|
FreeBSD ZFS
The Zettabyte File System
|
zfs_acl.c
Go to the documentation of this file.
00001 /* 00002 * CDDL HEADER START 00003 * 00004 * The contents of this file are subject to the terms of the 00005 * Common Development and Distribution License (the "License"). 00006 * You may not use this file except in compliance with the License. 00007 * 00008 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 00009 * or http://www.opensolaris.org/os/licensing. 00010 * See the License for the specific language governing permissions 00011 * and limitations under the License. 00012 * 00013 * When distributing Covered Code, include this CDDL HEADER in each 00014 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 00015 * If applicable, add the following below this CDDL HEADER, with the 00016 * fields enclosed by brackets "[]" replaced with your own identifying 00017 * information: Portions Copyright [yyyy] [name of copyright owner] 00018 * 00019 * CDDL HEADER END 00020 */ 00021 /* 00022 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 00023 * Copyright 2011 Nexenta Systems, Inc. All rights reserved. 00024 */ 00025 00026 #include <sys/types.h> 00027 #include <sys/param.h> 00028 #include <sys/time.h> 00029 #include <sys/systm.h> 00030 #include <sys/sysmacros.h> 00031 #include <sys/resource.h> 00032 #include <sys/vfs.h> 00033 #include <sys/vnode.h> 00034 #include <sys/file.h> 00035 #include <sys/stat.h> 00036 #include <sys/kmem.h> 00037 #include <sys/cmn_err.h> 00038 #include <sys/errno.h> 00039 #include <sys/unistd.h> 00040 #include <sys/sdt.h> 00041 #include <sys/fs/zfs.h> 00042 #include <sys/policy.h> 00043 #include <sys/zfs_znode.h> 00044 #include <sys/zfs_fuid.h> 00045 #include <sys/zfs_acl.h> 00046 #include <sys/zfs_dir.h> 00047 #include <sys/zfs_vfsops.h> 00048 #include <sys/dmu.h> 00049 #include <sys/dnode.h> 00050 #include <sys/zap.h> 00051 #include <sys/sa.h> 00052 #include <acl/acl_common.h> 00053 00054 #define ALLOW ACE_ACCESS_ALLOWED_ACE_TYPE 00055 #define DENY ACE_ACCESS_DENIED_ACE_TYPE 00056 #define MAX_ACE_TYPE ACE_SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 00057 #define MIN_ACE_TYPE ALLOW 00058 00059 #define OWNING_GROUP (ACE_GROUP|ACE_IDENTIFIER_GROUP) 00060 #define EVERYONE_ALLOW_MASK (ACE_READ_ACL|ACE_READ_ATTRIBUTES | \ 00061 ACE_READ_NAMED_ATTRS|ACE_SYNCHRONIZE) 00062 #define EVERYONE_DENY_MASK (ACE_WRITE_ACL|ACE_WRITE_OWNER | \ 00063 ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS) 00064 #define OWNER_ALLOW_MASK (ACE_WRITE_ACL | ACE_WRITE_OWNER | \ 00065 ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS) 00066 00067 #define ZFS_CHECKED_MASKS (ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_DATA| \ 00068 ACE_READ_NAMED_ATTRS|ACE_WRITE_DATA|ACE_WRITE_ATTRIBUTES| \ 00069 ACE_WRITE_NAMED_ATTRS|ACE_APPEND_DATA|ACE_EXECUTE|ACE_WRITE_OWNER| \ 00070 ACE_WRITE_ACL|ACE_DELETE|ACE_DELETE_CHILD|ACE_SYNCHRONIZE) 00071 00072 #define WRITE_MASK_DATA (ACE_WRITE_DATA|ACE_APPEND_DATA|ACE_WRITE_NAMED_ATTRS) 00073 #define WRITE_MASK_ATTRS (ACE_WRITE_ACL|ACE_WRITE_OWNER|ACE_WRITE_ATTRIBUTES| \ 00074 ACE_DELETE|ACE_DELETE_CHILD) 00075 #define WRITE_MASK (WRITE_MASK_DATA|WRITE_MASK_ATTRS) 00076 00077 #define OGE_CLEAR (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ 00078 ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE) 00079 00080 #define OKAY_MASK_BITS (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ 00081 ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE) 00082 00083 #define ALL_INHERIT (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE | \ 00084 ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE|ACE_INHERITED_ACE) 00085 00086 #define RESTRICTED_CLEAR (ACE_WRITE_ACL|ACE_WRITE_OWNER) 00087 00088 #define V4_ACL_WIDE_FLAGS (ZFS_ACL_AUTO_INHERIT|ZFS_ACL_DEFAULTED|\ 00089 ZFS_ACL_PROTECTED) 00090 00091 #define ZFS_ACL_WIDE_FLAGS (V4_ACL_WIDE_FLAGS|ZFS_ACL_TRIVIAL|ZFS_INHERIT_ACE|\ 00092 ZFS_ACL_OBJ_ACE) 00093 00094 #define ALL_MODE_EXECS (S_IXUSR | S_IXGRP | S_IXOTH) 00095 00096 static uint16_t 00097 zfs_ace_v0_get_type(void *acep) 00098 { 00099 return (((zfs_oldace_t *)acep)->z_type); 00100 } 00101 00102 static uint16_t 00103 zfs_ace_v0_get_flags(void *acep) 00104 { 00105 return (((zfs_oldace_t *)acep)->z_flags); 00106 } 00107 00108 static uint32_t 00109 zfs_ace_v0_get_mask(void *acep) 00110 { 00111 return (((zfs_oldace_t *)acep)->z_access_mask); 00112 } 00113 00114 static uint64_t 00115 zfs_ace_v0_get_who(void *acep) 00116 { 00117 return (((zfs_oldace_t *)acep)->z_fuid); 00118 } 00119 00120 static void 00121 zfs_ace_v0_set_type(void *acep, uint16_t type) 00122 { 00123 ((zfs_oldace_t *)acep)->z_type = type; 00124 } 00125 00126 static void 00127 zfs_ace_v0_set_flags(void *acep, uint16_t flags) 00128 { 00129 ((zfs_oldace_t *)acep)->z_flags = flags; 00130 } 00131 00132 static void 00133 zfs_ace_v0_set_mask(void *acep, uint32_t mask) 00134 { 00135 ((zfs_oldace_t *)acep)->z_access_mask = mask; 00136 } 00137 00138 static void 00139 zfs_ace_v0_set_who(void *acep, uint64_t who) 00140 { 00141 ((zfs_oldace_t *)acep)->z_fuid = who; 00142 } 00143 00144 /*ARGSUSED*/ 00145 static size_t 00146 zfs_ace_v0_size(void *acep) 00147 { 00148 return (sizeof (zfs_oldace_t)); 00149 } 00150 00151 static size_t 00152 zfs_ace_v0_abstract_size(void) 00153 { 00154 return (sizeof (zfs_oldace_t)); 00155 } 00156 00157 static int 00158 zfs_ace_v0_mask_off(void) 00159 { 00160 return (offsetof(zfs_oldace_t, z_access_mask)); 00161 } 00162 00163 /*ARGSUSED*/ 00164 static int 00165 zfs_ace_v0_data(void *acep, void **datap) 00166 { 00167 *datap = NULL; 00168 return (0); 00169 } 00170 00171 static acl_ops_t zfs_acl_v0_ops = { 00172 zfs_ace_v0_get_mask, 00173 zfs_ace_v0_set_mask, 00174 zfs_ace_v0_get_flags, 00175 zfs_ace_v0_set_flags, 00176 zfs_ace_v0_get_type, 00177 zfs_ace_v0_set_type, 00178 zfs_ace_v0_get_who, 00179 zfs_ace_v0_set_who, 00180 zfs_ace_v0_size, 00181 zfs_ace_v0_abstract_size, 00182 zfs_ace_v0_mask_off, 00183 zfs_ace_v0_data 00184 }; 00185 00186 static uint16_t 00187 zfs_ace_fuid_get_type(void *acep) 00188 { 00189 return (((zfs_ace_hdr_t *)acep)->z_type); 00190 } 00191 00192 static uint16_t 00193 zfs_ace_fuid_get_flags(void *acep) 00194 { 00195 return (((zfs_ace_hdr_t *)acep)->z_flags); 00196 } 00197 00198 static uint32_t 00199 zfs_ace_fuid_get_mask(void *acep) 00200 { 00201 return (((zfs_ace_hdr_t *)acep)->z_access_mask); 00202 } 00203 00204 static uint64_t 00205 zfs_ace_fuid_get_who(void *args) 00206 { 00207 uint16_t entry_type; 00208 zfs_ace_t *acep = args; 00209 00210 entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS; 00211 00212 if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP || 00213 entry_type == ACE_EVERYONE) 00214 return (-1); 00215 return (((zfs_ace_t *)acep)->z_fuid); 00216 } 00217 00218 static void 00219 zfs_ace_fuid_set_type(void *acep, uint16_t type) 00220 { 00221 ((zfs_ace_hdr_t *)acep)->z_type = type; 00222 } 00223 00224 static void 00225 zfs_ace_fuid_set_flags(void *acep, uint16_t flags) 00226 { 00227 ((zfs_ace_hdr_t *)acep)->z_flags = flags; 00228 } 00229 00230 static void 00231 zfs_ace_fuid_set_mask(void *acep, uint32_t mask) 00232 { 00233 ((zfs_ace_hdr_t *)acep)->z_access_mask = mask; 00234 } 00235 00236 static void 00237 zfs_ace_fuid_set_who(void *arg, uint64_t who) 00238 { 00239 zfs_ace_t *acep = arg; 00240 00241 uint16_t entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS; 00242 00243 if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP || 00244 entry_type == ACE_EVERYONE) 00245 return; 00246 acep->z_fuid = who; 00247 } 00248 00249 static size_t 00250 zfs_ace_fuid_size(void *acep) 00251 { 00252 zfs_ace_hdr_t *zacep = acep; 00253 uint16_t entry_type; 00254 00255 switch (zacep->z_type) { 00256 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 00257 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 00258 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 00259 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 00260 return (sizeof (zfs_object_ace_t)); 00261 case ALLOW: 00262 case DENY: 00263 entry_type = 00264 (((zfs_ace_hdr_t *)acep)->z_flags & ACE_TYPE_FLAGS); 00265 if (entry_type == ACE_OWNER || 00266 entry_type == OWNING_GROUP || 00267 entry_type == ACE_EVERYONE) 00268 return (sizeof (zfs_ace_hdr_t)); 00269 /*FALLTHROUGH*/ 00270 default: 00271 return (sizeof (zfs_ace_t)); 00272 } 00273 } 00274 00275 static size_t 00276 zfs_ace_fuid_abstract_size(void) 00277 { 00278 return (sizeof (zfs_ace_hdr_t)); 00279 } 00280 00281 static int 00282 zfs_ace_fuid_mask_off(void) 00283 { 00284 return (offsetof(zfs_ace_hdr_t, z_access_mask)); 00285 } 00286 00287 static int 00288 zfs_ace_fuid_data(void *acep, void **datap) 00289 { 00290 zfs_ace_t *zacep = acep; 00291 zfs_object_ace_t *zobjp; 00292 00293 switch (zacep->z_hdr.z_type) { 00294 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 00295 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 00296 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 00297 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 00298 zobjp = acep; 00299 *datap = (caddr_t)zobjp + sizeof (zfs_ace_t); 00300 return (sizeof (zfs_object_ace_t) - sizeof (zfs_ace_t)); 00301 default: 00302 *datap = NULL; 00303 return (0); 00304 } 00305 } 00306 00307 static acl_ops_t zfs_acl_fuid_ops = { 00308 zfs_ace_fuid_get_mask, 00309 zfs_ace_fuid_set_mask, 00310 zfs_ace_fuid_get_flags, 00311 zfs_ace_fuid_set_flags, 00312 zfs_ace_fuid_get_type, 00313 zfs_ace_fuid_set_type, 00314 zfs_ace_fuid_get_who, 00315 zfs_ace_fuid_set_who, 00316 zfs_ace_fuid_size, 00317 zfs_ace_fuid_abstract_size, 00318 zfs_ace_fuid_mask_off, 00319 zfs_ace_fuid_data 00320 }; 00321 00331 uint64_t 00332 zfs_external_acl(znode_t *zp) 00333 { 00334 zfs_acl_phys_t acl_phys; 00335 int error; 00336 00337 if (zp->z_is_sa) 00338 return (0); 00339 00340 /* 00341 * Need to deal with a potential 00342 * race where zfs_sa_upgrade could cause 00343 * z_isa_sa to change. 00344 * 00345 * If the lookup fails then the state of z_is_sa should have 00346 * changed. 00347 */ 00348 00349 if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zp->z_zfsvfs), 00350 &acl_phys, sizeof (acl_phys))) == 0) 00351 return (acl_phys.z_acl_extern_obj); 00352 else { 00353 /* 00354 * after upgrade the SA_ZPL_ZNODE_ACL should have been 00355 * removed 00356 */ 00357 VERIFY(zp->z_is_sa && error == ENOENT); 00358 return (0); 00359 } 00360 } 00361 00368 static int 00369 zfs_acl_znode_info(znode_t *zp, int *aclsize, int *aclcount, 00370 zfs_acl_phys_t *aclphys) 00371 { 00372 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 00373 uint64_t acl_count; 00374 int size; 00375 int error; 00376 00377 ASSERT(MUTEX_HELD(&zp->z_acl_lock)); 00378 if (zp->z_is_sa) { 00379 if ((error = sa_size(zp->z_sa_hdl, SA_ZPL_DACL_ACES(zfsvfs), 00380 &size)) != 0) 00381 return (error); 00382 *aclsize = size; 00383 if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_DACL_COUNT(zfsvfs), 00384 &acl_count, sizeof (acl_count))) != 0) 00385 return (error); 00386 *aclcount = acl_count; 00387 } else { 00388 if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zfsvfs), 00389 aclphys, sizeof (*aclphys))) != 0) 00390 return (error); 00391 00392 if (aclphys->z_acl_version == ZFS_ACL_VERSION_INITIAL) { 00393 *aclsize = ZFS_ACL_SIZE(aclphys->z_acl_size); 00394 *aclcount = aclphys->z_acl_size; 00395 } else { 00396 *aclsize = aclphys->z_acl_size; 00397 *aclcount = aclphys->z_acl_count; 00398 } 00399 } 00400 return (0); 00401 } 00402 00403 int 00404 zfs_znode_acl_version(znode_t *zp) 00405 { 00406 zfs_acl_phys_t acl_phys; 00407 00408 if (zp->z_is_sa) 00409 return (ZFS_ACL_VERSION_FUID); 00410 else { 00411 int error; 00412 00413 /* 00414 * Need to deal with a potential 00415 * race where zfs_sa_upgrade could cause 00416 * z_isa_sa to change. 00417 * 00418 * If the lookup fails then the state of z_is_sa should have 00419 * changed. 00420 */ 00421 if ((error = sa_lookup(zp->z_sa_hdl, 00422 SA_ZPL_ZNODE_ACL(zp->z_zfsvfs), 00423 &acl_phys, sizeof (acl_phys))) == 0) 00424 return (acl_phys.z_acl_version); 00425 else { 00426 /* 00427 * After upgrade SA_ZPL_ZNODE_ACL should have 00428 * been removed. 00429 */ 00430 VERIFY(zp->z_is_sa && error == ENOENT); 00431 return (ZFS_ACL_VERSION_FUID); 00432 } 00433 } 00434 } 00437 static int 00438 zfs_acl_version(int version) 00439 { 00440 if (version < ZPL_VERSION_FUID) 00441 return (ZFS_ACL_VERSION_INITIAL); 00442 else 00443 return (ZFS_ACL_VERSION_FUID); 00444 } 00445 00446 static int 00447 zfs_acl_version_zp(znode_t *zp) 00448 { 00449 return (zfs_acl_version(zp->z_zfsvfs->z_version)); 00450 } 00451 00452 zfs_acl_t * 00453 zfs_acl_alloc(int vers) 00454 { 00455 zfs_acl_t *aclp; 00456 00457 aclp = kmem_zalloc(sizeof (zfs_acl_t), KM_SLEEP); 00458 list_create(&aclp->z_acl, sizeof (zfs_acl_node_t), 00459 offsetof(zfs_acl_node_t, z_next)); 00460 aclp->z_version = vers; 00461 if (vers == ZFS_ACL_VERSION_FUID) 00462 aclp->z_ops = zfs_acl_fuid_ops; 00463 else 00464 aclp->z_ops = zfs_acl_v0_ops; 00465 return (aclp); 00466 } 00467 00468 zfs_acl_node_t * 00469 zfs_acl_node_alloc(size_t bytes) 00470 { 00471 zfs_acl_node_t *aclnode; 00472 00473 aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP); 00474 if (bytes) { 00475 aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP); 00476 aclnode->z_allocdata = aclnode->z_acldata; 00477 aclnode->z_allocsize = bytes; 00478 aclnode->z_size = bytes; 00479 } 00480 00481 return (aclnode); 00482 } 00483 00484 static void 00485 zfs_acl_node_free(zfs_acl_node_t *aclnode) 00486 { 00487 if (aclnode->z_allocsize) 00488 kmem_free(aclnode->z_allocdata, aclnode->z_allocsize); 00489 kmem_free(aclnode, sizeof (zfs_acl_node_t)); 00490 } 00491 00492 static void 00493 zfs_acl_release_nodes(zfs_acl_t *aclp) 00494 { 00495 zfs_acl_node_t *aclnode; 00496 00497 while (aclnode = list_head(&aclp->z_acl)) { 00498 list_remove(&aclp->z_acl, aclnode); 00499 zfs_acl_node_free(aclnode); 00500 } 00501 aclp->z_acl_count = 0; 00502 aclp->z_acl_bytes = 0; 00503 } 00504 00505 void 00506 zfs_acl_free(zfs_acl_t *aclp) 00507 { 00508 zfs_acl_release_nodes(aclp); 00509 list_destroy(&aclp->z_acl); 00510 kmem_free(aclp, sizeof (zfs_acl_t)); 00511 } 00512 00513 static boolean_t 00514 zfs_acl_valid_ace_type(uint_t type, uint_t flags) 00515 { 00516 uint16_t entry_type; 00517 00518 switch (type) { 00519 case ALLOW: 00520 case DENY: 00521 case ACE_SYSTEM_AUDIT_ACE_TYPE: 00522 case ACE_SYSTEM_ALARM_ACE_TYPE: 00523 entry_type = flags & ACE_TYPE_FLAGS; 00524 return (entry_type == ACE_OWNER || 00525 entry_type == OWNING_GROUP || 00526 entry_type == ACE_EVERYONE || entry_type == 0 || 00527 entry_type == ACE_IDENTIFIER_GROUP); 00528 default: 00529 if (type >= MIN_ACE_TYPE && type <= MAX_ACE_TYPE) 00530 return (B_TRUE); 00531 } 00532 return (B_FALSE); 00533 } 00534 00535 static boolean_t 00536 zfs_ace_valid(vtype_t obj_type, zfs_acl_t *aclp, uint16_t type, uint16_t iflags) 00537 { 00538 /* 00539 * first check type of entry 00540 */ 00541 00542 if (!zfs_acl_valid_ace_type(type, iflags)) 00543 return (B_FALSE); 00544 00545 switch (type) { 00546 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 00547 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 00548 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 00549 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 00550 if (aclp->z_version < ZFS_ACL_VERSION_FUID) 00551 return (B_FALSE); 00552 aclp->z_hints |= ZFS_ACL_OBJ_ACE; 00553 } 00554 00555 /* 00556 * next check inheritance level flags 00557 */ 00558 00559 if (obj_type == VDIR && 00560 (iflags & (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE))) 00561 aclp->z_hints |= ZFS_INHERIT_ACE; 00562 00563 if (iflags & (ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) { 00564 if ((iflags & (ACE_FILE_INHERIT_ACE| 00565 ACE_DIRECTORY_INHERIT_ACE)) == 0) { 00566 return (B_FALSE); 00567 } 00568 } 00569 00570 return (B_TRUE); 00571 } 00572 00573 static void * 00574 zfs_acl_next_ace(zfs_acl_t *aclp, void *start, uint64_t *who, 00575 uint32_t *access_mask, uint16_t *iflags, uint16_t *type) 00576 { 00577 zfs_acl_node_t *aclnode; 00578 00579 ASSERT(aclp); 00580 00581 if (start == NULL) { 00582 aclnode = list_head(&aclp->z_acl); 00583 if (aclnode == NULL) 00584 return (NULL); 00585 00586 aclp->z_next_ace = aclnode->z_acldata; 00587 aclp->z_curr_node = aclnode; 00588 aclnode->z_ace_idx = 0; 00589 } 00590 00591 aclnode = aclp->z_curr_node; 00592 00593 if (aclnode == NULL) 00594 return (NULL); 00595 00596 if (aclnode->z_ace_idx >= aclnode->z_ace_count) { 00597 aclnode = list_next(&aclp->z_acl, aclnode); 00598 if (aclnode == NULL) 00599 return (NULL); 00600 else { 00601 aclp->z_curr_node = aclnode; 00602 aclnode->z_ace_idx = 0; 00603 aclp->z_next_ace = aclnode->z_acldata; 00604 } 00605 } 00606 00607 if (aclnode->z_ace_idx < aclnode->z_ace_count) { 00608 void *acep = aclp->z_next_ace; 00609 size_t ace_size; 00610 00611 /* 00612 * Make sure we don't overstep our bounds 00613 */ 00614 ace_size = aclp->z_ops.ace_size(acep); 00615 00616 if (((caddr_t)acep + ace_size) > 00617 ((caddr_t)aclnode->z_acldata + aclnode->z_size)) { 00618 return (NULL); 00619 } 00620 00621 *iflags = aclp->z_ops.ace_flags_get(acep); 00622 *type = aclp->z_ops.ace_type_get(acep); 00623 *access_mask = aclp->z_ops.ace_mask_get(acep); 00624 *who = aclp->z_ops.ace_who_get(acep); 00625 aclp->z_next_ace = (caddr_t)aclp->z_next_ace + ace_size; 00626 aclnode->z_ace_idx++; 00627 00628 return ((void *)acep); 00629 } 00630 return (NULL); 00631 } 00632 00633 /*ARGSUSED*/ 00634 static uint64_t 00635 zfs_ace_walk(void *datap, uint64_t cookie, int aclcnt, 00636 uint16_t *flags, uint16_t *type, uint32_t *mask) 00637 { 00638 zfs_acl_t *aclp = datap; 00639 zfs_ace_hdr_t *acep = (zfs_ace_hdr_t *)(uintptr_t)cookie; 00640 uint64_t who; 00641 00642 acep = zfs_acl_next_ace(aclp, acep, &who, mask, 00643 flags, type); 00644 return ((uint64_t)(uintptr_t)acep); 00645 } 00646 00647 static zfs_acl_node_t * 00648 zfs_acl_curr_node(zfs_acl_t *aclp) 00649 { 00650 ASSERT(aclp->z_curr_node); 00651 return (aclp->z_curr_node); 00652 } 00653 00660 int 00661 zfs_copy_ace_2_fuid(zfsvfs_t *zfsvfs, vtype_t obj_type, zfs_acl_t *aclp, 00662 void *datap, zfs_ace_t *z_acl, uint64_t aclcnt, size_t *size, 00663 zfs_fuid_info_t **fuidp, cred_t *cr) 00664 { 00665 int i; 00666 uint16_t entry_type; 00667 zfs_ace_t *aceptr = z_acl; 00668 ace_t *acep = datap; 00669 zfs_object_ace_t *zobjacep; 00670 ace_object_t *aceobjp; 00671 00672 for (i = 0; i != aclcnt; i++) { 00673 aceptr->z_hdr.z_access_mask = acep->a_access_mask; 00674 aceptr->z_hdr.z_flags = acep->a_flags; 00675 aceptr->z_hdr.z_type = acep->a_type; 00676 entry_type = aceptr->z_hdr.z_flags & ACE_TYPE_FLAGS; 00677 if (entry_type != ACE_OWNER && entry_type != OWNING_GROUP && 00678 entry_type != ACE_EVERYONE) { 00679 aceptr->z_fuid = zfs_fuid_create(zfsvfs, acep->a_who, 00680 cr, (entry_type == 0) ? 00681 ZFS_ACE_USER : ZFS_ACE_GROUP, fuidp); 00682 } 00683 00684 /* 00685 * Make sure ACE is valid 00686 */ 00687 if (zfs_ace_valid(obj_type, aclp, aceptr->z_hdr.z_type, 00688 aceptr->z_hdr.z_flags) != B_TRUE) 00689 return (EINVAL); 00690 00691 switch (acep->a_type) { 00692 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 00693 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 00694 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 00695 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 00696 zobjacep = (zfs_object_ace_t *)aceptr; 00697 aceobjp = (ace_object_t *)acep; 00698 00699 bcopy(aceobjp->a_obj_type, zobjacep->z_object_type, 00700 sizeof (aceobjp->a_obj_type)); 00701 bcopy(aceobjp->a_inherit_obj_type, 00702 zobjacep->z_inherit_type, 00703 sizeof (aceobjp->a_inherit_obj_type)); 00704 acep = (ace_t *)((caddr_t)acep + sizeof (ace_object_t)); 00705 break; 00706 default: 00707 acep = (ace_t *)((caddr_t)acep + sizeof (ace_t)); 00708 } 00709 00710 aceptr = (zfs_ace_t *)((caddr_t)aceptr + 00711 aclp->z_ops.ace_size(aceptr)); 00712 } 00713 00714 *size = (caddr_t)aceptr - (caddr_t)z_acl; 00715 00716 return (0); 00717 } 00718 00722 static void 00723 zfs_copy_fuid_2_ace(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, cred_t *cr, 00724 void *datap, int filter) 00725 { 00726 uint64_t who; 00727 uint32_t access_mask; 00728 uint16_t iflags, type; 00729 zfs_ace_hdr_t *zacep = NULL; 00730 ace_t *acep = datap; 00731 ace_object_t *objacep; 00732 zfs_object_ace_t *zobjacep; 00733 size_t ace_size; 00734 uint16_t entry_type; 00735 00736 while (zacep = zfs_acl_next_ace(aclp, zacep, 00737 &who, &access_mask, &iflags, &type)) { 00738 00739 switch (type) { 00740 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 00741 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 00742 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 00743 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 00744 if (filter) { 00745 continue; 00746 } 00747 zobjacep = (zfs_object_ace_t *)zacep; 00748 objacep = (ace_object_t *)acep; 00749 bcopy(zobjacep->z_object_type, 00750 objacep->a_obj_type, 00751 sizeof (zobjacep->z_object_type)); 00752 bcopy(zobjacep->z_inherit_type, 00753 objacep->a_inherit_obj_type, 00754 sizeof (zobjacep->z_inherit_type)); 00755 ace_size = sizeof (ace_object_t); 00756 break; 00757 default: 00758 ace_size = sizeof (ace_t); 00759 break; 00760 } 00761 00762 entry_type = (iflags & ACE_TYPE_FLAGS); 00763 if ((entry_type != ACE_OWNER && 00764 entry_type != OWNING_GROUP && 00765 entry_type != ACE_EVERYONE)) { 00766 acep->a_who = zfs_fuid_map_id(zfsvfs, who, 00767 cr, (entry_type & ACE_IDENTIFIER_GROUP) ? 00768 ZFS_ACE_GROUP : ZFS_ACE_USER); 00769 } else { 00770 acep->a_who = (uid_t)(int64_t)who; 00771 } 00772 acep->a_access_mask = access_mask; 00773 acep->a_flags = iflags; 00774 acep->a_type = type; 00775 acep = (ace_t *)((caddr_t)acep + ace_size); 00776 } 00777 } 00778 00779 static int 00780 zfs_copy_ace_2_oldace(vtype_t obj_type, zfs_acl_t *aclp, ace_t *acep, 00781 zfs_oldace_t *z_acl, int aclcnt, size_t *size) 00782 { 00783 int i; 00784 zfs_oldace_t *aceptr = z_acl; 00785 00786 for (i = 0; i != aclcnt; i++, aceptr++) { 00787 aceptr->z_access_mask = acep[i].a_access_mask; 00788 aceptr->z_type = acep[i].a_type; 00789 aceptr->z_flags = acep[i].a_flags; 00790 aceptr->z_fuid = acep[i].a_who; 00791 /* 00792 * Make sure ACE is valid 00793 */ 00794 if (zfs_ace_valid(obj_type, aclp, aceptr->z_type, 00795 aceptr->z_flags) != B_TRUE) 00796 return (EINVAL); 00797 } 00798 *size = (caddr_t)aceptr - (caddr_t)z_acl; 00799 return (0); 00800 } 00801 00805 void 00806 zfs_acl_xform(znode_t *zp, zfs_acl_t *aclp, cred_t *cr) 00807 { 00808 zfs_oldace_t *oldaclp; 00809 int i; 00810 uint16_t type, iflags; 00811 uint32_t access_mask; 00812 uint64_t who; 00813 void *cookie = NULL; 00814 zfs_acl_node_t *newaclnode; 00815 00816 ASSERT(aclp->z_version == ZFS_ACL_VERSION_INITIAL); 00817 /* 00818 * First create the ACE in a contiguous piece of memory 00819 * for zfs_copy_ace_2_fuid(). 00820 * 00821 * We only convert an ACL once, so this won't happen 00822 * everytime. 00823 */ 00824 oldaclp = kmem_alloc(sizeof (zfs_oldace_t) * aclp->z_acl_count, 00825 KM_SLEEP); 00826 i = 0; 00827 while (cookie = zfs_acl_next_ace(aclp, cookie, &who, 00828 &access_mask, &iflags, &type)) { 00829 oldaclp[i].z_flags = iflags; 00830 oldaclp[i].z_type = type; 00831 oldaclp[i].z_fuid = who; 00832 oldaclp[i++].z_access_mask = access_mask; 00833 } 00834 00835 newaclnode = zfs_acl_node_alloc(aclp->z_acl_count * 00836 sizeof (zfs_object_ace_t)); 00837 aclp->z_ops = zfs_acl_fuid_ops; 00838 VERIFY(zfs_copy_ace_2_fuid(zp->z_zfsvfs, ZTOV(zp)->v_type, aclp, 00839 oldaclp, newaclnode->z_acldata, aclp->z_acl_count, 00840 &newaclnode->z_size, NULL, cr) == 0); 00841 newaclnode->z_ace_count = aclp->z_acl_count; 00842 aclp->z_version = ZFS_ACL_VERSION; 00843 kmem_free(oldaclp, aclp->z_acl_count * sizeof (zfs_oldace_t)); 00844 00845 /* 00846 * Release all previous ACL nodes 00847 */ 00848 00849 zfs_acl_release_nodes(aclp); 00850 00851 list_insert_head(&aclp->z_acl, newaclnode); 00852 00853 aclp->z_acl_bytes = newaclnode->z_size; 00854 aclp->z_acl_count = newaclnode->z_ace_count; 00855 00856 } 00857 00861 static uint32_t 00862 zfs_unix_to_v4(uint32_t access_mask) 00863 { 00864 uint32_t new_mask = 0; 00865 00866 if (access_mask & S_IXOTH) 00867 new_mask |= ACE_EXECUTE; 00868 if (access_mask & S_IWOTH) 00869 new_mask |= ACE_WRITE_DATA; 00870 if (access_mask & S_IROTH) 00871 new_mask |= ACE_READ_DATA; 00872 return (new_mask); 00873 } 00874 00875 static void 00876 zfs_set_ace(zfs_acl_t *aclp, void *acep, uint32_t access_mask, 00877 uint16_t access_type, uint64_t fuid, uint16_t entry_type) 00878 { 00879 uint16_t type = entry_type & ACE_TYPE_FLAGS; 00880 00881 aclp->z_ops.ace_mask_set(acep, access_mask); 00882 aclp->z_ops.ace_type_set(acep, access_type); 00883 aclp->z_ops.ace_flags_set(acep, entry_type); 00884 if ((type != ACE_OWNER && type != OWNING_GROUP && 00885 type != ACE_EVERYONE)) 00886 aclp->z_ops.ace_who_set(acep, fuid); 00887 } 00888 00893 uint64_t 00894 zfs_mode_compute(uint64_t fmode, zfs_acl_t *aclp, 00895 uint64_t *pflags, uint64_t fuid, uint64_t fgid) 00896 { 00897 int entry_type; 00898 mode_t mode; 00899 mode_t seen = 0; 00900 zfs_ace_hdr_t *acep = NULL; 00901 uint64_t who; 00902 uint16_t iflags, type; 00903 uint32_t access_mask; 00904 boolean_t an_exec_denied = B_FALSE; 00905 00906 mode = (fmode & (S_IFMT | S_ISUID | S_ISGID | S_ISVTX)); 00907 00908 while (acep = zfs_acl_next_ace(aclp, acep, &who, 00909 &access_mask, &iflags, &type)) { 00910 00911 if (!zfs_acl_valid_ace_type(type, iflags)) 00912 continue; 00913 00914 entry_type = (iflags & ACE_TYPE_FLAGS); 00915 00916 /* 00917 * Skip over owner@, group@ or everyone@ inherit only ACEs 00918 */ 00919 if ((iflags & ACE_INHERIT_ONLY_ACE) && 00920 (entry_type == ACE_OWNER || entry_type == ACE_EVERYONE || 00921 entry_type == OWNING_GROUP)) 00922 continue; 00923 00924 if (entry_type == ACE_OWNER || (entry_type == 0 && 00925 who == fuid)) { 00926 if ((access_mask & ACE_READ_DATA) && 00927 (!(seen & S_IRUSR))) { 00928 seen |= S_IRUSR; 00929 if (type == ALLOW) { 00930 mode |= S_IRUSR; 00931 } 00932 } 00933 if ((access_mask & ACE_WRITE_DATA) && 00934 (!(seen & S_IWUSR))) { 00935 seen |= S_IWUSR; 00936 if (type == ALLOW) { 00937 mode |= S_IWUSR; 00938 } 00939 } 00940 if ((access_mask & ACE_EXECUTE) && 00941 (!(seen & S_IXUSR))) { 00942 seen |= S_IXUSR; 00943 if (type == ALLOW) { 00944 mode |= S_IXUSR; 00945 } 00946 } 00947 } else if (entry_type == OWNING_GROUP || 00948 (entry_type == ACE_IDENTIFIER_GROUP && who == fgid)) { 00949 if ((access_mask & ACE_READ_DATA) && 00950 (!(seen & S_IRGRP))) { 00951 seen |= S_IRGRP; 00952 if (type == ALLOW) { 00953 mode |= S_IRGRP; 00954 } 00955 } 00956 if ((access_mask & ACE_WRITE_DATA) && 00957 (!(seen & S_IWGRP))) { 00958 seen |= S_IWGRP; 00959 if (type == ALLOW) { 00960 mode |= S_IWGRP; 00961 } 00962 } 00963 if ((access_mask & ACE_EXECUTE) && 00964 (!(seen & S_IXGRP))) { 00965 seen |= S_IXGRP; 00966 if (type == ALLOW) { 00967 mode |= S_IXGRP; 00968 } 00969 } 00970 } else if (entry_type == ACE_EVERYONE) { 00971 if ((access_mask & ACE_READ_DATA)) { 00972 if (!(seen & S_IRUSR)) { 00973 seen |= S_IRUSR; 00974 if (type == ALLOW) { 00975 mode |= S_IRUSR; 00976 } 00977 } 00978 if (!(seen & S_IRGRP)) { 00979 seen |= S_IRGRP; 00980 if (type == ALLOW) { 00981 mode |= S_IRGRP; 00982 } 00983 } 00984 if (!(seen & S_IROTH)) { 00985 seen |= S_IROTH; 00986 if (type == ALLOW) { 00987 mode |= S_IROTH; 00988 } 00989 } 00990 } 00991 if ((access_mask & ACE_WRITE_DATA)) { 00992 if (!(seen & S_IWUSR)) { 00993 seen |= S_IWUSR; 00994 if (type == ALLOW) { 00995 mode |= S_IWUSR; 00996 } 00997 } 00998 if (!(seen & S_IWGRP)) { 00999 seen |= S_IWGRP; 01000 if (type == ALLOW) { 01001 mode |= S_IWGRP; 01002 } 01003 } 01004 if (!(seen & S_IWOTH)) { 01005 seen |= S_IWOTH; 01006 if (type == ALLOW) { 01007 mode |= S_IWOTH; 01008 } 01009 } 01010 } 01011 if ((access_mask & ACE_EXECUTE)) { 01012 if (!(seen & S_IXUSR)) { 01013 seen |= S_IXUSR; 01014 if (type == ALLOW) { 01015 mode |= S_IXUSR; 01016 } 01017 } 01018 if (!(seen & S_IXGRP)) { 01019 seen |= S_IXGRP; 01020 if (type == ALLOW) { 01021 mode |= S_IXGRP; 01022 } 01023 } 01024 if (!(seen & S_IXOTH)) { 01025 seen |= S_IXOTH; 01026 if (type == ALLOW) { 01027 mode |= S_IXOTH; 01028 } 01029 } 01030 } 01031 } else { 01032 /* 01033 * Only care if this IDENTIFIER_GROUP or 01034 * USER ACE denies execute access to someone, 01035 * mode is not affected 01036 */ 01037 if ((access_mask & ACE_EXECUTE) && type == DENY) 01038 an_exec_denied = B_TRUE; 01039 } 01040 } 01041 01042 /* 01043 * Failure to allow is effectively a deny, so execute permission 01044 * is denied if it was never mentioned or if we explicitly 01045 * weren't allowed it. 01046 */ 01047 if (!an_exec_denied && 01048 ((seen & ALL_MODE_EXECS) != ALL_MODE_EXECS || 01049 (mode & ALL_MODE_EXECS) != ALL_MODE_EXECS)) 01050 an_exec_denied = B_TRUE; 01051 01052 if (an_exec_denied) 01053 *pflags &= ~ZFS_NO_EXECS_DENIED; 01054 else 01055 *pflags |= ZFS_NO_EXECS_DENIED; 01056 01057 return (mode); 01058 } 01059 01064 static int 01065 zfs_acl_node_read(znode_t *zp, boolean_t have_lock, zfs_acl_t **aclpp, 01066 boolean_t will_modify) 01067 { 01068 zfs_acl_t *aclp; 01069 int aclsize; 01070 int acl_count; 01071 zfs_acl_node_t *aclnode; 01072 zfs_acl_phys_t znode_acl; 01073 int version; 01074 int error; 01075 boolean_t drop_lock = B_FALSE; 01076 01077 ASSERT(MUTEX_HELD(&zp->z_acl_lock)); 01078 01079 if (zp->z_acl_cached && !will_modify) { 01080 *aclpp = zp->z_acl_cached; 01081 return (0); 01082 } 01083 01084 /* 01085 * close race where znode could be upgrade while trying to 01086 * read the znode attributes. 01087 * 01088 * But this could only happen if the file isn't already an SA 01089 * znode 01090 */ 01091 if (!zp->z_is_sa && !have_lock) { 01092 mutex_enter(&zp->z_lock); 01093 drop_lock = B_TRUE; 01094 } 01095 version = zfs_znode_acl_version(zp); 01096 01097 if ((error = zfs_acl_znode_info(zp, &aclsize, 01098 &acl_count, &znode_acl)) != 0) { 01099 goto done; 01100 } 01101 01102 aclp = zfs_acl_alloc(version); 01103 01104 aclp->z_acl_count = acl_count; 01105 aclp->z_acl_bytes = aclsize; 01106 01107 aclnode = zfs_acl_node_alloc(aclsize); 01108 aclnode->z_ace_count = aclp->z_acl_count; 01109 aclnode->z_size = aclsize; 01110 01111 if (!zp->z_is_sa) { 01112 if (znode_acl.z_acl_extern_obj) { 01113 error = dmu_read(zp->z_zfsvfs->z_os, 01114 znode_acl.z_acl_extern_obj, 0, aclnode->z_size, 01115 aclnode->z_acldata, DMU_READ_PREFETCH); 01116 } else { 01117 bcopy(znode_acl.z_ace_data, aclnode->z_acldata, 01118 aclnode->z_size); 01119 } 01120 } else { 01121 error = sa_lookup(zp->z_sa_hdl, SA_ZPL_DACL_ACES(zp->z_zfsvfs), 01122 aclnode->z_acldata, aclnode->z_size); 01123 } 01124 01125 if (error != 0) { 01126 zfs_acl_free(aclp); 01127 zfs_acl_node_free(aclnode); 01128 /* convert checksum errors into IO errors */ 01129 if (error == ECKSUM) 01130 error = EIO; 01131 goto done; 01132 } 01133 01134 list_insert_head(&aclp->z_acl, aclnode); 01135 01136 *aclpp = aclp; 01137 if (!will_modify) 01138 zp->z_acl_cached = aclp; 01139 done: 01140 if (drop_lock) 01141 mutex_exit(&zp->z_lock); 01142 return (error); 01143 } 01144 01145 /*ARGSUSED*/ 01146 void 01147 zfs_acl_data_locator(void **dataptr, uint32_t *length, uint32_t buflen, 01148 boolean_t start, void *userdata) 01149 { 01150 zfs_acl_locator_cb_t *cb = (zfs_acl_locator_cb_t *)userdata; 01151 01152 if (start) { 01153 cb->cb_acl_node = list_head(&cb->cb_aclp->z_acl); 01154 } else { 01155 cb->cb_acl_node = list_next(&cb->cb_aclp->z_acl, 01156 cb->cb_acl_node); 01157 } 01158 *dataptr = cb->cb_acl_node->z_acldata; 01159 *length = cb->cb_acl_node->z_size; 01160 } 01161 01162 int 01163 zfs_acl_chown_setattr(znode_t *zp) 01164 { 01165 int error; 01166 zfs_acl_t *aclp; 01167 01168 ASSERT(MUTEX_HELD(&zp->z_lock)); 01169 ASSERT(MUTEX_HELD(&zp->z_acl_lock)); 01170 01171 if ((error = zfs_acl_node_read(zp, B_TRUE, &aclp, B_FALSE)) == 0) 01172 zp->z_mode = zfs_mode_compute(zp->z_mode, aclp, 01173 &zp->z_pflags, zp->z_uid, zp->z_gid); 01174 return (error); 01175 } 01176 01184 int 01185 zfs_aclset_common(znode_t *zp, zfs_acl_t *aclp, cred_t *cr, dmu_tx_t *tx) 01186 { 01187 int error; 01188 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 01189 dmu_object_type_t otype; 01190 zfs_acl_locator_cb_t locate = { 0 }; 01191 uint64_t mode; 01192 sa_bulk_attr_t bulk[5]; 01193 uint64_t ctime[2]; 01194 int count = 0; 01195 01196 mode = zp->z_mode; 01197 01198 mode = zfs_mode_compute(mode, aclp, &zp->z_pflags, 01199 zp->z_uid, zp->z_gid); 01200 01201 zp->z_mode = mode; 01202 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs), NULL, 01203 &mode, sizeof (mode)); 01204 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL, 01205 &zp->z_pflags, sizeof (zp->z_pflags)); 01206 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, 01207 &ctime, sizeof (ctime)); 01208 01209 if (zp->z_acl_cached) { 01210 zfs_acl_free(zp->z_acl_cached); 01211 zp->z_acl_cached = NULL; 01212 } 01213 01214 /* 01215 * Upgrade needed? 01216 */ 01217 if (!zfsvfs->z_use_fuids) { 01218 otype = DMU_OT_OLDACL; 01219 } else { 01220 if ((aclp->z_version == ZFS_ACL_VERSION_INITIAL) && 01221 (zfsvfs->z_version >= ZPL_VERSION_FUID)) 01222 zfs_acl_xform(zp, aclp, cr); 01223 ASSERT(aclp->z_version >= ZFS_ACL_VERSION_FUID); 01224 otype = DMU_OT_ACL; 01225 } 01226 01227 /* 01228 * Arrgh, we have to handle old on disk format 01229 * as well as newer (preferred) SA format. 01230 */ 01231 01232 if (zp->z_is_sa) { /* the easy case, just update the ACL attribute */ 01233 locate.cb_aclp = aclp; 01234 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_DACL_ACES(zfsvfs), 01235 zfs_acl_data_locator, &locate, aclp->z_acl_bytes); 01236 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_DACL_COUNT(zfsvfs), 01237 NULL, &aclp->z_acl_count, sizeof (uint64_t)); 01238 } else { /* Painful legacy way */ 01239 zfs_acl_node_t *aclnode; 01240 uint64_t off = 0; 01241 zfs_acl_phys_t acl_phys; 01242 uint64_t aoid; 01243 01244 if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_ZNODE_ACL(zfsvfs), 01245 &acl_phys, sizeof (acl_phys))) != 0) 01246 return (error); 01247 01248 aoid = acl_phys.z_acl_extern_obj; 01249 01250 if (aclp->z_acl_bytes > ZFS_ACE_SPACE) { 01251 /* 01252 * If ACL was previously external and we are now 01253 * converting to new ACL format then release old 01254 * ACL object and create a new one. 01255 */ 01256 if (aoid && 01257 aclp->z_version != acl_phys.z_acl_version) { 01258 error = dmu_object_free(zfsvfs->z_os, aoid, tx); 01259 if (error) 01260 return (error); 01261 aoid = 0; 01262 } 01263 if (aoid == 0) { 01264 aoid = dmu_object_alloc(zfsvfs->z_os, 01265 otype, aclp->z_acl_bytes, 01266 otype == DMU_OT_ACL ? 01267 DMU_OT_SYSACL : DMU_OT_NONE, 01268 otype == DMU_OT_ACL ? 01269 DN_MAX_BONUSLEN : 0, tx); 01270 } else { 01271 (void) dmu_object_set_blocksize(zfsvfs->z_os, 01272 aoid, aclp->z_acl_bytes, 0, tx); 01273 } 01274 acl_phys.z_acl_extern_obj = aoid; 01275 for (aclnode = list_head(&aclp->z_acl); aclnode; 01276 aclnode = list_next(&aclp->z_acl, aclnode)) { 01277 if (aclnode->z_ace_count == 0) 01278 continue; 01279 dmu_write(zfsvfs->z_os, aoid, off, 01280 aclnode->z_size, aclnode->z_acldata, tx); 01281 off += aclnode->z_size; 01282 } 01283 } else { 01284 void *start = acl_phys.z_ace_data; 01285 /* 01286 * Migrating back embedded? 01287 */ 01288 if (acl_phys.z_acl_extern_obj) { 01289 error = dmu_object_free(zfsvfs->z_os, 01290 acl_phys.z_acl_extern_obj, tx); 01291 if (error) 01292 return (error); 01293 acl_phys.z_acl_extern_obj = 0; 01294 } 01295 01296 for (aclnode = list_head(&aclp->z_acl); aclnode; 01297 aclnode = list_next(&aclp->z_acl, aclnode)) { 01298 if (aclnode->z_ace_count == 0) 01299 continue; 01300 bcopy(aclnode->z_acldata, start, 01301 aclnode->z_size); 01302 start = (caddr_t)start + aclnode->z_size; 01303 } 01304 } 01305 /* 01306 * If Old version then swap count/bytes to match old 01307 * layout of znode_acl_phys_t. 01308 */ 01309 if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) { 01310 acl_phys.z_acl_size = aclp->z_acl_count; 01311 acl_phys.z_acl_count = aclp->z_acl_bytes; 01312 } else { 01313 acl_phys.z_acl_size = aclp->z_acl_bytes; 01314 acl_phys.z_acl_count = aclp->z_acl_count; 01315 } 01316 acl_phys.z_acl_version = aclp->z_version; 01317 01318 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_ZNODE_ACL(zfsvfs), NULL, 01319 &acl_phys, sizeof (acl_phys)); 01320 } 01321 01322 /* 01323 * Replace ACL wide bits, but first clear them. 01324 */ 01325 zp->z_pflags &= ~ZFS_ACL_WIDE_FLAGS; 01326 01327 zp->z_pflags |= aclp->z_hints; 01328 01329 if (ace_trivial_common(aclp, 0, zfs_ace_walk) == 0) 01330 zp->z_pflags |= ZFS_ACL_TRIVIAL; 01331 01332 zfs_tstamp_update_setup(zp, STATE_CHANGED, NULL, ctime, B_TRUE); 01333 return (sa_bulk_update(zp->z_sa_hdl, bulk, count, tx)); 01334 } 01335 01336 static void 01337 zfs_acl_chmod(vtype_t vtype, uint64_t mode, boolean_t trim, zfs_acl_t *aclp) 01338 { 01339 void *acep = NULL; 01340 uint64_t who; 01341 int new_count, new_bytes; 01342 int ace_size; 01343 int entry_type; 01344 uint16_t iflags, type; 01345 uint32_t access_mask; 01346 zfs_acl_node_t *newnode; 01347 size_t abstract_size = aclp->z_ops.ace_abstract_size(); 01348 void *zacep; 01349 boolean_t isdir; 01350 trivial_acl_t masks; 01351 01352 new_count = new_bytes = 0; 01353 01354 isdir = (vtype == VDIR); 01355 01356 acl_trivial_access_masks((mode_t)mode, isdir, &masks); 01357 01358 newnode = zfs_acl_node_alloc((abstract_size * 6) + aclp->z_acl_bytes); 01359 01360 zacep = newnode->z_acldata; 01361 if (masks.allow0) { 01362 zfs_set_ace(aclp, zacep, masks.allow0, ALLOW, -1, ACE_OWNER); 01363 zacep = (void *)((uintptr_t)zacep + abstract_size); 01364 new_count++; 01365 new_bytes += abstract_size; 01366 } if (masks.deny1) { 01367 zfs_set_ace(aclp, zacep, masks.deny1, DENY, -1, ACE_OWNER); 01368 zacep = (void *)((uintptr_t)zacep + abstract_size); 01369 new_count++; 01370 new_bytes += abstract_size; 01371 } 01372 if (masks.deny2) { 01373 zfs_set_ace(aclp, zacep, masks.deny2, DENY, -1, OWNING_GROUP); 01374 zacep = (void *)((uintptr_t)zacep + abstract_size); 01375 new_count++; 01376 new_bytes += abstract_size; 01377 } 01378 01379 while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask, 01380 &iflags, &type)) { 01381 uint16_t inherit_flags; 01382 01383 entry_type = (iflags & ACE_TYPE_FLAGS); 01384 inherit_flags = (iflags & ALL_INHERIT); 01385 01386 if ((entry_type == ACE_OWNER || entry_type == ACE_EVERYONE || 01387 (entry_type == OWNING_GROUP)) && 01388 ((inherit_flags & ACE_INHERIT_ONLY_ACE) == 0)) { 01389 continue; 01390 } 01391 01392 /* 01393 * If this ACL has any inheritable ACEs, mark that in 01394 * the hints (which are later masked into the pflags) 01395 * so create knows to do inheritance. 01396 */ 01397 if (isdir && (inherit_flags & 01398 (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE))) 01399 aclp->z_hints |= ZFS_INHERIT_ACE; 01400 01401 if ((type != ALLOW && type != DENY) || 01402 (inherit_flags & ACE_INHERIT_ONLY_ACE)) { 01403 switch (type) { 01404 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 01405 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 01406 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 01407 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 01408 aclp->z_hints |= ZFS_ACL_OBJ_ACE; 01409 break; 01410 } 01411 } else { 01412 01413 /* 01414 * Limit permissions to be no greater than 01415 * group permissions. 01416 * The "aclinherit" and "aclmode" properties 01417 * affect policy for create and chmod(2), 01418 * respectively. 01419 */ 01420 if ((type == ALLOW) && trim) 01421 access_mask &= masks.group; 01422 } 01423 zfs_set_ace(aclp, zacep, access_mask, type, who, iflags); 01424 ace_size = aclp->z_ops.ace_size(acep); 01425 zacep = (void *)((uintptr_t)zacep + ace_size); 01426 new_count++; 01427 new_bytes += ace_size; 01428 } 01429 zfs_set_ace(aclp, zacep, masks.owner, 0, -1, ACE_OWNER); 01430 zacep = (void *)((uintptr_t)zacep + abstract_size); 01431 zfs_set_ace(aclp, zacep, masks.group, 0, -1, OWNING_GROUP); 01432 zacep = (void *)((uintptr_t)zacep + abstract_size); 01433 zfs_set_ace(aclp, zacep, masks.everyone, 0, -1, ACE_EVERYONE); 01434 01435 new_count += 3; 01436 new_bytes += abstract_size * 3; 01437 zfs_acl_release_nodes(aclp); 01438 aclp->z_acl_count = new_count; 01439 aclp->z_acl_bytes = new_bytes; 01440 newnode->z_ace_count = new_count; 01441 newnode->z_size = new_bytes; 01442 list_insert_tail(&aclp->z_acl, newnode); 01443 } 01444 01445 int 01446 zfs_acl_chmod_setattr(znode_t *zp, zfs_acl_t **aclp, uint64_t mode) 01447 { 01448 int error = 0; 01449 01450 mutex_enter(&zp->z_acl_lock); 01451 mutex_enter(&zp->z_lock); 01452 if (zp->z_zfsvfs->z_acl_mode == ZFS_ACL_DISCARD) 01453 *aclp = zfs_acl_alloc(zfs_acl_version_zp(zp)); 01454 else 01455 error = zfs_acl_node_read(zp, B_TRUE, aclp, B_TRUE); 01456 01457 if (error == 0) { 01458 (*aclp)->z_hints = zp->z_pflags & V4_ACL_WIDE_FLAGS; 01459 zfs_acl_chmod(ZTOV(zp)->v_type, mode, 01460 (zp->z_zfsvfs->z_acl_mode == ZFS_ACL_GROUPMASK), *aclp); 01461 } 01462 mutex_exit(&zp->z_lock); 01463 mutex_exit(&zp->z_acl_lock); 01464 01465 return (error); 01466 } 01467 01471 static void 01472 zfs_restricted_update(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, void *acep) 01473 { 01474 uint32_t mask = aclp->z_ops.ace_mask_get(acep); 01475 01476 if ((zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED) && 01477 (aclp->z_ops.ace_type_get(acep) == ALLOW)) { 01478 mask &= ~RESTRICTED_CLEAR; 01479 aclp->z_ops.ace_mask_set(acep, mask); 01480 } 01481 } 01482 01486 static int 01487 zfs_ace_can_use(vtype_t vtype, uint16_t acep_flags) 01488 { 01489 int iflags = (acep_flags & 0xf); 01490 01491 if ((vtype == VDIR) && (iflags & ACE_DIRECTORY_INHERIT_ACE)) 01492 return (1); 01493 else if (iflags & ACE_FILE_INHERIT_ACE) 01494 return (!((vtype == VDIR) && 01495 (iflags & ACE_NO_PROPAGATE_INHERIT_ACE))); 01496 return (0); 01497 } 01498 01502 static zfs_acl_t * 01503 zfs_acl_inherit(zfsvfs_t *zfsvfs, vtype_t vtype, zfs_acl_t *paclp, 01504 uint64_t mode, boolean_t *need_chmod) 01505 { 01506 void *pacep; 01507 void *acep; 01508 zfs_acl_node_t *aclnode; 01509 zfs_acl_t *aclp = NULL; 01510 uint64_t who; 01511 uint32_t access_mask; 01512 uint16_t iflags, newflags, type; 01513 size_t ace_size; 01514 void *data1, *data2; 01515 size_t data1sz, data2sz; 01516 boolean_t vdir = vtype == VDIR; 01517 boolean_t vreg = vtype == VREG; 01518 boolean_t passthrough, passthrough_x, noallow; 01519 01520 passthrough_x = 01521 zfsvfs->z_acl_inherit == ZFS_ACL_PASSTHROUGH_X; 01522 passthrough = passthrough_x || 01523 zfsvfs->z_acl_inherit == ZFS_ACL_PASSTHROUGH; 01524 noallow = 01525 zfsvfs->z_acl_inherit == ZFS_ACL_NOALLOW; 01526 01527 *need_chmod = B_TRUE; 01528 pacep = NULL; 01529 aclp = zfs_acl_alloc(paclp->z_version); 01530 if (zfsvfs->z_acl_inherit == ZFS_ACL_DISCARD || vtype == VLNK) 01531 return (aclp); 01532 while (pacep = zfs_acl_next_ace(paclp, pacep, &who, 01533 &access_mask, &iflags, &type)) { 01534 01535 /* 01536 * don't inherit bogus ACEs 01537 */ 01538 if (!zfs_acl_valid_ace_type(type, iflags)) 01539 continue; 01540 01541 if (noallow && type == ALLOW) 01542 continue; 01543 01544 ace_size = aclp->z_ops.ace_size(pacep); 01545 01546 if (!zfs_ace_can_use(vtype, iflags)) 01547 continue; 01548 01549 /* 01550 * If owner@, group@, or everyone@ inheritable 01551 * then zfs_acl_chmod() isn't needed. 01552 */ 01553 if (passthrough && 01554 ((iflags & (ACE_OWNER|ACE_EVERYONE)) || 01555 ((iflags & OWNING_GROUP) == 01556 OWNING_GROUP)) && (vreg || (vdir && (iflags & 01557 ACE_DIRECTORY_INHERIT_ACE)))) { 01558 *need_chmod = B_FALSE; 01559 } 01560 01561 if (!vdir && passthrough_x && 01562 ((mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0)) { 01563 access_mask &= ~ACE_EXECUTE; 01564 } 01565 01566 aclnode = zfs_acl_node_alloc(ace_size); 01567 list_insert_tail(&aclp->z_acl, aclnode); 01568 acep = aclnode->z_acldata; 01569 01570 zfs_set_ace(aclp, acep, access_mask, type, 01571 who, iflags|ACE_INHERITED_ACE); 01572 01573 /* 01574 * Copy special opaque data if any 01575 */ 01576 if ((data1sz = paclp->z_ops.ace_data(pacep, &data1)) != 0) { 01577 VERIFY((data2sz = aclp->z_ops.ace_data(acep, 01578 &data2)) == data1sz); 01579 bcopy(data1, data2, data2sz); 01580 } 01581 01582 aclp->z_acl_count++; 01583 aclnode->z_ace_count++; 01584 aclp->z_acl_bytes += aclnode->z_size; 01585 newflags = aclp->z_ops.ace_flags_get(acep); 01586 01587 if (vdir) 01588 aclp->z_hints |= ZFS_INHERIT_ACE; 01589 01590 if ((iflags & ACE_NO_PROPAGATE_INHERIT_ACE) || !vdir) { 01591 newflags &= ~ALL_INHERIT; 01592 aclp->z_ops.ace_flags_set(acep, 01593 newflags|ACE_INHERITED_ACE); 01594 zfs_restricted_update(zfsvfs, aclp, acep); 01595 continue; 01596 } 01597 01598 ASSERT(vdir); 01599 01600 /* 01601 * If only FILE_INHERIT is set then turn on 01602 * inherit_only 01603 */ 01604 if ((iflags & (ACE_FILE_INHERIT_ACE | 01605 ACE_DIRECTORY_INHERIT_ACE)) == ACE_FILE_INHERIT_ACE) { 01606 newflags |= ACE_INHERIT_ONLY_ACE; 01607 aclp->z_ops.ace_flags_set(acep, 01608 newflags|ACE_INHERITED_ACE); 01609 } else { 01610 newflags &= ~ACE_INHERIT_ONLY_ACE; 01611 aclp->z_ops.ace_flags_set(acep, 01612 newflags|ACE_INHERITED_ACE); 01613 } 01614 } 01615 return (aclp); 01616 } 01617 01622 int 01623 zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr, 01624 vsecattr_t *vsecp, zfs_acl_ids_t *acl_ids) 01625 { 01626 int error; 01627 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 01628 zfs_acl_t *paclp; 01629 gid_t gid; 01630 boolean_t need_chmod = B_TRUE; 01631 boolean_t inherited = B_FALSE; 01632 01633 bzero(acl_ids, sizeof (zfs_acl_ids_t)); 01634 acl_ids->z_mode = MAKEIMODE(vap->va_type, vap->va_mode); 01635 01636 if (vsecp) 01637 if ((error = zfs_vsec_2_aclp(zfsvfs, vap->va_type, vsecp, cr, 01638 &acl_ids->z_fuidp, &acl_ids->z_aclp)) != 0) 01639 return (error); 01640 /* 01641 * Determine uid and gid. 01642 */ 01643 if ((flag & IS_ROOT_NODE) || zfsvfs->z_replay || 01644 ((flag & IS_XATTR) && (vap->va_type == VDIR))) { 01645 acl_ids->z_fuid = zfs_fuid_create(zfsvfs, 01646 (uint64_t)vap->va_uid, cr, 01647 ZFS_OWNER, &acl_ids->z_fuidp); 01648 acl_ids->z_fgid = zfs_fuid_create(zfsvfs, 01649 (uint64_t)vap->va_gid, cr, 01650 ZFS_GROUP, &acl_ids->z_fuidp); 01651 gid = vap->va_gid; 01652 } else { 01653 acl_ids->z_fuid = zfs_fuid_create_cred(zfsvfs, ZFS_OWNER, 01654 cr, &acl_ids->z_fuidp); 01655 acl_ids->z_fgid = 0; 01656 if (vap->va_mask & AT_GID) { 01657 acl_ids->z_fgid = zfs_fuid_create(zfsvfs, 01658 (uint64_t)vap->va_gid, 01659 cr, ZFS_GROUP, &acl_ids->z_fuidp); 01660 gid = vap->va_gid; 01661 if (acl_ids->z_fgid != dzp->z_gid && 01662 !groupmember(vap->va_gid, cr) && 01663 secpolicy_vnode_create_gid(cr) != 0) 01664 acl_ids->z_fgid = 0; 01665 } 01666 if (acl_ids->z_fgid == 0) { 01667 if (dzp->z_mode & S_ISGID) { 01668 char *domain; 01669 uint32_t rid; 01670 01671 acl_ids->z_fgid = dzp->z_gid; 01672 gid = zfs_fuid_map_id(zfsvfs, acl_ids->z_fgid, 01673 cr, ZFS_GROUP); 01674 01675 if (zfsvfs->z_use_fuids && 01676 IS_EPHEMERAL(acl_ids->z_fgid)) { 01677 domain = zfs_fuid_idx_domain( 01678 &zfsvfs->z_fuid_idx, 01679 FUID_INDEX(acl_ids->z_fgid)); 01680 rid = FUID_RID(acl_ids->z_fgid); 01681 zfs_fuid_node_add(&acl_ids->z_fuidp, 01682 domain, rid, 01683 FUID_INDEX(acl_ids->z_fgid), 01684 acl_ids->z_fgid, ZFS_GROUP); 01685 } 01686 } else { 01687 acl_ids->z_fgid = zfs_fuid_create_cred(zfsvfs, 01688 ZFS_GROUP, cr, &acl_ids->z_fuidp); 01689 #ifdef __FreeBSD__ 01690 gid = acl_ids->z_fgid = dzp->z_gid; 01691 #else 01692 gid = crgetgid(cr); 01693 #endif 01694 } 01695 } 01696 } 01697 01698 /* 01699 * If we're creating a directory, and the parent directory has the 01700 * set-GID bit set, set in on the new directory. 01701 * Otherwise, if the user is neither privileged nor a member of the 01702 * file's new group, clear the file's set-GID bit. 01703 */ 01704 01705 if (!(flag & IS_ROOT_NODE) && (dzp->z_mode & S_ISGID) && 01706 (vap->va_type == VDIR)) { 01707 acl_ids->z_mode |= S_ISGID; 01708 } else { 01709 if ((acl_ids->z_mode & S_ISGID) && 01710 secpolicy_vnode_setids_setgids(ZTOV(dzp), cr, gid) != 0) 01711 acl_ids->z_mode &= ~S_ISGID; 01712 } 01713 01714 if (acl_ids->z_aclp == NULL) { 01715 mutex_enter(&dzp->z_acl_lock); 01716 mutex_enter(&dzp->z_lock); 01717 if (!(flag & IS_ROOT_NODE) && 01718 (dzp->z_pflags & ZFS_INHERIT_ACE) && 01719 !(dzp->z_pflags & ZFS_XATTR)) { 01720 VERIFY(0 == zfs_acl_node_read(dzp, B_TRUE, 01721 &paclp, B_FALSE)); 01722 acl_ids->z_aclp = zfs_acl_inherit(zfsvfs, 01723 vap->va_type, paclp, acl_ids->z_mode, &need_chmod); 01724 inherited = B_TRUE; 01725 } else { 01726 acl_ids->z_aclp = 01727 zfs_acl_alloc(zfs_acl_version_zp(dzp)); 01728 acl_ids->z_aclp->z_hints |= ZFS_ACL_TRIVIAL; 01729 } 01730 mutex_exit(&dzp->z_lock); 01731 mutex_exit(&dzp->z_acl_lock); 01732 if (need_chmod) { 01733 acl_ids->z_aclp->z_hints |= (vap->va_type == VDIR) ? 01734 ZFS_ACL_AUTO_INHERIT : 0; 01735 zfs_acl_chmod(vap->va_type, acl_ids->z_mode, 01736 (zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED), 01737 acl_ids->z_aclp); 01738 } 01739 } 01740 01741 if (inherited || vsecp) { 01742 acl_ids->z_mode = zfs_mode_compute(acl_ids->z_mode, 01743 acl_ids->z_aclp, &acl_ids->z_aclp->z_hints, 01744 acl_ids->z_fuid, acl_ids->z_fgid); 01745 if (ace_trivial_common(acl_ids->z_aclp, 0, zfs_ace_walk) == 0) 01746 acl_ids->z_aclp->z_hints |= ZFS_ACL_TRIVIAL; 01747 } 01748 01749 return (0); 01750 } 01751 01755 void 01756 zfs_acl_ids_free(zfs_acl_ids_t *acl_ids) 01757 { 01758 if (acl_ids->z_aclp) 01759 zfs_acl_free(acl_ids->z_aclp); 01760 if (acl_ids->z_fuidp) 01761 zfs_fuid_info_free(acl_ids->z_fuidp); 01762 acl_ids->z_aclp = NULL; 01763 acl_ids->z_fuidp = NULL; 01764 } 01765 01766 boolean_t 01767 zfs_acl_ids_overquota(zfsvfs_t *zfsvfs, zfs_acl_ids_t *acl_ids) 01768 { 01769 return (zfs_fuid_overquota(zfsvfs, B_FALSE, acl_ids->z_fuid) || 01770 zfs_fuid_overquota(zfsvfs, B_TRUE, acl_ids->z_fgid)); 01771 } 01772 01776 int 01777 zfs_getacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr) 01778 { 01779 zfs_acl_t *aclp; 01780 ulong_t mask; 01781 int error; 01782 int count = 0; 01783 int largeace = 0; 01784 01785 mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT | 01786 VSA_ACE_ACLFLAGS | VSA_ACE_ALLTYPES); 01787 01788 if (mask == 0) 01789 return (ENOSYS); 01790 01791 if (error = zfs_zaccess(zp, ACE_READ_ACL, 0, skipaclchk, cr)) 01792 return (error); 01793 01794 mutex_enter(&zp->z_acl_lock); 01795 01796 error = zfs_acl_node_read(zp, B_FALSE, &aclp, B_FALSE); 01797 if (error != 0) { 01798 mutex_exit(&zp->z_acl_lock); 01799 return (error); 01800 } 01801 01802 /* 01803 * Scan ACL to determine number of ACEs 01804 */ 01805 if ((zp->z_pflags & ZFS_ACL_OBJ_ACE) && !(mask & VSA_ACE_ALLTYPES)) { 01806 void *zacep = NULL; 01807 uint64_t who; 01808 uint32_t access_mask; 01809 uint16_t type, iflags; 01810 01811 while (zacep = zfs_acl_next_ace(aclp, zacep, 01812 &who, &access_mask, &iflags, &type)) { 01813 switch (type) { 01814 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 01815 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 01816 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 01817 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 01818 largeace++; 01819 continue; 01820 default: 01821 count++; 01822 } 01823 } 01824 vsecp->vsa_aclcnt = count; 01825 } else 01826 count = (int)aclp->z_acl_count; 01827 01828 if (mask & VSA_ACECNT) { 01829 vsecp->vsa_aclcnt = count; 01830 } 01831 01832 if (mask & VSA_ACE) { 01833 size_t aclsz; 01834 01835 aclsz = count * sizeof (ace_t) + 01836 sizeof (ace_object_t) * largeace; 01837 01838 vsecp->vsa_aclentp = kmem_alloc(aclsz, KM_SLEEP); 01839 vsecp->vsa_aclentsz = aclsz; 01840 01841 if (aclp->z_version == ZFS_ACL_VERSION_FUID) 01842 zfs_copy_fuid_2_ace(zp->z_zfsvfs, aclp, cr, 01843 vsecp->vsa_aclentp, !(mask & VSA_ACE_ALLTYPES)); 01844 else { 01845 zfs_acl_node_t *aclnode; 01846 void *start = vsecp->vsa_aclentp; 01847 01848 for (aclnode = list_head(&aclp->z_acl); aclnode; 01849 aclnode = list_next(&aclp->z_acl, aclnode)) { 01850 bcopy(aclnode->z_acldata, start, 01851 aclnode->z_size); 01852 start = (caddr_t)start + aclnode->z_size; 01853 } 01854 ASSERT((caddr_t)start - (caddr_t)vsecp->vsa_aclentp == 01855 aclp->z_acl_bytes); 01856 } 01857 } 01858 if (mask & VSA_ACE_ACLFLAGS) { 01859 vsecp->vsa_aclflags = 0; 01860 if (zp->z_pflags & ZFS_ACL_DEFAULTED) 01861 vsecp->vsa_aclflags |= ACL_DEFAULTED; 01862 if (zp->z_pflags & ZFS_ACL_PROTECTED) 01863 vsecp->vsa_aclflags |= ACL_PROTECTED; 01864 if (zp->z_pflags & ZFS_ACL_AUTO_INHERIT) 01865 vsecp->vsa_aclflags |= ACL_AUTO_INHERIT; 01866 } 01867 01868 mutex_exit(&zp->z_acl_lock); 01869 01870 return (0); 01871 } 01872 01873 int 01874 zfs_vsec_2_aclp(zfsvfs_t *zfsvfs, vtype_t obj_type, 01875 vsecattr_t *vsecp, cred_t *cr, zfs_fuid_info_t **fuidp, zfs_acl_t **zaclp) 01876 { 01877 zfs_acl_t *aclp; 01878 zfs_acl_node_t *aclnode; 01879 int aclcnt = vsecp->vsa_aclcnt; 01880 int error; 01881 01882 if (vsecp->vsa_aclcnt > MAX_ACL_ENTRIES || vsecp->vsa_aclcnt <= 0) 01883 return (EINVAL); 01884 01885 aclp = zfs_acl_alloc(zfs_acl_version(zfsvfs->z_version)); 01886 01887 aclp->z_hints = 0; 01888 aclnode = zfs_acl_node_alloc(aclcnt * sizeof (zfs_object_ace_t)); 01889 if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) { 01890 if ((error = zfs_copy_ace_2_oldace(obj_type, aclp, 01891 (ace_t *)vsecp->vsa_aclentp, aclnode->z_acldata, 01892 aclcnt, &aclnode->z_size)) != 0) { 01893 zfs_acl_free(aclp); 01894 zfs_acl_node_free(aclnode); 01895 return (error); 01896 } 01897 } else { 01898 if ((error = zfs_copy_ace_2_fuid(zfsvfs, obj_type, aclp, 01899 vsecp->vsa_aclentp, aclnode->z_acldata, aclcnt, 01900 &aclnode->z_size, fuidp, cr)) != 0) { 01901 zfs_acl_free(aclp); 01902 zfs_acl_node_free(aclnode); 01903 return (error); 01904 } 01905 } 01906 aclp->z_acl_bytes = aclnode->z_size; 01907 aclnode->z_ace_count = aclcnt; 01908 aclp->z_acl_count = aclcnt; 01909 list_insert_head(&aclp->z_acl, aclnode); 01910 01911 /* 01912 * If flags are being set then add them to z_hints 01913 */ 01914 if (vsecp->vsa_mask & VSA_ACE_ACLFLAGS) { 01915 if (vsecp->vsa_aclflags & ACL_PROTECTED) 01916 aclp->z_hints |= ZFS_ACL_PROTECTED; 01917 if (vsecp->vsa_aclflags & ACL_DEFAULTED) 01918 aclp->z_hints |= ZFS_ACL_DEFAULTED; 01919 if (vsecp->vsa_aclflags & ACL_AUTO_INHERIT) 01920 aclp->z_hints |= ZFS_ACL_AUTO_INHERIT; 01921 } 01922 01923 *zaclp = aclp; 01924 01925 return (0); 01926 } 01927 01931 int 01932 zfs_setacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr) 01933 { 01934 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 01935 zilog_t *zilog = zfsvfs->z_log; 01936 ulong_t mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT); 01937 dmu_tx_t *tx; 01938 int error; 01939 zfs_acl_t *aclp; 01940 zfs_fuid_info_t *fuidp = NULL; 01941 boolean_t fuid_dirtied; 01942 uint64_t acl_obj; 01943 01944 if (mask == 0) 01945 return (ENOSYS); 01946 01947 if (zp->z_pflags & ZFS_IMMUTABLE) 01948 return (EPERM); 01949 01950 if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr)) 01951 return (error); 01952 01953 error = zfs_vsec_2_aclp(zfsvfs, ZTOV(zp)->v_type, vsecp, cr, &fuidp, 01954 &aclp); 01955 if (error) 01956 return (error); 01957 01958 /* 01959 * If ACL wide flags aren't being set then preserve any 01960 * existing flags. 01961 */ 01962 if (!(vsecp->vsa_mask & VSA_ACE_ACLFLAGS)) { 01963 aclp->z_hints |= 01964 (zp->z_pflags & V4_ACL_WIDE_FLAGS); 01965 } 01966 top: 01967 mutex_enter(&zp->z_acl_lock); 01968 mutex_enter(&zp->z_lock); 01969 01970 tx = dmu_tx_create(zfsvfs->z_os); 01971 01972 dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE); 01973 01974 fuid_dirtied = zfsvfs->z_fuid_dirty; 01975 if (fuid_dirtied) 01976 zfs_fuid_txhold(zfsvfs, tx); 01977 01978 /* 01979 * If old version and ACL won't fit in bonus and we aren't 01980 * upgrading then take out necessary DMU holds 01981 */ 01982 01983 if ((acl_obj = zfs_external_acl(zp)) != 0) { 01984 if (zfsvfs->z_version >= ZPL_VERSION_FUID && 01985 zfs_znode_acl_version(zp) <= ZFS_ACL_VERSION_INITIAL) { 01986 dmu_tx_hold_free(tx, acl_obj, 0, 01987 DMU_OBJECT_END); 01988 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, 01989 aclp->z_acl_bytes); 01990 } else { 01991 dmu_tx_hold_write(tx, acl_obj, 0, aclp->z_acl_bytes); 01992 } 01993 } else if (!zp->z_is_sa && aclp->z_acl_bytes > ZFS_ACE_SPACE) { 01994 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, aclp->z_acl_bytes); 01995 } 01996 01997 zfs_sa_upgrade_txholds(tx, zp); 01998 error = dmu_tx_assign(tx, TXG_NOWAIT); 01999 if (error) { 02000 mutex_exit(&zp->z_acl_lock); 02001 mutex_exit(&zp->z_lock); 02002 02003 if (error == ERESTART) { 02004 dmu_tx_wait(tx); 02005 dmu_tx_abort(tx); 02006 goto top; 02007 } 02008 dmu_tx_abort(tx); 02009 zfs_acl_free(aclp); 02010 return (error); 02011 } 02012 02013 error = zfs_aclset_common(zp, aclp, cr, tx); 02014 ASSERT(error == 0); 02015 ASSERT(zp->z_acl_cached == NULL); 02016 zp->z_acl_cached = aclp; 02017 02018 if (fuid_dirtied) 02019 zfs_fuid_sync(zfsvfs, tx); 02020 02021 zfs_log_acl(zilog, tx, zp, vsecp, fuidp); 02022 02023 if (fuidp) 02024 zfs_fuid_info_free(fuidp); 02025 dmu_tx_commit(tx); 02026 done: 02027 mutex_exit(&zp->z_lock); 02028 mutex_exit(&zp->z_acl_lock); 02029 02030 return (error); 02031 } 02032 02040 static int 02041 zfs_zaccess_dataset_check(znode_t *zp, uint32_t v4_mode) 02042 { 02043 if ((v4_mode & WRITE_MASK) && 02044 (zp->z_zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) && 02045 (!IS_DEVVP(ZTOV(zp)) || 02046 (IS_DEVVP(ZTOV(zp)) && (v4_mode & WRITE_MASK_ATTRS)))) { 02047 return (EROFS); 02048 } 02049 02050 /* 02051 * Only check for READONLY on non-directories. 02052 */ 02053 if ((v4_mode & WRITE_MASK_DATA) && 02054 (((ZTOV(zp)->v_type != VDIR) && 02055 (zp->z_pflags & (ZFS_READONLY | ZFS_IMMUTABLE))) || 02056 (ZTOV(zp)->v_type == VDIR && 02057 (zp->z_pflags & ZFS_IMMUTABLE)))) { 02058 return (EPERM); 02059 } 02060 02061 #ifdef sun 02062 if ((v4_mode & (ACE_DELETE | ACE_DELETE_CHILD)) && 02063 (zp->z_pflags & ZFS_NOUNLINK)) { 02064 return (EPERM); 02065 } 02066 #else 02067 /* 02068 * In FreeBSD we allow to modify directory's content is ZFS_NOUNLINK 02069 * (sunlnk) is set. We just don't allow directory removal, which is 02070 * handled in zfs_zaccess_delete(). 02071 */ 02072 if ((v4_mode & ACE_DELETE) && 02073 (zp->z_pflags & ZFS_NOUNLINK)) { 02074 return (EPERM); 02075 } 02076 #endif 02077 02078 if (((v4_mode & (ACE_READ_DATA|ACE_EXECUTE)) && 02079 (zp->z_pflags & ZFS_AV_QUARANTINED))) { 02080 return (EACCES); 02081 } 02082 02083 return (0); 02084 } 02085 02111 static int 02112 zfs_zaccess_aces_check(znode_t *zp, uint32_t *working_mode, 02113 boolean_t anyaccess, cred_t *cr) 02114 { 02115 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 02116 zfs_acl_t *aclp; 02117 int error; 02118 uid_t uid = crgetuid(cr); 02119 uint64_t who; 02120 uint16_t type, iflags; 02121 uint16_t entry_type; 02122 uint32_t access_mask; 02123 uint32_t deny_mask = 0; 02124 zfs_ace_hdr_t *acep = NULL; 02125 boolean_t checkit; 02126 uid_t gowner; 02127 uid_t fowner; 02128 02129 zfs_fuid_map_ids(zp, cr, &fowner, &gowner); 02130 02131 mutex_enter(&zp->z_acl_lock); 02132 02133 error = zfs_acl_node_read(zp, B_FALSE, &aclp, B_FALSE); 02134 if (error != 0) { 02135 mutex_exit(&zp->z_acl_lock); 02136 return (error); 02137 } 02138 02139 ASSERT(zp->z_acl_cached); 02140 02141 while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask, 02142 &iflags, &type)) { 02143 uint32_t mask_matched; 02144 02145 if (!zfs_acl_valid_ace_type(type, iflags)) 02146 continue; 02147 02148 if (ZTOV(zp)->v_type == VDIR && (iflags & ACE_INHERIT_ONLY_ACE)) 02149 continue; 02150 02151 /* Skip ACE if it does not affect any AoI */ 02152 mask_matched = (access_mask & *working_mode); 02153 if (!mask_matched) 02154 continue; 02155 02156 entry_type = (iflags & ACE_TYPE_FLAGS); 02157 02158 checkit = B_FALSE; 02159 02160 switch (entry_type) { 02161 case ACE_OWNER: 02162 if (uid == fowner) 02163 checkit = B_TRUE; 02164 break; 02165 case OWNING_GROUP: 02166 who = gowner; 02167 /*FALLTHROUGH*/ 02168 case ACE_IDENTIFIER_GROUP: 02169 checkit = zfs_groupmember(zfsvfs, who, cr); 02170 break; 02171 case ACE_EVERYONE: 02172 checkit = B_TRUE; 02173 break; 02174 02175 /* USER Entry */ 02176 default: 02177 if (entry_type == 0) { 02178 uid_t newid; 02179 02180 newid = zfs_fuid_map_id(zfsvfs, who, cr, 02181 ZFS_ACE_USER); 02182 if (newid != IDMAP_WK_CREATOR_OWNER_UID && 02183 uid == newid) 02184 checkit = B_TRUE; 02185 break; 02186 } else { 02187 mutex_exit(&zp->z_acl_lock); 02188 return (EIO); 02189 } 02190 } 02191 02192 if (checkit) { 02193 if (type == DENY) { 02194 DTRACE_PROBE3(zfs__ace__denies, 02195 znode_t *, zp, 02196 zfs_ace_hdr_t *, acep, 02197 uint32_t, mask_matched); 02198 deny_mask |= mask_matched; 02199 } else { 02200 DTRACE_PROBE3(zfs__ace__allows, 02201 znode_t *, zp, 02202 zfs_ace_hdr_t *, acep, 02203 uint32_t, mask_matched); 02204 if (anyaccess) { 02205 mutex_exit(&zp->z_acl_lock); 02206 return (0); 02207 } 02208 } 02209 *working_mode &= ~mask_matched; 02210 } 02211 02212 /* Are we done? */ 02213 if (*working_mode == 0) 02214 break; 02215 } 02216 02217 mutex_exit(&zp->z_acl_lock); 02218 02219 /* Put the found 'denies' back on the working mode */ 02220 if (deny_mask) { 02221 *working_mode |= deny_mask; 02222 return (EACCES); 02223 } else if (*working_mode) { 02224 return (-1); 02225 } 02226 02227 return (0); 02228 } 02229 02234 boolean_t 02235 zfs_has_access(znode_t *zp, cred_t *cr) 02236 { 02237 uint32_t have = ACE_ALL_PERMS; 02238 02239 if (zfs_zaccess_aces_check(zp, &have, B_TRUE, cr) != 0) { 02240 uid_t owner; 02241 02242 owner = zfs_fuid_map_id(zp->z_zfsvfs, zp->z_uid, cr, ZFS_OWNER); 02243 return (secpolicy_vnode_any_access(cr, ZTOV(zp), owner) == 0); 02244 } 02245 return (B_TRUE); 02246 } 02247 02248 static int 02249 zfs_zaccess_common(znode_t *zp, uint32_t v4_mode, uint32_t *working_mode, 02250 boolean_t *check_privs, boolean_t skipaclchk, cred_t *cr) 02251 { 02252 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 02253 int err; 02254 02255 *working_mode = v4_mode; 02256 *check_privs = B_TRUE; 02257 02258 /* 02259 * Short circuit empty requests 02260 */ 02261 if (v4_mode == 0 || zfsvfs->z_replay) { 02262 *working_mode = 0; 02263 return (0); 02264 } 02265 02266 if ((err = zfs_zaccess_dataset_check(zp, v4_mode)) != 0) { 02267 *check_privs = B_FALSE; 02268 return (err); 02269 } 02270 02271 /* 02272 * The caller requested that the ACL check be skipped. This 02273 * would only happen if the caller checked VOP_ACCESS() with a 02274 * 32 bit ACE mask and already had the appropriate permissions. 02275 */ 02276 if (skipaclchk) { 02277 *working_mode = 0; 02278 return (0); 02279 } 02280 02281 return (zfs_zaccess_aces_check(zp, working_mode, B_FALSE, cr)); 02282 } 02283 02284 static int 02285 zfs_zaccess_append(znode_t *zp, uint32_t *working_mode, boolean_t *check_privs, 02286 cred_t *cr) 02287 { 02288 if (*working_mode != ACE_WRITE_DATA) 02289 return (EACCES); 02290 02291 return (zfs_zaccess_common(zp, ACE_APPEND_DATA, working_mode, 02292 check_privs, B_FALSE, cr)); 02293 } 02294 02295 int 02296 zfs_fastaccesschk_execute(znode_t *zdp, cred_t *cr) 02297 { 02298 boolean_t owner = B_FALSE; 02299 boolean_t groupmbr = B_FALSE; 02300 boolean_t is_attr; 02301 uid_t uid = crgetuid(cr); 02302 int error; 02303 02304 if (zdp->z_pflags & ZFS_AV_QUARANTINED) 02305 return (EACCES); 02306 02307 is_attr = ((zdp->z_pflags & ZFS_XATTR) && 02308 (ZTOV(zdp)->v_type == VDIR)); 02309 if (is_attr) 02310 goto slow; 02311 02312 02313 mutex_enter(&zdp->z_acl_lock); 02314 02315 if (zdp->z_pflags & ZFS_NO_EXECS_DENIED) { 02316 mutex_exit(&zdp->z_acl_lock); 02317 return (0); 02318 } 02319 02320 if (FUID_INDEX(zdp->z_uid) != 0 || FUID_INDEX(zdp->z_gid) != 0) { 02321 mutex_exit(&zdp->z_acl_lock); 02322 goto slow; 02323 } 02324 02325 if (uid == zdp->z_uid) { 02326 owner = B_TRUE; 02327 if (zdp->z_mode & S_IXUSR) { 02328 mutex_exit(&zdp->z_acl_lock); 02329 return (0); 02330 } else { 02331 mutex_exit(&zdp->z_acl_lock); 02332 goto slow; 02333 } 02334 } 02335 if (groupmember(zdp->z_gid, cr)) { 02336 groupmbr = B_TRUE; 02337 if (zdp->z_mode & S_IXGRP) { 02338 mutex_exit(&zdp->z_acl_lock); 02339 return (0); 02340 } else { 02341 mutex_exit(&zdp->z_acl_lock); 02342 goto slow; 02343 } 02344 } 02345 if (!owner && !groupmbr) { 02346 if (zdp->z_mode & S_IXOTH) { 02347 mutex_exit(&zdp->z_acl_lock); 02348 return (0); 02349 } 02350 } 02351 02352 mutex_exit(&zdp->z_acl_lock); 02353 02354 slow: 02355 DTRACE_PROBE(zfs__fastpath__execute__access__miss); 02356 ZFS_ENTER(zdp->z_zfsvfs); 02357 error = zfs_zaccess(zdp, ACE_EXECUTE, 0, B_FALSE, cr); 02358 ZFS_EXIT(zdp->z_zfsvfs); 02359 return (error); 02360 } 02361 02368 int 02369 zfs_zaccess(znode_t *zp, int mode, int flags, boolean_t skipaclchk, cred_t *cr) 02370 { 02371 uint32_t working_mode; 02372 int error; 02373 int is_attr; 02374 boolean_t check_privs; 02375 znode_t *xzp; 02376 znode_t *check_zp = zp; 02377 mode_t needed_bits; 02378 uid_t owner; 02379 02380 is_attr = ((zp->z_pflags & ZFS_XATTR) && (ZTOV(zp)->v_type == VDIR)); 02381 02382 #ifdef __FreeBSD__ 02383 /* 02384 * In FreeBSD, we don't care about permissions of individual ADS. 02385 * Note that not checking them is not just an optimization - without 02386 * this shortcut, EA operations may bogusly fail with EACCES. 02387 */ 02388 if (zp->z_pflags & ZFS_XATTR) 02389 return (0); 02390 #else 02391 /* 02392 * If attribute then validate against base file 02393 */ 02394 if (is_attr) { 02395 uint64_t parent; 02396 02397 if ((error = sa_lookup(zp->z_sa_hdl, 02398 SA_ZPL_PARENT(zp->z_zfsvfs), &parent, 02399 sizeof (parent))) != 0) 02400 return (error); 02401 02402 if ((error = zfs_zget(zp->z_zfsvfs, 02403 parent, &xzp)) != 0) { 02404 return (error); 02405 } 02406 02407 check_zp = xzp; 02408 02409 /* 02410 * fixup mode to map to xattr perms 02411 */ 02412 02413 if (mode & (ACE_WRITE_DATA|ACE_APPEND_DATA)) { 02414 mode &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA); 02415 mode |= ACE_WRITE_NAMED_ATTRS; 02416 } 02417 02418 if (mode & (ACE_READ_DATA|ACE_EXECUTE)) { 02419 mode &= ~(ACE_READ_DATA|ACE_EXECUTE); 02420 mode |= ACE_READ_NAMED_ATTRS; 02421 } 02422 } 02423 #endif 02424 02425 owner = zfs_fuid_map_id(zp->z_zfsvfs, zp->z_uid, cr, ZFS_OWNER); 02426 /* 02427 * Map the bits required to the standard vnode flags VREAD|VWRITE|VEXEC 02428 * in needed_bits. Map the bits mapped by working_mode (currently 02429 * missing) in missing_bits. 02430 * Call secpolicy_vnode_access2() with (needed_bits & ~checkmode), 02431 * needed_bits. 02432 */ 02433 needed_bits = 0; 02434 02435 working_mode = mode; 02436 if ((working_mode & (ACE_READ_ACL|ACE_READ_ATTRIBUTES)) && 02437 owner == crgetuid(cr)) 02438 working_mode &= ~(ACE_READ_ACL|ACE_READ_ATTRIBUTES); 02439 02440 if (working_mode & (ACE_READ_DATA|ACE_READ_NAMED_ATTRS| 02441 ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_SYNCHRONIZE)) 02442 needed_bits |= VREAD; 02443 if (working_mode & (ACE_WRITE_DATA|ACE_WRITE_NAMED_ATTRS| 02444 ACE_APPEND_DATA|ACE_WRITE_ATTRIBUTES|ACE_SYNCHRONIZE)) 02445 needed_bits |= VWRITE; 02446 if (working_mode & ACE_EXECUTE) 02447 needed_bits |= VEXEC; 02448 02449 if ((error = zfs_zaccess_common(check_zp, mode, &working_mode, 02450 &check_privs, skipaclchk, cr)) == 0) { 02451 if (is_attr) 02452 VN_RELE(ZTOV(xzp)); 02453 return (secpolicy_vnode_access2(cr, ZTOV(zp), owner, 02454 needed_bits, needed_bits)); 02455 } 02456 02457 if (error && !check_privs) { 02458 if (is_attr) 02459 VN_RELE(ZTOV(xzp)); 02460 return (error); 02461 } 02462 02463 if (error && (flags & V_APPEND)) { 02464 error = zfs_zaccess_append(zp, &working_mode, &check_privs, cr); 02465 } 02466 02467 if (error && check_privs) { 02468 mode_t checkmode = 0; 02469 02470 /* 02471 * First check for implicit owner permission on 02472 * read_acl/read_attributes 02473 */ 02474 02475 error = 0; 02476 ASSERT(working_mode != 0); 02477 02478 if ((working_mode & (ACE_READ_ACL|ACE_READ_ATTRIBUTES) && 02479 owner == crgetuid(cr))) 02480 working_mode &= ~(ACE_READ_ACL|ACE_READ_ATTRIBUTES); 02481 02482 if (working_mode & (ACE_READ_DATA|ACE_READ_NAMED_ATTRS| 02483 ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_SYNCHRONIZE)) 02484 checkmode |= VREAD; 02485 if (working_mode & (ACE_WRITE_DATA|ACE_WRITE_NAMED_ATTRS| 02486 ACE_APPEND_DATA|ACE_WRITE_ATTRIBUTES|ACE_SYNCHRONIZE)) 02487 checkmode |= VWRITE; 02488 if (working_mode & ACE_EXECUTE) 02489 checkmode |= VEXEC; 02490 02491 error = secpolicy_vnode_access2(cr, ZTOV(check_zp), owner, 02492 needed_bits & ~checkmode, needed_bits); 02493 02494 if (error == 0 && (working_mode & ACE_WRITE_OWNER)) 02495 error = secpolicy_vnode_chown(ZTOV(check_zp), cr, owner); 02496 if (error == 0 && (working_mode & ACE_WRITE_ACL)) 02497 error = secpolicy_vnode_setdac(ZTOV(check_zp), cr, owner); 02498 02499 if (error == 0 && (working_mode & 02500 (ACE_DELETE|ACE_DELETE_CHILD))) 02501 error = secpolicy_vnode_remove(ZTOV(check_zp), cr); 02502 02503 if (error == 0 && (working_mode & ACE_SYNCHRONIZE)) { 02504 error = secpolicy_vnode_chown(ZTOV(check_zp), cr, owner); 02505 } 02506 if (error == 0) { 02507 /* 02508 * See if any bits other than those already checked 02509 * for are still present. If so then return EACCES 02510 */ 02511 if (working_mode & ~(ZFS_CHECKED_MASKS)) { 02512 error = EACCES; 02513 } 02514 } 02515 } else if (error == 0) { 02516 error = secpolicy_vnode_access2(cr, ZTOV(zp), owner, 02517 needed_bits, needed_bits); 02518 } 02519 02520 02521 if (is_attr) 02522 VN_RELE(ZTOV(xzp)); 02523 02524 return (error); 02525 } 02526 02531 int 02532 zfs_zaccess_rwx(znode_t *zp, mode_t mode, int flags, cred_t *cr) 02533 { 02534 return (zfs_zaccess(zp, zfs_unix_to_v4(mode >> 6), flags, B_FALSE, cr)); 02535 } 02536 02540 int 02541 zfs_zaccess_unix(znode_t *zp, mode_t mode, cred_t *cr) 02542 { 02543 int v4_mode = zfs_unix_to_v4(mode >> 6); 02544 02545 return (zfs_zaccess(zp, v4_mode, 0, B_FALSE, cr)); 02546 } 02547 02548 static int 02549 zfs_delete_final_check(znode_t *zp, znode_t *dzp, 02550 mode_t available_perms, cred_t *cr) 02551 { 02552 int error; 02553 uid_t downer; 02554 02555 downer = zfs_fuid_map_id(dzp->z_zfsvfs, dzp->z_uid, cr, ZFS_OWNER); 02556 02557 error = secpolicy_vnode_access2(cr, ZTOV(dzp), 02558 downer, available_perms, VWRITE|VEXEC); 02559 02560 if (error == 0) 02561 error = zfs_sticky_remove_access(dzp, zp, cr); 02562 02563 return (error); 02564 } 02565 02605 int 02606 zfs_zaccess_delete(znode_t *dzp, znode_t *zp, cred_t *cr) 02607 { 02608 uint32_t dzp_working_mode = 0; 02609 uint32_t zp_working_mode = 0; 02610 int dzp_error, zp_error; 02611 mode_t available_perms; 02612 boolean_t dzpcheck_privs = B_TRUE; 02613 boolean_t zpcheck_privs = B_TRUE; 02614 02615 /* 02616 * We want specific DELETE permissions to 02617 * take precedence over WRITE/EXECUTE. We don't 02618 * want an ACL such as this to mess us up. 02619 * user:joe:write_data:deny,user:joe:delete:allow 02620 * 02621 * However, deny permissions may ultimately be overridden 02622 * by secpolicy_vnode_access(). 02623 * 02624 * We will ask for all of the necessary permissions and then 02625 * look at the working modes from the directory and target object 02626 * to determine what was found. 02627 */ 02628 02629 if (zp->z_pflags & (ZFS_IMMUTABLE | ZFS_NOUNLINK)) 02630 return (EPERM); 02631 02632 /* 02633 * First row 02634 * If the directory permissions allow the delete, we are done. 02635 */ 02636 if ((dzp_error = zfs_zaccess_common(dzp, ACE_DELETE_CHILD, 02637 &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr)) == 0) 02638 return (0); 02639 02640 /* 02641 * If target object has delete permission then we are done 02642 */ 02643 if ((zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode, 02644 &zpcheck_privs, B_FALSE, cr)) == 0) 02645 return (0); 02646 02647 ASSERT(dzp_error && zp_error); 02648 02649 if (!dzpcheck_privs) 02650 return (dzp_error); 02651 if (!zpcheck_privs) 02652 return (zp_error); 02653 02654 /* 02655 * Second row 02656 * 02657 * If directory returns EACCES then delete_child was denied 02658 * due to deny delete_child. In this case send the request through 02659 * secpolicy_vnode_remove(). We don't use zfs_delete_final_check() 02660 * since that *could* allow the delete based on write/execute permission 02661 * and we want delete permissions to override write/execute. 02662 */ 02663 02664 if (dzp_error == EACCES) 02665 return (secpolicy_vnode_remove(ZTOV(dzp), cr)); /* XXXPJD: s/dzp/zp/ ? */ 02666 02667 /* 02668 * Third Row 02669 * only need to see if we have write/execute on directory. 02670 */ 02671 02672 dzp_error = zfs_zaccess_common(dzp, ACE_EXECUTE|ACE_WRITE_DATA, 02673 &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr); 02674 02675 if (dzp_error != 0 && !dzpcheck_privs) 02676 return (dzp_error); 02677 02678 /* 02679 * Fourth row 02680 */ 02681 02682 available_perms = (dzp_working_mode & ACE_WRITE_DATA) ? 0 : VWRITE; 02683 available_perms |= (dzp_working_mode & ACE_EXECUTE) ? 0 : VEXEC; 02684 02685 return (zfs_delete_final_check(zp, dzp, available_perms, cr)); 02686 02687 } 02688 02689 int 02690 zfs_zaccess_rename(znode_t *sdzp, znode_t *szp, znode_t *tdzp, 02691 znode_t *tzp, cred_t *cr) 02692 { 02693 int add_perm; 02694 int error; 02695 02696 if (szp->z_pflags & ZFS_AV_QUARANTINED) 02697 return (EACCES); 02698 02699 add_perm = (ZTOV(szp)->v_type == VDIR) ? 02700 ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE; 02701 02702 /* 02703 * Rename permissions are combination of delete permission + 02704 * add file/subdir permission. 02705 * 02706 * BSD operating systems also require write permission 02707 * on the directory being moved from one parent directory 02708 * to another. 02709 */ 02710 if (ZTOV(szp)->v_type == VDIR && ZTOV(sdzp) != ZTOV(tdzp)) { 02711 if (error = zfs_zaccess(szp, ACE_WRITE_DATA, 0, B_FALSE, cr)) 02712 return (error); 02713 } 02714 02715 /* 02716 * first make sure we do the delete portion. 02717 * 02718 * If that succeeds then check for add_file/add_subdir permissions 02719 */ 02720 02721 if (error = zfs_zaccess_delete(sdzp, szp, cr)) 02722 return (error); 02723 02724 /* 02725 * If we have a tzp, see if we can delete it? 02726 */ 02727 if (tzp) { 02728 if (error = zfs_zaccess_delete(tdzp, tzp, cr)) 02729 return (error); 02730 } 02731 02732 /* 02733 * Now check for add permissions 02734 */ 02735 error = zfs_zaccess(tdzp, add_perm, 0, B_FALSE, cr); 02736 02737 return (error); 02738 }
