1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * DSL permissions are stored in a two level zap attribute 28 * mechanism. The first level identifies the "class" of 29 * entry. The class is identified by the first 2 letters of 30 * the attribute. The second letter "l" or "d" identifies whether 31 * it is a local or descendent permission. The first letter 32 * identifies the type of entry. 33 * 34 * ul$<id> identifies permssions granted locally for this userid. 35 * ud$<id> identifies permissions granted on descendent datasets for 36 * this userid. 37 * Ul$<id> identifies permission sets granted locally for this userid. 38 * Ud$<id> identifies permission sets granted on descendent datasets for 39 * this userid. 40 * gl$<id> identifies permissions granted locally for this groupid. 41 * gd$<id> identifies permissions granted on descendent datasets for 42 * this groupid. 43 * Gl$<id> identifies permission sets granted locally for this groupid. 44 * Gd$<id> identifies permission sets granted on descendent datasets for 45 * this groupid. 46 * el$ identifies permissions granted locally for everyone. 47 * ed$ identifies permissions granted on descendent datasets 48 * for everyone. 49 * El$ identifies permission sets granted locally for everyone. 50 * Ed$ identifies permission sets granted to descendent datasets for 51 * everyone. 52 * c-$ identifies permission to create at dataset creation time. 53 * C-$ identifies permission sets to grant locally at dataset creation 54 * time. 55 * s-$@<name> permissions defined in specified set @<name> 56 * S-$@<name> Sets defined in named set @<name> 57 * 58 * Each of the above entiies points to another zap attribute that contains one 59 * attribute for each allowed permission, such as create, destroy,... 60 * All of the "upper" case class types will specify permission set names 61 * rather than permissions. 62 * 63 * Basically it looks something like this: 64 * ul$12 -> ZAP OBJ -> permissions... 65 * 66 * The ZAP OBJ is referred to as the jump object. 67 */ 68 69 #pragma ident "%Z%%M% %I% %E% SMI" 70 71 #include <sys/dmu.h> 72 #include <sys/dmu_objset.h> 73 #include <sys/dmu_tx.h> 74 #include <sys/dsl_dataset.h> 75 #include <sys/dsl_dir.h> 76 #include <sys/dsl_prop.h> 77 #include <sys/dsl_synctask.h> 78 #include <sys/dsl_deleg.h> 79 #include <sys/spa.h> 80 #include <sys/spa_impl.h> 81 #include <sys/zio_checksum.h> /* for the default checksum value */ 82 #include <sys/zap.h> 83 #include <sys/fs/zfs.h> 84 #include <sys/cred.h> 85 #include <sys/sunddi.h> 86 87 #include "zfs_deleg.h" 88 89 /* 90 * Validate that user is allowed to delegate specified permissions. 91 * 92 * In order to delegate "create" you must have create" 93 * and "allow". 94 */ 95 int 96 dsl_deleg_can_allow(char *ddname, nvlist_t *nvp, cred_t *cr) 97 { 98 nvpair_t *whopair = NULL; 99 int error = 0; 100 101 if ((error = dsl_deleg_access(ddname, 102 ZFS_DELEG_PERM_ALLOW, cr)) != 0) 103 return (error); 104 105 while (whopair = nvlist_next_nvpair(nvp, whopair)) { 106 nvlist_t *perms; 107 nvpair_t *permpair = NULL; 108 109 VERIFY(nvpair_value_nvlist(whopair, &perms) == 0); 110 111 while (permpair = nvlist_next_nvpair(perms, permpair)) { 112 const char *perm = nvpair_name(permpair); 113 114 if (strcmp(perm, ZFS_DELEG_PERM_ALLOW) == 0) 115 return (EPERM); 116 117 if ((error = dsl_deleg_access(ddname, 118 perm, cr)) != 0) 119 return (error); 120 } 121 } 122 return (error); 123 } 124 125 /* 126 * Validate that user is allowed to unallow specified permissions. They 127 * must have the 'allow' permission, and even then can only unallow 128 * perms for their uid. 129 */ 130 int 131 dsl_deleg_can_unallow(char *ddname, nvlist_t *nvp, cred_t *cr) 132 { 133 nvpair_t *whopair = NULL; 134 int error; 135 136 if ((error = dsl_deleg_access(ddname, 137 ZFS_DELEG_PERM_ALLOW, cr)) != 0) 138 return (error); 139 140 while (whopair = nvlist_next_nvpair(nvp, whopair)) { 141 zfs_deleg_who_type_t type = nvpair_name(whopair)[0]; 142 char idstr[32]; 143 144 if (type != ZFS_DELEG_USER && 145 type != ZFS_DELEG_USER_SETS) 146 return (EPERM); 147 148 (void) snprintf(idstr, sizeof (idstr), "%lld", 149 (longlong_t)crgetuid(cr)); 150 if (strcmp(idstr, &nvpair_name(whopair)[3]) != 0) 151 return (EPERM); 152 153 continue; 154 } 155 return (0); 156 } 157 158 typedef struct { 159 nvlist_t *p_nvp; 160 boolean_t p_unset; 161 } perm_args_t; 162 163 static void 164 dsl_deleg_set_sync(void *arg1, void *arg2, cred_t *cr, dmu_tx_t *tx) 165 { 166 dsl_dir_t *dd = arg1; 167 perm_args_t *pa = arg2; 168 objset_t *mos = dd->dd_pool->dp_meta_objset; 169 nvpair_t *whopair = NULL; 170 uint64_t zapobj = dd->dd_phys->dd_deleg_zapobj; 171 172 if (zapobj == 0) { 173 if (pa->p_unset) 174 return; 175 dmu_buf_will_dirty(dd->dd_dbuf, tx); 176 zapobj = dd->dd_phys->dd_deleg_zapobj = zap_create(mos, 177 DMU_OT_DSL_PERMS, DMU_OT_NONE, 0, tx); 178 } 179 180 while (whopair = nvlist_next_nvpair(pa->p_nvp, whopair)) { 181 const char *whokey = nvpair_name(whopair); 182 nvlist_t *perms; 183 nvpair_t *permpair = NULL; 184 uint64_t jumpobj; 185 186 if (nvpair_value_nvlist(whopair, &perms) != 0) { 187 if (zap_lookup(mos, zapobj, whokey, 8, 188 1, &jumpobj) == 0) { 189 (void) zap_remove(mos, zapobj, whokey, tx); 190 VERIFY(0 == zap_destroy(mos, jumpobj, tx)); 191 } 192 spa_history_internal_log(LOG_DS_PERM_WHO_REMOVE, 193 dd->dd_pool->dp_spa, tx, cr, 194 "%s dataset = %llu", whokey, 195 dd->dd_phys->dd_head_dataset_obj); 196 continue; 197 } 198 199 if (zap_lookup(mos, zapobj, whokey, 8, 1, &jumpobj) != 0) { 200 /* 201 * If object doesn't exist and we are removing 202 * it, then just continue to next item in nvlist 203 */ 204 if (pa->p_unset == 1) 205 continue; 206 jumpobj = zap_create(mos, DMU_OT_DSL_PERMS, 207 DMU_OT_NONE, 0, tx); 208 VERIFY(zap_update(mos, zapobj, 209 whokey, 8, 1, &jumpobj, tx) == 0); 210 } 211 212 while (permpair = nvlist_next_nvpair(perms, permpair)) { 213 const char *perm = nvpair_name(permpair); 214 uint64_t n = 0; 215 216 if (pa->p_unset) { 217 (void) zap_remove(mos, jumpobj, perm, tx); 218 if (zap_count(mos, jumpobj, &n) == 0 && !n) { 219 (void) zap_remove(mos, zapobj, 220 whokey, tx); 221 VERIFY(0 == zap_destroy(mos, 222 jumpobj, tx)); 223 } 224 } else { 225 VERIFY(zap_update(mos, jumpobj, 226 perm, 8, 1, &n, tx) == 0); 227 } 228 spa_history_internal_log((pa->p_unset == B_FALSE) ? 229 LOG_DS_PERM_UPDATE : LOG_DS_PERM_REMOVE, 230 dd->dd_pool->dp_spa, tx, cr, 231 "%s %s dataset = %llu", whokey, perm, 232 dd->dd_phys->dd_head_dataset_obj); 233 } 234 } 235 } 236 237 int 238 dsl_deleg_set(const char *ddname, nvlist_t *nvp, boolean_t unset) 239 { 240 dsl_dir_t *dd; 241 int error; 242 perm_args_t pa; 243 nvpair_t *whopair = NULL; 244 int blocks_modified = 0; 245 246 error = dsl_dir_open(ddname, FTAG, &dd, NULL); 247 if (error) 248 return (error); 249 250 if (spa_version(dmu_objset_spa(dd->dd_pool->dp_meta_objset)) < 251 ZFS_VERSION_DELEGATED_PERMS) { 252 dsl_dir_close(dd, FTAG); 253 return (ENOTSUP); 254 } 255 256 while (whopair = nvlist_next_nvpair(nvp, whopair)) 257 blocks_modified++; 258 259 pa.p_nvp = nvp; 260 pa.p_unset = unset; 261 262 error = dsl_sync_task_do(dd->dd_pool, NULL, dsl_deleg_set_sync, 263 dd, &pa, blocks_modified); 264 dsl_dir_close(dd, FTAG); 265 266 return (error); 267 } 268 269 /* 270 * Find all 'allow' permissions from a given point and then continue 271 * traversing up to the root. 272 * 273 * This function constructs an nvlist of nvlists. 274 * each setpoint is an nvlist composed of an nvlist of an nvlist 275 * of the individual * users/groups/everyone/create 276 * permissions. 277 * 278 * The nvlist will look like this. 279 * 280 * { source fsname -> { whokeys { permissions,...}, ...}} 281 * 282 * The fsname nvpairs will be arranged in a bottom up order. For example, 283 * if we have the following structure a/b/c then the nvpairs for the fsnames 284 * will be ordered a/b/c, a/b, a. 285 */ 286 int 287 dsl_deleg_get(const char *ddname, nvlist_t **nvp) 288 { 289 dsl_dir_t *dd, *startdd; 290 dsl_pool_t *dp; 291 int error; 292 objset_t *mos; 293 294 error = dsl_dir_open(ddname, FTAG, &startdd, NULL); 295 if (error) 296 return (error); 297 298 dp = startdd->dd_pool; 299 mos = dp->dp_meta_objset; 300 301 VERIFY(nvlist_alloc(nvp, NV_UNIQUE_NAME, KM_SLEEP) == 0); 302 303 rw_enter(&dp->dp_config_rwlock, RW_READER); 304 for (dd = startdd; dd != NULL; dd = dd->dd_parent) { 305 zap_cursor_t basezc; 306 zap_attribute_t baseza; 307 nvlist_t *sp_nvp; 308 uint64_t n; 309 char source[MAXNAMELEN]; 310 311 if (dd->dd_phys->dd_deleg_zapobj && 312 (zap_count(mos, dd->dd_phys->dd_deleg_zapobj, 313 &n) == 0) && n) { 314 VERIFY(nvlist_alloc(&sp_nvp, 315 NV_UNIQUE_NAME, KM_SLEEP) == 0); 316 } else { 317 continue; 318 } 319 320 for (zap_cursor_init(&basezc, mos, 321 dd->dd_phys->dd_deleg_zapobj); 322 zap_cursor_retrieve(&basezc, &baseza) == 0; 323 zap_cursor_advance(&basezc)) { 324 zap_cursor_t zc; 325 zap_attribute_t za; 326 nvlist_t *perms_nvp; 327 328 ASSERT(baseza.za_integer_length == 8); 329 ASSERT(baseza.za_num_integers == 1); 330 331 VERIFY(nvlist_alloc(&perms_nvp, 332 NV_UNIQUE_NAME, KM_SLEEP) == 0); 333 for (zap_cursor_init(&zc, mos, baseza.za_first_integer); 334 zap_cursor_retrieve(&zc, &za) == 0; 335 zap_cursor_advance(&zc)) { 336 VERIFY(nvlist_add_boolean(perms_nvp, 337 za.za_name) == 0); 338 } 339 zap_cursor_fini(&zc); 340 VERIFY(nvlist_add_nvlist(sp_nvp, baseza.za_name, 341 perms_nvp) == 0); 342 nvlist_free(perms_nvp); 343 } 344 345 zap_cursor_fini(&basezc); 346 347 dsl_dir_name(dd, source); 348 VERIFY(nvlist_add_nvlist(*nvp, source, sp_nvp) == 0); 349 nvlist_free(sp_nvp); 350 } 351 rw_exit(&dp->dp_config_rwlock); 352 353 dsl_dir_close(startdd, FTAG); 354 return (0); 355 } 356 357 /* 358 * Routines for dsl_deleg_access() -- access checking. 359 */ 360 typedef struct perm_set { 361 avl_node_t p_node; 362 char p_setname[ZFS_MAX_DELEG_NAME]; 363 boolean_t p_matched; 364 } perm_set_t; 365 366 static int 367 perm_set_compare(const void *arg1, const void *arg2) 368 { 369 const perm_set_t *node1 = arg1; 370 const perm_set_t *node2 = arg2; 371 int val; 372 373 val = strcmp(node1->p_setname, node2->p_setname); 374 if (val == 0) 375 return (0); 376 return (val > 0 ? 1 : -1); 377 } 378 379 /* 380 * Determine whether a specified permission exists. 381 * 382 * First the base attribute has to be retrieved. i.e. ul$12 383 * Once the base object has been retrieved the actual permission 384 * is lookup up in the zap object the base object points to. 385 * 386 * Return 0 if permission exists, ENOENT if there is no whokey, EPERM if 387 * there is no perm in that jumpobj. 388 */ 389 static int 390 dsl_check_access(objset_t *mos, uint64_t zapobj, 391 char type, char checkflag, void *valp, const char *perm) 392 { 393 int error; 394 uint64_t jumpobj, zero; 395 char whokey[ZFS_MAX_DELEG_NAME]; 396 397 zfs_deleg_whokey(whokey, type, checkflag, valp); 398 error = zap_lookup(mos, zapobj, whokey, 8, 1, &jumpobj); 399 if (error == 0) { 400 error = zap_lookup(mos, jumpobj, perm, 8, 1, &zero); 401 if (error == ENOENT) 402 error = EPERM; 403 } 404 return (error); 405 } 406 407 /* 408 * check a specified user/group for a requested permission 409 */ 410 static int 411 dsl_check_user_access(objset_t *os, uint64_t zapobj, const char *perm, 412 int checkflag, cred_t *cr) 413 { 414 const gid_t *gids; 415 int ngids; 416 int i; 417 uint64_t id; 418 419 /* check for user */ 420 id = crgetuid(cr); 421 if (dsl_check_access(os, zapobj, 422 ZFS_DELEG_USER, checkflag, &id, perm) == 0) 423 return (0); 424 425 /* check for users primary group */ 426 id = crgetgid(cr); 427 if (dsl_check_access(os, zapobj, 428 ZFS_DELEG_GROUP, checkflag, &id, perm) == 0) 429 return (0); 430 431 /* check for everyone entry */ 432 id = -1; 433 if (dsl_check_access(os, zapobj, 434 ZFS_DELEG_EVERYONE, checkflag, &id, perm) == 0) 435 return (0); 436 437 /* check each supplemental group user is a member of */ 438 ngids = crgetngroups(cr); 439 gids = crgetgroups(cr); 440 for (i = 0; i != ngids; i++) { 441 id = gids[i]; 442 if (dsl_check_access(os, zapobj, 443 ZFS_DELEG_GROUP, checkflag, &id, perm) == 0) 444 return (0); 445 } 446 447 return (EPERM); 448 } 449 450 /* 451 * Iterate over the sets specified in the specified zapobj 452 * and load them into the permsets avl tree. 453 */ 454 static int 455 dsl_load_sets(objset_t *mos, uint64_t zapobj, 456 char type, char checkflag, void *valp, avl_tree_t *avl) 457 { 458 zap_cursor_t zc; 459 zap_attribute_t za; 460 perm_set_t *permnode; 461 avl_index_t idx; 462 uint64_t jumpobj; 463 int error; 464 char whokey[ZFS_MAX_DELEG_NAME]; 465 466 zfs_deleg_whokey(whokey, type, checkflag, valp); 467 468 error = zap_lookup(mos, zapobj, whokey, 8, 1, &jumpobj); 469 if (error != 0) 470 return (error); 471 472 for (zap_cursor_init(&zc, mos, jumpobj); 473 zap_cursor_retrieve(&zc, &za) == 0; 474 zap_cursor_advance(&zc)) { 475 permnode = kmem_alloc(sizeof (perm_set_t), KM_SLEEP); 476 (void) strlcpy(permnode->p_setname, za.za_name, 477 sizeof (permnode->p_setname)); 478 permnode->p_matched = B_FALSE; 479 480 if (avl_find(avl, permnode, &idx) == NULL) { 481 avl_insert(avl, permnode, idx); 482 } else { 483 kmem_free(permnode, sizeof (perm_set_t)); 484 } 485 } 486 zap_cursor_fini(&zc); 487 return (0); 488 } 489 490 /* 491 * Load all permissions user based on cred belongs to. 492 */ 493 static void 494 dsl_load_user_sets(objset_t *mos, uint64_t zapobj, avl_tree_t *avl, 495 char checkflag, cred_t *cr) 496 { 497 const gid_t *gids; 498 int ngids, i; 499 uint64_t id; 500 501 id = crgetuid(cr); 502 (void) dsl_load_sets(mos, zapobj, 503 ZFS_DELEG_USER_SETS, checkflag, &id, avl); 504 505 id = crgetgid(cr); 506 (void) dsl_load_sets(mos, zapobj, 507 ZFS_DELEG_GROUP_SETS, checkflag, &id, avl); 508 509 (void) dsl_load_sets(mos, zapobj, 510 ZFS_DELEG_EVERYONE_SETS, checkflag, NULL, avl); 511 512 ngids = crgetngroups(cr); 513 gids = crgetgroups(cr); 514 for (i = 0; i != ngids; i++) { 515 id = gids[i]; 516 (void) dsl_load_sets(mos, zapobj, 517 ZFS_DELEG_GROUP_SETS, checkflag, &id, avl); 518 } 519 } 520 521 /* 522 * Check if user has requested permission. 523 */ 524 int 525 dsl_deleg_access(const char *ddname, const char *perm, cred_t *cr) 526 { 527 dsl_dir_t *dd, *startdd; 528 dsl_pool_t *dp; 529 void *cookie; 530 int error; 531 char checkflag = ZFS_DELEG_LOCAL; 532 const char *tail; 533 objset_t *mos; 534 avl_tree_t permsets; 535 perm_set_t *setnode; 536 537 /* 538 * Use tail so that zfs_ioctl() code doesn't have 539 * to always to to figure out parent name in order 540 * to do access check. for example renaming a snapshot 541 */ 542 error = dsl_dir_open(ddname, FTAG, &startdd, &tail); 543 if (error) 544 return (error); 545 546 if (tail && tail[0] != '@') { 547 dsl_dir_close(startdd, FTAG); 548 return (ENOENT); 549 } 550 dp = startdd->dd_pool; 551 mos = dp->dp_meta_objset; 552 553 if (dsl_delegation_on(mos) == B_FALSE) { 554 dsl_dir_close(startdd, FTAG); 555 return (ECANCELED); 556 } 557 558 if (spa_version(dmu_objset_spa(dp->dp_meta_objset)) < 559 ZFS_VERSION_DELEGATED_PERMS) { 560 dsl_dir_close(startdd, FTAG); 561 return (EPERM); 562 } 563 564 avl_create(&permsets, perm_set_compare, sizeof (perm_set_t), 565 offsetof(perm_set_t, p_node)); 566 567 rw_enter(&dp->dp_config_rwlock, RW_READER); 568 for (dd = startdd; dd != NULL; dd = dd->dd_parent, 569 checkflag = ZFS_DELEG_DESCENDENT) { 570 uint64_t zapobj; 571 boolean_t expanded; 572 573 /* 574 * If not in global zone then make sure 575 * the zoned property is set 576 */ 577 if (!INGLOBALZONE(curproc)) { 578 uint64_t zoned; 579 580 if (dsl_prop_get_ds_locked(dd, 581 zfs_prop_to_name(ZFS_PROP_ZONED), 582 8, 1, &zoned, NULL) != 0) 583 break; 584 585 /* 586 * if zoned property isn't set then break 587 * out and return EPERM. 588 */ 589 if (!zoned) 590 break; 591 } 592 zapobj = dd->dd_phys->dd_deleg_zapobj; 593 594 if (zapobj == 0) 595 continue; 596 597 dsl_load_user_sets(mos, zapobj, &permsets, checkflag, cr); 598 setnode = avl_first(&permsets); 599 again: 600 expanded = B_FALSE; 601 for (setnode = avl_first(&permsets); setnode; 602 setnode = AVL_NEXT(&permsets, setnode)) { 603 604 if (setnode->p_matched == B_TRUE) 605 continue; 606 607 /* See if this set directly grants this permission */ 608 error = dsl_check_access(mos, zapobj, 609 ZFS_DELEG_NAMED_SET, 0, setnode->p_setname, perm); 610 if (error == 0) 611 goto success; 612 if (error == EPERM) 613 setnode->p_matched = B_TRUE; 614 615 /* See if this set includes other sets */ 616 error = dsl_load_sets(mos, zapobj, 617 ZFS_DELEG_NAMED_SET_SETS, 0, 618 setnode->p_setname, &permsets); 619 if (error == 0) 620 setnode->p_matched = expanded = B_TRUE; 621 } 622 /* 623 * If we expanded any sets, that will define more sets, 624 * which we need to check. 625 */ 626 if (expanded) 627 goto again; 628 629 error = dsl_check_user_access(mos, zapobj, perm, checkflag, cr); 630 if (error == 0) 631 goto success; 632 } 633 error = EPERM; 634 success: 635 rw_exit(&dp->dp_config_rwlock); 636 dsl_dir_close(startdd, FTAG); 637 638 cookie = NULL; 639 while ((setnode = avl_destroy_nodes(&permsets, &cookie)) != NULL) { 640 /* These sets were used but never defined! */ 641 kmem_free(setnode, sizeof (perm_set_t)); 642 } 643 644 return (error); 645 } 646 647 /* 648 * Other routines. 649 */ 650 651 static void 652 copy_create_perms(objset_t *mos, uint64_t pzapobj, dsl_dir_t *dd, 653 boolean_t dosets, uint64_t uid, dmu_tx_t *tx) 654 { 655 int error; 656 uint64_t jumpobj, pjumpobj; 657 uint64_t zero = 0; 658 uint64_t zapobj = dd->dd_phys->dd_deleg_zapobj; 659 zap_cursor_t zc; 660 zap_attribute_t za; 661 char whokey[ZFS_MAX_DELEG_NAME]; 662 663 zfs_deleg_whokey(whokey, 664 dosets ? ZFS_DELEG_CREATE_SETS : ZFS_DELEG_CREATE, 665 ZFS_DELEG_LOCAL, NULL); 666 error = zap_lookup(mos, pzapobj, whokey, 8, 1, &pjumpobj); 667 if (error != 0) 668 return; 669 670 zfs_deleg_whokey(whokey, 671 dosets ? ZFS_DELEG_USER_SETS : ZFS_DELEG_USER, 672 ZFS_DELEG_LOCAL, &uid); 673 674 if (zapobj == 0) { 675 dmu_buf_will_dirty(dd->dd_dbuf, tx); 676 zapobj = dd->dd_phys->dd_deleg_zapobj = zap_create(mos, 677 DMU_OT_DSL_PERMS, DMU_OT_NONE, 0, tx); 678 } 679 680 if (zap_lookup(mos, zapobj, whokey, 8, 1, &jumpobj) == ENOENT) { 681 jumpobj = zap_create(mos, DMU_OT_DSL_PERMS, DMU_OT_NONE, 0, tx); 682 VERIFY(zap_add(mos, zapobj, whokey, 8, 1, &jumpobj, tx) == 0); 683 } 684 685 for (zap_cursor_init(&zc, mos, pjumpobj); 686 zap_cursor_retrieve(&zc, &za) == 0; 687 zap_cursor_advance(&zc)) { 688 ASSERT(za.za_integer_length == 8 && za.za_num_integers == 1); 689 690 VERIFY(zap_update(mos, jumpobj, za.za_name, 691 8, 1, &zero, tx) == 0); 692 } 693 zap_cursor_fini(&zc); 694 } 695 696 /* 697 * set all create time permission on new dataset. 698 */ 699 void 700 dsl_deleg_set_create_perms(dsl_dir_t *sdd, dmu_tx_t *tx, cred_t *cr) 701 { 702 dsl_dir_t *dd; 703 objset_t *mos = sdd->dd_pool->dp_meta_objset; 704 705 if (spa_version(dmu_objset_spa(sdd->dd_pool->dp_meta_objset)) < 706 ZFS_VERSION_DELEGATED_PERMS) 707 return; 708 709 for (dd = sdd->dd_parent; dd != NULL; dd = dd->dd_parent) { 710 uint64_t pobj = dd->dd_phys->dd_deleg_zapobj; 711 712 if (pobj == 0) 713 continue; 714 715 copy_create_perms(mos, pobj, sdd, B_FALSE, crgetuid(cr), tx); 716 copy_create_perms(mos, pobj, sdd, B_TRUE, crgetuid(cr), tx); 717 } 718 } 719 720 int 721 dsl_deleg_destroy(objset_t *mos, uint64_t zapobj, dmu_tx_t *tx) 722 { 723 zap_cursor_t zc; 724 zap_attribute_t za; 725 726 if (zapobj == 0) 727 return (0); 728 729 for (zap_cursor_init(&zc, mos, zapobj); 730 zap_cursor_retrieve(&zc, &za) == 0; 731 zap_cursor_advance(&zc)) { 732 ASSERT(za.za_integer_length == 8 && za.za_num_integers == 1); 733 VERIFY(0 == zap_destroy(mos, za.za_first_integer, tx)); 734 } 735 zap_cursor_fini(&zc); 736 VERIFY(0 == zap_destroy(mos, zapobj, tx)); 737 return (0); 738 } 739 740 boolean_t 741 dsl_delegation_on(objset_t *os) 742 { 743 return (os->os->os_spa->spa_delegation); 744 } 745