]>
Commit | Line | Data |
---|---|---|
34dc7c2f BB |
1 | /* |
2 | * CDDL HEADER START | |
3 | * | |
4 | * The contents of this file are subject to the terms of the | |
5 | * Common Development and Distribution License (the "License"). | |
6 | * You may not use this file except in compliance with the License. | |
7 | * | |
8 | * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
1d3ba0bf | 9 | * or https://opensource.org/licenses/CDDL-1.0. |
34dc7c2f BB |
10 | * See the License for the specific language governing permissions |
11 | * and limitations under the License. | |
12 | * | |
13 | * When distributing Covered Code, include this CDDL HEADER in each | |
14 | * file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
15 | * If applicable, add the following below this CDDL HEADER, with the | |
16 | * fields enclosed by brackets "[]" replaced with your own identifying | |
17 | * information: Portions Copyright [yyyy] [name of copyright owner] | |
18 | * | |
19 | * CDDL HEADER END | |
20 | */ | |
21 | /* | |
428870ff | 22 | * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. |
34dc7c2f BB |
23 | */ |
24 | ||
34dc7c2f | 25 | #include <sys/zfs_context.h> |
34dc7c2f BB |
26 | #include <sys/dmu.h> |
27 | #include <sys/avl.h> | |
28 | #include <sys/zap.h> | |
34dc7c2f BB |
29 | #include <sys/nvpair.h> |
30 | #ifdef _KERNEL | |
34dc7c2f BB |
31 | #include <sys/sid.h> |
32 | #include <sys/zfs_vfsops.h> | |
33 | #include <sys/zfs_znode.h> | |
34 | #endif | |
35 | #include <sys/zfs_fuid.h> | |
36 | ||
37 | /* | |
38 | * FUID Domain table(s). | |
39 | * | |
40 | * The FUID table is stored as a packed nvlist of an array | |
41 | * of nvlists which contain an index, domain string and offset | |
42 | * | |
43 | * During file system initialization the nvlist(s) are read and | |
44 | * two AVL trees are created. One tree is keyed by the index number | |
45 | * and the other by the domain string. Nodes are never removed from | |
9babb374 | 46 | * trees, but new entries may be added. If a new entry is added then |
0037b49e | 47 | * the zfsvfs->z_fuid_dirty flag is set to true and the caller will then |
9babb374 BB |
48 | * be responsible for calling zfs_fuid_sync() to sync the changes to disk. |
49 | * | |
34dc7c2f BB |
50 | */ |
51 | ||
52 | #define FUID_IDX "fuid_idx" | |
53 | #define FUID_DOMAIN "fuid_domain" | |
54 | #define FUID_OFFSET "fuid_offset" | |
55 | #define FUID_NVP_ARRAY "fuid_nvlist" | |
56 | ||
57 | typedef struct fuid_domain { | |
58 | avl_node_t f_domnode; | |
59 | avl_node_t f_idxnode; | |
60 | ksiddomain_t *f_ksid; | |
61 | uint64_t f_idx; | |
62 | } fuid_domain_t; | |
63 | ||
a926aab9 | 64 | static const char *const nulldomain = ""; |
b128c09f | 65 | |
34dc7c2f BB |
66 | /* |
67 | * Compare two indexes. | |
68 | */ | |
69 | static int | |
70 | idx_compare(const void *arg1, const void *arg2) | |
71 | { | |
ee36c709 GN |
72 | const fuid_domain_t *node1 = (const fuid_domain_t *)arg1; |
73 | const fuid_domain_t *node2 = (const fuid_domain_t *)arg2; | |
34dc7c2f | 74 | |
ca577779 | 75 | return (TREE_CMP(node1->f_idx, node2->f_idx)); |
34dc7c2f BB |
76 | } |
77 | ||
78 | /* | |
79 | * Compare two domain strings. | |
80 | */ | |
81 | static int | |
82 | domain_compare(const void *arg1, const void *arg2) | |
83 | { | |
ee36c709 GN |
84 | const fuid_domain_t *node1 = (const fuid_domain_t *)arg1; |
85 | const fuid_domain_t *node2 = (const fuid_domain_t *)arg2; | |
34dc7c2f BB |
86 | int val; |
87 | ||
88 | val = strcmp(node1->f_ksid->kd_name, node2->f_ksid->kd_name); | |
ee36c709 | 89 | |
ca577779 | 90 | return (TREE_ISIGN(val)); |
34dc7c2f BB |
91 | } |
92 | ||
9babb374 BB |
93 | void |
94 | zfs_fuid_avl_tree_create(avl_tree_t *idx_tree, avl_tree_t *domain_tree) | |
95 | { | |
96 | avl_create(idx_tree, idx_compare, | |
97 | sizeof (fuid_domain_t), offsetof(fuid_domain_t, f_idxnode)); | |
98 | avl_create(domain_tree, domain_compare, | |
99 | sizeof (fuid_domain_t), offsetof(fuid_domain_t, f_domnode)); | |
100 | } | |
101 | ||
34dc7c2f BB |
102 | /* |
103 | * load initial fuid domain and idx trees. This function is used by | |
104 | * both the kernel and zdb. | |
105 | */ | |
106 | uint64_t | |
107 | zfs_fuid_table_load(objset_t *os, uint64_t fuid_obj, avl_tree_t *idx_tree, | |
108 | avl_tree_t *domain_tree) | |
109 | { | |
110 | dmu_buf_t *db; | |
111 | uint64_t fuid_size; | |
112 | ||
9babb374 BB |
113 | ASSERT(fuid_obj != 0); |
114 | VERIFY(0 == dmu_bonus_hold(os, fuid_obj, | |
115 | FTAG, &db)); | |
34dc7c2f BB |
116 | fuid_size = *(uint64_t *)db->db_data; |
117 | dmu_buf_rele(db, FTAG); | |
118 | ||
119 | if (fuid_size) { | |
120 | nvlist_t **fuidnvp; | |
121 | nvlist_t *nvp = NULL; | |
122 | uint_t count; | |
123 | char *packed; | |
124 | int i; | |
125 | ||
126 | packed = kmem_alloc(fuid_size, KM_SLEEP); | |
9babb374 BB |
127 | VERIFY(dmu_read(os, fuid_obj, 0, |
128 | fuid_size, packed, DMU_READ_PREFETCH) == 0); | |
34dc7c2f BB |
129 | VERIFY(nvlist_unpack(packed, fuid_size, |
130 | &nvp, 0) == 0); | |
131 | VERIFY(nvlist_lookup_nvlist_array(nvp, FUID_NVP_ARRAY, | |
132 | &fuidnvp, &count) == 0); | |
133 | ||
134 | for (i = 0; i != count; i++) { | |
135 | fuid_domain_t *domnode; | |
d1807f16 | 136 | const char *domain; |
34dc7c2f BB |
137 | uint64_t idx; |
138 | ||
139 | VERIFY(nvlist_lookup_string(fuidnvp[i], FUID_DOMAIN, | |
140 | &domain) == 0); | |
141 | VERIFY(nvlist_lookup_uint64(fuidnvp[i], FUID_IDX, | |
142 | &idx) == 0); | |
143 | ||
144 | domnode = kmem_alloc(sizeof (fuid_domain_t), KM_SLEEP); | |
145 | ||
146 | domnode->f_idx = idx; | |
147 | domnode->f_ksid = ksid_lookupdomain(domain); | |
148 | avl_add(idx_tree, domnode); | |
149 | avl_add(domain_tree, domnode); | |
150 | } | |
151 | nvlist_free(nvp); | |
152 | kmem_free(packed, fuid_size); | |
153 | } | |
154 | return (fuid_size); | |
155 | } | |
156 | ||
157 | void | |
158 | zfs_fuid_table_destroy(avl_tree_t *idx_tree, avl_tree_t *domain_tree) | |
159 | { | |
160 | fuid_domain_t *domnode; | |
161 | void *cookie; | |
162 | ||
163 | cookie = NULL; | |
c65aa5b2 | 164 | while ((domnode = avl_destroy_nodes(domain_tree, &cookie))) |
34dc7c2f BB |
165 | ksiddomain_rele(domnode->f_ksid); |
166 | ||
167 | avl_destroy(domain_tree); | |
168 | cookie = NULL; | |
c65aa5b2 | 169 | while ((domnode = avl_destroy_nodes(idx_tree, &cookie))) |
34dc7c2f BB |
170 | kmem_free(domnode, sizeof (fuid_domain_t)); |
171 | avl_destroy(idx_tree); | |
172 | } | |
173 | ||
a926aab9 | 174 | const char * |
34dc7c2f BB |
175 | zfs_fuid_idx_domain(avl_tree_t *idx_tree, uint32_t idx) |
176 | { | |
177 | fuid_domain_t searchnode, *findnode; | |
178 | avl_index_t loc; | |
179 | ||
180 | searchnode.f_idx = idx; | |
181 | ||
182 | findnode = avl_find(idx_tree, &searchnode, &loc); | |
183 | ||
b128c09f | 184 | return (findnode ? findnode->f_ksid->kd_name : nulldomain); |
34dc7c2f BB |
185 | } |
186 | ||
187 | #ifdef _KERNEL | |
188 | /* | |
189 | * Load the fuid table(s) into memory. | |
190 | */ | |
191 | static void | |
0037b49e | 192 | zfs_fuid_init(zfsvfs_t *zfsvfs) |
34dc7c2f | 193 | { |
0037b49e | 194 | rw_enter(&zfsvfs->z_fuid_lock, RW_WRITER); |
34dc7c2f | 195 | |
0037b49e BB |
196 | if (zfsvfs->z_fuid_loaded) { |
197 | rw_exit(&zfsvfs->z_fuid_lock); | |
34dc7c2f BB |
198 | return; |
199 | } | |
200 | ||
0037b49e | 201 | zfs_fuid_avl_tree_create(&zfsvfs->z_fuid_idx, &zfsvfs->z_fuid_domain); |
34dc7c2f | 202 | |
0037b49e BB |
203 | (void) zap_lookup(zfsvfs->z_os, MASTER_NODE_OBJ, |
204 | ZFS_FUID_TABLES, 8, 1, &zfsvfs->z_fuid_obj); | |
205 | if (zfsvfs->z_fuid_obj != 0) { | |
206 | zfsvfs->z_fuid_size = zfs_fuid_table_load(zfsvfs->z_os, | |
207 | zfsvfs->z_fuid_obj, &zfsvfs->z_fuid_idx, | |
208 | &zfsvfs->z_fuid_domain); | |
b128c09f | 209 | } |
34dc7c2f | 210 | |
0037b49e BB |
211 | zfsvfs->z_fuid_loaded = B_TRUE; |
212 | rw_exit(&zfsvfs->z_fuid_lock); | |
9babb374 BB |
213 | } |
214 | ||
215 | /* | |
216 | * sync out AVL trees to persistent storage. | |
217 | */ | |
218 | void | |
0037b49e | 219 | zfs_fuid_sync(zfsvfs_t *zfsvfs, dmu_tx_t *tx) |
9babb374 BB |
220 | { |
221 | nvlist_t *nvp; | |
222 | nvlist_t **fuids; | |
223 | size_t nvsize = 0; | |
224 | char *packed; | |
225 | dmu_buf_t *db; | |
226 | fuid_domain_t *domnode; | |
227 | int numnodes; | |
228 | int i; | |
229 | ||
0037b49e | 230 | if (!zfsvfs->z_fuid_dirty) { |
9babb374 BB |
231 | return; |
232 | } | |
233 | ||
0037b49e | 234 | rw_enter(&zfsvfs->z_fuid_lock, RW_WRITER); |
9babb374 BB |
235 | |
236 | /* | |
237 | * First see if table needs to be created? | |
238 | */ | |
0037b49e BB |
239 | if (zfsvfs->z_fuid_obj == 0) { |
240 | zfsvfs->z_fuid_obj = dmu_object_alloc(zfsvfs->z_os, | |
9babb374 BB |
241 | DMU_OT_FUID, 1 << 14, DMU_OT_FUID_SIZE, |
242 | sizeof (uint64_t), tx); | |
0037b49e | 243 | VERIFY(zap_add(zfsvfs->z_os, MASTER_NODE_OBJ, |
9babb374 | 244 | ZFS_FUID_TABLES, sizeof (uint64_t), 1, |
0037b49e | 245 | &zfsvfs->z_fuid_obj, tx) == 0); |
9babb374 BB |
246 | } |
247 | ||
248 | VERIFY(nvlist_alloc(&nvp, NV_UNIQUE_NAME, KM_SLEEP) == 0); | |
249 | ||
0037b49e | 250 | numnodes = avl_numnodes(&zfsvfs->z_fuid_idx); |
9babb374 | 251 | fuids = kmem_alloc(numnodes * sizeof (void *), KM_SLEEP); |
0037b49e BB |
252 | for (i = 0, domnode = avl_first(&zfsvfs->z_fuid_domain); domnode; i++, |
253 | domnode = AVL_NEXT(&zfsvfs->z_fuid_domain, domnode)) { | |
9babb374 BB |
254 | VERIFY(nvlist_alloc(&fuids[i], NV_UNIQUE_NAME, KM_SLEEP) == 0); |
255 | VERIFY(nvlist_add_uint64(fuids[i], FUID_IDX, | |
256 | domnode->f_idx) == 0); | |
257 | VERIFY(nvlist_add_uint64(fuids[i], FUID_OFFSET, 0) == 0); | |
258 | VERIFY(nvlist_add_string(fuids[i], FUID_DOMAIN, | |
259 | domnode->f_ksid->kd_name) == 0); | |
260 | } | |
795075e6 PD |
261 | fnvlist_add_nvlist_array(nvp, FUID_NVP_ARRAY, |
262 | (const nvlist_t * const *)fuids, numnodes); | |
9babb374 BB |
263 | for (i = 0; i != numnodes; i++) |
264 | nvlist_free(fuids[i]); | |
265 | kmem_free(fuids, numnodes * sizeof (void *)); | |
266 | VERIFY(nvlist_size(nvp, &nvsize, NV_ENCODE_XDR) == 0); | |
267 | packed = kmem_alloc(nvsize, KM_SLEEP); | |
268 | VERIFY(nvlist_pack(nvp, &packed, &nvsize, | |
269 | NV_ENCODE_XDR, KM_SLEEP) == 0); | |
270 | nvlist_free(nvp); | |
0037b49e BB |
271 | zfsvfs->z_fuid_size = nvsize; |
272 | dmu_write(zfsvfs->z_os, zfsvfs->z_fuid_obj, 0, | |
273 | zfsvfs->z_fuid_size, packed, tx); | |
274 | kmem_free(packed, zfsvfs->z_fuid_size); | |
275 | VERIFY(0 == dmu_bonus_hold(zfsvfs->z_os, zfsvfs->z_fuid_obj, | |
9babb374 BB |
276 | FTAG, &db)); |
277 | dmu_buf_will_dirty(db, tx); | |
0037b49e | 278 | *(uint64_t *)db->db_data = zfsvfs->z_fuid_size; |
9babb374 BB |
279 | dmu_buf_rele(db, FTAG); |
280 | ||
0037b49e BB |
281 | zfsvfs->z_fuid_dirty = B_FALSE; |
282 | rw_exit(&zfsvfs->z_fuid_lock); | |
34dc7c2f BB |
283 | } |
284 | ||
285 | /* | |
286 | * Query domain table for a given domain. | |
287 | * | |
9babb374 | 288 | * If domain isn't found and addok is set, it is added to AVL trees and |
0037b49e | 289 | * the zfsvfs->z_fuid_dirty flag will be set to TRUE. It will then be |
9babb374 BB |
290 | * necessary for the caller or another thread to detect the dirty table |
291 | * and sync out the changes. | |
34dc7c2f | 292 | */ |
a926aab9 | 293 | static int |
0037b49e | 294 | zfs_fuid_find_by_domain(zfsvfs_t *zfsvfs, const char *domain, |
a926aab9 | 295 | const char **retdomain, boolean_t addok) |
34dc7c2f BB |
296 | { |
297 | fuid_domain_t searchnode, *findnode; | |
298 | avl_index_t loc; | |
b128c09f | 299 | krw_t rw = RW_READER; |
34dc7c2f BB |
300 | |
301 | /* | |
302 | * If the dummy "nobody" domain then return an index of 0 | |
303 | * to cause the created FUID to be a standard POSIX id | |
304 | * for the user nobody. | |
305 | */ | |
306 | if (domain[0] == '\0') { | |
9babb374 BB |
307 | if (retdomain) |
308 | *retdomain = nulldomain; | |
34dc7c2f BB |
309 | return (0); |
310 | } | |
311 | ||
312 | searchnode.f_ksid = ksid_lookupdomain(domain); | |
9babb374 | 313 | if (retdomain) |
34dc7c2f | 314 | *retdomain = searchnode.f_ksid->kd_name; |
0037b49e BB |
315 | if (!zfsvfs->z_fuid_loaded) |
316 | zfs_fuid_init(zfsvfs); | |
34dc7c2f | 317 | |
b128c09f | 318 | retry: |
0037b49e BB |
319 | rw_enter(&zfsvfs->z_fuid_lock, rw); |
320 | findnode = avl_find(&zfsvfs->z_fuid_domain, &searchnode, &loc); | |
34dc7c2f BB |
321 | |
322 | if (findnode) { | |
0037b49e | 323 | rw_exit(&zfsvfs->z_fuid_lock); |
34dc7c2f BB |
324 | ksiddomain_rele(searchnode.f_ksid); |
325 | return (findnode->f_idx); | |
9babb374 | 326 | } else if (addok) { |
34dc7c2f | 327 | fuid_domain_t *domnode; |
34dc7c2f | 328 | uint64_t retidx; |
34dc7c2f | 329 | |
0037b49e BB |
330 | if (rw == RW_READER && !rw_tryupgrade(&zfsvfs->z_fuid_lock)) { |
331 | rw_exit(&zfsvfs->z_fuid_lock); | |
b128c09f BB |
332 | rw = RW_WRITER; |
333 | goto retry; | |
334 | } | |
335 | ||
34dc7c2f BB |
336 | domnode = kmem_alloc(sizeof (fuid_domain_t), KM_SLEEP); |
337 | domnode->f_ksid = searchnode.f_ksid; | |
338 | ||
0037b49e | 339 | retidx = domnode->f_idx = avl_numnodes(&zfsvfs->z_fuid_idx) + 1; |
34dc7c2f | 340 | |
0037b49e BB |
341 | avl_add(&zfsvfs->z_fuid_domain, domnode); |
342 | avl_add(&zfsvfs->z_fuid_idx, domnode); | |
343 | zfsvfs->z_fuid_dirty = B_TRUE; | |
344 | rw_exit(&zfsvfs->z_fuid_lock); | |
34dc7c2f | 345 | return (retidx); |
9babb374 | 346 | } else { |
0037b49e | 347 | rw_exit(&zfsvfs->z_fuid_lock); |
9babb374 | 348 | return (-1); |
34dc7c2f BB |
349 | } |
350 | } | |
351 | ||
352 | /* | |
353 | * Query domain table by index, returning domain string | |
354 | * | |
355 | * Returns a pointer from an avl node of the domain string. | |
356 | * | |
357 | */ | |
9babb374 | 358 | const char * |
0037b49e | 359 | zfs_fuid_find_by_idx(zfsvfs_t *zfsvfs, uint32_t idx) |
34dc7c2f | 360 | { |
a926aab9 | 361 | const char *domain; |
34dc7c2f | 362 | |
0037b49e | 363 | if (idx == 0 || !zfsvfs->z_use_fuids) |
34dc7c2f BB |
364 | return (NULL); |
365 | ||
0037b49e BB |
366 | if (!zfsvfs->z_fuid_loaded) |
367 | zfs_fuid_init(zfsvfs); | |
34dc7c2f | 368 | |
0037b49e | 369 | rw_enter(&zfsvfs->z_fuid_lock, RW_READER); |
b128c09f | 370 | |
0037b49e BB |
371 | if (zfsvfs->z_fuid_obj || zfsvfs->z_fuid_dirty) |
372 | domain = zfs_fuid_idx_domain(&zfsvfs->z_fuid_idx, idx); | |
b128c09f BB |
373 | else |
374 | domain = nulldomain; | |
0037b49e | 375 | rw_exit(&zfsvfs->z_fuid_lock); |
34dc7c2f BB |
376 | |
377 | ASSERT(domain); | |
378 | return (domain); | |
379 | } | |
380 | ||
381 | void | |
382 | zfs_fuid_map_ids(znode_t *zp, cred_t *cr, uid_t *uidp, uid_t *gidp) | |
383 | { | |
6360e277 | 384 | *uidp = zfs_fuid_map_id(ZTOZSB(zp), KUID_TO_SUID(ZTOUID(zp)), |
2c6abf15 | 385 | cr, ZFS_OWNER); |
6360e277 | 386 | *gidp = zfs_fuid_map_id(ZTOZSB(zp), KGID_TO_SGID(ZTOGID(zp)), |
2c6abf15 | 387 | cr, ZFS_GROUP); |
34dc7c2f BB |
388 | } |
389 | ||
716b53d0 MM |
390 | #ifdef __FreeBSD__ |
391 | uid_t | |
392 | zfs_fuid_map_id(zfsvfs_t *zfsvfs, uint64_t fuid, | |
393 | cred_t *cr, zfs_fuid_type_t type) | |
394 | { | |
395 | uint32_t index = FUID_INDEX(fuid); | |
396 | ||
397 | if (index == 0) | |
398 | return (fuid); | |
399 | ||
400 | return (UID_NOBODY); | |
401 | } | |
402 | #elif defined(__linux__) | |
403 | uid_t | |
404 | zfs_fuid_map_id(zfsvfs_t *zfsvfs, uint64_t fuid, | |
405 | cred_t *cr, zfs_fuid_type_t type) | |
406 | { | |
407 | /* | |
408 | * The Linux port only supports POSIX IDs, use the passed id. | |
409 | */ | |
410 | return (fuid); | |
411 | } | |
412 | ||
413 | #else | |
34dc7c2f | 414 | uid_t |
0037b49e | 415 | zfs_fuid_map_id(zfsvfs_t *zfsvfs, uint64_t fuid, |
34dc7c2f BB |
416 | cred_t *cr, zfs_fuid_type_t type) |
417 | { | |
418 | uint32_t index = FUID_INDEX(fuid); | |
9babb374 | 419 | const char *domain; |
34dc7c2f BB |
420 | uid_t id; |
421 | ||
422 | if (index == 0) | |
423 | return (fuid); | |
424 | ||
0037b49e | 425 | domain = zfs_fuid_find_by_idx(zfsvfs, index); |
34dc7c2f BB |
426 | ASSERT(domain != NULL); |
427 | ||
428 | if (type == ZFS_OWNER || type == ZFS_ACE_USER) { | |
429 | (void) kidmap_getuidbysid(crgetzone(cr), domain, | |
430 | FUID_RID(fuid), &id); | |
431 | } else { | |
432 | (void) kidmap_getgidbysid(crgetzone(cr), domain, | |
433 | FUID_RID(fuid), &id); | |
434 | } | |
435 | return (id); | |
436 | } | |
716b53d0 | 437 | #endif |
34dc7c2f BB |
438 | |
439 | /* | |
440 | * Add a FUID node to the list of fuid's being created for this | |
441 | * ACL | |
442 | * | |
443 | * If ACL has multiple domains, then keep only one copy of each unique | |
444 | * domain. | |
445 | */ | |
428870ff | 446 | void |
34dc7c2f BB |
447 | zfs_fuid_node_add(zfs_fuid_info_t **fuidpp, const char *domain, uint32_t rid, |
448 | uint64_t idx, uint64_t id, zfs_fuid_type_t type) | |
449 | { | |
450 | zfs_fuid_t *fuid; | |
451 | zfs_fuid_domain_t *fuid_domain; | |
452 | zfs_fuid_info_t *fuidp; | |
453 | uint64_t fuididx; | |
454 | boolean_t found = B_FALSE; | |
455 | ||
456 | if (*fuidpp == NULL) | |
457 | *fuidpp = zfs_fuid_info_alloc(); | |
458 | ||
459 | fuidp = *fuidpp; | |
460 | /* | |
461 | * First find fuid domain index in linked list | |
462 | * | |
463 | * If one isn't found then create an entry. | |
464 | */ | |
465 | ||
466 | for (fuididx = 1, fuid_domain = list_head(&fuidp->z_domains); | |
467 | fuid_domain; fuid_domain = list_next(&fuidp->z_domains, | |
468 | fuid_domain), fuididx++) { | |
469 | if (idx == fuid_domain->z_domidx) { | |
470 | found = B_TRUE; | |
471 | break; | |
472 | } | |
473 | } | |
474 | ||
475 | if (!found) { | |
476 | fuid_domain = kmem_alloc(sizeof (zfs_fuid_domain_t), KM_SLEEP); | |
477 | fuid_domain->z_domain = domain; | |
478 | fuid_domain->z_domidx = idx; | |
479 | list_insert_tail(&fuidp->z_domains, fuid_domain); | |
480 | fuidp->z_domain_str_sz += strlen(domain) + 1; | |
481 | fuidp->z_domain_cnt++; | |
482 | } | |
483 | ||
484 | if (type == ZFS_ACE_USER || type == ZFS_ACE_GROUP) { | |
9babb374 | 485 | |
34dc7c2f BB |
486 | /* |
487 | * Now allocate fuid entry and add it on the end of the list | |
488 | */ | |
489 | ||
490 | fuid = kmem_alloc(sizeof (zfs_fuid_t), KM_SLEEP); | |
491 | fuid->z_id = id; | |
492 | fuid->z_domidx = idx; | |
493 | fuid->z_logfuid = FUID_ENCODE(fuididx, rid); | |
494 | ||
495 | list_insert_tail(&fuidp->z_fuids, fuid); | |
496 | fuidp->z_fuid_cnt++; | |
497 | } else { | |
498 | if (type == ZFS_OWNER) | |
499 | fuidp->z_fuid_owner = FUID_ENCODE(fuididx, rid); | |
500 | else | |
501 | fuidp->z_fuid_group = FUID_ENCODE(fuididx, rid); | |
502 | } | |
503 | } | |
504 | ||
100a91aa | 505 | #ifdef HAVE_KSID |
34dc7c2f BB |
506 | /* |
507 | * Create a file system FUID, based on information in the users cred | |
428870ff BB |
508 | * |
509 | * If cred contains KSID_OWNER then it should be used to determine | |
510 | * the uid otherwise cred's uid will be used. By default cred's gid | |
511 | * is used unless it's an ephemeral ID in which case KSID_GROUP will | |
512 | * be used if it exists. | |
34dc7c2f BB |
513 | */ |
514 | uint64_t | |
0037b49e | 515 | zfs_fuid_create_cred(zfsvfs_t *zfsvfs, zfs_fuid_type_t type, |
9babb374 | 516 | cred_t *cr, zfs_fuid_info_t **fuidp) |
34dc7c2f BB |
517 | { |
518 | uint64_t idx; | |
519 | ksid_t *ksid; | |
520 | uint32_t rid; | |
a926aab9 | 521 | const char *kdomain, *domain; |
34dc7c2f BB |
522 | uid_t id; |
523 | ||
524 | VERIFY(type == ZFS_OWNER || type == ZFS_GROUP); | |
525 | ||
b128c09f | 526 | ksid = crgetsid(cr, (type == ZFS_OWNER) ? KSID_OWNER : KSID_GROUP); |
428870ff | 527 | |
0037b49e | 528 | if (!zfsvfs->z_use_fuids || (ksid == NULL)) { |
428870ff BB |
529 | id = (type == ZFS_OWNER) ? crgetuid(cr) : crgetgid(cr); |
530 | ||
531 | if (IS_EPHEMERAL(id)) | |
532 | return ((type == ZFS_OWNER) ? UID_NOBODY : GID_NOBODY); | |
533 | ||
534 | return ((uint64_t)id); | |
b128c09f | 535 | } |
34dc7c2f | 536 | |
428870ff BB |
537 | /* |
538 | * ksid is present and FUID is supported | |
539 | */ | |
540 | id = (type == ZFS_OWNER) ? ksid_getid(ksid) : crgetgid(cr); | |
541 | ||
542 | if (!IS_EPHEMERAL(id)) | |
34dc7c2f BB |
543 | return ((uint64_t)id); |
544 | ||
428870ff BB |
545 | if (type == ZFS_GROUP) |
546 | id = ksid_getid(ksid); | |
547 | ||
34dc7c2f BB |
548 | rid = ksid_getrid(ksid); |
549 | domain = ksid_getdomain(ksid); | |
550 | ||
0037b49e | 551 | idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, B_TRUE); |
34dc7c2f BB |
552 | |
553 | zfs_fuid_node_add(fuidp, kdomain, rid, idx, id, type); | |
554 | ||
555 | return (FUID_ENCODE(idx, rid)); | |
f74b821a | 556 | } |
100a91aa | 557 | #endif /* HAVE_KSID */ |
34dc7c2f BB |
558 | |
559 | /* | |
560 | * Create a file system FUID for an ACL ace | |
561 | * or a chown/chgrp of the file. | |
562 | * This is similar to zfs_fuid_create_cred, except that | |
563 | * we can't find the domain + rid information in the | |
564 | * cred. Instead we have to query Winchester for the | |
565 | * domain and rid. | |
566 | * | |
567 | * During replay operations the domain+rid information is | |
568 | * found in the zfs_fuid_info_t that the replay code has | |
0037b49e | 569 | * attached to the zfsvfs of the file system. |
34dc7c2f BB |
570 | */ |
571 | uint64_t | |
0037b49e | 572 | zfs_fuid_create(zfsvfs_t *zfsvfs, uint64_t id, cred_t *cr, |
9babb374 | 573 | zfs_fuid_type_t type, zfs_fuid_info_t **fuidpp) |
34dc7c2f | 574 | { |
a405c8a6 | 575 | #ifdef HAVE_KSID |
a926aab9 | 576 | const char *domain, *kdomain; |
34dc7c2f | 577 | uint32_t fuid_idx = FUID_INDEX(id); |
716b53d0 | 578 | uint32_t rid = 0; |
34dc7c2f | 579 | idmap_stat status; |
716b53d0 | 580 | uint64_t idx = UID_NOBODY; |
34dc7c2f | 581 | zfs_fuid_t *zfuid = NULL; |
a117a6d6 | 582 | zfs_fuid_info_t *fuidp = NULL; |
34dc7c2f BB |
583 | |
584 | /* | |
585 | * If POSIX ID, or entry is already a FUID then | |
586 | * just return the id | |
587 | * | |
588 | * We may also be handed an already FUID'ized id via | |
589 | * chmod. | |
590 | */ | |
591 | ||
0037b49e | 592 | if (!zfsvfs->z_use_fuids || !IS_EPHEMERAL(id) || fuid_idx != 0) |
34dc7c2f BB |
593 | return (id); |
594 | ||
0037b49e BB |
595 | if (zfsvfs->z_replay) { |
596 | fuidp = zfsvfs->z_fuid_replay; | |
34dc7c2f BB |
597 | |
598 | /* | |
599 | * If we are passed an ephemeral id, but no | |
600 | * fuid_info was logged then return NOBODY. | |
601 | * This is most likely a result of idmap service | |
602 | * not being available. | |
603 | */ | |
604 | if (fuidp == NULL) | |
605 | return (UID_NOBODY); | |
606 | ||
a117a6d6 GW |
607 | VERIFY3U(type, >=, ZFS_OWNER); |
608 | VERIFY3U(type, <=, ZFS_ACE_GROUP); | |
609 | ||
34dc7c2f BB |
610 | switch (type) { |
611 | case ZFS_ACE_USER: | |
612 | case ZFS_ACE_GROUP: | |
613 | zfuid = list_head(&fuidp->z_fuids); | |
614 | rid = FUID_RID(zfuid->z_logfuid); | |
615 | idx = FUID_INDEX(zfuid->z_logfuid); | |
616 | break; | |
617 | case ZFS_OWNER: | |
618 | rid = FUID_RID(fuidp->z_fuid_owner); | |
619 | idx = FUID_INDEX(fuidp->z_fuid_owner); | |
620 | break; | |
621 | case ZFS_GROUP: | |
622 | rid = FUID_RID(fuidp->z_fuid_group); | |
623 | idx = FUID_INDEX(fuidp->z_fuid_group); | |
624 | break; | |
64195fc8 | 625 | } |
a117a6d6 | 626 | domain = fuidp->z_domain_table[idx - 1]; |
34dc7c2f BB |
627 | } else { |
628 | if (type == ZFS_OWNER || type == ZFS_ACE_USER) | |
629 | status = kidmap_getsidbyuid(crgetzone(cr), id, | |
630 | &domain, &rid); | |
631 | else | |
632 | status = kidmap_getsidbygid(crgetzone(cr), id, | |
633 | &domain, &rid); | |
634 | ||
635 | if (status != 0) { | |
636 | /* | |
637 | * When returning nobody we will need to | |
638 | * make a dummy fuid table entry for logging | |
639 | * purposes. | |
640 | */ | |
641 | rid = UID_NOBODY; | |
b128c09f | 642 | domain = nulldomain; |
34dc7c2f BB |
643 | } |
644 | } | |
645 | ||
0037b49e | 646 | idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, B_TRUE); |
34dc7c2f | 647 | |
0037b49e | 648 | if (!zfsvfs->z_replay) |
9babb374 BB |
649 | zfs_fuid_node_add(fuidpp, kdomain, |
650 | rid, idx, id, type); | |
34dc7c2f BB |
651 | else if (zfuid != NULL) { |
652 | list_remove(&fuidp->z_fuids, zfuid); | |
653 | kmem_free(zfuid, sizeof (zfs_fuid_t)); | |
654 | } | |
655 | return (FUID_ENCODE(idx, rid)); | |
a405c8a6 | 656 | #else |
037849f8 BB |
657 | /* |
658 | * The Linux port only supports POSIX IDs, use the passed id. | |
659 | */ | |
660 | return (id); | |
a405c8a6 | 661 | #endif |
34dc7c2f BB |
662 | } |
663 | ||
664 | void | |
0037b49e | 665 | zfs_fuid_destroy(zfsvfs_t *zfsvfs) |
34dc7c2f | 666 | { |
0037b49e BB |
667 | rw_enter(&zfsvfs->z_fuid_lock, RW_WRITER); |
668 | if (!zfsvfs->z_fuid_loaded) { | |
669 | rw_exit(&zfsvfs->z_fuid_lock); | |
34dc7c2f BB |
670 | return; |
671 | } | |
0037b49e BB |
672 | zfs_fuid_table_destroy(&zfsvfs->z_fuid_idx, &zfsvfs->z_fuid_domain); |
673 | rw_exit(&zfsvfs->z_fuid_lock); | |
34dc7c2f BB |
674 | } |
675 | ||
676 | /* | |
677 | * Allocate zfs_fuid_info for tracking FUIDs created during | |
678 | * zfs_mknode, VOP_SETATTR() or VOP_SETSECATTR() | |
679 | */ | |
680 | zfs_fuid_info_t * | |
681 | zfs_fuid_info_alloc(void) | |
682 | { | |
683 | zfs_fuid_info_t *fuidp; | |
684 | ||
685 | fuidp = kmem_zalloc(sizeof (zfs_fuid_info_t), KM_SLEEP); | |
686 | list_create(&fuidp->z_domains, sizeof (zfs_fuid_domain_t), | |
687 | offsetof(zfs_fuid_domain_t, z_next)); | |
688 | list_create(&fuidp->z_fuids, sizeof (zfs_fuid_t), | |
689 | offsetof(zfs_fuid_t, z_next)); | |
690 | return (fuidp); | |
691 | } | |
692 | ||
693 | /* | |
694 | * Release all memory associated with zfs_fuid_info_t | |
695 | */ | |
696 | void | |
697 | zfs_fuid_info_free(zfs_fuid_info_t *fuidp) | |
698 | { | |
699 | zfs_fuid_t *zfuid; | |
700 | zfs_fuid_domain_t *zdomain; | |
701 | ||
b3ad3f48 | 702 | while ((zfuid = list_remove_head(&fuidp->z_fuids)) != NULL) |
34dc7c2f | 703 | kmem_free(zfuid, sizeof (zfs_fuid_t)); |
34dc7c2f BB |
704 | |
705 | if (fuidp->z_domain_table != NULL) | |
706 | kmem_free(fuidp->z_domain_table, | |
160987b5 | 707 | (sizeof (char *)) * fuidp->z_domain_cnt); |
34dc7c2f | 708 | |
b3ad3f48 | 709 | while ((zdomain = list_remove_head(&fuidp->z_domains)) != NULL) |
34dc7c2f | 710 | kmem_free(zdomain, sizeof (zfs_fuid_domain_t)); |
34dc7c2f BB |
711 | |
712 | kmem_free(fuidp, sizeof (zfs_fuid_info_t)); | |
713 | } | |
714 | ||
715 | /* | |
716 | * Check to see if id is a groupmember. If cred | |
717 | * has ksid info then sidlist is checked first | |
718 | * and if still not found then POSIX groups are checked | |
719 | * | |
720 | * Will use a straight FUID compare when possible. | |
721 | */ | |
722 | boolean_t | |
0037b49e | 723 | zfs_groupmember(zfsvfs_t *zfsvfs, uint64_t id, cred_t *cr) |
34dc7c2f | 724 | { |
716b53d0 MM |
725 | uid_t gid; |
726 | ||
727 | #ifdef illumos | |
34dc7c2f | 728 | ksid_t *ksid = crgetsid(cr, KSID_GROUP); |
9babb374 | 729 | ksidlist_t *ksidlist = crgetsidlist(cr); |
34dc7c2f | 730 | |
9babb374 | 731 | if (ksid && ksidlist) { |
3558fd73 | 732 | int i; |
34dc7c2f | 733 | ksid_t *ksid_groups; |
34dc7c2f BB |
734 | uint32_t idx = FUID_INDEX(id); |
735 | uint32_t rid = FUID_RID(id); | |
736 | ||
34dc7c2f BB |
737 | ksid_groups = ksidlist->ksl_sids; |
738 | ||
739 | for (i = 0; i != ksidlist->ksl_nsid; i++) { | |
740 | if (idx == 0) { | |
741 | if (id != IDMAP_WK_CREATOR_GROUP_GID && | |
742 | id == ksid_groups[i].ks_id) { | |
743 | return (B_TRUE); | |
744 | } | |
745 | } else { | |
9babb374 | 746 | const char *domain; |
34dc7c2f | 747 | |
0037b49e | 748 | domain = zfs_fuid_find_by_idx(zfsvfs, idx); |
34dc7c2f BB |
749 | ASSERT(domain != NULL); |
750 | ||
751 | if (strcmp(domain, | |
752 | IDMAP_WK_CREATOR_SID_AUTHORITY) == 0) | |
753 | return (B_FALSE); | |
754 | ||
755 | if ((strcmp(domain, | |
756 | ksid_groups[i].ks_domain->kd_name) == 0) && | |
757 | rid == ksid_groups[i].ks_rid) | |
758 | return (B_TRUE); | |
759 | } | |
760 | } | |
761 | } | |
716b53d0 | 762 | #endif /* illumos */ |
34dc7c2f BB |
763 | |
764 | /* | |
765 | * Not found in ksidlist, check posix groups | |
766 | */ | |
0037b49e | 767 | gid = zfs_fuid_map_id(zfsvfs, id, cr, ZFS_GROUP); |
34dc7c2f BB |
768 | return (groupmember(gid, cr)); |
769 | } | |
9babb374 BB |
770 | |
771 | void | |
0037b49e | 772 | zfs_fuid_txhold(zfsvfs_t *zfsvfs, dmu_tx_t *tx) |
9babb374 | 773 | { |
0037b49e | 774 | if (zfsvfs->z_fuid_obj == 0) { |
9babb374 BB |
775 | dmu_tx_hold_bonus(tx, DMU_NEW_OBJECT); |
776 | dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, | |
0037b49e | 777 | FUID_SIZE_ESTIMATE(zfsvfs)); |
9babb374 BB |
778 | dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, FALSE, NULL); |
779 | } else { | |
0037b49e BB |
780 | dmu_tx_hold_bonus(tx, zfsvfs->z_fuid_obj); |
781 | dmu_tx_hold_write(tx, zfsvfs->z_fuid_obj, 0, | |
782 | FUID_SIZE_ESTIMATE(zfsvfs)); | |
9babb374 BB |
783 | } |
784 | } | |
957c7aa2 RM |
785 | |
786 | /* | |
787 | * buf must be big enough (eg, 32 bytes) | |
788 | */ | |
789 | int | |
790 | zfs_id_to_fuidstr(zfsvfs_t *zfsvfs, const char *domain, uid_t rid, | |
c9e319fa | 791 | char *buf, size_t len, boolean_t addok) |
957c7aa2 RM |
792 | { |
793 | uint64_t fuid; | |
794 | int domainid = 0; | |
795 | ||
796 | if (domain && domain[0]) { | |
797 | domainid = zfs_fuid_find_by_domain(zfsvfs, domain, NULL, addok); | |
798 | if (domainid == -1) | |
799 | return (SET_ERROR(ENOENT)); | |
800 | } | |
801 | fuid = FUID_ENCODE(domainid, rid); | |
c9e319fa | 802 | (void) snprintf(buf, len, "%llx", (longlong_t)fuid); |
957c7aa2 RM |
803 | return (0); |
804 | } | |
34dc7c2f | 805 | #endif |