]> git.proxmox.com Git - mirror_zfs.git/blame - module/zfs/zfs_fuid.c
projects / mirror_zfs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
txg is spelled as tgx in places
[mirror_zfs.git] / module / zfs / zfs_fuid.c
CommitLineData
34dc7c2f
BB		 1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
428870ff 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
34dc7c2f
BB		 23 */
24
34dc7c2f 25#include <sys/zfs_context.h>
34dc7c2f
BB		 26#include <sys/dmu.h>
27#include <sys/avl.h>
28#include <sys/zap.h>
29#include <sys/refcount.h>
30#include <sys/nvpair.h>
31#ifdef _KERNEL
32#include <sys/kidmap.h>
33#include <sys/sid.h>
34#include <sys/zfs_vfsops.h>
35#include <sys/zfs_znode.h>
36#endif
37#include <sys/zfs_fuid.h>
38
39/*
40 * FUID Domain table(s).
41 *
42 * The FUID table is stored as a packed nvlist of an array
43 * of nvlists which contain an index, domain string and offset
44 *
45 * During file system initialization the nvlist(s) are read and
46 * two AVL trees are created. One tree is keyed by the index number
47 * and the other by the domain string. Nodes are never removed from
9babb374 48 * trees, but new entries may be added. If a new entry is added then
3558fd73 49 * the zsb->z_fuid_dirty flag is set to true and the caller will then
9babb374
BB		 50 * be responsible for calling zfs_fuid_sync() to sync the changes to disk.
51 *
34dc7c2f
BB		 52 */
53
54#define FUID_IDX "fuid_idx"
55#define FUID_DOMAIN "fuid_domain"
56#define FUID_OFFSET "fuid_offset"
57#define FUID_NVP_ARRAY "fuid_nvlist"
58
59typedef struct fuid_domain {
60 avl_node_t f_domnode;
61 avl_node_t f_idxnode;
62 ksiddomain_t *f_ksid;
63 uint64_t f_idx;
64} fuid_domain_t;
65
b128c09f
BB		 66static char *nulldomain = "";
67
34dc7c2f
BB		 68/*
69 * Compare two indexes.
70 */
71static int
72idx_compare(const void *arg1, const void *arg2)
73{
74 const fuid_domain_t *node1 = arg1;
75 const fuid_domain_t *node2 = arg2;
76
77 if (node1->f_idx < node2->f_idx)
78 return (-1);
79 else if (node1->f_idx > node2->f_idx)
80 return (1);
81 return (0);
82}
83
84/*
85 * Compare two domain strings.
86 */
87static int
88domain_compare(const void *arg1, const void *arg2)
89{
90 const fuid_domain_t *node1 = arg1;
91 const fuid_domain_t *node2 = arg2;
92 int val;
93
94 val = strcmp(node1->f_ksid->kd_name, node2->f_ksid->kd_name);
95 if (val == 0)
96 return (0);
97 return (val > 0 ? 1 : -1);
98}
99
9babb374
BB		 100void
101zfs_fuid_avl_tree_create(avl_tree_t *idx_tree, avl_tree_t *domain_tree)
102{
103 avl_create(idx_tree, idx_compare,
104 sizeof (fuid_domain_t), offsetof(fuid_domain_t, f_idxnode));
105 avl_create(domain_tree, domain_compare,
106 sizeof (fuid_domain_t), offsetof(fuid_domain_t, f_domnode));
107}
108
34dc7c2f
BB		 109/*
110 * load initial fuid domain and idx trees. This function is used by
111 * both the kernel and zdb.
112 */
113uint64_t
114zfs_fuid_table_load(objset_t *os, uint64_t fuid_obj, avl_tree_t *idx_tree,
115 avl_tree_t *domain_tree)
116{
117 dmu_buf_t *db;
118 uint64_t fuid_size;
119
9babb374
BB		 120 ASSERT(fuid_obj != 0);
121 VERIFY(0 == dmu_bonus_hold(os, fuid_obj,
122 FTAG, &db));
34dc7c2f
BB		 123 fuid_size = *(uint64_t *)db->db_data;
124 dmu_buf_rele(db, FTAG);
125
126 if (fuid_size) {
127 nvlist_t **fuidnvp;
128 nvlist_t *nvp = NULL;
129 uint_t count;
130 char *packed;
131 int i;
132
133 packed = kmem_alloc(fuid_size, KM_SLEEP);
9babb374
BB		 134 VERIFY(dmu_read(os, fuid_obj, 0,
135 fuid_size, packed, DMU_READ_PREFETCH) == 0);
34dc7c2f
BB		 136 VERIFY(nvlist_unpack(packed, fuid_size,
137 &nvp, 0) == 0);
138 VERIFY(nvlist_lookup_nvlist_array(nvp, FUID_NVP_ARRAY,
139 &fuidnvp, &count) == 0);
140
141 for (i = 0; i != count; i++) {
142 fuid_domain_t *domnode;
143 char *domain;
144 uint64_t idx;
145
146 VERIFY(nvlist_lookup_string(fuidnvp[i], FUID_DOMAIN,
147 &domain) == 0);
148 VERIFY(nvlist_lookup_uint64(fuidnvp[i], FUID_IDX,
149 &idx) == 0);
150
151 domnode = kmem_alloc(sizeof (fuid_domain_t), KM_SLEEP);
152
153 domnode->f_idx = idx;
154 domnode->f_ksid = ksid_lookupdomain(domain);
155 avl_add(idx_tree, domnode);
156 avl_add(domain_tree, domnode);
157 }
158 nvlist_free(nvp);
159 kmem_free(packed, fuid_size);
160 }
161 return (fuid_size);
162}
163
164void
165zfs_fuid_table_destroy(avl_tree_t *idx_tree, avl_tree_t *domain_tree)
166{
167 fuid_domain_t *domnode;
168 void *cookie;
169
170 cookie = NULL;
c65aa5b2 171 while ((domnode = avl_destroy_nodes(domain_tree, &cookie)))
34dc7c2f
BB		 172 ksiddomain_rele(domnode->f_ksid);
173
174 avl_destroy(domain_tree);
175 cookie = NULL;
c65aa5b2 176 while ((domnode = avl_destroy_nodes(idx_tree, &cookie)))
34dc7c2f
BB		 177 kmem_free(domnode, sizeof (fuid_domain_t));
178 avl_destroy(idx_tree);
179}
180
181char *
182zfs_fuid_idx_domain(avl_tree_t *idx_tree, uint32_t idx)
183{
184 fuid_domain_t searchnode, *findnode;
185 avl_index_t loc;
186
187 searchnode.f_idx = idx;
188
189 findnode = avl_find(idx_tree, &searchnode, &loc);
190
b128c09f 191 return (findnode ? findnode->f_ksid->kd_name : nulldomain);
34dc7c2f
BB		 192}
193
194#ifdef _KERNEL
195/*
196 * Load the fuid table(s) into memory.
197 */
198static void
3558fd73 199zfs_fuid_init(zfs_sb_t *zsb)
34dc7c2f 200{
3558fd73 201 rw_enter(&zsb->z_fuid_lock, RW_WRITER);
34dc7c2f 202
3558fd73
BB		 203 if (zsb->z_fuid_loaded) {
204 rw_exit(&zsb->z_fuid_lock);
34dc7c2f
BB		 205 return;
206 }
207
3558fd73 208 zfs_fuid_avl_tree_create(&zsb->z_fuid_idx, &zsb->z_fuid_domain);
34dc7c2f 209
3558fd73
BB		 210 (void) zap_lookup(zsb->z_os, MASTER_NODE_OBJ,
211 ZFS_FUID_TABLES, 8, 1, &zsb->z_fuid_obj);
212 if (zsb->z_fuid_obj != 0) {
213 zsb->z_fuid_size = zfs_fuid_table_load(zsb->z_os,
214 zsb->z_fuid_obj, &zsb->z_fuid_idx,
215 &zsb->z_fuid_domain);
b128c09f 216 }
34dc7c2f 217
3558fd73
BB		 218 zsb->z_fuid_loaded = B_TRUE;
219 rw_exit(&zsb->z_fuid_lock);
9babb374
BB		 220}
221
222/*
223 * sync out AVL trees to persistent storage.
224 */
225void
3558fd73 226zfs_fuid_sync(zfs_sb_t *zsb, dmu_tx_t *tx)
9babb374
BB		 227{
228 nvlist_t *nvp;
229 nvlist_t **fuids;
230 size_t nvsize = 0;
231 char *packed;
232 dmu_buf_t *db;
233 fuid_domain_t *domnode;
234 int numnodes;
235 int i;
236
3558fd73 237 if (!zsb->z_fuid_dirty) {
9babb374
BB		 238 return;
239 }
240
3558fd73 241 rw_enter(&zsb->z_fuid_lock, RW_WRITER);
9babb374
BB		 242
243 /*
244 * First see if table needs to be created?
245 */
3558fd73
BB		 246 if (zsb->z_fuid_obj == 0) {
247 zsb->z_fuid_obj = dmu_object_alloc(zsb->z_os,
9babb374
BB		 248 DMU_OT_FUID, 1 << 14, DMU_OT_FUID_SIZE,
249 sizeof (uint64_t), tx);
3558fd73 250 VERIFY(zap_add(zsb->z_os, MASTER_NODE_OBJ,
9babb374 251 ZFS_FUID_TABLES, sizeof (uint64_t), 1,
3558fd73 252 &zsb->z_fuid_obj, tx) == 0);
9babb374
BB		 253 }
254
255 VERIFY(nvlist_alloc(&nvp, NV_UNIQUE_NAME, KM_SLEEP) == 0);
256
3558fd73 257 numnodes = avl_numnodes(&zsb->z_fuid_idx);
9babb374 258 fuids = kmem_alloc(numnodes * sizeof (void *), KM_SLEEP);
3558fd73
BB		 259 for (i = 0, domnode = avl_first(&zsb->z_fuid_domain); domnode; i++,
260 domnode = AVL_NEXT(&zsb->z_fuid_domain, domnode)) {
9babb374
BB		 261 VERIFY(nvlist_alloc(&fuids[i], NV_UNIQUE_NAME, KM_SLEEP) == 0);
262 VERIFY(nvlist_add_uint64(fuids[i], FUID_IDX,
263 domnode->f_idx) == 0);
264 VERIFY(nvlist_add_uint64(fuids[i], FUID_OFFSET, 0) == 0);
265 VERIFY(nvlist_add_string(fuids[i], FUID_DOMAIN,
266 domnode->f_ksid->kd_name) == 0);
267 }
268 VERIFY(nvlist_add_nvlist_array(nvp, FUID_NVP_ARRAY,
269 fuids, numnodes) == 0);
270 for (i = 0; i != numnodes; i++)
271 nvlist_free(fuids[i]);
272 kmem_free(fuids, numnodes * sizeof (void *));
273 VERIFY(nvlist_size(nvp, &nvsize, NV_ENCODE_XDR) == 0);
274 packed = kmem_alloc(nvsize, KM_SLEEP);
275 VERIFY(nvlist_pack(nvp, &packed, &nvsize,
276 NV_ENCODE_XDR, KM_SLEEP) == 0);
277 nvlist_free(nvp);
3558fd73
BB		 278 zsb->z_fuid_size = nvsize;
279 dmu_write(zsb->z_os, zsb->z_fuid_obj, 0, zsb->z_fuid_size, packed, tx);
280 kmem_free(packed, zsb->z_fuid_size);
281 VERIFY(0 == dmu_bonus_hold(zsb->z_os, zsb->z_fuid_obj,
9babb374
BB		 282 FTAG, &db));
283 dmu_buf_will_dirty(db, tx);
3558fd73 284 *(uint64_t *)db->db_data = zsb->z_fuid_size;
9babb374
BB		 285 dmu_buf_rele(db, FTAG);
286
3558fd73
BB		 287 zsb->z_fuid_dirty = B_FALSE;
288 rw_exit(&zsb->z_fuid_lock);
34dc7c2f
BB		 289}
290
291/*
292 * Query domain table for a given domain.
293 *
9babb374 294 * If domain isn't found and addok is set, it is added to AVL trees and
3558fd73 295 * the zsb->z_fuid_dirty flag will be set to TRUE. It will then be
9babb374
BB		 296 * necessary for the caller or another thread to detect the dirty table
297 * and sync out the changes.
34dc7c2f
BB		 298 */
299int
3558fd73 300zfs_fuid_find_by_domain(zfs_sb_t *zsb, const char *domain,
9babb374 301 char **retdomain, boolean_t addok)
34dc7c2f
BB		 302{
303 fuid_domain_t searchnode, *findnode;
304 avl_index_t loc;
b128c09f 305 krw_t rw = RW_READER;
34dc7c2f
BB		 306
307 /*
308 * If the dummy "nobody" domain then return an index of 0
309 * to cause the created FUID to be a standard POSIX id
310 * for the user nobody.
311 */
312 if (domain[0] == '\0') {
9babb374
BB		 313 if (retdomain)
314 *retdomain = nulldomain;
34dc7c2f
BB		 315 return (0);
316 }
317
318 searchnode.f_ksid = ksid_lookupdomain(domain);
9babb374 319 if (retdomain)
34dc7c2f 320 *retdomain = searchnode.f_ksid->kd_name;
3558fd73
BB		 321 if (!zsb->z_fuid_loaded)
322 zfs_fuid_init(zsb);
34dc7c2f 323
b128c09f 324retry:
3558fd73
BB		 325 rw_enter(&zsb->z_fuid_lock, rw);
326 findnode = avl_find(&zsb->z_fuid_domain, &searchnode, &loc);
34dc7c2f
BB		 327
328 if (findnode) {
3558fd73 329 rw_exit(&zsb->z_fuid_lock);
34dc7c2f
BB		 330 ksiddomain_rele(searchnode.f_ksid);
331 return (findnode->f_idx);
9babb374 332 } else if (addok) {
34dc7c2f 333 fuid_domain_t *domnode;
34dc7c2f 334 uint64_t retidx;
34dc7c2f 335
3558fd73
BB		 336 if (rw == RW_READER && !rw_tryupgrade(&zsb->z_fuid_lock)) {
337 rw_exit(&zsb->z_fuid_lock);
b128c09f
BB		 338 rw = RW_WRITER;
339 goto retry;
340 }
341
34dc7c2f
BB		 342 domnode = kmem_alloc(sizeof (fuid_domain_t), KM_SLEEP);
343 domnode->f_ksid = searchnode.f_ksid;
344
3558fd73 345 retidx = domnode->f_idx = avl_numnodes(&zsb->z_fuid_idx) + 1;
34dc7c2f 346
3558fd73
BB		 347 avl_add(&zsb->z_fuid_domain, domnode);
348 avl_add(&zsb->z_fuid_idx, domnode);
349 zsb->z_fuid_dirty = B_TRUE;
350 rw_exit(&zsb->z_fuid_lock);
34dc7c2f 351 return (retidx);
9babb374 352 } else {
3558fd73 353 rw_exit(&zsb->z_fuid_lock);
9babb374 354 return (-1);
34dc7c2f
BB		 355 }
356}
357
358/*
359 * Query domain table by index, returning domain string
360 *
361 * Returns a pointer from an avl node of the domain string.
362 *
363 */
9babb374 364const char *
3558fd73 365zfs_fuid_find_by_idx(zfs_sb_t *zsb, uint32_t idx)
34dc7c2f
BB		 366{
367 char *domain;
368
3558fd73 369 if (idx == 0 || !zsb->z_use_fuids)
34dc7c2f
BB		 370 return (NULL);
371
3558fd73
BB		 372 if (!zsb->z_fuid_loaded)
373 zfs_fuid_init(zsb);
34dc7c2f 374
3558fd73 375 rw_enter(&zsb->z_fuid_lock, RW_READER);
b128c09f 376
3558fd73
BB		 377 if (zsb->z_fuid_obj || zsb->z_fuid_dirty)
378 domain = zfs_fuid_idx_domain(&zsb->z_fuid_idx, idx);
b128c09f
BB		 379 else
380 domain = nulldomain;
3558fd73 381 rw_exit(&zsb->z_fuid_lock);
34dc7c2f
BB		 382
383 ASSERT(domain);
384 return (domain);
385}
386
387void
388zfs_fuid_map_ids(znode_t *zp, cred_t *cr, uid_t *uidp, uid_t *gidp)
389{
3558fd73
BB		 390 *uidp = zfs_fuid_map_id(ZTOZSB(zp), zp->z_uid, cr, ZFS_OWNER);
391 *gidp = zfs_fuid_map_id(ZTOZSB(zp), zp->z_gid, cr, ZFS_GROUP);
34dc7c2f
BB		 392}
393
394uid_t
3558fd73 395zfs_fuid_map_id(zfs_sb_t *zsb, uint64_t fuid,
34dc7c2f
BB		 396 cred_t *cr, zfs_fuid_type_t type)
397{
a405c8a6 398#ifdef HAVE_KSID
34dc7c2f 399 uint32_t index = FUID_INDEX(fuid);
9babb374 400 const char *domain;
34dc7c2f
BB		 401 uid_t id;
402
403 if (index == 0)
404 return (fuid);
405
3558fd73 406 domain = zfs_fuid_find_by_idx(zsb, index);
34dc7c2f
BB		 407 ASSERT(domain != NULL);
408
409 if (type == ZFS_OWNER || type == ZFS_ACE_USER) {
410 (void) kidmap_getuidbysid(crgetzone(cr), domain,
411 FUID_RID(fuid), &id);
412 } else {
413 (void) kidmap_getgidbysid(crgetzone(cr), domain,
414 FUID_RID(fuid), &id);
415 }
416 return (id);
a405c8a6 417#else
5484965a
BB		 418 /*
419 * The Linux port only supports POSIX IDs, use the passed id.
420 */
421 return (fuid);
a405c8a6 422#endif /* HAVE_KSID */
34dc7c2f
BB		 423}
424
425/*
426 * Add a FUID node to the list of fuid's being created for this
427 * ACL
428 *
429 * If ACL has multiple domains, then keep only one copy of each unique
430 * domain.
431 */
428870ff 432void
34dc7c2f
BB		 433zfs_fuid_node_add(zfs_fuid_info_t **fuidpp, const char *domain, uint32_t rid,
434 uint64_t idx, uint64_t id, zfs_fuid_type_t type)
435{
436 zfs_fuid_t *fuid;
437 zfs_fuid_domain_t *fuid_domain;
438 zfs_fuid_info_t *fuidp;
439 uint64_t fuididx;
440 boolean_t found = B_FALSE;
441
442 if (*fuidpp == NULL)
443 *fuidpp = zfs_fuid_info_alloc();
444
445 fuidp = *fuidpp;
446 /*
447 * First find fuid domain index in linked list
448 *
449 * If one isn't found then create an entry.
450 */
451
452 for (fuididx = 1, fuid_domain = list_head(&fuidp->z_domains);
453 fuid_domain; fuid_domain = list_next(&fuidp->z_domains,
454 fuid_domain), fuididx++) {
455 if (idx == fuid_domain->z_domidx) {
456 found = B_TRUE;
457 break;
458 }
459 }
460
461 if (!found) {
462 fuid_domain = kmem_alloc(sizeof (zfs_fuid_domain_t), KM_SLEEP);
463 fuid_domain->z_domain = domain;
464 fuid_domain->z_domidx = idx;
465 list_insert_tail(&fuidp->z_domains, fuid_domain);
466 fuidp->z_domain_str_sz += strlen(domain) + 1;
467 fuidp->z_domain_cnt++;
468 }
469
470 if (type == ZFS_ACE_USER || type == ZFS_ACE_GROUP) {
9babb374 471
34dc7c2f
BB		 472 /*
473 * Now allocate fuid entry and add it on the end of the list
474 */
475
476 fuid = kmem_alloc(sizeof (zfs_fuid_t), KM_SLEEP);
477 fuid->z_id = id;
478 fuid->z_domidx = idx;
479 fuid->z_logfuid = FUID_ENCODE(fuididx, rid);
480
481 list_insert_tail(&fuidp->z_fuids, fuid);
482 fuidp->z_fuid_cnt++;
483 } else {
484 if (type == ZFS_OWNER)
485 fuidp->z_fuid_owner = FUID_ENCODE(fuididx, rid);
486 else
487 fuidp->z_fuid_group = FUID_ENCODE(fuididx, rid);
488 }
489}
490
a405c8a6 491#ifdef HAVE_KSID
34dc7c2f
BB		 492/*
493 * Create a file system FUID, based on information in the users cred
428870ff
BB		 494 *
495 * If cred contains KSID_OWNER then it should be used to determine
496 * the uid otherwise cred's uid will be used. By default cred's gid
497 * is used unless it's an ephemeral ID in which case KSID_GROUP will
498 * be used if it exists.
34dc7c2f
BB		 499 */
500uint64_t
3558fd73 501zfs_fuid_create_cred(zfs_sb_t *zsb, zfs_fuid_type_t type,
9babb374 502 cred_t *cr, zfs_fuid_info_t **fuidp)
34dc7c2f
BB		 503{
504 uint64_t idx;
505 ksid_t *ksid;
506 uint32_t rid;
3558fd73 507 char *kdomain;
34dc7c2f
BB		 508 const char *domain;
509 uid_t id;
510
511 VERIFY(type == ZFS_OWNER || type == ZFS_GROUP);
512
b128c09f 513 ksid = crgetsid(cr, (type == ZFS_OWNER) ? KSID_OWNER : KSID_GROUP);
428870ff 514
3558fd73 515 if (!zsb->z_use_fuids || (ksid == NULL)) {
428870ff
BB		 516 id = (type == ZFS_OWNER) ? crgetuid(cr) : crgetgid(cr);
517
518 if (IS_EPHEMERAL(id))
519 return ((type == ZFS_OWNER) ? UID_NOBODY : GID_NOBODY);
520
521 return ((uint64_t)id);
b128c09f 522 }
34dc7c2f 523
428870ff
BB		 524 /*
525 * ksid is present and FUID is supported
526 */
527 id = (type == ZFS_OWNER) ? ksid_getid(ksid) : crgetgid(cr);
528
529 if (!IS_EPHEMERAL(id))
34dc7c2f
BB		 530 return ((uint64_t)id);
531
428870ff
BB		 532 if (type == ZFS_GROUP)
533 id = ksid_getid(ksid);
534
34dc7c2f
BB		 535 rid = ksid_getrid(ksid);
536 domain = ksid_getdomain(ksid);
537
3558fd73 538 idx = zfs_fuid_find_by_domain(zsb, domain, &kdomain, B_TRUE);
34dc7c2f
BB		 539
540 zfs_fuid_node_add(fuidp, kdomain, rid, idx, id, type);
541
542 return (FUID_ENCODE(idx, rid));
543}
a405c8a6 544#endif /* HAVE_KSID */
34dc7c2f
BB		 545
546/*
547 * Create a file system FUID for an ACL ace
548 * or a chown/chgrp of the file.
549 * This is similar to zfs_fuid_create_cred, except that
550 * we can't find the domain + rid information in the
551 * cred. Instead we have to query Winchester for the
552 * domain and rid.
553 *
554 * During replay operations the domain+rid information is
555 * found in the zfs_fuid_info_t that the replay code has
3558fd73 556 * attached to the zsb of the file system.
34dc7c2f
BB		 557 */
558uint64_t
3558fd73 559zfs_fuid_create(zfs_sb_t *zsb, uint64_t id, cred_t *cr,
9babb374 560 zfs_fuid_type_t type, zfs_fuid_info_t **fuidpp)
34dc7c2f 561{
a405c8a6 562#ifdef HAVE_KSID
34dc7c2f
BB		 563 const char *domain;
564 char *kdomain;
565 uint32_t fuid_idx = FUID_INDEX(id);
566 uint32_t rid;
567 idmap_stat status;
568 uint64_t idx;
34dc7c2f
BB		 569 zfs_fuid_t *zfuid = NULL;
570 zfs_fuid_info_t *fuidp;
571
572 /*
573 * If POSIX ID, or entry is already a FUID then
574 * just return the id
575 *
576 * We may also be handed an already FUID'ized id via
577 * chmod.
578 */
579
3558fd73 580 if (!zsb->z_use_fuids || !IS_EPHEMERAL(id) || fuid_idx != 0)
34dc7c2f
BB		 581 return (id);
582
3558fd73
BB		 583 if (zsb->z_replay) {
584 fuidp = zsb->z_fuid_replay;
34dc7c2f
BB		 585
586 /*
587 * If we are passed an ephemeral id, but no
588 * fuid_info was logged then return NOBODY.
589 * This is most likely a result of idmap service
590 * not being available.
591 */
592 if (fuidp == NULL)
593 return (UID_NOBODY);
594
595 switch (type) {
596 case ZFS_ACE_USER:
597 case ZFS_ACE_GROUP:
598 zfuid = list_head(&fuidp->z_fuids);
599 rid = FUID_RID(zfuid->z_logfuid);
600 idx = FUID_INDEX(zfuid->z_logfuid);
601 break;
602 case ZFS_OWNER:
603 rid = FUID_RID(fuidp->z_fuid_owner);
604 idx = FUID_INDEX(fuidp->z_fuid_owner);
605 break;
606 case ZFS_GROUP:
607 rid = FUID_RID(fuidp->z_fuid_group);
608 idx = FUID_INDEX(fuidp->z_fuid_group);
609 break;
610 };
611 domain = fuidp->z_domain_table[idx -1];
612 } else {
613 if (type == ZFS_OWNER || type == ZFS_ACE_USER)
614 status = kidmap_getsidbyuid(crgetzone(cr), id,
615 &domain, &rid);
616 else
617 status = kidmap_getsidbygid(crgetzone(cr), id,
618 &domain, &rid);
619
620 if (status != 0) {
621 /*
622 * When returning nobody we will need to
623 * make a dummy fuid table entry for logging
624 * purposes.
625 */
626 rid = UID_NOBODY;
b128c09f 627 domain = nulldomain;
34dc7c2f
BB		 628 }
629 }
630
3558fd73 631 idx = zfs_fuid_find_by_domain(zsb, domain, &kdomain, B_TRUE);
34dc7c2f 632
3558fd73 633 if (!zsb->z_replay)
9babb374
BB		 634 zfs_fuid_node_add(fuidpp, kdomain,
635 rid, idx, id, type);
34dc7c2f
BB		 636 else if (zfuid != NULL) {
637 list_remove(&fuidp->z_fuids, zfuid);
638 kmem_free(zfuid, sizeof (zfs_fuid_t));
639 }
640 return (FUID_ENCODE(idx, rid));
a405c8a6 641#else
037849f8
BB		 642 /*
643 * The Linux port only supports POSIX IDs, use the passed id.
644 */
645 return (id);
a405c8a6 646#endif
34dc7c2f
BB		 647}
648
649void
3558fd73 650zfs_fuid_destroy(zfs_sb_t *zsb)
34dc7c2f 651{
3558fd73
BB		 652 rw_enter(&zsb->z_fuid_lock, RW_WRITER);
653 if (!zsb->z_fuid_loaded) {
654 rw_exit(&zsb->z_fuid_lock);
34dc7c2f
BB		 655 return;
656 }
3558fd73
BB		 657 zfs_fuid_table_destroy(&zsb->z_fuid_idx, &zsb->z_fuid_domain);
658 rw_exit(&zsb->z_fuid_lock);
34dc7c2f
BB		 659}
660
661/*
662 * Allocate zfs_fuid_info for tracking FUIDs created during
663 * zfs_mknode, VOP_SETATTR() or VOP_SETSECATTR()
664 */
665zfs_fuid_info_t *
666zfs_fuid_info_alloc(void)
667{
668 zfs_fuid_info_t *fuidp;
669
670 fuidp = kmem_zalloc(sizeof (zfs_fuid_info_t), KM_SLEEP);
671 list_create(&fuidp->z_domains, sizeof (zfs_fuid_domain_t),
672 offsetof(zfs_fuid_domain_t, z_next));
673 list_create(&fuidp->z_fuids, sizeof (zfs_fuid_t),
674 offsetof(zfs_fuid_t, z_next));
675 return (fuidp);
676}
677
678/*
679 * Release all memory associated with zfs_fuid_info_t
680 */
681void
682zfs_fuid_info_free(zfs_fuid_info_t *fuidp)
683{
684 zfs_fuid_t *zfuid;
685 zfs_fuid_domain_t *zdomain;
686
687 while ((zfuid = list_head(&fuidp->z_fuids)) != NULL) {
688 list_remove(&fuidp->z_fuids, zfuid);
689 kmem_free(zfuid, sizeof (zfs_fuid_t));
690 }
691
692 if (fuidp->z_domain_table != NULL)
693 kmem_free(fuidp->z_domain_table,
694 (sizeof (char **)) * fuidp->z_domain_cnt);
695
696 while ((zdomain = list_head(&fuidp->z_domains)) != NULL) {
697 list_remove(&fuidp->z_domains, zdomain);
698 kmem_free(zdomain, sizeof (zfs_fuid_domain_t));
699 }
700
701 kmem_free(fuidp, sizeof (zfs_fuid_info_t));
702}
703
704/*
705 * Check to see if id is a groupmember. If cred
706 * has ksid info then sidlist is checked first
707 * and if still not found then POSIX groups are checked
708 *
709 * Will use a straight FUID compare when possible.
710 */
711boolean_t
3558fd73 712zfs_groupmember(zfs_sb_t *zsb, uint64_t id, cred_t *cr)
34dc7c2f 713{
a405c8a6 714#ifdef HAVE_KSID
34dc7c2f 715 ksid_t *ksid = crgetsid(cr, KSID_GROUP);
9babb374 716 ksidlist_t *ksidlist = crgetsidlist(cr);
34dc7c2f
BB		 717 uid_t gid;
718
9babb374 719 if (ksid && ksidlist) {
3558fd73 720 int i;
34dc7c2f 721 ksid_t *ksid_groups;
34dc7c2f
BB		 722 uint32_t idx = FUID_INDEX(id);
723 uint32_t rid = FUID_RID(id);
724
34dc7c2f
BB		 725 ksid_groups = ksidlist->ksl_sids;
726
727 for (i = 0; i != ksidlist->ksl_nsid; i++) {
728 if (idx == 0) {
729 if (id != IDMAP_WK_CREATOR_GROUP_GID &&
730 id == ksid_groups[i].ks_id) {
731 return (B_TRUE);
732 }
733 } else {
9babb374 734 const char *domain;
34dc7c2f 735
3558fd73 736 domain = zfs_fuid_find_by_idx(zsb, idx);
34dc7c2f
BB		 737 ASSERT(domain != NULL);
738
739 if (strcmp(domain,
740 IDMAP_WK_CREATOR_SID_AUTHORITY) == 0)
741 return (B_FALSE);
742
743 if ((strcmp(domain,
744 ksid_groups[i].ks_domain->kd_name) == 0) &&
745 rid == ksid_groups[i].ks_rid)
746 return (B_TRUE);
747 }
748 }
749 }
750
751 /*
752 * Not found in ksidlist, check posix groups
753 */
3558fd73 754 gid = zfs_fuid_map_id(zsb, id, cr, ZFS_GROUP);
34dc7c2f 755 return (groupmember(gid, cr));
a405c8a6
BB		 756#else
757 return (B_TRUE);
758#endif
34dc7c2f 759}
9babb374
BB		 760
761void
3558fd73 762zfs_fuid_txhold(zfs_sb_t *zsb, dmu_tx_t *tx)
9babb374 763{
3558fd73 764 if (zsb->z_fuid_obj == 0) {
9babb374
BB		 765 dmu_tx_hold_bonus(tx, DMU_NEW_OBJECT);
766 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
3558fd73 767 FUID_SIZE_ESTIMATE(zsb));
9babb374
BB		 768 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, FALSE, NULL);
769 } else {
3558fd73
BB		 770 dmu_tx_hold_bonus(tx, zsb->z_fuid_obj);
771 dmu_tx_hold_write(tx, zsb->z_fuid_obj, 0,
772 FUID_SIZE_ESTIMATE(zsb));
9babb374
BB		 773 }
774}
34dc7c2f 775#endif
ZFS On Linux mirror for PVE