1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 29 #include <sys/types.h> 30 #include <sys/stat.h> 31 #include <sys/errno.h> 32 #include <sys/kmem.h> 33 #include <sys/t_lock.h> 34 #include <sys/ksynch.h> 35 #include <sys/buf.h> 36 #include <sys/vfs.h> 37 #include <sys/vnode.h> 38 #include <sys/mode.h> 39 #include <sys/systm.h> 40 #include <vm/seg.h> 41 #include <sys/file.h> 42 #include <sys/acl.h> 43 #include <sys/fs/ufs_inode.h> 44 #include <sys/fs/ufs_acl.h> 45 #include <sys/fs/ufs_quota.h> 46 #include <sys/sysmacros.h> 47 #include <sys/debug.h> 48 #include <sys/policy.h> 49 50 /* Cache routines */ 51 static int si_signature(si_t *); 52 static int si_cachei_get(struct inode *, si_t **); 53 static int si_cachea_get(struct inode *, si_t *, si_t **); 54 static int si_cmp(si_t *, si_t *); 55 static void si_cache_put(si_t *); 56 void si_cache_del(si_t *, int); 57 void si_cache_init(void); 58 59 static void ufs_si_free_mem(si_t *); 60 static int ufs_si_store(struct inode *, si_t *, int, cred_t *); 61 static si_t *ufs_acl_cp(si_t *); 62 static int ufs_sectobuf(si_t *, caddr_t *, size_t *); 63 static int acl_count(ufs_ic_acl_t *); 64 static int acl_validate(aclent_t *, int, int); 65 static int vsecattr2aclentry(vsecattr_t *, si_t **); 66 static int aclentry2vsecattr(si_t *, vsecattr_t *); 67 68 krwlock_t si_cache_lock; /* Protects si_cache */ 69 int si_cachecnt = 64; /* # buckets in si_cache[a|i] */ 70 si_t **si_cachea; /* The 'by acl' cache chains */ 71 si_t **si_cachei; /* The 'by inode' cache chains */ 72 long si_cachehit = 0; 73 long si_cachemiss = 0; 74 75 #define SI_HASH(S) ((int)(S) & (si_cachecnt - 1)) 76 77 /* 78 * Store the new acls in aclp. Attempts to make things atomic. 79 * Search the acl cache for an identical sp and, if found, attach 80 * the cache'd acl to ip. If the acl is new (not in the cache), 81 * add it to the cache, then attach it to ip. Last, remove and 82 * decrement the reference count of any prior acl list attached 83 * to the ip. 84 * 85 * Parameters: 86 * ip - Ptr to inode to receive the acl list 87 * sp - Ptr to in-core acl structure to attach to the inode. 88 * puship - 0 do not push the object inode(ip) 1 push the ip 89 * cr - Ptr to credentials 90 * 91 * Returns: 0 - Success 92 * N - From errno.h 93 */ 94 static int 95 ufs_si_store(struct inode *ip, si_t *sp, int puship, cred_t *cr) 96 { 97 struct vfs *vfsp; 98 struct inode *sip; 99 si_t *oldsp; 100 si_t *csp; 101 caddr_t acldata; 102 ino_t oldshadow; 103 size_t acldatalen; 104 off_t offset; 105 int shadow; 106 int err; 107 int refcnt; 108 int usecnt; 109 int signature; 110 int resid; 111 struct ufsvfs *ufsvfsp = ip->i_ufsvfs; 112 struct fs *fs = ufsvfsp->vfs_fs; 113 114 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 115 ASSERT(ip->i_ufs_acl != sp); 116 117 if (!CHECK_ACL_ALLOWED(ip->i_mode & IFMT)) 118 return (ENOSYS); 119 120 /* 121 * if there are only the three owner/group/other then do not 122 * create a shadow inode. If there is already a shadow with 123 * the file, remove it. 124 * 125 */ 126 if (!sp->ausers && 127 !sp->agroups && 128 !sp->downer && 129 !sp->dgroup && 130 !sp->dother && 131 sp->dclass.acl_ismask == 0 && 132 !sp->dusers && 133 !sp->dgroups) { 134 if (ip->i_ufs_acl) 135 err = ufs_si_free(ip->i_ufs_acl, ITOV(ip)->v_vfsp, cr); 136 ip->i_ufs_acl = NULL; 137 ip->i_shadow = 0; 138 ip->i_flag |= IMOD | IACC; 139 ip->i_mode = (ip->i_smode & ~0777) | 140 ((sp->aowner->acl_ic_perm & 07) << 6) | 141 (((sp->aclass.acl_ismask ? sp->aclass.acl_maskbits : 142 sp->agroup->acl_ic_perm) & 07) << 3) | 143 (sp->aother->acl_ic_perm & 07); 144 TRANS_INODE(ip->i_ufsvfs, ip); 145 ufs_iupdat(ip, 1); 146 ufs_si_free_mem(sp); 147 return (0); 148 } 149 150 loop: 151 152 /* 153 * Check cache. If in cache, use existing shadow inode. 154 * Increment the shadow link count, then attach to the 155 * cached ufs_acl_entry struct, and increment it's reference 156 * count. Then discard the passed-in ufs_acl_entry and 157 * return. 158 */ 159 if (si_cachea_get(ip, sp, &csp) == 0) { 160 ASSERT(RW_WRITE_HELD(&csp->s_lock)); 161 if (ip->i_ufs_acl == csp) { 162 rw_exit(&csp->s_lock); 163 (void) ufs_si_free_mem(sp); 164 return (0); 165 } 166 vfsp = ITOV(ip)->v_vfsp; 167 ASSERT(csp->s_shadow <= INT_MAX); 168 shadow = (int)csp->s_shadow; 169 /* 170 * We can't call ufs_iget while holding the csp locked, 171 * because we might deadlock. So we drop the 172 * lock on csp, then go search the si_cache again 173 * to see if the csp is still there. 174 */ 175 rw_exit(&csp->s_lock); 176 if ((err = ufs_iget(vfsp, shadow, &sip, cr)) != 0) { 177 (void) ufs_si_free_mem(sp); 178 return (EIO); 179 } 180 rw_enter(&sip->i_contents, RW_WRITER); 181 if ((sip->i_mode & IFMT) != IFSHAD || sip->i_nlink <= 0) { 182 rw_exit(&sip->i_contents); 183 VN_RELE(ITOV(sip)); 184 goto loop; 185 } 186 /* Get the csp again */ 187 if (si_cachea_get(ip, sp, &csp) != 0) { 188 rw_exit(&sip->i_contents); 189 VN_RELE(ITOV(sip)); 190 goto loop; 191 } 192 ASSERT(RW_WRITE_HELD(&csp->s_lock)); 193 /* See if we got the right shadow */ 194 if (csp->s_shadow != shadow) { 195 rw_exit(&csp->s_lock); 196 rw_exit(&sip->i_contents); 197 VN_RELE(ITOV(sip)); 198 goto loop; 199 } 200 ASSERT(RW_WRITE_HELD(&sip->i_contents)); 201 ASSERT(sip->i_dquot == 0); 202 /* Increment link count */ 203 ASSERT(sip->i_nlink > 0); 204 sip->i_nlink++; 205 TRANS_INODE(ufsvfsp, sip); 206 csp->s_use = sip->i_nlink; 207 csp->s_ref++; 208 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use); 209 sip->i_flag |= ICHG | IMOD; 210 sip->i_seq++; 211 ITIMES_NOLOCK(sip); 212 /* 213 * Always release s_lock before both releasing i_contents 214 * and calling VN_RELE. 215 */ 216 rw_exit(&csp->s_lock); 217 rw_exit(&sip->i_contents); 218 VN_RELE(ITOV(sip)); 219 (void) ufs_si_free_mem(sp); 220 sp = csp; 221 si_cachehit++; 222 goto switchshadows; 223 } 224 225 /* Alloc a shadow inode and fill it in */ 226 err = ufs_ialloc(ip, ip->i_number, (mode_t)IFSHAD, &sip, cr); 227 if (err) { 228 (void) ufs_si_free_mem(sp); 229 return (err); 230 } 231 rw_enter(&sip->i_contents, RW_WRITER); 232 sip->i_flag |= IACC | IUPD | ICHG; 233 sip->i_seq++; 234 sip->i_mode = (o_mode_t)IFSHAD; 235 ITOV(sip)->v_type = VREG; 236 sip->i_nlink = 1; 237 sip->i_uid = crgetuid(cr); 238 sip->i_suid = (ulong_t)sip->i_uid > (ulong_t)USHRT_MAX ? 239 UID_LONG : sip->i_uid; 240 sip->i_gid = crgetgid(cr); 241 sip->i_sgid = (ulong_t)sip->i_gid > (ulong_t)USHRT_MAX ? 242 GID_LONG : sip->i_gid; 243 sip->i_shadow = 0; 244 TRANS_INODE(ufsvfsp, sip); 245 sip->i_ufs_acl = NULL; 246 ASSERT(sip->i_size == 0); 247 248 sp->s_shadow = sip->i_number; 249 250 if ((err = ufs_sectobuf(sp, &acldata, &acldatalen)) != 0) 251 goto errout; 252 offset = 0; 253 254 /* 255 * We don't actually care about the residual count upon failure, 256 * but giving ufs_rdwri() the pointer means it won't translate 257 * all failures to EIO. Our caller needs to know when ENOSPC 258 * gets hit. 259 */ 260 resid = 0; 261 if (((err = ufs_rdwri(UIO_WRITE, FWRITE|FSYNC, sip, acldata, 262 acldatalen, (offset_t)0, UIO_SYSSPACE, &resid, cr)) != 0) || 263 (resid != 0)) { 264 kmem_free(acldata, acldatalen); 265 if ((resid != 0) && (err == 0)) 266 err = ENOSPC; 267 goto errout; 268 } 269 270 offset += acldatalen; 271 if ((acldatalen + fs->fs_bsize) > ufsvfsp->vfs_maxacl) 272 ufsvfsp->vfs_maxacl = acldatalen + fs->fs_bsize; 273 274 kmem_free(acldata, acldatalen); 275 /* Sync & free the shadow inode */ 276 ufs_iupdat(sip, 1); 277 rw_exit(&sip->i_contents); 278 VN_RELE(ITOV(sip)); 279 280 /* We're committed to using this sp */ 281 sp->s_use = 1; 282 sp->s_ref = 1; 283 284 /* Now put the new acl stuff in the cache */ 285 /* XXX Might make a duplicate */ 286 si_cache_put(sp); 287 si_cachemiss++; 288 289 switchshadows: 290 /* Now switch the parent inode to use the new shadow inode */ 291 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 292 rw_enter(&sp->s_lock, RW_READER); 293 oldsp = ip->i_ufs_acl; 294 oldshadow = ip->i_shadow; 295 ip->i_ufs_acl = sp; 296 ASSERT(sp->s_shadow <= INT_MAX); 297 ip->i_shadow = (int32_t)sp->s_shadow; 298 ASSERT(oldsp != sp); 299 ASSERT(oldshadow != ip->i_number); 300 ASSERT(ip->i_number != ip->i_shadow); 301 /* 302 * Change the mode bits to follow the acl list 303 * 304 * NOTE: a directory is not required to have a "regular" acl 305 * bug id's 1238908, 1257173, 1263171 and 1263188 306 * 307 * but if a "regular" acl is present, it must contain 308 * an "owner", "group", and "other" acl 309 * 310 * If an ACL mask exists, the effective group rights are 311 * set to the mask. Otherwise, the effective group rights 312 * are set to the object group bits. 313 */ 314 if (sp->aowner) { /* Owner */ 315 ip->i_mode &= ~0700; /* clear Owner */ 316 ip->i_mode |= (sp->aowner->acl_ic_perm & 07) << 6; 317 ip->i_uid = sp->aowner->acl_ic_who; 318 } 319 320 if (sp->agroup) { /* Group */ 321 ip->i_mode &= ~0070; /* clear Group */ 322 ip->i_mode |= (sp->agroup->acl_ic_perm & 07) << 3; 323 ip->i_gid = sp->agroup->acl_ic_who; 324 } 325 326 if (sp->aother) { /* Other */ 327 ip->i_mode &= ~0007; /* clear Other */ 328 ip->i_mode |= (sp->aother->acl_ic_perm & 07); 329 } 330 331 if (sp->aclass.acl_ismask) 332 ip->i_mode = (ip->i_mode & ~070) | 333 (((sp->aclass.acl_maskbits & 07) << 3) & 334 ip->i_mode); 335 336 TRANS_INODE(ufsvfsp, ip); 337 rw_exit(&sp->s_lock); 338 ip->i_flag |= ICHG; 339 ip->i_seq++; 340 /* 341 * when creating a file there is no need to push the inode, it 342 * is pushed later 343 */ 344 if (puship == 1) 345 ufs_iupdat(ip, 1); 346 347 /* 348 * Decrement link count on the old shadow inode, 349 * and decrement reference count on the old aclp, 350 */ 351 if (oldshadow) { 352 /* Get the shadow inode */ 353 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 354 vfsp = ITOV(ip)->v_vfsp; 355 if ((err = ufs_iget_alloced(vfsp, oldshadow, &sip, cr)) != 0) { 356 return (EIO); 357 } 358 /* Decrement link count */ 359 rw_enter(&sip->i_contents, RW_WRITER); 360 if (oldsp) 361 rw_enter(&oldsp->s_lock, RW_WRITER); 362 ASSERT(sip->i_dquot == 0); 363 ASSERT(sip->i_nlink > 0); 364 usecnt = --sip->i_nlink; 365 ufs_setreclaim(sip); 366 TRANS_INODE(ufsvfsp, sip); 367 sip->i_flag |= ICHG | IMOD; 368 sip->i_seq++; 369 ITIMES_NOLOCK(sip); 370 if (oldsp) { 371 oldsp->s_use = usecnt; 372 refcnt = --oldsp->s_ref; 373 signature = oldsp->s_signature; 374 /* 375 * Always release s_lock before both releasing 376 * i_contents and calling VN_RELE. 377 */ 378 rw_exit(&oldsp->s_lock); 379 } 380 rw_exit(&sip->i_contents); 381 VN_RELE(ITOV(sip)); 382 if (oldsp && (refcnt == 0)) 383 si_cache_del(oldsp, signature); 384 } 385 return (0); 386 387 errout: 388 /* Throw the newly alloc'd inode away */ 389 sip->i_nlink = 0; 390 ufs_setreclaim(sip); 391 TRANS_INODE(ufsvfsp, sip); 392 ITIMES_NOLOCK(sip); 393 rw_exit(&sip->i_contents); 394 VN_RELE(ITOV(sip)); 395 ASSERT(!sp->s_use && !sp->s_ref && !(sp->s_flags & SI_CACHED)); 396 (void) ufs_si_free_mem(sp); 397 return (err); 398 } 399 400 /* 401 * Load the acls for inode ip either from disk (adding to the cache), 402 * or search the cache and attach the cache'd acl list to the ip. 403 * In either case, maintain the proper reference count on the cached entry. 404 * 405 * Parameters: 406 * ip - Ptr to the inode which needs the acl list loaded 407 * cr - Ptr to credentials 408 * 409 * Returns: 0 - Success 410 * N - From errno.h 411 */ 412 int 413 ufs_si_load(struct inode *ip, cred_t *cr) 414 /* 415 * ip parent inode in 416 * cr credentials in 417 */ 418 { 419 struct vfs *vfsp; 420 struct inode *sip; 421 ufs_fsd_t *fsdp; 422 si_t *sp; 423 vsecattr_t vsecattr = { 424 (uint_t)0, 425 (int)0, 426 (void *)NULL, 427 (int)0, 428 (void *)NULL}; 429 aclent_t *aclp; 430 ufs_acl_t *ufsaclp; 431 caddr_t acldata = NULL; 432 ino_t maxino; 433 int err; 434 size_t acldatalen; 435 int numacls; 436 int shadow; 437 int usecnt; 438 struct ufsvfs *ufsvfsp = ip->i_ufsvfs; 439 struct fs *fs = ufsvfsp->vfs_fs; 440 441 ASSERT(ip != NULL); 442 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 443 ASSERT(ip->i_shadow && ip->i_ufs_acl == NULL); 444 ASSERT((ip->i_mode & IFMT) != IFSHAD); 445 446 if (!CHECK_ACL_ALLOWED(ip->i_mode & IFMT)) 447 return (ENOSYS); 448 449 if (ip->i_shadow == ip->i_number) 450 return (EIO); 451 452 maxino = (ino_t)(ITOF(ip)->fs_ncg * ITOF(ip)->fs_ipg); 453 if (ip->i_shadow < UFSROOTINO || ip->i_shadow > maxino) 454 return (EIO); 455 456 /* 457 * XXX Check cache. If in cache, link to it and increment 458 * the reference count, then return. 459 */ 460 if (si_cachei_get(ip, &sp) == 0) { 461 ASSERT(RW_WRITE_HELD(&sp->s_lock)); 462 ip->i_ufs_acl = sp; 463 sp->s_ref++; 464 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use); 465 rw_exit(&sp->s_lock); 466 si_cachehit++; 467 return (0); 468 } 469 470 /* Get the shadow inode */ 471 vfsp = ITOV(ip)->v_vfsp; 472 shadow = ip->i_shadow; 473 if ((err = ufs_iget_alloced(vfsp, shadow, &sip, cr)) != 0) { 474 return (err); 475 } 476 rw_enter(&sip->i_contents, RW_WRITER); 477 478 if ((sip->i_mode & IFMT) != IFSHAD) { 479 rw_exit(&sip->i_contents); 480 err = EINVAL; 481 goto alldone; 482 } 483 484 ASSERT(sip->i_dquot == 0); 485 usecnt = sip->i_nlink; 486 if ((!ULOCKFS_IS_NOIACC(&ufsvfsp->vfs_ulockfs)) && 487 (!(sip)->i_ufsvfs->vfs_noatime)) { 488 sip->i_flag |= IACC; 489 } 490 rw_downgrade(&sip->i_contents); 491 492 ASSERT(sip->i_size <= MAXOFF_T); 493 /* Read the acl's and other stuff from disk */ 494 acldata = kmem_zalloc((size_t)sip->i_size, KM_SLEEP); 495 acldatalen = sip->i_size; 496 497 err = ufs_rdwri(UIO_READ, FREAD, sip, acldata, acldatalen, (offset_t)0, 498 UIO_SYSSPACE, (int *)0, cr); 499 500 rw_exit(&sip->i_contents); 501 502 if (err) 503 goto alldone; 504 505 /* 506 * Convert from disk format 507 * Result is a vsecattr struct which we then convert to the 508 * si struct. 509 */ 510 bzero((caddr_t)&vsecattr, sizeof (vsecattr_t)); 511 for (fsdp = (ufs_fsd_t *)acldata; 512 fsdp < (ufs_fsd_t *)(acldata + acldatalen); 513 fsdp = (ufs_fsd_t *)((caddr_t)fsdp + 514 FSD_RECSZ(fsdp, fsdp->fsd_size))) { 515 if (fsdp->fsd_size <= 0) 516 break; 517 switch (fsdp->fsd_type) { 518 case FSD_ACL: 519 numacls = vsecattr.vsa_aclcnt = 520 (int)((fsdp->fsd_size - 2 * sizeof (int)) / 521 sizeof (ufs_acl_t)); 522 aclp = vsecattr.vsa_aclentp = 523 kmem_zalloc(numacls * sizeof (aclent_t), KM_SLEEP); 524 for (ufsaclp = (ufs_acl_t *)fsdp->fsd_data; 525 numacls; ufsaclp++) { 526 aclp->a_type = ufsaclp->acl_tag; 527 aclp->a_id = ufsaclp->acl_who; 528 aclp->a_perm = ufsaclp->acl_perm; 529 aclp++; 530 numacls--; 531 } 532 break; 533 case FSD_DFACL: 534 numacls = vsecattr.vsa_dfaclcnt = 535 (int)((fsdp->fsd_size - 2 * sizeof (int)) / 536 sizeof (ufs_acl_t)); 537 aclp = vsecattr.vsa_dfaclentp = 538 kmem_zalloc(numacls * sizeof (aclent_t), KM_SLEEP); 539 for (ufsaclp = (ufs_acl_t *)fsdp->fsd_data; 540 numacls; ufsaclp++) { 541 aclp->a_type = ufsaclp->acl_tag; 542 aclp->a_id = ufsaclp->acl_who; 543 aclp->a_perm = ufsaclp->acl_perm; 544 aclp++; 545 numacls--; 546 } 547 break; 548 } 549 } 550 /* Sort the lists */ 551 if (vsecattr.vsa_aclentp) { 552 ksort((caddr_t)vsecattr.vsa_aclentp, vsecattr.vsa_aclcnt, 553 sizeof (aclent_t), cmp2acls); 554 if ((err = acl_validate(vsecattr.vsa_aclentp, 555 vsecattr.vsa_aclcnt, ACL_CHECK)) != 0) { 556 goto alldone; 557 } 558 } 559 if (vsecattr.vsa_dfaclentp) { 560 ksort((caddr_t)vsecattr.vsa_dfaclentp, vsecattr.vsa_dfaclcnt, 561 sizeof (aclent_t), cmp2acls); 562 if ((err = acl_validate(vsecattr.vsa_dfaclentp, 563 vsecattr.vsa_dfaclcnt, DEF_ACL_CHECK)) != 0) { 564 goto alldone; 565 } 566 } 567 568 /* ignore shadow inodes without ACLs */ 569 if (!vsecattr.vsa_aclentp && !vsecattr.vsa_dfaclentp) { 570 err = 0; 571 goto alldone; 572 } 573 574 /* Convert from vsecattr struct to ufs_acl_entry struct */ 575 if ((err = vsecattr2aclentry(&vsecattr, &sp)) != 0) { 576 goto alldone; 577 } 578 579 /* There aren't filled in by vsecattr2aclentry */ 580 sp->s_shadow = ip->i_shadow; 581 sp->s_dev = ip->i_dev; 582 sp->s_use = usecnt; 583 sp->s_ref = 1; 584 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use); 585 586 /* XXX Might make a duplicate */ 587 si_cache_put(sp); 588 589 /* Signal anyone waiting on this shadow to be loaded */ 590 ip->i_ufs_acl = sp; 591 err = 0; 592 si_cachemiss++; 593 if ((acldatalen + fs->fs_bsize) > ufsvfsp->vfs_maxacl) 594 ufsvfsp->vfs_maxacl = acldatalen + fs->fs_bsize; 595 alldone: 596 /* 597 * Common exit point. Mark shadow inode as ISTALE 598 * if we detect an internal inconsistency, to 599 * prevent stray inodes appearing in the cache. 600 */ 601 if (err) { 602 rw_enter(&sip->i_contents, RW_READER); 603 mutex_enter(&sip->i_tlock); 604 sip->i_flag |= ISTALE; 605 mutex_exit(&sip->i_tlock); 606 rw_exit(&sip->i_contents); 607 } 608 VN_RELE(ITOV(sip)); 609 610 /* 611 * Cleanup of data structures allocated 612 * on the fly. 613 */ 614 if (acldata) 615 kmem_free(acldata, acldatalen); 616 617 if (vsecattr.vsa_aclentp) 618 kmem_free(vsecattr.vsa_aclentp, 619 vsecattr.vsa_aclcnt * sizeof (aclent_t)); 620 if (vsecattr.vsa_dfaclentp) 621 kmem_free(vsecattr.vsa_dfaclentp, 622 vsecattr.vsa_dfaclcnt * sizeof (aclent_t)); 623 return (err); 624 } 625 626 /* 627 * Check the inode's ACL's to see if this mode of access is 628 * allowed; return 0 if allowed, EACCES if not. 629 * 630 * We follow the procedure defined in Sec. 3.3.5, ACL Access 631 * Check Algorithm, of the POSIX 1003.6 Draft Standard. 632 */ 633 int 634 ufs_acl_access(struct inode *ip, int mode, cred_t *cr) 635 /* 636 * ip parent inode 637 * mode mode of access read, write, execute/examine 638 * cr credentials 639 */ 640 { 641 ufs_ic_acl_t *acl; 642 int ismask, mask = 0; 643 int gperm = 0; 644 int ngroup = 0; 645 si_t *sp = NULL; 646 uid_t uid = crgetuid(cr); 647 uid_t owner; 648 649 ASSERT(ip->i_ufs_acl != NULL); 650 651 sp = ip->i_ufs_acl; 652 653 ismask = sp->aclass.acl_ismask ? 654 sp->aclass.acl_ismask : NULL; 655 656 if (ismask) 657 mask = sp->aclass.acl_maskbits; 658 else 659 mask = -1; 660 661 /* 662 * (1) If user owns the file, obey user mode bits 663 */ 664 owner = sp->aowner->acl_ic_who; 665 if (uid == owner) { 666 return (MODE_CHECK(owner, mode, (sp->aowner->acl_ic_perm << 6), 667 cr, ip)); 668 } 669 670 /* 671 * (2) Obey any matching ACL_USER entry 672 */ 673 if (sp->ausers) 674 for (acl = sp->ausers; acl != NULL; acl = acl->acl_ic_next) { 675 if (acl->acl_ic_who == uid) { 676 return (MODE_CHECK(owner, mode, 677 (mask & acl->acl_ic_perm) << 6, cr, ip)); 678 } 679 } 680 681 /* 682 * (3) If user belongs to file's group, obey group mode bits 683 * if no ACL mask is defined; if there is an ACL mask, we look 684 * at both the group mode bits and any ACL_GROUP entries. 685 */ 686 if (groupmember((uid_t)sp->agroup->acl_ic_who, cr)) { 687 ngroup++; 688 gperm = (sp->agroup->acl_ic_perm); 689 if (!ismask) 690 return (MODE_CHECK(owner, mode, (gperm << 6), cr, ip)); 691 } 692 693 /* 694 * (4) Accumulate the permissions in matching ACL_GROUP entries 695 */ 696 if (sp->agroups) 697 for (acl = sp->agroups; acl != NULL; acl = acl->acl_ic_next) 698 { 699 if (groupmember(acl->acl_ic_who, cr)) { 700 ngroup++; 701 gperm |= acl->acl_ic_perm; 702 } 703 } 704 705 if (ngroup != 0) 706 return (MODE_CHECK(owner, mode, ((gperm & mask) << 6), cr, ip)); 707 708 /* 709 * (5) Finally, use the "other" mode bits 710 */ 711 return (MODE_CHECK(owner, mode, sp->aother->acl_ic_perm << 6, cr, ip)); 712 } 713 714 /*ARGSUSED2*/ 715 int 716 ufs_acl_get(struct inode *ip, vsecattr_t *vsap, int flag, cred_t *cr) 717 { 718 aclent_t *aclentp; 719 720 ASSERT(RW_LOCK_HELD(&ip->i_contents)); 721 722 /* XXX Range check, sanity check, shadow check */ 723 /* If an ACL is present, get the data from the shadow inode info */ 724 if (ip->i_ufs_acl) 725 return (aclentry2vsecattr(ip->i_ufs_acl, vsap)); 726 727 /* 728 * If no ACLs are present, fabricate one from the mode bits. 729 * This code is almost identical to fs_fab_acl(), but we 730 * already have the mode bits handy, so we'll avoid going 731 * through VOP_GETATTR() again. 732 */ 733 734 vsap->vsa_aclcnt = 0; 735 vsap->vsa_aclentp = NULL; 736 vsap->vsa_dfaclcnt = 0; /* Default ACLs are not fabricated */ 737 vsap->vsa_dfaclentp = NULL; 738 739 if (vsap->vsa_mask & (VSA_ACLCNT | VSA_ACL)) 740 vsap->vsa_aclcnt = 4; /* USER, GROUP, OTHER, and CLASS */ 741 742 if (vsap->vsa_mask & VSA_ACL) { 743 vsap->vsa_aclentp = kmem_zalloc(4 * sizeof (aclent_t), 744 KM_SLEEP); 745 if (vsap->vsa_aclentp == NULL) 746 return (ENOMEM); 747 aclentp = vsap->vsa_aclentp; 748 749 /* Owner */ 750 aclentp->a_type = USER_OBJ; 751 aclentp->a_perm = ((ushort_t)(ip->i_mode & 0700)) >> 6; 752 aclentp->a_id = ip->i_uid; /* Really undefined */ 753 aclentp++; 754 755 /* Group */ 756 aclentp->a_type = GROUP_OBJ; 757 aclentp->a_perm = ((ushort_t)(ip->i_mode & 0070)) >> 3; 758 aclentp->a_id = ip->i_gid; /* Really undefined */ 759 aclentp++; 760 761 /* Other */ 762 aclentp->a_type = OTHER_OBJ; 763 aclentp->a_perm = ip->i_mode & 0007; 764 aclentp->a_id = 0; /* Really undefined */ 765 aclentp++; 766 767 /* Class */ 768 aclentp->a_type = CLASS_OBJ; 769 aclentp->a_perm = ((ushort_t)(ip->i_mode & 0070)) >> 3; 770 aclentp->a_id = 0; /* Really undefined */ 771 ksort((caddr_t)vsap->vsa_aclentp, vsap->vsa_aclcnt, 772 sizeof (aclent_t), cmp2acls); 773 } 774 775 return (0); 776 } 777 778 /*ARGSUSED2*/ 779 int 780 ufs_acl_set(struct inode *ip, vsecattr_t *vsap, int flag, cred_t *cr) 781 { 782 si_t *sp; 783 int err; 784 785 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 786 787 if (!CHECK_ACL_ALLOWED(ip->i_mode & IFMT)) 788 return (ENOSYS); 789 790 /* 791 * only the owner of the file or privileged users can change the ACLs 792 */ 793 if (secpolicy_vnode_setdac(cr, ip->i_uid) != 0) 794 return (EPERM); 795 796 /* Convert from vsecattr struct to ufs_acl_entry struct */ 797 if ((err = vsecattr2aclentry(vsap, &sp)) != 0) 798 return (err); 799 sp->s_dev = ip->i_dev; 800 801 /* 802 * Make the user & group objs in the acl list follow what's 803 * in the inode. 804 */ 805 #ifdef DEBUG 806 if (vsap->vsa_mask == VSA_ACL) { 807 ASSERT(sp->aowner); 808 ASSERT(sp->agroup); 809 ASSERT(sp->aother); 810 } 811 #endif /* DEBUG */ 812 813 if (sp->aowner) 814 sp->aowner->acl_ic_who = ip->i_uid; 815 if (sp->agroup) 816 sp->agroup->acl_ic_who = ip->i_gid; 817 818 /* 819 * Write and cache the new acl list 820 */ 821 err = ufs_si_store(ip, sp, 1, cr); 822 823 return (err); 824 } 825 826 /* 827 * XXX Scan sorted array of acl's, checking for: 828 * 1) Any duplicate/conflicting entries (same type and id) 829 * 2) More than 1 of USER_OBJ, GROUP_OBJ, OTHER_OBJ, CLASS_OBJ 830 * 3) More than 1 of DEF_USER_OBJ, DEF_GROUP_OBJ, DEF_OTHER_OBJ, DEF_CLASS_OBJ 831 * 832 * Parameters: 833 * aclentp - ptr to sorted list of acl entries. 834 * nentries - # acl entries on the list 835 * flag - Bitmap (ACL_CHECK and/or DEF_ACL_CHECK) indicating whether the 836 * list contains regular acls, default acls, or both. 837 * 838 * Returns: 0 - Success 839 * EINVAL - Invalid list (dups or multiple entries of type USER_OBJ, etc) 840 */ 841 static int 842 acl_validate(aclent_t *aclentp, int nentries, int flag) 843 { 844 int i; 845 int nuser_objs = 0; 846 int ngroup_objs = 0; 847 int nother_objs = 0; 848 int nclass_objs = 0; 849 int ndef_user_objs = 0; 850 int ndef_group_objs = 0; 851 int ndef_other_objs = 0; 852 int ndef_class_objs = 0; 853 int nusers = 0; 854 int ngroups = 0; 855 int ndef_users = 0; 856 int ndef_groups = 0; 857 int numdefs = 0; 858 859 /* Null list or list of one */ 860 if (aclentp == NULL) 861 return (0); 862 863 if (nentries <= 0) 864 return (EINVAL); 865 866 for (i = 1; i < nentries; i++) { 867 if (((aclentp[i - 1].a_type == aclentp[i].a_type) && 868 (aclentp[i - 1].a_id == aclentp[i].a_id)) || 869 (aclentp[i - 1].a_perm > 07)) { 870 return (EINVAL); 871 } 872 } 873 874 if (flag == 0 || (flag != ACL_CHECK && flag != DEF_ACL_CHECK)) 875 return (EINVAL); 876 877 /* Count types */ 878 for (i = 0; i < nentries; i++) { 879 switch (aclentp[i].a_type) { 880 case USER_OBJ: /* Owner */ 881 nuser_objs++; 882 break; 883 case GROUP_OBJ: /* Group */ 884 ngroup_objs++; 885 break; 886 case OTHER_OBJ: /* Other */ 887 nother_objs++; 888 break; 889 case CLASS_OBJ: /* Mask */ 890 nclass_objs++; 891 break; 892 case DEF_USER_OBJ: /* Default Owner */ 893 ndef_user_objs++; 894 break; 895 case DEF_GROUP_OBJ: /* Default Group */ 896 ndef_group_objs++; 897 break; 898 case DEF_OTHER_OBJ: /* Default Other */ 899 ndef_other_objs++; 900 break; 901 case DEF_CLASS_OBJ: /* Default Mask */ 902 ndef_class_objs++; 903 break; 904 case USER: /* Users */ 905 nusers++; 906 break; 907 case GROUP: /* Groups */ 908 ngroups++; 909 break; 910 case DEF_USER: /* Default Users */ 911 ndef_users++; 912 break; 913 case DEF_GROUP: /* Default Groups */ 914 ndef_groups++; 915 break; 916 default: /* Unknown type */ 917 return (EINVAL); 918 } 919 } 920 921 /* 922 * For normal acl's, we require there be one (and only one) 923 * USER_OBJ, GROUP_OBJ and OTHER_OBJ. There is either zero 924 * or one CLASS_OBJ. 925 */ 926 if (flag & ACL_CHECK) { 927 if (nuser_objs != 1 || ngroup_objs != 1 || 928 nother_objs != 1 || nclass_objs > 1) { 929 return (EINVAL); 930 } 931 /* 932 * If there are ANY group acls, there MUST be a 933 * class_obj(mask) acl (1003.6/D12 p. 29 lines 75-80). 934 */ 935 if (ngroups && !nclass_objs) { 936 return (EINVAL); 937 } 938 if (nuser_objs + ngroup_objs + nother_objs + nclass_objs + 939 ngroups + nusers > MAX_ACL_ENTRIES) 940 return (EINVAL); 941 } 942 943 /* 944 * For default acl's, we require that there be either one (and only one) 945 * DEF_USER_OBJ, DEF_GROUP_OBJ and DEF_OTHER_OBJ 946 * or there be none of them. 947 */ 948 if (flag & DEF_ACL_CHECK) { 949 if (ndef_other_objs > 1 || ndef_user_objs > 1 || 950 ndef_group_objs > 1 || ndef_class_objs > 1) { 951 return (EINVAL); 952 } 953 954 numdefs = ndef_other_objs + ndef_user_objs + ndef_group_objs; 955 956 if (numdefs != 0 && numdefs != 3) { 957 return (EINVAL); 958 } 959 /* 960 * If there are ANY def_group acls, there MUST be a 961 * def_class_obj(mask) acl (1003.6/D12 P. 29 lines 75-80). 962 * XXX(jimh) This is inferred. 963 */ 964 if (ndef_groups && !ndef_class_objs) { 965 return (EINVAL); 966 } 967 if ((ndef_users || ndef_groups) && 968 ((numdefs != 3) && !ndef_class_objs)) { 969 return (EINVAL); 970 } 971 if (ndef_user_objs + ndef_group_objs + ndef_other_objs + 972 ndef_class_objs + ndef_users + ndef_groups > 973 MAX_ACL_ENTRIES) 974 return (EINVAL); 975 } 976 return (0); 977 } 978 979 static int 980 formacl(ufs_ic_acl_t **aclpp, aclent_t *aclentp) 981 { 982 ufs_ic_acl_t *uaclp; 983 984 uaclp = kmem_alloc(sizeof (ufs_ic_acl_t), KM_SLEEP); 985 uaclp->acl_ic_perm = aclentp->a_perm; 986 uaclp->acl_ic_who = aclentp->a_id; 987 uaclp->acl_ic_next = *aclpp; 988 *aclpp = uaclp; 989 return (0); 990 } 991 992 /* 993 * XXX - Make more efficient 994 * Convert from the vsecattr struct, used by the VOP interface, to 995 * the ufs_acl_entry struct used for in-core storage of acl's. 996 * 997 * Parameters: 998 * vsap - Ptr to array of security attributes. 999 * spp - Ptr to ptr to si struct for the results 1000 * 1001 * Returns: 0 - Success 1002 * N - From errno.h 1003 */ 1004 static int 1005 vsecattr2aclentry(vsecattr_t *vsap, si_t **spp) 1006 { 1007 aclent_t *aclentp, *aclp; 1008 si_t *sp; 1009 int err; 1010 int i; 1011 1012 /* Sort & validate the lists on the vsap */ 1013 ksort((caddr_t)vsap->vsa_aclentp, vsap->vsa_aclcnt, 1014 sizeof (aclent_t), cmp2acls); 1015 ksort((caddr_t)vsap->vsa_dfaclentp, vsap->vsa_dfaclcnt, 1016 sizeof (aclent_t), cmp2acls); 1017 if ((err = acl_validate(vsap->vsa_aclentp, 1018 vsap->vsa_aclcnt, ACL_CHECK)) != 0) 1019 return (err); 1020 if ((err = acl_validate(vsap->vsa_dfaclentp, 1021 vsap->vsa_dfaclcnt, DEF_ACL_CHECK)) != 0) 1022 return (err); 1023 1024 /* Create new si struct and hang acl's off it */ 1025 sp = kmem_zalloc(sizeof (si_t), KM_SLEEP); 1026 rw_init(&sp->s_lock, NULL, RW_DEFAULT, NULL); 1027 1028 /* Process acl list */ 1029 aclp = (aclent_t *)vsap->vsa_aclentp; 1030 aclentp = aclp + vsap->vsa_aclcnt - 1; 1031 for (i = 0; i < vsap->vsa_aclcnt; i++) { 1032 switch (aclentp->a_type) { 1033 case USER_OBJ: /* Owner */ 1034 if (err = formacl(&sp->aowner, aclentp)) 1035 goto error; 1036 break; 1037 case GROUP_OBJ: /* Group */ 1038 if (err = formacl(&sp->agroup, aclentp)) 1039 goto error; 1040 break; 1041 case OTHER_OBJ: /* Other */ 1042 if (err = formacl(&sp->aother, aclentp)) 1043 goto error; 1044 break; 1045 case USER: 1046 if (err = formacl(&sp->ausers, aclentp)) 1047 goto error; 1048 break; 1049 case CLASS_OBJ: /* Mask */ 1050 sp->aclass.acl_ismask = 1; 1051 sp->aclass.acl_maskbits = aclentp->a_perm; 1052 break; 1053 case GROUP: 1054 if (err = formacl(&sp->agroups, aclentp)) 1055 goto error; 1056 break; 1057 default: 1058 break; 1059 } 1060 aclentp--; 1061 } 1062 1063 /* Process default acl list */ 1064 aclp = (aclent_t *)vsap->vsa_dfaclentp; 1065 aclentp = aclp + vsap->vsa_dfaclcnt - 1; 1066 for (i = 0; i < vsap->vsa_dfaclcnt; i++) { 1067 switch (aclentp->a_type) { 1068 case DEF_USER_OBJ: /* Default Owner */ 1069 if (err = formacl(&sp->downer, aclentp)) 1070 goto error; 1071 break; 1072 case DEF_GROUP_OBJ: /* Default Group */ 1073 if (err = formacl(&sp->dgroup, aclentp)) 1074 goto error; 1075 break; 1076 case DEF_OTHER_OBJ: /* Default Other */ 1077 if (err = formacl(&sp->dother, aclentp)) 1078 goto error; 1079 break; 1080 case DEF_USER: 1081 if (err = formacl(&sp->dusers, aclentp)) 1082 goto error; 1083 break; 1084 case DEF_CLASS_OBJ: /* Default Mask */ 1085 sp->dclass.acl_ismask = 1; 1086 sp->dclass.acl_maskbits = aclentp->a_perm; 1087 break; 1088 case DEF_GROUP: 1089 if (err = formacl(&sp->dgroups, aclentp)) 1090 goto error; 1091 break; 1092 default: 1093 break; 1094 } 1095 aclentp--; 1096 } 1097 *spp = sp; 1098 return (0); 1099 1100 error: 1101 ufs_si_free_mem(sp); 1102 return (err); 1103 } 1104 1105 void 1106 formvsec(int obj_type, ufs_ic_acl_t *aclp, aclent_t **aclentpp) 1107 { 1108 for (; aclp; aclp = aclp->acl_ic_next) { 1109 (*aclentpp)->a_type = obj_type; 1110 (*aclentpp)->a_perm = aclp->acl_ic_perm; 1111 (*aclentpp)->a_id = aclp->acl_ic_who; 1112 (*aclentpp)++; 1113 } 1114 } 1115 1116 /* 1117 * XXX - Make more efficient 1118 * Convert from the ufs_acl_entry struct used for in-core storage of acl's 1119 * to the vsecattr struct, used by the VOP interface. 1120 * 1121 * Parameters: 1122 * sp - Ptr to si struct with the acls 1123 * vsap - Ptr to a vsecattr struct which will take the results. 1124 * 1125 * Returns: 0 - Success 1126 * N - From errno table 1127 */ 1128 static int 1129 aclentry2vsecattr(si_t *sp, vsecattr_t *vsap) 1130 { 1131 aclent_t *aclentp; 1132 int numacls = 0; 1133 int err; 1134 1135 vsap->vsa_aclentp = vsap->vsa_dfaclentp = NULL; 1136 1137 numacls = acl_count(sp->aowner) + 1138 acl_count(sp->agroup) + 1139 acl_count(sp->aother) + 1140 acl_count(sp->ausers) + 1141 acl_count(sp->agroups); 1142 if (sp->aclass.acl_ismask) 1143 numacls++; 1144 1145 if (numacls == 0) 1146 goto do_defaults; 1147 1148 if (vsap->vsa_mask & (VSA_ACLCNT | VSA_ACL)) 1149 vsap->vsa_aclcnt = numacls; 1150 1151 if (vsap->vsa_mask & VSA_ACL) { 1152 vsap->vsa_aclentp = kmem_zalloc(numacls * sizeof (aclent_t), 1153 KM_SLEEP); 1154 aclentp = vsap->vsa_aclentp; 1155 1156 formvsec(USER_OBJ, sp->aowner, &aclentp); 1157 formvsec(USER, sp->ausers, &aclentp); 1158 formvsec(GROUP_OBJ, sp->agroup, &aclentp); 1159 formvsec(GROUP, sp->agroups, &aclentp); 1160 formvsec(OTHER_OBJ, sp->aother, &aclentp); 1161 1162 if (sp->aclass.acl_ismask) { 1163 aclentp->a_type = CLASS_OBJ; /* Mask */ 1164 aclentp->a_perm = sp->aclass.acl_maskbits; 1165 aclentp->a_id = 0; 1166 aclentp++; 1167 } 1168 1169 /* Sort the acl list */ 1170 ksort((caddr_t)vsap->vsa_aclentp, vsap->vsa_aclcnt, 1171 sizeof (aclent_t), cmp2acls); 1172 /* Check the acl list */ 1173 if ((err = acl_validate(vsap->vsa_aclentp, 1174 vsap->vsa_aclcnt, ACL_CHECK)) != 0) { 1175 kmem_free(vsap->vsa_aclentp, numacls * 1176 sizeof (aclent_t)); 1177 vsap->vsa_aclentp = NULL; 1178 return (err); 1179 } 1180 1181 } 1182 do_defaults: 1183 /* Process Defaults */ 1184 1185 numacls = acl_count(sp->downer) + 1186 acl_count(sp->dgroup) + 1187 acl_count(sp->dother) + 1188 acl_count(sp->dusers) + 1189 acl_count(sp->dgroups); 1190 if (sp->dclass.acl_ismask) 1191 numacls++; 1192 1193 if (numacls == 0) 1194 goto do_others; 1195 1196 if (vsap->vsa_mask & (VSA_DFACLCNT | VSA_DFACL)) 1197 vsap->vsa_dfaclcnt = numacls; 1198 1199 if (vsap->vsa_mask & VSA_DFACL) { 1200 vsap->vsa_dfaclentp = kmem_zalloc(numacls * sizeof (aclent_t), 1201 KM_SLEEP); 1202 aclentp = vsap->vsa_dfaclentp; 1203 formvsec(DEF_USER_OBJ, sp->downer, &aclentp); 1204 formvsec(DEF_USER, sp->dusers, &aclentp); 1205 formvsec(DEF_GROUP_OBJ, sp->dgroup, &aclentp); 1206 formvsec(DEF_GROUP, sp->dgroups, &aclentp); 1207 formvsec(DEF_OTHER_OBJ, sp->dother, &aclentp); 1208 1209 if (sp->dclass.acl_ismask) { 1210 aclentp->a_type = DEF_CLASS_OBJ; /* Mask */ 1211 aclentp->a_perm = sp->dclass.acl_maskbits; 1212 aclentp->a_id = 0; 1213 aclentp++; 1214 } 1215 1216 /* Sort the default acl list */ 1217 ksort((caddr_t)vsap->vsa_dfaclentp, vsap->vsa_dfaclcnt, 1218 sizeof (aclent_t), cmp2acls); 1219 if ((err = acl_validate(vsap->vsa_dfaclentp, 1220 vsap->vsa_dfaclcnt, DEF_ACL_CHECK)) != 0) { 1221 if (vsap->vsa_aclentp != NULL) 1222 kmem_free(vsap->vsa_aclentp, 1223 vsap->vsa_aclcnt * sizeof (aclent_t)); 1224 kmem_free(vsap->vsa_dfaclentp, 1225 vsap->vsa_dfaclcnt * sizeof (aclent_t)); 1226 vsap->vsa_aclentp = vsap->vsa_dfaclentp = NULL; 1227 return (err); 1228 } 1229 } 1230 1231 do_others: 1232 return (0); 1233 } 1234 1235 static void 1236 acl_free(ufs_ic_acl_t *aclp) 1237 { 1238 while (aclp != NULL) { 1239 ufs_ic_acl_t *nextaclp = aclp->acl_ic_next; 1240 kmem_free(aclp, sizeof (ufs_ic_acl_t)); 1241 aclp = nextaclp; 1242 } 1243 } 1244 1245 /* 1246 * ufs_si_free_mem will discard the sp, and the acl hanging off of the 1247 * sp. It is required that the sp not be locked, and not be in the 1248 * cache. 1249 * 1250 * input: pointer to sp to discard. 1251 * 1252 * return - nothing. 1253 * 1254 */ 1255 static void 1256 ufs_si_free_mem(si_t *sp) 1257 { 1258 ASSERT(!(sp->s_flags & SI_CACHED)); 1259 ASSERT(!RW_LOCK_HELD(&sp->s_lock)); 1260 /* 1261 * remove from the cache 1262 * free the acl entries 1263 */ 1264 acl_free(sp->aowner); 1265 acl_free(sp->agroup); 1266 acl_free(sp->aother); 1267 acl_free(sp->ausers); 1268 acl_free(sp->agroups); 1269 1270 acl_free(sp->downer); 1271 acl_free(sp->dgroup); 1272 acl_free(sp->dother); 1273 acl_free(sp->dusers); 1274 acl_free(sp->dgroups); 1275 1276 rw_destroy(&sp->s_lock); 1277 kmem_free(sp, sizeof (si_t)); 1278 } 1279 1280 void 1281 acl_cpy(ufs_ic_acl_t *saclp, ufs_ic_acl_t *daclp) 1282 { 1283 ufs_ic_acl_t *aclp, *prev_aclp = NULL, *aclp1; 1284 1285 if (saclp == NULL) { 1286 daclp = NULL; 1287 return; 1288 } 1289 prev_aclp = daclp; 1290 1291 for (aclp = saclp; aclp != NULL; aclp = aclp->acl_ic_next) { 1292 aclp1 = kmem_alloc(sizeof (ufs_ic_acl_t), KM_SLEEP); 1293 aclp1->acl_ic_next = NULL; 1294 aclp1->acl_ic_who = aclp->acl_ic_who; 1295 aclp1->acl_ic_perm = aclp->acl_ic_perm; 1296 prev_aclp->acl_ic_next = aclp1; 1297 prev_aclp = (ufs_ic_acl_t *)&aclp1->acl_ic_next; 1298 } 1299 } 1300 1301 /* 1302 * ufs_si_inherit takes a parent acl structure (saclp) and the inode 1303 * of the object that is inheriting an acl and returns the inode 1304 * with the acl linked to it. It also writes the acl to disk if 1305 * it is a unique inode. 1306 * 1307 * ip - pointer to inode of object inheriting the acl (contents lock) 1308 * tdp - parent inode (rw_lock and contents lock) 1309 * mode - creation modes 1310 * cr - credentials pointer 1311 */ 1312 int 1313 ufs_si_inherit(struct inode *ip, struct inode *tdp, o_mode_t mode, cred_t *cr) 1314 { 1315 si_t *tsp, *sp = tdp->i_ufs_acl; 1316 int error; 1317 o_mode_t old_modes, old_uid, old_gid; 1318 int mask; 1319 1320 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 1321 ASSERT(RW_WRITE_HELD(&tdp->i_rwlock)); 1322 ASSERT(RW_WRITE_HELD(&tdp->i_contents)); 1323 1324 /* 1325 * if links/symbolic links, or other invalid acl objects are copied 1326 * or moved to a directory with a default acl do not allow inheritance 1327 * just return. 1328 */ 1329 if (!CHECK_ACL_ALLOWED(ip->i_mode & IFMT)) 1330 return (0); 1331 1332 /* lock the parent security information */ 1333 rw_enter(&sp->s_lock, RW_READER); 1334 1335 ASSERT(((tdp->i_mode & IFMT) == IFDIR) || 1336 ((tdp->i_mode & IFMT) == IFATTRDIR)); 1337 1338 mask = ((sp->downer != NULL) ? 1 : 0) | 1339 ((sp->dgroup != NULL) ? 2 : 0) | 1340 ((sp->dother != NULL) ? 4 : 0); 1341 1342 if (mask == 0) { 1343 rw_exit(&sp->s_lock); 1344 return (0); 1345 } 1346 1347 if (mask != 7) { 1348 rw_exit(&sp->s_lock); 1349 return (EINVAL); 1350 } 1351 1352 tsp = kmem_zalloc(sizeof (si_t), KM_SLEEP); 1353 rw_init(&tsp->s_lock, NULL, RW_DEFAULT, NULL); 1354 1355 /* copy the default acls */ 1356 1357 ASSERT(RW_READ_HELD(&sp->s_lock)); 1358 acl_cpy(sp->downer, (ufs_ic_acl_t *)&tsp->aowner); 1359 acl_cpy(sp->dgroup, (ufs_ic_acl_t *)&tsp->agroup); 1360 acl_cpy(sp->dother, (ufs_ic_acl_t *)&tsp->aother); 1361 acl_cpy(sp->dusers, (ufs_ic_acl_t *)&tsp->ausers); 1362 acl_cpy(sp->dgroups, (ufs_ic_acl_t *)&tsp->agroups); 1363 tsp->aclass.acl_ismask = sp->dclass.acl_ismask; 1364 tsp->aclass.acl_maskbits = sp->dclass.acl_maskbits; 1365 1366 /* 1367 * set the owner, group, and other values from the master 1368 * inode. 1369 */ 1370 1371 MODE2ACL(tsp->aowner, (mode >> 6), ip->i_uid); 1372 MODE2ACL(tsp->agroup, (mode >> 3), ip->i_gid); 1373 MODE2ACL(tsp->aother, (mode), 0); 1374 1375 if (tsp->aclass.acl_ismask) { 1376 tsp->aclass.acl_maskbits &= mode >> 3; 1377 } 1378 1379 1380 /* copy default acl if necessary */ 1381 1382 if (((ip->i_mode & IFMT) == IFDIR) || 1383 ((ip->i_mode & IFMT) == IFATTRDIR)) { 1384 acl_cpy(sp->downer, (ufs_ic_acl_t *)&tsp->downer); 1385 acl_cpy(sp->dgroup, (ufs_ic_acl_t *)&tsp->dgroup); 1386 acl_cpy(sp->dother, (ufs_ic_acl_t *)&tsp->dother); 1387 acl_cpy(sp->dusers, (ufs_ic_acl_t *)&tsp->dusers); 1388 acl_cpy(sp->dgroups, (ufs_ic_acl_t *)&tsp->dgroups); 1389 tsp->dclass.acl_ismask = sp->dclass.acl_ismask; 1390 tsp->dclass.acl_maskbits = sp->dclass.acl_maskbits; 1391 } 1392 /* 1393 * save the new 9 mode bits in the inode (ip->ic_smode) for 1394 * ufs_getattr. Be sure the mode can be recovered if the store 1395 * fails. 1396 */ 1397 old_modes = ip->i_mode; 1398 old_uid = ip->i_uid; 1399 old_gid = ip->i_gid; 1400 /* 1401 * store the acl, and get back a new security anchor if 1402 * it is a duplicate. 1403 */ 1404 rw_exit(&sp->s_lock); 1405 rw_enter(&ip->i_rwlock, RW_WRITER); 1406 1407 /* 1408 * Suppress out of inodes messages if instructed in the 1409 * tdp inode. 1410 */ 1411 ip->i_flag |= tdp->i_flag & IQUIET; 1412 1413 if ((error = ufs_si_store(ip, tsp, 0, cr)) != 0) { 1414 ip->i_mode = old_modes; 1415 ip->i_uid = old_uid; 1416 ip->i_gid = old_gid; 1417 } 1418 ip->i_flag &= ~IQUIET; 1419 rw_exit(&ip->i_rwlock); 1420 return (error); 1421 } 1422 1423 si_t * 1424 ufs_acl_cp(si_t *sp) 1425 { 1426 1427 si_t *dsp; 1428 1429 ASSERT(RW_READ_HELD(&sp->s_lock)); 1430 ASSERT(sp->s_ref && sp->s_use); 1431 1432 dsp = kmem_zalloc(sizeof (si_t), KM_SLEEP); 1433 rw_init(&dsp->s_lock, NULL, RW_DEFAULT, NULL); 1434 1435 acl_cpy(sp->aowner, (ufs_ic_acl_t *)&dsp->aowner); 1436 acl_cpy(sp->agroup, (ufs_ic_acl_t *)&dsp->agroup); 1437 acl_cpy(sp->aother, (ufs_ic_acl_t *)&dsp->aother); 1438 acl_cpy(sp->ausers, (ufs_ic_acl_t *)&dsp->ausers); 1439 acl_cpy(sp->agroups, (ufs_ic_acl_t *)&dsp->agroups); 1440 1441 dsp->aclass.acl_ismask = sp->aclass.acl_ismask; 1442 dsp->aclass.acl_maskbits = sp->aclass.acl_maskbits; 1443 1444 acl_cpy(sp->downer, (ufs_ic_acl_t *)&dsp->downer); 1445 acl_cpy(sp->dgroup, (ufs_ic_acl_t *)&dsp->dgroup); 1446 acl_cpy(sp->dother, (ufs_ic_acl_t *)&dsp->dother); 1447 acl_cpy(sp->dusers, (ufs_ic_acl_t *)&dsp->dusers); 1448 acl_cpy(sp->dgroups, (ufs_ic_acl_t *)&dsp->dgroups); 1449 1450 dsp->dclass.acl_ismask = sp->dclass.acl_ismask; 1451 dsp->dclass.acl_maskbits = sp->dclass.acl_maskbits; 1452 1453 return (dsp); 1454 1455 } 1456 1457 int 1458 ufs_acl_setattr(struct inode *ip, struct vattr *vap, cred_t *cr) 1459 { 1460 1461 si_t *sp; 1462 int mask = vap->va_mask; 1463 int error = 0; 1464 1465 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 1466 1467 if (!(mask & (AT_MODE|AT_UID|AT_GID))) 1468 return (0); 1469 1470 /* 1471 * if no regular acl's, nothing to do, so let's get out 1472 */ 1473 if (!(ip->i_ufs_acl) || !(ip->i_ufs_acl->aowner)) 1474 return (0); 1475 1476 rw_enter(&ip->i_ufs_acl->s_lock, RW_READER); 1477 sp = ufs_acl_cp(ip->i_ufs_acl); 1478 ASSERT(sp != ip->i_ufs_acl); 1479 1480 /* 1481 * set the mask to the group permissions if a mask entry 1482 * exists. Otherwise, set the group obj bits to the group 1483 * permissions. Since non-trivial ACLs always have a mask, 1484 * and the mask is the final arbiter of group permissions, 1485 * setting the mask has the effect of changing the effective 1486 * group permissions, even if the group_obj permissions in 1487 * the ACL aren't changed. Posix P1003.1e states that when 1488 * an ACL mask exists, chmod(2) must set the acl mask (NOT the 1489 * group_obj permissions) to the requested group permissions. 1490 */ 1491 if (mask & AT_MODE) { 1492 sp->aowner->acl_ic_perm = (o_mode_t)(ip->i_mode & 0700) >> 6; 1493 if (sp->aclass.acl_ismask) 1494 sp->aclass.acl_maskbits = 1495 (o_mode_t)(ip->i_mode & 070) >> 3; 1496 else 1497 sp->agroup->acl_ic_perm = 1498 (o_mode_t)(ip->i_mode & 070) >> 3; 1499 sp->aother->acl_ic_perm = (o_mode_t)(ip->i_mode & 07); 1500 } 1501 1502 if (mask & AT_UID) { 1503 /* Caller has verified our privileges */ 1504 sp->aowner->acl_ic_who = ip->i_uid; 1505 } 1506 1507 if (mask & AT_GID) { 1508 sp->agroup->acl_ic_who = ip->i_gid; 1509 } 1510 1511 rw_exit(&ip->i_ufs_acl->s_lock); 1512 error = ufs_si_store(ip, sp, 0, cr); 1513 return (error); 1514 } 1515 1516 static int 1517 acl_count(ufs_ic_acl_t *p) 1518 { 1519 ufs_ic_acl_t *acl; 1520 int count; 1521 1522 for (count = 0, acl = p; acl; acl = acl->acl_ic_next, count++) 1523 ; 1524 return (count); 1525 } 1526 1527 /* 1528 * Takes as input a security structure and generates a buffer 1529 * with fsd's in a form which be written to the shadow inode. 1530 */ 1531 static int 1532 ufs_sectobuf(si_t *sp, caddr_t *buf, size_t *len) 1533 { 1534 size_t acl_size; 1535 size_t def_acl_size; 1536 caddr_t buffer; 1537 struct ufs_fsd *fsdp; 1538 ufs_acl_t *bufaclp; 1539 1540 /* 1541 * Calc size of buffer to hold all the acls 1542 */ 1543 acl_size = acl_count(sp->aowner) + /* owner */ 1544 acl_count(sp->agroup) + /* owner group */ 1545 acl_count(sp->aother) + /* owner other */ 1546 acl_count(sp->ausers) + /* acl list */ 1547 acl_count(sp->agroups); /* group alcs */ 1548 if (sp->aclass.acl_ismask) 1549 acl_size++; 1550 1551 /* Convert to bytes */ 1552 acl_size *= sizeof (ufs_acl_t); 1553 1554 /* Add fsd header */ 1555 if (acl_size) 1556 acl_size += 2 * sizeof (int); 1557 1558 /* 1559 * Calc size of buffer to hold all the default acls 1560 */ 1561 def_acl_size = 1562 acl_count(sp->downer) + /* def owner */ 1563 acl_count(sp->dgroup) + /* def owner group */ 1564 acl_count(sp->dother) + /* def owner other */ 1565 acl_count(sp->dusers) + /* def users */ 1566 acl_count(sp->dgroups); /* def group acls */ 1567 if (sp->dclass.acl_ismask) 1568 def_acl_size++; 1569 1570 /* 1571 * Convert to bytes 1572 */ 1573 def_acl_size *= sizeof (ufs_acl_t); 1574 1575 /* 1576 * Add fsd header 1577 */ 1578 if (def_acl_size) 1579 def_acl_size += 2 * sizeof (int); 1580 1581 if (acl_size + def_acl_size == 0) 1582 return (0); 1583 1584 buffer = kmem_zalloc((acl_size + def_acl_size), KM_SLEEP); 1585 bufaclp = (ufs_acl_t *)buffer; 1586 1587 if (acl_size == 0) 1588 goto wrtdefs; 1589 1590 /* create fsd and copy acls */ 1591 fsdp = (struct ufs_fsd *)bufaclp; 1592 fsdp->fsd_type = FSD_ACL; 1593 bufaclp = (ufs_acl_t *)&fsdp->fsd_data[0]; 1594 1595 ACL_MOVE(sp->aowner, USER_OBJ, bufaclp); 1596 ACL_MOVE(sp->agroup, GROUP_OBJ, bufaclp); 1597 ACL_MOVE(sp->aother, OTHER_OBJ, bufaclp); 1598 ACL_MOVE(sp->ausers, USER, bufaclp); 1599 ACL_MOVE(sp->agroups, GROUP, bufaclp); 1600 1601 if (sp->aclass.acl_ismask) { 1602 bufaclp->acl_tag = CLASS_OBJ; 1603 bufaclp->acl_who = (uid_t)sp->aclass.acl_ismask; 1604 bufaclp->acl_perm = (o_mode_t)sp->aclass.acl_maskbits; 1605 bufaclp++; 1606 } 1607 ASSERT(acl_size <= INT_MAX); 1608 fsdp->fsd_size = (int)acl_size; 1609 1610 wrtdefs: 1611 if (def_acl_size == 0) 1612 goto alldone; 1613 1614 /* if defaults exist then create fsd and copy default acls */ 1615 fsdp = (struct ufs_fsd *)bufaclp; 1616 fsdp->fsd_type = FSD_DFACL; 1617 bufaclp = (ufs_acl_t *)&fsdp->fsd_data[0]; 1618 1619 ACL_MOVE(sp->downer, DEF_USER_OBJ, bufaclp); 1620 ACL_MOVE(sp->dgroup, DEF_GROUP_OBJ, bufaclp); 1621 ACL_MOVE(sp->dother, DEF_OTHER_OBJ, bufaclp); 1622 ACL_MOVE(sp->dusers, DEF_USER, bufaclp); 1623 ACL_MOVE(sp->dgroups, DEF_GROUP, bufaclp); 1624 if (sp->dclass.acl_ismask) { 1625 bufaclp->acl_tag = DEF_CLASS_OBJ; 1626 bufaclp->acl_who = (uid_t)sp->dclass.acl_ismask; 1627 bufaclp->acl_perm = (o_mode_t)sp->dclass.acl_maskbits; 1628 bufaclp++; 1629 } 1630 ASSERT(def_acl_size <= INT_MAX); 1631 fsdp->fsd_size = (int)def_acl_size; 1632 1633 alldone: 1634 *buf = buffer; 1635 *len = acl_size + def_acl_size; 1636 1637 return (0); 1638 } 1639 1640 /* 1641 * free a shadow inode on disk and in memory 1642 */ 1643 int 1644 ufs_si_free(si_t *sp, struct vfs *vfsp, cred_t *cr) 1645 { 1646 struct inode *sip; 1647 int shadow; 1648 int err = 0; 1649 int refcnt; 1650 int signature; 1651 1652 ASSERT(vfsp); 1653 ASSERT(sp); 1654 1655 rw_enter(&sp->s_lock, RW_READER); 1656 ASSERT(sp->s_shadow <= INT_MAX); 1657 shadow = (int)sp->s_shadow; 1658 ASSERT(sp->s_ref); 1659 rw_exit(&sp->s_lock); 1660 1661 /* 1662 * Decrement link count on the shadow inode, 1663 * and decrement reference count on the sip. 1664 */ 1665 if ((err = ufs_iget_alloced(vfsp, shadow, &sip, cr)) == 0) { 1666 rw_enter(&sip->i_contents, RW_WRITER); 1667 rw_enter(&sp->s_lock, RW_WRITER); 1668 ASSERT(sp->s_shadow == shadow); 1669 ASSERT(sip->i_dquot == 0); 1670 /* Decrement link count */ 1671 ASSERT(sip->i_nlink > 0); 1672 /* 1673 * bug #1264710 assertion failure below 1674 */ 1675 sp->s_use = --sip->i_nlink; 1676 ufs_setreclaim(sip); 1677 TRANS_INODE(sip->i_ufsvfs, sip); 1678 sip->i_flag |= ICHG | IMOD; 1679 sip->i_seq++; 1680 ITIMES_NOLOCK(sip); 1681 /* Dec ref counts on si referenced by this ip */ 1682 refcnt = --sp->s_ref; 1683 signature = sp->s_signature; 1684 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use); 1685 /* 1686 * Release s_lock before calling VN_RELE 1687 * (which may want to acquire i_contents). 1688 */ 1689 rw_exit(&sp->s_lock); 1690 rw_exit(&sip->i_contents); 1691 VN_RELE(ITOV(sip)); 1692 } else { 1693 rw_enter(&sp->s_lock, RW_WRITER); 1694 /* Dec ref counts on si referenced by this ip */ 1695 refcnt = --sp->s_ref; 1696 signature = sp->s_signature; 1697 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use); 1698 rw_exit(&sp->s_lock); 1699 } 1700 1701 if (refcnt == 0) 1702 si_cache_del(sp, signature); 1703 return (err); 1704 } 1705 1706 /* 1707 * Seach the si cache for an si structure by inode #. 1708 * Returns a locked si structure. 1709 * 1710 * Parameters: 1711 * ip - Ptr to an inode on this fs 1712 * spp - Ptr to ptr to si struct for the results, if found. 1713 * 1714 * Returns: 0 - Success (results in spp) 1715 * 1 - Failure (spp undefined) 1716 */ 1717 static int 1718 si_cachei_get(struct inode *ip, si_t **spp) 1719 { 1720 si_t *sp; 1721 1722 rw_enter(&si_cache_lock, RW_READER); 1723 loop: 1724 for (sp = si_cachei[SI_HASH(ip->i_shadow)]; sp; sp = sp->s_forw) 1725 if (sp->s_shadow == ip->i_shadow && sp->s_dev == ip->i_dev) 1726 break; 1727 1728 if (sp == NULL) { 1729 /* Not in cache */ 1730 rw_exit(&si_cache_lock); 1731 return (1); 1732 } 1733 /* Found it */ 1734 rw_enter(&sp->s_lock, RW_WRITER); 1735 alldone: 1736 rw_exit(&si_cache_lock); 1737 *spp = sp; 1738 return (0); 1739 } 1740 1741 /* 1742 * Seach the si cache by si structure (ie duplicate of the one passed in). 1743 * In order for a match the signatures must be the same and 1744 * the devices must be the same, the acls must match and 1745 * link count of the cached shadow must be less than the 1746 * size of ic_nlink - 1. MAXLINK - 1 is used to allow the count 1747 * to be incremented one more time by the caller. 1748 * Returns a locked si structure. 1749 * 1750 * Parameters: 1751 * ip - Ptr to an inode on this fs 1752 * spi - Ptr to si the struct we're searching the cache for. 1753 * spp - Ptr to ptr to si struct for the results, if found. 1754 * 1755 * Returns: 0 - Success (results in spp) 1756 * 1 - Failure (spp undefined) 1757 */ 1758 static int 1759 si_cachea_get(struct inode *ip, si_t *spi, si_t **spp) 1760 { 1761 si_t *sp; 1762 1763 spi->s_dev = ip->i_dev; 1764 spi->s_signature = si_signature(spi); 1765 rw_enter(&si_cache_lock, RW_READER); 1766 loop: 1767 for (sp = si_cachea[SI_HASH(spi->s_signature)]; sp; sp = sp->s_next) { 1768 if (sp->s_signature == spi->s_signature && 1769 sp->s_dev == spi->s_dev && 1770 sp->s_use > 0 && /* deleting */ 1771 sp->s_use <= (MAXLINK - 1) && /* Too many links */ 1772 !si_cmp(sp, spi)) 1773 break; 1774 } 1775 1776 if (sp == NULL) { 1777 /* Cache miss */ 1778 rw_exit(&si_cache_lock); 1779 return (1); 1780 } 1781 /* Found it */ 1782 rw_enter(&sp->s_lock, RW_WRITER); 1783 alldone: 1784 spi->s_shadow = sp->s_shadow; /* XXX For debugging */ 1785 rw_exit(&si_cache_lock); 1786 *spp = sp; 1787 return (0); 1788 } 1789 1790 /* 1791 * Place an si structure in the si cache. May cause duplicates. 1792 * 1793 * Parameters: 1794 * sp - Ptr to the si struct to add to the cache. 1795 * 1796 * Returns: Nothing (void) 1797 */ 1798 static void 1799 si_cache_put(si_t *sp) 1800 { 1801 si_t **tspp; 1802 1803 ASSERT(sp->s_fore == NULL); 1804 rw_enter(&si_cache_lock, RW_WRITER); 1805 if (!sp->s_signature) 1806 sp->s_signature = si_signature(sp); 1807 sp->s_flags |= SI_CACHED; 1808 sp->s_fore = NULL; 1809 1810 /* The 'by acl' chains */ 1811 tspp = &si_cachea[SI_HASH(sp->s_signature)]; 1812 sp->s_next = *tspp; 1813 *tspp = sp; 1814 1815 /* The 'by inode' chains */ 1816 tspp = &si_cachei[SI_HASH(sp->s_shadow)]; 1817 sp->s_forw = *tspp; 1818 *tspp = sp; 1819 1820 rw_exit(&si_cache_lock); 1821 } 1822 1823 /* 1824 * The sp passed in is a candidate for deletion from the cache. We acquire 1825 * the cache lock first, so no cache searches can be done. Then we search 1826 * for the acl in the cache, and if we find it we can lock it and check that 1827 * nobody else attached to it while we were acquiring the locks. If the acl 1828 * is in the cache and still has a zero reference count, then we remove it 1829 * from the cache and deallocate it. If the reference count is non-zero or 1830 * it is not found in the cache, then someone else attached to it or has 1831 * already freed it, so we just return. 1832 * 1833 * Parameters: 1834 * sp - Ptr to the sp struct which is the candicate for deletion. 1835 * signature - the signature for the acl for lookup in the hash table 1836 * 1837 * Returns: Nothing (void) 1838 */ 1839 void 1840 si_cache_del(si_t *sp, int signature) 1841 { 1842 si_t **tspp; 1843 int hash; 1844 int foundacl = 0; 1845 1846 /* 1847 * Unlink & free the sp from the other queues, then destroy it. 1848 * Search the 'by acl' chain first, then the 'by inode' chain 1849 * after the acl is locked. 1850 */ 1851 rw_enter(&si_cache_lock, RW_WRITER); 1852 hash = SI_HASH(signature); 1853 for (tspp = &si_cachea[hash]; *tspp; tspp = &(*tspp)->s_next) { 1854 if (*tspp == sp) { 1855 /* 1856 * Wait to grab the acl lock until after the acl has 1857 * been found in the cache. Otherwise it might try to 1858 * grab a lock that has already been destroyed, or 1859 * delete an acl that has already been freed. 1860 */ 1861 rw_enter(&sp->s_lock, RW_WRITER); 1862 /* See if someone else attached to it */ 1863 if (sp->s_ref) { 1864 rw_exit(&sp->s_lock); 1865 rw_exit(&si_cache_lock); 1866 return; 1867 } 1868 ASSERT(sp->s_fore == NULL); 1869 ASSERT(sp->s_flags & SI_CACHED); 1870 foundacl = 1; 1871 *tspp = sp->s_next; 1872 break; 1873 } 1874 } 1875 1876 /* 1877 * If the acl was not in the cache, we assume another thread has 1878 * deleted it already. This could happen if another thread attaches to 1879 * the acl and then releases it after this thread has already found the 1880 * reference count to be zero but has not yet taken the cache lock. 1881 * Both threads end up seeing a reference count of zero, and call into 1882 * si_cache_del. See bug 4244827 for details on the race condition. 1883 */ 1884 if (foundacl == 0) { 1885 rw_exit(&si_cache_lock); 1886 return; 1887 } 1888 1889 /* Now check the 'by inode' chain */ 1890 hash = SI_HASH(sp->s_shadow); 1891 for (tspp = &si_cachei[hash]; *tspp; tspp = &(*tspp)->s_forw) { 1892 if (*tspp == sp) { 1893 *tspp = sp->s_forw; 1894 break; 1895 } 1896 } 1897 1898 /* 1899 * At this point, we can unlock everything because this si 1900 * is no longer in the cache, thus cannot be attached to. 1901 */ 1902 rw_exit(&sp->s_lock); 1903 rw_exit(&si_cache_lock); 1904 sp->s_flags &= ~SI_CACHED; 1905 (void) ufs_si_free_mem(sp); 1906 } 1907 1908 /* 1909 * Alloc the hash buckets for the si cache & initialize 1910 * the unreferenced anchor and the cache lock. 1911 */ 1912 void 1913 si_cache_init(void) 1914 { 1915 rw_init(&si_cache_lock, NULL, RW_DEFAULT, NULL); 1916 1917 /* The 'by acl' headers */ 1918 si_cachea = kmem_zalloc(si_cachecnt * sizeof (si_t *), KM_SLEEP); 1919 /* The 'by inode' headers */ 1920 si_cachei = kmem_zalloc(si_cachecnt * sizeof (si_t *), KM_SLEEP); 1921 } 1922 1923 /* 1924 * aclcksum takes an acl and generates a checksum. It takes as input 1925 * the acl to start at. 1926 * 1927 * s_aclp - pointer to starting acl 1928 * 1929 * returns checksum 1930 */ 1931 static int 1932 aclcksum(ufs_ic_acl_t *s_aclp) 1933 { 1934 ufs_ic_acl_t *aclp; 1935 int signature = 0; 1936 for (aclp = s_aclp; aclp; aclp = aclp->acl_ic_next) { 1937 signature += aclp->acl_ic_perm; 1938 signature += aclp->acl_ic_who; 1939 } 1940 return (signature); 1941 } 1942 1943 /* 1944 * Generate a unique signature for an si structure. Used by the 1945 * search routine si_cachea_get() to quickly identify candidates 1946 * prior to calling si_cmp(). 1947 * Parameters: 1948 * sp - Ptr to the si struct to generate the signature for. 1949 * 1950 * Returns: A signature for the si struct (really a checksum) 1951 */ 1952 static int 1953 si_signature(si_t *sp) 1954 { 1955 int signature = sp->s_dev; 1956 1957 signature += aclcksum(sp->aowner) + aclcksum(sp->agroup) + 1958 aclcksum(sp->aother) + aclcksum(sp->ausers) + 1959 aclcksum(sp->agroups) + aclcksum(sp->downer) + 1960 aclcksum(sp->dgroup) + aclcksum(sp->dother) + 1961 aclcksum(sp->dusers) + aclcksum(sp->dgroups); 1962 if (sp->aclass.acl_ismask) 1963 signature += sp->aclass.acl_maskbits; 1964 if (sp->dclass.acl_ismask) 1965 signature += sp->dclass.acl_maskbits; 1966 1967 return (signature); 1968 } 1969 1970 /* 1971 * aclcmp compares to acls to see if they are identical. 1972 * 1973 * sp1 is source 1974 * sp2 is sourceb 1975 * 1976 * returns 0 if equal and 1 if not equal 1977 */ 1978 static int 1979 aclcmp(ufs_ic_acl_t *aclin1p, ufs_ic_acl_t *aclin2p) 1980 { 1981 ufs_ic_acl_t *aclp1; 1982 ufs_ic_acl_t *aclp2; 1983 1984 /* 1985 * if the starting pointers are equal then they are equal so 1986 * just return. 1987 */ 1988 if (aclin1p == aclin2p) 1989 return (0); 1990 /* 1991 * check element by element 1992 */ 1993 for (aclp1 = aclin1p, aclp2 = aclin2p; aclp1 && aclp2; 1994 aclp1 = aclp1->acl_ic_next, aclp2 = aclp2->acl_ic_next) { 1995 if (aclp1->acl_ic_perm != aclp2->acl_ic_perm || 1996 aclp1->acl_ic_who != aclp2->acl_ic_who) 1997 return (1); 1998 } 1999 /* 2000 * both must be zero (at the end of the acl) 2001 */ 2002 if (aclp1 || aclp2) 2003 return (1); 2004 2005 return (0); 2006 } 2007 2008 /* 2009 * Do extensive, field-by-field compare of two si structures. Returns 2010 * 0 if they are exactly identical, 1 otherwise. 2011 * 2012 * Paramters: 2013 * sp1 - Ptr to 1st si struct 2014 * sp2 - Ptr to 2nd si struct 2015 * 2016 * Returns: 2017 * 0 - Not identical 2018 * 1 - Identical 2019 */ 2020 static int 2021 si_cmp(si_t *sp1, si_t *sp2) 2022 { 2023 if (sp1->s_dev != sp2->s_dev) 2024 return (1); 2025 if (aclcmp(sp1->aowner, sp2->aowner) || 2026 aclcmp(sp1->agroup, sp2->agroup) || 2027 aclcmp(sp1->aother, sp2->aother) || 2028 aclcmp(sp1->ausers, sp2->ausers) || 2029 aclcmp(sp1->agroups, sp2->agroups) || 2030 aclcmp(sp1->downer, sp2->downer) || 2031 aclcmp(sp1->dgroup, sp2->dgroup) || 2032 aclcmp(sp1->dother, sp2->dother) || 2033 aclcmp(sp1->dusers, sp2->dusers) || 2034 aclcmp(sp1->dgroups, sp2->dgroups)) 2035 return (1); 2036 if (sp1->aclass.acl_ismask != sp2->aclass.acl_ismask) 2037 return (1); 2038 if (sp1->dclass.acl_ismask != sp2->dclass.acl_ismask) 2039 return (1); 2040 if (sp1->aclass.acl_ismask && 2041 sp1->aclass.acl_maskbits != sp2->aclass.acl_maskbits) 2042 return (1); 2043 if (sp1->dclass.acl_ismask && 2044 sp1->dclass.acl_maskbits != sp2->dclass.acl_maskbits) 2045 return (1); 2046 2047 return (0); 2048 } 2049 2050 /* 2051 * Remove all acls associated with a device. All acls must have 2052 * a reference count of zero. 2053 * 2054 * inputs: 2055 * device - device to remove from the cache 2056 * 2057 * outputs: 2058 * none 2059 */ 2060 void 2061 ufs_si_cache_flush(dev_t dev) 2062 { 2063 si_t *tsp, **tspp; 2064 int i; 2065 2066 rw_enter(&si_cache_lock, RW_WRITER); 2067 for (i = 0; i < si_cachecnt; i++) { 2068 tspp = &si_cachea[i]; 2069 while (*tspp) { 2070 if ((*tspp)->s_dev == dev) { 2071 *tspp = (*tspp)->s_next; 2072 } else { 2073 tspp = &(*tspp)->s_next; 2074 } 2075 } 2076 } 2077 for (i = 0; i < si_cachecnt; i++) { 2078 tspp = &si_cachei[i]; 2079 while (*tspp) { 2080 if ((*tspp)->s_dev == dev) { 2081 tsp = *tspp; 2082 *tspp = (*tspp)->s_forw; 2083 tsp->s_flags &= ~SI_CACHED; 2084 ufs_si_free_mem(tsp); 2085 } else { 2086 tspp = &(*tspp)->s_forw; 2087 } 2088 } 2089 } 2090 rw_exit(&si_cache_lock); 2091 } 2092 2093 /* 2094 * ufs_si_del is used to unhook a sp from a inode in memory 2095 * 2096 * ip is the inode to remove the sp from. 2097 */ 2098 void 2099 ufs_si_del(struct inode *ip) 2100 { 2101 si_t *sp = ip->i_ufs_acl; 2102 int refcnt; 2103 int signature; 2104 2105 if (sp) { 2106 rw_enter(&sp->s_lock, RW_WRITER); 2107 refcnt = --sp->s_ref; 2108 signature = sp->s_signature; 2109 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use); 2110 rw_exit(&sp->s_lock); 2111 if (refcnt == 0) 2112 si_cache_del(sp, signature); 2113 ip->i_ufs_acl = NULL; 2114 } 2115 } 2116