1524 | switch (type) { | |
1525 | case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: | |
1526 | case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: | |
1527 | case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: | |
1528 | case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: | |
1529 | aclp->z_hints |= ZFS_ACL_OBJ_ACE; | |
1530 | break; | |
1531 | } | |
34dc7c2f | 1532 | } else { |
34dc7c2f | 1533 | |
428870ff BB |
1534 | /* |
1535 | * Limit permissions to be no greater than | |
1536 | * group permissions | |
1537 | */ | |
3558fd73 | 1538 | if (zsb->z_acl_inherit == ZFS_ACL_RESTRICTED) { |
428870ff BB |
1539 | if (!(mode & S_IRGRP)) |
1540 | access_mask &= ~ACE_READ_DATA; | |
1541 | if (!(mode & S_IWGRP)) | |
1542 | access_mask &= | |
1543 | ~(ACE_WRITE_DATA|ACE_APPEND_DATA); | |
1544 | if (!(mode & S_IXGRP)) | |
1545 | access_mask &= ~ACE_EXECUTE; | |
1546 | access_mask &= | |
1547 | ~(ACE_WRITE_OWNER|ACE_WRITE_ACL| | |
1548 | ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS); | |
1549 | } | |
34dc7c2f | 1550 | } |
428870ff | 1551 | zfs_set_ace(aclp, zacep, access_mask, type, who, iflags); |
0a6b03d3 | 1552 | ace_size = aclp->z_ops->ace_size(acep); |
428870ff BB |
1553 | zacep = (void *)((uintptr_t)zacep + ace_size); |
1554 | new_count++; | |
1555 | new_bytes += ace_size; | |
1556 | } | |
1557 | zfs_set_ace(aclp, zacep, owner, 0, -1, ACE_OWNER); | |
1558 | zacep = (void *)((uintptr_t)zacep + abstract_size); | |
1559 | zfs_set_ace(aclp, zacep, group, 0, -1, OWNING_GROUP); | |
1560 | zacep = (void *)((uintptr_t)zacep + abstract_size); | |
1561 | zfs_set_ace(aclp, zacep, everyone, 0, -1, ACE_EVERYONE); | |
1562 | ||
1563 | new_count += 3; | |
1564 | new_bytes += abstract_size * 3; | |
1565 | zfs_acl_release_nodes(aclp); | |
1566 | aclp->z_acl_count = new_count; | |
1567 | aclp->z_acl_bytes = new_bytes; | |
1568 | newnode->z_ace_count = new_count; | |
1569 | newnode->z_size = new_bytes; | |
1570 | list_insert_tail(&aclp->z_acl, newnode); | |
34dc7c2f BB |
1571 | } |
1572 | ||
572e2857 | 1573 | void |
34dc7c2f BB |
1574 | zfs_acl_chmod_setattr(znode_t *zp, zfs_acl_t **aclp, uint64_t mode) |
1575 | { | |
34dc7c2f | 1576 | mutex_enter(&zp->z_acl_lock); |
572e2857 | 1577 | mutex_enter(&zp->z_lock); |
428870ff BB |
1578 | *aclp = zfs_acl_alloc(zfs_acl_version_zp(zp)); |
1579 | (*aclp)->z_hints = zp->z_pflags & V4_ACL_WIDE_FLAGS; | |
3558fd73 | 1580 | zfs_acl_chmod(ZTOZSB(zp), mode, *aclp); |
34dc7c2f | 1581 | mutex_exit(&zp->z_lock); |
572e2857 | 1582 | mutex_exit(&zp->z_acl_lock); |
428870ff | 1583 | ASSERT(*aclp); |
34dc7c2f BB |
1584 | } |
1585 | ||
1586 | /* | |
1587 | * strip off write_owner and write_acl | |
1588 | */ | |
1589 | static void | |
3558fd73 | 1590 | zfs_restricted_update(zfs_sb_t *zsb, zfs_acl_t *aclp, void *acep) |
34dc7c2f | 1591 | { |
0a6b03d3 | 1592 | uint32_t mask = aclp->z_ops->ace_mask_get(acep); |
34dc7c2f | 1593 | |
3558fd73 | 1594 | if ((zsb->z_acl_inherit == ZFS_ACL_RESTRICTED) && |
0a6b03d3 | 1595 | (aclp->z_ops->ace_type_get(acep) == ALLOW)) { |
34dc7c2f | 1596 | mask &= ~RESTRICTED_CLEAR; |
0a6b03d3 | 1597 | aclp->z_ops->ace_mask_set(acep, mask); |
34dc7c2f BB |
1598 | } |
1599 | } | |
1600 | ||
1601 | /* | |
1602 | * Should ACE be inherited? | |
1603 | */ | |
1604 | static int | |
3558fd73 | 1605 | zfs_ace_can_use(umode_t obj_mode, uint16_t acep_flags) |
34dc7c2f | 1606 | { |
34dc7c2f BB |
1607 | int iflags = (acep_flags & 0xf); |
1608 | ||
3558fd73 | 1609 | if (S_ISDIR(obj_mode) && (iflags & ACE_DIRECTORY_INHERIT_ACE)) |
34dc7c2f BB |
1610 | return (1); |
1611 | else if (iflags & ACE_FILE_INHERIT_ACE) | |
3558fd73 | 1612 | return (!(S_ISDIR(obj_mode) && |
34dc7c2f BB |
1613 | (iflags & ACE_NO_PROPAGATE_INHERIT_ACE))); |
1614 | return (0); | |
1615 | } | |
1616 | ||
1617 | /* | |
1618 | * inherit inheritable ACEs from parent | |
1619 | */ | |
1620 | static zfs_acl_t * | |
3558fd73 | 1621 | zfs_acl_inherit(zfs_sb_t *zsb, umode_t obj_mode, zfs_acl_t *paclp, |
9babb374 | 1622 | uint64_t mode, boolean_t *need_chmod) |
34dc7c2f | 1623 | { |
34dc7c2f | 1624 | void *pacep; |
428870ff BB |
1625 | void *acep; |
1626 | zfs_acl_node_t *aclnode; | |
34dc7c2f BB |
1627 | zfs_acl_t *aclp = NULL; |
1628 | uint64_t who; | |
1629 | uint32_t access_mask; | |
1630 | uint16_t iflags, newflags, type; | |
1631 | size_t ace_size; | |
1632 | void *data1, *data2; | |
1633 | size_t data1sz, data2sz; | |
3558fd73 BB |
1634 | boolean_t vdir = S_ISDIR(obj_mode); |
1635 | boolean_t vreg = S_ISREG(obj_mode); | |
b128c09f BB |
1636 | boolean_t passthrough, passthrough_x, noallow; |
1637 | ||
1638 | passthrough_x = | |
3558fd73 | 1639 | zsb->z_acl_inherit == ZFS_ACL_PASSTHROUGH_X; |
b128c09f | 1640 | passthrough = passthrough_x || |
3558fd73 | 1641 | zsb->z_acl_inherit == ZFS_ACL_PASSTHROUGH; |
b128c09f | 1642 | noallow = |
3558fd73 | 1643 | zsb->z_acl_inherit == ZFS_ACL_NOALLOW; |
34dc7c2f BB |
1644 | |
1645 | *need_chmod = B_TRUE; | |
1646 | pacep = NULL; | |
b128c09f | 1647 | aclp = zfs_acl_alloc(paclp->z_version); |
3558fd73 | 1648 | if (zsb->z_acl_inherit == ZFS_ACL_DISCARD || S_ISLNK(obj_mode)) |
b128c09f | 1649 | return (aclp); |
149e873a BB |
1650 | while ((pacep = zfs_acl_next_ace(paclp, pacep, &who, |
1651 | &access_mask, &iflags, &type))) { | |
34dc7c2f | 1652 | |
b128c09f BB |
1653 | /* |
1654 | * don't inherit bogus ACEs | |
1655 | */ | |
1656 | if (!zfs_acl_valid_ace_type(type, iflags)) | |
1657 | continue; | |
34dc7c2f | 1658 | |
b128c09f BB |
1659 | if (noallow && type == ALLOW) |
1660 | continue; | |
34dc7c2f | 1661 | |
0a6b03d3 | 1662 | ace_size = aclp->z_ops->ace_size(pacep); |
34dc7c2f | 1663 | |
3558fd73 | 1664 | if (!zfs_ace_can_use(obj_mode, iflags)) |
b128c09f BB |
1665 | continue; |
1666 | ||
1667 | /* | |
1668 | * If owner@, group@, or everyone@ inheritable | |
1669 | * then zfs_acl_chmod() isn't needed. | |
1670 | */ | |
1671 | if (passthrough && | |
1672 | ((iflags & (ACE_OWNER|ACE_EVERYONE)) || | |
1673 | ((iflags & OWNING_GROUP) == | |
1674 | OWNING_GROUP)) && (vreg || (vdir && (iflags & | |
1675 | ACE_DIRECTORY_INHERIT_ACE)))) { | |
1676 | *need_chmod = B_FALSE; | |
428870ff | 1677 | } |
b128c09f | 1678 | |
428870ff BB |
1679 | if (!vdir && passthrough_x && |
1680 | ((mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0)) { | |
1681 | access_mask &= ~ACE_EXECUTE; | |
b128c09f BB |
1682 | } |
1683 | ||
1684 | aclnode = zfs_acl_node_alloc(ace_size); | |
1685 | list_insert_tail(&aclp->z_acl, aclnode); | |
1686 | acep = aclnode->z_acldata; | |
1687 | ||
1688 | zfs_set_ace(aclp, acep, access_mask, type, | |
1689 | who, iflags|ACE_INHERITED_ACE); | |
1690 | ||
1691 | /* | |
1692 | * Copy special opaque data if any | |
1693 | */ | |
0a6b03d3 RY |
1694 | if ((data1sz = paclp->z_ops->ace_data(pacep, &data1)) != 0) { |
1695 | VERIFY((data2sz = aclp->z_ops->ace_data(acep, | |
b128c09f BB |
1696 | &data2)) == data1sz); |
1697 | bcopy(data1, data2, data2sz); | |
1698 | } | |
428870ff | 1699 | |
b128c09f BB |
1700 | aclp->z_acl_count++; |
1701 | aclnode->z_ace_count++; | |
1702 | aclp->z_acl_bytes += aclnode->z_size; | |
0a6b03d3 | 1703 | newflags = aclp->z_ops->ace_flags_get(acep); |
b128c09f BB |
1704 | |
1705 | if (vdir) | |
1706 | aclp->z_hints |= ZFS_INHERIT_ACE; | |
1707 | ||
1708 | if ((iflags & ACE_NO_PROPAGATE_INHERIT_ACE) || !vdir) { | |
1709 | newflags &= ~ALL_INHERIT; | |
0a6b03d3 | 1710 | aclp->z_ops->ace_flags_set(acep, |
b128c09f | 1711 | newflags|ACE_INHERITED_ACE); |
3558fd73 | 1712 | zfs_restricted_update(zsb, aclp, acep); |
b128c09f BB |
1713 | continue; |
1714 | } | |
1715 | ||
1716 | ASSERT(vdir); | |
1717 | ||
428870ff BB |
1718 | /* |
1719 | * If only FILE_INHERIT is set then turn on | |
1720 | * inherit_only | |
1721 | */ | |
b128c09f | 1722 | if ((iflags & (ACE_FILE_INHERIT_ACE | |
428870ff | 1723 | ACE_DIRECTORY_INHERIT_ACE)) == ACE_FILE_INHERIT_ACE) { |
b128c09f | 1724 | newflags |= ACE_INHERIT_ONLY_ACE; |
0a6b03d3 | 1725 | aclp->z_ops->ace_flags_set(acep, |
b128c09f | 1726 | newflags|ACE_INHERITED_ACE); |
b128c09f | 1727 | } else { |
428870ff | 1728 | newflags &= ~ACE_INHERIT_ONLY_ACE; |
0a6b03d3 | 1729 | aclp->z_ops->ace_flags_set(acep, |
b128c09f | 1730 | newflags|ACE_INHERITED_ACE); |
34dc7c2f BB |
1731 | } |
1732 | } | |
1733 | return (aclp); | |
1734 | } | |
1735 | ||
1736 | /* | |
1737 | * Create file system object initial permissions | |
1738 | * including inheritable ACEs. | |
1739 | */ | |
9babb374 BB |
1740 | int |
1741 | zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr, | |
1742 | vsecattr_t *vsecp, zfs_acl_ids_t *acl_ids) | |
34dc7c2f | 1743 | { |
34dc7c2f | 1744 | int error; |
3558fd73 | 1745 | zfs_sb_t *zsb = ZTOZSB(dzp); |
34dc7c2f | 1746 | zfs_acl_t *paclp; |
a405c8a6 | 1747 | #ifdef HAVE_KSID |
34dc7c2f | 1748 | gid_t gid; |
a405c8a6 | 1749 | #endif /* HAVE_KSID */ |
34dc7c2f | 1750 | boolean_t need_chmod = B_TRUE; |
428870ff | 1751 | boolean_t inherited = B_FALSE; |
34dc7c2f | 1752 | |
9babb374 | 1753 | bzero(acl_ids, sizeof (zfs_acl_ids_t)); |
3558fd73 | 1754 | acl_ids->z_mode = vap->va_mode; |
34dc7c2f | 1755 | |
9babb374 | 1756 | if (vsecp) |
3558fd73 BB |
1757 | if ((error = zfs_vsec_2_aclp(zsb, vap->va_mode, vsecp, |
1758 | cr, &acl_ids->z_fuidp, &acl_ids->z_aclp)) != 0) | |
9babb374 | 1759 | return (error); |
a405c8a6 BB |
1760 | |
1761 | acl_ids->z_fuid = vap->va_uid; | |
1762 | acl_ids->z_fgid = vap->va_gid; | |
1763 | #ifdef HAVE_KSID | |
34dc7c2f BB |
1764 | /* |
1765 | * Determine uid and gid. | |
1766 | */ | |
3558fd73 BB |
1767 | if ((flag & IS_ROOT_NODE) || zsb->z_replay || |
1768 | ((flag & IS_XATTR) && (S_ISDIR(vap->va_mode)))) { | |
1769 | acl_ids->z_fuid = zfs_fuid_create(zsb, (uint64_t)vap->va_uid, | |
1770 | cr, ZFS_OWNER, &acl_ids->z_fuidp); | |
1771 | acl_ids->z_fgid = zfs_fuid_create(zsb, (uint64_t)vap->va_gid, | |
1772 | cr, ZFS_GROUP, &acl_ids->z_fuidp); | |
34dc7c2f BB |
1773 | gid = vap->va_gid; |
1774 | } else { | |
3558fd73 | 1775 | acl_ids->z_fuid = zfs_fuid_create_cred(zsb, ZFS_OWNER, |
9babb374 BB |
1776 | cr, &acl_ids->z_fuidp); |
1777 | acl_ids->z_fgid = 0; | |
34dc7c2f | 1778 | if (vap->va_mask & AT_GID) { |
3558fd73 | 1779 | acl_ids->z_fgid = zfs_fuid_create(zsb, |
9babb374 BB |
1780 | (uint64_t)vap->va_gid, |
1781 | cr, ZFS_GROUP, &acl_ids->z_fuidp); | |
34dc7c2f | 1782 | gid = vap->va_gid; |
572e2857 | 1783 | if (acl_ids->z_fgid != dzp->z_gid && |
34dc7c2f BB |
1784 | !groupmember(vap->va_gid, cr) && |
1785 | secpolicy_vnode_create_gid(cr) != 0) | |
9babb374 | 1786 | acl_ids->z_fgid = 0; |
34dc7c2f | 1787 | } |
9babb374 | 1788 | if (acl_ids->z_fgid == 0) { |
428870ff BB |
1789 | if (dzp->z_mode & S_ISGID) { |
1790 | char *domain; | |
1791 | uint32_t rid; | |
1792 | ||
572e2857 | 1793 | acl_ids->z_fgid = dzp->z_gid; |
3558fd73 | 1794 | gid = zfs_fuid_map_id(zsb, acl_ids->z_fgid, |
34dc7c2f | 1795 | cr, ZFS_GROUP); |
428870ff | 1796 | |
3558fd73 | 1797 | if (zsb->z_use_fuids && |
428870ff BB |
1798 | IS_EPHEMERAL(acl_ids->z_fgid)) { |
1799 | domain = zfs_fuid_idx_domain( | |
3558fd73 | 1800 | &zsb->z_fuid_idx, |
428870ff BB |
1801 | FUID_INDEX(acl_ids->z_fgid)); |
1802 | rid = FUID_RID(acl_ids->z_fgid); | |
1803 | zfs_fuid_node_add(&acl_ids->z_fuidp, | |
1804 | domain, rid, | |
1805 | FUID_INDEX(acl_ids->z_fgid), | |
1806 | acl_ids->z_fgid, ZFS_GROUP); | |
1807 | } | |
34dc7c2f | 1808 | } else { |
3558fd73 | 1809 | acl_ids->z_fgid = zfs_fuid_create_cred(zsb, |
9babb374 | 1810 | ZFS_GROUP, cr, &acl_ids->z_fuidp); |
34dc7c2f BB |
1811 | gid = crgetgid(cr); |
1812 | } | |
1813 | } | |
1814 | } | |
a405c8a6 | 1815 | #endif /* HAVE_KSID */ |
34dc7c2f BB |
1816 | |
1817 | /* | |
1818 | * If we're creating a directory, and the parent directory has the | |
1819 | * set-GID bit set, set in on the new directory. | |
1820 | * Otherwise, if the user is neither privileged nor a member of the | |
1821 | * file's new group, clear the file's set-GID bit. | |
1822 | */ | |
1823 | ||
428870ff | 1824 | if (!(flag & IS_ROOT_NODE) && (dzp->z_mode & S_ISGID) && |
3558fd73 | 1825 | (S_ISDIR(vap->va_mode))) { |
9babb374 | 1826 | acl_ids->z_mode |= S_ISGID; |
34dc7c2f | 1827 | } else { |
9babb374 | 1828 | if ((acl_ids->z_mode & S_ISGID) && |
34dc7c2f | 1829 | secpolicy_vnode_setids_setgids(cr, gid) != 0) |
9babb374 | 1830 | acl_ids->z_mode &= ~S_ISGID; |
34dc7c2f BB |
1831 | } |
1832 | ||
9babb374 | 1833 | if (acl_ids->z_aclp == NULL) { |
572e2857 | 1834 | mutex_enter(&dzp->z_acl_lock); |
9babb374 | 1835 | mutex_enter(&dzp->z_lock); |
3558fd73 | 1836 | if (!(flag & IS_ROOT_NODE) && (S_ISDIR(ZTOI(dzp)->i_mode) && |
428870ff BB |
1837 | (dzp->z_pflags & ZFS_INHERIT_ACE)) && |
1838 | !(dzp->z_pflags & ZFS_XATTR)) { | |
572e2857 BB |
1839 | VERIFY(0 == zfs_acl_node_read(dzp, B_TRUE, |
1840 | &paclp, B_FALSE)); | |
3558fd73 BB |
1841 | acl_ids->z_aclp = zfs_acl_inherit(zsb, |
1842 | vap->va_mode, paclp, acl_ids->z_mode, &need_chmod); | |
428870ff | 1843 | inherited = B_TRUE; |
34dc7c2f | 1844 | } else { |
9babb374 BB |
1845 | acl_ids->z_aclp = |
1846 | zfs_acl_alloc(zfs_acl_version_zp(dzp)); | |
428870ff | 1847 | acl_ids->z_aclp->z_hints |= ZFS_ACL_TRIVIAL; |
9babb374 BB |
1848 | } |
1849 | mutex_exit(&dzp->z_lock); | |
572e2857 | 1850 | mutex_exit(&dzp->z_acl_lock); |
9babb374 | 1851 | if (need_chmod) { |
3558fd73 | 1852 | acl_ids->z_aclp->z_hints |= S_ISDIR(vap->va_mode) ? |
9babb374 | 1853 | ZFS_ACL_AUTO_INHERIT : 0; |
3558fd73 | 1854 | zfs_acl_chmod(zsb, acl_ids->z_mode, acl_ids->z_aclp); |
34dc7c2f | 1855 | } |
34dc7c2f BB |
1856 | } |
1857 | ||
428870ff BB |
1858 | if (inherited || vsecp) { |
1859 | acl_ids->z_mode = zfs_mode_compute(acl_ids->z_mode, | |
1860 | acl_ids->z_aclp, &acl_ids->z_aclp->z_hints, | |
1861 | acl_ids->z_fuid, acl_ids->z_fgid); | |
1862 | if (ace_trivial_common(acl_ids->z_aclp, 0, zfs_ace_walk) == 0) | |
1863 | acl_ids->z_aclp->z_hints |= ZFS_ACL_TRIVIAL; | |
1864 | } | |
1865 | ||
9babb374 BB |
1866 | return (0); |
1867 | } | |
34dc7c2f | 1868 | |
9babb374 BB |
1869 | /* |
1870 | * Free ACL and fuid_infop, but not the acl_ids structure | |
1871 | */ | |
1872 | void | |
1873 | zfs_acl_ids_free(zfs_acl_ids_t *acl_ids) | |
1874 | { | |
1875 | if (acl_ids->z_aclp) | |
1876 | zfs_acl_free(acl_ids->z_aclp); | |
1877 | if (acl_ids->z_fuidp) | |
1878 | zfs_fuid_info_free(acl_ids->z_fuidp); | |
1879 | acl_ids->z_aclp = NULL; | |
1880 | acl_ids->z_fuidp = NULL; | |
1881 | } | |
34dc7c2f | 1882 | |
9babb374 | 1883 | boolean_t |
3558fd73 | 1884 | zfs_acl_ids_overquota(zfs_sb_t *zsb, zfs_acl_ids_t *acl_ids) |
9babb374 | 1885 | { |
3558fd73 BB |
1886 | return (zfs_fuid_overquota(zsb, B_FALSE, acl_ids->z_fuid) || |
1887 | zfs_fuid_overquota(zsb, B_TRUE, acl_ids->z_fgid)); | |
34dc7c2f BB |
1888 | } |
1889 | ||
1890 | /* | |
a08ee875 | 1891 | * Retrieve a file's ACL |
34dc7c2f BB |
1892 | */ |
1893 | int | |
1894 | zfs_getacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr) | |
1895 | { | |
1896 | zfs_acl_t *aclp; | |
1897 | ulong_t mask; | |
1898 | int error; | |
1899 | int count = 0; | |
1900 | int largeace = 0; | |
1901 | ||
1902 | mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT | | |
1903 | VSA_ACE_ACLFLAGS | VSA_ACE_ALLTYPES); | |
1904 | ||
34dc7c2f | 1905 | if (mask == 0) |
a08ee875 | 1906 | return (SET_ERROR(ENOSYS)); |
34dc7c2f | 1907 | |
149e873a | 1908 | if ((error = zfs_zaccess(zp, ACE_READ_ACL, 0, skipaclchk, cr))) |
428870ff BB |
1909 | return (error); |
1910 | ||
34dc7c2f BB |
1911 | mutex_enter(&zp->z_acl_lock); |
1912 | ||
572e2857 | 1913 | error = zfs_acl_node_read(zp, B_FALSE, &aclp, B_FALSE); |
34dc7c2f BB |
1914 | if (error != 0) { |
1915 | mutex_exit(&zp->z_acl_lock); | |
1916 | return (error); | |
1917 | } | |
1918 | ||
1919 | /* | |
1920 | * Scan ACL to determine number of ACEs | |
1921 | */ | |
428870ff | 1922 | if ((zp->z_pflags & ZFS_ACL_OBJ_ACE) && !(mask & VSA_ACE_ALLTYPES)) { |
34dc7c2f BB |
1923 | void *zacep = NULL; |
1924 | uint64_t who; | |
1925 | uint32_t access_mask; | |
1926 | uint16_t type, iflags; | |
1927 | ||
149e873a BB |
1928 | while ((zacep = zfs_acl_next_ace(aclp, zacep, |
1929 | &who, &access_mask, &iflags, &type))) { | |
34dc7c2f BB |
1930 | switch (type) { |
1931 | case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: | |
1932 | case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: | |
1933 | case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: | |
1934 | case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: | |
1935 | largeace++; | |
1936 | continue; | |
1937 | default: | |
1938 | count++; | |
1939 | } | |
1940 | } | |
1941 | vsecp->vsa_aclcnt = count; | |
1942 | } else | |
428870ff | 1943 | count = (int)aclp->z_acl_count; |
34dc7c2f BB |
1944 | |
1945 | if (mask & VSA_ACECNT) { | |
1946 | vsecp->vsa_aclcnt = count; | |
1947 | } | |
1948 | ||
1949 | if (mask & VSA_ACE) { | |
1950 | size_t aclsz; | |
1951 | ||
34dc7c2f BB |
1952 | aclsz = count * sizeof (ace_t) + |
1953 | sizeof (ace_object_t) * largeace; | |
1954 | ||
1955 | vsecp->vsa_aclentp = kmem_alloc(aclsz, KM_SLEEP); | |
1956 | vsecp->vsa_aclentsz = aclsz; | |
1957 | ||
1958 | if (aclp->z_version == ZFS_ACL_VERSION_FUID) | |
3558fd73 | 1959 | zfs_copy_fuid_2_ace(ZTOZSB(zp), aclp, cr, |
34dc7c2f BB |
1960 | vsecp->vsa_aclentp, !(mask & VSA_ACE_ALLTYPES)); |
1961 | else { | |
428870ff BB |
1962 | zfs_acl_node_t *aclnode; |
1963 | void *start = vsecp->vsa_aclentp; | |
1964 | ||
1965 | for (aclnode = list_head(&aclp->z_acl); aclnode; | |
1966 | aclnode = list_next(&aclp->z_acl, aclnode)) { | |
1967 | bcopy(aclnode->z_acldata, start, | |
1968 | aclnode->z_size); | |
1969 | start = (caddr_t)start + aclnode->z_size; | |
1970 | } | |
1971 | ASSERT((caddr_t)start - (caddr_t)vsecp->vsa_aclentp == | |
1972 | aclp->z_acl_bytes); | |
34dc7c2f BB |
1973 | } |
1974 | } | |
1975 | if (mask & VSA_ACE_ACLFLAGS) { | |
1976 | vsecp->vsa_aclflags = 0; | |
428870ff | 1977 | if (zp->z_pflags & ZFS_ACL_DEFAULTED) |
34dc7c2f | 1978 | vsecp->vsa_aclflags |= ACL_DEFAULTED; |
428870ff | 1979 | if (zp->z_pflags & ZFS_ACL_PROTECTED) |
34dc7c2f | 1980 | vsecp->vsa_aclflags |= ACL_PROTECTED; |
428870ff | 1981 | if (zp->z_pflags & ZFS_ACL_AUTO_INHERIT) |
34dc7c2f BB |
1982 | vsecp->vsa_aclflags |= ACL_AUTO_INHERIT; |
1983 | } | |
1984 | ||
1985 | mutex_exit(&zp->z_acl_lock); | |
1986 | ||
34dc7c2f BB |
1987 | return (0); |
1988 | } | |
1989 | ||
1990 | int | |
3558fd73 | 1991 | zfs_vsec_2_aclp(zfs_sb_t *zsb, umode_t obj_mode, |
9babb374 | 1992 | vsecattr_t *vsecp, cred_t *cr, zfs_fuid_info_t **fuidp, zfs_acl_t **zaclp) |
34dc7c2f BB |
1993 | { |
1994 | zfs_acl_t *aclp; | |
1995 | zfs_acl_node_t *aclnode; | |
1996 | int aclcnt = vsecp->vsa_aclcnt; | |
1997 | int error; | |
1998 | ||
1999 | if (vsecp->vsa_aclcnt > MAX_ACL_ENTRIES || vsecp->vsa_aclcnt <= 0) | |
a08ee875 | 2000 | return (SET_ERROR(EINVAL)); |
34dc7c2f | 2001 | |
3558fd73 | 2002 | aclp = zfs_acl_alloc(zfs_acl_version(zsb->z_version)); |
34dc7c2f BB |
2003 | |
2004 | aclp->z_hints = 0; | |
2005 | aclnode = zfs_acl_node_alloc(aclcnt * sizeof (zfs_object_ace_t)); | |
2006 | if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) { | |
3558fd73 | 2007 | if ((error = zfs_copy_ace_2_oldace(obj_mode, aclp, |
34dc7c2f BB |
2008 | (ace_t *)vsecp->vsa_aclentp, aclnode->z_acldata, |
2009 | aclcnt, &aclnode->z_size)) != 0) { | |
2010 | zfs_acl_free(aclp); | |
2011 | zfs_acl_node_free(aclnode); | |
2012 | return (error); | |
2013 | } | |
2014 | } else { | |
3558fd73 | 2015 | if ((error = zfs_copy_ace_2_fuid(zsb, obj_mode, aclp, |
34dc7c2f | 2016 | vsecp->vsa_aclentp, aclnode->z_acldata, aclcnt, |
9babb374 | 2017 | &aclnode->z_size, fuidp, cr)) != 0) { |
34dc7c2f BB |
2018 | zfs_acl_free(aclp); |
2019 | zfs_acl_node_free(aclnode); | |
2020 | return (error); | |
2021 | } | |
2022 | } | |
2023 | aclp->z_acl_bytes = aclnode->z_size; | |
2024 | aclnode->z_ace_count = aclcnt; | |
2025 | aclp->z_acl_count = aclcnt; | |
2026 | list_insert_head(&aclp->z_acl, aclnode); | |
2027 | ||
2028 | /* | |
2029 | * If flags are being set then add them to z_hints | |
2030 | */ | |
2031 | if (vsecp->vsa_mask & VSA_ACE_ACLFLAGS) { | |
2032 | if (vsecp->vsa_aclflags & ACL_PROTECTED) | |
2033 | aclp->z_hints |= ZFS_ACL_PROTECTED; | |
2034 | if (vsecp->vsa_aclflags & ACL_DEFAULTED) | |
2035 | aclp->z_hints |= ZFS_ACL_DEFAULTED; | |
2036 | if (vsecp->vsa_aclflags & ACL_AUTO_INHERIT) | |
2037 | aclp->z_hints |= ZFS_ACL_AUTO_INHERIT; | |
2038 | } | |
2039 | ||
2040 | *zaclp = aclp; | |
2041 | ||
2042 | return (0); | |
2043 | } | |
2044 | ||
2045 | /* | |
a08ee875 | 2046 | * Set a file's ACL |
34dc7c2f BB |
2047 | */ |
2048 | int | |
2049 | zfs_setacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr) | |
2050 | { | |
3558fd73 BB |
2051 | zfs_sb_t *zsb = ZTOZSB(zp); |
2052 | zilog_t *zilog = zsb->z_log; | |
34dc7c2f BB |
2053 | ulong_t mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT); |
2054 | dmu_tx_t *tx; | |
2055 | int error; | |
2056 | zfs_acl_t *aclp; | |
2057 | zfs_fuid_info_t *fuidp = NULL; | |
9babb374 | 2058 | boolean_t fuid_dirtied; |
572e2857 | 2059 | uint64_t acl_obj; |
34dc7c2f BB |
2060 | |
2061 | if (mask == 0) | |
a08ee875 | 2062 | return (SET_ERROR(ENOSYS)); |
34dc7c2f | 2063 | |
428870ff | 2064 | if (zp->z_pflags & ZFS_IMMUTABLE) |
a08ee875 | 2065 | return (SET_ERROR(EPERM)); |
34dc7c2f | 2066 | |
149e873a | 2067 | if ((error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr))) |
34dc7c2f BB |
2068 | return (error); |
2069 | ||
3558fd73 | 2070 | error = zfs_vsec_2_aclp(zsb, ZTOI(zp)->i_mode, vsecp, cr, &fuidp, |
9babb374 | 2071 | &aclp); |
34dc7c2f BB |
2072 | if (error) |
2073 | return (error); | |
2074 | ||
2075 | /* | |
2076 | * If ACL wide flags aren't being set then preserve any | |
2077 | * existing flags. | |
2078 | */ | |
2079 | if (!(vsecp->vsa_mask & VSA_ACE_ACLFLAGS)) { | |
428870ff BB |
2080 | aclp->z_hints |= |
2081 | (zp->z_pflags & V4_ACL_WIDE_FLAGS); | |
34dc7c2f BB |
2082 | } |
2083 | top: | |
34dc7c2f | 2084 | mutex_enter(&zp->z_acl_lock); |
572e2857 | 2085 | mutex_enter(&zp->z_lock); |
34dc7c2f | 2086 | |
3558fd73 | 2087 | tx = dmu_tx_create(zsb->z_os); |
428870ff BB |
2088 | |
2089 | dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE); | |
2090 | ||
3558fd73 | 2091 | fuid_dirtied = zsb->z_fuid_dirty; |
428870ff | 2092 | if (fuid_dirtied) |
3558fd73 | 2093 | zfs_fuid_txhold(zsb, tx); |
428870ff BB |
2094 | |
2095 | /* | |
2096 | * If old version and ACL won't fit in bonus and we aren't | |
2097 | * upgrading then take out necessary DMU holds | |
2098 | */ | |
2099 | ||
572e2857 | 2100 | if ((acl_obj = zfs_external_acl(zp)) != 0) { |
3558fd73 | 2101 | if (zsb->z_version >= ZPL_VERSION_FUID && |
572e2857 BB |
2102 | zfs_znode_acl_version(zp) <= ZFS_ACL_VERSION_INITIAL) { |
2103 | dmu_tx_hold_free(tx, acl_obj, 0, | |
428870ff | 2104 | DMU_OBJECT_END); |
572e2857 BB |
2105 | dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, |
2106 | aclp->z_acl_bytes); | |
34dc7c2f | 2107 | } else { |
572e2857 | 2108 | dmu_tx_hold_write(tx, acl_obj, 0, aclp->z_acl_bytes); |
34dc7c2f | 2109 | } |
428870ff | 2110 | } else if (!zp->z_is_sa && aclp->z_acl_bytes > ZFS_ACE_SPACE) { |
34dc7c2f BB |
2111 | dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, aclp->z_acl_bytes); |
2112 | } | |
34dc7c2f | 2113 | |
428870ff | 2114 | zfs_sa_upgrade_txholds(tx, zp); |
fb5f0bc8 | 2115 | error = dmu_tx_assign(tx, TXG_NOWAIT); |
34dc7c2f BB |
2116 | if (error) { |
2117 | mutex_exit(&zp->z_acl_lock); | |
2118 | mutex_exit(&zp->z_lock); | |
2119 | ||
fb5f0bc8 | 2120 | if (error == ERESTART) { |
34dc7c2f BB |
2121 | dmu_tx_wait(tx); |
2122 | dmu_tx_abort(tx); | |
2123 | goto top; | |
2124 | } | |
2125 | dmu_tx_abort(tx); | |
2126 | zfs_acl_free(aclp); | |
2127 | return (error); | |
2128 | } | |
2129 | ||
9babb374 | 2130 | error = zfs_aclset_common(zp, aclp, cr, tx); |
34dc7c2f | 2131 | ASSERT(error == 0); |
572e2857 | 2132 | ASSERT(zp->z_acl_cached == NULL); |
45d1cae3 | 2133 | zp->z_acl_cached = aclp; |
34dc7c2f | 2134 | |
9babb374 | 2135 | if (fuid_dirtied) |
3558fd73 | 2136 | zfs_fuid_sync(zsb, tx); |
9babb374 | 2137 | |
34dc7c2f BB |
2138 | zfs_log_acl(zilog, tx, zp, vsecp, fuidp); |
2139 | ||
2140 | if (fuidp) | |
2141 | zfs_fuid_info_free(fuidp); | |
34dc7c2f | 2142 | dmu_tx_commit(tx); |
c60bc1fb | 2143 | |
34dc7c2f | 2144 | mutex_exit(&zp->z_lock); |
572e2857 | 2145 | mutex_exit(&zp->z_acl_lock); |
34dc7c2f BB |
2146 | |
2147 | return (error); | |
2148 | } | |
2149 | ||
2150 | /* | |
9babb374 BB |
2151 | * Check accesses of interest (AoI) against attributes of the dataset |
2152 | * such as read-only. Returns zero if no AoI conflict with dataset | |
2153 | * attributes, otherwise an appropriate errno is returned. | |
34dc7c2f BB |
2154 | */ |
2155 | static int | |
9babb374 | 2156 | zfs_zaccess_dataset_check(znode_t *zp, uint32_t v4_mode) |
34dc7c2f | 2157 | { |
2cf7f52b | 2158 | if ((v4_mode & WRITE_MASK) && (zfs_is_readonly(ZTOZSB(zp))) && |
3558fd73 BB |
2159 | (!S_ISDEV(ZTOI(zp)->i_mode) || |
2160 | (S_ISDEV(ZTOI(zp)->i_mode) && (v4_mode & WRITE_MASK_ATTRS)))) { | |
a08ee875 | 2161 | return (SET_ERROR(EROFS)); |
34dc7c2f BB |
2162 | } |
2163 | ||
2164 | /* | |
2165 | * Only check for READONLY on non-directories. | |
2166 | */ | |
2167 | if ((v4_mode & WRITE_MASK_DATA) && | |
3558fd73 | 2168 | ((!S_ISDIR(ZTOI(zp)->i_mode) && |
428870ff | 2169 | (zp->z_pflags & (ZFS_READONLY | ZFS_IMMUTABLE))) || |
3558fd73 | 2170 | (S_ISDIR(ZTOI(zp)->i_mode) && |
428870ff | 2171 | (zp->z_pflags & ZFS_IMMUTABLE)))) { |
a08ee875 | 2172 | return (SET_ERROR(EPERM)); |
34dc7c2f BB |
2173 | } |
2174 | ||
2175 | if ((v4_mode & (ACE_DELETE | ACE_DELETE_CHILD)) && | |
428870ff | 2176 | (zp->z_pflags & ZFS_NOUNLINK)) { |
a08ee875 | 2177 | return (SET_ERROR(EPERM)); |
34dc7c2f BB |
2178 | } |
2179 | ||
2180 | if (((v4_mode & (ACE_READ_DATA|ACE_EXECUTE)) && | |
428870ff | 2181 | (zp->z_pflags & ZFS_AV_QUARANTINED))) { |
a08ee875 | 2182 | return (SET_ERROR(EACCES)); |
34dc7c2f BB |
2183 | } |
2184 | ||
9babb374 BB |
2185 | return (0); |
2186 | } | |
2187 | ||
2188 | /* | |
2189 | * The primary usage of this function is to loop through all of the | |
2190 | * ACEs in the znode, determining what accesses of interest (AoI) to | |
2191 | * the caller are allowed or denied. The AoI are expressed as bits in | |
2192 | * the working_mode parameter. As each ACE is processed, bits covered | |
2193 | * by that ACE are removed from the working_mode. This removal | |
2194 | * facilitates two things. The first is that when the working mode is | |
2195 | * empty (= 0), we know we've looked at all the AoI. The second is | |
2196 | * that the ACE interpretation rules don't allow a later ACE to undo | |
2197 | * something granted or denied by an earlier ACE. Removing the | |
2198 | * discovered access or denial enforces this rule. At the end of | |
2199 | * processing the ACEs, all AoI that were found to be denied are | |
2200 | * placed into the working_mode, giving the caller a mask of denied | |
2201 | * accesses. Returns: | |
2202 | * 0 if all AoI granted | |
2203 | * EACCESS if the denied mask is non-zero | |
2204 | * other error if abnormal failure (e.g., IO error) | |
2205 | * | |
2206 | * A secondary usage of the function is to determine if any of the | |
2207 | * AoI are granted. If an ACE grants any access in | |
2208 | * the working_mode, we immediately short circuit out of the function. | |
2209 | * This mode is chosen by setting anyaccess to B_TRUE. The | |
2210 | * working_mode is not a denied access mask upon exit if the function | |
2211 | * is used in this manner. | |
2212 | */ | |
2213 | static int | |
2214 | zfs_zaccess_aces_check(znode_t *zp, uint32_t *working_mode, | |
2215 | boolean_t anyaccess, cred_t *cr) | |
2216 | { | |
3558fd73 | 2217 | zfs_sb_t *zsb = ZTOZSB(zp); |
9babb374 BB |
2218 | zfs_acl_t *aclp; |
2219 | int error; | |
2220 | uid_t uid = crgetuid(cr); | |
3558fd73 | 2221 | uint64_t who; |
9babb374 BB |
2222 | uint16_t type, iflags; |
2223 | uint16_t entry_type; | |
2224 | uint32_t access_mask; | |
2225 | uint32_t deny_mask = 0; | |
2226 | zfs_ace_hdr_t *acep = NULL; | |
2227 | boolean_t checkit; | |
572e2857 BB |
2228 | uid_t gowner; |
2229 | uid_t fowner; | |
2230 | ||
2231 | zfs_fuid_map_ids(zp, cr, &fowner, &gowner); | |
34dc7c2f BB |
2232 | |
2233 | mutex_enter(&zp->z_acl_lock); | |
2234 | ||
572e2857 | 2235 | error = zfs_acl_node_read(zp, B_FALSE, &aclp, B_FALSE); |
34dc7c2f BB |
2236 | if (error != 0) { |
2237 | mutex_exit(&zp->z_acl_lock); | |
2238 | return (error); | |
2239 | } | |
2240 | ||
428870ff BB |
2241 | ASSERT(zp->z_acl_cached); |
2242 | ||
149e873a BB |
2243 | while ((acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask, |
2244 | &iflags, &type))) { | |
9babb374 | 2245 | uint32_t mask_matched; |
34dc7c2f | 2246 | |
b128c09f BB |
2247 | if (!zfs_acl_valid_ace_type(type, iflags)) |
2248 | continue; | |
2249 | ||
3558fd73 BB |
2250 | if (S_ISDIR(ZTOI(zp)->i_mode) && |
2251 | (iflags & ACE_INHERIT_ONLY_ACE)) | |
34dc7c2f BB |
2252 | continue; |
2253 | ||
9babb374 BB |
2254 | /* Skip ACE if it does not affect any AoI */ |
2255 | mask_matched = (access_mask & *working_mode); | |
2256 | if (!mask_matched) | |
2257 | continue; | |
2258 | ||
34dc7c2f BB |
2259 | entry_type = (iflags & ACE_TYPE_FLAGS); |
2260 | ||
2261 | checkit = B_FALSE; | |
2262 | ||
2263 | switch (entry_type) { | |
2264 | case ACE_OWNER: | |
572e2857 | 2265 | if (uid == fowner) |
34dc7c2f BB |
2266 | checkit = B_TRUE; |
2267 | break; | |
2268 | case OWNING_GROUP: | |
2269 | who = gowner; | |
2270 | /*FALLTHROUGH*/ | |
2271 | case ACE_IDENTIFIER_GROUP: | |
3558fd73 | 2272 | checkit = zfs_groupmember(zsb, who, cr); |
34dc7c2f BB |
2273 | break; |
2274 | case ACE_EVERYONE: | |
2275 | checkit = B_TRUE; | |
2276 | break; | |
2277 | ||
2278 | /* USER Entry */ | |
2279 | default: | |
2280 | if (entry_type == 0) { | |
2281 | uid_t newid; | |
2282 | ||
3558fd73 | 2283 | newid = zfs_fuid_map_id(zsb, who, cr, |
34dc7c2f BB |
2284 | ZFS_ACE_USER); |
2285 | if (newid != IDMAP_WK_CREATOR_OWNER_UID && | |
2286 | uid == newid) | |
2287 | checkit = B_TRUE; | |
2288 | break; | |
2289 | } else { | |
34dc7c2f | 2290 | mutex_exit(&zp->z_acl_lock); |
a08ee875 | 2291 | return (SET_ERROR(EIO)); |
34dc7c2f BB |
2292 | } |
2293 | } | |
2294 | ||
2295 | if (checkit) { | |
9babb374 BB |
2296 | if (type == DENY) { |
2297 | DTRACE_PROBE3(zfs__ace__denies, | |
2298 | znode_t *, zp, | |
2299 | zfs_ace_hdr_t *, acep, | |
2300 | uint32_t, mask_matched); | |
2301 | deny_mask |= mask_matched; | |
2302 | } else { | |
2303 | DTRACE_PROBE3(zfs__ace__allows, | |
2304 | znode_t *, zp, | |
2305 | zfs_ace_hdr_t *, acep, | |
2306 | uint32_t, mask_matched); | |
2307 | if (anyaccess) { | |
2308 | mutex_exit(&zp->z_acl_lock); | |
9babb374 BB |
2309 | return (0); |
2310 | } | |
34dc7c2f | 2311 | } |
9babb374 | 2312 | *working_mode &= ~mask_matched; |
34dc7c2f BB |
2313 | } |
2314 | ||
2315 | /* Are we done? */ | |
2316 | if (*working_mode == 0) | |
2317 | break; | |
2318 | } | |
2319 | ||
2320 | mutex_exit(&zp->z_acl_lock); | |
34dc7c2f BB |
2321 | |
2322 | /* Put the found 'denies' back on the working mode */ | |
b128c09f BB |
2323 | if (deny_mask) { |
2324 | *working_mode |= deny_mask; | |
a08ee875 | 2325 | return (SET_ERROR(EACCES)); |
b128c09f BB |
2326 | } else if (*working_mode) { |
2327 | return (-1); | |
2328 | } | |
34dc7c2f BB |
2329 | |
2330 | return (0); | |
2331 | } | |
2332 | ||
9babb374 BB |
2333 | /* |
2334 | * Return true if any access whatsoever granted, we don't actually | |
2335 | * care what access is granted. | |
2336 | */ | |
2337 | boolean_t | |
2338 | zfs_has_access(znode_t *zp, cred_t *cr) | |
2339 | { | |
2340 | uint32_t have = ACE_ALL_PERMS; | |
2341 | ||
2342 | if (zfs_zaccess_aces_check(zp, &have, B_TRUE, cr) != 0) { | |
572e2857 BB |
2343 | uid_t owner; |
2344 | ||
3558fd73 BB |
2345 | owner = zfs_fuid_map_id(ZTOZSB(zp), zp->z_uid, cr, ZFS_OWNER); |
2346 | return (secpolicy_vnode_any_access(cr, ZTOI(zp), owner) == 0); | |
9babb374 BB |
2347 | } |
2348 | return (B_TRUE); | |
2349 | } | |
2350 | ||
2351 | static int | |
2352 | zfs_zaccess_common(znode_t *zp, uint32_t v4_mode, uint32_t *working_mode, | |
2353 | boolean_t *check_privs, boolean_t skipaclchk, cred_t *cr) | |
2354 | { | |
3558fd73 | 2355 | zfs_sb_t *zsb = ZTOZSB(zp); |
9babb374 BB |
2356 | int err; |
2357 | ||
2358 | *working_mode = v4_mode; | |
2359 | *check_privs = B_TRUE; | |
2360 | ||
2361 | /* | |
2362 | * Short circuit empty requests | |
2363 | */ | |
3558fd73 | 2364 | if (v4_mode == 0 || zsb->z_replay) { |
9babb374 BB |
2365 | *working_mode = 0; |
2366 | return (0); | |
2367 | } | |
2368 | ||
2369 | if ((err = zfs_zaccess_dataset_check(zp, v4_mode)) != 0) { | |
2370 | *check_privs = B_FALSE; | |
2371 | return (err); | |
2372 | } | |
2373 | ||
2374 | /* | |
2375 | * The caller requested that the ACL check be skipped. This | |
2376 | * would only happen if the caller checked VOP_ACCESS() with a | |
2377 | * 32 bit ACE mask and already had the appropriate permissions. | |
2378 | */ | |
2379 | if (skipaclchk) { | |
2380 | *working_mode = 0; | |
2381 | return (0); | |
2382 | } | |
2383 | ||
2384 | return (zfs_zaccess_aces_check(zp, working_mode, B_FALSE, cr)); | |
2385 | } | |
2386 | ||
34dc7c2f BB |
2387 | static int |
2388 | zfs_zaccess_append(znode_t *zp, uint32_t *working_mode, boolean_t *check_privs, | |
2389 | cred_t *cr) | |
2390 | { | |
2391 | if (*working_mode != ACE_WRITE_DATA) | |
a08ee875 | 2392 | return (SET_ERROR(EACCES)); |
34dc7c2f BB |
2393 | |
2394 | return (zfs_zaccess_common(zp, ACE_APPEND_DATA, working_mode, | |
2395 | check_privs, B_FALSE, cr)); | |
2396 | } | |
2397 | ||
45d1cae3 BB |
2398 | int |
2399 | zfs_fastaccesschk_execute(znode_t *zdp, cred_t *cr) | |
2400 | { | |
2401 | boolean_t owner = B_FALSE; | |
2402 | boolean_t groupmbr = B_FALSE; | |
2403 | boolean_t is_attr; | |
45d1cae3 BB |
2404 | uid_t uid = crgetuid(cr); |
2405 | int error; | |
2406 | ||
428870ff | 2407 | if (zdp->z_pflags & ZFS_AV_QUARANTINED) |
a08ee875 | 2408 | return (SET_ERROR(EACCES)); |
45d1cae3 | 2409 | |
428870ff | 2410 | is_attr = ((zdp->z_pflags & ZFS_XATTR) && |
3558fd73 | 2411 | (S_ISDIR(ZTOI(zdp)->i_mode))); |
45d1cae3 BB |
2412 | if (is_attr) |
2413 | goto slow; | |
2414 | ||
428870ff | 2415 | |
45d1cae3 BB |
2416 | mutex_enter(&zdp->z_acl_lock); |
2417 | ||
428870ff | 2418 | if (zdp->z_pflags & ZFS_NO_EXECS_DENIED) { |
45d1cae3 BB |
2419 | mutex_exit(&zdp->z_acl_lock); |
2420 | return (0); | |
2421 | } | |
2422 | ||
572e2857 | 2423 | if (FUID_INDEX(zdp->z_uid) != 0 || FUID_INDEX(zdp->z_gid) != 0) { |
45d1cae3 BB |
2424 | mutex_exit(&zdp->z_acl_lock); |
2425 | goto slow; | |
2426 | } | |
2427 | ||
428870ff | 2428 | if (uid == zdp->z_uid) { |
45d1cae3 | 2429 | owner = B_TRUE; |
428870ff | 2430 | if (zdp->z_mode & S_IXUSR) { |
45d1cae3 BB |
2431 | mutex_exit(&zdp->z_acl_lock); |
2432 | return (0); | |
2433 | } else { | |
2434 | mutex_exit(&zdp->z_acl_lock); | |
2435 | goto slow; | |
2436 | } | |
2437 | } | |
428870ff | 2438 | if (groupmember(zdp->z_gid, cr)) { |
45d1cae3 | 2439 | groupmbr = B_TRUE; |
428870ff | 2440 | if (zdp->z_mode & S_IXGRP) { |
45d1cae3 BB |
2441 | mutex_exit(&zdp->z_acl_lock); |
2442 | return (0); | |
2443 | } else { | |
2444 | mutex_exit(&zdp->z_acl_lock); | |
2445 | goto slow; | |
2446 | } | |
2447 | } | |
2448 | if (!owner && !groupmbr) { | |
428870ff | 2449 | if (zdp->z_mode & S_IXOTH) { |
45d1cae3 BB |
2450 | mutex_exit(&zdp->z_acl_lock); |
2451 | return (0); | |
2452 | } | |
2453 | } | |
2454 | ||
2455 | mutex_exit(&zdp->z_acl_lock); | |
2456 | ||
2457 | slow: | |
2458 | DTRACE_PROBE(zfs__fastpath__execute__access__miss); | |
3558fd73 | 2459 | ZFS_ENTER(ZTOZSB(zdp)); |
45d1cae3 | 2460 | error = zfs_zaccess(zdp, ACE_EXECUTE, 0, B_FALSE, cr); |
3558fd73 | 2461 | ZFS_EXIT(ZTOZSB(zdp)); |
45d1cae3 BB |
2462 | return (error); |
2463 | } | |
2464 | ||
34dc7c2f | 2465 | /* |
428870ff | 2466 | * Determine whether Access should be granted/denied. |
a08ee875 | 2467 | * |
428870ff BB |
2468 | * The least priv subsytem is always consulted as a basic privilege |
2469 | * can define any form of access. | |
34dc7c2f BB |
2470 | */ |
2471 | int | |
2472 | zfs_zaccess(znode_t *zp, int mode, int flags, boolean_t skipaclchk, cred_t *cr) | |
2473 | { | |
2474 | uint32_t working_mode; | |
2475 | int error; | |
3558fd73 | 2476 | boolean_t check_privs; |
3558fd73 | 2477 | znode_t *check_zp = zp; |
428870ff | 2478 | mode_t needed_bits; |
572e2857 | 2479 | uid_t owner; |
34dc7c2f | 2480 | |
34dc7c2f BB |
2481 | /* |
2482 | * If attribute then validate against base file | |
2483 | */ | |
e89260a1 | 2484 | if ((zp->z_pflags & ZFS_XATTR) && S_ISDIR(ZTOI(zp)->i_mode)) { |
428870ff BB |
2485 | uint64_t parent; |
2486 | ||
e89260a1 BB |
2487 | rw_enter(&zp->z_xattr_lock, RW_READER); |
2488 | if (zp->z_xattr_parent) { | |
2489 | check_zp = zp->z_xattr_parent; | |
2490 | rw_exit(&zp->z_xattr_lock); | |
428870ff | 2491 | |
e89260a1 BB |
2492 | /* |
2493 | * Verify a lookup yields the same znode. | |
2494 | */ | |
2495 | ASSERT3S(sa_lookup(zp->z_sa_hdl, SA_ZPL_PARENT( | |
2496 | ZTOZSB(zp)), &parent, sizeof (parent)), ==, 0); | |
2497 | ASSERT3U(check_zp->z_id, ==, parent); | |
2498 | } else { | |
2499 | rw_exit(&zp->z_xattr_lock); | |
34dc7c2f | 2500 | |
e89260a1 BB |
2501 | error = sa_lookup(zp->z_sa_hdl, SA_ZPL_PARENT( |
2502 | ZTOZSB(zp)), &parent, sizeof (parent)); | |
2503 | if (error) | |
2504 | return (error); | |
2505 | ||
2506 | /* | |
2507 | * Cache the lookup on the parent file znode as | |
2508 | * zp->z_xattr_parent and hold a reference. This | |
2509 | * effectively pins the parent in memory until all | |
2510 | * child xattr znodes have been destroyed and | |
2511 | * release their references in zfs_inode_destroy(). | |
2512 | */ | |
2513 | error = zfs_zget(ZTOZSB(zp), parent, &check_zp); | |
2514 | if (error) | |
a08ee875 | 2515 | return (error); |
e89260a1 BB |
2516 | |
2517 | rw_enter(&zp->z_xattr_lock, RW_WRITER); | |
2518 | if (zp->z_xattr_parent == NULL) | |
2519 | zp->z_xattr_parent = check_zp; | |
2520 | rw_exit(&zp->z_xattr_lock); | |
2521 | } | |
34dc7c2f BB |
2522 | |
2523 | /* | |
2524 | * fixup mode to map to xattr perms | |
2525 | */ | |
2526 | ||
2527 | if (mode & (ACE_WRITE_DATA|ACE_APPEND_DATA)) { | |
2528 | mode &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA); | |
2529 | mode |= ACE_WRITE_NAMED_ATTRS; | |
2530 | } | |
2531 | ||
2532 | if (mode & (ACE_READ_DATA|ACE_EXECUTE)) { | |
2533 | mode &= ~(ACE_READ_DATA|ACE_EXECUTE); | |
2534 | mode |= ACE_READ_NAMED_ATTRS; | |
2535 | } | |
2536 | } | |
2537 | ||
3558fd73 | 2538 | owner = zfs_fuid_map_id(ZTOZSB(zp), zp->z_uid, cr, ZFS_OWNER); |
428870ff | 2539 | /* |
3558fd73 BB |
2540 | * Map the bits required to the standard inode flags |
2541 | * S_IRUSR|S_IWUSR|S_IXUSR in the needed_bits. Map the bits | |
2542 | * mapped by working_mode (currently missing) in missing_bits. | |
428870ff BB |
2543 | * Call secpolicy_vnode_access2() with (needed_bits & ~checkmode), |
2544 | * needed_bits. | |
2545 | */ | |
2546 | needed_bits = 0; | |
2547 | ||
2548 | working_mode = mode; | |
2549 | if ((working_mode & (ACE_READ_ACL|ACE_READ_ATTRIBUTES)) && | |
572e2857 | 2550 | owner == crgetuid(cr)) |
428870ff BB |
2551 | working_mode &= ~(ACE_READ_ACL|ACE_READ_ATTRIBUTES); |
2552 | ||
2553 | if (working_mode & (ACE_READ_DATA|ACE_READ_NAMED_ATTRS| | |
2554 | ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_SYNCHRONIZE)) | |
3558fd73 | 2555 | needed_bits |= S_IRUSR; |
428870ff BB |
2556 | if (working_mode & (ACE_WRITE_DATA|ACE_WRITE_NAMED_ATTRS| |
2557 | ACE_APPEND_DATA|ACE_WRITE_ATTRIBUTES|ACE_SYNCHRONIZE)) | |
3558fd73 | 2558 | needed_bits |= S_IWUSR; |
428870ff | 2559 | if (working_mode & ACE_EXECUTE) |
3558fd73 | 2560 | needed_bits |= S_IXUSR; |
428870ff | 2561 | |
34dc7c2f BB |
2562 | if ((error = zfs_zaccess_common(check_zp, mode, &working_mode, |
2563 | &check_privs, skipaclchk, cr)) == 0) { | |
3558fd73 | 2564 | return (secpolicy_vnode_access2(cr, ZTOI(zp), owner, |
428870ff | 2565 | needed_bits, needed_bits)); |
34dc7c2f BB |
2566 | } |
2567 | ||
2568 | if (error && !check_privs) { | |
34dc7c2f BB |
2569 | return (error); |
2570 | } | |
2571 | ||
2572 | if (error && (flags & V_APPEND)) { | |
2573 | error = zfs_zaccess_append(zp, &working_mode, &check_privs, cr); | |
2574 | } | |
2575 | ||
2576 | if (error && check_privs) { | |
34dc7c2f BB |
2577 | mode_t checkmode = 0; |
2578 | ||
34dc7c2f BB |
2579 | /* |
2580 | * First check for implicit owner permission on | |
2581 | * read_acl/read_attributes | |
2582 | */ | |
2583 | ||
2584 | error = 0; | |
2585 | ASSERT(working_mode != 0); | |
2586 | ||
2587 | if ((working_mode & (ACE_READ_ACL|ACE_READ_ATTRIBUTES) && | |
572e2857 | 2588 | owner == crgetuid(cr))) |
34dc7c2f BB |
2589 | working_mode &= ~(ACE_READ_ACL|ACE_READ_ATTRIBUTES); |
2590 | ||
2591 | if (working_mode & (ACE_READ_DATA|ACE_READ_NAMED_ATTRS| | |
b128c09f | 2592 | ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_SYNCHRONIZE)) |
3558fd73 | 2593 | checkmode |= S_IRUSR; |
34dc7c2f | 2594 | if (working_mode & (ACE_WRITE_DATA|ACE_WRITE_NAMED_ATTRS| |
b128c09f | 2595 | ACE_APPEND_DATA|ACE_WRITE_ATTRIBUTES|ACE_SYNCHRONIZE)) |
3558fd73 | 2596 | checkmode |= S_IWUSR; |
34dc7c2f | 2597 | if (working_mode & ACE_EXECUTE) |
3558fd73 | 2598 | checkmode |= S_IXUSR; |
34dc7c2f | 2599 | |
3558fd73 | 2600 | error = secpolicy_vnode_access2(cr, ZTOI(check_zp), owner, |
428870ff | 2601 | needed_bits & ~checkmode, needed_bits); |
34dc7c2f BB |
2602 | |
2603 | if (error == 0 && (working_mode & ACE_WRITE_OWNER)) | |
572e2857 | 2604 | error = secpolicy_vnode_chown(cr, owner); |
34dc7c2f | 2605 | if (error == 0 && (working_mode & ACE_WRITE_ACL)) |
572e2857 | 2606 | error = secpolicy_vnode_setdac(cr, owner); |
34dc7c2f BB |
2607 | |
2608 | if (error == 0 && (working_mode & | |
2609 | (ACE_DELETE|ACE_DELETE_CHILD))) | |
2610 | error = secpolicy_vnode_remove(cr); | |
2611 | ||
b128c09f | 2612 | if (error == 0 && (working_mode & ACE_SYNCHRONIZE)) { |
572e2857 | 2613 | error = secpolicy_vnode_chown(cr, owner); |
b128c09f | 2614 | } |
34dc7c2f BB |
2615 | if (error == 0) { |
2616 | /* | |
2617 | * See if any bits other than those already checked | |
2618 | * for are still present. If so then return EACCES | |
2619 | */ | |
2620 | if (working_mode & ~(ZFS_CHECKED_MASKS)) { | |
a08ee875 | 2621 | error = SET_ERROR(EACCES); |
34dc7c2f BB |
2622 | } |
2623 | } | |
428870ff | 2624 | } else if (error == 0) { |
3558fd73 | 2625 | error = secpolicy_vnode_access2(cr, ZTOI(zp), owner, |
428870ff | 2626 | needed_bits, needed_bits); |
34dc7c2f BB |
2627 | } |
2628 | ||
34dc7c2f BB |
2629 | return (error); |
2630 | } | |
2631 | ||
2632 | /* | |
3558fd73 | 2633 | * Translate traditional unix S_IRUSR/S_IWUSR/S_IXUSR mode into |
34dc7c2f BB |
2634 | * native ACL format and call zfs_zaccess() |
2635 | */ | |
2636 | int | |
2637 | zfs_zaccess_rwx(znode_t *zp, mode_t mode, int flags, cred_t *cr) | |
2638 | { | |
2639 | return (zfs_zaccess(zp, zfs_unix_to_v4(mode >> 6), flags, B_FALSE, cr)); | |
2640 | } | |
2641 | ||
2642 | /* | |
2643 | * Access function for secpolicy_vnode_setattr | |
2644 | */ | |
2645 | int | |
2646 | zfs_zaccess_unix(znode_t *zp, mode_t mode, cred_t *cr) | |
2647 | { | |
2648 | int v4_mode = zfs_unix_to_v4(mode >> 6); | |
2649 | ||
2650 | return (zfs_zaccess(zp, v4_mode, 0, B_FALSE, cr)); | |
2651 | } | |
2652 | ||
2653 | static int | |
2654 | zfs_delete_final_check(znode_t *zp, znode_t *dzp, | |
428870ff | 2655 | mode_t available_perms, cred_t *cr) |
34dc7c2f BB |
2656 | { |
2657 | int error; | |
572e2857 BB |
2658 | uid_t downer; |
2659 | ||
3558fd73 | 2660 | downer = zfs_fuid_map_id(ZTOZSB(dzp), dzp->z_uid, cr, ZFS_OWNER); |
34dc7c2f | 2661 | |
3558fd73 BB |
2662 | error = secpolicy_vnode_access2(cr, ZTOI(dzp), |
2663 | downer, available_perms, S_IWUSR|S_IXUSR); | |
34dc7c2f BB |
2664 | |
2665 | if (error == 0) | |
2666 | error = zfs_sticky_remove_access(dzp, zp, cr); | |
2667 | ||
2668 | return (error); | |
2669 | } | |
2670 | ||
2671 | /* | |
2672 | * Determine whether Access should be granted/deny, without | |
2673 | * consulting least priv subsystem. | |
2674 | * | |
34dc7c2f BB |
2675 | * The following chart is the recommended NFSv4 enforcement for |
2676 | * ability to delete an object. | |
2677 | * | |
2678 | * ------------------------------------------------------- | |
2679 | * | Parent Dir | Target Object Permissions | | |
2680 | * | permissions | | | |
2681 | * ------------------------------------------------------- | |
2682 | * | | ACL Allows | ACL Denies| Delete | | |
2683 | * | | Delete | Delete | unspecified| | |
2684 | * ------------------------------------------------------- | |
2685 | * | ACL Allows | Permit | Permit | Permit | | |
2686 | * | DELETE_CHILD | | | |
2687 | * ------------------------------------------------------- | |
2688 | * | ACL Denies | Permit | Deny | Deny | | |
2689 | * | DELETE_CHILD | | | | | |
2690 | * ------------------------------------------------------- | |
2691 | * | ACL specifies | | | | | |
2692 | * | only allow | Permit | Permit | Permit | | |
2693 | * | write and | | | | | |
2694 | * | execute | | | | | |
2695 | * ------------------------------------------------------- | |
2696 | * | ACL denies | | | | | |
2697 | * | write and | Permit | Deny | Deny | | |
2698 | * | execute | | | | | |
2699 | * ------------------------------------------------------- | |
2700 | * ^ | |
2701 | * | | |
2702 | * No search privilege, can't even look up file? | |
2703 | * | |
2704 | */ | |
2705 | int | |
2706 | zfs_zaccess_delete(znode_t *dzp, znode_t *zp, cred_t *cr) | |
2707 | { | |
2708 | uint32_t dzp_working_mode = 0; | |
2709 | uint32_t zp_working_mode = 0; | |
2710 | int dzp_error, zp_error; | |
428870ff | 2711 | mode_t available_perms; |
34dc7c2f BB |
2712 | boolean_t dzpcheck_privs = B_TRUE; |
2713 | boolean_t zpcheck_privs = B_TRUE; | |
2714 | ||
2715 | /* | |
2716 | * We want specific DELETE permissions to | |
2717 | * take precedence over WRITE/EXECUTE. We don't | |
2718 | * want an ACL such as this to mess us up. | |
2719 | * user:joe:write_data:deny,user:joe:delete:allow | |
2720 | * | |
2721 | * However, deny permissions may ultimately be overridden | |
2722 | * by secpolicy_vnode_access(). | |
2723 | * | |
2724 | * We will ask for all of the necessary permissions and then | |
2725 | * look at the working modes from the directory and target object | |
2726 | * to determine what was found. | |
2727 | */ | |
2728 | ||
428870ff | 2729 | if (zp->z_pflags & (ZFS_IMMUTABLE | ZFS_NOUNLINK)) |
a08ee875 | 2730 | return (SET_ERROR(EPERM)); |
34dc7c2f BB |
2731 | |
2732 | /* | |
b128c09f | 2733 | * First row |
34dc7c2f BB |
2734 | * If the directory permissions allow the delete, we are done. |
2735 | */ | |
b128c09f | 2736 | if ((dzp_error = zfs_zaccess_common(dzp, ACE_DELETE_CHILD, |
34dc7c2f BB |
2737 | &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr)) == 0) |
2738 | return (0); | |
2739 | ||
2740 | /* | |
2741 | * If target object has delete permission then we are done | |
2742 | */ | |
2743 | if ((zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode, | |
2744 | &zpcheck_privs, B_FALSE, cr)) == 0) | |
2745 | return (0); | |
2746 | ||
b128c09f BB |
2747 | ASSERT(dzp_error && zp_error); |
2748 | ||
34dc7c2f BB |
2749 | if (!dzpcheck_privs) |
2750 | return (dzp_error); | |
b128c09f | 2751 | if (!zpcheck_privs) |
34dc7c2f BB |
2752 | return (zp_error); |
2753 | ||
34dc7c2f BB |
2754 | /* |
2755 | * Second row | |
b128c09f BB |
2756 | * |
2757 | * If directory returns EACCES then delete_child was denied | |
2758 | * due to deny delete_child. In this case send the request through | |
2759 | * secpolicy_vnode_remove(). We don't use zfs_delete_final_check() | |
2760 | * since that *could* allow the delete based on write/execute permission | |
2761 | * and we want delete permissions to override write/execute. | |
34dc7c2f BB |
2762 | */ |
2763 | ||
34dc7c2f | 2764 | if (dzp_error == EACCES) |
b128c09f | 2765 | return (secpolicy_vnode_remove(cr)); |
34dc7c2f BB |
2766 | |
2767 | /* | |
2768 | * Third Row | |
2769 | * only need to see if we have write/execute on directory. | |
2770 | */ | |
2771 | ||
428870ff BB |
2772 | dzp_error = zfs_zaccess_common(dzp, ACE_EXECUTE|ACE_WRITE_DATA, |
2773 | &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr); | |
34dc7c2f | 2774 | |
428870ff | 2775 | if (dzp_error != 0 && !dzpcheck_privs) |
b128c09f BB |
2776 | return (dzp_error); |
2777 | ||
34dc7c2f | 2778 | /* |
b128c09f | 2779 | * Fourth row |
34dc7c2f BB |
2780 | */ |
2781 | ||
3558fd73 BB |
2782 | available_perms = (dzp_working_mode & ACE_WRITE_DATA) ? 0 : S_IWUSR; |
2783 | available_perms |= (dzp_working_mode & ACE_EXECUTE) ? 0 : S_IXUSR; | |
34dc7c2f | 2784 | |
428870ff | 2785 | return (zfs_delete_final_check(zp, dzp, available_perms, cr)); |
b128c09f | 2786 | |
34dc7c2f BB |
2787 | } |
2788 | ||
2789 | int | |
2790 | zfs_zaccess_rename(znode_t *sdzp, znode_t *szp, znode_t *tdzp, | |
2791 | znode_t *tzp, cred_t *cr) | |
2792 | { | |
2793 | int add_perm; | |
2794 | int error; | |
2795 | ||
428870ff | 2796 | if (szp->z_pflags & ZFS_AV_QUARANTINED) |
a08ee875 | 2797 | return (SET_ERROR(EACCES)); |
34dc7c2f | 2798 | |
3558fd73 | 2799 | add_perm = S_ISDIR(ZTOI(szp)->i_mode) ? |
34dc7c2f BB |
2800 | ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE; |
2801 | ||
2802 | /* | |
2803 | * Rename permissions are combination of delete permission + | |
2804 | * add file/subdir permission. | |
2805 | */ | |
2806 | ||
2807 | /* | |
2808 | * first make sure we do the delete portion. | |
2809 | * | |
2810 | * If that succeeds then check for add_file/add_subdir permissions | |
2811 | */ | |
2812 | ||
149e873a | 2813 | if ((error = zfs_zaccess_delete(sdzp, szp, cr))) |
34dc7c2f BB |
2814 | return (error); |
2815 | ||
2816 | /* | |
2817 | * If we have a tzp, see if we can delete it? | |
2818 | */ | |
2819 | if (tzp) { | |
149e873a | 2820 | if ((error = zfs_zaccess_delete(tdzp, tzp, cr))) |
34dc7c2f BB |
2821 | return (error); |
2822 | } | |
2823 | ||
2824 | /* | |
2825 | * Now check for add permissions | |
2826 | */ | |
2827 | error = zfs_zaccess(tdzp, add_perm, 0, B_FALSE, cr); | |
2828 | ||
2829 | return (error); | |
2830 | } |