]>
Commit | Line | Data |
---|---|---|
34dc7c2f BB |
1 | /* |
2 | * CDDL HEADER START | |
3 | * | |
4 | * The contents of this file are subject to the terms of the | |
5 | * Common Development and Distribution License (the "License"). | |
6 | * You may not use this file except in compliance with the License. | |
7 | * | |
8 | * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
9 | * or http://www.opensolaris.org/os/licensing. | |
10 | * See the License for the specific language governing permissions | |
11 | * and limitations under the License. | |
12 | * | |
13 | * When distributing Covered Code, include this CDDL HEADER in each | |
14 | * file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
15 | * If applicable, add the following below this CDDL HEADER, with the | |
16 | * fields enclosed by brackets "[]" replaced with your own identifying | |
17 | * information: Portions Copyright [yyyy] [name of copyright owner] | |
18 | * | |
19 | * CDDL HEADER END | |
20 | */ | |
21 | /* | |
428870ff | 22 | * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. |
34dc7c2f BB |
23 | */ |
24 | ||
34dc7c2f | 25 | #include <sys/zfs_context.h> |
34dc7c2f BB |
26 | #include <sys/dmu.h> |
27 | #include <sys/avl.h> | |
28 | #include <sys/zap.h> | |
29 | #include <sys/refcount.h> | |
30 | #include <sys/nvpair.h> | |
31 | #ifdef _KERNEL | |
32 | #include <sys/kidmap.h> | |
33 | #include <sys/sid.h> | |
34 | #include <sys/zfs_vfsops.h> | |
35 | #include <sys/zfs_znode.h> | |
36 | #endif | |
37 | #include <sys/zfs_fuid.h> | |
38 | ||
39 | /* | |
40 | * FUID Domain table(s). | |
41 | * | |
42 | * The FUID table is stored as a packed nvlist of an array | |
43 | * of nvlists which contain an index, domain string and offset | |
44 | * | |
45 | * During file system initialization the nvlist(s) are read and | |
46 | * two AVL trees are created. One tree is keyed by the index number | |
47 | * and the other by the domain string. Nodes are never removed from | |
9babb374 | 48 | * trees, but new entries may be added. If a new entry is added then |
3558fd73 | 49 | * the zsb->z_fuid_dirty flag is set to true and the caller will then |
9babb374 BB |
50 | * be responsible for calling zfs_fuid_sync() to sync the changes to disk. |
51 | * | |
34dc7c2f BB |
52 | */ |
53 | ||
54 | #define FUID_IDX "fuid_idx" | |
55 | #define FUID_DOMAIN "fuid_domain" | |
56 | #define FUID_OFFSET "fuid_offset" | |
57 | #define FUID_NVP_ARRAY "fuid_nvlist" | |
58 | ||
59 | typedef struct fuid_domain { | |
60 | avl_node_t f_domnode; | |
61 | avl_node_t f_idxnode; | |
62 | ksiddomain_t *f_ksid; | |
63 | uint64_t f_idx; | |
64 | } fuid_domain_t; | |
65 | ||
b128c09f BB |
66 | static char *nulldomain = ""; |
67 | ||
34dc7c2f BB |
68 | /* |
69 | * Compare two indexes. | |
70 | */ | |
71 | static int | |
72 | idx_compare(const void *arg1, const void *arg2) | |
73 | { | |
74 | const fuid_domain_t *node1 = arg1; | |
75 | const fuid_domain_t *node2 = arg2; | |
76 | ||
77 | if (node1->f_idx < node2->f_idx) | |
78 | return (-1); | |
79 | else if (node1->f_idx > node2->f_idx) | |
80 | return (1); | |
81 | return (0); | |
82 | } | |
83 | ||
84 | /* | |
85 | * Compare two domain strings. | |
86 | */ | |
87 | static int | |
88 | domain_compare(const void *arg1, const void *arg2) | |
89 | { | |
90 | const fuid_domain_t *node1 = arg1; | |
91 | const fuid_domain_t *node2 = arg2; | |
92 | int val; | |
93 | ||
94 | val = strcmp(node1->f_ksid->kd_name, node2->f_ksid->kd_name); | |
95 | if (val == 0) | |
96 | return (0); | |
97 | return (val > 0 ? 1 : -1); | |
98 | } | |
99 | ||
9babb374 BB |
100 | void |
101 | zfs_fuid_avl_tree_create(avl_tree_t *idx_tree, avl_tree_t *domain_tree) | |
102 | { | |
103 | avl_create(idx_tree, idx_compare, | |
104 | sizeof (fuid_domain_t), offsetof(fuid_domain_t, f_idxnode)); | |
105 | avl_create(domain_tree, domain_compare, | |
106 | sizeof (fuid_domain_t), offsetof(fuid_domain_t, f_domnode)); | |
107 | } | |
108 | ||
34dc7c2f BB |
109 | /* |
110 | * load initial fuid domain and idx trees. This function is used by | |
111 | * both the kernel and zdb. | |
112 | */ | |
113 | uint64_t | |
114 | zfs_fuid_table_load(objset_t *os, uint64_t fuid_obj, avl_tree_t *idx_tree, | |
115 | avl_tree_t *domain_tree) | |
116 | { | |
117 | dmu_buf_t *db; | |
118 | uint64_t fuid_size; | |
119 | ||
9babb374 BB |
120 | ASSERT(fuid_obj != 0); |
121 | VERIFY(0 == dmu_bonus_hold(os, fuid_obj, | |
122 | FTAG, &db)); | |
34dc7c2f BB |
123 | fuid_size = *(uint64_t *)db->db_data; |
124 | dmu_buf_rele(db, FTAG); | |
125 | ||
126 | if (fuid_size) { | |
127 | nvlist_t **fuidnvp; | |
128 | nvlist_t *nvp = NULL; | |
129 | uint_t count; | |
130 | char *packed; | |
131 | int i; | |
132 | ||
133 | packed = kmem_alloc(fuid_size, KM_SLEEP); | |
9babb374 BB |
134 | VERIFY(dmu_read(os, fuid_obj, 0, |
135 | fuid_size, packed, DMU_READ_PREFETCH) == 0); | |
34dc7c2f BB |
136 | VERIFY(nvlist_unpack(packed, fuid_size, |
137 | &nvp, 0) == 0); | |
138 | VERIFY(nvlist_lookup_nvlist_array(nvp, FUID_NVP_ARRAY, | |
139 | &fuidnvp, &count) == 0); | |
140 | ||
141 | for (i = 0; i != count; i++) { | |
142 | fuid_domain_t *domnode; | |
143 | char *domain; | |
144 | uint64_t idx; | |
145 | ||
146 | VERIFY(nvlist_lookup_string(fuidnvp[i], FUID_DOMAIN, | |
147 | &domain) == 0); | |
148 | VERIFY(nvlist_lookup_uint64(fuidnvp[i], FUID_IDX, | |
149 | &idx) == 0); | |
150 | ||
151 | domnode = kmem_alloc(sizeof (fuid_domain_t), KM_SLEEP); | |
152 | ||
153 | domnode->f_idx = idx; | |
154 | domnode->f_ksid = ksid_lookupdomain(domain); | |
155 | avl_add(idx_tree, domnode); | |
156 | avl_add(domain_tree, domnode); | |
157 | } | |
158 | nvlist_free(nvp); | |
159 | kmem_free(packed, fuid_size); | |
160 | } | |
161 | return (fuid_size); | |
162 | } | |
163 | ||
164 | void | |
165 | zfs_fuid_table_destroy(avl_tree_t *idx_tree, avl_tree_t *domain_tree) | |
166 | { | |
167 | fuid_domain_t *domnode; | |
168 | void *cookie; | |
169 | ||
170 | cookie = NULL; | |
c65aa5b2 | 171 | while ((domnode = avl_destroy_nodes(domain_tree, &cookie))) |
34dc7c2f BB |
172 | ksiddomain_rele(domnode->f_ksid); |
173 | ||
174 | avl_destroy(domain_tree); | |
175 | cookie = NULL; | |
c65aa5b2 | 176 | while ((domnode = avl_destroy_nodes(idx_tree, &cookie))) |
34dc7c2f BB |
177 | kmem_free(domnode, sizeof (fuid_domain_t)); |
178 | avl_destroy(idx_tree); | |
179 | } | |
180 | ||
181 | char * | |
182 | zfs_fuid_idx_domain(avl_tree_t *idx_tree, uint32_t idx) | |
183 | { | |
184 | fuid_domain_t searchnode, *findnode; | |
185 | avl_index_t loc; | |
186 | ||
187 | searchnode.f_idx = idx; | |
188 | ||
189 | findnode = avl_find(idx_tree, &searchnode, &loc); | |
190 | ||
b128c09f | 191 | return (findnode ? findnode->f_ksid->kd_name : nulldomain); |
34dc7c2f BB |
192 | } |
193 | ||
194 | #ifdef _KERNEL | |
195 | /* | |
196 | * Load the fuid table(s) into memory. | |
197 | */ | |
198 | static void | |
3558fd73 | 199 | zfs_fuid_init(zfs_sb_t *zsb) |
34dc7c2f | 200 | { |
3558fd73 | 201 | rw_enter(&zsb->z_fuid_lock, RW_WRITER); |
34dc7c2f | 202 | |
3558fd73 BB |
203 | if (zsb->z_fuid_loaded) { |
204 | rw_exit(&zsb->z_fuid_lock); | |
34dc7c2f BB |
205 | return; |
206 | } | |
207 | ||
3558fd73 | 208 | zfs_fuid_avl_tree_create(&zsb->z_fuid_idx, &zsb->z_fuid_domain); |
34dc7c2f | 209 | |
3558fd73 BB |
210 | (void) zap_lookup(zsb->z_os, MASTER_NODE_OBJ, |
211 | ZFS_FUID_TABLES, 8, 1, &zsb->z_fuid_obj); | |
212 | if (zsb->z_fuid_obj != 0) { | |
213 | zsb->z_fuid_size = zfs_fuid_table_load(zsb->z_os, | |
214 | zsb->z_fuid_obj, &zsb->z_fuid_idx, | |
215 | &zsb->z_fuid_domain); | |
b128c09f | 216 | } |
34dc7c2f | 217 | |
3558fd73 BB |
218 | zsb->z_fuid_loaded = B_TRUE; |
219 | rw_exit(&zsb->z_fuid_lock); | |
9babb374 BB |
220 | } |
221 | ||
222 | /* | |
223 | * sync out AVL trees to persistent storage. | |
224 | */ | |
225 | void | |
3558fd73 | 226 | zfs_fuid_sync(zfs_sb_t *zsb, dmu_tx_t *tx) |
9babb374 BB |
227 | { |
228 | nvlist_t *nvp; | |
229 | nvlist_t **fuids; | |
230 | size_t nvsize = 0; | |
231 | char *packed; | |
232 | dmu_buf_t *db; | |
233 | fuid_domain_t *domnode; | |
234 | int numnodes; | |
235 | int i; | |
236 | ||
3558fd73 | 237 | if (!zsb->z_fuid_dirty) { |
9babb374 BB |
238 | return; |
239 | } | |
240 | ||
3558fd73 | 241 | rw_enter(&zsb->z_fuid_lock, RW_WRITER); |
9babb374 BB |
242 | |
243 | /* | |
244 | * First see if table needs to be created? | |
245 | */ | |
3558fd73 BB |
246 | if (zsb->z_fuid_obj == 0) { |
247 | zsb->z_fuid_obj = dmu_object_alloc(zsb->z_os, | |
9babb374 BB |
248 | DMU_OT_FUID, 1 << 14, DMU_OT_FUID_SIZE, |
249 | sizeof (uint64_t), tx); | |
3558fd73 | 250 | VERIFY(zap_add(zsb->z_os, MASTER_NODE_OBJ, |
9babb374 | 251 | ZFS_FUID_TABLES, sizeof (uint64_t), 1, |
3558fd73 | 252 | &zsb->z_fuid_obj, tx) == 0); |
9babb374 BB |
253 | } |
254 | ||
255 | VERIFY(nvlist_alloc(&nvp, NV_UNIQUE_NAME, KM_SLEEP) == 0); | |
256 | ||
3558fd73 | 257 | numnodes = avl_numnodes(&zsb->z_fuid_idx); |
9babb374 | 258 | fuids = kmem_alloc(numnodes * sizeof (void *), KM_SLEEP); |
3558fd73 BB |
259 | for (i = 0, domnode = avl_first(&zsb->z_fuid_domain); domnode; i++, |
260 | domnode = AVL_NEXT(&zsb->z_fuid_domain, domnode)) { | |
9babb374 BB |
261 | VERIFY(nvlist_alloc(&fuids[i], NV_UNIQUE_NAME, KM_SLEEP) == 0); |
262 | VERIFY(nvlist_add_uint64(fuids[i], FUID_IDX, | |
263 | domnode->f_idx) == 0); | |
264 | VERIFY(nvlist_add_uint64(fuids[i], FUID_OFFSET, 0) == 0); | |
265 | VERIFY(nvlist_add_string(fuids[i], FUID_DOMAIN, | |
266 | domnode->f_ksid->kd_name) == 0); | |
267 | } | |
268 | VERIFY(nvlist_add_nvlist_array(nvp, FUID_NVP_ARRAY, | |
269 | fuids, numnodes) == 0); | |
270 | for (i = 0; i != numnodes; i++) | |
271 | nvlist_free(fuids[i]); | |
272 | kmem_free(fuids, numnodes * sizeof (void *)); | |
273 | VERIFY(nvlist_size(nvp, &nvsize, NV_ENCODE_XDR) == 0); | |
274 | packed = kmem_alloc(nvsize, KM_SLEEP); | |
275 | VERIFY(nvlist_pack(nvp, &packed, &nvsize, | |
276 | NV_ENCODE_XDR, KM_SLEEP) == 0); | |
277 | nvlist_free(nvp); | |
3558fd73 BB |
278 | zsb->z_fuid_size = nvsize; |
279 | dmu_write(zsb->z_os, zsb->z_fuid_obj, 0, zsb->z_fuid_size, packed, tx); | |
280 | kmem_free(packed, zsb->z_fuid_size); | |
281 | VERIFY(0 == dmu_bonus_hold(zsb->z_os, zsb->z_fuid_obj, | |
9babb374 BB |
282 | FTAG, &db)); |
283 | dmu_buf_will_dirty(db, tx); | |
3558fd73 | 284 | *(uint64_t *)db->db_data = zsb->z_fuid_size; |
9babb374 BB |
285 | dmu_buf_rele(db, FTAG); |
286 | ||
3558fd73 BB |
287 | zsb->z_fuid_dirty = B_FALSE; |
288 | rw_exit(&zsb->z_fuid_lock); | |
34dc7c2f BB |
289 | } |
290 | ||
291 | /* | |
292 | * Query domain table for a given domain. | |
293 | * | |
9babb374 | 294 | * If domain isn't found and addok is set, it is added to AVL trees and |
3558fd73 | 295 | * the zsb->z_fuid_dirty flag will be set to TRUE. It will then be |
9babb374 BB |
296 | * necessary for the caller or another thread to detect the dirty table |
297 | * and sync out the changes. | |
34dc7c2f BB |
298 | */ |
299 | int | |
3558fd73 | 300 | zfs_fuid_find_by_domain(zfs_sb_t *zsb, const char *domain, |
9babb374 | 301 | char **retdomain, boolean_t addok) |
34dc7c2f BB |
302 | { |
303 | fuid_domain_t searchnode, *findnode; | |
304 | avl_index_t loc; | |
b128c09f | 305 | krw_t rw = RW_READER; |
34dc7c2f BB |
306 | |
307 | /* | |
308 | * If the dummy "nobody" domain then return an index of 0 | |
309 | * to cause the created FUID to be a standard POSIX id | |
310 | * for the user nobody. | |
311 | */ | |
312 | if (domain[0] == '\0') { | |
9babb374 BB |
313 | if (retdomain) |
314 | *retdomain = nulldomain; | |
34dc7c2f BB |
315 | return (0); |
316 | } | |
317 | ||
318 | searchnode.f_ksid = ksid_lookupdomain(domain); | |
9babb374 | 319 | if (retdomain) |
34dc7c2f | 320 | *retdomain = searchnode.f_ksid->kd_name; |
3558fd73 BB |
321 | if (!zsb->z_fuid_loaded) |
322 | zfs_fuid_init(zsb); | |
34dc7c2f | 323 | |
b128c09f | 324 | retry: |
3558fd73 BB |
325 | rw_enter(&zsb->z_fuid_lock, rw); |
326 | findnode = avl_find(&zsb->z_fuid_domain, &searchnode, &loc); | |
34dc7c2f BB |
327 | |
328 | if (findnode) { | |
3558fd73 | 329 | rw_exit(&zsb->z_fuid_lock); |
34dc7c2f BB |
330 | ksiddomain_rele(searchnode.f_ksid); |
331 | return (findnode->f_idx); | |
9babb374 | 332 | } else if (addok) { |
34dc7c2f | 333 | fuid_domain_t *domnode; |
34dc7c2f | 334 | uint64_t retidx; |
34dc7c2f | 335 | |
3558fd73 BB |
336 | if (rw == RW_READER && !rw_tryupgrade(&zsb->z_fuid_lock)) { |
337 | rw_exit(&zsb->z_fuid_lock); | |
b128c09f BB |
338 | rw = RW_WRITER; |
339 | goto retry; | |
340 | } | |
341 | ||
34dc7c2f BB |
342 | domnode = kmem_alloc(sizeof (fuid_domain_t), KM_SLEEP); |
343 | domnode->f_ksid = searchnode.f_ksid; | |
344 | ||
3558fd73 | 345 | retidx = domnode->f_idx = avl_numnodes(&zsb->z_fuid_idx) + 1; |
34dc7c2f | 346 | |
3558fd73 BB |
347 | avl_add(&zsb->z_fuid_domain, domnode); |
348 | avl_add(&zsb->z_fuid_idx, domnode); | |
349 | zsb->z_fuid_dirty = B_TRUE; | |
350 | rw_exit(&zsb->z_fuid_lock); | |
34dc7c2f | 351 | return (retidx); |
9babb374 | 352 | } else { |
3558fd73 | 353 | rw_exit(&zsb->z_fuid_lock); |
9babb374 | 354 | return (-1); |
34dc7c2f BB |
355 | } |
356 | } | |
357 | ||
358 | /* | |
359 | * Query domain table by index, returning domain string | |
360 | * | |
361 | * Returns a pointer from an avl node of the domain string. | |
362 | * | |
363 | */ | |
9babb374 | 364 | const char * |
3558fd73 | 365 | zfs_fuid_find_by_idx(zfs_sb_t *zsb, uint32_t idx) |
34dc7c2f BB |
366 | { |
367 | char *domain; | |
368 | ||
3558fd73 | 369 | if (idx == 0 || !zsb->z_use_fuids) |
34dc7c2f BB |
370 | return (NULL); |
371 | ||
3558fd73 BB |
372 | if (!zsb->z_fuid_loaded) |
373 | zfs_fuid_init(zsb); | |
34dc7c2f | 374 | |
3558fd73 | 375 | rw_enter(&zsb->z_fuid_lock, RW_READER); |
b128c09f | 376 | |
3558fd73 BB |
377 | if (zsb->z_fuid_obj || zsb->z_fuid_dirty) |
378 | domain = zfs_fuid_idx_domain(&zsb->z_fuid_idx, idx); | |
b128c09f BB |
379 | else |
380 | domain = nulldomain; | |
3558fd73 | 381 | rw_exit(&zsb->z_fuid_lock); |
34dc7c2f BB |
382 | |
383 | ASSERT(domain); | |
384 | return (domain); | |
385 | } | |
386 | ||
387 | void | |
388 | zfs_fuid_map_ids(znode_t *zp, cred_t *cr, uid_t *uidp, uid_t *gidp) | |
389 | { | |
3558fd73 BB |
390 | *uidp = zfs_fuid_map_id(ZTOZSB(zp), zp->z_uid, cr, ZFS_OWNER); |
391 | *gidp = zfs_fuid_map_id(ZTOZSB(zp), zp->z_gid, cr, ZFS_GROUP); | |
34dc7c2f BB |
392 | } |
393 | ||
394 | uid_t | |
3558fd73 | 395 | zfs_fuid_map_id(zfs_sb_t *zsb, uint64_t fuid, |
34dc7c2f BB |
396 | cred_t *cr, zfs_fuid_type_t type) |
397 | { | |
a405c8a6 | 398 | #ifdef HAVE_KSID |
34dc7c2f | 399 | uint32_t index = FUID_INDEX(fuid); |
9babb374 | 400 | const char *domain; |
34dc7c2f BB |
401 | uid_t id; |
402 | ||
403 | if (index == 0) | |
404 | return (fuid); | |
405 | ||
3558fd73 | 406 | domain = zfs_fuid_find_by_idx(zsb, index); |
34dc7c2f BB |
407 | ASSERT(domain != NULL); |
408 | ||
409 | if (type == ZFS_OWNER || type == ZFS_ACE_USER) { | |
410 | (void) kidmap_getuidbysid(crgetzone(cr), domain, | |
411 | FUID_RID(fuid), &id); | |
412 | } else { | |
413 | (void) kidmap_getgidbysid(crgetzone(cr), domain, | |
414 | FUID_RID(fuid), &id); | |
415 | } | |
416 | return (id); | |
a405c8a6 | 417 | #else |
5484965a BB |
418 | /* |
419 | * The Linux port only supports POSIX IDs, use the passed id. | |
420 | */ | |
421 | return (fuid); | |
a405c8a6 | 422 | #endif /* HAVE_KSID */ |
34dc7c2f BB |
423 | } |
424 | ||
425 | /* | |
426 | * Add a FUID node to the list of fuid's being created for this | |
427 | * ACL | |
428 | * | |
429 | * If ACL has multiple domains, then keep only one copy of each unique | |
430 | * domain. | |
431 | */ | |
428870ff | 432 | void |
34dc7c2f BB |
433 | zfs_fuid_node_add(zfs_fuid_info_t **fuidpp, const char *domain, uint32_t rid, |
434 | uint64_t idx, uint64_t id, zfs_fuid_type_t type) | |
435 | { | |
436 | zfs_fuid_t *fuid; | |
437 | zfs_fuid_domain_t *fuid_domain; | |
438 | zfs_fuid_info_t *fuidp; | |
439 | uint64_t fuididx; | |
440 | boolean_t found = B_FALSE; | |
441 | ||
442 | if (*fuidpp == NULL) | |
443 | *fuidpp = zfs_fuid_info_alloc(); | |
444 | ||
445 | fuidp = *fuidpp; | |
446 | /* | |
447 | * First find fuid domain index in linked list | |
448 | * | |
449 | * If one isn't found then create an entry. | |
450 | */ | |
451 | ||
452 | for (fuididx = 1, fuid_domain = list_head(&fuidp->z_domains); | |
453 | fuid_domain; fuid_domain = list_next(&fuidp->z_domains, | |
454 | fuid_domain), fuididx++) { | |
455 | if (idx == fuid_domain->z_domidx) { | |
456 | found = B_TRUE; | |
457 | break; | |
458 | } | |
459 | } | |
460 | ||
461 | if (!found) { | |
462 | fuid_domain = kmem_alloc(sizeof (zfs_fuid_domain_t), KM_SLEEP); | |
463 | fuid_domain->z_domain = domain; | |
464 | fuid_domain->z_domidx = idx; | |
465 | list_insert_tail(&fuidp->z_domains, fuid_domain); | |
466 | fuidp->z_domain_str_sz += strlen(domain) + 1; | |
467 | fuidp->z_domain_cnt++; | |
468 | } | |
469 | ||
470 | if (type == ZFS_ACE_USER || type == ZFS_ACE_GROUP) { | |
9babb374 | 471 | |
34dc7c2f BB |
472 | /* |
473 | * Now allocate fuid entry and add it on the end of the list | |
474 | */ | |
475 | ||
476 | fuid = kmem_alloc(sizeof (zfs_fuid_t), KM_SLEEP); | |
477 | fuid->z_id = id; | |
478 | fuid->z_domidx = idx; | |
479 | fuid->z_logfuid = FUID_ENCODE(fuididx, rid); | |
480 | ||
481 | list_insert_tail(&fuidp->z_fuids, fuid); | |
482 | fuidp->z_fuid_cnt++; | |
483 | } else { | |
484 | if (type == ZFS_OWNER) | |
485 | fuidp->z_fuid_owner = FUID_ENCODE(fuididx, rid); | |
486 | else | |
487 | fuidp->z_fuid_group = FUID_ENCODE(fuididx, rid); | |
488 | } | |
489 | } | |
490 | ||
a405c8a6 | 491 | #ifdef HAVE_KSID |
34dc7c2f BB |
492 | /* |
493 | * Create a file system FUID, based on information in the users cred | |
428870ff BB |
494 | * |
495 | * If cred contains KSID_OWNER then it should be used to determine | |
496 | * the uid otherwise cred's uid will be used. By default cred's gid | |
497 | * is used unless it's an ephemeral ID in which case KSID_GROUP will | |
498 | * be used if it exists. | |
34dc7c2f BB |
499 | */ |
500 | uint64_t | |
3558fd73 | 501 | zfs_fuid_create_cred(zfs_sb_t *zsb, zfs_fuid_type_t type, |
9babb374 | 502 | cred_t *cr, zfs_fuid_info_t **fuidp) |
34dc7c2f BB |
503 | { |
504 | uint64_t idx; | |
505 | ksid_t *ksid; | |
506 | uint32_t rid; | |
3558fd73 | 507 | char *kdomain; |
34dc7c2f BB |
508 | const char *domain; |
509 | uid_t id; | |
510 | ||
511 | VERIFY(type == ZFS_OWNER || type == ZFS_GROUP); | |
512 | ||
b128c09f | 513 | ksid = crgetsid(cr, (type == ZFS_OWNER) ? KSID_OWNER : KSID_GROUP); |
428870ff | 514 | |
3558fd73 | 515 | if (!zsb->z_use_fuids || (ksid == NULL)) { |
428870ff BB |
516 | id = (type == ZFS_OWNER) ? crgetuid(cr) : crgetgid(cr); |
517 | ||
518 | if (IS_EPHEMERAL(id)) | |
519 | return ((type == ZFS_OWNER) ? UID_NOBODY : GID_NOBODY); | |
520 | ||
521 | return ((uint64_t)id); | |
b128c09f | 522 | } |
34dc7c2f | 523 | |
428870ff BB |
524 | /* |
525 | * ksid is present and FUID is supported | |
526 | */ | |
527 | id = (type == ZFS_OWNER) ? ksid_getid(ksid) : crgetgid(cr); | |
528 | ||
529 | if (!IS_EPHEMERAL(id)) | |
34dc7c2f BB |
530 | return ((uint64_t)id); |
531 | ||
428870ff BB |
532 | if (type == ZFS_GROUP) |
533 | id = ksid_getid(ksid); | |
534 | ||
34dc7c2f BB |
535 | rid = ksid_getrid(ksid); |
536 | domain = ksid_getdomain(ksid); | |
537 | ||
3558fd73 | 538 | idx = zfs_fuid_find_by_domain(zsb, domain, &kdomain, B_TRUE); |
34dc7c2f BB |
539 | |
540 | zfs_fuid_node_add(fuidp, kdomain, rid, idx, id, type); | |
541 | ||
542 | return (FUID_ENCODE(idx, rid)); | |
543 | } | |
a405c8a6 | 544 | #endif /* HAVE_KSID */ |
34dc7c2f BB |
545 | |
546 | /* | |
547 | * Create a file system FUID for an ACL ace | |
548 | * or a chown/chgrp of the file. | |
549 | * This is similar to zfs_fuid_create_cred, except that | |
550 | * we can't find the domain + rid information in the | |
551 | * cred. Instead we have to query Winchester for the | |
552 | * domain and rid. | |
553 | * | |
554 | * During replay operations the domain+rid information is | |
555 | * found in the zfs_fuid_info_t that the replay code has | |
3558fd73 | 556 | * attached to the zsb of the file system. |
34dc7c2f BB |
557 | */ |
558 | uint64_t | |
3558fd73 | 559 | zfs_fuid_create(zfs_sb_t *zsb, uint64_t id, cred_t *cr, |
9babb374 | 560 | zfs_fuid_type_t type, zfs_fuid_info_t **fuidpp) |
34dc7c2f | 561 | { |
a405c8a6 | 562 | #ifdef HAVE_KSID |
34dc7c2f BB |
563 | const char *domain; |
564 | char *kdomain; | |
565 | uint32_t fuid_idx = FUID_INDEX(id); | |
566 | uint32_t rid; | |
567 | idmap_stat status; | |
568 | uint64_t idx; | |
34dc7c2f BB |
569 | zfs_fuid_t *zfuid = NULL; |
570 | zfs_fuid_info_t *fuidp; | |
571 | ||
572 | /* | |
573 | * If POSIX ID, or entry is already a FUID then | |
574 | * just return the id | |
575 | * | |
576 | * We may also be handed an already FUID'ized id via | |
577 | * chmod. | |
578 | */ | |
579 | ||
3558fd73 | 580 | if (!zsb->z_use_fuids || !IS_EPHEMERAL(id) || fuid_idx != 0) |
34dc7c2f BB |
581 | return (id); |
582 | ||
3558fd73 BB |
583 | if (zsb->z_replay) { |
584 | fuidp = zsb->z_fuid_replay; | |
34dc7c2f BB |
585 | |
586 | /* | |
587 | * If we are passed an ephemeral id, but no | |
588 | * fuid_info was logged then return NOBODY. | |
589 | * This is most likely a result of idmap service | |
590 | * not being available. | |
591 | */ | |
592 | if (fuidp == NULL) | |
593 | return (UID_NOBODY); | |
594 | ||
595 | switch (type) { | |
596 | case ZFS_ACE_USER: | |
597 | case ZFS_ACE_GROUP: | |
598 | zfuid = list_head(&fuidp->z_fuids); | |
599 | rid = FUID_RID(zfuid->z_logfuid); | |
600 | idx = FUID_INDEX(zfuid->z_logfuid); | |
601 | break; | |
602 | case ZFS_OWNER: | |
603 | rid = FUID_RID(fuidp->z_fuid_owner); | |
604 | idx = FUID_INDEX(fuidp->z_fuid_owner); | |
605 | break; | |
606 | case ZFS_GROUP: | |
607 | rid = FUID_RID(fuidp->z_fuid_group); | |
608 | idx = FUID_INDEX(fuidp->z_fuid_group); | |
609 | break; | |
610 | }; | |
611 | domain = fuidp->z_domain_table[idx -1]; | |
612 | } else { | |
613 | if (type == ZFS_OWNER || type == ZFS_ACE_USER) | |
614 | status = kidmap_getsidbyuid(crgetzone(cr), id, | |
615 | &domain, &rid); | |
616 | else | |
617 | status = kidmap_getsidbygid(crgetzone(cr), id, | |
618 | &domain, &rid); | |
619 | ||
620 | if (status != 0) { | |
621 | /* | |
622 | * When returning nobody we will need to | |
623 | * make a dummy fuid table entry for logging | |
624 | * purposes. | |
625 | */ | |
626 | rid = UID_NOBODY; | |
b128c09f | 627 | domain = nulldomain; |
34dc7c2f BB |
628 | } |
629 | } | |
630 | ||
3558fd73 | 631 | idx = zfs_fuid_find_by_domain(zsb, domain, &kdomain, B_TRUE); |
34dc7c2f | 632 | |
3558fd73 | 633 | if (!zsb->z_replay) |
9babb374 BB |
634 | zfs_fuid_node_add(fuidpp, kdomain, |
635 | rid, idx, id, type); | |
34dc7c2f BB |
636 | else if (zfuid != NULL) { |
637 | list_remove(&fuidp->z_fuids, zfuid); | |
638 | kmem_free(zfuid, sizeof (zfs_fuid_t)); | |
639 | } | |
640 | return (FUID_ENCODE(idx, rid)); | |
a405c8a6 | 641 | #else |
037849f8 BB |
642 | /* |
643 | * The Linux port only supports POSIX IDs, use the passed id. | |
644 | */ | |
645 | return (id); | |
a405c8a6 | 646 | #endif |
34dc7c2f BB |
647 | } |
648 | ||
649 | void | |
3558fd73 | 650 | zfs_fuid_destroy(zfs_sb_t *zsb) |
34dc7c2f | 651 | { |
3558fd73 BB |
652 | rw_enter(&zsb->z_fuid_lock, RW_WRITER); |
653 | if (!zsb->z_fuid_loaded) { | |
654 | rw_exit(&zsb->z_fuid_lock); | |
34dc7c2f BB |
655 | return; |
656 | } | |
3558fd73 BB |
657 | zfs_fuid_table_destroy(&zsb->z_fuid_idx, &zsb->z_fuid_domain); |
658 | rw_exit(&zsb->z_fuid_lock); | |
34dc7c2f BB |
659 | } |
660 | ||
661 | /* | |
662 | * Allocate zfs_fuid_info for tracking FUIDs created during | |
663 | * zfs_mknode, VOP_SETATTR() or VOP_SETSECATTR() | |
664 | */ | |
665 | zfs_fuid_info_t * | |
666 | zfs_fuid_info_alloc(void) | |
667 | { | |
668 | zfs_fuid_info_t *fuidp; | |
669 | ||
670 | fuidp = kmem_zalloc(sizeof (zfs_fuid_info_t), KM_SLEEP); | |
671 | list_create(&fuidp->z_domains, sizeof (zfs_fuid_domain_t), | |
672 | offsetof(zfs_fuid_domain_t, z_next)); | |
673 | list_create(&fuidp->z_fuids, sizeof (zfs_fuid_t), | |
674 | offsetof(zfs_fuid_t, z_next)); | |
675 | return (fuidp); | |
676 | } | |
677 | ||
678 | /* | |
679 | * Release all memory associated with zfs_fuid_info_t | |
680 | */ | |
681 | void | |
682 | zfs_fuid_info_free(zfs_fuid_info_t *fuidp) | |
683 | { | |
684 | zfs_fuid_t *zfuid; | |
685 | zfs_fuid_domain_t *zdomain; | |
686 | ||
687 | while ((zfuid = list_head(&fuidp->z_fuids)) != NULL) { | |
688 | list_remove(&fuidp->z_fuids, zfuid); | |
689 | kmem_free(zfuid, sizeof (zfs_fuid_t)); | |
690 | } | |
691 | ||
692 | if (fuidp->z_domain_table != NULL) | |
693 | kmem_free(fuidp->z_domain_table, | |
694 | (sizeof (char **)) * fuidp->z_domain_cnt); | |
695 | ||
696 | while ((zdomain = list_head(&fuidp->z_domains)) != NULL) { | |
697 | list_remove(&fuidp->z_domains, zdomain); | |
698 | kmem_free(zdomain, sizeof (zfs_fuid_domain_t)); | |
699 | } | |
700 | ||
701 | kmem_free(fuidp, sizeof (zfs_fuid_info_t)); | |
702 | } | |
703 | ||
704 | /* | |
705 | * Check to see if id is a groupmember. If cred | |
706 | * has ksid info then sidlist is checked first | |
707 | * and if still not found then POSIX groups are checked | |
708 | * | |
709 | * Will use a straight FUID compare when possible. | |
710 | */ | |
711 | boolean_t | |
3558fd73 | 712 | zfs_groupmember(zfs_sb_t *zsb, uint64_t id, cred_t *cr) |
34dc7c2f | 713 | { |
a405c8a6 | 714 | #ifdef HAVE_KSID |
34dc7c2f | 715 | ksid_t *ksid = crgetsid(cr, KSID_GROUP); |
9babb374 | 716 | ksidlist_t *ksidlist = crgetsidlist(cr); |
34dc7c2f BB |
717 | uid_t gid; |
718 | ||
9babb374 | 719 | if (ksid && ksidlist) { |
3558fd73 | 720 | int i; |
34dc7c2f | 721 | ksid_t *ksid_groups; |
34dc7c2f BB |
722 | uint32_t idx = FUID_INDEX(id); |
723 | uint32_t rid = FUID_RID(id); | |
724 | ||
34dc7c2f BB |
725 | ksid_groups = ksidlist->ksl_sids; |
726 | ||
727 | for (i = 0; i != ksidlist->ksl_nsid; i++) { | |
728 | if (idx == 0) { | |
729 | if (id != IDMAP_WK_CREATOR_GROUP_GID && | |
730 | id == ksid_groups[i].ks_id) { | |
731 | return (B_TRUE); | |
732 | } | |
733 | } else { | |
9babb374 | 734 | const char *domain; |
34dc7c2f | 735 | |
3558fd73 | 736 | domain = zfs_fuid_find_by_idx(zsb, idx); |
34dc7c2f BB |
737 | ASSERT(domain != NULL); |
738 | ||
739 | if (strcmp(domain, | |
740 | IDMAP_WK_CREATOR_SID_AUTHORITY) == 0) | |
741 | return (B_FALSE); | |
742 | ||
743 | if ((strcmp(domain, | |
744 | ksid_groups[i].ks_domain->kd_name) == 0) && | |
745 | rid == ksid_groups[i].ks_rid) | |
746 | return (B_TRUE); | |
747 | } | |
748 | } | |
749 | } | |
750 | ||
751 | /* | |
752 | * Not found in ksidlist, check posix groups | |
753 | */ | |
3558fd73 | 754 | gid = zfs_fuid_map_id(zsb, id, cr, ZFS_GROUP); |
34dc7c2f | 755 | return (groupmember(gid, cr)); |
a405c8a6 BB |
756 | #else |
757 | return (B_TRUE); | |
758 | #endif | |
34dc7c2f | 759 | } |
9babb374 BB |
760 | |
761 | void | |
3558fd73 | 762 | zfs_fuid_txhold(zfs_sb_t *zsb, dmu_tx_t *tx) |
9babb374 | 763 | { |
3558fd73 | 764 | if (zsb->z_fuid_obj == 0) { |
9babb374 BB |
765 | dmu_tx_hold_bonus(tx, DMU_NEW_OBJECT); |
766 | dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, | |
3558fd73 | 767 | FUID_SIZE_ESTIMATE(zsb)); |
9babb374 BB |
768 | dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, FALSE, NULL); |
769 | } else { | |
3558fd73 BB |
770 | dmu_tx_hold_bonus(tx, zsb->z_fuid_obj); |
771 | dmu_tx_hold_write(tx, zsb->z_fuid_obj, 0, | |
772 | FUID_SIZE_ESTIMATE(zsb)); | |
9babb374 BB |
773 | } |
774 | } | |
34dc7c2f | 775 | #endif |