*/
/*
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013 by Delphix. All rights reserved.
*/
*/
if (zfs_ace_valid(obj_mode, aclp, aceptr->z_hdr.z_type,
aceptr->z_hdr.z_flags) != B_TRUE)
- return (EINVAL);
+ return (SET_ERROR(EINVAL));
switch (acep->a_type) {
case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
*/
if (zfs_ace_valid(obj_mode, aclp, aceptr->z_type,
aceptr->z_flags) != B_TRUE)
- return (EINVAL);
+ return (SET_ERROR(EINVAL));
}
*size = (caddr_t)aceptr - (caddr_t)z_acl;
return (0);
boolean_t will_modify)
{
zfs_acl_t *aclp;
- int aclsize;
- int acl_count;
+ int aclsize = 0;
+ int acl_count = 0;
zfs_acl_node_t *aclnode;
zfs_acl_phys_t znode_acl;
int version;
zfs_acl_node_free(aclnode);
/* convert checksum errors into IO errors */
if (error == ECKSUM)
- error = EIO;
+ error = SET_ERROR(EIO);
goto done;
}
int error;
zfs_acl_t *aclp;
+ if (ZTOZSB(zp)->z_acl_type == ZFS_ACLTYPE_POSIXACL)
+ return (0);
+
ASSERT(MUTEX_HELD(&zp->z_lock));
ASSERT(MUTEX_HELD(&zp->z_acl_lock));
if ((error = zfs_acl_node_read(zp, B_TRUE, &aclp, B_FALSE)) == 0)
zp->z_mode = zfs_mode_compute(zp->z_mode, aclp,
&zp->z_pflags, zp->z_uid, zp->z_gid);
+
return (error);
}
zacep = (void *)((uintptr_t)zacep + abstract_size);
new_count++;
new_bytes += abstract_size;
- } if (deny1) {
+ }
+ if (deny1) {
zfs_set_ace(aclp, zacep, deny1, DENY, -1, ACE_OWNER);
zacep = (void *)((uintptr_t)zacep + abstract_size);
new_count++;
}
/*
- * Retrieve a files ACL
+ * Retrieve a file's ACL
*/
int
zfs_getacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr)
VSA_ACE_ACLFLAGS | VSA_ACE_ALLTYPES);
if (mask == 0)
- return (ENOSYS);
+ return (SET_ERROR(ENOSYS));
if ((error = zfs_zaccess(zp, ACE_READ_ACL, 0, skipaclchk, cr)))
return (error);
int error;
if (vsecp->vsa_aclcnt > MAX_ACL_ENTRIES || vsecp->vsa_aclcnt <= 0)
- return (EINVAL);
+ return (SET_ERROR(EINVAL));
aclp = zfs_acl_alloc(zfs_acl_version(zsb->z_version));
}
/*
- * Set a files ACL
+ * Set a file's ACL
*/
int
zfs_setacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr)
uint64_t acl_obj;
if (mask == 0)
- return (ENOSYS);
+ return (SET_ERROR(ENOSYS));
if (zp->z_pflags & ZFS_IMMUTABLE)
- return (EPERM);
+ return (SET_ERROR(EPERM));
if ((error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr)))
return (error);
if ((v4_mode & WRITE_MASK) && (zfs_is_readonly(ZTOZSB(zp))) &&
(!S_ISDEV(ZTOI(zp)->i_mode) ||
(S_ISDEV(ZTOI(zp)->i_mode) && (v4_mode & WRITE_MASK_ATTRS)))) {
- return (EROFS);
+ return (SET_ERROR(EROFS));
}
/*
(zp->z_pflags & (ZFS_READONLY | ZFS_IMMUTABLE))) ||
(S_ISDIR(ZTOI(zp)->i_mode) &&
(zp->z_pflags & ZFS_IMMUTABLE)))) {
- return (EPERM);
+ return (SET_ERROR(EPERM));
}
if ((v4_mode & (ACE_DELETE | ACE_DELETE_CHILD)) &&
(zp->z_pflags & ZFS_NOUNLINK)) {
- return (EPERM);
+ return (SET_ERROR(EPERM));
}
if (((v4_mode & (ACE_READ_DATA|ACE_EXECUTE)) &&
(zp->z_pflags & ZFS_AV_QUARANTINED))) {
- return (EACCES);
+ return (SET_ERROR(EACCES));
}
return (0);
break;
} else {
mutex_exit(&zp->z_acl_lock);
- return (EIO);
+ return (SET_ERROR(EIO));
}
}
/* Put the found 'denies' back on the working mode */
if (deny_mask) {
*working_mode |= deny_mask;
- return (EACCES);
+ return (SET_ERROR(EACCES));
} else if (*working_mode) {
return (-1);
}
cred_t *cr)
{
if (*working_mode != ACE_WRITE_DATA)
- return (EACCES);
+ return (SET_ERROR(EACCES));
return (zfs_zaccess_common(zp, ACE_APPEND_DATA, working_mode,
check_privs, B_FALSE, cr));
int error;
if (zdp->z_pflags & ZFS_AV_QUARANTINED)
- return (EACCES);
+ return (SET_ERROR(EACCES));
is_attr = ((zdp->z_pflags & ZFS_XATTR) &&
(S_ISDIR(ZTOI(zdp)->i_mode)));
/*
* Determine whether Access should be granted/denied.
+ *
* The least priv subsytem is always consulted as a basic privilege
* can define any form of access.
*/
*/
error = zfs_zget(ZTOZSB(zp), parent, &check_zp);
if (error)
- return (error);
+ return (error);
rw_enter(&zp->z_xattr_lock, RW_WRITER);
if (zp->z_xattr_parent == NULL)
* for are still present. If so then return EACCES
*/
if (working_mode & ~(ZFS_CHECKED_MASKS)) {
- error = EACCES;
+ error = SET_ERROR(EACCES);
}
}
} else if (error == 0) {
* Determine whether Access should be granted/deny, without
* consulting least priv subsystem.
*
- *
* The following chart is the recommended NFSv4 enforcement for
* ability to delete an object.
*
*/
if (zp->z_pflags & (ZFS_IMMUTABLE | ZFS_NOUNLINK))
- return (EPERM);
+ return (SET_ERROR(EPERM));
/*
* First row
int error;
if (szp->z_pflags & ZFS_AV_QUARANTINED)
- return (EACCES);
+ return (SET_ERROR(EACCES));
add_perm = S_ISDIR(ZTOI(szp)->i_mode) ?
ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE;