]> git.proxmox.com Git - mirror_zfs-debian.git/blob - module/zfs/zfs_fuid.c
projects / mirror_zfs-debian.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Rebase master to b117
[mirror_zfs-debian.git] / module / zfs / zfs_fuid.c
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <sys/zfs_context.h>
27 #include <sys/sunddi.h>
28 #include <sys/dmu.h>
29 #include <sys/avl.h>
30 #include <sys/zap.h>
31 #include <sys/refcount.h>
32 #include <sys/nvpair.h>
33 #ifdef _KERNEL
34 #include <sys/kidmap.h>
35 #include <sys/sid.h>
36 #include <sys/zfs_vfsops.h>
37 #include <sys/zfs_znode.h>
38 #endif
39 #include <sys/zfs_fuid.h>
40
41 /*
42 * FUID Domain table(s).
43 *
44 * The FUID table is stored as a packed nvlist of an array
45 * of nvlists which contain an index, domain string and offset
46 *
47 * During file system initialization the nvlist(s) are read and
48 * two AVL trees are created. One tree is keyed by the index number
49 * and the other by the domain string. Nodes are never removed from
50 * trees, but new entries may be added. If a new entry is added then
51 * the zfsvfs->z_fuid_dirty flag is set to true and the caller will then
52 * be responsible for calling zfs_fuid_sync() to sync the changes to disk.
53 *
54 */
55
56 #define FUID_IDX "fuid_idx"
57 #define FUID_DOMAIN "fuid_domain"
58 #define FUID_OFFSET "fuid_offset"
59 #define FUID_NVP_ARRAY "fuid_nvlist"
60
61 typedef struct fuid_domain {
62 avl_node_t f_domnode;
63 avl_node_t f_idxnode;
64 ksiddomain_t *f_ksid;
65 uint64_t f_idx;
66 } fuid_domain_t;
67
68 static char *nulldomain = "";
69
70 /*
71 * Compare two indexes.
72 */
73 static int
74 idx_compare(const void *arg1, const void *arg2)
75 {
76 const fuid_domain_t *node1 = arg1;
77 const fuid_domain_t *node2 = arg2;
78
79 if (node1->f_idx < node2->f_idx)
80 return (-1);
81 else if (node1->f_idx > node2->f_idx)
82 return (1);
83 return (0);
84 }
85
86 /*
87 * Compare two domain strings.
88 */
89 static int
90 domain_compare(const void *arg1, const void *arg2)
91 {
92 const fuid_domain_t *node1 = arg1;
93 const fuid_domain_t *node2 = arg2;
94 int val;
95
96 val = strcmp(node1->f_ksid->kd_name, node2->f_ksid->kd_name);
97 if (val == 0)
98 return (0);
99 return (val > 0 ? 1 : -1);
100 }
101
102 void
103 zfs_fuid_avl_tree_create(avl_tree_t *idx_tree, avl_tree_t *domain_tree)
104 {
105 avl_create(idx_tree, idx_compare,
106 sizeof (fuid_domain_t), offsetof(fuid_domain_t, f_idxnode));
107 avl_create(domain_tree, domain_compare,
108 sizeof (fuid_domain_t), offsetof(fuid_domain_t, f_domnode));
109 }
110
111 /*
112 * load initial fuid domain and idx trees. This function is used by
113 * both the kernel and zdb.
114 */
115 uint64_t
116 zfs_fuid_table_load(objset_t *os, uint64_t fuid_obj, avl_tree_t *idx_tree,
117 avl_tree_t *domain_tree)
118 {
119 dmu_buf_t *db;
120 uint64_t fuid_size;
121
122 ASSERT(fuid_obj != 0);
123 VERIFY(0 == dmu_bonus_hold(os, fuid_obj,
124 FTAG, &db));
125 fuid_size = *(uint64_t *)db->db_data;
126 dmu_buf_rele(db, FTAG);
127
128 if (fuid_size) {
129 nvlist_t **fuidnvp;
130 nvlist_t *nvp = NULL;
131 uint_t count;
132 char *packed;
133 int i;
134
135 packed = kmem_alloc(fuid_size, KM_SLEEP);
136 VERIFY(dmu_read(os, fuid_obj, 0,
137 fuid_size, packed, DMU_READ_PREFETCH) == 0);
138 VERIFY(nvlist_unpack(packed, fuid_size,
139 &nvp, 0) == 0);
140 VERIFY(nvlist_lookup_nvlist_array(nvp, FUID_NVP_ARRAY,
141 &fuidnvp, &count) == 0);
142
143 for (i = 0; i != count; i++) {
144 fuid_domain_t *domnode;
145 char *domain;
146 uint64_t idx;
147
148 VERIFY(nvlist_lookup_string(fuidnvp[i], FUID_DOMAIN,
149 &domain) == 0);
150 VERIFY(nvlist_lookup_uint64(fuidnvp[i], FUID_IDX,
151 &idx) == 0);
152
153 domnode = kmem_alloc(sizeof (fuid_domain_t), KM_SLEEP);
154
155 domnode->f_idx = idx;
156 domnode->f_ksid = ksid_lookupdomain(domain);
157 avl_add(idx_tree, domnode);
158 avl_add(domain_tree, domnode);
159 }
160 nvlist_free(nvp);
161 kmem_free(packed, fuid_size);
162 }
163 return (fuid_size);
164 }
165
166 void
167 zfs_fuid_table_destroy(avl_tree_t *idx_tree, avl_tree_t *domain_tree)
168 {
169 fuid_domain_t *domnode;
170 void *cookie;
171
172 cookie = NULL;
173 while (domnode = avl_destroy_nodes(domain_tree, &cookie))
174 ksiddomain_rele(domnode->f_ksid);
175
176 avl_destroy(domain_tree);
177 cookie = NULL;
178 while (domnode = avl_destroy_nodes(idx_tree, &cookie))
179 kmem_free(domnode, sizeof (fuid_domain_t));
180 avl_destroy(idx_tree);
181 }
182
183 char *
184 zfs_fuid_idx_domain(avl_tree_t *idx_tree, uint32_t idx)
185 {
186 fuid_domain_t searchnode, *findnode;
187 avl_index_t loc;
188
189 searchnode.f_idx = idx;
190
191 findnode = avl_find(idx_tree, &searchnode, &loc);
192
193 return (findnode ? findnode->f_ksid->kd_name : nulldomain);
194 }
195
196 #ifdef _KERNEL
197 /*
198 * Load the fuid table(s) into memory.
199 */
200 static void
201 zfs_fuid_init(zfsvfs_t *zfsvfs)
202 {
203 rw_enter(&zfsvfs->z_fuid_lock, RW_WRITER);
204
205 if (zfsvfs->z_fuid_loaded) {
206 rw_exit(&zfsvfs->z_fuid_lock);
207 return;
208 }
209
210 zfs_fuid_avl_tree_create(&zfsvfs->z_fuid_idx, &zfsvfs->z_fuid_domain);
211
212 (void) zap_lookup(zfsvfs->z_os, MASTER_NODE_OBJ,
213 ZFS_FUID_TABLES, 8, 1, &zfsvfs->z_fuid_obj);
214 if (zfsvfs->z_fuid_obj != 0) {
215 zfsvfs->z_fuid_size = zfs_fuid_table_load(zfsvfs->z_os,
216 zfsvfs->z_fuid_obj, &zfsvfs->z_fuid_idx,
217 &zfsvfs->z_fuid_domain);
218 }
219
220 zfsvfs->z_fuid_loaded = B_TRUE;
221 rw_exit(&zfsvfs->z_fuid_lock);
222 }
223
224 /*
225 * sync out AVL trees to persistent storage.
226 */
227 void
228 zfs_fuid_sync(zfsvfs_t *zfsvfs, dmu_tx_t *tx)
229 {
230 nvlist_t *nvp;
231 nvlist_t **fuids;
232 size_t nvsize = 0;
233 char *packed;
234 dmu_buf_t *db;
235 fuid_domain_t *domnode;
236 int numnodes;
237 int i;
238
239 if (!zfsvfs->z_fuid_dirty) {
240 return;
241 }
242
243 rw_enter(&zfsvfs->z_fuid_lock, RW_WRITER);
244
245 /*
246 * First see if table needs to be created?
247 */
248 if (zfsvfs->z_fuid_obj == 0) {
249 zfsvfs->z_fuid_obj = dmu_object_alloc(zfsvfs->z_os,
250 DMU_OT_FUID, 1 << 14, DMU_OT_FUID_SIZE,
251 sizeof (uint64_t), tx);
252 VERIFY(zap_add(zfsvfs->z_os, MASTER_NODE_OBJ,
253 ZFS_FUID_TABLES, sizeof (uint64_t), 1,
254 &zfsvfs->z_fuid_obj, tx) == 0);
255 }
256
257 VERIFY(nvlist_alloc(&nvp, NV_UNIQUE_NAME, KM_SLEEP) == 0);
258
259 numnodes = avl_numnodes(&zfsvfs->z_fuid_idx);
260 fuids = kmem_alloc(numnodes * sizeof (void *), KM_SLEEP);
261 for (i = 0, domnode = avl_first(&zfsvfs->z_fuid_domain); domnode; i++,
262 domnode = AVL_NEXT(&zfsvfs->z_fuid_domain, domnode)) {
263 VERIFY(nvlist_alloc(&fuids[i], NV_UNIQUE_NAME, KM_SLEEP) == 0);
264 VERIFY(nvlist_add_uint64(fuids[i], FUID_IDX,
265 domnode->f_idx) == 0);
266 VERIFY(nvlist_add_uint64(fuids[i], FUID_OFFSET, 0) == 0);
267 VERIFY(nvlist_add_string(fuids[i], FUID_DOMAIN,
268 domnode->f_ksid->kd_name) == 0);
269 }
270 VERIFY(nvlist_add_nvlist_array(nvp, FUID_NVP_ARRAY,
271 fuids, numnodes) == 0);
272 for (i = 0; i != numnodes; i++)
273 nvlist_free(fuids[i]);
274 kmem_free(fuids, numnodes * sizeof (void *));
275 VERIFY(nvlist_size(nvp, &nvsize, NV_ENCODE_XDR) == 0);
276 packed = kmem_alloc(nvsize, KM_SLEEP);
277 VERIFY(nvlist_pack(nvp, &packed, &nvsize,
278 NV_ENCODE_XDR, KM_SLEEP) == 0);
279 nvlist_free(nvp);
280 zfsvfs->z_fuid_size = nvsize;
281 dmu_write(zfsvfs->z_os, zfsvfs->z_fuid_obj, 0,
282 zfsvfs->z_fuid_size, packed, tx);
283 kmem_free(packed, zfsvfs->z_fuid_size);
284 VERIFY(0 == dmu_bonus_hold(zfsvfs->z_os, zfsvfs->z_fuid_obj,
285 FTAG, &db));
286 dmu_buf_will_dirty(db, tx);
287 *(uint64_t *)db->db_data = zfsvfs->z_fuid_size;
288 dmu_buf_rele(db, FTAG);
289
290 zfsvfs->z_fuid_dirty = B_FALSE;
291 rw_exit(&zfsvfs->z_fuid_lock);
292 }
293
294 /*
295 * Query domain table for a given domain.
296 *
297 * If domain isn't found and addok is set, it is added to AVL trees and
298 * the zfsvfs->z_fuid_dirty flag will be set to TRUE. It will then be
299 * necessary for the caller or another thread to detect the dirty table
300 * and sync out the changes.
301 */
302 int
303 zfs_fuid_find_by_domain(zfsvfs_t *zfsvfs, const char *domain,
304 char **retdomain, boolean_t addok)
305 {
306 fuid_domain_t searchnode, *findnode;
307 avl_index_t loc;
308 krw_t rw = RW_READER;
309
310 /*
311 * If the dummy "nobody" domain then return an index of 0
312 * to cause the created FUID to be a standard POSIX id
313 * for the user nobody.
314 */
315 if (domain[0] == '\0') {
316 if (retdomain)
317 *retdomain = nulldomain;
318 return (0);
319 }
320
321 searchnode.f_ksid = ksid_lookupdomain(domain);
322 if (retdomain)
323 *retdomain = searchnode.f_ksid->kd_name;
324 if (!zfsvfs->z_fuid_loaded)
325 zfs_fuid_init(zfsvfs);
326
327 retry:
328 rw_enter(&zfsvfs->z_fuid_lock, rw);
329 findnode = avl_find(&zfsvfs->z_fuid_domain, &searchnode, &loc);
330
331 if (findnode) {
332 rw_exit(&zfsvfs->z_fuid_lock);
333 ksiddomain_rele(searchnode.f_ksid);
334 return (findnode->f_idx);
335 } else if (addok) {
336 fuid_domain_t *domnode;
337 uint64_t retidx;
338
339 if (rw == RW_READER && !rw_tryupgrade(&zfsvfs->z_fuid_lock)) {
340 rw_exit(&zfsvfs->z_fuid_lock);
341 rw = RW_WRITER;
342 goto retry;
343 }
344
345 domnode = kmem_alloc(sizeof (fuid_domain_t), KM_SLEEP);
346 domnode->f_ksid = searchnode.f_ksid;
347
348 retidx = domnode->f_idx = avl_numnodes(&zfsvfs->z_fuid_idx) + 1;
349
350 avl_add(&zfsvfs->z_fuid_domain, domnode);
351 avl_add(&zfsvfs->z_fuid_idx, domnode);
352 zfsvfs->z_fuid_dirty = B_TRUE;
353 rw_exit(&zfsvfs->z_fuid_lock);
354 return (retidx);
355 } else {
356 return (-1);
357 }
358 }
359
360 /*
361 * Query domain table by index, returning domain string
362 *
363 * Returns a pointer from an avl node of the domain string.
364 *
365 */
366 const char *
367 zfs_fuid_find_by_idx(zfsvfs_t *zfsvfs, uint32_t idx)
368 {
369 char *domain;
370
371 if (idx == 0 || !zfsvfs->z_use_fuids)
372 return (NULL);
373
374 if (!zfsvfs->z_fuid_loaded)
375 zfs_fuid_init(zfsvfs);
376
377 rw_enter(&zfsvfs->z_fuid_lock, RW_READER);
378
379 if (zfsvfs->z_fuid_obj)
380 domain = zfs_fuid_idx_domain(&zfsvfs->z_fuid_idx, idx);
381 else
382 domain = nulldomain;
383 rw_exit(&zfsvfs->z_fuid_lock);
384
385 ASSERT(domain);
386 return (domain);
387 }
388
389 void
390 zfs_fuid_map_ids(znode_t *zp, cred_t *cr, uid_t *uidp, uid_t *gidp)
391 {
392 *uidp = zfs_fuid_map_id(zp->z_zfsvfs, zp->z_phys->zp_uid,
393 cr, ZFS_OWNER);
394 *gidp = zfs_fuid_map_id(zp->z_zfsvfs, zp->z_phys->zp_gid,
395 cr, ZFS_GROUP);
396 }
397
398 uid_t
399 zfs_fuid_map_id(zfsvfs_t *zfsvfs, uint64_t fuid,
400 cred_t *cr, zfs_fuid_type_t type)
401 {
402 uint32_t index = FUID_INDEX(fuid);
403 const char *domain;
404 uid_t id;
405
406 if (index == 0)
407 return (fuid);
408
409 domain = zfs_fuid_find_by_idx(zfsvfs, index);
410 ASSERT(domain != NULL);
411
412 if (type == ZFS_OWNER || type == ZFS_ACE_USER) {
413 (void) kidmap_getuidbysid(crgetzone(cr), domain,
414 FUID_RID(fuid), &id);
415 } else {
416 (void) kidmap_getgidbysid(crgetzone(cr), domain,
417 FUID_RID(fuid), &id);
418 }
419 return (id);
420 }
421
422 /*
423 * Add a FUID node to the list of fuid's being created for this
424 * ACL
425 *
426 * If ACL has multiple domains, then keep only one copy of each unique
427 * domain.
428 */
429 static void
430 zfs_fuid_node_add(zfs_fuid_info_t **fuidpp, const char *domain, uint32_t rid,
431 uint64_t idx, uint64_t id, zfs_fuid_type_t type)
432 {
433 zfs_fuid_t *fuid;
434 zfs_fuid_domain_t *fuid_domain;
435 zfs_fuid_info_t *fuidp;
436 uint64_t fuididx;
437 boolean_t found = B_FALSE;
438
439 if (*fuidpp == NULL)
440 *fuidpp = zfs_fuid_info_alloc();
441
442 fuidp = *fuidpp;
443 /*
444 * First find fuid domain index in linked list
445 *
446 * If one isn't found then create an entry.
447 */
448
449 for (fuididx = 1, fuid_domain = list_head(&fuidp->z_domains);
450 fuid_domain; fuid_domain = list_next(&fuidp->z_domains,
451 fuid_domain), fuididx++) {
452 if (idx == fuid_domain->z_domidx) {
453 found = B_TRUE;
454 break;
455 }
456 }
457
458 if (!found) {
459 fuid_domain = kmem_alloc(sizeof (zfs_fuid_domain_t), KM_SLEEP);
460 fuid_domain->z_domain = domain;
461 fuid_domain->z_domidx = idx;
462 list_insert_tail(&fuidp->z_domains, fuid_domain);
463 fuidp->z_domain_str_sz += strlen(domain) + 1;
464 fuidp->z_domain_cnt++;
465 }
466
467 if (type == ZFS_ACE_USER || type == ZFS_ACE_GROUP) {
468
469 /*
470 * Now allocate fuid entry and add it on the end of the list
471 */
472
473 fuid = kmem_alloc(sizeof (zfs_fuid_t), KM_SLEEP);
474 fuid->z_id = id;
475 fuid->z_domidx = idx;
476 fuid->z_logfuid = FUID_ENCODE(fuididx, rid);
477
478 list_insert_tail(&fuidp->z_fuids, fuid);
479 fuidp->z_fuid_cnt++;
480 } else {
481 if (type == ZFS_OWNER)
482 fuidp->z_fuid_owner = FUID_ENCODE(fuididx, rid);
483 else
484 fuidp->z_fuid_group = FUID_ENCODE(fuididx, rid);
485 }
486 }
487
488 /*
489 * Create a file system FUID, based on information in the users cred
490 */
491 uint64_t
492 zfs_fuid_create_cred(zfsvfs_t *zfsvfs, zfs_fuid_type_t type,
493 cred_t *cr, zfs_fuid_info_t **fuidp)
494 {
495 uint64_t idx;
496 ksid_t *ksid;
497 uint32_t rid;
498 char *kdomain;
499 const char *domain;
500 uid_t id;
501
502 VERIFY(type == ZFS_OWNER || type == ZFS_GROUP);
503
504 ksid = crgetsid(cr, (type == ZFS_OWNER) ? KSID_OWNER : KSID_GROUP);
505 if (ksid) {
506 id = ksid_getid(ksid);
507 } else {
508 if (type == ZFS_OWNER)
509 id = crgetuid(cr);
510 else
511 id = crgetgid(cr);
512 }
513
514 if (!zfsvfs->z_use_fuids || (!IS_EPHEMERAL(id)))
515 return ((uint64_t)id);
516
517 rid = ksid_getrid(ksid);
518 domain = ksid_getdomain(ksid);
519
520 idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, B_TRUE);
521
522 zfs_fuid_node_add(fuidp, kdomain, rid, idx, id, type);
523
524 return (FUID_ENCODE(idx, rid));
525 }
526
527 /*
528 * Create a file system FUID for an ACL ace
529 * or a chown/chgrp of the file.
530 * This is similar to zfs_fuid_create_cred, except that
531 * we can't find the domain + rid information in the
532 * cred. Instead we have to query Winchester for the
533 * domain and rid.
534 *
535 * During replay operations the domain+rid information is
536 * found in the zfs_fuid_info_t that the replay code has
537 * attached to the zfsvfs of the file system.
538 */
539 uint64_t
540 zfs_fuid_create(zfsvfs_t *zfsvfs, uint64_t id, cred_t *cr,
541 zfs_fuid_type_t type, zfs_fuid_info_t **fuidpp)
542 {
543 const char *domain;
544 char *kdomain;
545 uint32_t fuid_idx = FUID_INDEX(id);
546 uint32_t rid;
547 idmap_stat status;
548 uint64_t idx;
549 zfs_fuid_t *zfuid = NULL;
550 zfs_fuid_info_t *fuidp;
551
552 /*
553 * If POSIX ID, or entry is already a FUID then
554 * just return the id
555 *
556 * We may also be handed an already FUID'ized id via
557 * chmod.
558 */
559
560 if (!zfsvfs->z_use_fuids || !IS_EPHEMERAL(id) || fuid_idx != 0)
561 return (id);
562
563 if (zfsvfs->z_replay) {
564 fuidp = zfsvfs->z_fuid_replay;
565
566 /*
567 * If we are passed an ephemeral id, but no
568 * fuid_info was logged then return NOBODY.
569 * This is most likely a result of idmap service
570 * not being available.
571 */
572 if (fuidp == NULL)
573 return (UID_NOBODY);
574
575 switch (type) {
576 case ZFS_ACE_USER:
577 case ZFS_ACE_GROUP:
578 zfuid = list_head(&fuidp->z_fuids);
579 rid = FUID_RID(zfuid->z_logfuid);
580 idx = FUID_INDEX(zfuid->z_logfuid);
581 break;
582 case ZFS_OWNER:
583 rid = FUID_RID(fuidp->z_fuid_owner);
584 idx = FUID_INDEX(fuidp->z_fuid_owner);
585 break;
586 case ZFS_GROUP:
587 rid = FUID_RID(fuidp->z_fuid_group);
588 idx = FUID_INDEX(fuidp->z_fuid_group);
589 break;
590 };
591 domain = fuidp->z_domain_table[idx -1];
592 } else {
593 if (type == ZFS_OWNER || type == ZFS_ACE_USER)
594 status = kidmap_getsidbyuid(crgetzone(cr), id,
595 &domain, &rid);
596 else
597 status = kidmap_getsidbygid(crgetzone(cr), id,
598 &domain, &rid);
599
600 if (status != 0) {
601 /*
602 * When returning nobody we will need to
603 * make a dummy fuid table entry for logging
604 * purposes.
605 */
606 rid = UID_NOBODY;
607 domain = nulldomain;
608 }
609 }
610
611 idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, B_TRUE);
612
613 if (!zfsvfs->z_replay)
614 zfs_fuid_node_add(fuidpp, kdomain,
615 rid, idx, id, type);
616 else if (zfuid != NULL) {
617 list_remove(&fuidp->z_fuids, zfuid);
618 kmem_free(zfuid, sizeof (zfs_fuid_t));
619 }
620 return (FUID_ENCODE(idx, rid));
621 }
622
623 void
624 zfs_fuid_destroy(zfsvfs_t *zfsvfs)
625 {
626 rw_enter(&zfsvfs->z_fuid_lock, RW_WRITER);
627 if (!zfsvfs->z_fuid_loaded) {
628 rw_exit(&zfsvfs->z_fuid_lock);
629 return;
630 }
631 zfs_fuid_table_destroy(&zfsvfs->z_fuid_idx, &zfsvfs->z_fuid_domain);
632 rw_exit(&zfsvfs->z_fuid_lock);
633 }
634
635 /*
636 * Allocate zfs_fuid_info for tracking FUIDs created during
637 * zfs_mknode, VOP_SETATTR() or VOP_SETSECATTR()
638 */
639 zfs_fuid_info_t *
640 zfs_fuid_info_alloc(void)
641 {
642 zfs_fuid_info_t *fuidp;
643
644 fuidp = kmem_zalloc(sizeof (zfs_fuid_info_t), KM_SLEEP);
645 list_create(&fuidp->z_domains, sizeof (zfs_fuid_domain_t),
646 offsetof(zfs_fuid_domain_t, z_next));
647 list_create(&fuidp->z_fuids, sizeof (zfs_fuid_t),
648 offsetof(zfs_fuid_t, z_next));
649 return (fuidp);
650 }
651
652 /*
653 * Release all memory associated with zfs_fuid_info_t
654 */
655 void
656 zfs_fuid_info_free(zfs_fuid_info_t *fuidp)
657 {
658 zfs_fuid_t *zfuid;
659 zfs_fuid_domain_t *zdomain;
660
661 while ((zfuid = list_head(&fuidp->z_fuids)) != NULL) {
662 list_remove(&fuidp->z_fuids, zfuid);
663 kmem_free(zfuid, sizeof (zfs_fuid_t));
664 }
665
666 if (fuidp->z_domain_table != NULL)
667 kmem_free(fuidp->z_domain_table,
668 (sizeof (char **)) * fuidp->z_domain_cnt);
669
670 while ((zdomain = list_head(&fuidp->z_domains)) != NULL) {
671 list_remove(&fuidp->z_domains, zdomain);
672 kmem_free(zdomain, sizeof (zfs_fuid_domain_t));
673 }
674
675 kmem_free(fuidp, sizeof (zfs_fuid_info_t));
676 }
677
678 /*
679 * Check to see if id is a groupmember. If cred
680 * has ksid info then sidlist is checked first
681 * and if still not found then POSIX groups are checked
682 *
683 * Will use a straight FUID compare when possible.
684 */
685 boolean_t
686 zfs_groupmember(zfsvfs_t *zfsvfs, uint64_t id, cred_t *cr)
687 {
688 ksid_t *ksid = crgetsid(cr, KSID_GROUP);
689 ksidlist_t *ksidlist = crgetsidlist(cr);
690 uid_t gid;
691
692 if (ksid && ksidlist) {
693 int i;
694 ksid_t *ksid_groups;
695 uint32_t idx = FUID_INDEX(id);
696 uint32_t rid = FUID_RID(id);
697
698 ksid_groups = ksidlist->ksl_sids;
699
700 for (i = 0; i != ksidlist->ksl_nsid; i++) {
701 if (idx == 0) {
702 if (id != IDMAP_WK_CREATOR_GROUP_GID &&
703 id == ksid_groups[i].ks_id) {
704 return (B_TRUE);
705 }
706 } else {
707 const char *domain;
708
709 domain = zfs_fuid_find_by_idx(zfsvfs, idx);
710 ASSERT(domain != NULL);
711
712 if (strcmp(domain,
713 IDMAP_WK_CREATOR_SID_AUTHORITY) == 0)
714 return (B_FALSE);
715
716 if ((strcmp(domain,
717 ksid_groups[i].ks_domain->kd_name) == 0) &&
718 rid == ksid_groups[i].ks_rid)
719 return (B_TRUE);
720 }
721 }
722 }
723
724 /*
725 * Not found in ksidlist, check posix groups
726 */
727 gid = zfs_fuid_map_id(zfsvfs, id, cr, ZFS_GROUP);
728 return (groupmember(gid, cr));
729 }
730
731 void
732 zfs_fuid_txhold(zfsvfs_t *zfsvfs, dmu_tx_t *tx)
733 {
734 if (zfsvfs->z_fuid_obj == 0) {
735 dmu_tx_hold_bonus(tx, DMU_NEW_OBJECT);
736 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
737 FUID_SIZE_ESTIMATE(zfsvfs));
738 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, FALSE, NULL);
739 } else {
740 dmu_tx_hold_bonus(tx, zfsvfs->z_fuid_obj);
741 dmu_tx_hold_write(tx, zfsvfs->z_fuid_obj, 0,
742 FUID_SIZE_ESTIMATE(zfsvfs));
743 }
744 }
745 #endif
Mirror of ZFSOnLinux for Debian