search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / external / cddl / osnet / dist / uts / common / fs / zfs / zfs_acl.c
blob590af54d15568e59a14bf60d02a7aabf2e102fb2
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <sys/types.h>
27 #include <sys/param.h>
28 #include <sys/time.h>
29 #include <sys/systm.h>
30 #include <sys/sysmacros.h>
31 #include <sys/resource.h>
32 #include <sys/vfs.h>
33 #include <sys/vnode.h>
34 #include <sys/sid.h>
35 #include <sys/file.h>
36 #include <sys/stat.h>
37 #include <sys/kmem.h>
38 #include <sys/cmn_err.h>
39 #include <sys/errno.h>
40 #include <sys/unistd.h>
41 #include <sys/sdt.h>
42 #include <sys/fs/zfs.h>
43 #include <sys/mode.h>
44 #include <sys/policy.h>
45 #include <sys/zfs_znode.h>
46 #include <sys/zfs_fuid.h>
47 #include <sys/zfs_acl.h>
48 #include <sys/zfs_dir.h>
49 #include <sys/zfs_vfsops.h>
50 #include <sys/dmu.h>
51 #include <sys/dnode.h>
52 #include <sys/zap.h>
53 #include <sys/fs/fs_subr.h>
54 #include <sys/acl/acl_common.h>
55
56 #define ALLOW ACE_ACCESS_ALLOWED_ACE_TYPE
57 #define DENY ACE_ACCESS_DENIED_ACE_TYPE
58 #define MAX_ACE_TYPE ACE_SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE
59 #define MIN_ACE_TYPE ALLOW
60
61 #define OWNING_GROUP (ACE_GROUP|ACE_IDENTIFIER_GROUP)
62 #define EVERYONE_ALLOW_MASK (ACE_READ_ACL|ACE_READ_ATTRIBUTES | \
63 ACE_READ_NAMED_ATTRS|ACE_SYNCHRONIZE)
64 #define EVERYONE_DENY_MASK (ACE_WRITE_ACL|ACE_WRITE_OWNER | \
65 ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS)
66 #define OWNER_ALLOW_MASK (ACE_WRITE_ACL | ACE_WRITE_OWNER | \
67 ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS)
68 #define WRITE_MASK_DATA (ACE_WRITE_DATA|ACE_APPEND_DATA|ACE_WRITE_NAMED_ATTRS)
69
70 #define ZFS_CHECKED_MASKS (ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_DATA| \
71 ACE_READ_NAMED_ATTRS|ACE_WRITE_DATA|ACE_WRITE_ATTRIBUTES| \
72 ACE_WRITE_NAMED_ATTRS|ACE_APPEND_DATA|ACE_EXECUTE|ACE_WRITE_OWNER| \
73 ACE_WRITE_ACL|ACE_DELETE|ACE_DELETE_CHILD|ACE_SYNCHRONIZE)
74
75 #define WRITE_MASK (WRITE_MASK_DATA|ACE_WRITE_ATTRIBUTES|ACE_WRITE_ACL|\
76 ACE_WRITE_OWNER|ACE_DELETE|ACE_DELETE_CHILD)
77
78 #define OGE_CLEAR (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \
79 ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE)
80
81 #define OKAY_MASK_BITS (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \
82 ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE)
83
84 #define ALL_INHERIT (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE | \
85 ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE|ACE_INHERITED_ACE)
86
87 #define RESTRICTED_CLEAR (ACE_WRITE_ACL|ACE_WRITE_OWNER)
88
89 #define V4_ACL_WIDE_FLAGS (ZFS_ACL_AUTO_INHERIT|ZFS_ACL_DEFAULTED|\
90 ZFS_ACL_PROTECTED)
91
92 #define ZFS_ACL_WIDE_FLAGS (V4_ACL_WIDE_FLAGS|ZFS_ACL_TRIVIAL|ZFS_INHERIT_ACE|\
93 ZFS_ACL_OBJ_ACE)
94
95 static uint16_t
96 zfs_ace_v0_get_type(void *acep)
97 {
98 return (((zfs_oldace_t *)acep)->z_type);
99 }
100
101 static uint16_t
102 zfs_ace_v0_get_flags(void *acep)
103 {
104 return (((zfs_oldace_t *)acep)->z_flags);
105 }
106
107 static uint32_t
108 zfs_ace_v0_get_mask(void *acep)
109 {
110 return (((zfs_oldace_t *)acep)->z_access_mask);
111 }
112
113 static uint64_t
114 zfs_ace_v0_get_who(void *acep)
115 {
116 return (((zfs_oldace_t *)acep)->z_fuid);
117 }
118
119 static void
120 zfs_ace_v0_set_type(void *acep, uint16_t type)
121 {
122 ((zfs_oldace_t *)acep)->z_type = type;
123 }
124
125 static void
126 zfs_ace_v0_set_flags(void *acep, uint16_t flags)
127 {
128 ((zfs_oldace_t *)acep)->z_flags = flags;
129 }
130
131 static void
132 zfs_ace_v0_set_mask(void *acep, uint32_t mask)
133 {
134 ((zfs_oldace_t *)acep)->z_access_mask = mask;
135 }
136
137 static void
138 zfs_ace_v0_set_who(void *acep, uint64_t who)
139 {
140 ((zfs_oldace_t *)acep)->z_fuid = who;
141 }
142
143 /*ARGSUSED*/
144 static size_t
145 zfs_ace_v0_size(void *acep)
146 {
147 return (sizeof (zfs_oldace_t));
148 }
149
150 static size_t
151 zfs_ace_v0_abstract_size(void)
152 {
153 return (sizeof (zfs_oldace_t));
154 }
155
156 static int
157 zfs_ace_v0_mask_off(void)
158 {
159 return (offsetof(zfs_oldace_t, z_access_mask));
160 }
161
162 /*ARGSUSED*/
163 static int
164 zfs_ace_v0_data(void *acep, void **datap)
165 {
166 *datap = NULL;
167 return (0);
168 }
169
170 static acl_ops_t zfs_acl_v0_ops = {
171 zfs_ace_v0_get_mask,
172 zfs_ace_v0_set_mask,
173 zfs_ace_v0_get_flags,
174 zfs_ace_v0_set_flags,
175 zfs_ace_v0_get_type,
176 zfs_ace_v0_set_type,
177 zfs_ace_v0_get_who,
178 zfs_ace_v0_set_who,
179 zfs_ace_v0_size,
180 zfs_ace_v0_abstract_size,
181 zfs_ace_v0_mask_off,
182 zfs_ace_v0_data
183 };
184
185 static uint16_t
186 zfs_ace_fuid_get_type(void *acep)
187 {
188 return (((zfs_ace_hdr_t *)acep)->z_type);
189 }
190
191 static uint16_t
192 zfs_ace_fuid_get_flags(void *acep)
193 {
194 return (((zfs_ace_hdr_t *)acep)->z_flags);
195 }
196
197 static uint32_t
198 zfs_ace_fuid_get_mask(void *acep)
199 {
200 return (((zfs_ace_hdr_t *)acep)->z_access_mask);
201 }
202
203 static uint64_t
204 zfs_ace_fuid_get_who(void *args)
205 {
206 uint16_t entry_type;
207 zfs_ace_t *acep = args;
208
209 entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS;
210
211 if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP ||
212 entry_type == ACE_EVERYONE)
213 return (-1);
214 return (((zfs_ace_t *)acep)->z_fuid);
215 }
216
217 static void
218 zfs_ace_fuid_set_type(void *acep, uint16_t type)
219 {
220 ((zfs_ace_hdr_t *)acep)->z_type = type;
221 }
222
223 static void
224 zfs_ace_fuid_set_flags(void *acep, uint16_t flags)
225 {
226 ((zfs_ace_hdr_t *)acep)->z_flags = flags;
227 }
228
229 static void
230 zfs_ace_fuid_set_mask(void *acep, uint32_t mask)
231 {
232 ((zfs_ace_hdr_t *)acep)->z_access_mask = mask;
233 }
234
235 static void
236 zfs_ace_fuid_set_who(void *arg, uint64_t who)
237 {
238 zfs_ace_t *acep = arg;
239
240 uint16_t entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS;
241
242 if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP ||
243 entry_type == ACE_EVERYONE)
244 return;
245 acep->z_fuid = who;
246 }
247
248 static size_t
249 zfs_ace_fuid_size(void *acep)
250 {
251 zfs_ace_hdr_t *zacep = acep;
252 uint16_t entry_type;
253
254 switch (zacep->z_type) {
255 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
256 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
257 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
258 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
259 return (sizeof (zfs_object_ace_t));
260 case ALLOW:
261 case DENY:
262 entry_type =
263 (((zfs_ace_hdr_t *)acep)->z_flags & ACE_TYPE_FLAGS);
264 if (entry_type == ACE_OWNER ||
265 entry_type == OWNING_GROUP ||
266 entry_type == ACE_EVERYONE)
267 return (sizeof (zfs_ace_hdr_t));
268 /*FALLTHROUGH*/
269 default:
270 return (sizeof (zfs_ace_t));
271 }
272 }
273
274 static size_t
275 zfs_ace_fuid_abstract_size(void)
276 {
277 return (sizeof (zfs_ace_hdr_t));
278 }
279
280 static int
281 zfs_ace_fuid_mask_off(void)
282 {
283 return (offsetof(zfs_ace_hdr_t, z_access_mask));
284 }
285
286 static int
287 zfs_ace_fuid_data(void *acep, void **datap)
288 {
289 zfs_ace_t *zacep = acep;
290 zfs_object_ace_t *zobjp;
291
292 switch (zacep->z_hdr.z_type) {
293 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
294 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
295 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
296 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
297 zobjp = acep;
298 *datap = (caddr_t)zobjp + sizeof (zfs_ace_t);
299 return (sizeof (zfs_object_ace_t) - sizeof (zfs_ace_t));
300 default:
301 *datap = NULL;
302 return (0);
303 }
304 }
305
306 static acl_ops_t zfs_acl_fuid_ops = {
307 zfs_ace_fuid_get_mask,
308 zfs_ace_fuid_set_mask,
309 zfs_ace_fuid_get_flags,
310 zfs_ace_fuid_set_flags,
311 zfs_ace_fuid_get_type,
312 zfs_ace_fuid_set_type,
313 zfs_ace_fuid_get_who,
314 zfs_ace_fuid_set_who,
315 zfs_ace_fuid_size,
316 zfs_ace_fuid_abstract_size,
317 zfs_ace_fuid_mask_off,
318 zfs_ace_fuid_data
319 };
320
321 static int
322 zfs_acl_version(int version)
323 {
324 if (version < ZPL_VERSION_FUID)
325 return (ZFS_ACL_VERSION_INITIAL);
326 else
327 return (ZFS_ACL_VERSION_FUID);
328 }
329
330 static int
331 zfs_acl_version_zp(znode_t *zp)
332 {
333 return (zfs_acl_version(zp->z_zfsvfs->z_version));
334 }
335
336 static zfs_acl_t *
337 zfs_acl_alloc(int vers)
338 {
339 zfs_acl_t *aclp;
340
341 aclp = kmem_zalloc(sizeof (zfs_acl_t), KM_SLEEP);
342 list_create(&aclp->z_acl, sizeof (zfs_acl_node_t),
343 offsetof(zfs_acl_node_t, z_next));
344 aclp->z_version = vers;
345 if (vers == ZFS_ACL_VERSION_FUID)
346 aclp->z_ops = zfs_acl_fuid_ops;
347 else
348 aclp->z_ops = zfs_acl_v0_ops;
349 return (aclp);
350 }
351
352 static zfs_acl_node_t *
353 zfs_acl_node_alloc(size_t bytes)
354 {
355 zfs_acl_node_t *aclnode;
356
357 aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP);
358 if (bytes) {
359 aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP);
360 aclnode->z_allocdata = aclnode->z_acldata;
361 aclnode->z_allocsize = bytes;
362 aclnode->z_size = bytes;
363 }
364
365 return (aclnode);
366 }
367
368 static void
369 zfs_acl_node_free(zfs_acl_node_t *aclnode)
370 {
371 if (aclnode->z_allocsize)
372 kmem_free(aclnode->z_allocdata, aclnode->z_allocsize);
373 kmem_free(aclnode, sizeof (zfs_acl_node_t));
374 }
375
376 static void
377 zfs_acl_release_nodes(zfs_acl_t *aclp)
378 {
379 zfs_acl_node_t *aclnode;
380
381 while (aclnode = list_head(&aclp->z_acl)) {
382 list_remove(&aclp->z_acl, aclnode);
383 zfs_acl_node_free(aclnode);
384 }
385 aclp->z_acl_count = 0;
386 aclp->z_acl_bytes = 0;
387 }
388
389 void
390 zfs_acl_free(zfs_acl_t *aclp)
391 {
392 zfs_acl_release_nodes(aclp);
393 list_destroy(&aclp->z_acl);
394 kmem_free(aclp, sizeof (zfs_acl_t));
395 }
396
397 static boolean_t
398 zfs_acl_valid_ace_type(uint_t type, uint_t flags)
399 {
400 uint16_t entry_type;
401
402 switch (type) {
403 case ALLOW:
404 case DENY:
405 case ACE_SYSTEM_AUDIT_ACE_TYPE:
406 case ACE_SYSTEM_ALARM_ACE_TYPE:
407 entry_type = flags & ACE_TYPE_FLAGS;
408 return (entry_type == ACE_OWNER ||
409 entry_type == OWNING_GROUP ||
410 entry_type == ACE_EVERYONE || entry_type == 0 ||
411 entry_type == ACE_IDENTIFIER_GROUP);
412 default:
413 if (type >= MIN_ACE_TYPE && type <= MAX_ACE_TYPE)
414 return (B_TRUE);
415 }
416 return (B_FALSE);
417 }
418
419 static boolean_t
420 zfs_ace_valid(vtype_t obj_type, zfs_acl_t *aclp, uint16_t type, uint16_t iflags)
421 {
422 /*
423 * first check type of entry
424 */
425
426 if (!zfs_acl_valid_ace_type(type, iflags))
427 return (B_FALSE);
428
429 switch (type) {
430 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
431 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
432 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
433 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
434 if (aclp->z_version < ZFS_ACL_VERSION_FUID)
435 return (B_FALSE);
436 aclp->z_hints |= ZFS_ACL_OBJ_ACE;
437 }
438
439 /*
440 * next check inheritance level flags
441 */
442
443 if (obj_type == VDIR &&
444 (iflags & (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE)))
445 aclp->z_hints |= ZFS_INHERIT_ACE;
446
447 if (iflags & (ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) {
448 if ((iflags & (ACE_FILE_INHERIT_ACE|
449 ACE_DIRECTORY_INHERIT_ACE)) == 0) {
450 return (B_FALSE);
451 }
452 }
453
454 return (B_TRUE);
455 }
456
457 static void *
458 zfs_acl_next_ace(zfs_acl_t *aclp, void *start, uint64_t *who,
459 uint32_t *access_mask, uint16_t *iflags, uint16_t *type)
460 {
461 zfs_acl_node_t *aclnode;
462
463 if (start == NULL) {
464 aclnode = list_head(&aclp->z_acl);
465 if (aclnode == NULL)
466 return (NULL);
467
468 aclp->z_next_ace = aclnode->z_acldata;
469 aclp->z_curr_node = aclnode;
470 aclnode->z_ace_idx = 0;
471 }
472
473 aclnode = aclp->z_curr_node;
474
475 if (aclnode == NULL)
476 return (NULL);
477
478 if (aclnode->z_ace_idx >= aclnode->z_ace_count) {
479 aclnode = list_next(&aclp->z_acl, aclnode);
480 if (aclnode == NULL)
481 return (NULL);
482 else {
483 aclp->z_curr_node = aclnode;
484 aclnode->z_ace_idx = 0;
485 aclp->z_next_ace = aclnode->z_acldata;
486 }
487 }
488
489 if (aclnode->z_ace_idx < aclnode->z_ace_count) {
490 void *acep = aclp->z_next_ace;
491 size_t ace_size;
492
493 /*
494 * Make sure we don't overstep our bounds
495 */
496 ace_size = aclp->z_ops.ace_size(acep);
497
498 if (((caddr_t)acep + ace_size) >
499 ((caddr_t)aclnode->z_acldata + aclnode->z_size)) {
500 return (NULL);
501 }
502
503 *iflags = aclp->z_ops.ace_flags_get(acep);
504 *type = aclp->z_ops.ace_type_get(acep);
505 *access_mask = aclp->z_ops.ace_mask_get(acep);
506 *who = aclp->z_ops.ace_who_get(acep);
507 aclp->z_next_ace = (caddr_t)aclp->z_next_ace + ace_size;
508 aclnode->z_ace_idx++;
509 return ((void *)acep);
510 }
511 return (NULL);
512 }
513
514 /*ARGSUSED*/
515 static uint64_t
516 zfs_ace_walk(void *datap, uint64_t cookie, int aclcnt,
517 uint16_t *flags, uint16_t *type, uint32_t *mask)
518 {
519 zfs_acl_t *aclp = datap;
520 zfs_ace_hdr_t *acep = (zfs_ace_hdr_t *)(uintptr_t)cookie;
521 uint64_t who;
522
523 acep = zfs_acl_next_ace(aclp, acep, &who, mask,
524 flags, type);
525 return ((uint64_t)(uintptr_t)acep);
526 }
527
528 static zfs_acl_node_t *
529 zfs_acl_curr_node(zfs_acl_t *aclp)
530 {
531 ASSERT(aclp->z_curr_node);
532 return (aclp->z_curr_node);
533 }
534
535 /*
536 * Copy ACE to internal ZFS format.
537 * While processing the ACL each ACE will be validated for correctness.
538 * ACE FUIDs will be created later.
539 */
540 int
541 zfs_copy_ace_2_fuid(vtype_t obj_type, zfs_acl_t *aclp, void *datap,
542 zfs_ace_t *z_acl, int aclcnt, size_t *size)
543 {
544 int i;
545 uint16_t entry_type;
546 zfs_ace_t *aceptr = z_acl;
547 ace_t *acep = datap;
548 zfs_object_ace_t *zobjacep;
549 ace_object_t *aceobjp;
550
551 for (i = 0; i != aclcnt; i++) {
552 aceptr->z_hdr.z_access_mask = acep->a_access_mask;
553 aceptr->z_hdr.z_flags = acep->a_flags;
554 aceptr->z_hdr.z_type = acep->a_type;
555 entry_type = aceptr->z_hdr.z_flags & ACE_TYPE_FLAGS;
556 if (entry_type != ACE_OWNER && entry_type != OWNING_GROUP &&
557 entry_type != ACE_EVERYONE) {
558 if (!aclp->z_has_fuids)
559 aclp->z_has_fuids = IS_EPHEMERAL(acep->a_who);
560 aceptr->z_fuid = (uint64_t)acep->a_who;
561 }
562
563 /*
564 * Make sure ACE is valid
565 */
566 if (zfs_ace_valid(obj_type, aclp, aceptr->z_hdr.z_type,
567 aceptr->z_hdr.z_flags) != B_TRUE)
568 return (EINVAL);
569
570 switch (acep->a_type) {
571 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
572 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
573 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
574 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
575 zobjacep = (zfs_object_ace_t *)aceptr;
576 aceobjp = (ace_object_t *)acep;
577
578 bcopy(aceobjp->a_obj_type, zobjacep->z_object_type,
579 sizeof (aceobjp->a_obj_type));
580 bcopy(aceobjp->a_inherit_obj_type,
581 zobjacep->z_inherit_type,
582 sizeof (aceobjp->a_inherit_obj_type));
583 acep = (ace_t *)((caddr_t)acep + sizeof (ace_object_t));
584 break;
585 default:
586 acep = (ace_t *)((caddr_t)acep + sizeof (ace_t));
587 }
588
589 aceptr = (zfs_ace_t *)((caddr_t)aceptr +
590 aclp->z_ops.ace_size(aceptr));
591 }
592
593 *size = (caddr_t)aceptr - (caddr_t)z_acl;
594
595 return (0);
596 }
597
598 /*
599 * Copy ZFS ACEs to fixed size ace_t layout
600 */
601 static void
602 zfs_copy_fuid_2_ace(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, cred_t *cr,
603 void *datap, int filter)
604 {
605 uint64_t who;
606 uint32_t access_mask;
607 uint16_t iflags, type;
608 zfs_ace_hdr_t *zacep = NULL;
609 ace_t *acep = datap;
610 ace_object_t *objacep;
611 zfs_object_ace_t *zobjacep;
612 size_t ace_size;
613 uint16_t entry_type;
614
615 while (zacep = zfs_acl_next_ace(aclp, zacep,
616 &who, &access_mask, &iflags, &type)) {
617
618 switch (type) {
619 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
620 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
621 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
622 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
623 if (filter) {
624 continue;
625 }
626 zobjacep = (zfs_object_ace_t *)zacep;
627 objacep = (ace_object_t *)acep;
628 bcopy(zobjacep->z_object_type,
629 objacep->a_obj_type,
630 sizeof (zobjacep->z_object_type));
631 bcopy(zobjacep->z_inherit_type,
632 objacep->a_inherit_obj_type,
633 sizeof (zobjacep->z_inherit_type));
634 ace_size = sizeof (ace_object_t);
635 break;
636 default:
637 ace_size = sizeof (ace_t);
638 break;
639 }
640
641 entry_type = (iflags & ACE_TYPE_FLAGS);
642 if ((entry_type != ACE_OWNER &&
643 entry_type != OWNING_GROUP &&
644 entry_type != ACE_EVERYONE)) {
645 acep->a_who = zfs_fuid_map_id(zfsvfs, who,
646 cr, (entry_type & ACE_IDENTIFIER_GROUP) ?
647 ZFS_ACE_GROUP : ZFS_ACE_USER);
648 } else {
649 acep->a_who = (uid_t)(int64_t)who;
650 }
651 acep->a_access_mask = access_mask;
652 acep->a_flags = iflags;
653 acep->a_type = type;
654 acep = (ace_t *)((caddr_t)acep + ace_size);
655 }
656 }
657
658 static int
659 zfs_copy_ace_2_oldace(vtype_t obj_type, zfs_acl_t *aclp, ace_t *acep,
660 zfs_oldace_t *z_acl, int aclcnt, size_t *size)
661 {
662 int i;
663 zfs_oldace_t *aceptr = z_acl;
664
665 for (i = 0; i != aclcnt; i++, aceptr++) {
666 aceptr->z_access_mask = acep[i].a_access_mask;
667 aceptr->z_type = acep[i].a_type;
668 aceptr->z_flags = acep[i].a_flags;
669 aceptr->z_fuid = acep[i].a_who;
670 /*
671 * Make sure ACE is valid
672 */
673 if (zfs_ace_valid(obj_type, aclp, aceptr->z_type,
674 aceptr->z_flags) != B_TRUE)
675 return (EINVAL);
676 }
677 *size = (caddr_t)aceptr - (caddr_t)z_acl;
678 return (0);
679 }
680
681 /*
682 * convert old ACL format to new
683 */
684 void
685 zfs_acl_xform(znode_t *zp, zfs_acl_t *aclp)
686 {
687 zfs_oldace_t *oldaclp;
688 int i;
689 uint16_t type, iflags;
690 uint32_t access_mask;
691 uint64_t who;
692 void *cookie = NULL;
693 zfs_acl_node_t *newaclnode;
694
695 ASSERT(aclp->z_version == ZFS_ACL_VERSION_INITIAL);
696 /*
697 * First create the ACE in a contiguous piece of memory
698 * for zfs_copy_ace_2_fuid().
699 *
700 * We only convert an ACL once, so this won't happen
701 * everytime.
702 */
703 oldaclp = kmem_alloc(sizeof (zfs_oldace_t) * aclp->z_acl_count,
704 KM_SLEEP);
705 i = 0;
706 while (cookie = zfs_acl_next_ace(aclp, cookie, &who,
707 &access_mask, &iflags, &type)) {
708 oldaclp[i].z_flags = iflags;
709 oldaclp[i].z_type = type;
710 oldaclp[i].z_fuid = who;
711 oldaclp[i++].z_access_mask = access_mask;
712 }
713
714 newaclnode = zfs_acl_node_alloc(aclp->z_acl_count *
715 sizeof (zfs_object_ace_t));
716 aclp->z_ops = zfs_acl_fuid_ops;
717 VERIFY(zfs_copy_ace_2_fuid(ZTOV(zp)->v_type, aclp, oldaclp,
718 newaclnode->z_acldata, aclp->z_acl_count,
719 &newaclnode->z_size) == 0);
720 newaclnode->z_ace_count = aclp->z_acl_count;
721 aclp->z_version = ZFS_ACL_VERSION;
722 kmem_free(oldaclp, aclp->z_acl_count * sizeof (zfs_oldace_t));
723
724 /*
725 * Release all previous ACL nodes
726 */
727
728 zfs_acl_release_nodes(aclp);
729
730 list_insert_head(&aclp->z_acl, newaclnode);
731
732 aclp->z_acl_bytes = newaclnode->z_size;
733 aclp->z_acl_count = newaclnode->z_ace_count;
734
735 }
736
737 /*
738 * Convert unix access mask to v4 access mask
739 */
740 static uint32_t
741 zfs_unix_to_v4(uint32_t access_mask)
742 {
743 uint32_t new_mask = 0;
744
745 if (access_mask & S_IXOTH)
746 new_mask |= ACE_EXECUTE;
747 if (access_mask & S_IWOTH)
748 new_mask |= ACE_WRITE_DATA;
749 if (access_mask & S_IROTH)
750 new_mask |= ACE_READ_DATA;
751 return (new_mask);
752 }
753
754 static void
755 zfs_set_ace(zfs_acl_t *aclp, void *acep, uint32_t access_mask,
756 uint16_t access_type, uint64_t fuid, uint16_t entry_type)
757 {
758 uint16_t type = entry_type & ACE_TYPE_FLAGS;
759
760 aclp->z_ops.ace_mask_set(acep, access_mask);
761 aclp->z_ops.ace_type_set(acep, access_type);
762 aclp->z_ops.ace_flags_set(acep, entry_type);
763 if ((type != ACE_OWNER && type != OWNING_GROUP &&
764 type != ACE_EVERYONE))
765 aclp->z_ops.ace_who_set(acep, fuid);
766 }
767
768 /*
769 * Determine mode of file based on ACL.
770 * Also, create FUIDs for any User/Group ACEs
771 */
772 static uint64_t
773 zfs_mode_fuid_compute(znode_t *zp, zfs_acl_t *aclp, cred_t *cr,
774 zfs_fuid_info_t **fuidp, dmu_tx_t *tx)
775 {
776 int entry_type;
777 mode_t mode;
778 mode_t seen = 0;
779 zfs_ace_hdr_t *acep = NULL;
780 uint64_t who;
781 uint16_t iflags, type;
782 uint32_t access_mask;
783
784 mode = (zp->z_phys->zp_mode & (S_IFMT | S_ISUID | S_ISGID | S_ISVTX));
785
786 while (acep = zfs_acl_next_ace(aclp, acep, &who,
787 &access_mask, &iflags, &type)) {
788
789 if (!zfs_acl_valid_ace_type(type, iflags))
790 continue;
791
792 entry_type = (iflags & ACE_TYPE_FLAGS);
793
794 /*
795 * Skip over owner@, group@ or everyone@ inherit only ACEs
796 */
797 if ((iflags & ACE_INHERIT_ONLY_ACE) &&
798 (entry_type == ACE_OWNER || entry_type == ACE_EVERYONE ||
799 entry_type == OWNING_GROUP))
800 continue;
801
802 if (entry_type == ACE_OWNER) {
803 if ((access_mask & ACE_READ_DATA) &&
804 (!(seen & S_IRUSR))) {
805 seen |= S_IRUSR;
806 if (type == ALLOW) {
807 mode |= S_IRUSR;
808 }
809 }
810 if ((access_mask & ACE_WRITE_DATA) &&
811 (!(seen & S_IWUSR))) {
812 seen |= S_IWUSR;
813 if (type == ALLOW) {
814 mode |= S_IWUSR;
815 }
816 }
817 if ((access_mask & ACE_EXECUTE) &&
818 (!(seen & S_IXUSR))) {
819 seen |= S_IXUSR;
820 if (type == ALLOW) {
821 mode |= S_IXUSR;
822 }
823 }
824 } else if (entry_type == OWNING_GROUP) {
825 if ((access_mask & ACE_READ_DATA) &&
826 (!(seen & S_IRGRP))) {
827 seen |= S_IRGRP;
828 if (type == ALLOW) {
829 mode |= S_IRGRP;
830 }
831 }
832 if ((access_mask & ACE_WRITE_DATA) &&
833 (!(seen & S_IWGRP))) {
834 seen |= S_IWGRP;
835 if (type == ALLOW) {
836 mode |= S_IWGRP;
837 }
838 }
839 if ((access_mask & ACE_EXECUTE) &&
840 (!(seen & S_IXGRP))) {
841 seen |= S_IXGRP;
842 if (type == ALLOW) {
843 mode |= S_IXGRP;
844 }
845 }
846 } else if (entry_type == ACE_EVERYONE) {
847 if ((access_mask & ACE_READ_DATA)) {
848 if (!(seen & S_IRUSR)) {
849 seen |= S_IRUSR;
850 if (type == ALLOW) {
851 mode |= S_IRUSR;
852 }
853 }
854 if (!(seen & S_IRGRP)) {
855 seen |= S_IRGRP;
856 if (type == ALLOW) {
857 mode |= S_IRGRP;
858 }
859 }
860 if (!(seen & S_IROTH)) {
861 seen |= S_IROTH;
862 if (type == ALLOW) {
863 mode |= S_IROTH;
864 }
865 }
866 }
867 if ((access_mask & ACE_WRITE_DATA)) {
868 if (!(seen & S_IWUSR)) {
869 seen |= S_IWUSR;
870 if (type == ALLOW) {
871 mode |= S_IWUSR;
872 }
873 }
874 if (!(seen & S_IWGRP)) {
875 seen |= S_IWGRP;
876 if (type == ALLOW) {
877 mode |= S_IWGRP;
878 }
879 }
880 if (!(seen & S_IWOTH)) {
881 seen |= S_IWOTH;
882 if (type == ALLOW) {
883 mode |= S_IWOTH;
884 }
885 }
886 }
887 if ((access_mask & ACE_EXECUTE)) {
888 if (!(seen & S_IXUSR)) {
889 seen |= S_IXUSR;
890 if (type == ALLOW) {
891 mode |= S_IXUSR;
892 }
893 }
894 if (!(seen & S_IXGRP)) {
895 seen |= S_IXGRP;
896 if (type == ALLOW) {
897 mode |= S_IXGRP;
898 }
899 }
900 if (!(seen & S_IXOTH)) {
901 seen |= S_IXOTH;
902 if (type == ALLOW) {
903 mode |= S_IXOTH;
904 }
905 }
906 }
907 }
908 /*
909 * Now handle FUID create for user/group ACEs
910 */
911 if (entry_type == 0 || entry_type == ACE_IDENTIFIER_GROUP) {
912 aclp->z_ops.ace_who_set(acep,
913 zfs_fuid_create(zp->z_zfsvfs, who, cr,
914 (entry_type == 0) ? ZFS_ACE_USER : ZFS_ACE_GROUP,
915 tx, fuidp));
916 }
917 }
918 return (mode);
919 }
920
921 static zfs_acl_t *
922 zfs_acl_node_read_internal(znode_t *zp, boolean_t will_modify)
923 {
924 zfs_acl_t *aclp;
925 zfs_acl_node_t *aclnode;
926
927 aclp = zfs_acl_alloc(zp->z_phys->zp_acl.z_acl_version);
928
929 /*
930 * Version 0 to 1 znode_acl_phys has the size/count fields swapped.
931 * Version 0 didn't have a size field, only a count.
932 */
933 if (zp->z_phys->zp_acl.z_acl_version == ZFS_ACL_VERSION_INITIAL) {
934 aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_size;
935 aclp->z_acl_bytes = ZFS_ACL_SIZE(aclp->z_acl_count);
936 } else {
937 aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_count;
938 aclp->z_acl_bytes = zp->z_phys->zp_acl.z_acl_size;
939 }
940
941 aclnode = zfs_acl_node_alloc(will_modify ? aclp->z_acl_bytes : 0);
942 aclnode->z_ace_count = aclp->z_acl_count;
943 if (will_modify) {
944 bcopy(zp->z_phys->zp_acl.z_ace_data, aclnode->z_acldata,
945 aclp->z_acl_bytes);
946 } else {
947 aclnode->z_size = aclp->z_acl_bytes;
948 aclnode->z_acldata = &zp->z_phys->zp_acl.z_ace_data[0];
949 }
950
951 list_insert_head(&aclp->z_acl, aclnode);
952
953 return (aclp);
954 }
955
956 /*
957 * Read an external acl object.
958 */
959 static int
960 zfs_acl_node_read(znode_t *zp, zfs_acl_t **aclpp, boolean_t will_modify)
961 {
962 uint64_t extacl = zp->z_phys->zp_acl.z_acl_extern_obj;
963 zfs_acl_t *aclp;
964 size_t aclsize;
965 size_t acl_count;
966 zfs_acl_node_t *aclnode;
967 int error;
968
969 ASSERT(MUTEX_HELD(&zp->z_acl_lock));
970
971 if (zp->z_phys->zp_acl.z_acl_extern_obj == 0) {
972 *aclpp = zfs_acl_node_read_internal(zp, will_modify);
973 return (0);
974 }
975
976 aclp = zfs_acl_alloc(zp->z_phys->zp_acl.z_acl_version);
977 if (zp->z_phys->zp_acl.z_acl_version == ZFS_ACL_VERSION_INITIAL) {
978 zfs_acl_phys_v0_t *zacl0 =
979 (zfs_acl_phys_v0_t *)&zp->z_phys->zp_acl;
980
981 aclsize = ZFS_ACL_SIZE(zacl0->z_acl_count);
982 acl_count = zacl0->z_acl_count;
983 } else {
984 aclsize = zp->z_phys->zp_acl.z_acl_size;
985 acl_count = zp->z_phys->zp_acl.z_acl_count;
986 if (aclsize == 0)
987 aclsize = acl_count * sizeof (zfs_ace_t);
988 }
989 aclnode = zfs_acl_node_alloc(aclsize);
990 list_insert_head(&aclp->z_acl, aclnode);
991 error = dmu_read(zp->z_zfsvfs->z_os, extacl, 0,
992 aclsize, aclnode->z_acldata);
993 aclnode->z_ace_count = acl_count;
994 aclp->z_acl_count = acl_count;
995 aclp->z_acl_bytes = aclsize;
996
997 if (error != 0) {
998 zfs_acl_free(aclp);
999 /* convert checksum errors into IO errors */
1000 if (error == ECKSUM)
1001 error = EIO;
1002 return (error);
1003 }
1004
1005 *aclpp = aclp;
1006 return (0);
1007 }
1008
1009 /*
1010 * common code for setting ACLs.
1011 *
1012 * This function is called from zfs_mode_update, zfs_perm_init, and zfs_setacl.
1013 * zfs_setacl passes a non-NULL inherit pointer (ihp) to indicate that it's
1014 * already checked the acl and knows whether to inherit.
1015 */
1016 int
1017 zfs_aclset_common(znode_t *zp, zfs_acl_t *aclp, cred_t *cr,
1018 zfs_fuid_info_t **fuidp, dmu_tx_t *tx)
1019 {
1020 int error;
1021 znode_phys_t *zphys = zp->z_phys;
1022 zfs_acl_phys_t *zacl = &zphys->zp_acl;
1023 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1024 uint64_t aoid = zphys->zp_acl.z_acl_extern_obj;
1025 uint64_t off = 0;
1026 dmu_object_type_t otype;
1027 zfs_acl_node_t *aclnode;
1028
1029 ASSERT(MUTEX_HELD(&zp->z_lock));
1030 ASSERT(MUTEX_HELD(&zp->z_acl_lock));
1031
1032 dmu_buf_will_dirty(zp->z_dbuf, tx);
1033
1034 zphys->zp_mode = zfs_mode_fuid_compute(zp, aclp, cr, fuidp, tx);
1035
1036 /*
1037 * Decide which opbject type to use. If we are forced to
1038 * use old ACL format than transform ACL into zfs_oldace_t
1039 * layout.
1040 */
1041 if (!zfsvfs->z_use_fuids) {
1042 otype = DMU_OT_OLDACL;
1043 } else {
1044 if ((aclp->z_version == ZFS_ACL_VERSION_INITIAL) &&
1045 (zfsvfs->z_version >= ZPL_VERSION_FUID))
1046 zfs_acl_xform(zp, aclp);
1047 ASSERT(aclp->z_version >= ZFS_ACL_VERSION_FUID);
1048 otype = DMU_OT_ACL;
1049 }
1050
1051 if (aclp->z_acl_bytes > ZFS_ACE_SPACE) {
1052 /*
1053 * If ACL was previously external and we are now
1054 * converting to new ACL format then release old
1055 * ACL object and create a new one.
1056 */
1057 if (aoid && aclp->z_version != zacl->z_acl_version) {
1058 error = dmu_object_free(zfsvfs->z_os,
1059 zp->z_phys->zp_acl.z_acl_extern_obj, tx);
1060 if (error)
1061 return (error);
1062 aoid = 0;
1063 }
1064 if (aoid == 0) {
1065 aoid = dmu_object_alloc(zfsvfs->z_os,
1066 otype, aclp->z_acl_bytes,
1067 otype == DMU_OT_ACL ? DMU_OT_SYSACL : DMU_OT_NONE,
1068 otype == DMU_OT_ACL ? DN_MAX_BONUSLEN : 0, tx);
1069 } else {
1070 (void) dmu_object_set_blocksize(zfsvfs->z_os, aoid,
1071 aclp->z_acl_bytes, 0, tx);
1072 }
1073 zphys->zp_acl.z_acl_extern_obj = aoid;
1074 for (aclnode = list_head(&aclp->z_acl); aclnode;
1075 aclnode = list_next(&aclp->z_acl, aclnode)) {
1076 if (aclnode->z_ace_count == 0)
1077 continue;
1078 dmu_write(zfsvfs->z_os, aoid, off,
1079 aclnode->z_size, aclnode->z_acldata, tx);
1080 off += aclnode->z_size;
1081 }
1082 } else {
1083 void *start = zacl->z_ace_data;
1084 /*
1085 * Migrating back embedded?
1086 */
1087 if (zphys->zp_acl.z_acl_extern_obj) {
1088 error = dmu_object_free(zfsvfs->z_os,
1089 zp->z_phys->zp_acl.z_acl_extern_obj, tx);
1090 if (error)
1091 return (error);
1092 zphys->zp_acl.z_acl_extern_obj = 0;
1093 }
1094
1095 for (aclnode = list_head(&aclp->z_acl); aclnode;
1096 aclnode = list_next(&aclp->z_acl, aclnode)) {
1097 if (aclnode->z_ace_count == 0)
1098 continue;
1099 bcopy(aclnode->z_acldata, start, aclnode->z_size);
1100 start = (caddr_t)start + aclnode->z_size;
1101 }
1102 }
1103
1104 /*
1105 * If Old version then swap count/bytes to match old
1106 * layout of znode_acl_phys_t.
1107 */
1108 if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) {
1109 zphys->zp_acl.z_acl_size = aclp->z_acl_count;
1110 zphys->zp_acl.z_acl_count = aclp->z_acl_bytes;
1111 } else {
1112 zphys->zp_acl.z_acl_size = aclp->z_acl_bytes;
1113 zphys->zp_acl.z_acl_count = aclp->z_acl_count;
1114 }
1115
1116 zphys->zp_acl.z_acl_version = aclp->z_version;
1117
1118 /*
1119 * Replace ACL wide bits, but first clear them.
1120 */
1121 zp->z_phys->zp_flags &= ~ZFS_ACL_WIDE_FLAGS;
1122
1123 zp->z_phys->zp_flags |= aclp->z_hints;
1124
1125 if (ace_trivial_common(aclp, 0, zfs_ace_walk) == 0)
1126 zp->z_phys->zp_flags |= ZFS_ACL_TRIVIAL;
1127
1128 zfs_time_stamper_locked(zp, STATE_CHANGED, tx);
1129 return (0);
1130 }
1131
1132 /*
1133 * Update access mask for prepended ACE
1134 *
1135 * This applies the "groupmask" value for aclmode property.
1136 */
1137 static void
1138 zfs_acl_prepend_fixup(zfs_acl_t *aclp, void *acep, void *origacep,
1139 mode_t mode, uint64_t owner)
1140 {
1141 int rmask, wmask, xmask;
1142 int user_ace;
1143 uint16_t aceflags;
1144 uint32_t origmask, acepmask;
1145 uint64_t fuid;
1146
1147 aceflags = aclp->z_ops.ace_flags_get(acep);
1148 fuid = aclp->z_ops.ace_who_get(acep);
1149 origmask = aclp->z_ops.ace_mask_get(origacep);
1150 acepmask = aclp->z_ops.ace_mask_get(acep);
1151
1152 user_ace = (!(aceflags &
1153 (ACE_OWNER|ACE_GROUP|ACE_IDENTIFIER_GROUP)));
1154
1155 if (user_ace && (fuid == owner)) {
1156 rmask = S_IRUSR;
1157 wmask = S_IWUSR;
1158 xmask = S_IXUSR;
1159 } else {
1160 rmask = S_IRGRP;
1161 wmask = S_IWGRP;
1162 xmask = S_IXGRP;
1163 }
1164
1165 if (origmask & ACE_READ_DATA) {
1166 if (mode & rmask) {
1167 acepmask &= ~ACE_READ_DATA;
1168 } else {
1169 acepmask |= ACE_READ_DATA;
1170 }
1171 }
1172
1173 if (origmask & ACE_WRITE_DATA) {
1174 if (mode & wmask) {
1175 acepmask &= ~ACE_WRITE_DATA;
1176 } else {
1177 acepmask |= ACE_WRITE_DATA;
1178 }
1179 }
1180
1181 if (origmask & ACE_APPEND_DATA) {
1182 if (mode & wmask) {
1183 acepmask &= ~ACE_APPEND_DATA;
1184 } else {
1185 acepmask |= ACE_APPEND_DATA;
1186 }
1187 }
1188
1189 if (origmask & ACE_EXECUTE) {
1190 if (mode & xmask) {
1191 acepmask &= ~ACE_EXECUTE;
1192 } else {
1193 acepmask |= ACE_EXECUTE;
1194 }
1195 }
1196 aclp->z_ops.ace_mask_set(acep, acepmask);
1197 }
1198
1199 /*
1200 * Apply mode to canonical six ACEs.
1201 */
1202 static void
1203 zfs_acl_fixup_canonical_six(zfs_acl_t *aclp, mode_t mode)
1204 {
1205 zfs_acl_node_t *aclnode = list_tail(&aclp->z_acl);
1206 void *acep;
1207 int maskoff = aclp->z_ops.ace_mask_off();
1208 size_t abstract_size = aclp->z_ops.ace_abstract_size();
1209
1210 ASSERT(aclnode != NULL);
1211
1212 acep = (void *)((caddr_t)aclnode->z_acldata +
1213 aclnode->z_size - (abstract_size * 6));
1214
1215 /*
1216 * Fixup final ACEs to match the mode
1217 */
1218
1219 adjust_ace_pair_common(acep, maskoff, abstract_size,
1220 (mode & 0700) >> 6); /* owner@ */
1221
1222 acep = (caddr_t)acep + (abstract_size * 2);
1223
1224 adjust_ace_pair_common(acep, maskoff, abstract_size,
1225 (mode & 0070) >> 3); /* group@ */
1226
1227 acep = (caddr_t)acep + (abstract_size * 2);
1228 adjust_ace_pair_common(acep, maskoff,
1229 abstract_size, mode); /* everyone@ */
1230 }
1231
1232
1233 static int
1234 zfs_acl_ace_match(zfs_acl_t *aclp, void *acep, int allow_deny,
1235 int entry_type, int accessmask)
1236 {
1237 uint32_t mask = aclp->z_ops.ace_mask_get(acep);
1238 uint16_t type = aclp->z_ops.ace_type_get(acep);
1239 uint16_t flags = aclp->z_ops.ace_flags_get(acep);
1240
1241 return (mask == accessmask && type == allow_deny &&
1242 ((flags & ACE_TYPE_FLAGS) == entry_type));
1243 }
1244
1245 /*
1246 * Can prepended ACE be reused?
1247 */
1248 static int
1249 zfs_reuse_deny(zfs_acl_t *aclp, void *acep, void *prevacep)
1250 {
1251 int okay_masks;
1252 uint16_t prevtype;
1253 uint16_t prevflags;
1254 uint16_t flags;
1255 uint32_t mask, prevmask;
1256
1257 if (prevacep == NULL)
1258 return (B_FALSE);
1259
1260 prevtype = aclp->z_ops.ace_type_get(prevacep);
1261 prevflags = aclp->z_ops.ace_flags_get(prevacep);
1262 flags = aclp->z_ops.ace_flags_get(acep);
1263 mask = aclp->z_ops.ace_mask_get(acep);
1264 prevmask = aclp->z_ops.ace_mask_get(prevacep);
1265
1266 if (prevtype != DENY)
1267 return (B_FALSE);
1268
1269 if (prevflags != (flags & ACE_IDENTIFIER_GROUP))
1270 return (B_FALSE);
1271
1272 okay_masks = (mask & OKAY_MASK_BITS);
1273
1274 if (prevmask & ~okay_masks)
1275 return (B_FALSE);
1276
1277 return (B_TRUE);
1278 }
1279
1280
1281 /*
1282 * Insert new ACL node into chain of zfs_acl_node_t's
1283 *
1284 * This will result in two possible results.
1285 * 1. If the ACL is currently just a single zfs_acl_node and
1286 * we are prepending the entry then current acl node will have
1287 * a new node inserted above it.
1288 *
1289 * 2. If we are inserting in the middle of current acl node then
1290 * the current node will be split in two and new node will be inserted
1291 * in between the two split nodes.
1292 */
1293 static zfs_acl_node_t *
1294 zfs_acl_ace_insert(zfs_acl_t *aclp, void *acep)
1295 {
1296 zfs_acl_node_t *newnode;
1297 zfs_acl_node_t *trailernode = NULL;
1298 zfs_acl_node_t *currnode = zfs_acl_curr_node(aclp);
1299 int curr_idx = aclp->z_curr_node->z_ace_idx;
1300 int trailer_count;
1301 size_t oldsize;
1302
1303 newnode = zfs_acl_node_alloc(aclp->z_ops.ace_size(acep));
1304 newnode->z_ace_count = 1;
1305
1306 oldsize = currnode->z_size;
1307
1308 if (curr_idx != 1) {
1309 trailernode = zfs_acl_node_alloc(0);
1310 trailernode->z_acldata = acep;
1311
1312 trailer_count = currnode->z_ace_count - curr_idx + 1;
1313 currnode->z_ace_count = curr_idx - 1;
1314 currnode->z_size = (caddr_t)acep - (caddr_t)currnode->z_acldata;
1315 trailernode->z_size = oldsize - currnode->z_size;
1316 trailernode->z_ace_count = trailer_count;
1317 }
1318
1319 aclp->z_acl_count += 1;
1320 aclp->z_acl_bytes += aclp->z_ops.ace_size(acep);
1321
1322 if (curr_idx == 1)
1323 list_insert_before(&aclp->z_acl, currnode, newnode);
1324 else
1325 list_insert_after(&aclp->z_acl, currnode, newnode);
1326 if (trailernode) {
1327 list_insert_after(&aclp->z_acl, newnode, trailernode);
1328 aclp->z_curr_node = trailernode;
1329 trailernode->z_ace_idx = 1;
1330 }
1331
1332 return (newnode);
1333 }
1334
1335 /*
1336 * Prepend deny ACE
1337 */
1338 static void *
1339 zfs_acl_prepend_deny(znode_t *zp, zfs_acl_t *aclp, void *acep,
1340 mode_t mode)
1341 {
1342 zfs_acl_node_t *aclnode;
1343 void *newacep;
1344 uint64_t fuid;
1345 uint16_t flags;
1346
1347 aclnode = zfs_acl_ace_insert(aclp, acep);
1348 newacep = aclnode->z_acldata;
1349 fuid = aclp->z_ops.ace_who_get(acep);
1350 flags = aclp->z_ops.ace_flags_get(acep);
1351 zfs_set_ace(aclp, newacep, 0, DENY, fuid, (flags & ACE_TYPE_FLAGS));
1352 zfs_acl_prepend_fixup(aclp, newacep, acep, mode, zp->z_phys->zp_uid);
1353
1354 return (newacep);
1355 }
1356
1357 /*
1358 * Split an inherited ACE into inherit_only ACE
1359 * and original ACE with inheritance flags stripped off.
1360 */
1361 static void
1362 zfs_acl_split_ace(zfs_acl_t *aclp, zfs_ace_hdr_t *acep)
1363 {
1364 zfs_acl_node_t *aclnode;
1365 zfs_acl_node_t *currnode;
1366 void *newacep;
1367 uint16_t type, flags;
1368 uint32_t mask;
1369 uint64_t fuid;
1370
1371 type = aclp->z_ops.ace_type_get(acep);
1372 flags = aclp->z_ops.ace_flags_get(acep);
1373 mask = aclp->z_ops.ace_mask_get(acep);
1374 fuid = aclp->z_ops.ace_who_get(acep);
1375
1376 aclnode = zfs_acl_ace_insert(aclp, acep);
1377 newacep = aclnode->z_acldata;
1378
1379 aclp->z_ops.ace_type_set(newacep, type);
1380 aclp->z_ops.ace_flags_set(newacep, flags | ACE_INHERIT_ONLY_ACE);
1381 aclp->z_ops.ace_mask_set(newacep, mask);
1382 aclp->z_ops.ace_type_set(newacep, type);
1383 aclp->z_ops.ace_who_set(newacep, fuid);
1384 aclp->z_next_ace = acep;
1385 flags &= ~ALL_INHERIT;
1386 aclp->z_ops.ace_flags_set(acep, flags);
1387 currnode = zfs_acl_curr_node(aclp);
1388 ASSERT(currnode->z_ace_idx >= 1);
1389 currnode->z_ace_idx -= 1;
1390 }
1391
1392 /*
1393 * Are ACES started at index i, the canonical six ACES?
1394 */
1395 static int
1396 zfs_have_canonical_six(zfs_acl_t *aclp)
1397 {
1398 void *acep;
1399 zfs_acl_node_t *aclnode = list_tail(&aclp->z_acl);
1400 int i = 0;
1401 size_t abstract_size = aclp->z_ops.ace_abstract_size();
1402
1403 ASSERT(aclnode != NULL);
1404
1405 if (aclnode->z_ace_count < 6)
1406 return (0);
1407
1408 acep = (void *)((caddr_t)aclnode->z_acldata +
1409 aclnode->z_size - (aclp->z_ops.ace_abstract_size() * 6));
1410
1411 if ((zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++),
1412 DENY, ACE_OWNER, 0) &&
1413 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++),
1414 ALLOW, ACE_OWNER, OWNER_ALLOW_MASK) &&
1415 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), DENY,
1416 OWNING_GROUP, 0) && zfs_acl_ace_match(aclp, (caddr_t)acep +
1417 (abstract_size * i++),
1418 ALLOW, OWNING_GROUP, 0) &&
1419 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++),
1420 DENY, ACE_EVERYONE, EVERYONE_DENY_MASK) &&
1421 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++),
1422 ALLOW, ACE_EVERYONE, EVERYONE_ALLOW_MASK))) {
1423 return (1);
1424 } else {
1425 return (0);
1426 }
1427 }
1428
1429
1430 /*
1431 * Apply step 1g, to group entries
1432 *
1433 * Need to deal with corner case where group may have
1434 * greater permissions than owner. If so then limit
1435 * group permissions, based on what extra permissions
1436 * group has.
1437 */
1438 static void
1439 zfs_fixup_group_entries(zfs_acl_t *aclp, void *acep, void *prevacep,
1440 mode_t mode)
1441 {
1442 uint32_t prevmask = aclp->z_ops.ace_mask_get(prevacep);
1443 uint32_t mask = aclp->z_ops.ace_mask_get(acep);
1444 uint16_t prevflags = aclp->z_ops.ace_flags_get(prevacep);
1445 mode_t extramode = (mode >> 3) & 07;
1446 mode_t ownermode = (mode >> 6);
1447
1448 if (prevflags & ACE_IDENTIFIER_GROUP) {
1449
1450 extramode &= ~ownermode;
1451
1452 if (extramode) {
1453 if (extramode & S_IROTH) {
1454 prevmask &= ~ACE_READ_DATA;
1455 mask &= ~ACE_READ_DATA;
1456 }
1457 if (extramode & S_IWOTH) {
1458 prevmask &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA);
1459 mask &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA);
1460 }
1461 if (extramode & S_IXOTH) {
1462 prevmask &= ~ACE_EXECUTE;
1463 mask &= ~ACE_EXECUTE;
1464 }
1465 }
1466 }
1467 aclp->z_ops.ace_mask_set(acep, mask);
1468 aclp->z_ops.ace_mask_set(prevacep, prevmask);
1469 }
1470
1471 /*
1472 * Apply the chmod algorithm as described
1473 * in PSARC/2002/240
1474 */
1475 static void
1476 zfs_acl_chmod(znode_t *zp, uint64_t mode, zfs_acl_t *aclp)
1477 {
1478 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1479 void *acep = NULL, *prevacep = NULL;
1480 uint64_t who;
1481 int i;
1482 int entry_type;
1483 int reuse_deny;
1484 int need_canonical_six = 1;
1485 uint16_t iflags, type;
1486 uint32_t access_mask;
1487
1488 ASSERT(MUTEX_HELD(&zp->z_acl_lock));
1489 ASSERT(MUTEX_HELD(&zp->z_lock));
1490
1491 aclp->z_hints = (zp->z_phys->zp_flags & V4_ACL_WIDE_FLAGS);
1492
1493 /*
1494 * If discard then just discard all ACL nodes which
1495 * represent the ACEs.
1496 *
1497 * New owner@/group@/everone@ ACEs will be added
1498 * later.
1499 */
1500 if (zfsvfs->z_acl_mode == ZFS_ACL_DISCARD)
1501 zfs_acl_release_nodes(aclp);
1502
1503 while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask,
1504 &iflags, &type)) {
1505
1506 entry_type = (iflags & ACE_TYPE_FLAGS);
1507 iflags = (iflags & ALL_INHERIT);
1508
1509 if ((type != ALLOW && type != DENY) ||
1510 (iflags & ACE_INHERIT_ONLY_ACE)) {
1511 if (iflags)
1512 aclp->z_hints |= ZFS_INHERIT_ACE;
1513 switch (type) {
1514 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
1515 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
1516 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
1517 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
1518 aclp->z_hints |= ZFS_ACL_OBJ_ACE;
1519 break;
1520 }
1521 goto nextace;
1522 }
1523
1524 /*
1525 * Need to split ace into two?
1526 */
1527 if ((iflags & (ACE_FILE_INHERIT_ACE|
1528 ACE_DIRECTORY_INHERIT_ACE)) &&
1529 (!(iflags & ACE_INHERIT_ONLY_ACE))) {
1530 zfs_acl_split_ace(aclp, acep);
1531 aclp->z_hints |= ZFS_INHERIT_ACE;
1532 goto nextace;
1533 }
1534
1535 if (entry_type == ACE_OWNER || entry_type == ACE_EVERYONE ||
1536 (entry_type == OWNING_GROUP)) {
1537 access_mask &= ~OGE_CLEAR;
1538 aclp->z_ops.ace_mask_set(acep, access_mask);
1539 goto nextace;
1540 } else {
1541 reuse_deny = B_TRUE;
1542 if (type == ALLOW) {
1543
1544 /*
1545 * Check preceding ACE if any, to see
1546 * if we need to prepend a DENY ACE.
1547 * This is only applicable when the acl_mode
1548 * property == groupmask.
1549 */
1550 if (zfsvfs->z_acl_mode == ZFS_ACL_GROUPMASK) {
1551
1552 reuse_deny = zfs_reuse_deny(aclp, acep,
1553 prevacep);
1554
1555 if (!reuse_deny) {
1556 prevacep =
1557 zfs_acl_prepend_deny(zp,
1558 aclp, acep, mode);
1559 } else {
1560 zfs_acl_prepend_fixup(
1561 aclp, prevacep,
1562 acep, mode,
1563 zp->z_phys->zp_uid);
1564 }
1565 zfs_fixup_group_entries(aclp, acep,
1566 prevacep, mode);
1567
1568 }
1569 }
1570 }
1571 nextace:
1572 prevacep = acep;
1573 }
1574
1575 /*
1576 * Check out last six aces, if we have six.
1577 */
1578
1579 if (aclp->z_acl_count >= 6) {
1580 if (zfs_have_canonical_six(aclp)) {
1581 need_canonical_six = 0;
1582 }
1583 }
1584
1585 if (need_canonical_six) {
1586 size_t abstract_size = aclp->z_ops.ace_abstract_size();
1587 void *zacep;
1588 zfs_acl_node_t *aclnode =
1589 zfs_acl_node_alloc(abstract_size * 6);
1590
1591 aclnode->z_size = abstract_size * 6;
1592 aclnode->z_ace_count = 6;
1593 aclp->z_acl_bytes += aclnode->z_size;
1594 list_insert_tail(&aclp->z_acl, aclnode);
1595
1596 zacep = aclnode->z_acldata;
1597
1598 i = 0;
1599 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++),
1600 0, DENY, -1, ACE_OWNER);
1601 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++),
1602 OWNER_ALLOW_MASK, ALLOW, -1, ACE_OWNER);
1603 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 0,
1604 DENY, -1, OWNING_GROUP);
1605 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 0,
1606 ALLOW, -1, OWNING_GROUP);
1607 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++),
1608 EVERYONE_DENY_MASK, DENY, -1, ACE_EVERYONE);
1609 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++),
1610 EVERYONE_ALLOW_MASK, ALLOW, -1, ACE_EVERYONE);
1611 aclp->z_acl_count += 6;
1612 }
1613
1614 zfs_acl_fixup_canonical_six(aclp, mode);
1615 }
1616
1617 int
1618 zfs_acl_chmod_setattr(znode_t *zp, zfs_acl_t **aclp, uint64_t mode)
1619 {
1620 int error;
1621
1622 mutex_enter(&zp->z_lock);
1623 mutex_enter(&zp->z_acl_lock);
1624 *aclp = NULL;
1625 error = zfs_acl_node_read(zp, aclp, B_TRUE);
1626 if (error == 0)
1627 zfs_acl_chmod(zp, mode, *aclp);
1628 mutex_exit(&zp->z_acl_lock);
1629 mutex_exit(&zp->z_lock);
1630 return (error);
1631 }
1632
1633 /*
1634 * strip off write_owner and write_acl
1635 */
1636 static void
1637 zfs_restricted_update(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, void *acep)
1638 {
1639 uint32_t mask = aclp->z_ops.ace_mask_get(acep);
1640
1641 if ((zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED) &&
1642 (aclp->z_ops.ace_type_get(acep) == ALLOW)) {
1643 mask &= ~RESTRICTED_CLEAR;
1644 aclp->z_ops.ace_mask_set(acep, mask);
1645 }
1646 }
1647
1648 /*
1649 * Should ACE be inherited?
1650 */
1651 static int
1652 zfs_ace_can_use(znode_t *zp, uint16_t acep_flags)
1653 {
1654 int vtype = ZTOV(zp)->v_type;
1655 int iflags = (acep_flags & 0xf);
1656
1657 if ((vtype == VDIR) && (iflags & ACE_DIRECTORY_INHERIT_ACE))
1658 return (1);
1659 else if (iflags & ACE_FILE_INHERIT_ACE)
1660 return (!((vtype == VDIR) &&
1661 (iflags & ACE_NO_PROPAGATE_INHERIT_ACE)));
1662 return (0);
1663 }
1664
1665 /*
1666 * inherit inheritable ACEs from parent
1667 */
1668 static zfs_acl_t *
1669 zfs_acl_inherit(znode_t *zp, zfs_acl_t *paclp, uint64_t mode,
1670 boolean_t *need_chmod)
1671 {
1672 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1673 void *pacep;
1674 void *acep, *acep2;
1675 zfs_acl_node_t *aclnode, *aclnode2;
1676 zfs_acl_t *aclp = NULL;
1677 uint64_t who;
1678 uint32_t access_mask;
1679 uint16_t iflags, newflags, type;
1680 size_t ace_size;
1681 void *data1, *data2;
1682 size_t data1sz, data2sz;
1683 boolean_t vdir = ZTOV(zp)->v_type == VDIR;
1684 boolean_t vreg = ZTOV(zp)->v_type == VREG;
1685 boolean_t passthrough, passthrough_x, noallow;
1686
1687 passthrough_x =
1688 zfsvfs->z_acl_inherit == ZFS_ACL_PASSTHROUGH_X;
1689 passthrough = passthrough_x ||
1690 zfsvfs->z_acl_inherit == ZFS_ACL_PASSTHROUGH;
1691 noallow =
1692 zfsvfs->z_acl_inherit == ZFS_ACL_NOALLOW;
1693
1694 *need_chmod = B_TRUE;
1695 pacep = NULL;
1696 aclp = zfs_acl_alloc(paclp->z_version);
1697 if (zfsvfs->z_acl_inherit == ZFS_ACL_DISCARD)
1698 return (aclp);
1699 while (pacep = zfs_acl_next_ace(paclp, pacep, &who,
1700 &access_mask, &iflags, &type)) {
1701
1702 /*
1703 * don't inherit bogus ACEs
1704 */
1705 if (!zfs_acl_valid_ace_type(type, iflags))
1706 continue;
1707
1708 if (noallow && type == ALLOW)
1709 continue;
1710
1711 ace_size = aclp->z_ops.ace_size(pacep);
1712
1713 if (!zfs_ace_can_use(zp, iflags))
1714 continue;
1715
1716 /*
1717 * If owner@, group@, or everyone@ inheritable
1718 * then zfs_acl_chmod() isn't needed.
1719 */
1720 if (passthrough &&
1721 ((iflags & (ACE_OWNER|ACE_EVERYONE)) ||
1722 ((iflags & OWNING_GROUP) ==
1723 OWNING_GROUP)) && (vreg || (vdir && (iflags &
1724 ACE_DIRECTORY_INHERIT_ACE)))) {
1725 *need_chmod = B_FALSE;
1726
1727 if (!vdir && passthrough_x &&
1728 ((mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0)) {
1729 access_mask &= ~ACE_EXECUTE;
1730 }
1731 }
1732
1733 aclnode = zfs_acl_node_alloc(ace_size);
1734 list_insert_tail(&aclp->z_acl, aclnode);
1735 acep = aclnode->z_acldata;
1736
1737 zfs_set_ace(aclp, acep, access_mask, type,
1738 who, iflags|ACE_INHERITED_ACE);
1739
1740 /*
1741 * Copy special opaque data if any
1742 */
1743 if ((data1sz = paclp->z_ops.ace_data(pacep, &data1)) != 0) {
1744 VERIFY((data2sz = aclp->z_ops.ace_data(acep,
1745 &data2)) == data1sz);
1746 bcopy(data1, data2, data2sz);
1747 }
1748 aclp->z_acl_count++;
1749 aclnode->z_ace_count++;
1750 aclp->z_acl_bytes += aclnode->z_size;
1751 newflags = aclp->z_ops.ace_flags_get(acep);
1752
1753 if (vdir)
1754 aclp->z_hints |= ZFS_INHERIT_ACE;
1755
1756 if ((iflags & ACE_NO_PROPAGATE_INHERIT_ACE) || !vdir) {
1757 newflags &= ~ALL_INHERIT;
1758 aclp->z_ops.ace_flags_set(acep,
1759 newflags|ACE_INHERITED_ACE);
1760 zfs_restricted_update(zfsvfs, aclp, acep);
1761 continue;
1762 }
1763
1764 ASSERT(vdir);
1765
1766 newflags = aclp->z_ops.ace_flags_get(acep);
1767 if ((iflags & (ACE_FILE_INHERIT_ACE |
1768 ACE_DIRECTORY_INHERIT_ACE)) !=
1769 ACE_FILE_INHERIT_ACE) {
1770 aclnode2 = zfs_acl_node_alloc(ace_size);
1771 list_insert_tail(&aclp->z_acl, aclnode2);
1772 acep2 = aclnode2->z_acldata;
1773 zfs_set_ace(aclp, acep2,
1774 access_mask, type, who,
1775 iflags|ACE_INHERITED_ACE);
1776 newflags |= ACE_INHERIT_ONLY_ACE;
1777 aclp->z_ops.ace_flags_set(acep, newflags);
1778 newflags &= ~ALL_INHERIT;
1779 aclp->z_ops.ace_flags_set(acep2,
1780 newflags|ACE_INHERITED_ACE);
1781
1782 /*
1783 * Copy special opaque data if any
1784 */
1785 if ((data1sz = aclp->z_ops.ace_data(acep,
1786 &data1)) != 0) {
1787 VERIFY((data2sz =
1788 aclp->z_ops.ace_data(acep2,
1789 &data2)) == data1sz);
1790 bcopy(data1, data2, data1sz);
1791 }
1792 aclp->z_acl_count++;
1793 aclnode2->z_ace_count++;
1794 aclp->z_acl_bytes += aclnode->z_size;
1795 zfs_restricted_update(zfsvfs, aclp, acep2);
1796 } else {
1797 newflags |= ACE_INHERIT_ONLY_ACE;
1798 aclp->z_ops.ace_flags_set(acep,
1799 newflags|ACE_INHERITED_ACE);
1800 }
1801 }
1802 return (aclp);
1803 }
1804
1805 /*
1806 * Create file system object initial permissions
1807 * including inheritable ACEs.
1808 */
1809 void
1810 zfs_perm_init(znode_t *zp, znode_t *parent, int flag,
1811 vattr_t *vap, dmu_tx_t *tx, cred_t *cr,
1812 zfs_acl_t *setaclp, zfs_fuid_info_t **fuidp)
1813 {
1814 uint64_t mode, fuid, fgid;
1815 int error;
1816 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1817 zfs_acl_t *aclp = NULL;
1818 zfs_acl_t *paclp;
1819 xvattr_t *xvap = (xvattr_t *)vap;
1820 gid_t gid;
1821 boolean_t need_chmod = B_TRUE;
1822
1823 if (setaclp)
1824 aclp = setaclp;
1825
1826 mode = MAKEIMODE(vap->va_type, vap->va_mode);
1827
1828 /*
1829 * Determine uid and gid.
1830 */
1831 if ((flag & (IS_ROOT_NODE | IS_REPLAY)) ||
1832 ((flag & IS_XATTR) && (vap->va_type == VDIR))) {
1833 fuid = zfs_fuid_create(zfsvfs, vap->va_uid, cr,
1834 ZFS_OWNER, tx, fuidp);
1835 fgid = zfs_fuid_create(zfsvfs, vap->va_gid, cr,
1836 ZFS_GROUP, tx, fuidp);
1837 gid = vap->va_gid;
1838 } else {
1839 fuid = zfs_fuid_create_cred(zfsvfs, ZFS_OWNER, tx, cr, fuidp);
1840 fgid = 0;
1841 if (vap->va_mask & AT_GID) {
1842 fgid = zfs_fuid_create(zfsvfs, vap->va_gid, cr,
1843 ZFS_GROUP, tx, fuidp);
1844 gid = vap->va_gid;
1845 if (fgid != parent->z_phys->zp_gid &&
1846 !groupmember(vap->va_gid, cr) &&
1847 secpolicy_vnode_create_gid(cr) != 0)
1848 fgid = 0;
1849 }
1850 if (fgid == 0) {
1851 if (parent->z_phys->zp_mode & S_ISGID) {
1852 fgid = parent->z_phys->zp_gid;
1853 gid = zfs_fuid_map_id(zfsvfs, fgid,
1854 cr, ZFS_GROUP);
1855 } else {
1856 fgid = zfs_fuid_create_cred(zfsvfs,
1857 ZFS_GROUP, tx, cr, fuidp);
1858 gid = crgetgid(cr);
1859 }
1860 }
1861 }
1862
1863 /*
1864 * If we're creating a directory, and the parent directory has the
1865 * set-GID bit set, set in on the new directory.
1866 * Otherwise, if the user is neither privileged nor a member of the
1867 * file's new group, clear the file's set-GID bit.
1868 */
1869
1870 if ((parent->z_phys->zp_mode & S_ISGID) && (vap->va_type == VDIR)) {
1871 mode |= S_ISGID;
1872 } else {
1873 if ((mode & S_ISGID) &&
1874 secpolicy_vnode_setids_setgids(cr, gid) != 0)
1875 mode &= ~S_ISGID;
1876 }
1877
1878 zp->z_phys->zp_uid = fuid;
1879 zp->z_phys->zp_gid = fgid;
1880 zp->z_phys->zp_mode = mode;
1881
1882 if (aclp == NULL) {
1883 mutex_enter(&parent->z_lock);
1884 if ((ZTOV(parent)->v_type == VDIR &&
1885 (parent->z_phys->zp_flags & ZFS_INHERIT_ACE)) &&
1886 !(zp->z_phys->zp_flags & ZFS_XATTR)) {
1887 mutex_enter(&parent->z_acl_lock);
1888 VERIFY(0 == zfs_acl_node_read(parent, &paclp, B_FALSE));
1889 mutex_exit(&parent->z_acl_lock);
1890 aclp = zfs_acl_inherit(zp, paclp, mode, &need_chmod);
1891 zfs_acl_free(paclp);
1892 } else {
1893 aclp = zfs_acl_alloc(zfs_acl_version_zp(zp));
1894 }
1895 mutex_exit(&parent->z_lock);
1896 mutex_enter(&zp->z_lock);
1897 mutex_enter(&zp->z_acl_lock);
1898 if (need_chmod)
1899 zfs_acl_chmod(zp, mode, aclp);
1900 } else {
1901 mutex_enter(&zp->z_lock);
1902 mutex_enter(&zp->z_acl_lock);
1903 }
1904
1905 /* Force auto_inherit on all new directory objects */
1906 if (vap->va_type == VDIR)
1907 aclp->z_hints |= ZFS_ACL_AUTO_INHERIT;
1908
1909 error = zfs_aclset_common(zp, aclp, cr, fuidp, tx);
1910
1911 /* Set optional attributes if any */
1912 if (vap->va_mask & AT_XVATTR)
1913 zfs_xvattr_set(zp, xvap);
1914
1915 mutex_exit(&zp->z_lock);
1916 mutex_exit(&zp->z_acl_lock);
1917 ASSERT3U(error, ==, 0);
1918
1919 if (aclp != setaclp)
1920 zfs_acl_free(aclp);
1921 }
1922
1923 /*
1924 * Retrieve a files ACL
1925 */
1926 int
1927 zfs_getacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr)
1928 {
1929 zfs_acl_t *aclp;
1930 ulong_t mask;
1931 int error;
1932 int count = 0;
1933 int largeace = 0;
1934
1935 mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT |
1936 VSA_ACE_ACLFLAGS | VSA_ACE_ALLTYPES);
1937
1938 if (error = zfs_zaccess(zp, ACE_READ_ACL, 0, skipaclchk, cr))
1939 return (error);
1940
1941 if (mask == 0)
1942 return (ENOSYS);
1943
1944 mutex_enter(&zp->z_acl_lock);
1945
1946 error = zfs_acl_node_read(zp, &aclp, B_FALSE);
1947 if (error != 0) {
1948 mutex_exit(&zp->z_acl_lock);
1949 return (error);
1950 }
1951
1952 /*
1953 * Scan ACL to determine number of ACEs
1954 */
1955 if ((zp->z_phys->zp_flags & ZFS_ACL_OBJ_ACE) &&
1956 !(mask & VSA_ACE_ALLTYPES)) {
1957 void *zacep = NULL;
1958 uint64_t who;
1959 uint32_t access_mask;
1960 uint16_t type, iflags;
1961
1962 while (zacep = zfs_acl_next_ace(aclp, zacep,
1963 &who, &access_mask, &iflags, &type)) {
1964 switch (type) {
1965 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
1966 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
1967 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
1968 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
1969 largeace++;
1970 continue;
1971 default:
1972 count++;
1973 }
1974 }
1975 vsecp->vsa_aclcnt = count;
1976 } else
1977 count = aclp->z_acl_count;
1978
1979 if (mask & VSA_ACECNT) {
1980 vsecp->vsa_aclcnt = count;
1981 }
1982
1983 if (mask & VSA_ACE) {
1984 size_t aclsz;
1985
1986 zfs_acl_node_t *aclnode = list_head(&aclp->z_acl);
1987
1988 aclsz = count * sizeof (ace_t) +
1989 sizeof (ace_object_t) * largeace;
1990
1991 vsecp->vsa_aclentp = kmem_alloc(aclsz, KM_SLEEP);
1992 vsecp->vsa_aclentsz = aclsz;
1993
1994 if (aclp->z_version == ZFS_ACL_VERSION_FUID)
1995 zfs_copy_fuid_2_ace(zp->z_zfsvfs, aclp, cr,
1996 vsecp->vsa_aclentp, !(mask & VSA_ACE_ALLTYPES));
1997 else {
1998 bcopy(aclnode->z_acldata, vsecp->vsa_aclentp,
1999 count * sizeof (ace_t));
2000 }
2001 }
2002 if (mask & VSA_ACE_ACLFLAGS) {
2003 vsecp->vsa_aclflags = 0;
2004 if (zp->z_phys->zp_flags & ZFS_ACL_DEFAULTED)
2005 vsecp->vsa_aclflags |= ACL_DEFAULTED;
2006 if (zp->z_phys->zp_flags & ZFS_ACL_PROTECTED)
2007 vsecp->vsa_aclflags |= ACL_PROTECTED;
2008 if (zp->z_phys->zp_flags & ZFS_ACL_AUTO_INHERIT)
2009 vsecp->vsa_aclflags |= ACL_AUTO_INHERIT;
2010 }
2011
2012 mutex_exit(&zp->z_acl_lock);
2013
2014 zfs_acl_free(aclp);
2015
2016 return (0);
2017 }
2018
2019 int
2020 zfs_vsec_2_aclp(zfsvfs_t *zfsvfs, vtype_t obj_type,
2021 vsecattr_t *vsecp, zfs_acl_t **zaclp)
2022 {
2023 zfs_acl_t *aclp;
2024 zfs_acl_node_t *aclnode;
2025 int aclcnt = vsecp->vsa_aclcnt;
2026 int error;
2027
2028 if (vsecp->vsa_aclcnt > MAX_ACL_ENTRIES || vsecp->vsa_aclcnt <= 0)
2029 return (EINVAL);
2030
2031 aclp = zfs_acl_alloc(zfs_acl_version(zfsvfs->z_version));
2032
2033 aclp->z_hints = 0;
2034 aclnode = zfs_acl_node_alloc(aclcnt * sizeof (zfs_object_ace_t));
2035 if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) {
2036 if ((error = zfs_copy_ace_2_oldace(obj_type, aclp,
2037 (ace_t *)vsecp->vsa_aclentp, aclnode->z_acldata,
2038 aclcnt, &aclnode->z_size)) != 0) {
2039 zfs_acl_free(aclp);
2040 zfs_acl_node_free(aclnode);
2041 return (error);
2042 }
2043 } else {
2044 if ((error = zfs_copy_ace_2_fuid(obj_type, aclp,
2045 vsecp->vsa_aclentp, aclnode->z_acldata, aclcnt,
2046 &aclnode->z_size)) != 0) {
2047 zfs_acl_free(aclp);
2048 zfs_acl_node_free(aclnode);
2049 return (error);
2050 }
2051 }
2052 aclp->z_acl_bytes = aclnode->z_size;
2053 aclnode->z_ace_count = aclcnt;
2054 aclp->z_acl_count = aclcnt;
2055 list_insert_head(&aclp->z_acl, aclnode);
2056
2057 /*
2058 * If flags are being set then add them to z_hints
2059 */
2060 if (vsecp->vsa_mask & VSA_ACE_ACLFLAGS) {
2061 if (vsecp->vsa_aclflags & ACL_PROTECTED)
2062 aclp->z_hints |= ZFS_ACL_PROTECTED;
2063 if (vsecp->vsa_aclflags & ACL_DEFAULTED)
2064 aclp->z_hints |= ZFS_ACL_DEFAULTED;
2065 if (vsecp->vsa_aclflags & ACL_AUTO_INHERIT)
2066 aclp->z_hints |= ZFS_ACL_AUTO_INHERIT;
2067 }
2068
2069 *zaclp = aclp;
2070
2071 return (0);
2072 }
2073
2074 /*
2075 * Set a files ACL
2076 */
2077 int
2078 zfs_setacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr)
2079 {
2080 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2081 zilog_t *zilog = zfsvfs->z_log;
2082 ulong_t mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT);
2083 dmu_tx_t *tx;
2084 int error;
2085 zfs_acl_t *aclp;
2086 zfs_fuid_info_t *fuidp = NULL;
2087
2088 if (mask == 0)
2089 return (ENOSYS);
2090
2091 if (zp->z_phys->zp_flags & ZFS_IMMUTABLE)
2092 return (EPERM);
2093
2094 if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr))
2095 return (error);
2096
2097 error = zfs_vsec_2_aclp(zfsvfs, ZTOV(zp)->v_type, vsecp, &aclp);
2098 if (error)
2099 return (error);
2100
2101 /*
2102 * If ACL wide flags aren't being set then preserve any
2103 * existing flags.
2104 */
2105 if (!(vsecp->vsa_mask & VSA_ACE_ACLFLAGS)) {
2106 aclp->z_hints |= (zp->z_phys->zp_flags & V4_ACL_WIDE_FLAGS);
2107 }
2108 top:
2109 if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr)) {
2110 zfs_acl_free(aclp);
2111 return (error);
2112 }
2113
2114 mutex_enter(&zp->z_lock);
2115 mutex_enter(&zp->z_acl_lock);
2116
2117 tx = dmu_tx_create(zfsvfs->z_os);
2118 dmu_tx_hold_bonus(tx, zp->z_id);
2119
2120 if (zp->z_phys->zp_acl.z_acl_extern_obj) {
2121 /* Are we upgrading ACL? */
2122 if (zfsvfs->z_version <= ZPL_VERSION_FUID &&
2123 zp->z_phys->zp_acl.z_acl_version ==
2124 ZFS_ACL_VERSION_INITIAL) {
2125 dmu_tx_hold_free(tx,
2126 zp->z_phys->zp_acl.z_acl_extern_obj,
2127 0, DMU_OBJECT_END);
2128 dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
2129 0, aclp->z_acl_bytes);
2130 } else {
2131 dmu_tx_hold_write(tx,
2132 zp->z_phys->zp_acl.z_acl_extern_obj,
2133 0, aclp->z_acl_bytes);
2134 }
2135 } else if (aclp->z_acl_bytes > ZFS_ACE_SPACE) {
2136 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, aclp->z_acl_bytes);
2137 }
2138 if (aclp->z_has_fuids) {
2139 if (zfsvfs->z_fuid_obj == 0) {
2140 dmu_tx_hold_bonus(tx, DMU_NEW_OBJECT);
2141 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
2142 FUID_SIZE_ESTIMATE(zfsvfs));
2143 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, FALSE, NULL);
2144 } else {
2145 dmu_tx_hold_bonus(tx, zfsvfs->z_fuid_obj);
2146 dmu_tx_hold_write(tx, zfsvfs->z_fuid_obj, 0,
2147 FUID_SIZE_ESTIMATE(zfsvfs));
2148 }
2149 }
2150
2151 error = dmu_tx_assign(tx, zfsvfs->z_assign);
2152 if (error) {
2153 mutex_exit(&zp->z_acl_lock);
2154 mutex_exit(&zp->z_lock);
2155
2156 if (error == ERESTART && zfsvfs->z_assign == TXG_NOWAIT) {
2157 dmu_tx_wait(tx);
2158 dmu_tx_abort(tx);
2159 goto top;
2160 }
2161 dmu_tx_abort(tx);
2162 zfs_acl_free(aclp);
2163 return (error);
2164 }
2165
2166 error = zfs_aclset_common(zp, aclp, cr, &fuidp, tx);
2167 ASSERT(error == 0);
2168
2169 zfs_log_acl(zilog, tx, zp, vsecp, fuidp);
2170
2171 if (fuidp)
2172 zfs_fuid_info_free(fuidp);
2173 zfs_acl_free(aclp);
2174 dmu_tx_commit(tx);
2175 done:
2176 mutex_exit(&zp->z_acl_lock);
2177 mutex_exit(&zp->z_lock);
2178
2179 return (error);
2180 }
2181
2182 /*
2183 * working_mode returns the permissions that were not granted
2184 */
2185 static int
2186 zfs_zaccess_common(znode_t *zp, uint32_t v4_mode, uint32_t *working_mode,
2187 boolean_t *check_privs, boolean_t skipaclchk, cred_t *cr)
2188 {
2189 zfs_acl_t *aclp;
2190 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2191 int error;
2192 uid_t uid = crgetuid(cr);
2193 uint64_t who;
2194 uint16_t type, iflags;
2195 uint16_t entry_type;
2196 uint32_t access_mask;
2197 uint32_t deny_mask = 0;
2198 zfs_ace_hdr_t *acep = NULL;
2199 boolean_t checkit;
2200 uid_t fowner;
2201 uid_t gowner;
2202
2203 /*
2204 * Short circuit empty requests
2205 */
2206 if (v4_mode == 0)
2207 return (0);
2208
2209 *check_privs = B_TRUE;
2210
2211 if (zfsvfs->z_assign >= TXG_INITIAL) { /* ZIL replay */
2212 *working_mode = 0;
2213 return (0);
2214 }
2215
2216 *working_mode = v4_mode;
2217
2218 if ((v4_mode & WRITE_MASK) &&
2219 (zp->z_zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) &&
2220 (!IS_DEVVP(ZTOV(zp)))) {
2221 *check_privs = B_FALSE;
2222 return (EROFS);
2223 }
2224
2225 /*
2226 * Only check for READONLY on non-directories.
2227 */
2228 if ((v4_mode & WRITE_MASK_DATA) &&
2229 (((ZTOV(zp)->v_type != VDIR) &&
2230 (zp->z_phys->zp_flags & (ZFS_READONLY | ZFS_IMMUTABLE))) ||
2231 (ZTOV(zp)->v_type == VDIR &&
2232 (zp->z_phys->zp_flags & ZFS_IMMUTABLE)))) {
2233 *check_privs = B_FALSE;
2234 return (EPERM);
2235 }
2236
2237 if ((v4_mode & (ACE_DELETE | ACE_DELETE_CHILD)) &&
2238 (zp->z_phys->zp_flags & ZFS_NOUNLINK)) {
2239 *check_privs = B_FALSE;
2240 return (EPERM);
2241 }
2242
2243 if (((v4_mode & (ACE_READ_DATA|ACE_EXECUTE)) &&
2244 (zp->z_phys->zp_flags & ZFS_AV_QUARANTINED))) {
2245 *check_privs = B_FALSE;
2246 return (EACCES);
2247 }
2248
2249 /*
2250 * The caller requested that the ACL check be skipped. This
2251 * would only happen if the caller checked VOP_ACCESS() with a
2252 * 32 bit ACE mask and already had the appropriate permissions.
2253 */
2254 if (skipaclchk) {
2255 *working_mode = 0;
2256 return (0);
2257 }
2258
2259 zfs_fuid_map_ids(zp, cr, &fowner, &gowner);
2260
2261 mutex_enter(&zp->z_acl_lock);
2262
2263 error = zfs_acl_node_read(zp, &aclp, B_FALSE);
2264 if (error != 0) {
2265 mutex_exit(&zp->z_acl_lock);
2266 return (error);
2267 }
2268
2269 while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask,
2270 &iflags, &type)) {
2271
2272 if (!zfs_acl_valid_ace_type(type, iflags))
2273 continue;
2274
2275 if (ZTOV(zp)->v_type == VDIR && (iflags & ACE_INHERIT_ONLY_ACE))
2276 continue;
2277
2278 entry_type = (iflags & ACE_TYPE_FLAGS);
2279
2280 checkit = B_FALSE;
2281
2282 switch (entry_type) {
2283 case ACE_OWNER:
2284 if (uid == fowner)
2285 checkit = B_TRUE;
2286 break;
2287 case OWNING_GROUP:
2288 who = gowner;
2289 /*FALLTHROUGH*/
2290 case ACE_IDENTIFIER_GROUP:
2291 checkit = zfs_groupmember(zfsvfs, who, cr);
2292 break;
2293 case ACE_EVERYONE:
2294 checkit = B_TRUE;
2295 break;
2296
2297 /* USER Entry */
2298 default:
2299 if (entry_type == 0) {
2300 uid_t newid;
2301
2302 newid = zfs_fuid_map_id(zfsvfs, who, cr,
2303 ZFS_ACE_USER);
2304 if (newid != IDMAP_WK_CREATOR_OWNER_UID &&
2305 uid == newid)
2306 checkit = B_TRUE;
2307 break;
2308 } else {
2309 zfs_acl_free(aclp);
2310 mutex_exit(&zp->z_acl_lock);
2311 return (EIO);
2312 }
2313 }
2314
2315 if (checkit) {
2316 uint32_t mask_matched = (access_mask & *working_mode);
2317
2318 if (mask_matched) {
2319 if (type == DENY)
2320 deny_mask |= mask_matched;
2321
2322 *working_mode &= ~mask_matched;
2323 }
2324 }
2325
2326 /* Are we done? */
2327 if (*working_mode == 0)
2328 break;
2329 }
2330
2331 mutex_exit(&zp->z_acl_lock);
2332 zfs_acl_free(aclp);
2333
2334 /* Put the found 'denies' back on the working mode */
2335 if (deny_mask) {
2336 *working_mode |= deny_mask;
2337 return (EACCES);
2338 } else if (*working_mode) {
2339 return (-1);
2340 }
2341
2342 return (0);
2343 }
2344
2345 static int
2346 zfs_zaccess_append(znode_t *zp, uint32_t *working_mode, boolean_t *check_privs,
2347 cred_t *cr)
2348 {
2349 if (*working_mode != ACE_WRITE_DATA)
2350 return (EACCES);
2351
2352 return (zfs_zaccess_common(zp, ACE_APPEND_DATA, working_mode,
2353 check_privs, B_FALSE, cr));
2354 }
2355
2356 /*
2357 * Determine whether Access should be granted/denied, invoking least
2358 * priv subsytem when a deny is determined.
2359 */
2360 int
2361 zfs_zaccess(znode_t *zp, int mode, int flags, boolean_t skipaclchk, cred_t *cr)
2362 {
2363 uint32_t working_mode;
2364 int error;
2365 int is_attr;
2366 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2367 boolean_t check_privs;
2368 znode_t *xzp;
2369 znode_t *check_zp = zp;
2370
2371 is_attr = ((zp->z_phys->zp_flags & ZFS_XATTR) &&
2372 (ZTOV(zp)->v_type == VDIR));
2373
2374 /*
2375 * If attribute then validate against base file
2376 */
2377 if (is_attr) {
2378 if ((error = zfs_zget(zp->z_zfsvfs,
2379 zp->z_phys->zp_parent, &xzp)) != 0) {
2380 return (error);
2381 }
2382
2383 check_zp = xzp;
2384
2385 /*
2386 * fixup mode to map to xattr perms
2387 */
2388
2389 if (mode & (ACE_WRITE_DATA|ACE_APPEND_DATA)) {
2390 mode &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA);
2391 mode |= ACE_WRITE_NAMED_ATTRS;
2392 }
2393
2394 if (mode & (ACE_READ_DATA|ACE_EXECUTE)) {
2395 mode &= ~(ACE_READ_DATA|ACE_EXECUTE);
2396 mode |= ACE_READ_NAMED_ATTRS;
2397 }
2398 }
2399
2400 if ((error = zfs_zaccess_common(check_zp, mode, &working_mode,
2401 &check_privs, skipaclchk, cr)) == 0) {
2402 if (is_attr)
2403 VN_RELE(ZTOV(xzp));
2404 return (0);
2405 }
2406
2407 if (error && !check_privs) {
2408 if (is_attr)
2409 VN_RELE(ZTOV(xzp));
2410 return (error);
2411 }
2412
2413 if (error && (flags & V_APPEND)) {
2414 error = zfs_zaccess_append(zp, &working_mode, &check_privs, cr);
2415 }
2416
2417 if (error && check_privs) {
2418 uid_t owner;
2419 mode_t checkmode = 0;
2420
2421 owner = zfs_fuid_map_id(zfsvfs, check_zp->z_phys->zp_uid, cr,
2422 ZFS_OWNER);
2423
2424 /*
2425 * First check for implicit owner permission on
2426 * read_acl/read_attributes
2427 */
2428
2429 error = 0;
2430 ASSERT(working_mode != 0);
2431
2432 if ((working_mode & (ACE_READ_ACL|ACE_READ_ATTRIBUTES) &&
2433 owner == crgetuid(cr)))
2434 working_mode &= ~(ACE_READ_ACL|ACE_READ_ATTRIBUTES);
2435
2436 if (working_mode & (ACE_READ_DATA|ACE_READ_NAMED_ATTRS|
2437 ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_SYNCHRONIZE))
2438 checkmode |= VREAD;
2439 if (working_mode & (ACE_WRITE_DATA|ACE_WRITE_NAMED_ATTRS|
2440 ACE_APPEND_DATA|ACE_WRITE_ATTRIBUTES|ACE_SYNCHRONIZE))
2441 checkmode |= VWRITE;
2442 if (working_mode & ACE_EXECUTE)
2443 checkmode |= VEXEC;
2444
2445 if (checkmode)
2446 error = secpolicy_vnode_access(cr, ZTOV(check_zp),
2447 owner, checkmode);
2448
2449 if (error == 0 && (working_mode & ACE_WRITE_OWNER))
2450 error = secpolicy_vnode_chown(cr, B_TRUE);
2451 if (error == 0 && (working_mode & ACE_WRITE_ACL))
2452 error = secpolicy_vnode_setdac(cr, owner);
2453
2454 if (error == 0 && (working_mode &
2455 (ACE_DELETE|ACE_DELETE_CHILD)))
2456 error = secpolicy_vnode_remove(cr);
2457
2458 if (error == 0 && (working_mode & ACE_SYNCHRONIZE)) {
2459 error = secpolicy_vnode_chown(cr, B_FALSE);
2460 }
2461 if (error == 0) {
2462 /*
2463 * See if any bits other than those already checked
2464 * for are still present. If so then return EACCES
2465 */
2466 if (working_mode & ~(ZFS_CHECKED_MASKS)) {
2467 error = EACCES;
2468 }
2469 }
2470 }
2471
2472 if (is_attr)
2473 VN_RELE(ZTOV(xzp));
2474
2475 return (error);
2476 }
2477
2478 /*
2479 * Translate traditional unix VREAD/VWRITE/VEXEC mode into
2480 * native ACL format and call zfs_zaccess()
2481 */
2482 int
2483 zfs_zaccess_rwx(znode_t *zp, mode_t mode, int flags, cred_t *cr)
2484 {
2485 return (zfs_zaccess(zp, zfs_unix_to_v4(mode >> 6), flags, B_FALSE, cr));
2486 }
2487
2488 /*
2489 * Access function for secpolicy_vnode_setattr
2490 */
2491 int
2492 zfs_zaccess_unix(znode_t *zp, mode_t mode, cred_t *cr)
2493 {
2494 int v4_mode = zfs_unix_to_v4(mode >> 6);
2495
2496 return (zfs_zaccess(zp, v4_mode, 0, B_FALSE, cr));
2497 }
2498
2499 static int
2500 zfs_delete_final_check(znode_t *zp, znode_t *dzp,
2501 mode_t missing_perms, cred_t *cr)
2502 {
2503 int error;
2504 uid_t downer;
2505 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2506
2507 downer = zfs_fuid_map_id(zfsvfs, dzp->z_phys->zp_uid, cr, ZFS_OWNER);
2508
2509 error = secpolicy_vnode_access(cr, ZTOV(dzp), downer, missing_perms);
2510
2511 if (error == 0)
2512 error = zfs_sticky_remove_access(dzp, zp, cr);
2513
2514 return (error);
2515 }
2516
2517 /*
2518 * Determine whether Access should be granted/deny, without
2519 * consulting least priv subsystem.
2520 *
2521 *
2522 * The following chart is the recommended NFSv4 enforcement for
2523 * ability to delete an object.
2524 *
2525 * -------------------------------------------------------
2526 * | Parent Dir | Target Object Permissions |
2527 * | permissions | |
2528 * -------------------------------------------------------
2529 * | | ACL Allows | ACL Denies| Delete |
2530 * | | Delete | Delete | unspecified|
2531 * -------------------------------------------------------
2532 * | ACL Allows | Permit | Permit | Permit |
2533 * | DELETE_CHILD | |
2534 * -------------------------------------------------------
2535 * | ACL Denies | Permit | Deny | Deny |
2536 * | DELETE_CHILD | | | |
2537 * -------------------------------------------------------
2538 * | ACL specifies | | | |
2539 * | only allow | Permit | Permit | Permit |
2540 * | write and | | | |
2541 * | execute | | | |
2542 * -------------------------------------------------------
2543 * | ACL denies | | | |
2544 * | write and | Permit | Deny | Deny |
2545 * | execute | | | |
2546 * -------------------------------------------------------
2547 * ^
2548 * |
2549 * No search privilege, can't even look up file?
2550 *
2551 */
2552 int
2553 zfs_zaccess_delete(znode_t *dzp, znode_t *zp, cred_t *cr)
2554 {
2555 uint32_t dzp_working_mode = 0;
2556 uint32_t zp_working_mode = 0;
2557 int dzp_error, zp_error;
2558 mode_t missing_perms;
2559 boolean_t dzpcheck_privs = B_TRUE;
2560 boolean_t zpcheck_privs = B_TRUE;
2561
2562 /*
2563 * We want specific DELETE permissions to
2564 * take precedence over WRITE/EXECUTE. We don't
2565 * want an ACL such as this to mess us up.
2566 * user:joe:write_data:deny,user:joe:delete:allow
2567 *
2568 * However, deny permissions may ultimately be overridden
2569 * by secpolicy_vnode_access().
2570 *
2571 * We will ask for all of the necessary permissions and then
2572 * look at the working modes from the directory and target object
2573 * to determine what was found.
2574 */
2575
2576 if (zp->z_phys->zp_flags & (ZFS_IMMUTABLE | ZFS_NOUNLINK))
2577 return (EPERM);
2578
2579 /*
2580 * First row
2581 * If the directory permissions allow the delete, we are done.
2582 */
2583 if ((dzp_error = zfs_zaccess_common(dzp, ACE_DELETE_CHILD,
2584 &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr)) == 0)
2585 return (0);
2586
2587 /*
2588 * If target object has delete permission then we are done
2589 */
2590 if ((zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode,
2591 &zpcheck_privs, B_FALSE, cr)) == 0)
2592 return (0);
2593
2594 ASSERT(dzp_error && zp_error);
2595
2596 if (!dzpcheck_privs)
2597 return (dzp_error);
2598 if (!zpcheck_privs)
2599 return (zp_error);
2600
2601 /*
2602 * Second row
2603 *
2604 * If directory returns EACCES then delete_child was denied
2605 * due to deny delete_child. In this case send the request through
2606 * secpolicy_vnode_remove(). We don't use zfs_delete_final_check()
2607 * since that *could* allow the delete based on write/execute permission
2608 * and we want delete permissions to override write/execute.
2609 */
2610
2611 if (dzp_error == EACCES)
2612 return (secpolicy_vnode_remove(cr));
2613
2614 /*
2615 * Third Row
2616 * only need to see if we have write/execute on directory.
2617 */
2618
2619 if ((dzp_error = zfs_zaccess_common(dzp, ACE_EXECUTE|ACE_WRITE_DATA,
2620 &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr)) == 0)
2621 return (zfs_sticky_remove_access(dzp, zp, cr));
2622
2623 if (!dzpcheck_privs)
2624 return (dzp_error);
2625
2626 /*
2627 * Fourth row
2628 */
2629
2630 missing_perms = (dzp_working_mode & ACE_WRITE_DATA) ? VWRITE : 0;
2631 missing_perms |= (dzp_working_mode & ACE_EXECUTE) ? VEXEC : 0;
2632
2633 ASSERT(missing_perms);
2634
2635 return (zfs_delete_final_check(zp, dzp, missing_perms, cr));
2636
2637 }
2638
2639 int
2640 zfs_zaccess_rename(znode_t *sdzp, znode_t *szp, znode_t *tdzp,
2641 znode_t *tzp, cred_t *cr)
2642 {
2643 int add_perm;
2644 int error;
2645
2646 if (szp->z_phys->zp_flags & ZFS_AV_QUARANTINED)
2647 return (EACCES);
2648
2649 add_perm = (ZTOV(szp)->v_type == VDIR) ?
2650 ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE;
2651
2652 /*
2653 * Rename permissions are combination of delete permission +
2654 * add file/subdir permission.
2655 */
2656
2657 /*
2658 * first make sure we do the delete portion.
2659 *
2660 * If that succeeds then check for add_file/add_subdir permissions
2661 */
2662
2663 if (error = zfs_zaccess_delete(sdzp, szp, cr))
2664 return (error);
2665
2666 /*
2667 * If we have a tzp, see if we can delete it?
2668 */
2669 if (tzp) {
2670 if (error = zfs_zaccess_delete(tdzp, tzp, cr))
2671 return (error);
2672 }
2673
2674 /*
2675 * Now check for add permissions
2676 */
2677 error = zfs_zaccess(tdzp, add_perm, 0, B_FALSE, cr);
2678
2679 return (error);
2680 }
NetBSD on the FriendlyARM MINI2440