1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/types.h> 29 #include <sys/param.h> 30 #include <sys/time.h> 31 #include <sys/systm.h> 32 #include <sys/sysmacros.h> 33 #include <sys/resource.h> 34 #include <sys/vfs.h> 35 #include <sys/vnode.h> 36 #include <sys/sid.h> 37 #include <sys/file.h> 38 #include <sys/stat.h> 39 #include <sys/kmem.h> 40 #include <sys/cmn_err.h> 41 #include <sys/errno.h> 42 #include <sys/unistd.h> 43 #include <sys/sdt.h> 44 #include <sys/fs/zfs.h> 45 #include <sys/mode.h> 46 #include <sys/policy.h> 47 #include <sys/zfs_znode.h> 48 #include <sys/zfs_fuid.h> 49 #include <sys/zfs_acl.h> 50 #include <sys/zfs_dir.h> 51 #include <sys/zfs_vfsops.h> 52 #include <sys/dmu.h> 53 #include <sys/dnode.h> 54 #include <sys/zap.h> 55 #include "fs/fs_subr.h" 56 #include <acl/acl_common.h> 57 58 #define ALLOW ACE_ACCESS_ALLOWED_ACE_TYPE 59 #define DENY ACE_ACCESS_DENIED_ACE_TYPE 60 #define MAX_ACE_TYPE ACE_SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 61 62 #define OWNING_GROUP (ACE_GROUP|ACE_IDENTIFIER_GROUP) 63 #define EVERYONE_ALLOW_MASK (ACE_READ_ACL|ACE_READ_ATTRIBUTES | \ 64 ACE_READ_NAMED_ATTRS|ACE_SYNCHRONIZE) 65 #define EVERYONE_DENY_MASK (ACE_WRITE_ACL|ACE_WRITE_OWNER | \ 66 ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS) 67 #define OWNER_ALLOW_MASK (ACE_WRITE_ACL | ACE_WRITE_OWNER | \ 68 ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS) 69 #define WRITE_MASK_DATA (ACE_WRITE_DATA|ACE_APPEND_DATA|ACE_WRITE_NAMED_ATTRS) 70 71 #define ZFS_CHECKED_MASKS (ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_DATA| \ 72 ACE_READ_NAMED_ATTRS|ACE_WRITE_DATA|ACE_WRITE_ATTRIBUTES| \ 73 ACE_WRITE_NAMED_ATTRS|ACE_APPEND_DATA|ACE_EXECUTE|ACE_WRITE_OWNER| \ 74 ACE_WRITE_ACL|ACE_DELETE|ACE_DELETE_CHILD|ACE_SYNCHRONIZE) 75 76 #define WRITE_MASK (WRITE_MASK_DATA|ACE_WRITE_ATTRIBUTES|ACE_WRITE_ACL|\ 77 ACE_WRITE_OWNER) 78 79 #define OGE_CLEAR (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ 80 ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE) 81 82 #define OKAY_MASK_BITS (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ 83 ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE) 84 85 #define ALL_INHERIT (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE | \ 86 ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE|ACE_INHERITED_ACE) 87 88 #define SECURE_CLEAR (ACE_WRITE_ACL|ACE_WRITE_OWNER) 89 90 #define V4_ACL_WIDE_FLAGS (ZFS_ACL_AUTO_INHERIT|ZFS_ACL_DEFAULTED|\ 91 ZFS_ACL_PROTECTED) 92 93 #define ZFS_ACL_WIDE_FLAGS (V4_ACL_WIDE_FLAGS|ZFS_ACL_TRIVIAL|ZFS_INHERIT_ACE|\ 94 ZFS_ACL_OBJ_ACE) 95 96 static uint16_t 97 zfs_ace_v0_get_type(void *acep) 98 { 99 return (((zfs_oldace_t *)acep)->z_type); 100 } 101 102 static uint16_t 103 zfs_ace_v0_get_flags(void *acep) 104 { 105 return (((zfs_oldace_t *)acep)->z_flags); 106 } 107 108 static uint32_t 109 zfs_ace_v0_get_mask(void *acep) 110 { 111 return (((zfs_oldace_t *)acep)->z_access_mask); 112 } 113 114 static uint64_t 115 zfs_ace_v0_get_who(void *acep) 116 { 117 return (((zfs_oldace_t *)acep)->z_fuid); 118 } 119 120 static void 121 zfs_ace_v0_set_type(void *acep, uint16_t type) 122 { 123 ((zfs_oldace_t *)acep)->z_type = type; 124 } 125 126 static void 127 zfs_ace_v0_set_flags(void *acep, uint16_t flags) 128 { 129 ((zfs_oldace_t *)acep)->z_flags = flags; 130 } 131 132 static void 133 zfs_ace_v0_set_mask(void *acep, uint32_t mask) 134 { 135 ((zfs_oldace_t *)acep)->z_access_mask = mask; 136 } 137 138 static void 139 zfs_ace_v0_set_who(void *acep, uint64_t who) 140 { 141 ((zfs_oldace_t *)acep)->z_fuid = who; 142 } 143 144 /*ARGSUSED*/ 145 static size_t 146 zfs_ace_v0_size(void *acep) 147 { 148 return (sizeof (zfs_oldace_t)); 149 } 150 151 static size_t 152 zfs_ace_v0_abstract_size(void) 153 { 154 return (sizeof (zfs_oldace_t)); 155 } 156 157 static int 158 zfs_ace_v0_mask_off(void) 159 { 160 return (offsetof(zfs_oldace_t, z_access_mask)); 161 } 162 163 /*ARGSUSED*/ 164 static int 165 zfs_ace_v0_data(void *acep, void **datap) 166 { 167 *datap = NULL; 168 return (0); 169 } 170 171 static acl_ops_t zfs_acl_v0_ops = { 172 zfs_ace_v0_get_mask, 173 zfs_ace_v0_set_mask, 174 zfs_ace_v0_get_flags, 175 zfs_ace_v0_set_flags, 176 zfs_ace_v0_get_type, 177 zfs_ace_v0_set_type, 178 zfs_ace_v0_get_who, 179 zfs_ace_v0_set_who, 180 zfs_ace_v0_size, 181 zfs_ace_v0_abstract_size, 182 zfs_ace_v0_mask_off, 183 zfs_ace_v0_data 184 }; 185 186 static uint16_t 187 zfs_ace_fuid_get_type(void *acep) 188 { 189 return (((zfs_ace_hdr_t *)acep)->z_type); 190 } 191 192 static uint16_t 193 zfs_ace_fuid_get_flags(void *acep) 194 { 195 return (((zfs_ace_hdr_t *)acep)->z_flags); 196 } 197 198 static uint32_t 199 zfs_ace_fuid_get_mask(void *acep) 200 { 201 return (((zfs_ace_hdr_t *)acep)->z_access_mask); 202 } 203 204 static uint64_t 205 zfs_ace_fuid_get_who(void *args) 206 { 207 uint16_t entry_type; 208 zfs_ace_t *acep = args; 209 210 entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS; 211 212 if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP || 213 entry_type == ACE_EVERYONE) 214 return (-1); 215 return (((zfs_ace_t *)acep)->z_fuid); 216 } 217 218 static void 219 zfs_ace_fuid_set_type(void *acep, uint16_t type) 220 { 221 ((zfs_ace_hdr_t *)acep)->z_type = type; 222 } 223 224 static void 225 zfs_ace_fuid_set_flags(void *acep, uint16_t flags) 226 { 227 ((zfs_ace_hdr_t *)acep)->z_flags = flags; 228 } 229 230 static void 231 zfs_ace_fuid_set_mask(void *acep, uint32_t mask) 232 { 233 ((zfs_ace_hdr_t *)acep)->z_access_mask = mask; 234 } 235 236 static void 237 zfs_ace_fuid_set_who(void *arg, uint64_t who) 238 { 239 zfs_ace_t *acep = arg; 240 241 uint16_t entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS; 242 243 if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP || 244 entry_type == ACE_EVERYONE) 245 return; 246 acep->z_fuid = who; 247 } 248 249 static size_t 250 zfs_ace_fuid_size(void *acep) 251 { 252 zfs_ace_hdr_t *zacep = acep; 253 uint16_t entry_type; 254 255 switch (zacep->z_type) { 256 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 257 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 258 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 259 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 260 return (sizeof (zfs_object_ace_t)); 261 case ALLOW: 262 case DENY: 263 entry_type = 264 (((zfs_ace_hdr_t *)acep)->z_flags & ACE_TYPE_FLAGS); 265 if (entry_type == ACE_OWNER || 266 entry_type == (ACE_GROUP | ACE_IDENTIFIER_GROUP) || 267 entry_type == ACE_EVERYONE) 268 return (sizeof (zfs_ace_hdr_t)); 269 /*FALLTHROUGH*/ 270 default: 271 return (sizeof (zfs_ace_t)); 272 } 273 } 274 275 static size_t 276 zfs_ace_fuid_abstract_size(void) 277 { 278 return (sizeof (zfs_ace_hdr_t)); 279 } 280 281 static int 282 zfs_ace_fuid_mask_off(void) 283 { 284 return (offsetof(zfs_ace_hdr_t, z_access_mask)); 285 } 286 287 static int 288 zfs_ace_fuid_data(void *acep, void **datap) 289 { 290 zfs_ace_t *zacep = acep; 291 zfs_object_ace_t *zobjp; 292 293 switch (zacep->z_hdr.z_type) { 294 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 295 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 296 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 297 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 298 zobjp = acep; 299 *datap = (caddr_t)zobjp + sizeof (zfs_ace_t); 300 return (sizeof (zfs_object_ace_t) - sizeof (zfs_ace_t)); 301 default: 302 *datap = NULL; 303 return (0); 304 } 305 } 306 307 static acl_ops_t zfs_acl_fuid_ops = { 308 zfs_ace_fuid_get_mask, 309 zfs_ace_fuid_set_mask, 310 zfs_ace_fuid_get_flags, 311 zfs_ace_fuid_set_flags, 312 zfs_ace_fuid_get_type, 313 zfs_ace_fuid_set_type, 314 zfs_ace_fuid_get_who, 315 zfs_ace_fuid_set_who, 316 zfs_ace_fuid_size, 317 zfs_ace_fuid_abstract_size, 318 zfs_ace_fuid_mask_off, 319 zfs_ace_fuid_data 320 }; 321 322 static int 323 zfs_acl_version(int version) 324 { 325 if (version < ZPL_VERSION_FUID) 326 return (ZFS_ACL_VERSION_INITIAL); 327 else 328 return (ZFS_ACL_VERSION_FUID); 329 } 330 331 static int 332 zfs_acl_version_zp(znode_t *zp) 333 { 334 return (zfs_acl_version(zp->z_zfsvfs->z_version)); 335 } 336 337 static zfs_acl_t * 338 zfs_acl_alloc(int vers) 339 { 340 zfs_acl_t *aclp; 341 342 aclp = kmem_zalloc(sizeof (zfs_acl_t), KM_SLEEP); 343 list_create(&aclp->z_acl, sizeof (zfs_acl_node_t), 344 offsetof(zfs_acl_node_t, z_next)); 345 aclp->z_version = vers; 346 if (vers == ZFS_ACL_VERSION_FUID) 347 aclp->z_ops = zfs_acl_fuid_ops; 348 else 349 aclp->z_ops = zfs_acl_v0_ops; 350 return (aclp); 351 } 352 353 static zfs_acl_node_t * 354 zfs_acl_node_alloc(size_t bytes) 355 { 356 zfs_acl_node_t *aclnode; 357 358 aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP); 359 if (bytes) { 360 aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP); 361 aclnode->z_allocdata = aclnode->z_acldata; 362 aclnode->z_allocsize = bytes; 363 aclnode->z_size = bytes; 364 } 365 366 return (aclnode); 367 } 368 369 static void 370 zfs_acl_node_free(zfs_acl_node_t *aclnode) 371 { 372 if (aclnode->z_allocsize) 373 kmem_free(aclnode->z_allocdata, aclnode->z_allocsize); 374 kmem_free(aclnode, sizeof (zfs_acl_node_t)); 375 } 376 377 static void 378 zfs_acl_release_nodes(zfs_acl_t *aclp) 379 { 380 zfs_acl_node_t *aclnode; 381 382 while (aclnode = list_head(&aclp->z_acl)) { 383 list_remove(&aclp->z_acl, aclnode); 384 zfs_acl_node_free(aclnode); 385 } 386 aclp->z_acl_count = 0; 387 aclp->z_acl_bytes = 0; 388 } 389 390 void 391 zfs_acl_free(zfs_acl_t *aclp) 392 { 393 zfs_acl_release_nodes(aclp); 394 list_destroy(&aclp->z_acl); 395 kmem_free(aclp, sizeof (zfs_acl_t)); 396 } 397 398 static boolean_t 399 zfs_ace_valid(vtype_t obj_type, zfs_acl_t *aclp, uint16_t type, uint16_t iflags) 400 { 401 /* 402 * first check type of entry 403 */ 404 405 switch (iflags & ACE_TYPE_FLAGS) { 406 case ACE_OWNER: 407 case (ACE_IDENTIFIER_GROUP | ACE_GROUP): 408 case ACE_IDENTIFIER_GROUP: 409 case ACE_EVERYONE: 410 case 0: /* User entry */ 411 break; 412 default: 413 return (B_FALSE); 414 415 } 416 417 /* 418 * next check inheritance level flags 419 */ 420 421 if (type != ALLOW && type > MAX_ACE_TYPE) { 422 return (B_FALSE); 423 } 424 425 switch (type) { 426 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 427 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 428 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 429 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 430 if (aclp->z_version < ZFS_ACL_VERSION_FUID) 431 return (B_FALSE); 432 aclp->z_hints |= ZFS_ACL_OBJ_ACE; 433 } 434 435 /* 436 * Only directories should have inheritance flags. 437 */ 438 if (obj_type != VDIR && (iflags & 439 (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE| 440 ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE))) { 441 return (B_FALSE); 442 } 443 444 if (iflags & (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE)) 445 aclp->z_hints |= ZFS_INHERIT_ACE; 446 447 if (iflags & (ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) { 448 if ((iflags & (ACE_FILE_INHERIT_ACE| 449 ACE_DIRECTORY_INHERIT_ACE)) == 0) { 450 return (B_FALSE); 451 } 452 } 453 454 return (B_TRUE); 455 } 456 457 static void * 458 zfs_acl_next_ace(zfs_acl_t *aclp, void *start, uint64_t *who, 459 uint32_t *access_mask, uint16_t *iflags, uint16_t *type) 460 { 461 zfs_acl_node_t *aclnode; 462 463 if (start == NULL) { 464 aclnode = list_head(&aclp->z_acl); 465 if (aclnode == NULL) 466 return (NULL); 467 468 aclp->z_next_ace = aclnode->z_acldata; 469 aclp->z_curr_node = aclnode; 470 aclnode->z_ace_idx = 0; 471 } 472 473 aclnode = aclp->z_curr_node; 474 475 if (aclnode == NULL) 476 return (NULL); 477 478 if (aclnode->z_ace_idx >= aclnode->z_ace_count) { 479 aclnode = list_next(&aclp->z_acl, aclnode); 480 if (aclnode == NULL) 481 return (NULL); 482 else { 483 aclp->z_curr_node = aclnode; 484 aclnode->z_ace_idx = 0; 485 aclp->z_next_ace = aclnode->z_acldata; 486 } 487 } 488 489 if (aclnode->z_ace_idx < aclnode->z_ace_count) { 490 void *acep = aclp->z_next_ace; 491 *iflags = aclp->z_ops.ace_flags_get(acep); 492 *type = aclp->z_ops.ace_type_get(acep); 493 *access_mask = aclp->z_ops.ace_mask_get(acep); 494 *who = aclp->z_ops.ace_who_get(acep); 495 aclp->z_next_ace = (caddr_t)aclp->z_next_ace + 496 aclp->z_ops.ace_size(acep); 497 aclnode->z_ace_idx++; 498 return ((void *)acep); 499 } 500 return (NULL); 501 } 502 503 /*ARGSUSED*/ 504 static uint64_t 505 zfs_ace_walk(void *datap, uint64_t cookie, int aclcnt, 506 uint16_t *flags, uint16_t *type, uint32_t *mask) 507 { 508 zfs_acl_t *aclp = datap; 509 zfs_ace_hdr_t *acep = (zfs_ace_hdr_t *)(uintptr_t)cookie; 510 uint64_t who; 511 512 acep = zfs_acl_next_ace(aclp, acep, &who, mask, 513 flags, type); 514 return ((uint64_t)(uintptr_t)acep); 515 } 516 517 static zfs_acl_node_t * 518 zfs_acl_curr_node(zfs_acl_t *aclp) 519 { 520 ASSERT(aclp->z_curr_node); 521 return (aclp->z_curr_node); 522 } 523 524 /* 525 * Copy ACE to internal ZFS format. 526 * While processing the ACL each ACE will be validated for correctness. 527 * ACE FUIDs will be created later. 528 */ 529 int 530 zfs_copy_ace_2_fuid(vtype_t obj_type, zfs_acl_t *aclp, void *datap, 531 zfs_ace_t *z_acl, int aclcnt, size_t *size) 532 { 533 int i; 534 uint16_t entry_type; 535 zfs_ace_t *aceptr = z_acl; 536 ace_t *acep = datap; 537 zfs_object_ace_t *zobjacep; 538 ace_object_t *aceobjp; 539 540 for (i = 0; i != aclcnt; i++) { 541 aceptr->z_hdr.z_access_mask = acep->a_access_mask; 542 aceptr->z_hdr.z_flags = acep->a_flags; 543 aceptr->z_hdr.z_type = acep->a_type; 544 entry_type = aceptr->z_hdr.z_flags & ACE_TYPE_FLAGS; 545 if (entry_type != ACE_OWNER && entry_type != OWNING_GROUP && 546 entry_type != ACE_EVERYONE) 547 aceptr->z_fuid = (uint64_t)acep->a_who; 548 /* 549 * Make sure ACE is valid 550 */ 551 if (zfs_ace_valid(obj_type, aclp, aceptr->z_hdr.z_type, 552 aceptr->z_hdr.z_flags) != B_TRUE) 553 return (EINVAL); 554 555 switch (acep->a_type) { 556 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 557 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 558 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 559 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 560 zobjacep = (zfs_object_ace_t *)aceptr; 561 aceobjp = (ace_object_t *)acep; 562 563 bcopy(aceobjp->a_obj_type, zobjacep->z_object_type, 564 sizeof (aceobjp->a_obj_type)); 565 bcopy(aceobjp->a_inherit_obj_type, 566 zobjacep->z_inherit_type, 567 sizeof (aceobjp->a_inherit_obj_type)); 568 acep = (ace_t *)((caddr_t)acep + sizeof (ace_object_t)); 569 break; 570 default: 571 acep = (ace_t *)((caddr_t)acep + sizeof (ace_t)); 572 } 573 574 aceptr = (zfs_ace_t *)((caddr_t)aceptr + 575 aclp->z_ops.ace_size(aceptr)); 576 } 577 578 *size = (caddr_t)aceptr - (caddr_t)z_acl; 579 580 return (0); 581 } 582 583 /* 584 * Copy ZFS ACEs to fixed size ace_t layout 585 */ 586 static void 587 zfs_copy_fuid_2_ace(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, cred_t *cr, 588 void *datap, int filter) 589 { 590 uint64_t who; 591 uint32_t access_mask; 592 uint16_t iflags, type; 593 zfs_ace_hdr_t *zacep = NULL; 594 ace_t *acep = datap; 595 ace_object_t *objacep; 596 zfs_object_ace_t *zobjacep; 597 zfs_fuid_hdl_t hdl = { 0 }; 598 size_t ace_size; 599 uint16_t entry_type; 600 601 while (zacep = zfs_acl_next_ace(aclp, zacep, 602 &who, &access_mask, &iflags, &type)) { 603 604 switch (type) { 605 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 606 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 607 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 608 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 609 if (filter) { 610 continue; 611 } 612 zobjacep = (zfs_object_ace_t *)zacep; 613 objacep = (ace_object_t *)acep; 614 bcopy(zobjacep->z_object_type, 615 objacep->a_obj_type, 616 sizeof (zobjacep->z_object_type)); 617 bcopy(zobjacep->z_inherit_type, 618 objacep->a_inherit_obj_type, 619 sizeof (zobjacep->z_inherit_type)); 620 ace_size = sizeof (ace_object_t); 621 break; 622 default: 623 ace_size = sizeof (ace_t); 624 break; 625 } 626 627 entry_type = (iflags & ACE_TYPE_FLAGS); 628 if ((entry_type != ACE_OWNER && 629 entry_type != (ACE_GROUP | ACE_IDENTIFIER_GROUP) && 630 entry_type != ACE_EVERYONE)) 631 zfs_fuid_queue_map_id(zfsvfs, &hdl, who, cr, 632 (entry_type & ACE_IDENTIFIER_GROUP) ? 633 ZFS_ACE_GROUP : ZFS_ACE_USER, &acep->a_who); 634 else 635 acep->a_who = (uid_t)(int64_t)who; 636 acep->a_access_mask = access_mask; 637 acep->a_flags = iflags; 638 acep->a_type = type; 639 acep = (ace_t *)((caddr_t)acep + ace_size); 640 } 641 zfs_fuid_get_mappings(&hdl); 642 } 643 644 static int 645 zfs_copy_ace_2_oldace(vtype_t obj_type, zfs_acl_t *aclp, ace_t *acep, 646 zfs_oldace_t *z_acl, int aclcnt, size_t *size) 647 { 648 int i; 649 zfs_oldace_t *aceptr = z_acl; 650 651 for (i = 0; i != aclcnt; i++, aceptr++) { 652 aceptr->z_access_mask = acep[i].a_access_mask; 653 aceptr->z_type = acep[i].a_type; 654 aceptr->z_flags = acep[i].a_flags; 655 aceptr->z_fuid = acep[i].a_who; 656 /* 657 * Make sure ACE is valid 658 */ 659 if (zfs_ace_valid(obj_type, aclp, aceptr->z_type, 660 aceptr->z_flags) != B_TRUE) 661 return (EINVAL); 662 } 663 *size = (caddr_t)aceptr - (caddr_t)z_acl; 664 return (0); 665 } 666 667 /* 668 * convert old ACL format to new 669 */ 670 void 671 zfs_acl_xform(znode_t *zp, zfs_acl_t *aclp) 672 { 673 zfs_oldace_t *oldaclp; 674 int i; 675 uint16_t type, iflags; 676 uint32_t access_mask; 677 uint64_t who; 678 void *cookie = NULL; 679 zfs_acl_node_t *newaclnode; 680 681 ASSERT(aclp->z_version == ZFS_ACL_VERSION_INITIAL); 682 /* 683 * First create the ACE in a contiguous piece of memory 684 * for zfs_copy_ace_2_fuid(). 685 * 686 * We only convert an ACL once, so this won't happen 687 * everytime. 688 */ 689 oldaclp = kmem_alloc(sizeof (zfs_oldace_t) * aclp->z_acl_count, 690 KM_SLEEP); 691 i = 0; 692 while (cookie = zfs_acl_next_ace(aclp, cookie, &who, 693 &access_mask, &iflags, &type)) { 694 oldaclp[i].z_flags = iflags; 695 oldaclp[i].z_type = type; 696 oldaclp[i].z_fuid = who; 697 oldaclp[i++].z_access_mask = access_mask; 698 } 699 700 newaclnode = zfs_acl_node_alloc(aclp->z_acl_count * 701 sizeof (zfs_object_ace_t)); 702 aclp->z_ops = zfs_acl_fuid_ops; 703 VERIFY(zfs_copy_ace_2_fuid(ZTOV(zp)->v_type, aclp, oldaclp, 704 newaclnode->z_acldata, aclp->z_acl_count, 705 &newaclnode->z_size) == 0); 706 newaclnode->z_ace_count = aclp->z_acl_count; 707 aclp->z_version = ZFS_ACL_VERSION; 708 kmem_free(oldaclp, aclp->z_acl_count * sizeof (zfs_oldace_t)); 709 710 /* 711 * Release all previous ACL nodes 712 */ 713 714 zfs_acl_release_nodes(aclp); 715 716 list_insert_head(&aclp->z_acl, newaclnode); 717 718 aclp->z_acl_bytes = newaclnode->z_size; 719 aclp->z_acl_count = newaclnode->z_ace_count; 720 721 } 722 723 /* 724 * Convert unix access mask to v4 access mask 725 */ 726 static uint32_t 727 zfs_unix_to_v4(uint32_t access_mask) 728 { 729 uint32_t new_mask = 0; 730 731 if (access_mask & S_IXOTH) 732 new_mask |= ACE_EXECUTE; 733 if (access_mask & S_IWOTH) 734 new_mask |= ACE_WRITE_DATA; 735 if (access_mask & S_IROTH) 736 new_mask |= ACE_READ_DATA; 737 return (new_mask); 738 } 739 740 static void 741 zfs_set_ace(zfs_acl_t *aclp, void *acep, uint32_t access_mask, 742 uint16_t access_type, uint64_t fuid, uint16_t entry_type) 743 { 744 uint16_t type = entry_type & ACE_TYPE_FLAGS; 745 746 aclp->z_ops.ace_mask_set(acep, access_mask); 747 aclp->z_ops.ace_type_set(acep, access_type); 748 aclp->z_ops.ace_flags_set(acep, entry_type); 749 if ((type != ACE_OWNER && type != (ACE_GROUP | ACE_IDENTIFIER_GROUP) && 750 type != ACE_EVERYONE)) 751 aclp->z_ops.ace_who_set(acep, fuid); 752 } 753 754 /* 755 * Determine mode of file based on ACL. 756 * Also, create FUIDs for any User/Group ACEs 757 */ 758 static uint64_t 759 zfs_mode_fuid_compute(znode_t *zp, zfs_acl_t *aclp, cred_t *cr, 760 zfs_fuid_info_t **fuidp, dmu_tx_t *tx) 761 { 762 int entry_type; 763 mode_t mode; 764 mode_t seen = 0; 765 zfs_ace_hdr_t *acep = NULL; 766 uint64_t who; 767 uint16_t iflags, type; 768 uint32_t access_mask; 769 770 mode = (zp->z_phys->zp_mode & (S_IFMT | S_ISUID | S_ISGID | S_ISVTX)); 771 772 while (acep = zfs_acl_next_ace(aclp, acep, &who, 773 &access_mask, &iflags, &type)) { 774 775 /* 776 * Skip over inherit only ACEs 777 */ 778 if (iflags & ACE_INHERIT_ONLY_ACE) 779 continue; 780 781 entry_type = (iflags & ACE_TYPE_FLAGS); 782 783 if (entry_type == ACE_OWNER) { 784 if ((access_mask & ACE_READ_DATA) && 785 (!(seen & S_IRUSR))) { 786 seen |= S_IRUSR; 787 if (type == ALLOW) { 788 mode |= S_IRUSR; 789 } 790 } 791 if ((access_mask & ACE_WRITE_DATA) && 792 (!(seen & S_IWUSR))) { 793 seen |= S_IWUSR; 794 if (type == ALLOW) { 795 mode |= S_IWUSR; 796 } 797 } 798 if ((access_mask & ACE_EXECUTE) && 799 (!(seen & S_IXUSR))) { 800 seen |= S_IXUSR; 801 if (type == ALLOW) { 802 mode |= S_IXUSR; 803 } 804 } 805 } else if (entry_type == OWNING_GROUP) { 806 if ((access_mask & ACE_READ_DATA) && 807 (!(seen & S_IRGRP))) { 808 seen |= S_IRGRP; 809 if (type == ALLOW) { 810 mode |= S_IRGRP; 811 } 812 } 813 if ((access_mask & ACE_WRITE_DATA) && 814 (!(seen & S_IWGRP))) { 815 seen |= S_IWGRP; 816 if (type == ALLOW) { 817 mode |= S_IWGRP; 818 } 819 } 820 if ((access_mask & ACE_EXECUTE) && 821 (!(seen & S_IXGRP))) { 822 seen |= S_IXGRP; 823 if (type == ALLOW) { 824 mode |= S_IXGRP; 825 } 826 } 827 } else if (entry_type == ACE_EVERYONE) { 828 if ((access_mask & ACE_READ_DATA)) { 829 if (!(seen & S_IRUSR)) { 830 seen |= S_IRUSR; 831 if (type == ALLOW) { 832 mode |= S_IRUSR; 833 } 834 } 835 if (!(seen & S_IRGRP)) { 836 seen |= S_IRGRP; 837 if (type == ALLOW) { 838 mode |= S_IRGRP; 839 } 840 } 841 if (!(seen & S_IROTH)) { 842 seen |= S_IROTH; 843 if (type == ALLOW) { 844 mode |= S_IROTH; 845 } 846 } 847 } 848 if ((access_mask & ACE_WRITE_DATA)) { 849 if (!(seen & S_IWUSR)) { 850 seen |= S_IWUSR; 851 if (type == ALLOW) { 852 mode |= S_IWUSR; 853 } 854 } 855 if (!(seen & S_IWGRP)) { 856 seen |= S_IWGRP; 857 if (type == ALLOW) { 858 mode |= S_IWGRP; 859 } 860 } 861 if (!(seen & S_IWOTH)) { 862 seen |= S_IWOTH; 863 if (type == ALLOW) { 864 mode |= S_IWOTH; 865 } 866 } 867 } 868 if ((access_mask & ACE_EXECUTE)) { 869 if (!(seen & S_IXUSR)) { 870 seen |= S_IXUSR; 871 if (type == ALLOW) { 872 mode |= S_IXUSR; 873 } 874 } 875 if (!(seen & S_IXGRP)) { 876 seen |= S_IXGRP; 877 if (type == ALLOW) { 878 mode |= S_IXGRP; 879 } 880 } 881 if (!(seen & S_IXOTH)) { 882 seen |= S_IXOTH; 883 if (type == ALLOW) { 884 mode |= S_IXOTH; 885 } 886 } 887 } 888 } 889 /* 890 * Now handle FUID create for user/group ACEs 891 */ 892 if (entry_type == 0 || entry_type == ACE_IDENTIFIER_GROUP) { 893 aclp->z_ops.ace_who_set(acep, 894 zfs_fuid_create(zp->z_zfsvfs, who, cr, 895 entry_type == 0 ? ZFS_ACE_USER : ZFS_ACE_GROUP, tx, 896 fuidp)); 897 } 898 } 899 return (mode); 900 } 901 902 static zfs_acl_t * 903 zfs_acl_node_read_internal(znode_t *zp, boolean_t will_modify) 904 { 905 zfs_acl_t *aclp; 906 zfs_acl_node_t *aclnode; 907 908 aclp = zfs_acl_alloc(zp->z_phys->zp_acl.z_acl_version); 909 910 /* 911 * Version 0 to 1 znode_acl_phys has the size/count fields swapped. 912 * Version 0 didn't have a size field, only a count. 913 */ 914 if (zp->z_phys->zp_acl.z_acl_version == ZFS_ACL_VERSION_INITIAL) { 915 aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_size; 916 aclp->z_acl_bytes = ZFS_ACL_SIZE(aclp->z_acl_count); 917 } else { 918 aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_count; 919 aclp->z_acl_bytes = zp->z_phys->zp_acl.z_acl_size; 920 } 921 922 aclnode = zfs_acl_node_alloc(will_modify ? aclp->z_acl_bytes : 0); 923 aclnode->z_ace_count = aclp->z_acl_count; 924 if (will_modify) { 925 bcopy(zp->z_phys->zp_acl.z_ace_data, aclnode->z_acldata, 926 aclp->z_acl_bytes); 927 } else { 928 aclnode->z_size = aclp->z_acl_bytes; 929 aclnode->z_acldata = &zp->z_phys->zp_acl.z_ace_data[0]; 930 } 931 932 list_insert_head(&aclp->z_acl, aclnode); 933 934 return (aclp); 935 } 936 937 /* 938 * Read an external acl object. 939 */ 940 static int 941 zfs_acl_node_read(znode_t *zp, zfs_acl_t **aclpp, boolean_t will_modify) 942 { 943 uint64_t extacl = zp->z_phys->zp_acl.z_acl_extern_obj; 944 zfs_acl_t *aclp; 945 size_t aclsize; 946 size_t acl_count; 947 zfs_acl_node_t *aclnode; 948 int error; 949 950 ASSERT(MUTEX_HELD(&zp->z_acl_lock)); 951 952 if (zp->z_phys->zp_acl.z_acl_extern_obj == 0) { 953 *aclpp = zfs_acl_node_read_internal(zp, will_modify); 954 return (0); 955 } 956 957 aclp = zfs_acl_alloc(zp->z_phys->zp_acl.z_acl_version); 958 if (zp->z_phys->zp_acl.z_acl_version == ZFS_ACL_VERSION_INITIAL) { 959 zfs_acl_phys_v0_t *zacl0 = 960 (zfs_acl_phys_v0_t *)&zp->z_phys->zp_acl; 961 962 aclsize = ZFS_ACL_SIZE(zacl0->z_acl_count); 963 acl_count = zacl0->z_acl_count; 964 } else { 965 aclsize = zp->z_phys->zp_acl.z_acl_size; 966 acl_count = zp->z_phys->zp_acl.z_acl_count; 967 if (aclsize == 0) 968 aclsize = acl_count * sizeof (zfs_ace_t); 969 } 970 aclnode = zfs_acl_node_alloc(aclsize); 971 list_insert_head(&aclp->z_acl, aclnode); 972 error = dmu_read(zp->z_zfsvfs->z_os, extacl, 0, 973 aclsize, aclnode->z_acldata); 974 aclnode->z_ace_count = acl_count; 975 aclp->z_acl_count = acl_count; 976 aclp->z_acl_bytes = aclsize; 977 978 if (error != 0) { 979 zfs_acl_free(aclp); 980 return (error); 981 } 982 983 *aclpp = aclp; 984 return (0); 985 } 986 987 /* 988 * common code for setting ACLs. 989 * 990 * This function is called from zfs_mode_update, zfs_perm_init, and zfs_setacl. 991 * zfs_setacl passes a non-NULL inherit pointer (ihp) to indicate that it's 992 * already checked the acl and knows whether to inherit. 993 */ 994 int 995 zfs_aclset_common(znode_t *zp, zfs_acl_t *aclp, cred_t *cr, 996 zfs_fuid_info_t **fuidp, dmu_tx_t *tx) 997 { 998 int error; 999 znode_phys_t *zphys = zp->z_phys; 1000 zfs_acl_phys_t *zacl = &zphys->zp_acl; 1001 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 1002 uint64_t aoid = zphys->zp_acl.z_acl_extern_obj; 1003 uint64_t off = 0; 1004 dmu_object_type_t otype; 1005 zfs_acl_node_t *aclnode; 1006 1007 ASSERT(MUTEX_HELD(&zp->z_lock)); 1008 ASSERT(MUTEX_HELD(&zp->z_acl_lock)); 1009 1010 dmu_buf_will_dirty(zp->z_dbuf, tx); 1011 1012 zphys->zp_mode = zfs_mode_fuid_compute(zp, aclp, cr, fuidp, tx); 1013 1014 /* 1015 * Decide which opbject type to use. If we are forced to 1016 * use old ACL format than transform ACL into zfs_oldace_t 1017 * layout. 1018 */ 1019 if (!zfsvfs->z_use_fuids) { 1020 otype = DMU_OT_OLDACL; 1021 } else { 1022 if ((aclp->z_version == ZFS_ACL_VERSION_INITIAL) && 1023 (zfsvfs->z_version >= ZPL_VERSION_FUID)) 1024 zfs_acl_xform(zp, aclp); 1025 ASSERT(aclp->z_version >= ZFS_ACL_VERSION_FUID); 1026 otype = DMU_OT_ACL; 1027 } 1028 1029 if (aclp->z_acl_bytes > ZFS_ACE_SPACE) { 1030 /* 1031 * If ACL was previously external and we are now 1032 * converting to new ACL format then release old 1033 * ACL object and create a new one. 1034 */ 1035 if (aoid && aclp->z_version != zacl->z_acl_version) { 1036 error = dmu_object_free(zfsvfs->z_os, 1037 zp->z_phys->zp_acl.z_acl_extern_obj, tx); 1038 if (error) 1039 return (error); 1040 aoid = 0; 1041 } 1042 if (aoid == 0) { 1043 aoid = dmu_object_alloc(zfsvfs->z_os, 1044 otype, aclp->z_acl_bytes, 1045 otype == DMU_OT_ACL ? DMU_OT_SYSACL : DMU_OT_NONE, 1046 otype == DMU_OT_ACL ? DN_MAX_BONUSLEN : 0, tx); 1047 } else { 1048 (void) dmu_object_set_blocksize(zfsvfs->z_os, aoid, 1049 aclp->z_acl_bytes, 0, tx); 1050 } 1051 zphys->zp_acl.z_acl_extern_obj = aoid; 1052 for (aclnode = list_head(&aclp->z_acl); aclnode; 1053 aclnode = list_next(&aclp->z_acl, aclnode)) { 1054 if (aclnode->z_ace_count == 0) 1055 continue; 1056 dmu_write(zfsvfs->z_os, aoid, off, 1057 aclnode->z_size, aclnode->z_acldata, tx); 1058 off += aclnode->z_size; 1059 } 1060 } else { 1061 void *start = zacl->z_ace_data; 1062 /* 1063 * Migrating back embedded? 1064 */ 1065 if (zphys->zp_acl.z_acl_extern_obj) { 1066 error = dmu_object_free(zfsvfs->z_os, 1067 zp->z_phys->zp_acl.z_acl_extern_obj, tx); 1068 if (error) 1069 return (error); 1070 zphys->zp_acl.z_acl_extern_obj = 0; 1071 } 1072 1073 for (aclnode = list_head(&aclp->z_acl); aclnode; 1074 aclnode = list_next(&aclp->z_acl, aclnode)) { 1075 if (aclnode->z_ace_count == 0) 1076 continue; 1077 bcopy(aclnode->z_acldata, start, aclnode->z_size); 1078 start = (caddr_t)start + aclnode->z_size; 1079 } 1080 } 1081 1082 /* 1083 * If Old version then swap count/bytes to match old 1084 * layout of znode_acl_phys_t. 1085 */ 1086 if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) { 1087 zphys->zp_acl.z_acl_size = aclp->z_acl_count; 1088 zphys->zp_acl.z_acl_count = aclp->z_acl_bytes; 1089 } else { 1090 zphys->zp_acl.z_acl_size = aclp->z_acl_bytes; 1091 zphys->zp_acl.z_acl_count = aclp->z_acl_count; 1092 } 1093 1094 zphys->zp_acl.z_acl_version = aclp->z_version; 1095 1096 /* 1097 * Replace ACL wide bits, but first clear them. 1098 */ 1099 zp->z_phys->zp_flags &= ~ZFS_ACL_WIDE_FLAGS; 1100 1101 zp->z_phys->zp_flags |= aclp->z_hints; 1102 1103 if (ace_trivial_common(aclp, 0, zfs_ace_walk) == 0) 1104 zp->z_phys->zp_flags |= ZFS_ACL_TRIVIAL; 1105 1106 zfs_time_stamper_locked(zp, STATE_CHANGED, tx); 1107 return (0); 1108 } 1109 1110 /* 1111 * Update access mask for prepended ACE 1112 * 1113 * This applies the "groupmask" value for aclmode property. 1114 */ 1115 static void 1116 zfs_acl_prepend_fixup(zfs_acl_t *aclp, void *acep, void *origacep, 1117 mode_t mode, uint64_t owner) 1118 { 1119 int rmask, wmask, xmask; 1120 int user_ace; 1121 uint16_t aceflags; 1122 uint32_t origmask, acepmask; 1123 uint64_t fuid; 1124 1125 aceflags = aclp->z_ops.ace_flags_get(acep); 1126 fuid = aclp->z_ops.ace_who_get(acep); 1127 origmask = aclp->z_ops.ace_mask_get(origacep); 1128 acepmask = aclp->z_ops.ace_mask_get(acep); 1129 1130 user_ace = (!(aceflags & 1131 (ACE_OWNER|ACE_GROUP|ACE_IDENTIFIER_GROUP))); 1132 1133 if (user_ace && (fuid == owner)) { 1134 rmask = S_IRUSR; 1135 wmask = S_IWUSR; 1136 xmask = S_IXUSR; 1137 } else { 1138 rmask = S_IRGRP; 1139 wmask = S_IWGRP; 1140 xmask = S_IXGRP; 1141 } 1142 1143 if (origmask & ACE_READ_DATA) { 1144 if (mode & rmask) { 1145 acepmask &= ~ACE_READ_DATA; 1146 } else { 1147 acepmask |= ACE_READ_DATA; 1148 } 1149 } 1150 1151 if (origmask & ACE_WRITE_DATA) { 1152 if (mode & wmask) { 1153 acepmask &= ~ACE_WRITE_DATA; 1154 } else { 1155 acepmask |= ACE_WRITE_DATA; 1156 } 1157 } 1158 1159 if (origmask & ACE_APPEND_DATA) { 1160 if (mode & wmask) { 1161 acepmask &= ~ACE_APPEND_DATA; 1162 } else { 1163 acepmask |= ACE_APPEND_DATA; 1164 } 1165 } 1166 1167 if (origmask & ACE_EXECUTE) { 1168 if (mode & xmask) { 1169 acepmask &= ~ACE_EXECUTE; 1170 } else { 1171 acepmask |= ACE_EXECUTE; 1172 } 1173 } 1174 aclp->z_ops.ace_mask_set(acep, acepmask); 1175 } 1176 1177 /* 1178 * Apply mode to canonical six ACEs. 1179 */ 1180 static void 1181 zfs_acl_fixup_canonical_six(zfs_acl_t *aclp, mode_t mode) 1182 { 1183 zfs_acl_node_t *aclnode = list_tail(&aclp->z_acl); 1184 void *acep; 1185 int maskoff = aclp->z_ops.ace_mask_off(); 1186 size_t abstract_size = aclp->z_ops.ace_abstract_size(); 1187 1188 ASSERT(aclnode != NULL); 1189 1190 acep = (void *)((caddr_t)aclnode->z_acldata + 1191 aclnode->z_size - (abstract_size * 6)); 1192 1193 /* 1194 * Fixup final ACEs to match the mode 1195 */ 1196 1197 adjust_ace_pair_common(acep, maskoff, abstract_size, 1198 (mode & 0700) >> 6); /* owner@ */ 1199 1200 acep = (caddr_t)acep + (abstract_size * 2); 1201 1202 adjust_ace_pair_common(acep, maskoff, abstract_size, 1203 (mode & 0070) >> 3); /* group@ */ 1204 1205 acep = (caddr_t)acep + (abstract_size * 2); 1206 adjust_ace_pair_common(acep, maskoff, 1207 abstract_size, mode); /* everyone@ */ 1208 } 1209 1210 1211 static int 1212 zfs_acl_ace_match(zfs_acl_t *aclp, void *acep, int allow_deny, 1213 int entry_type, int accessmask) 1214 { 1215 uint32_t mask = aclp->z_ops.ace_mask_get(acep); 1216 uint16_t type = aclp->z_ops.ace_type_get(acep); 1217 uint16_t flags = aclp->z_ops.ace_flags_get(acep); 1218 1219 return (mask == accessmask && type == allow_deny && 1220 ((flags & ACE_TYPE_FLAGS) == entry_type)); 1221 } 1222 1223 /* 1224 * Can prepended ACE be reused? 1225 */ 1226 static int 1227 zfs_reuse_deny(zfs_acl_t *aclp, void *acep, void *prevacep) 1228 { 1229 int okay_masks; 1230 uint16_t prevtype; 1231 uint16_t prevflags; 1232 uint16_t flags; 1233 uint32_t mask, prevmask; 1234 1235 if (prevacep == NULL) 1236 return (B_FALSE); 1237 1238 prevtype = aclp->z_ops.ace_type_get(prevacep); 1239 prevflags = aclp->z_ops.ace_flags_get(prevacep); 1240 flags = aclp->z_ops.ace_flags_get(acep); 1241 mask = aclp->z_ops.ace_mask_get(acep); 1242 prevmask = aclp->z_ops.ace_mask_get(prevacep); 1243 1244 if (prevtype != DENY) 1245 return (B_FALSE); 1246 1247 if (prevflags != (flags & ACE_IDENTIFIER_GROUP)) 1248 return (B_FALSE); 1249 1250 okay_masks = (mask & OKAY_MASK_BITS); 1251 1252 if (prevmask & ~okay_masks) 1253 return (B_FALSE); 1254 1255 return (B_TRUE); 1256 } 1257 1258 1259 /* 1260 * Insert new ACL node into chain of zfs_acl_node_t's 1261 * 1262 * This will result in two possible results. 1263 * 1. If the ACL is currently just a single zfs_acl_node and 1264 * we are prepending the entry then current acl node will have 1265 * a new node inserted above it. 1266 * 1267 * 2. If we are inserting in the middle of current acl node then 1268 * the current node will be split in two and new node will be inserted 1269 * in between the two split nodes. 1270 */ 1271 static zfs_acl_node_t * 1272 zfs_acl_ace_insert(zfs_acl_t *aclp, void *acep) 1273 { 1274 zfs_acl_node_t *newnode; 1275 zfs_acl_node_t *trailernode = NULL; 1276 zfs_acl_node_t *currnode = zfs_acl_curr_node(aclp); 1277 int curr_idx = aclp->z_curr_node->z_ace_idx; 1278 int trailer_count; 1279 size_t oldsize; 1280 1281 newnode = zfs_acl_node_alloc(aclp->z_ops.ace_size(acep)); 1282 newnode->z_ace_count = 1; 1283 1284 oldsize = currnode->z_size; 1285 1286 if (curr_idx != 1) { 1287 trailernode = zfs_acl_node_alloc(0); 1288 trailernode->z_acldata = acep; 1289 1290 trailer_count = currnode->z_ace_count - curr_idx + 1; 1291 currnode->z_ace_count = curr_idx - 1; 1292 currnode->z_size = (caddr_t)acep - (caddr_t)currnode->z_acldata; 1293 trailernode->z_size = oldsize - currnode->z_size; 1294 trailernode->z_ace_count = trailer_count; 1295 } 1296 1297 aclp->z_acl_count += 1; 1298 aclp->z_acl_bytes += aclp->z_ops.ace_size(acep); 1299 1300 if (curr_idx == 1) 1301 list_insert_before(&aclp->z_acl, currnode, newnode); 1302 else 1303 list_insert_after(&aclp->z_acl, currnode, newnode); 1304 if (trailernode) { 1305 list_insert_after(&aclp->z_acl, newnode, trailernode); 1306 aclp->z_curr_node = trailernode; 1307 trailernode->z_ace_idx = 1; 1308 } 1309 1310 return (newnode); 1311 } 1312 1313 /* 1314 * Prepend deny ACE 1315 */ 1316 static void * 1317 zfs_acl_prepend_deny(znode_t *zp, zfs_acl_t *aclp, void *acep, 1318 mode_t mode) 1319 { 1320 zfs_acl_node_t *aclnode; 1321 void *newacep; 1322 uint64_t fuid; 1323 uint16_t flags; 1324 1325 aclnode = zfs_acl_ace_insert(aclp, acep); 1326 newacep = aclnode->z_acldata; 1327 fuid = aclp->z_ops.ace_who_get(acep); 1328 flags = aclp->z_ops.ace_flags_get(acep); 1329 zfs_set_ace(aclp, newacep, 0, DENY, fuid, (flags & ACE_TYPE_FLAGS)); 1330 zfs_acl_prepend_fixup(aclp, newacep, acep, mode, zp->z_phys->zp_uid); 1331 1332 return (newacep); 1333 } 1334 1335 /* 1336 * Split an inherited ACE into inherit_only ACE 1337 * and original ACE with inheritance flags stripped off. 1338 */ 1339 static void 1340 zfs_acl_split_ace(zfs_acl_t *aclp, zfs_ace_hdr_t *acep) 1341 { 1342 zfs_acl_node_t *aclnode; 1343 zfs_acl_node_t *currnode; 1344 void *newacep; 1345 uint16_t type, flags; 1346 uint32_t mask; 1347 uint64_t fuid; 1348 1349 type = aclp->z_ops.ace_type_get(acep); 1350 flags = aclp->z_ops.ace_flags_get(acep); 1351 mask = aclp->z_ops.ace_mask_get(acep); 1352 fuid = aclp->z_ops.ace_who_get(acep); 1353 1354 aclnode = zfs_acl_ace_insert(aclp, acep); 1355 newacep = aclnode->z_acldata; 1356 1357 aclp->z_ops.ace_type_set(newacep, type); 1358 aclp->z_ops.ace_flags_set(newacep, flags | ACE_INHERIT_ONLY_ACE); 1359 aclp->z_ops.ace_mask_set(newacep, mask); 1360 aclp->z_ops.ace_type_set(newacep, type); 1361 aclp->z_ops.ace_who_set(newacep, fuid); 1362 aclp->z_next_ace = acep; 1363 flags &= ~ALL_INHERIT; 1364 aclp->z_ops.ace_flags_set(acep, flags); 1365 currnode = zfs_acl_curr_node(aclp); 1366 ASSERT(currnode->z_ace_idx >= 1); 1367 currnode->z_ace_idx -= 1; 1368 } 1369 1370 /* 1371 * Are ACES started at index i, the canonical six ACES? 1372 */ 1373 static int 1374 zfs_have_canonical_six(zfs_acl_t *aclp) 1375 { 1376 void *acep; 1377 zfs_acl_node_t *aclnode = list_tail(&aclp->z_acl); 1378 int i = 0; 1379 size_t abstract_size = aclp->z_ops.ace_abstract_size(); 1380 1381 ASSERT(aclnode != NULL); 1382 1383 if (aclnode->z_ace_count < 6) 1384 return (0); 1385 1386 acep = (void *)((caddr_t)aclnode->z_acldata + 1387 aclnode->z_size - (aclp->z_ops.ace_abstract_size() * 6)); 1388 1389 if ((zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), 1390 DENY, ACE_OWNER, 0) && 1391 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), 1392 ALLOW, ACE_OWNER, OWNER_ALLOW_MASK) && 1393 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), DENY, 1394 OWNING_GROUP, 0) && zfs_acl_ace_match(aclp, (caddr_t)acep + 1395 (abstract_size * i++), 1396 ALLOW, OWNING_GROUP, 0) && 1397 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), 1398 DENY, ACE_EVERYONE, EVERYONE_DENY_MASK) && 1399 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), 1400 ALLOW, ACE_EVERYONE, EVERYONE_ALLOW_MASK))) { 1401 return (1); 1402 } else { 1403 return (0); 1404 } 1405 } 1406 1407 1408 /* 1409 * Apply step 1g, to group entries 1410 * 1411 * Need to deal with corner case where group may have 1412 * greater permissions than owner. If so then limit 1413 * group permissions, based on what extra permissions 1414 * group has. 1415 */ 1416 static void 1417 zfs_fixup_group_entries(zfs_acl_t *aclp, void *acep, void *prevacep, 1418 mode_t mode) 1419 { 1420 uint32_t prevmask = aclp->z_ops.ace_mask_get(prevacep); 1421 uint32_t mask = aclp->z_ops.ace_mask_get(acep); 1422 uint16_t prevflags = aclp->z_ops.ace_flags_get(prevacep); 1423 mode_t extramode = (mode >> 3) & 07; 1424 mode_t ownermode = (mode >> 6); 1425 1426 if (prevflags & ACE_IDENTIFIER_GROUP) { 1427 1428 extramode &= ~ownermode; 1429 1430 if (extramode) { 1431 if (extramode & S_IROTH) { 1432 prevmask &= ~ACE_READ_DATA; 1433 mask &= ~ACE_READ_DATA; 1434 } 1435 if (extramode & S_IWOTH) { 1436 prevmask &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA); 1437 mask &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA); 1438 } 1439 if (extramode & S_IXOTH) { 1440 prevmask &= ~ACE_EXECUTE; 1441 mask &= ~ACE_EXECUTE; 1442 } 1443 } 1444 } 1445 aclp->z_ops.ace_mask_set(acep, mask); 1446 aclp->z_ops.ace_mask_set(prevacep, prevmask); 1447 } 1448 1449 /* 1450 * Apply the chmod algorithm as described 1451 * in PSARC/2002/240 1452 */ 1453 static int 1454 zfs_acl_chmod(znode_t *zp, uint64_t mode, zfs_acl_t *aclp, 1455 dmu_tx_t *tx, cred_t *cr) 1456 { 1457 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 1458 void *acep = NULL, *prevacep = NULL; 1459 uint64_t who; 1460 int i; 1461 int error; 1462 int entry_type; 1463 int reuse_deny; 1464 int need_canonical_six = 1; 1465 uint16_t iflags, type; 1466 uint32_t access_mask; 1467 1468 ASSERT(MUTEX_HELD(&zp->z_acl_lock)); 1469 ASSERT(MUTEX_HELD(&zp->z_lock)); 1470 1471 aclp->z_hints = (zp->z_phys->zp_flags & V4_ACL_WIDE_FLAGS); 1472 1473 /* 1474 * If discard then just discard all ACL nodes which 1475 * represent the ACEs. 1476 * 1477 * New owner@/group@/everone@ ACEs will be added 1478 * later. 1479 */ 1480 if (zfsvfs->z_acl_mode == ZFS_ACL_DISCARD) 1481 zfs_acl_release_nodes(aclp); 1482 1483 while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask, 1484 &iflags, &type)) { 1485 1486 entry_type = (iflags & ACE_TYPE_FLAGS); 1487 iflags = (iflags & ALL_INHERIT); 1488 1489 if ((type != ALLOW && type != DENY) || 1490 (iflags & ACE_INHERIT_ONLY_ACE)) { 1491 if (iflags) 1492 aclp->z_hints |= ZFS_INHERIT_ACE; 1493 switch (type) { 1494 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 1495 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 1496 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 1497 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 1498 aclp->z_hints |= ZFS_ACL_OBJ_ACE; 1499 break; 1500 } 1501 goto nextace; 1502 } 1503 1504 /* 1505 * Need to split ace into two? 1506 */ 1507 if ((iflags & (ACE_FILE_INHERIT_ACE| 1508 ACE_DIRECTORY_INHERIT_ACE)) && 1509 (!(iflags & ACE_INHERIT_ONLY_ACE))) { 1510 zfs_acl_split_ace(aclp, acep); 1511 aclp->z_hints |= ZFS_INHERIT_ACE; 1512 goto nextace; 1513 } 1514 1515 if (entry_type == ACE_OWNER || entry_type == ACE_EVERYONE || 1516 (entry_type == OWNING_GROUP)) { 1517 access_mask &= ~OGE_CLEAR; 1518 aclp->z_ops.ace_mask_set(acep, access_mask); 1519 goto nextace; 1520 } else { 1521 reuse_deny = B_TRUE; 1522 if (type == ALLOW) { 1523 1524 /* 1525 * Check preceding ACE if any, to see 1526 * if we need to prepend a DENY ACE. 1527 * This is only applicable when the acl_mode 1528 * property == groupmask. 1529 */ 1530 if (zfsvfs->z_acl_mode == ZFS_ACL_GROUPMASK) { 1531 1532 reuse_deny = zfs_reuse_deny(aclp, acep, 1533 prevacep); 1534 1535 if (reuse_deny == B_FALSE) { 1536 prevacep = 1537 zfs_acl_prepend_deny(zp, 1538 aclp, acep, mode); 1539 } else { 1540 zfs_acl_prepend_fixup( 1541 aclp, prevacep, 1542 acep, mode, 1543 zp->z_phys->zp_uid); 1544 } 1545 zfs_fixup_group_entries(aclp, acep, 1546 prevacep, mode); 1547 1548 } 1549 } 1550 } 1551 nextace: 1552 prevacep = acep; 1553 } 1554 1555 /* 1556 * Check out last six aces, if we have six. 1557 */ 1558 1559 if (aclp->z_acl_count >= 6) { 1560 if (zfs_have_canonical_six(aclp)) { 1561 need_canonical_six = 0; 1562 } 1563 } 1564 1565 if (need_canonical_six) { 1566 size_t abstract_size = aclp->z_ops.ace_abstract_size(); 1567 void *zacep; 1568 zfs_acl_node_t *aclnode = 1569 zfs_acl_node_alloc(abstract_size * 6); 1570 1571 aclnode->z_size = abstract_size * 6; 1572 aclnode->z_ace_count = 6; 1573 aclp->z_acl_bytes += aclnode->z_size; 1574 list_insert_tail(&aclp->z_acl, aclnode); 1575 1576 zacep = aclnode->z_acldata; 1577 1578 i = 0; 1579 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 1580 0, DENY, -1, ACE_OWNER); 1581 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 1582 OWNER_ALLOW_MASK, ALLOW, -1, ACE_OWNER); 1583 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 0, 1584 DENY, -1, OWNING_GROUP); 1585 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 0, 1586 ALLOW, -1, OWNING_GROUP); 1587 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 1588 EVERYONE_DENY_MASK, DENY, -1, ACE_EVERYONE); 1589 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 1590 EVERYONE_ALLOW_MASK, ALLOW, -1, ACE_EVERYONE); 1591 aclp->z_acl_count += 6; 1592 } 1593 1594 zfs_acl_fixup_canonical_six(aclp, mode); 1595 zp->z_phys->zp_mode = mode; 1596 error = zfs_aclset_common(zp, aclp, cr, NULL, tx); 1597 return (error); 1598 } 1599 1600 int 1601 zfs_acl_chmod_setattr(znode_t *zp, uint64_t mode, dmu_tx_t *tx, cred_t *cr) 1602 { 1603 zfs_acl_t *aclp = NULL; 1604 int error; 1605 1606 ASSERT(MUTEX_HELD(&zp->z_lock)); 1607 mutex_enter(&zp->z_acl_lock); 1608 error = zfs_acl_node_read(zp, &aclp, B_TRUE); 1609 if (error == 0) 1610 error = zfs_acl_chmod(zp, mode, aclp, tx, cr); 1611 mutex_exit(&zp->z_acl_lock); 1612 if (aclp) 1613 zfs_acl_free(aclp); 1614 return (error); 1615 } 1616 1617 /* 1618 * strip off write_owner and write_acl 1619 */ 1620 static void 1621 zfs_securemode_update(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, void *acep) 1622 { 1623 uint32_t mask = aclp->z_ops.ace_mask_get(acep); 1624 1625 if ((zfsvfs->z_acl_inherit == ZFS_ACL_SECURE) && 1626 (aclp->z_ops.ace_type_get(acep) == ALLOW)) { 1627 mask &= ~SECURE_CLEAR; 1628 aclp->z_ops.ace_mask_set(acep, mask); 1629 } 1630 } 1631 1632 /* 1633 * Should ACE be inherited? 1634 */ 1635 static int 1636 zfs_ace_can_use(znode_t *zp, uint16_t acep_flags) 1637 { 1638 int vtype = ZTOV(zp)->v_type; 1639 int iflags = (acep_flags & 0xf); 1640 1641 if ((vtype == VDIR) && (iflags & ACE_DIRECTORY_INHERIT_ACE)) 1642 return (1); 1643 else if (iflags & ACE_FILE_INHERIT_ACE) 1644 return (!((vtype == VDIR) && 1645 (iflags & ACE_NO_PROPAGATE_INHERIT_ACE))); 1646 return (0); 1647 } 1648 1649 /* 1650 * inherit inheritable ACEs from parent 1651 */ 1652 static zfs_acl_t * 1653 zfs_acl_inherit(znode_t *zp, zfs_acl_t *paclp) 1654 { 1655 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 1656 void *pacep; 1657 void *acep, *acep2; 1658 zfs_acl_node_t *aclnode, *aclnode2; 1659 zfs_acl_t *aclp = NULL; 1660 uint64_t who; 1661 uint32_t access_mask; 1662 uint16_t iflags, newflags, type; 1663 size_t ace_size; 1664 void *data1, *data2; 1665 size_t data1sz, data2sz; 1666 1667 pacep = NULL; 1668 aclp = zfs_acl_alloc(zfs_acl_version_zp(zp)); 1669 if (zfsvfs->z_acl_inherit != ZFS_ACL_DISCARD) { 1670 while (pacep = zfs_acl_next_ace(paclp, pacep, &who, 1671 &access_mask, &iflags, &type)) { 1672 1673 if (zfsvfs->z_acl_inherit == ZFS_ACL_NOALLOW && 1674 type == ALLOW) 1675 continue; 1676 1677 ace_size = aclp->z_ops.ace_size(pacep); 1678 1679 if (zfs_ace_can_use(zp, iflags)) { 1680 aclnode = 1681 zfs_acl_node_alloc(ace_size); 1682 1683 list_insert_tail(&aclp->z_acl, aclnode); 1684 acep = aclnode->z_acldata; 1685 zfs_set_ace(aclp, acep, access_mask, type, 1686 who, iflags|ACE_INHERITED_ACE); 1687 1688 /* 1689 * Copy special opaque data if any 1690 */ 1691 if ((data1sz = paclp->z_ops.ace_data(pacep, 1692 &data1)) != 0) { 1693 VERIFY((data2sz = 1694 aclp->z_ops.ace_data(acep, 1695 &data2)) == data1sz); 1696 bcopy(data1, data2, data2sz); 1697 } 1698 aclp->z_acl_count++; 1699 aclnode->z_ace_count++; 1700 aclp->z_acl_bytes += aclnode->z_size; 1701 newflags = aclp->z_ops.ace_flags_get(acep); 1702 if ((iflags & 1703 ACE_NO_PROPAGATE_INHERIT_ACE) || 1704 (ZTOV(zp)->v_type != VDIR)) { 1705 newflags &= ~ALL_INHERIT; 1706 aclp->z_ops.ace_flags_set(acep, 1707 newflags|ACE_INHERITED_ACE); 1708 zfs_securemode_update(zfsvfs, 1709 aclp, acep); 1710 continue; 1711 } 1712 1713 ASSERT(ZTOV(zp)->v_type == VDIR); 1714 1715 newflags = aclp->z_ops.ace_flags_get(acep); 1716 if ((iflags & (ACE_FILE_INHERIT_ACE | 1717 ACE_DIRECTORY_INHERIT_ACE)) != 1718 ACE_FILE_INHERIT_ACE) { 1719 aclnode2 = zfs_acl_node_alloc(ace_size); 1720 list_insert_tail(&aclp->z_acl, 1721 aclnode2); 1722 acep2 = aclnode2->z_acldata; 1723 zfs_set_ace(aclp, acep2, 1724 access_mask, type, who, 1725 iflags|ACE_INHERITED_ACE); 1726 newflags |= ACE_INHERIT_ONLY_ACE; 1727 aclp->z_ops.ace_flags_set(acep, 1728 newflags); 1729 newflags &= ~ALL_INHERIT; 1730 aclp->z_ops.ace_flags_set(acep2, 1731 newflags|ACE_INHERITED_ACE); 1732 1733 /* 1734 * Copy special opaque data if any 1735 */ 1736 if ((data1sz = 1737 aclp->z_ops.ace_data(acep, 1738 &data1)) != 0) { 1739 VERIFY((data2sz = 1740 aclp->z_ops.ace_data(acep2, 1741 &data2)) == data1sz); 1742 bcopy(data1, data2, data1sz); 1743 } 1744 aclp->z_acl_count++; 1745 aclnode2->z_ace_count++; 1746 aclp->z_acl_bytes += aclnode->z_size; 1747 zfs_securemode_update(zfsvfs, 1748 aclp, acep2); 1749 } else { 1750 newflags |= ACE_INHERIT_ONLY_ACE; 1751 aclp->z_ops.ace_flags_set(acep, 1752 newflags|ACE_INHERITED_ACE); 1753 } 1754 1755 } 1756 } 1757 } 1758 return (aclp); 1759 } 1760 1761 /* 1762 * Create file system object initial permissions 1763 * including inheritable ACEs. 1764 */ 1765 void 1766 zfs_perm_init(znode_t *zp, znode_t *parent, int flag, 1767 vattr_t *vap, dmu_tx_t *tx, cred_t *cr, 1768 zfs_acl_t *setaclp, zfs_fuid_info_t **fuidp) 1769 { 1770 uint64_t mode; 1771 uint64_t uid; 1772 uint64_t gid; 1773 int error; 1774 int pull_down; 1775 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 1776 zfs_acl_t *aclp = NULL; 1777 zfs_acl_t *paclp; 1778 xvattr_t *xvap = (xvattr_t *)vap; 1779 1780 if (setaclp) 1781 aclp = setaclp; 1782 1783 mode = MAKEIMODE(vap->va_type, vap->va_mode); 1784 1785 /* 1786 * Determine uid and gid. 1787 */ 1788 if ((flag & (IS_ROOT_NODE | IS_REPLAY)) || 1789 ((flag & IS_XATTR) && (vap->va_type == VDIR))) { 1790 uid = zfs_fuid_create(zfsvfs, vap->va_uid, cr, 1791 ZFS_OWNER, tx, fuidp); 1792 gid = zfs_fuid_create(zfsvfs, vap->va_gid, cr, 1793 ZFS_GROUP, tx, fuidp); 1794 } else { 1795 uid = zfs_fuid_create_cred(zfsvfs, crgetuid(cr), 1796 ZFS_OWNER, tx, cr, fuidp); 1797 if ((vap->va_mask & AT_GID) && 1798 ((vap->va_gid == parent->z_phys->zp_gid) || 1799 groupmember(vap->va_gid, cr) || 1800 secpolicy_vnode_create_gid(cr) == 0)) { 1801 gid = zfs_fuid_create_cred(zfsvfs, vap->va_gid, 1802 ZFS_GROUP, tx, cr, fuidp); 1803 } else { 1804 gid = (parent->z_phys->zp_mode & S_ISGID) ? 1805 parent->z_phys->zp_gid : crgetgid(cr); 1806 gid = zfs_fuid_create_cred(zfsvfs, gid, 1807 ZFS_GROUP, tx, cr, fuidp); 1808 } 1809 } 1810 1811 /* 1812 * If we're creating a directory, and the parent directory has the 1813 * set-GID bit set, set in on the new directory. 1814 * Otherwise, if the user is neither privileged nor a member of the 1815 * file's new group, clear the file's set-GID bit. 1816 */ 1817 1818 if ((parent->z_phys->zp_mode & S_ISGID) && (vap->va_type == VDIR)) 1819 mode |= S_ISGID; 1820 else { 1821 if ((mode & S_ISGID) && 1822 secpolicy_vnode_setids_setgids(cr, gid) != 0) 1823 mode &= ~S_ISGID; 1824 } 1825 1826 zp->z_phys->zp_uid = uid; 1827 zp->z_phys->zp_gid = gid; 1828 zp->z_phys->zp_mode = mode; 1829 1830 if (aclp == NULL) { 1831 mutex_enter(&parent->z_lock); 1832 pull_down = (parent->z_phys->zp_flags & ZFS_INHERIT_ACE); 1833 if (pull_down) { 1834 mutex_enter(&parent->z_acl_lock); 1835 VERIFY(0 == zfs_acl_node_read(parent, &paclp, B_FALSE)); 1836 mutex_exit(&parent->z_acl_lock); 1837 aclp = zfs_acl_inherit(zp, paclp); 1838 zfs_acl_free(paclp); 1839 } else { 1840 aclp = zfs_acl_alloc(zfs_acl_version_zp(zp)); 1841 } 1842 mutex_exit(&parent->z_lock); 1843 mutex_enter(&zp->z_lock); 1844 mutex_enter(&zp->z_acl_lock); 1845 error = zfs_acl_chmod(zp, mode, aclp, tx, cr); 1846 } else { 1847 mutex_enter(&zp->z_lock); 1848 mutex_enter(&zp->z_acl_lock); 1849 } 1850 1851 /* Force auto_inherit on all new directory objects */ 1852 if (vap->va_type == VDIR) 1853 aclp->z_hints |= ZFS_ACL_AUTO_INHERIT; 1854 1855 error = zfs_aclset_common(zp, aclp, cr, fuidp, tx); 1856 1857 /* Set optional attributes if any */ 1858 if (vap->va_mask & AT_XVATTR) 1859 zfs_xvattr_set(zp, xvap); 1860 1861 mutex_exit(&zp->z_lock); 1862 mutex_exit(&zp->z_acl_lock); 1863 ASSERT3U(error, ==, 0); 1864 1865 if (aclp != setaclp) { 1866 zfs_acl_free(aclp); 1867 } 1868 } 1869 1870 /* 1871 * Retrieve a files ACL 1872 */ 1873 int 1874 zfs_getacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr) 1875 { 1876 zfs_acl_t *aclp; 1877 ulong_t mask; 1878 int error; 1879 int count = 0; 1880 int largeace = 0; 1881 1882 mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT | 1883 VSA_ACE_ACLFLAGS | VSA_ACE_ALLTYPES); 1884 1885 if (error = zfs_zaccess(zp, ACE_READ_ACL, 0, skipaclchk, cr)) 1886 return (error); 1887 1888 if (mask == 0) 1889 return (ENOSYS); 1890 1891 mutex_enter(&zp->z_acl_lock); 1892 1893 error = zfs_acl_node_read(zp, &aclp, B_FALSE); 1894 if (error != 0) { 1895 mutex_exit(&zp->z_acl_lock); 1896 return (error); 1897 } 1898 1899 /* 1900 * Scan ACL to determine number of ACEs 1901 */ 1902 if ((zp->z_phys->zp_flags & ZFS_ACL_OBJ_ACE) && 1903 !(mask & VSA_ACE_ALLTYPES)) { 1904 void *zacep = NULL; 1905 uint64_t who; 1906 uint32_t access_mask; 1907 uint16_t type, iflags; 1908 1909 while (zacep = zfs_acl_next_ace(aclp, zacep, 1910 &who, &access_mask, &iflags, &type)) { 1911 switch (type) { 1912 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 1913 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 1914 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 1915 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 1916 largeace++; 1917 continue; 1918 default: 1919 count++; 1920 } 1921 } 1922 vsecp->vsa_aclcnt = count; 1923 } else 1924 count = aclp->z_acl_count; 1925 1926 if (mask & VSA_ACECNT) { 1927 vsecp->vsa_aclcnt = count; 1928 } 1929 1930 if (mask & VSA_ACE) { 1931 size_t aclsz; 1932 1933 zfs_acl_node_t *aclnode = list_head(&aclp->z_acl); 1934 1935 aclsz = count * sizeof (ace_t) + 1936 sizeof (ace_object_t) * largeace; 1937 1938 vsecp->vsa_aclentp = kmem_alloc(aclsz, KM_SLEEP); 1939 vsecp->vsa_aclentsz = aclsz; 1940 1941 if (aclp->z_version == ZFS_ACL_VERSION_FUID) 1942 zfs_copy_fuid_2_ace(zp->z_zfsvfs, aclp, cr, 1943 vsecp->vsa_aclentp, !(mask & VSA_ACE_ALLTYPES)); 1944 else { 1945 bcopy(aclnode->z_acldata, vsecp->vsa_aclentp, 1946 count * sizeof (ace_t)); 1947 } 1948 } 1949 if (mask & VSA_ACE_ACLFLAGS) { 1950 vsecp->vsa_aclflags = 0; 1951 if (zp->z_phys->zp_flags & ZFS_ACL_DEFAULTED) 1952 vsecp->vsa_aclflags |= ACL_DEFAULTED; 1953 if (zp->z_phys->zp_flags & ZFS_ACL_PROTECTED) 1954 vsecp->vsa_aclflags |= ACL_PROTECTED; 1955 if (zp->z_phys->zp_flags & ZFS_ACL_AUTO_INHERIT) 1956 vsecp->vsa_aclflags |= ACL_AUTO_INHERIT; 1957 } 1958 1959 mutex_exit(&zp->z_acl_lock); 1960 1961 zfs_acl_free(aclp); 1962 1963 return (0); 1964 } 1965 1966 int 1967 zfs_vsec_2_aclp(zfsvfs_t *zfsvfs, vtype_t obj_type, 1968 vsecattr_t *vsecp, zfs_acl_t **zaclp) 1969 { 1970 zfs_acl_t *aclp; 1971 zfs_acl_node_t *aclnode; 1972 int aclcnt = vsecp->vsa_aclcnt; 1973 int error; 1974 1975 if (vsecp->vsa_aclcnt > MAX_ACL_ENTRIES || vsecp->vsa_aclcnt <= 0) 1976 return (EINVAL); 1977 1978 aclp = zfs_acl_alloc(zfs_acl_version(zfsvfs->z_version)); 1979 1980 aclp->z_hints = 0; 1981 aclnode = zfs_acl_node_alloc(aclcnt * sizeof (zfs_object_ace_t)); 1982 if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) { 1983 if ((error = zfs_copy_ace_2_oldace(obj_type, aclp, 1984 (ace_t *)vsecp->vsa_aclentp, aclnode->z_acldata, 1985 aclcnt, &aclnode->z_size)) != 0) { 1986 zfs_acl_free(aclp); 1987 zfs_acl_node_free(aclnode); 1988 return (error); 1989 } 1990 } else { 1991 if ((error = zfs_copy_ace_2_fuid(obj_type, aclp, 1992 vsecp->vsa_aclentp, aclnode->z_acldata, aclcnt, 1993 &aclnode->z_size)) != 0) { 1994 zfs_acl_free(aclp); 1995 zfs_acl_node_free(aclnode); 1996 return (error); 1997 } 1998 } 1999 aclp->z_acl_bytes = aclnode->z_size; 2000 aclnode->z_ace_count = aclcnt; 2001 aclp->z_acl_count = aclcnt; 2002 list_insert_head(&aclp->z_acl, aclnode); 2003 2004 /* 2005 * If flags are being set then add them to z_hints 2006 */ 2007 if (vsecp->vsa_mask & VSA_ACE_ACLFLAGS) { 2008 if (vsecp->vsa_aclflags & ACL_PROTECTED) 2009 aclp->z_hints |= ZFS_ACL_PROTECTED; 2010 if (vsecp->vsa_aclflags & ACL_DEFAULTED) 2011 aclp->z_hints |= ZFS_ACL_DEFAULTED; 2012 if (vsecp->vsa_aclflags & ACL_AUTO_INHERIT) 2013 aclp->z_hints |= ZFS_ACL_AUTO_INHERIT; 2014 } 2015 2016 *zaclp = aclp; 2017 2018 return (0); 2019 } 2020 2021 /* 2022 * Set a files ACL 2023 */ 2024 int 2025 zfs_setacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr) 2026 { 2027 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 2028 zilog_t *zilog = zfsvfs->z_log; 2029 ulong_t mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT); 2030 dmu_tx_t *tx; 2031 int error; 2032 zfs_acl_t *aclp; 2033 zfs_fuid_info_t *fuidp = NULL; 2034 2035 if (mask == 0) 2036 return (ENOSYS); 2037 2038 if (zp->z_phys->zp_flags & ZFS_IMMUTABLE) 2039 return (EPERM); 2040 2041 if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr)) 2042 return (error); 2043 2044 error = zfs_vsec_2_aclp(zfsvfs, ZTOV(zp)->v_type, vsecp, &aclp); 2045 if (error) 2046 return (error); 2047 2048 /* 2049 * If ACL wide flags aren't being set then preserve any 2050 * existing flags. 2051 */ 2052 if (!(vsecp->vsa_mask & VSA_ACE_ACLFLAGS)) { 2053 aclp->z_hints |= (zp->z_phys->zp_flags & V4_ACL_WIDE_FLAGS); 2054 } 2055 top: 2056 if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr)) { 2057 zfs_acl_free(aclp); 2058 return (error); 2059 } 2060 2061 mutex_enter(&zp->z_lock); 2062 mutex_enter(&zp->z_acl_lock); 2063 2064 tx = dmu_tx_create(zfsvfs->z_os); 2065 dmu_tx_hold_bonus(tx, zp->z_id); 2066 2067 if (zp->z_phys->zp_acl.z_acl_extern_obj) { 2068 /* Are we upgrading ACL? */ 2069 if (zfsvfs->z_version <= ZPL_VERSION_FUID && 2070 zp->z_phys->zp_acl.z_acl_version == 2071 ZFS_ACL_VERSION_INITIAL) { 2072 dmu_tx_hold_free(tx, 2073 zp->z_phys->zp_acl.z_acl_extern_obj, 2074 0, DMU_OBJECT_END); 2075 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 2076 0, sizeof (zfs_object_ace_t) * 2048 + 6); 2077 } else { 2078 dmu_tx_hold_write(tx, 2079 zp->z_phys->zp_acl.z_acl_extern_obj, 2080 0, aclp->z_acl_bytes); 2081 } 2082 } else if (aclp->z_acl_bytes > ZFS_ACE_SPACE) { 2083 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, aclp->z_acl_bytes); 2084 } 2085 if (zfsvfs->z_fuid_obj == 0) { 2086 dmu_tx_hold_bonus(tx, DMU_NEW_OBJECT); 2087 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, 2088 SPA_MAXBLOCKSIZE); 2089 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, FALSE, NULL); 2090 } else { 2091 dmu_tx_hold_bonus(tx, zfsvfs->z_fuid_obj); 2092 dmu_tx_hold_write(tx, zfsvfs->z_fuid_obj, 0, 2093 SPA_MAXBLOCKSIZE); 2094 } 2095 2096 error = dmu_tx_assign(tx, zfsvfs->z_assign); 2097 if (error) { 2098 mutex_exit(&zp->z_acl_lock); 2099 mutex_exit(&zp->z_lock); 2100 2101 if (error == ERESTART && zfsvfs->z_assign == TXG_NOWAIT) { 2102 dmu_tx_wait(tx); 2103 dmu_tx_abort(tx); 2104 goto top; 2105 } 2106 dmu_tx_abort(tx); 2107 zfs_acl_free(aclp); 2108 return (error); 2109 } 2110 2111 error = zfs_aclset_common(zp, aclp, cr, &fuidp, tx); 2112 ASSERT(error == 0); 2113 2114 zfs_log_acl(zilog, tx, zp, vsecp, fuidp); 2115 2116 if (fuidp) 2117 zfs_fuid_info_free(fuidp); 2118 zfs_acl_free(aclp); 2119 dmu_tx_commit(tx); 2120 done: 2121 mutex_exit(&zp->z_acl_lock); 2122 mutex_exit(&zp->z_lock); 2123 2124 return (error); 2125 } 2126 2127 /* 2128 * working_mode returns the permissions that were not granted 2129 */ 2130 static int 2131 zfs_zaccess_common(znode_t *zp, uint32_t v4_mode, uint32_t *working_mode, 2132 boolean_t *check_privs, boolean_t skipaclchk, cred_t *cr) 2133 { 2134 zfs_acl_t *aclp; 2135 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 2136 int error; 2137 int access_deny = ACCESS_UNDETERMINED; 2138 uid_t uid = crgetuid(cr); 2139 uint64_t who; 2140 uint16_t type, iflags; 2141 uint16_t entry_type; 2142 uint32_t access_mask; 2143 zfs_ace_hdr_t *acep = NULL; 2144 boolean_t checkit; 2145 uid_t fowner; 2146 uid_t gowner; 2147 2148 /* 2149 * Short circuit empty requests 2150 */ 2151 if (v4_mode == 0) 2152 return (0); 2153 2154 *check_privs = B_TRUE; 2155 2156 if (zfsvfs->z_assign >= TXG_INITIAL) { /* ZIL replay */ 2157 *working_mode = 0; 2158 return (0); 2159 } 2160 2161 *working_mode = v4_mode; 2162 2163 if ((v4_mode & WRITE_MASK) && 2164 (zp->z_zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) && 2165 (!IS_DEVVP(ZTOV(zp)))) { 2166 *check_privs = B_FALSE; 2167 return (EROFS); 2168 } 2169 2170 /* 2171 * Only check for READONLY on non-directories. 2172 */ 2173 if ((v4_mode & WRITE_MASK_DATA) && 2174 (((ZTOV(zp)->v_type != VDIR) && 2175 (zp->z_phys->zp_flags & (ZFS_READONLY | ZFS_IMMUTABLE))) || 2176 (ZTOV(zp)->v_type == VDIR && 2177 (zp->z_phys->zp_flags & ZFS_IMMUTABLE)))) { 2178 *check_privs = B_FALSE; 2179 return (EPERM); 2180 } 2181 2182 if ((v4_mode & (ACE_DELETE | ACE_DELETE_CHILD)) && 2183 (zp->z_phys->zp_flags & ZFS_NOUNLINK)) { 2184 *check_privs = B_FALSE; 2185 return (EPERM); 2186 } 2187 2188 if (((v4_mode & (ACE_READ_DATA|ACE_EXECUTE)) && 2189 (zp->z_phys->zp_flags & ZFS_AV_QUARANTINED))) { 2190 *check_privs = B_FALSE; 2191 return (EACCES); 2192 } 2193 2194 /* 2195 * The caller requested that the ACL check be skipped. This 2196 * would only happen if the caller checked VOP_ACCESS() with a 2197 * 32 bit ACE mask and already had the appropriate permissions. 2198 */ 2199 if (skipaclchk) { 2200 *working_mode = 0; 2201 return (0); 2202 } 2203 2204 zfs_fuid_map_ids(zp, cr, &fowner, &gowner); 2205 2206 mutex_enter(&zp->z_acl_lock); 2207 2208 error = zfs_acl_node_read(zp, &aclp, B_FALSE); 2209 if (error != 0) { 2210 mutex_exit(&zp->z_acl_lock); 2211 return (error); 2212 } 2213 2214 while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask, 2215 &iflags, &type)) { 2216 2217 if (iflags & ACE_INHERIT_ONLY_ACE) 2218 continue; 2219 2220 entry_type = (iflags & ACE_TYPE_FLAGS); 2221 2222 checkit = B_FALSE; 2223 2224 switch (entry_type) { 2225 case ACE_OWNER: 2226 if (uid == fowner) 2227 checkit = B_TRUE; 2228 break; 2229 case OWNING_GROUP: 2230 who = gowner; 2231 /*FALLTHROUGH*/ 2232 case ACE_IDENTIFIER_GROUP: 2233 checkit = zfs_groupmember(zfsvfs, who, cr); 2234 break; 2235 case ACE_EVERYONE: 2236 checkit = B_TRUE; 2237 break; 2238 2239 /* USER Entry */ 2240 default: 2241 if (entry_type == 0) { 2242 uid_t newid; 2243 2244 zfs_fuid_map_id(zfsvfs, who, cr, 2245 ZFS_ACE_USER, &newid); 2246 if (newid != IDMAP_WK_CREATOR_OWNER_UID && 2247 uid == newid) 2248 checkit = B_TRUE; 2249 break; 2250 } else { 2251 zfs_acl_free(aclp); 2252 mutex_exit(&zp->z_acl_lock); 2253 return (EIO); 2254 } 2255 } 2256 2257 if (checkit) { 2258 if (access_mask & *working_mode) { 2259 if (type == ALLOW) { 2260 *working_mode &= 2261 ~(*working_mode & access_mask); 2262 if (*working_mode == 0) { 2263 access_deny = 0; 2264 } 2265 } else if (type == DENY) { 2266 access_deny = EACCES; 2267 } 2268 } 2269 } 2270 2271 if (access_deny != ACCESS_UNDETERMINED) 2272 break; 2273 } 2274 2275 mutex_exit(&zp->z_acl_lock); 2276 zfs_acl_free(aclp); 2277 out: 2278 return (access_deny); 2279 } 2280 2281 static int 2282 zfs_zaccess_append(znode_t *zp, uint32_t *working_mode, boolean_t *check_privs, 2283 cred_t *cr) 2284 { 2285 if (*working_mode != ACE_WRITE_DATA) 2286 return (EACCES); 2287 2288 return (zfs_zaccess_common(zp, ACE_APPEND_DATA, working_mode, 2289 check_privs, B_FALSE, cr)); 2290 } 2291 2292 /* 2293 * Determine whether Access should be granted/denied, invoking least 2294 * priv subsytem when a deny is determined. 2295 */ 2296 int 2297 zfs_zaccess(znode_t *zp, int mode, int flags, boolean_t skipaclchk, cred_t *cr) 2298 { 2299 uint32_t working_mode; 2300 int error; 2301 int is_attr; 2302 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 2303 boolean_t check_privs; 2304 znode_t *xzp; 2305 znode_t *check_zp = zp; 2306 2307 is_attr = ((zp->z_phys->zp_flags & ZFS_XATTR) && 2308 (ZTOV(zp)->v_type == VDIR)); 2309 2310 /* 2311 * If attribute then validate against base file 2312 */ 2313 if (is_attr) { 2314 if ((error = zfs_zget(zp->z_zfsvfs, 2315 zp->z_phys->zp_parent, &xzp)) != 0) { 2316 return (error); 2317 } 2318 2319 check_zp = xzp; 2320 2321 /* 2322 * fixup mode to map to xattr perms 2323 */ 2324 2325 if (mode & (ACE_WRITE_DATA|ACE_APPEND_DATA)) { 2326 mode &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA); 2327 mode |= ACE_WRITE_NAMED_ATTRS; 2328 } 2329 2330 if (mode & (ACE_READ_DATA|ACE_EXECUTE)) { 2331 mode &= ~(ACE_READ_DATA|ACE_EXECUTE); 2332 mode |= ACE_READ_NAMED_ATTRS; 2333 } 2334 } 2335 2336 if ((error = zfs_zaccess_common(check_zp, mode, &working_mode, 2337 &check_privs, skipaclchk, cr)) == 0) { 2338 if (is_attr) 2339 VN_RELE(ZTOV(xzp)); 2340 return (0); 2341 } 2342 2343 if (error && check_privs == B_FALSE) { 2344 if (is_attr) 2345 VN_RELE(ZTOV(xzp)); 2346 return (error); 2347 } 2348 2349 if (error && (flags & V_APPEND)) { 2350 error = zfs_zaccess_append(zp, &working_mode, &check_privs, cr); 2351 } 2352 2353 if (error && check_privs) { 2354 uid_t owner; 2355 mode_t checkmode = 0; 2356 2357 zfs_fuid_map_id(zfsvfs, check_zp->z_phys->zp_uid, cr, 2358 ZFS_OWNER, &owner); 2359 2360 /* 2361 * First check for implicit owner permission on 2362 * read_acl/read_attributes 2363 */ 2364 2365 error = 0; 2366 ASSERT(working_mode != 0); 2367 2368 if ((working_mode & (ACE_READ_ACL|ACE_READ_ATTRIBUTES) && 2369 owner == crgetuid(cr))) 2370 working_mode &= ~(ACE_READ_ACL|ACE_READ_ATTRIBUTES); 2371 2372 if (working_mode & (ACE_READ_DATA|ACE_READ_NAMED_ATTRS| 2373 ACE_READ_ACL|ACE_READ_ATTRIBUTES)) 2374 checkmode |= VREAD; 2375 if (working_mode & (ACE_WRITE_DATA|ACE_WRITE_NAMED_ATTRS| 2376 ACE_APPEND_DATA|ACE_WRITE_ATTRIBUTES)) 2377 checkmode |= VWRITE; 2378 if (working_mode & ACE_EXECUTE) 2379 checkmode |= VEXEC; 2380 2381 if (checkmode) 2382 error = secpolicy_vnode_access(cr, ZTOV(check_zp), 2383 owner, checkmode); 2384 2385 if (error == 0 && (working_mode & ACE_WRITE_OWNER)) 2386 error = secpolicy_vnode_create_gid(cr); 2387 if (error == 0 && (working_mode & ACE_WRITE_ACL)) 2388 error = secpolicy_vnode_setdac(cr, owner); 2389 2390 if (error == 0 && (working_mode & 2391 (ACE_DELETE|ACE_DELETE_CHILD))) 2392 error = secpolicy_vnode_remove(cr); 2393 2394 if (error == 0 && (working_mode & ACE_SYNCHRONIZE)) 2395 error = secpolicy_vnode_owner(cr, owner); 2396 2397 if (error == 0) { 2398 /* 2399 * See if any bits other than those already checked 2400 * for are still present. If so then return EACCES 2401 */ 2402 if (working_mode & ~(ZFS_CHECKED_MASKS)) { 2403 error = EACCES; 2404 } 2405 } 2406 } 2407 2408 if (is_attr) 2409 VN_RELE(ZTOV(xzp)); 2410 2411 return (error); 2412 } 2413 2414 /* 2415 * Translate traditional unix VREAD/VWRITE/VEXEC mode into 2416 * native ACL format and call zfs_zaccess() 2417 */ 2418 int 2419 zfs_zaccess_rwx(znode_t *zp, mode_t mode, int flags, cred_t *cr) 2420 { 2421 return (zfs_zaccess(zp, zfs_unix_to_v4(mode >> 6), flags, B_FALSE, cr)); 2422 } 2423 2424 /* 2425 * Access function for secpolicy_vnode_setattr 2426 */ 2427 int 2428 zfs_zaccess_unix(znode_t *zp, mode_t mode, cred_t *cr) 2429 { 2430 int v4_mode = zfs_unix_to_v4(mode >> 6); 2431 2432 return (zfs_zaccess(zp, v4_mode, 0, B_FALSE, cr)); 2433 } 2434 2435 static int 2436 zfs_delete_final_check(znode_t *zp, znode_t *dzp, cred_t *cr) 2437 { 2438 int error; 2439 uid_t downer; 2440 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 2441 2442 zfs_fuid_map_id(zfsvfs, dzp->z_phys->zp_uid, cr, ZFS_OWNER, &downer); 2443 2444 error = secpolicy_vnode_access(cr, ZTOV(zp), downer, S_IWRITE|S_IEXEC); 2445 2446 if (error == 0) 2447 error = zfs_sticky_remove_access(dzp, zp, cr); 2448 2449 return (error); 2450 } 2451 2452 /* 2453 * Determine whether Access should be granted/deny, without 2454 * consulting least priv subsystem. 2455 * 2456 * 2457 * The following chart is the recommended NFSv4 enforcement for 2458 * ability to delete an object. 2459 * 2460 * ------------------------------------------------------- 2461 * | Parent Dir | Target Object Permissions | 2462 * | permissions | | 2463 * ------------------------------------------------------- 2464 * | | ACL Allows | ACL Denies| Delete | 2465 * | | Delete | Delete | unspecified| 2466 * ------------------------------------------------------- 2467 * | ACL Allows | Permit | Permit | Permit | 2468 * | DELETE_CHILD | | 2469 * ------------------------------------------------------- 2470 * | ACL Denies | Permit | Deny | Deny | 2471 * | DELETE_CHILD | | | | 2472 * ------------------------------------------------------- 2473 * | ACL specifies | | | | 2474 * | only allow | Permit | Permit | Permit | 2475 * | write and | | | | 2476 * | execute | | | | 2477 * ------------------------------------------------------- 2478 * | ACL denies | | | | 2479 * | write and | Permit | Deny | Deny | 2480 * | execute | | | | 2481 * ------------------------------------------------------- 2482 * ^ 2483 * | 2484 * No search privilege, can't even look up file? 2485 * 2486 */ 2487 int 2488 zfs_zaccess_delete(znode_t *dzp, znode_t *zp, cred_t *cr) 2489 { 2490 uint32_t dzp_working_mode = 0; 2491 uint32_t zp_working_mode = 0; 2492 int dzp_error, zp_error; 2493 boolean_t dzpcheck_privs = B_TRUE; 2494 boolean_t zpcheck_privs = B_TRUE; 2495 2496 /* 2497 * Arghh, this check is going to require a couple of questions 2498 * to be asked. We want specific DELETE permissions to 2499 * take precedence over WRITE/EXECUTE. We don't 2500 * want an ACL such as this to mess us up. 2501 * user:joe:write_data:deny,user:joe:delete:allow 2502 * 2503 * However, deny permissions may ultimately be overridden 2504 * by secpolicy_vnode_access(). 2505 */ 2506 2507 if (zp->z_phys->zp_flags & (ZFS_IMMUTABLE | ZFS_NOUNLINK)) 2508 return (EPERM); 2509 2510 dzp_error = zfs_zaccess_common(dzp, ACE_DELETE_CHILD, 2511 &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr); 2512 zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode, 2513 &zpcheck_privs, B_FALSE, cr); 2514 2515 if ((dzp_error && dzpcheck_privs == B_FALSE) || 2516 (zp_error && zpcheck_privs == B_FALSE)) 2517 return (dzp_error); 2518 2519 /* 2520 * First check the first row. 2521 * We only need to see if parent Allows delete_child 2522 */ 2523 if ((dzp_working_mode & ACE_DELETE_CHILD) == 0) 2524 return (0); 2525 2526 /* 2527 * Second row 2528 * we already have the necessary information in 2529 * zp_working_mode, zp_error and dzp_error. 2530 */ 2531 2532 if ((zp_working_mode & ACE_DELETE) == 0) 2533 return (0); 2534 2535 /* 2536 * Now zp_error should either be EACCES which indicates 2537 * a "deny" delete entry or ACCESS_UNDETERMINED if the "delete" 2538 * entry exists on the target. 2539 * 2540 * dzp_error should be either EACCES which indicates a "deny" 2541 * entry for delete_child or ACCESS_UNDETERMINED if no delete_child 2542 * entry exists. If value is EACCES then we are done 2543 * and zfs_delete_final_check() will make the final decision 2544 * regarding to allow the delete. 2545 */ 2546 2547 ASSERT(zp_error != 0 && dzp_error != 0); 2548 if (dzp_error == EACCES) 2549 return (zfs_delete_final_check(zp, dzp, cr)); 2550 2551 /* 2552 * Third Row 2553 * Only need to check for write/execute on parent 2554 */ 2555 2556 dzp_error = zfs_zaccess_common(dzp, ACE_WRITE_DATA|ACE_EXECUTE, 2557 &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr); 2558 2559 if (dzp_error && dzpcheck_privs == B_FALSE) 2560 return (dzp_error); 2561 2562 if ((dzp_working_mode & (ACE_WRITE_DATA|ACE_EXECUTE)) == 0) 2563 return (zfs_sticky_remove_access(dzp, zp, cr)); 2564 2565 /* 2566 * Fourth Row 2567 */ 2568 2569 if (((dzp_working_mode & (ACE_WRITE_DATA|ACE_EXECUTE)) != 0) && 2570 ((zp_working_mode & ACE_DELETE) == 0)) 2571 return (zfs_sticky_remove_access(dzp, zp, cr)); 2572 2573 return (zfs_delete_final_check(zp, dzp, cr)); 2574 } 2575 2576 int 2577 zfs_zaccess_rename(znode_t *sdzp, znode_t *szp, znode_t *tdzp, 2578 znode_t *tzp, cred_t *cr) 2579 { 2580 int add_perm; 2581 int error; 2582 2583 if (szp->z_phys->zp_flags & ZFS_AV_QUARANTINED) 2584 return (EACCES); 2585 2586 add_perm = (ZTOV(szp)->v_type == VDIR) ? 2587 ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE; 2588 2589 /* 2590 * Rename permissions are combination of delete permission + 2591 * add file/subdir permission. 2592 */ 2593 2594 /* 2595 * first make sure we do the delete portion. 2596 * 2597 * If that succeeds then check for add_file/add_subdir permissions 2598 */ 2599 2600 if (error = zfs_zaccess_delete(sdzp, szp, cr)) 2601 return (error); 2602 2603 /* 2604 * If we have a tzp, see if we can delete it? 2605 */ 2606 if (tzp) { 2607 if (error = zfs_zaccess_delete(tdzp, tzp, cr)) 2608 return (error); 2609 } 2610 2611 /* 2612 * Now check for add permissions 2613 */ 2614 error = zfs_zaccess(tdzp, add_perm, 0, B_FALSE, cr); 2615 2616 return (error); 2617 } 2618