]>
Commit | Line | Data |
---|---|---|
34dc7c2f BB |
1 | /* |
2 | * CDDL HEADER START | |
3 | * | |
4 | * The contents of this file are subject to the terms of the | |
5 | * Common Development and Distribution License (the "License"). | |
6 | * You may not use this file except in compliance with the License. | |
7 | * | |
8 | * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
9 | * or http://www.opensolaris.org/os/licensing. | |
10 | * See the License for the specific language governing permissions | |
11 | * and limitations under the License. | |
12 | * | |
13 | * When distributing Covered Code, include this CDDL HEADER in each | |
14 | * file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
15 | * If applicable, add the following below this CDDL HEADER, with the | |
16 | * fields enclosed by brackets "[]" replaced with your own identifying | |
17 | * information: Portions Copyright [yyyy] [name of copyright owner] | |
18 | * | |
19 | * CDDL HEADER END | |
20 | */ | |
21 | /* | |
22 | * Copyright 2008 Sun Microsystems, Inc. All rights reserved. | |
23 | * Use is subject to license terms. | |
24 | */ | |
25 | ||
34dc7c2f BB |
26 | #include <sys/zfs_context.h> |
27 | #include <sys/sunddi.h> | |
28 | #include <sys/dmu.h> | |
29 | #include <sys/avl.h> | |
30 | #include <sys/zap.h> | |
31 | #include <sys/refcount.h> | |
32 | #include <sys/nvpair.h> | |
33 | #ifdef _KERNEL | |
34 | #include <sys/kidmap.h> | |
35 | #include <sys/sid.h> | |
36 | #include <sys/zfs_vfsops.h> | |
37 | #include <sys/zfs_znode.h> | |
38 | #endif | |
39 | #include <sys/zfs_fuid.h> | |
40 | ||
41 | /* | |
42 | * FUID Domain table(s). | |
43 | * | |
44 | * The FUID table is stored as a packed nvlist of an array | |
45 | * of nvlists which contain an index, domain string and offset | |
46 | * | |
47 | * During file system initialization the nvlist(s) are read and | |
48 | * two AVL trees are created. One tree is keyed by the index number | |
49 | * and the other by the domain string. Nodes are never removed from | |
50 | * trees, but new entries may be added. If a new entry is added then the | |
51 | * on-disk packed nvlist will also be updated. | |
52 | */ | |
53 | ||
54 | #define FUID_IDX "fuid_idx" | |
55 | #define FUID_DOMAIN "fuid_domain" | |
56 | #define FUID_OFFSET "fuid_offset" | |
57 | #define FUID_NVP_ARRAY "fuid_nvlist" | |
58 | ||
59 | typedef struct fuid_domain { | |
60 | avl_node_t f_domnode; | |
61 | avl_node_t f_idxnode; | |
62 | ksiddomain_t *f_ksid; | |
63 | uint64_t f_idx; | |
64 | } fuid_domain_t; | |
65 | ||
b128c09f BB |
66 | static char *nulldomain = ""; |
67 | ||
34dc7c2f BB |
68 | /* |
69 | * Compare two indexes. | |
70 | */ | |
71 | static int | |
72 | idx_compare(const void *arg1, const void *arg2) | |
73 | { | |
74 | const fuid_domain_t *node1 = arg1; | |
75 | const fuid_domain_t *node2 = arg2; | |
76 | ||
77 | if (node1->f_idx < node2->f_idx) | |
78 | return (-1); | |
79 | else if (node1->f_idx > node2->f_idx) | |
80 | return (1); | |
81 | return (0); | |
82 | } | |
83 | ||
84 | /* | |
85 | * Compare two domain strings. | |
86 | */ | |
87 | static int | |
88 | domain_compare(const void *arg1, const void *arg2) | |
89 | { | |
90 | const fuid_domain_t *node1 = arg1; | |
91 | const fuid_domain_t *node2 = arg2; | |
92 | int val; | |
93 | ||
94 | val = strcmp(node1->f_ksid->kd_name, node2->f_ksid->kd_name); | |
95 | if (val == 0) | |
96 | return (0); | |
97 | return (val > 0 ? 1 : -1); | |
98 | } | |
99 | ||
100 | /* | |
101 | * load initial fuid domain and idx trees. This function is used by | |
102 | * both the kernel and zdb. | |
103 | */ | |
104 | uint64_t | |
105 | zfs_fuid_table_load(objset_t *os, uint64_t fuid_obj, avl_tree_t *idx_tree, | |
106 | avl_tree_t *domain_tree) | |
107 | { | |
108 | dmu_buf_t *db; | |
109 | uint64_t fuid_size; | |
110 | ||
111 | avl_create(idx_tree, idx_compare, | |
112 | sizeof (fuid_domain_t), offsetof(fuid_domain_t, f_idxnode)); | |
113 | avl_create(domain_tree, domain_compare, | |
114 | sizeof (fuid_domain_t), offsetof(fuid_domain_t, f_domnode)); | |
115 | ||
116 | VERIFY(0 == dmu_bonus_hold(os, fuid_obj, FTAG, &db)); | |
117 | fuid_size = *(uint64_t *)db->db_data; | |
118 | dmu_buf_rele(db, FTAG); | |
119 | ||
120 | if (fuid_size) { | |
121 | nvlist_t **fuidnvp; | |
122 | nvlist_t *nvp = NULL; | |
123 | uint_t count; | |
124 | char *packed; | |
125 | int i; | |
126 | ||
127 | packed = kmem_alloc(fuid_size, KM_SLEEP); | |
128 | VERIFY(dmu_read(os, fuid_obj, 0, fuid_size, packed) == 0); | |
129 | VERIFY(nvlist_unpack(packed, fuid_size, | |
130 | &nvp, 0) == 0); | |
131 | VERIFY(nvlist_lookup_nvlist_array(nvp, FUID_NVP_ARRAY, | |
132 | &fuidnvp, &count) == 0); | |
133 | ||
134 | for (i = 0; i != count; i++) { | |
135 | fuid_domain_t *domnode; | |
136 | char *domain; | |
137 | uint64_t idx; | |
138 | ||
139 | VERIFY(nvlist_lookup_string(fuidnvp[i], FUID_DOMAIN, | |
140 | &domain) == 0); | |
141 | VERIFY(nvlist_lookup_uint64(fuidnvp[i], FUID_IDX, | |
142 | &idx) == 0); | |
143 | ||
144 | domnode = kmem_alloc(sizeof (fuid_domain_t), KM_SLEEP); | |
145 | ||
146 | domnode->f_idx = idx; | |
147 | domnode->f_ksid = ksid_lookupdomain(domain); | |
148 | avl_add(idx_tree, domnode); | |
149 | avl_add(domain_tree, domnode); | |
150 | } | |
151 | nvlist_free(nvp); | |
152 | kmem_free(packed, fuid_size); | |
153 | } | |
154 | return (fuid_size); | |
155 | } | |
156 | ||
157 | void | |
158 | zfs_fuid_table_destroy(avl_tree_t *idx_tree, avl_tree_t *domain_tree) | |
159 | { | |
160 | fuid_domain_t *domnode; | |
161 | void *cookie; | |
162 | ||
163 | cookie = NULL; | |
164 | while (domnode = avl_destroy_nodes(domain_tree, &cookie)) | |
165 | ksiddomain_rele(domnode->f_ksid); | |
166 | ||
167 | avl_destroy(domain_tree); | |
168 | cookie = NULL; | |
169 | while (domnode = avl_destroy_nodes(idx_tree, &cookie)) | |
170 | kmem_free(domnode, sizeof (fuid_domain_t)); | |
171 | avl_destroy(idx_tree); | |
172 | } | |
173 | ||
174 | char * | |
175 | zfs_fuid_idx_domain(avl_tree_t *idx_tree, uint32_t idx) | |
176 | { | |
177 | fuid_domain_t searchnode, *findnode; | |
178 | avl_index_t loc; | |
179 | ||
180 | searchnode.f_idx = idx; | |
181 | ||
182 | findnode = avl_find(idx_tree, &searchnode, &loc); | |
183 | ||
b128c09f | 184 | return (findnode ? findnode->f_ksid->kd_name : nulldomain); |
34dc7c2f BB |
185 | } |
186 | ||
187 | #ifdef _KERNEL | |
188 | /* | |
189 | * Load the fuid table(s) into memory. | |
190 | */ | |
191 | static void | |
192 | zfs_fuid_init(zfsvfs_t *zfsvfs, dmu_tx_t *tx) | |
193 | { | |
194 | int error = 0; | |
195 | ||
196 | rw_enter(&zfsvfs->z_fuid_lock, RW_WRITER); | |
197 | ||
198 | if (zfsvfs->z_fuid_loaded) { | |
199 | rw_exit(&zfsvfs->z_fuid_lock); | |
200 | return; | |
201 | } | |
202 | ||
203 | if (zfsvfs->z_fuid_obj == 0) { | |
204 | ||
205 | /* first make sure we need to allocate object */ | |
206 | ||
207 | error = zap_lookup(zfsvfs->z_os, MASTER_NODE_OBJ, | |
208 | ZFS_FUID_TABLES, 8, 1, &zfsvfs->z_fuid_obj); | |
209 | if (error == ENOENT && tx != NULL) { | |
210 | zfsvfs->z_fuid_obj = dmu_object_alloc(zfsvfs->z_os, | |
211 | DMU_OT_FUID, 1 << 14, DMU_OT_FUID_SIZE, | |
212 | sizeof (uint64_t), tx); | |
213 | VERIFY(zap_add(zfsvfs->z_os, MASTER_NODE_OBJ, | |
214 | ZFS_FUID_TABLES, sizeof (uint64_t), 1, | |
215 | &zfsvfs->z_fuid_obj, tx) == 0); | |
216 | } | |
217 | } | |
218 | ||
b128c09f BB |
219 | if (zfsvfs->z_fuid_obj != 0) { |
220 | zfsvfs->z_fuid_size = zfs_fuid_table_load(zfsvfs->z_os, | |
221 | zfsvfs->z_fuid_obj, &zfsvfs->z_fuid_idx, | |
222 | &zfsvfs->z_fuid_domain); | |
223 | zfsvfs->z_fuid_loaded = B_TRUE; | |
224 | } | |
34dc7c2f | 225 | |
34dc7c2f BB |
226 | rw_exit(&zfsvfs->z_fuid_lock); |
227 | } | |
228 | ||
229 | /* | |
230 | * Query domain table for a given domain. | |
231 | * | |
232 | * If domain isn't found it is added to AVL trees and | |
233 | * the results are pushed out to disk. | |
234 | */ | |
235 | int | |
236 | zfs_fuid_find_by_domain(zfsvfs_t *zfsvfs, const char *domain, char **retdomain, | |
237 | dmu_tx_t *tx) | |
238 | { | |
239 | fuid_domain_t searchnode, *findnode; | |
240 | avl_index_t loc; | |
b128c09f | 241 | krw_t rw = RW_READER; |
34dc7c2f BB |
242 | |
243 | /* | |
244 | * If the dummy "nobody" domain then return an index of 0 | |
245 | * to cause the created FUID to be a standard POSIX id | |
246 | * for the user nobody. | |
247 | */ | |
248 | if (domain[0] == '\0') { | |
b128c09f | 249 | *retdomain = nulldomain; |
34dc7c2f BB |
250 | return (0); |
251 | } | |
252 | ||
253 | searchnode.f_ksid = ksid_lookupdomain(domain); | |
254 | if (retdomain) { | |
255 | *retdomain = searchnode.f_ksid->kd_name; | |
256 | } | |
257 | if (!zfsvfs->z_fuid_loaded) | |
258 | zfs_fuid_init(zfsvfs, tx); | |
259 | ||
b128c09f BB |
260 | retry: |
261 | rw_enter(&zfsvfs->z_fuid_lock, rw); | |
34dc7c2f | 262 | findnode = avl_find(&zfsvfs->z_fuid_domain, &searchnode, &loc); |
34dc7c2f BB |
263 | |
264 | if (findnode) { | |
b128c09f | 265 | rw_exit(&zfsvfs->z_fuid_lock); |
34dc7c2f BB |
266 | ksiddomain_rele(searchnode.f_ksid); |
267 | return (findnode->f_idx); | |
268 | } else { | |
269 | fuid_domain_t *domnode; | |
270 | nvlist_t *nvp; | |
271 | nvlist_t **fuids; | |
272 | uint64_t retidx; | |
273 | size_t nvsize = 0; | |
274 | char *packed; | |
275 | dmu_buf_t *db; | |
276 | int i = 0; | |
277 | ||
b128c09f BB |
278 | if (rw == RW_READER && !rw_tryupgrade(&zfsvfs->z_fuid_lock)) { |
279 | rw_exit(&zfsvfs->z_fuid_lock); | |
280 | rw = RW_WRITER; | |
281 | goto retry; | |
282 | } | |
283 | ||
34dc7c2f BB |
284 | domnode = kmem_alloc(sizeof (fuid_domain_t), KM_SLEEP); |
285 | domnode->f_ksid = searchnode.f_ksid; | |
286 | ||
34dc7c2f BB |
287 | retidx = domnode->f_idx = avl_numnodes(&zfsvfs->z_fuid_idx) + 1; |
288 | ||
289 | avl_add(&zfsvfs->z_fuid_domain, domnode); | |
290 | avl_add(&zfsvfs->z_fuid_idx, domnode); | |
291 | /* | |
292 | * Now resync the on-disk nvlist. | |
293 | */ | |
294 | VERIFY(nvlist_alloc(&nvp, NV_UNIQUE_NAME, KM_SLEEP) == 0); | |
295 | ||
296 | domnode = avl_first(&zfsvfs->z_fuid_domain); | |
297 | fuids = kmem_alloc(retidx * sizeof (void *), KM_SLEEP); | |
298 | while (domnode) { | |
299 | VERIFY(nvlist_alloc(&fuids[i], | |
300 | NV_UNIQUE_NAME, KM_SLEEP) == 0); | |
301 | VERIFY(nvlist_add_uint64(fuids[i], FUID_IDX, | |
302 | domnode->f_idx) == 0); | |
303 | VERIFY(nvlist_add_uint64(fuids[i], | |
304 | FUID_OFFSET, 0) == 0); | |
305 | VERIFY(nvlist_add_string(fuids[i++], FUID_DOMAIN, | |
306 | domnode->f_ksid->kd_name) == 0); | |
307 | domnode = AVL_NEXT(&zfsvfs->z_fuid_domain, domnode); | |
308 | } | |
309 | VERIFY(nvlist_add_nvlist_array(nvp, FUID_NVP_ARRAY, | |
310 | fuids, retidx) == 0); | |
311 | for (i = 0; i != retidx; i++) | |
312 | nvlist_free(fuids[i]); | |
313 | kmem_free(fuids, retidx * sizeof (void *)); | |
314 | VERIFY(nvlist_size(nvp, &nvsize, NV_ENCODE_XDR) == 0); | |
315 | packed = kmem_alloc(nvsize, KM_SLEEP); | |
316 | VERIFY(nvlist_pack(nvp, &packed, &nvsize, | |
317 | NV_ENCODE_XDR, KM_SLEEP) == 0); | |
318 | nvlist_free(nvp); | |
319 | zfsvfs->z_fuid_size = nvsize; | |
320 | dmu_write(zfsvfs->z_os, zfsvfs->z_fuid_obj, 0, | |
321 | zfsvfs->z_fuid_size, packed, tx); | |
322 | kmem_free(packed, zfsvfs->z_fuid_size); | |
323 | VERIFY(0 == dmu_bonus_hold(zfsvfs->z_os, zfsvfs->z_fuid_obj, | |
324 | FTAG, &db)); | |
325 | dmu_buf_will_dirty(db, tx); | |
326 | *(uint64_t *)db->db_data = zfsvfs->z_fuid_size; | |
327 | dmu_buf_rele(db, FTAG); | |
328 | ||
329 | rw_exit(&zfsvfs->z_fuid_lock); | |
330 | return (retidx); | |
331 | } | |
332 | } | |
333 | ||
334 | /* | |
335 | * Query domain table by index, returning domain string | |
336 | * | |
337 | * Returns a pointer from an avl node of the domain string. | |
338 | * | |
339 | */ | |
340 | static char * | |
341 | zfs_fuid_find_by_idx(zfsvfs_t *zfsvfs, uint32_t idx) | |
342 | { | |
343 | char *domain; | |
344 | ||
345 | if (idx == 0 || !zfsvfs->z_use_fuids) | |
346 | return (NULL); | |
347 | ||
348 | if (!zfsvfs->z_fuid_loaded) | |
349 | zfs_fuid_init(zfsvfs, NULL); | |
350 | ||
351 | rw_enter(&zfsvfs->z_fuid_lock, RW_READER); | |
b128c09f BB |
352 | |
353 | if (zfsvfs->z_fuid_obj) | |
354 | domain = zfs_fuid_idx_domain(&zfsvfs->z_fuid_idx, idx); | |
355 | else | |
356 | domain = nulldomain; | |
34dc7c2f BB |
357 | rw_exit(&zfsvfs->z_fuid_lock); |
358 | ||
359 | ASSERT(domain); | |
360 | return (domain); | |
361 | } | |
362 | ||
363 | void | |
364 | zfs_fuid_map_ids(znode_t *zp, cred_t *cr, uid_t *uidp, uid_t *gidp) | |
365 | { | |
366 | *uidp = zfs_fuid_map_id(zp->z_zfsvfs, zp->z_phys->zp_uid, | |
367 | cr, ZFS_OWNER); | |
368 | *gidp = zfs_fuid_map_id(zp->z_zfsvfs, zp->z_phys->zp_gid, | |
369 | cr, ZFS_GROUP); | |
370 | } | |
371 | ||
372 | uid_t | |
373 | zfs_fuid_map_id(zfsvfs_t *zfsvfs, uint64_t fuid, | |
374 | cred_t *cr, zfs_fuid_type_t type) | |
375 | { | |
376 | uint32_t index = FUID_INDEX(fuid); | |
377 | char *domain; | |
378 | uid_t id; | |
379 | ||
380 | if (index == 0) | |
381 | return (fuid); | |
382 | ||
383 | domain = zfs_fuid_find_by_idx(zfsvfs, index); | |
384 | ASSERT(domain != NULL); | |
385 | ||
386 | if (type == ZFS_OWNER || type == ZFS_ACE_USER) { | |
387 | (void) kidmap_getuidbysid(crgetzone(cr), domain, | |
388 | FUID_RID(fuid), &id); | |
389 | } else { | |
390 | (void) kidmap_getgidbysid(crgetzone(cr), domain, | |
391 | FUID_RID(fuid), &id); | |
392 | } | |
393 | return (id); | |
394 | } | |
395 | ||
396 | /* | |
397 | * Add a FUID node to the list of fuid's being created for this | |
398 | * ACL | |
399 | * | |
400 | * If ACL has multiple domains, then keep only one copy of each unique | |
401 | * domain. | |
402 | */ | |
403 | static void | |
404 | zfs_fuid_node_add(zfs_fuid_info_t **fuidpp, const char *domain, uint32_t rid, | |
405 | uint64_t idx, uint64_t id, zfs_fuid_type_t type) | |
406 | { | |
407 | zfs_fuid_t *fuid; | |
408 | zfs_fuid_domain_t *fuid_domain; | |
409 | zfs_fuid_info_t *fuidp; | |
410 | uint64_t fuididx; | |
411 | boolean_t found = B_FALSE; | |
412 | ||
413 | if (*fuidpp == NULL) | |
414 | *fuidpp = zfs_fuid_info_alloc(); | |
415 | ||
416 | fuidp = *fuidpp; | |
417 | /* | |
418 | * First find fuid domain index in linked list | |
419 | * | |
420 | * If one isn't found then create an entry. | |
421 | */ | |
422 | ||
423 | for (fuididx = 1, fuid_domain = list_head(&fuidp->z_domains); | |
424 | fuid_domain; fuid_domain = list_next(&fuidp->z_domains, | |
425 | fuid_domain), fuididx++) { | |
426 | if (idx == fuid_domain->z_domidx) { | |
427 | found = B_TRUE; | |
428 | break; | |
429 | } | |
430 | } | |
431 | ||
432 | if (!found) { | |
433 | fuid_domain = kmem_alloc(sizeof (zfs_fuid_domain_t), KM_SLEEP); | |
434 | fuid_domain->z_domain = domain; | |
435 | fuid_domain->z_domidx = idx; | |
436 | list_insert_tail(&fuidp->z_domains, fuid_domain); | |
437 | fuidp->z_domain_str_sz += strlen(domain) + 1; | |
438 | fuidp->z_domain_cnt++; | |
439 | } | |
440 | ||
441 | if (type == ZFS_ACE_USER || type == ZFS_ACE_GROUP) { | |
442 | /* | |
443 | * Now allocate fuid entry and add it on the end of the list | |
444 | */ | |
445 | ||
446 | fuid = kmem_alloc(sizeof (zfs_fuid_t), KM_SLEEP); | |
447 | fuid->z_id = id; | |
448 | fuid->z_domidx = idx; | |
449 | fuid->z_logfuid = FUID_ENCODE(fuididx, rid); | |
450 | ||
451 | list_insert_tail(&fuidp->z_fuids, fuid); | |
452 | fuidp->z_fuid_cnt++; | |
453 | } else { | |
454 | if (type == ZFS_OWNER) | |
455 | fuidp->z_fuid_owner = FUID_ENCODE(fuididx, rid); | |
456 | else | |
457 | fuidp->z_fuid_group = FUID_ENCODE(fuididx, rid); | |
458 | } | |
459 | } | |
460 | ||
461 | /* | |
462 | * Create a file system FUID, based on information in the users cred | |
463 | */ | |
464 | uint64_t | |
465 | zfs_fuid_create_cred(zfsvfs_t *zfsvfs, zfs_fuid_type_t type, | |
466 | dmu_tx_t *tx, cred_t *cr, zfs_fuid_info_t **fuidp) | |
467 | { | |
468 | uint64_t idx; | |
469 | ksid_t *ksid; | |
470 | uint32_t rid; | |
471 | char *kdomain; | |
472 | const char *domain; | |
473 | uid_t id; | |
474 | ||
475 | VERIFY(type == ZFS_OWNER || type == ZFS_GROUP); | |
476 | ||
b128c09f BB |
477 | ksid = crgetsid(cr, (type == ZFS_OWNER) ? KSID_OWNER : KSID_GROUP); |
478 | if (ksid) { | |
479 | id = ksid_getid(ksid); | |
480 | } else { | |
481 | if (type == ZFS_OWNER) | |
482 | id = crgetuid(cr); | |
483 | else | |
484 | id = crgetgid(cr); | |
485 | } | |
34dc7c2f | 486 | |
b128c09f | 487 | if (!zfsvfs->z_use_fuids || (!IS_EPHEMERAL(id))) |
34dc7c2f BB |
488 | return ((uint64_t)id); |
489 | ||
34dc7c2f BB |
490 | rid = ksid_getrid(ksid); |
491 | domain = ksid_getdomain(ksid); | |
492 | ||
493 | idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, tx); | |
494 | ||
495 | zfs_fuid_node_add(fuidp, kdomain, rid, idx, id, type); | |
496 | ||
497 | return (FUID_ENCODE(idx, rid)); | |
498 | } | |
499 | ||
500 | /* | |
501 | * Create a file system FUID for an ACL ace | |
502 | * or a chown/chgrp of the file. | |
503 | * This is similar to zfs_fuid_create_cred, except that | |
504 | * we can't find the domain + rid information in the | |
505 | * cred. Instead we have to query Winchester for the | |
506 | * domain and rid. | |
507 | * | |
508 | * During replay operations the domain+rid information is | |
509 | * found in the zfs_fuid_info_t that the replay code has | |
510 | * attached to the zfsvfs of the file system. | |
511 | */ | |
512 | uint64_t | |
513 | zfs_fuid_create(zfsvfs_t *zfsvfs, uint64_t id, cred_t *cr, | |
514 | zfs_fuid_type_t type, dmu_tx_t *tx, zfs_fuid_info_t **fuidpp) | |
515 | { | |
516 | const char *domain; | |
517 | char *kdomain; | |
518 | uint32_t fuid_idx = FUID_INDEX(id); | |
519 | uint32_t rid; | |
520 | idmap_stat status; | |
521 | uint64_t idx; | |
34dc7c2f BB |
522 | zfs_fuid_t *zfuid = NULL; |
523 | zfs_fuid_info_t *fuidp; | |
524 | ||
525 | /* | |
526 | * If POSIX ID, or entry is already a FUID then | |
527 | * just return the id | |
528 | * | |
529 | * We may also be handed an already FUID'ized id via | |
530 | * chmod. | |
531 | */ | |
532 | ||
533 | if (!zfsvfs->z_use_fuids || !IS_EPHEMERAL(id) || fuid_idx != 0) | |
534 | return (id); | |
535 | ||
fb5f0bc8 | 536 | if (zfsvfs->z_replay) { |
34dc7c2f BB |
537 | fuidp = zfsvfs->z_fuid_replay; |
538 | ||
539 | /* | |
540 | * If we are passed an ephemeral id, but no | |
541 | * fuid_info was logged then return NOBODY. | |
542 | * This is most likely a result of idmap service | |
543 | * not being available. | |
544 | */ | |
545 | if (fuidp == NULL) | |
546 | return (UID_NOBODY); | |
547 | ||
548 | switch (type) { | |
549 | case ZFS_ACE_USER: | |
550 | case ZFS_ACE_GROUP: | |
551 | zfuid = list_head(&fuidp->z_fuids); | |
552 | rid = FUID_RID(zfuid->z_logfuid); | |
553 | idx = FUID_INDEX(zfuid->z_logfuid); | |
554 | break; | |
555 | case ZFS_OWNER: | |
556 | rid = FUID_RID(fuidp->z_fuid_owner); | |
557 | idx = FUID_INDEX(fuidp->z_fuid_owner); | |
558 | break; | |
559 | case ZFS_GROUP: | |
560 | rid = FUID_RID(fuidp->z_fuid_group); | |
561 | idx = FUID_INDEX(fuidp->z_fuid_group); | |
562 | break; | |
563 | }; | |
564 | domain = fuidp->z_domain_table[idx -1]; | |
565 | } else { | |
566 | if (type == ZFS_OWNER || type == ZFS_ACE_USER) | |
567 | status = kidmap_getsidbyuid(crgetzone(cr), id, | |
568 | &domain, &rid); | |
569 | else | |
570 | status = kidmap_getsidbygid(crgetzone(cr), id, | |
571 | &domain, &rid); | |
572 | ||
573 | if (status != 0) { | |
574 | /* | |
575 | * When returning nobody we will need to | |
576 | * make a dummy fuid table entry for logging | |
577 | * purposes. | |
578 | */ | |
579 | rid = UID_NOBODY; | |
b128c09f | 580 | domain = nulldomain; |
34dc7c2f BB |
581 | } |
582 | } | |
583 | ||
584 | idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, tx); | |
585 | ||
fb5f0bc8 | 586 | if (!zfsvfs->z_replay) |
34dc7c2f BB |
587 | zfs_fuid_node_add(fuidpp, kdomain, rid, idx, id, type); |
588 | else if (zfuid != NULL) { | |
589 | list_remove(&fuidp->z_fuids, zfuid); | |
590 | kmem_free(zfuid, sizeof (zfs_fuid_t)); | |
591 | } | |
592 | return (FUID_ENCODE(idx, rid)); | |
593 | } | |
594 | ||
595 | void | |
596 | zfs_fuid_destroy(zfsvfs_t *zfsvfs) | |
597 | { | |
598 | rw_enter(&zfsvfs->z_fuid_lock, RW_WRITER); | |
599 | if (!zfsvfs->z_fuid_loaded) { | |
600 | rw_exit(&zfsvfs->z_fuid_lock); | |
601 | return; | |
602 | } | |
603 | zfs_fuid_table_destroy(&zfsvfs->z_fuid_idx, &zfsvfs->z_fuid_domain); | |
604 | rw_exit(&zfsvfs->z_fuid_lock); | |
605 | } | |
606 | ||
607 | /* | |
608 | * Allocate zfs_fuid_info for tracking FUIDs created during | |
609 | * zfs_mknode, VOP_SETATTR() or VOP_SETSECATTR() | |
610 | */ | |
611 | zfs_fuid_info_t * | |
612 | zfs_fuid_info_alloc(void) | |
613 | { | |
614 | zfs_fuid_info_t *fuidp; | |
615 | ||
616 | fuidp = kmem_zalloc(sizeof (zfs_fuid_info_t), KM_SLEEP); | |
617 | list_create(&fuidp->z_domains, sizeof (zfs_fuid_domain_t), | |
618 | offsetof(zfs_fuid_domain_t, z_next)); | |
619 | list_create(&fuidp->z_fuids, sizeof (zfs_fuid_t), | |
620 | offsetof(zfs_fuid_t, z_next)); | |
621 | return (fuidp); | |
622 | } | |
623 | ||
624 | /* | |
625 | * Release all memory associated with zfs_fuid_info_t | |
626 | */ | |
627 | void | |
628 | zfs_fuid_info_free(zfs_fuid_info_t *fuidp) | |
629 | { | |
630 | zfs_fuid_t *zfuid; | |
631 | zfs_fuid_domain_t *zdomain; | |
632 | ||
633 | while ((zfuid = list_head(&fuidp->z_fuids)) != NULL) { | |
634 | list_remove(&fuidp->z_fuids, zfuid); | |
635 | kmem_free(zfuid, sizeof (zfs_fuid_t)); | |
636 | } | |
637 | ||
638 | if (fuidp->z_domain_table != NULL) | |
639 | kmem_free(fuidp->z_domain_table, | |
640 | (sizeof (char **)) * fuidp->z_domain_cnt); | |
641 | ||
642 | while ((zdomain = list_head(&fuidp->z_domains)) != NULL) { | |
643 | list_remove(&fuidp->z_domains, zdomain); | |
644 | kmem_free(zdomain, sizeof (zfs_fuid_domain_t)); | |
645 | } | |
646 | ||
647 | kmem_free(fuidp, sizeof (zfs_fuid_info_t)); | |
648 | } | |
649 | ||
650 | /* | |
651 | * Check to see if id is a groupmember. If cred | |
652 | * has ksid info then sidlist is checked first | |
653 | * and if still not found then POSIX groups are checked | |
654 | * | |
655 | * Will use a straight FUID compare when possible. | |
656 | */ | |
657 | boolean_t | |
658 | zfs_groupmember(zfsvfs_t *zfsvfs, uint64_t id, cred_t *cr) | |
659 | { | |
660 | ksid_t *ksid = crgetsid(cr, KSID_GROUP); | |
661 | uid_t gid; | |
662 | ||
663 | if (ksid) { | |
664 | int i; | |
665 | ksid_t *ksid_groups; | |
666 | ksidlist_t *ksidlist = crgetsidlist(cr); | |
667 | uint32_t idx = FUID_INDEX(id); | |
668 | uint32_t rid = FUID_RID(id); | |
669 | ||
670 | ASSERT(ksidlist); | |
671 | ksid_groups = ksidlist->ksl_sids; | |
672 | ||
673 | for (i = 0; i != ksidlist->ksl_nsid; i++) { | |
674 | if (idx == 0) { | |
675 | if (id != IDMAP_WK_CREATOR_GROUP_GID && | |
676 | id == ksid_groups[i].ks_id) { | |
677 | return (B_TRUE); | |
678 | } | |
679 | } else { | |
680 | char *domain; | |
681 | ||
682 | domain = zfs_fuid_find_by_idx(zfsvfs, idx); | |
683 | ASSERT(domain != NULL); | |
684 | ||
685 | if (strcmp(domain, | |
686 | IDMAP_WK_CREATOR_SID_AUTHORITY) == 0) | |
687 | return (B_FALSE); | |
688 | ||
689 | if ((strcmp(domain, | |
690 | ksid_groups[i].ks_domain->kd_name) == 0) && | |
691 | rid == ksid_groups[i].ks_rid) | |
692 | return (B_TRUE); | |
693 | } | |
694 | } | |
695 | } | |
696 | ||
697 | /* | |
698 | * Not found in ksidlist, check posix groups | |
699 | */ | |
700 | gid = zfs_fuid_map_id(zfsvfs, id, cr, ZFS_GROUP); | |
701 | return (groupmember(gid, cr)); | |
702 | } | |
703 | #endif |