1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/types.h> 29 #include <sys/param.h> 30 #include <sys/time.h> 31 #include <sys/systm.h> 32 #include <sys/sysmacros.h> 33 #include <sys/resource.h> 34 #include <sys/vfs.h> 35 #include <sys/vnode.h> 36 #include <sys/sid.h> 37 #include <sys/file.h> 38 #include <sys/stat.h> 39 #include <sys/kmem.h> 40 #include <sys/cmn_err.h> 41 #include <sys/errno.h> 42 #include <sys/unistd.h> 43 #include <sys/sdt.h> 44 #include <sys/fs/zfs.h> 45 #include <sys/mode.h> 46 #include <sys/policy.h> 47 #include <sys/zfs_znode.h> 48 #include <sys/zfs_fuid.h> 49 #include <sys/zfs_acl.h> 50 #include <sys/zfs_dir.h> 51 #include <sys/zfs_vfsops.h> 52 #include <sys/dmu.h> 53 #include <sys/dnode.h> 54 #include <sys/zap.h> 55 #include "fs/fs_subr.h" 56 #include <acl/acl_common.h> 57 58 #define ALLOW ACE_ACCESS_ALLOWED_ACE_TYPE 59 #define DENY ACE_ACCESS_DENIED_ACE_TYPE 60 #define MAX_ACE_TYPE ACE_SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 61 62 #define OWNING_GROUP (ACE_GROUP|ACE_IDENTIFIER_GROUP) 63 #define EVERYONE_ALLOW_MASK (ACE_READ_ACL|ACE_READ_ATTRIBUTES | \ 64 ACE_READ_NAMED_ATTRS|ACE_SYNCHRONIZE) 65 #define EVERYONE_DENY_MASK (ACE_WRITE_ACL|ACE_WRITE_OWNER | \ 66 ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS) 67 #define OWNER_ALLOW_MASK (ACE_WRITE_ACL | ACE_WRITE_OWNER | \ 68 ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS) 69 #define WRITE_MASK_DATA (ACE_WRITE_DATA|ACE_APPEND_DATA|ACE_WRITE_NAMED_ATTRS) 70 71 #define ZFS_CHECKED_MASKS (ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_DATA| \ 72 ACE_READ_NAMED_ATTRS|ACE_WRITE_DATA|ACE_WRITE_ATTRIBUTES| \ 73 ACE_WRITE_NAMED_ATTRS|ACE_APPEND_DATA|ACE_EXECUTE|ACE_WRITE_OWNER| \ 74 ACE_WRITE_ACL|ACE_DELETE|ACE_DELETE_CHILD|ACE_SYNCHRONIZE) 75 76 #define WRITE_MASK (WRITE_MASK_DATA|ACE_WRITE_ATTRIBUTES|ACE_WRITE_ACL|\ 77 ACE_WRITE_OWNER) 78 79 #define OGE_CLEAR (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ 80 ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE) 81 82 #define OKAY_MASK_BITS (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \ 83 ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE) 84 85 #define ALL_INHERIT (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE | \ 86 ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE|ACE_INHERITED_ACE) 87 88 #define RESTRICTED_CLEAR (ACE_WRITE_ACL|ACE_WRITE_OWNER) 89 90 #define V4_ACL_WIDE_FLAGS (ZFS_ACL_AUTO_INHERIT|ZFS_ACL_DEFAULTED|\ 91 ZFS_ACL_PROTECTED) 92 93 #define ZFS_ACL_WIDE_FLAGS (V4_ACL_WIDE_FLAGS|ZFS_ACL_TRIVIAL|ZFS_INHERIT_ACE|\ 94 ZFS_ACL_OBJ_ACE) 95 96 static uint16_t 97 zfs_ace_v0_get_type(void *acep) 98 { 99 return (((zfs_oldace_t *)acep)->z_type); 100 } 101 102 static uint16_t 103 zfs_ace_v0_get_flags(void *acep) 104 { 105 return (((zfs_oldace_t *)acep)->z_flags); 106 } 107 108 static uint32_t 109 zfs_ace_v0_get_mask(void *acep) 110 { 111 return (((zfs_oldace_t *)acep)->z_access_mask); 112 } 113 114 static uint64_t 115 zfs_ace_v0_get_who(void *acep) 116 { 117 return (((zfs_oldace_t *)acep)->z_fuid); 118 } 119 120 static void 121 zfs_ace_v0_set_type(void *acep, uint16_t type) 122 { 123 ((zfs_oldace_t *)acep)->z_type = type; 124 } 125 126 static void 127 zfs_ace_v0_set_flags(void *acep, uint16_t flags) 128 { 129 ((zfs_oldace_t *)acep)->z_flags = flags; 130 } 131 132 static void 133 zfs_ace_v0_set_mask(void *acep, uint32_t mask) 134 { 135 ((zfs_oldace_t *)acep)->z_access_mask = mask; 136 } 137 138 static void 139 zfs_ace_v0_set_who(void *acep, uint64_t who) 140 { 141 ((zfs_oldace_t *)acep)->z_fuid = who; 142 } 143 144 /*ARGSUSED*/ 145 static size_t 146 zfs_ace_v0_size(void *acep) 147 { 148 return (sizeof (zfs_oldace_t)); 149 } 150 151 static size_t 152 zfs_ace_v0_abstract_size(void) 153 { 154 return (sizeof (zfs_oldace_t)); 155 } 156 157 static int 158 zfs_ace_v0_mask_off(void) 159 { 160 return (offsetof(zfs_oldace_t, z_access_mask)); 161 } 162 163 /*ARGSUSED*/ 164 static int 165 zfs_ace_v0_data(void *acep, void **datap) 166 { 167 *datap = NULL; 168 return (0); 169 } 170 171 static acl_ops_t zfs_acl_v0_ops = { 172 zfs_ace_v0_get_mask, 173 zfs_ace_v0_set_mask, 174 zfs_ace_v0_get_flags, 175 zfs_ace_v0_set_flags, 176 zfs_ace_v0_get_type, 177 zfs_ace_v0_set_type, 178 zfs_ace_v0_get_who, 179 zfs_ace_v0_set_who, 180 zfs_ace_v0_size, 181 zfs_ace_v0_abstract_size, 182 zfs_ace_v0_mask_off, 183 zfs_ace_v0_data 184 }; 185 186 static uint16_t 187 zfs_ace_fuid_get_type(void *acep) 188 { 189 return (((zfs_ace_hdr_t *)acep)->z_type); 190 } 191 192 static uint16_t 193 zfs_ace_fuid_get_flags(void *acep) 194 { 195 return (((zfs_ace_hdr_t *)acep)->z_flags); 196 } 197 198 static uint32_t 199 zfs_ace_fuid_get_mask(void *acep) 200 { 201 return (((zfs_ace_hdr_t *)acep)->z_access_mask); 202 } 203 204 static uint64_t 205 zfs_ace_fuid_get_who(void *args) 206 { 207 uint16_t entry_type; 208 zfs_ace_t *acep = args; 209 210 entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS; 211 212 if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP || 213 entry_type == ACE_EVERYONE) 214 return (-1); 215 return (((zfs_ace_t *)acep)->z_fuid); 216 } 217 218 static void 219 zfs_ace_fuid_set_type(void *acep, uint16_t type) 220 { 221 ((zfs_ace_hdr_t *)acep)->z_type = type; 222 } 223 224 static void 225 zfs_ace_fuid_set_flags(void *acep, uint16_t flags) 226 { 227 ((zfs_ace_hdr_t *)acep)->z_flags = flags; 228 } 229 230 static void 231 zfs_ace_fuid_set_mask(void *acep, uint32_t mask) 232 { 233 ((zfs_ace_hdr_t *)acep)->z_access_mask = mask; 234 } 235 236 static void 237 zfs_ace_fuid_set_who(void *arg, uint64_t who) 238 { 239 zfs_ace_t *acep = arg; 240 241 uint16_t entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS; 242 243 if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP || 244 entry_type == ACE_EVERYONE) 245 return; 246 acep->z_fuid = who; 247 } 248 249 static size_t 250 zfs_ace_fuid_size(void *acep) 251 { 252 zfs_ace_hdr_t *zacep = acep; 253 uint16_t entry_type; 254 255 switch (zacep->z_type) { 256 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 257 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 258 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 259 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 260 return (sizeof (zfs_object_ace_t)); 261 case ALLOW: 262 case DENY: 263 entry_type = 264 (((zfs_ace_hdr_t *)acep)->z_flags & ACE_TYPE_FLAGS); 265 if (entry_type == ACE_OWNER || 266 entry_type == (ACE_GROUP | ACE_IDENTIFIER_GROUP) || 267 entry_type == ACE_EVERYONE) 268 return (sizeof (zfs_ace_hdr_t)); 269 /*FALLTHROUGH*/ 270 default: 271 return (sizeof (zfs_ace_t)); 272 } 273 } 274 275 static size_t 276 zfs_ace_fuid_abstract_size(void) 277 { 278 return (sizeof (zfs_ace_hdr_t)); 279 } 280 281 static int 282 zfs_ace_fuid_mask_off(void) 283 { 284 return (offsetof(zfs_ace_hdr_t, z_access_mask)); 285 } 286 287 static int 288 zfs_ace_fuid_data(void *acep, void **datap) 289 { 290 zfs_ace_t *zacep = acep; 291 zfs_object_ace_t *zobjp; 292 293 switch (zacep->z_hdr.z_type) { 294 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 295 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 296 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 297 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 298 zobjp = acep; 299 *datap = (caddr_t)zobjp + sizeof (zfs_ace_t); 300 return (sizeof (zfs_object_ace_t) - sizeof (zfs_ace_t)); 301 default: 302 *datap = NULL; 303 return (0); 304 } 305 } 306 307 static acl_ops_t zfs_acl_fuid_ops = { 308 zfs_ace_fuid_get_mask, 309 zfs_ace_fuid_set_mask, 310 zfs_ace_fuid_get_flags, 311 zfs_ace_fuid_set_flags, 312 zfs_ace_fuid_get_type, 313 zfs_ace_fuid_set_type, 314 zfs_ace_fuid_get_who, 315 zfs_ace_fuid_set_who, 316 zfs_ace_fuid_size, 317 zfs_ace_fuid_abstract_size, 318 zfs_ace_fuid_mask_off, 319 zfs_ace_fuid_data 320 }; 321 322 static int 323 zfs_acl_version(int version) 324 { 325 if (version < ZPL_VERSION_FUID) 326 return (ZFS_ACL_VERSION_INITIAL); 327 else 328 return (ZFS_ACL_VERSION_FUID); 329 } 330 331 static int 332 zfs_acl_version_zp(znode_t *zp) 333 { 334 return (zfs_acl_version(zp->z_zfsvfs->z_version)); 335 } 336 337 static zfs_acl_t * 338 zfs_acl_alloc(int vers) 339 { 340 zfs_acl_t *aclp; 341 342 aclp = kmem_zalloc(sizeof (zfs_acl_t), KM_SLEEP); 343 list_create(&aclp->z_acl, sizeof (zfs_acl_node_t), 344 offsetof(zfs_acl_node_t, z_next)); 345 aclp->z_version = vers; 346 if (vers == ZFS_ACL_VERSION_FUID) 347 aclp->z_ops = zfs_acl_fuid_ops; 348 else 349 aclp->z_ops = zfs_acl_v0_ops; 350 return (aclp); 351 } 352 353 static zfs_acl_node_t * 354 zfs_acl_node_alloc(size_t bytes) 355 { 356 zfs_acl_node_t *aclnode; 357 358 aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP); 359 if (bytes) { 360 aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP); 361 aclnode->z_allocdata = aclnode->z_acldata; 362 aclnode->z_allocsize = bytes; 363 aclnode->z_size = bytes; 364 } 365 366 return (aclnode); 367 } 368 369 static void 370 zfs_acl_node_free(zfs_acl_node_t *aclnode) 371 { 372 if (aclnode->z_allocsize) 373 kmem_free(aclnode->z_allocdata, aclnode->z_allocsize); 374 kmem_free(aclnode, sizeof (zfs_acl_node_t)); 375 } 376 377 static void 378 zfs_acl_release_nodes(zfs_acl_t *aclp) 379 { 380 zfs_acl_node_t *aclnode; 381 382 while (aclnode = list_head(&aclp->z_acl)) { 383 list_remove(&aclp->z_acl, aclnode); 384 zfs_acl_node_free(aclnode); 385 } 386 aclp->z_acl_count = 0; 387 aclp->z_acl_bytes = 0; 388 } 389 390 void 391 zfs_acl_free(zfs_acl_t *aclp) 392 { 393 zfs_acl_release_nodes(aclp); 394 list_destroy(&aclp->z_acl); 395 kmem_free(aclp, sizeof (zfs_acl_t)); 396 } 397 398 static boolean_t 399 zfs_ace_valid(vtype_t obj_type, zfs_acl_t *aclp, uint16_t type, uint16_t iflags) 400 { 401 /* 402 * first check type of entry 403 */ 404 405 switch (iflags & ACE_TYPE_FLAGS) { 406 case ACE_OWNER: 407 case (ACE_IDENTIFIER_GROUP | ACE_GROUP): 408 case ACE_IDENTIFIER_GROUP: 409 case ACE_EVERYONE: 410 case 0: /* User entry */ 411 break; 412 default: 413 return (B_FALSE); 414 415 } 416 417 /* 418 * next check inheritance level flags 419 */ 420 421 if (type != ALLOW && type > MAX_ACE_TYPE) { 422 return (B_FALSE); 423 } 424 425 switch (type) { 426 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 427 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 428 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 429 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 430 if (aclp->z_version < ZFS_ACL_VERSION_FUID) 431 return (B_FALSE); 432 aclp->z_hints |= ZFS_ACL_OBJ_ACE; 433 } 434 435 /* 436 * Only directories should have inheritance flags. 437 */ 438 if (obj_type != VDIR && (iflags & 439 (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE| 440 ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE))) { 441 return (B_FALSE); 442 } 443 444 if (iflags & (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE)) 445 aclp->z_hints |= ZFS_INHERIT_ACE; 446 447 if (iflags & (ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) { 448 if ((iflags & (ACE_FILE_INHERIT_ACE| 449 ACE_DIRECTORY_INHERIT_ACE)) == 0) { 450 return (B_FALSE); 451 } 452 } 453 454 return (B_TRUE); 455 } 456 457 static void * 458 zfs_acl_next_ace(zfs_acl_t *aclp, void *start, uint64_t *who, 459 uint32_t *access_mask, uint16_t *iflags, uint16_t *type) 460 { 461 zfs_acl_node_t *aclnode; 462 463 if (start == NULL) { 464 aclnode = list_head(&aclp->z_acl); 465 if (aclnode == NULL) 466 return (NULL); 467 468 aclp->z_next_ace = aclnode->z_acldata; 469 aclp->z_curr_node = aclnode; 470 aclnode->z_ace_idx = 0; 471 } 472 473 aclnode = aclp->z_curr_node; 474 475 if (aclnode == NULL) 476 return (NULL); 477 478 if (aclnode->z_ace_idx >= aclnode->z_ace_count) { 479 aclnode = list_next(&aclp->z_acl, aclnode); 480 if (aclnode == NULL) 481 return (NULL); 482 else { 483 aclp->z_curr_node = aclnode; 484 aclnode->z_ace_idx = 0; 485 aclp->z_next_ace = aclnode->z_acldata; 486 } 487 } 488 489 if (aclnode->z_ace_idx < aclnode->z_ace_count) { 490 void *acep = aclp->z_next_ace; 491 *iflags = aclp->z_ops.ace_flags_get(acep); 492 *type = aclp->z_ops.ace_type_get(acep); 493 *access_mask = aclp->z_ops.ace_mask_get(acep); 494 *who = aclp->z_ops.ace_who_get(acep); 495 aclp->z_next_ace = (caddr_t)aclp->z_next_ace + 496 aclp->z_ops.ace_size(acep); 497 aclnode->z_ace_idx++; 498 return ((void *)acep); 499 } 500 return (NULL); 501 } 502 503 /*ARGSUSED*/ 504 static uint64_t 505 zfs_ace_walk(void *datap, uint64_t cookie, int aclcnt, 506 uint16_t *flags, uint16_t *type, uint32_t *mask) 507 { 508 zfs_acl_t *aclp = datap; 509 zfs_ace_hdr_t *acep = (zfs_ace_hdr_t *)(uintptr_t)cookie; 510 uint64_t who; 511 512 acep = zfs_acl_next_ace(aclp, acep, &who, mask, 513 flags, type); 514 return ((uint64_t)(uintptr_t)acep); 515 } 516 517 static zfs_acl_node_t * 518 zfs_acl_curr_node(zfs_acl_t *aclp) 519 { 520 ASSERT(aclp->z_curr_node); 521 return (aclp->z_curr_node); 522 } 523 524 /* 525 * Copy ACE to internal ZFS format. 526 * While processing the ACL each ACE will be validated for correctness. 527 * ACE FUIDs will be created later. 528 */ 529 int 530 zfs_copy_ace_2_fuid(vtype_t obj_type, zfs_acl_t *aclp, void *datap, 531 zfs_ace_t *z_acl, int aclcnt, size_t *size) 532 { 533 int i; 534 uint16_t entry_type; 535 zfs_ace_t *aceptr = z_acl; 536 ace_t *acep = datap; 537 zfs_object_ace_t *zobjacep; 538 ace_object_t *aceobjp; 539 540 for (i = 0; i != aclcnt; i++) { 541 aceptr->z_hdr.z_access_mask = acep->a_access_mask; 542 aceptr->z_hdr.z_flags = acep->a_flags; 543 aceptr->z_hdr.z_type = acep->a_type; 544 entry_type = aceptr->z_hdr.z_flags & ACE_TYPE_FLAGS; 545 if (entry_type != ACE_OWNER && entry_type != OWNING_GROUP && 546 entry_type != ACE_EVERYONE) { 547 if (!aclp->z_has_fuids) 548 aclp->z_has_fuids = IS_EPHEMERAL(acep->a_who); 549 aceptr->z_fuid = (uint64_t)acep->a_who; 550 } 551 552 /* 553 * Make sure ACE is valid 554 */ 555 if (zfs_ace_valid(obj_type, aclp, aceptr->z_hdr.z_type, 556 aceptr->z_hdr.z_flags) != B_TRUE) 557 return (EINVAL); 558 559 switch (acep->a_type) { 560 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 561 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 562 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 563 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 564 zobjacep = (zfs_object_ace_t *)aceptr; 565 aceobjp = (ace_object_t *)acep; 566 567 bcopy(aceobjp->a_obj_type, zobjacep->z_object_type, 568 sizeof (aceobjp->a_obj_type)); 569 bcopy(aceobjp->a_inherit_obj_type, 570 zobjacep->z_inherit_type, 571 sizeof (aceobjp->a_inherit_obj_type)); 572 acep = (ace_t *)((caddr_t)acep + sizeof (ace_object_t)); 573 break; 574 default: 575 acep = (ace_t *)((caddr_t)acep + sizeof (ace_t)); 576 } 577 578 aceptr = (zfs_ace_t *)((caddr_t)aceptr + 579 aclp->z_ops.ace_size(aceptr)); 580 } 581 582 *size = (caddr_t)aceptr - (caddr_t)z_acl; 583 584 return (0); 585 } 586 587 /* 588 * Copy ZFS ACEs to fixed size ace_t layout 589 */ 590 static void 591 zfs_copy_fuid_2_ace(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, cred_t *cr, 592 void *datap, int filter) 593 { 594 uint64_t who; 595 uint32_t access_mask; 596 uint16_t iflags, type; 597 zfs_ace_hdr_t *zacep = NULL; 598 ace_t *acep = datap; 599 ace_object_t *objacep; 600 zfs_object_ace_t *zobjacep; 601 size_t ace_size; 602 uint16_t entry_type; 603 604 while (zacep = zfs_acl_next_ace(aclp, zacep, 605 &who, &access_mask, &iflags, &type)) { 606 607 switch (type) { 608 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 609 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 610 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 611 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 612 if (filter) { 613 continue; 614 } 615 zobjacep = (zfs_object_ace_t *)zacep; 616 objacep = (ace_object_t *)acep; 617 bcopy(zobjacep->z_object_type, 618 objacep->a_obj_type, 619 sizeof (zobjacep->z_object_type)); 620 bcopy(zobjacep->z_inherit_type, 621 objacep->a_inherit_obj_type, 622 sizeof (zobjacep->z_inherit_type)); 623 ace_size = sizeof (ace_object_t); 624 break; 625 default: 626 ace_size = sizeof (ace_t); 627 break; 628 } 629 630 entry_type = (iflags & ACE_TYPE_FLAGS); 631 if ((entry_type != ACE_OWNER && 632 entry_type != (ACE_GROUP | ACE_IDENTIFIER_GROUP) && 633 entry_type != ACE_EVERYONE)) { 634 acep->a_who = zfs_fuid_map_id(zfsvfs, who, 635 cr, (entry_type & ACE_IDENTIFIER_GROUP) ? 636 ZFS_ACE_GROUP : ZFS_ACE_USER); 637 } else { 638 acep->a_who = (uid_t)(int64_t)who; 639 } 640 acep->a_access_mask = access_mask; 641 acep->a_flags = iflags; 642 acep->a_type = type; 643 acep = (ace_t *)((caddr_t)acep + ace_size); 644 } 645 } 646 647 static int 648 zfs_copy_ace_2_oldace(vtype_t obj_type, zfs_acl_t *aclp, ace_t *acep, 649 zfs_oldace_t *z_acl, int aclcnt, size_t *size) 650 { 651 int i; 652 zfs_oldace_t *aceptr = z_acl; 653 654 for (i = 0; i != aclcnt; i++, aceptr++) { 655 aceptr->z_access_mask = acep[i].a_access_mask; 656 aceptr->z_type = acep[i].a_type; 657 aceptr->z_flags = acep[i].a_flags; 658 aceptr->z_fuid = acep[i].a_who; 659 /* 660 * Make sure ACE is valid 661 */ 662 if (zfs_ace_valid(obj_type, aclp, aceptr->z_type, 663 aceptr->z_flags) != B_TRUE) 664 return (EINVAL); 665 } 666 *size = (caddr_t)aceptr - (caddr_t)z_acl; 667 return (0); 668 } 669 670 /* 671 * convert old ACL format to new 672 */ 673 void 674 zfs_acl_xform(znode_t *zp, zfs_acl_t *aclp) 675 { 676 zfs_oldace_t *oldaclp; 677 int i; 678 uint16_t type, iflags; 679 uint32_t access_mask; 680 uint64_t who; 681 void *cookie = NULL; 682 zfs_acl_node_t *newaclnode; 683 684 ASSERT(aclp->z_version == ZFS_ACL_VERSION_INITIAL); 685 /* 686 * First create the ACE in a contiguous piece of memory 687 * for zfs_copy_ace_2_fuid(). 688 * 689 * We only convert an ACL once, so this won't happen 690 * everytime. 691 */ 692 oldaclp = kmem_alloc(sizeof (zfs_oldace_t) * aclp->z_acl_count, 693 KM_SLEEP); 694 i = 0; 695 while (cookie = zfs_acl_next_ace(aclp, cookie, &who, 696 &access_mask, &iflags, &type)) { 697 oldaclp[i].z_flags = iflags; 698 oldaclp[i].z_type = type; 699 oldaclp[i].z_fuid = who; 700 oldaclp[i++].z_access_mask = access_mask; 701 } 702 703 newaclnode = zfs_acl_node_alloc(aclp->z_acl_count * 704 sizeof (zfs_object_ace_t)); 705 aclp->z_ops = zfs_acl_fuid_ops; 706 VERIFY(zfs_copy_ace_2_fuid(ZTOV(zp)->v_type, aclp, oldaclp, 707 newaclnode->z_acldata, aclp->z_acl_count, 708 &newaclnode->z_size) == 0); 709 newaclnode->z_ace_count = aclp->z_acl_count; 710 aclp->z_version = ZFS_ACL_VERSION; 711 kmem_free(oldaclp, aclp->z_acl_count * sizeof (zfs_oldace_t)); 712 713 /* 714 * Release all previous ACL nodes 715 */ 716 717 zfs_acl_release_nodes(aclp); 718 719 list_insert_head(&aclp->z_acl, newaclnode); 720 721 aclp->z_acl_bytes = newaclnode->z_size; 722 aclp->z_acl_count = newaclnode->z_ace_count; 723 724 } 725 726 /* 727 * Convert unix access mask to v4 access mask 728 */ 729 static uint32_t 730 zfs_unix_to_v4(uint32_t access_mask) 731 { 732 uint32_t new_mask = 0; 733 734 if (access_mask & S_IXOTH) 735 new_mask |= ACE_EXECUTE; 736 if (access_mask & S_IWOTH) 737 new_mask |= ACE_WRITE_DATA; 738 if (access_mask & S_IROTH) 739 new_mask |= ACE_READ_DATA; 740 return (new_mask); 741 } 742 743 static void 744 zfs_set_ace(zfs_acl_t *aclp, void *acep, uint32_t access_mask, 745 uint16_t access_type, uint64_t fuid, uint16_t entry_type) 746 { 747 uint16_t type = entry_type & ACE_TYPE_FLAGS; 748 749 aclp->z_ops.ace_mask_set(acep, access_mask); 750 aclp->z_ops.ace_type_set(acep, access_type); 751 aclp->z_ops.ace_flags_set(acep, entry_type); 752 if ((type != ACE_OWNER && type != (ACE_GROUP | ACE_IDENTIFIER_GROUP) && 753 type != ACE_EVERYONE)) 754 aclp->z_ops.ace_who_set(acep, fuid); 755 } 756 757 /* 758 * Determine mode of file based on ACL. 759 * Also, create FUIDs for any User/Group ACEs 760 */ 761 static uint64_t 762 zfs_mode_fuid_compute(znode_t *zp, zfs_acl_t *aclp, cred_t *cr, 763 zfs_fuid_info_t **fuidp, dmu_tx_t *tx) 764 { 765 int entry_type; 766 mode_t mode; 767 mode_t seen = 0; 768 zfs_ace_hdr_t *acep = NULL; 769 uint64_t who; 770 uint16_t iflags, type; 771 uint32_t access_mask; 772 773 mode = (zp->z_phys->zp_mode & (S_IFMT | S_ISUID | S_ISGID | S_ISVTX)); 774 775 while (acep = zfs_acl_next_ace(aclp, acep, &who, 776 &access_mask, &iflags, &type)) { 777 778 /* 779 * Skip over inherit only ACEs 780 */ 781 if (iflags & ACE_INHERIT_ONLY_ACE) 782 continue; 783 784 entry_type = (iflags & ACE_TYPE_FLAGS); 785 786 if (entry_type == ACE_OWNER) { 787 if ((access_mask & ACE_READ_DATA) && 788 (!(seen & S_IRUSR))) { 789 seen |= S_IRUSR; 790 if (type == ALLOW) { 791 mode |= S_IRUSR; 792 } 793 } 794 if ((access_mask & ACE_WRITE_DATA) && 795 (!(seen & S_IWUSR))) { 796 seen |= S_IWUSR; 797 if (type == ALLOW) { 798 mode |= S_IWUSR; 799 } 800 } 801 if ((access_mask & ACE_EXECUTE) && 802 (!(seen & S_IXUSR))) { 803 seen |= S_IXUSR; 804 if (type == ALLOW) { 805 mode |= S_IXUSR; 806 } 807 } 808 } else if (entry_type == OWNING_GROUP) { 809 if ((access_mask & ACE_READ_DATA) && 810 (!(seen & S_IRGRP))) { 811 seen |= S_IRGRP; 812 if (type == ALLOW) { 813 mode |= S_IRGRP; 814 } 815 } 816 if ((access_mask & ACE_WRITE_DATA) && 817 (!(seen & S_IWGRP))) { 818 seen |= S_IWGRP; 819 if (type == ALLOW) { 820 mode |= S_IWGRP; 821 } 822 } 823 if ((access_mask & ACE_EXECUTE) && 824 (!(seen & S_IXGRP))) { 825 seen |= S_IXGRP; 826 if (type == ALLOW) { 827 mode |= S_IXGRP; 828 } 829 } 830 } else if (entry_type == ACE_EVERYONE) { 831 if ((access_mask & ACE_READ_DATA)) { 832 if (!(seen & S_IRUSR)) { 833 seen |= S_IRUSR; 834 if (type == ALLOW) { 835 mode |= S_IRUSR; 836 } 837 } 838 if (!(seen & S_IRGRP)) { 839 seen |= S_IRGRP; 840 if (type == ALLOW) { 841 mode |= S_IRGRP; 842 } 843 } 844 if (!(seen & S_IROTH)) { 845 seen |= S_IROTH; 846 if (type == ALLOW) { 847 mode |= S_IROTH; 848 } 849 } 850 } 851 if ((access_mask & ACE_WRITE_DATA)) { 852 if (!(seen & S_IWUSR)) { 853 seen |= S_IWUSR; 854 if (type == ALLOW) { 855 mode |= S_IWUSR; 856 } 857 } 858 if (!(seen & S_IWGRP)) { 859 seen |= S_IWGRP; 860 if (type == ALLOW) { 861 mode |= S_IWGRP; 862 } 863 } 864 if (!(seen & S_IWOTH)) { 865 seen |= S_IWOTH; 866 if (type == ALLOW) { 867 mode |= S_IWOTH; 868 } 869 } 870 } 871 if ((access_mask & ACE_EXECUTE)) { 872 if (!(seen & S_IXUSR)) { 873 seen |= S_IXUSR; 874 if (type == ALLOW) { 875 mode |= S_IXUSR; 876 } 877 } 878 if (!(seen & S_IXGRP)) { 879 seen |= S_IXGRP; 880 if (type == ALLOW) { 881 mode |= S_IXGRP; 882 } 883 } 884 if (!(seen & S_IXOTH)) { 885 seen |= S_IXOTH; 886 if (type == ALLOW) { 887 mode |= S_IXOTH; 888 } 889 } 890 } 891 } 892 /* 893 * Now handle FUID create for user/group ACEs 894 */ 895 if (entry_type == 0 || entry_type == ACE_IDENTIFIER_GROUP) { 896 aclp->z_ops.ace_who_set(acep, 897 zfs_fuid_create(zp->z_zfsvfs, who, cr, 898 (entry_type == 0) ? ZFS_ACE_USER : ZFS_ACE_GROUP, 899 tx, fuidp)); 900 } 901 } 902 return (mode); 903 } 904 905 static zfs_acl_t * 906 zfs_acl_node_read_internal(znode_t *zp, boolean_t will_modify) 907 { 908 zfs_acl_t *aclp; 909 zfs_acl_node_t *aclnode; 910 911 aclp = zfs_acl_alloc(zp->z_phys->zp_acl.z_acl_version); 912 913 /* 914 * Version 0 to 1 znode_acl_phys has the size/count fields swapped. 915 * Version 0 didn't have a size field, only a count. 916 */ 917 if (zp->z_phys->zp_acl.z_acl_version == ZFS_ACL_VERSION_INITIAL) { 918 aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_size; 919 aclp->z_acl_bytes = ZFS_ACL_SIZE(aclp->z_acl_count); 920 } else { 921 aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_count; 922 aclp->z_acl_bytes = zp->z_phys->zp_acl.z_acl_size; 923 } 924 925 aclnode = zfs_acl_node_alloc(will_modify ? aclp->z_acl_bytes : 0); 926 aclnode->z_ace_count = aclp->z_acl_count; 927 if (will_modify) { 928 bcopy(zp->z_phys->zp_acl.z_ace_data, aclnode->z_acldata, 929 aclp->z_acl_bytes); 930 } else { 931 aclnode->z_size = aclp->z_acl_bytes; 932 aclnode->z_acldata = &zp->z_phys->zp_acl.z_ace_data[0]; 933 } 934 935 list_insert_head(&aclp->z_acl, aclnode); 936 937 return (aclp); 938 } 939 940 /* 941 * Read an external acl object. 942 */ 943 static int 944 zfs_acl_node_read(znode_t *zp, zfs_acl_t **aclpp, boolean_t will_modify) 945 { 946 uint64_t extacl = zp->z_phys->zp_acl.z_acl_extern_obj; 947 zfs_acl_t *aclp; 948 size_t aclsize; 949 size_t acl_count; 950 zfs_acl_node_t *aclnode; 951 int error; 952 953 ASSERT(MUTEX_HELD(&zp->z_acl_lock)); 954 955 if (zp->z_phys->zp_acl.z_acl_extern_obj == 0) { 956 *aclpp = zfs_acl_node_read_internal(zp, will_modify); 957 return (0); 958 } 959 960 aclp = zfs_acl_alloc(zp->z_phys->zp_acl.z_acl_version); 961 if (zp->z_phys->zp_acl.z_acl_version == ZFS_ACL_VERSION_INITIAL) { 962 zfs_acl_phys_v0_t *zacl0 = 963 (zfs_acl_phys_v0_t *)&zp->z_phys->zp_acl; 964 965 aclsize = ZFS_ACL_SIZE(zacl0->z_acl_count); 966 acl_count = zacl0->z_acl_count; 967 } else { 968 aclsize = zp->z_phys->zp_acl.z_acl_size; 969 acl_count = zp->z_phys->zp_acl.z_acl_count; 970 if (aclsize == 0) 971 aclsize = acl_count * sizeof (zfs_ace_t); 972 } 973 aclnode = zfs_acl_node_alloc(aclsize); 974 list_insert_head(&aclp->z_acl, aclnode); 975 error = dmu_read(zp->z_zfsvfs->z_os, extacl, 0, 976 aclsize, aclnode->z_acldata); 977 aclnode->z_ace_count = acl_count; 978 aclp->z_acl_count = acl_count; 979 aclp->z_acl_bytes = aclsize; 980 981 if (error != 0) { 982 zfs_acl_free(aclp); 983 return (error); 984 } 985 986 *aclpp = aclp; 987 return (0); 988 } 989 990 /* 991 * common code for setting ACLs. 992 * 993 * This function is called from zfs_mode_update, zfs_perm_init, and zfs_setacl. 994 * zfs_setacl passes a non-NULL inherit pointer (ihp) to indicate that it's 995 * already checked the acl and knows whether to inherit. 996 */ 997 int 998 zfs_aclset_common(znode_t *zp, zfs_acl_t *aclp, cred_t *cr, 999 zfs_fuid_info_t **fuidp, dmu_tx_t *tx) 1000 { 1001 int error; 1002 znode_phys_t *zphys = zp->z_phys; 1003 zfs_acl_phys_t *zacl = &zphys->zp_acl; 1004 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 1005 uint64_t aoid = zphys->zp_acl.z_acl_extern_obj; 1006 uint64_t off = 0; 1007 dmu_object_type_t otype; 1008 zfs_acl_node_t *aclnode; 1009 1010 ASSERT(MUTEX_HELD(&zp->z_lock)); 1011 ASSERT(MUTEX_HELD(&zp->z_acl_lock)); 1012 1013 dmu_buf_will_dirty(zp->z_dbuf, tx); 1014 1015 zphys->zp_mode = zfs_mode_fuid_compute(zp, aclp, cr, fuidp, tx); 1016 1017 /* 1018 * Decide which opbject type to use. If we are forced to 1019 * use old ACL format than transform ACL into zfs_oldace_t 1020 * layout. 1021 */ 1022 if (!zfsvfs->z_use_fuids) { 1023 otype = DMU_OT_OLDACL; 1024 } else { 1025 if ((aclp->z_version == ZFS_ACL_VERSION_INITIAL) && 1026 (zfsvfs->z_version >= ZPL_VERSION_FUID)) 1027 zfs_acl_xform(zp, aclp); 1028 ASSERT(aclp->z_version >= ZFS_ACL_VERSION_FUID); 1029 otype = DMU_OT_ACL; 1030 } 1031 1032 if (aclp->z_acl_bytes > ZFS_ACE_SPACE) { 1033 /* 1034 * If ACL was previously external and we are now 1035 * converting to new ACL format then release old 1036 * ACL object and create a new one. 1037 */ 1038 if (aoid && aclp->z_version != zacl->z_acl_version) { 1039 error = dmu_object_free(zfsvfs->z_os, 1040 zp->z_phys->zp_acl.z_acl_extern_obj, tx); 1041 if (error) 1042 return (error); 1043 aoid = 0; 1044 } 1045 if (aoid == 0) { 1046 aoid = dmu_object_alloc(zfsvfs->z_os, 1047 otype, aclp->z_acl_bytes, 1048 otype == DMU_OT_ACL ? DMU_OT_SYSACL : DMU_OT_NONE, 1049 otype == DMU_OT_ACL ? DN_MAX_BONUSLEN : 0, tx); 1050 } else { 1051 (void) dmu_object_set_blocksize(zfsvfs->z_os, aoid, 1052 aclp->z_acl_bytes, 0, tx); 1053 } 1054 zphys->zp_acl.z_acl_extern_obj = aoid; 1055 for (aclnode = list_head(&aclp->z_acl); aclnode; 1056 aclnode = list_next(&aclp->z_acl, aclnode)) { 1057 if (aclnode->z_ace_count == 0) 1058 continue; 1059 dmu_write(zfsvfs->z_os, aoid, off, 1060 aclnode->z_size, aclnode->z_acldata, tx); 1061 off += aclnode->z_size; 1062 } 1063 } else { 1064 void *start = zacl->z_ace_data; 1065 /* 1066 * Migrating back embedded? 1067 */ 1068 if (zphys->zp_acl.z_acl_extern_obj) { 1069 error = dmu_object_free(zfsvfs->z_os, 1070 zp->z_phys->zp_acl.z_acl_extern_obj, tx); 1071 if (error) 1072 return (error); 1073 zphys->zp_acl.z_acl_extern_obj = 0; 1074 } 1075 1076 for (aclnode = list_head(&aclp->z_acl); aclnode; 1077 aclnode = list_next(&aclp->z_acl, aclnode)) { 1078 if (aclnode->z_ace_count == 0) 1079 continue; 1080 bcopy(aclnode->z_acldata, start, aclnode->z_size); 1081 start = (caddr_t)start + aclnode->z_size; 1082 } 1083 } 1084 1085 /* 1086 * If Old version then swap count/bytes to match old 1087 * layout of znode_acl_phys_t. 1088 */ 1089 if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) { 1090 zphys->zp_acl.z_acl_size = aclp->z_acl_count; 1091 zphys->zp_acl.z_acl_count = aclp->z_acl_bytes; 1092 } else { 1093 zphys->zp_acl.z_acl_size = aclp->z_acl_bytes; 1094 zphys->zp_acl.z_acl_count = aclp->z_acl_count; 1095 } 1096 1097 zphys->zp_acl.z_acl_version = aclp->z_version; 1098 1099 /* 1100 * Replace ACL wide bits, but first clear them. 1101 */ 1102 zp->z_phys->zp_flags &= ~ZFS_ACL_WIDE_FLAGS; 1103 1104 zp->z_phys->zp_flags |= aclp->z_hints; 1105 1106 if (ace_trivial_common(aclp, 0, zfs_ace_walk) == 0) 1107 zp->z_phys->zp_flags |= ZFS_ACL_TRIVIAL; 1108 1109 zfs_time_stamper_locked(zp, STATE_CHANGED, tx); 1110 return (0); 1111 } 1112 1113 /* 1114 * Update access mask for prepended ACE 1115 * 1116 * This applies the "groupmask" value for aclmode property. 1117 */ 1118 static void 1119 zfs_acl_prepend_fixup(zfs_acl_t *aclp, void *acep, void *origacep, 1120 mode_t mode, uint64_t owner) 1121 { 1122 int rmask, wmask, xmask; 1123 int user_ace; 1124 uint16_t aceflags; 1125 uint32_t origmask, acepmask; 1126 uint64_t fuid; 1127 1128 aceflags = aclp->z_ops.ace_flags_get(acep); 1129 fuid = aclp->z_ops.ace_who_get(acep); 1130 origmask = aclp->z_ops.ace_mask_get(origacep); 1131 acepmask = aclp->z_ops.ace_mask_get(acep); 1132 1133 user_ace = (!(aceflags & 1134 (ACE_OWNER|ACE_GROUP|ACE_IDENTIFIER_GROUP))); 1135 1136 if (user_ace && (fuid == owner)) { 1137 rmask = S_IRUSR; 1138 wmask = S_IWUSR; 1139 xmask = S_IXUSR; 1140 } else { 1141 rmask = S_IRGRP; 1142 wmask = S_IWGRP; 1143 xmask = S_IXGRP; 1144 } 1145 1146 if (origmask & ACE_READ_DATA) { 1147 if (mode & rmask) { 1148 acepmask &= ~ACE_READ_DATA; 1149 } else { 1150 acepmask |= ACE_READ_DATA; 1151 } 1152 } 1153 1154 if (origmask & ACE_WRITE_DATA) { 1155 if (mode & wmask) { 1156 acepmask &= ~ACE_WRITE_DATA; 1157 } else { 1158 acepmask |= ACE_WRITE_DATA; 1159 } 1160 } 1161 1162 if (origmask & ACE_APPEND_DATA) { 1163 if (mode & wmask) { 1164 acepmask &= ~ACE_APPEND_DATA; 1165 } else { 1166 acepmask |= ACE_APPEND_DATA; 1167 } 1168 } 1169 1170 if (origmask & ACE_EXECUTE) { 1171 if (mode & xmask) { 1172 acepmask &= ~ACE_EXECUTE; 1173 } else { 1174 acepmask |= ACE_EXECUTE; 1175 } 1176 } 1177 aclp->z_ops.ace_mask_set(acep, acepmask); 1178 } 1179 1180 /* 1181 * Apply mode to canonical six ACEs. 1182 */ 1183 static void 1184 zfs_acl_fixup_canonical_six(zfs_acl_t *aclp, mode_t mode) 1185 { 1186 zfs_acl_node_t *aclnode = list_tail(&aclp->z_acl); 1187 void *acep; 1188 int maskoff = aclp->z_ops.ace_mask_off(); 1189 size_t abstract_size = aclp->z_ops.ace_abstract_size(); 1190 1191 ASSERT(aclnode != NULL); 1192 1193 acep = (void *)((caddr_t)aclnode->z_acldata + 1194 aclnode->z_size - (abstract_size * 6)); 1195 1196 /* 1197 * Fixup final ACEs to match the mode 1198 */ 1199 1200 adjust_ace_pair_common(acep, maskoff, abstract_size, 1201 (mode & 0700) >> 6); /* owner@ */ 1202 1203 acep = (caddr_t)acep + (abstract_size * 2); 1204 1205 adjust_ace_pair_common(acep, maskoff, abstract_size, 1206 (mode & 0070) >> 3); /* group@ */ 1207 1208 acep = (caddr_t)acep + (abstract_size * 2); 1209 adjust_ace_pair_common(acep, maskoff, 1210 abstract_size, mode); /* everyone@ */ 1211 } 1212 1213 1214 static int 1215 zfs_acl_ace_match(zfs_acl_t *aclp, void *acep, int allow_deny, 1216 int entry_type, int accessmask) 1217 { 1218 uint32_t mask = aclp->z_ops.ace_mask_get(acep); 1219 uint16_t type = aclp->z_ops.ace_type_get(acep); 1220 uint16_t flags = aclp->z_ops.ace_flags_get(acep); 1221 1222 return (mask == accessmask && type == allow_deny && 1223 ((flags & ACE_TYPE_FLAGS) == entry_type)); 1224 } 1225 1226 /* 1227 * Can prepended ACE be reused? 1228 */ 1229 static int 1230 zfs_reuse_deny(zfs_acl_t *aclp, void *acep, void *prevacep) 1231 { 1232 int okay_masks; 1233 uint16_t prevtype; 1234 uint16_t prevflags; 1235 uint16_t flags; 1236 uint32_t mask, prevmask; 1237 1238 if (prevacep == NULL) 1239 return (B_FALSE); 1240 1241 prevtype = aclp->z_ops.ace_type_get(prevacep); 1242 prevflags = aclp->z_ops.ace_flags_get(prevacep); 1243 flags = aclp->z_ops.ace_flags_get(acep); 1244 mask = aclp->z_ops.ace_mask_get(acep); 1245 prevmask = aclp->z_ops.ace_mask_get(prevacep); 1246 1247 if (prevtype != DENY) 1248 return (B_FALSE); 1249 1250 if (prevflags != (flags & ACE_IDENTIFIER_GROUP)) 1251 return (B_FALSE); 1252 1253 okay_masks = (mask & OKAY_MASK_BITS); 1254 1255 if (prevmask & ~okay_masks) 1256 return (B_FALSE); 1257 1258 return (B_TRUE); 1259 } 1260 1261 1262 /* 1263 * Insert new ACL node into chain of zfs_acl_node_t's 1264 * 1265 * This will result in two possible results. 1266 * 1. If the ACL is currently just a single zfs_acl_node and 1267 * we are prepending the entry then current acl node will have 1268 * a new node inserted above it. 1269 * 1270 * 2. If we are inserting in the middle of current acl node then 1271 * the current node will be split in two and new node will be inserted 1272 * in between the two split nodes. 1273 */ 1274 static zfs_acl_node_t * 1275 zfs_acl_ace_insert(zfs_acl_t *aclp, void *acep) 1276 { 1277 zfs_acl_node_t *newnode; 1278 zfs_acl_node_t *trailernode = NULL; 1279 zfs_acl_node_t *currnode = zfs_acl_curr_node(aclp); 1280 int curr_idx = aclp->z_curr_node->z_ace_idx; 1281 int trailer_count; 1282 size_t oldsize; 1283 1284 newnode = zfs_acl_node_alloc(aclp->z_ops.ace_size(acep)); 1285 newnode->z_ace_count = 1; 1286 1287 oldsize = currnode->z_size; 1288 1289 if (curr_idx != 1) { 1290 trailernode = zfs_acl_node_alloc(0); 1291 trailernode->z_acldata = acep; 1292 1293 trailer_count = currnode->z_ace_count - curr_idx + 1; 1294 currnode->z_ace_count = curr_idx - 1; 1295 currnode->z_size = (caddr_t)acep - (caddr_t)currnode->z_acldata; 1296 trailernode->z_size = oldsize - currnode->z_size; 1297 trailernode->z_ace_count = trailer_count; 1298 } 1299 1300 aclp->z_acl_count += 1; 1301 aclp->z_acl_bytes += aclp->z_ops.ace_size(acep); 1302 1303 if (curr_idx == 1) 1304 list_insert_before(&aclp->z_acl, currnode, newnode); 1305 else 1306 list_insert_after(&aclp->z_acl, currnode, newnode); 1307 if (trailernode) { 1308 list_insert_after(&aclp->z_acl, newnode, trailernode); 1309 aclp->z_curr_node = trailernode; 1310 trailernode->z_ace_idx = 1; 1311 } 1312 1313 return (newnode); 1314 } 1315 1316 /* 1317 * Prepend deny ACE 1318 */ 1319 static void * 1320 zfs_acl_prepend_deny(znode_t *zp, zfs_acl_t *aclp, void *acep, 1321 mode_t mode) 1322 { 1323 zfs_acl_node_t *aclnode; 1324 void *newacep; 1325 uint64_t fuid; 1326 uint16_t flags; 1327 1328 aclnode = zfs_acl_ace_insert(aclp, acep); 1329 newacep = aclnode->z_acldata; 1330 fuid = aclp->z_ops.ace_who_get(acep); 1331 flags = aclp->z_ops.ace_flags_get(acep); 1332 zfs_set_ace(aclp, newacep, 0, DENY, fuid, (flags & ACE_TYPE_FLAGS)); 1333 zfs_acl_prepend_fixup(aclp, newacep, acep, mode, zp->z_phys->zp_uid); 1334 1335 return (newacep); 1336 } 1337 1338 /* 1339 * Split an inherited ACE into inherit_only ACE 1340 * and original ACE with inheritance flags stripped off. 1341 */ 1342 static void 1343 zfs_acl_split_ace(zfs_acl_t *aclp, zfs_ace_hdr_t *acep) 1344 { 1345 zfs_acl_node_t *aclnode; 1346 zfs_acl_node_t *currnode; 1347 void *newacep; 1348 uint16_t type, flags; 1349 uint32_t mask; 1350 uint64_t fuid; 1351 1352 type = aclp->z_ops.ace_type_get(acep); 1353 flags = aclp->z_ops.ace_flags_get(acep); 1354 mask = aclp->z_ops.ace_mask_get(acep); 1355 fuid = aclp->z_ops.ace_who_get(acep); 1356 1357 aclnode = zfs_acl_ace_insert(aclp, acep); 1358 newacep = aclnode->z_acldata; 1359 1360 aclp->z_ops.ace_type_set(newacep, type); 1361 aclp->z_ops.ace_flags_set(newacep, flags | ACE_INHERIT_ONLY_ACE); 1362 aclp->z_ops.ace_mask_set(newacep, mask); 1363 aclp->z_ops.ace_type_set(newacep, type); 1364 aclp->z_ops.ace_who_set(newacep, fuid); 1365 aclp->z_next_ace = acep; 1366 flags &= ~ALL_INHERIT; 1367 aclp->z_ops.ace_flags_set(acep, flags); 1368 currnode = zfs_acl_curr_node(aclp); 1369 ASSERT(currnode->z_ace_idx >= 1); 1370 currnode->z_ace_idx -= 1; 1371 } 1372 1373 /* 1374 * Are ACES started at index i, the canonical six ACES? 1375 */ 1376 static int 1377 zfs_have_canonical_six(zfs_acl_t *aclp) 1378 { 1379 void *acep; 1380 zfs_acl_node_t *aclnode = list_tail(&aclp->z_acl); 1381 int i = 0; 1382 size_t abstract_size = aclp->z_ops.ace_abstract_size(); 1383 1384 ASSERT(aclnode != NULL); 1385 1386 if (aclnode->z_ace_count < 6) 1387 return (0); 1388 1389 acep = (void *)((caddr_t)aclnode->z_acldata + 1390 aclnode->z_size - (aclp->z_ops.ace_abstract_size() * 6)); 1391 1392 if ((zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), 1393 DENY, ACE_OWNER, 0) && 1394 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), 1395 ALLOW, ACE_OWNER, OWNER_ALLOW_MASK) && 1396 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), DENY, 1397 OWNING_GROUP, 0) && zfs_acl_ace_match(aclp, (caddr_t)acep + 1398 (abstract_size * i++), 1399 ALLOW, OWNING_GROUP, 0) && 1400 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), 1401 DENY, ACE_EVERYONE, EVERYONE_DENY_MASK) && 1402 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), 1403 ALLOW, ACE_EVERYONE, EVERYONE_ALLOW_MASK))) { 1404 return (1); 1405 } else { 1406 return (0); 1407 } 1408 } 1409 1410 1411 /* 1412 * Apply step 1g, to group entries 1413 * 1414 * Need to deal with corner case where group may have 1415 * greater permissions than owner. If so then limit 1416 * group permissions, based on what extra permissions 1417 * group has. 1418 */ 1419 static void 1420 zfs_fixup_group_entries(zfs_acl_t *aclp, void *acep, void *prevacep, 1421 mode_t mode) 1422 { 1423 uint32_t prevmask = aclp->z_ops.ace_mask_get(prevacep); 1424 uint32_t mask = aclp->z_ops.ace_mask_get(acep); 1425 uint16_t prevflags = aclp->z_ops.ace_flags_get(prevacep); 1426 mode_t extramode = (mode >> 3) & 07; 1427 mode_t ownermode = (mode >> 6); 1428 1429 if (prevflags & ACE_IDENTIFIER_GROUP) { 1430 1431 extramode &= ~ownermode; 1432 1433 if (extramode) { 1434 if (extramode & S_IROTH) { 1435 prevmask &= ~ACE_READ_DATA; 1436 mask &= ~ACE_READ_DATA; 1437 } 1438 if (extramode & S_IWOTH) { 1439 prevmask &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA); 1440 mask &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA); 1441 } 1442 if (extramode & S_IXOTH) { 1443 prevmask &= ~ACE_EXECUTE; 1444 mask &= ~ACE_EXECUTE; 1445 } 1446 } 1447 } 1448 aclp->z_ops.ace_mask_set(acep, mask); 1449 aclp->z_ops.ace_mask_set(prevacep, prevmask); 1450 } 1451 1452 /* 1453 * Apply the chmod algorithm as described 1454 * in PSARC/2002/240 1455 */ 1456 static void 1457 zfs_acl_chmod(znode_t *zp, uint64_t mode, zfs_acl_t *aclp) 1458 { 1459 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 1460 void *acep = NULL, *prevacep = NULL; 1461 uint64_t who; 1462 int i; 1463 int entry_type; 1464 int reuse_deny; 1465 int need_canonical_six = 1; 1466 uint16_t iflags, type; 1467 uint32_t access_mask; 1468 1469 ASSERT(MUTEX_HELD(&zp->z_acl_lock)); 1470 ASSERT(MUTEX_HELD(&zp->z_lock)); 1471 1472 aclp->z_hints = (zp->z_phys->zp_flags & V4_ACL_WIDE_FLAGS); 1473 1474 /* 1475 * If discard then just discard all ACL nodes which 1476 * represent the ACEs. 1477 * 1478 * New owner@/group@/everone@ ACEs will be added 1479 * later. 1480 */ 1481 if (zfsvfs->z_acl_mode == ZFS_ACL_DISCARD) 1482 zfs_acl_release_nodes(aclp); 1483 1484 while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask, 1485 &iflags, &type)) { 1486 1487 entry_type = (iflags & ACE_TYPE_FLAGS); 1488 iflags = (iflags & ALL_INHERIT); 1489 1490 if ((type != ALLOW && type != DENY) || 1491 (iflags & ACE_INHERIT_ONLY_ACE)) { 1492 if (iflags) 1493 aclp->z_hints |= ZFS_INHERIT_ACE; 1494 switch (type) { 1495 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 1496 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 1497 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 1498 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 1499 aclp->z_hints |= ZFS_ACL_OBJ_ACE; 1500 break; 1501 } 1502 goto nextace; 1503 } 1504 1505 /* 1506 * Need to split ace into two? 1507 */ 1508 if ((iflags & (ACE_FILE_INHERIT_ACE| 1509 ACE_DIRECTORY_INHERIT_ACE)) && 1510 (!(iflags & ACE_INHERIT_ONLY_ACE))) { 1511 zfs_acl_split_ace(aclp, acep); 1512 aclp->z_hints |= ZFS_INHERIT_ACE; 1513 goto nextace; 1514 } 1515 1516 if (entry_type == ACE_OWNER || entry_type == ACE_EVERYONE || 1517 (entry_type == OWNING_GROUP)) { 1518 access_mask &= ~OGE_CLEAR; 1519 aclp->z_ops.ace_mask_set(acep, access_mask); 1520 goto nextace; 1521 } else { 1522 reuse_deny = B_TRUE; 1523 if (type == ALLOW) { 1524 1525 /* 1526 * Check preceding ACE if any, to see 1527 * if we need to prepend a DENY ACE. 1528 * This is only applicable when the acl_mode 1529 * property == groupmask. 1530 */ 1531 if (zfsvfs->z_acl_mode == ZFS_ACL_GROUPMASK) { 1532 1533 reuse_deny = zfs_reuse_deny(aclp, acep, 1534 prevacep); 1535 1536 if (!reuse_deny) { 1537 prevacep = 1538 zfs_acl_prepend_deny(zp, 1539 aclp, acep, mode); 1540 } else { 1541 zfs_acl_prepend_fixup( 1542 aclp, prevacep, 1543 acep, mode, 1544 zp->z_phys->zp_uid); 1545 } 1546 zfs_fixup_group_entries(aclp, acep, 1547 prevacep, mode); 1548 1549 } 1550 } 1551 } 1552 nextace: 1553 prevacep = acep; 1554 } 1555 1556 /* 1557 * Check out last six aces, if we have six. 1558 */ 1559 1560 if (aclp->z_acl_count >= 6) { 1561 if (zfs_have_canonical_six(aclp)) { 1562 need_canonical_six = 0; 1563 } 1564 } 1565 1566 if (need_canonical_six) { 1567 size_t abstract_size = aclp->z_ops.ace_abstract_size(); 1568 void *zacep; 1569 zfs_acl_node_t *aclnode = 1570 zfs_acl_node_alloc(abstract_size * 6); 1571 1572 aclnode->z_size = abstract_size * 6; 1573 aclnode->z_ace_count = 6; 1574 aclp->z_acl_bytes += aclnode->z_size; 1575 list_insert_tail(&aclp->z_acl, aclnode); 1576 1577 zacep = aclnode->z_acldata; 1578 1579 i = 0; 1580 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 1581 0, DENY, -1, ACE_OWNER); 1582 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 1583 OWNER_ALLOW_MASK, ALLOW, -1, ACE_OWNER); 1584 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 0, 1585 DENY, -1, OWNING_GROUP); 1586 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 0, 1587 ALLOW, -1, OWNING_GROUP); 1588 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 1589 EVERYONE_DENY_MASK, DENY, -1, ACE_EVERYONE); 1590 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 1591 EVERYONE_ALLOW_MASK, ALLOW, -1, ACE_EVERYONE); 1592 aclp->z_acl_count += 6; 1593 } 1594 1595 zfs_acl_fixup_canonical_six(aclp, mode); 1596 } 1597 1598 int 1599 zfs_acl_chmod_setattr(znode_t *zp, zfs_acl_t **aclp, uint64_t mode) 1600 { 1601 int error; 1602 1603 mutex_enter(&zp->z_lock); 1604 mutex_enter(&zp->z_acl_lock); 1605 *aclp = NULL; 1606 error = zfs_acl_node_read(zp, aclp, B_TRUE); 1607 if (error == 0) 1608 zfs_acl_chmod(zp, mode, *aclp); 1609 mutex_exit(&zp->z_acl_lock); 1610 mutex_exit(&zp->z_lock); 1611 return (error); 1612 } 1613 1614 /* 1615 * strip off write_owner and write_acl 1616 */ 1617 static void 1618 zfs_restricted_update(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, void *acep) 1619 { 1620 uint32_t mask = aclp->z_ops.ace_mask_get(acep); 1621 1622 if ((zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED) && 1623 (aclp->z_ops.ace_type_get(acep) == ALLOW)) { 1624 mask &= ~RESTRICTED_CLEAR; 1625 aclp->z_ops.ace_mask_set(acep, mask); 1626 } 1627 } 1628 1629 /* 1630 * Should ACE be inherited? 1631 */ 1632 static int 1633 zfs_ace_can_use(znode_t *zp, uint16_t acep_flags) 1634 { 1635 int vtype = ZTOV(zp)->v_type; 1636 int iflags = (acep_flags & 0xf); 1637 1638 if ((vtype == VDIR) && (iflags & ACE_DIRECTORY_INHERIT_ACE)) 1639 return (1); 1640 else if (iflags & ACE_FILE_INHERIT_ACE) 1641 return (!((vtype == VDIR) && 1642 (iflags & ACE_NO_PROPAGATE_INHERIT_ACE))); 1643 return (0); 1644 } 1645 1646 /* 1647 * inherit inheritable ACEs from parent 1648 */ 1649 static zfs_acl_t * 1650 zfs_acl_inherit(znode_t *zp, zfs_acl_t *paclp, boolean_t *need_chmod) 1651 { 1652 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 1653 void *pacep; 1654 void *acep, *acep2; 1655 zfs_acl_node_t *aclnode, *aclnode2; 1656 zfs_acl_t *aclp = NULL; 1657 uint64_t who; 1658 uint32_t access_mask; 1659 uint16_t iflags, newflags, type; 1660 size_t ace_size; 1661 void *data1, *data2; 1662 size_t data1sz, data2sz; 1663 enum vtype vntype = ZTOV(zp)->v_type; 1664 1665 *need_chmod = B_TRUE; 1666 pacep = NULL; 1667 aclp = zfs_acl_alloc(zfs_acl_version_zp(zp)); 1668 if (zfsvfs->z_acl_inherit != ZFS_ACL_DISCARD) { 1669 while (pacep = zfs_acl_next_ace(paclp, pacep, &who, 1670 &access_mask, &iflags, &type)) { 1671 1672 if (zfsvfs->z_acl_inherit == ZFS_ACL_NOALLOW && 1673 type == ALLOW) 1674 continue; 1675 1676 ace_size = aclp->z_ops.ace_size(pacep); 1677 1678 if (!zfs_ace_can_use(zp, iflags)) 1679 continue; 1680 1681 /* 1682 * If owner@, group@, or everyone@ inheritable 1683 * then zfs_acl_chmod() isn't needed. 1684 */ 1685 if (zfsvfs->z_acl_inherit == 1686 ZFS_ACL_PASSTHROUGH && 1687 ((iflags & (ACE_OWNER|ACE_EVERYONE)) || 1688 ((iflags & OWNING_GROUP) == 1689 OWNING_GROUP)) && (vntype == VREG || 1690 (vntype == VDIR && 1691 (iflags & ACE_DIRECTORY_INHERIT_ACE)))) 1692 *need_chmod = B_FALSE; 1693 1694 aclnode = zfs_acl_node_alloc(ace_size); 1695 list_insert_tail(&aclp->z_acl, aclnode); 1696 acep = aclnode->z_acldata; 1697 zfs_set_ace(aclp, acep, access_mask, type, 1698 who, iflags|ACE_INHERITED_ACE); 1699 1700 /* 1701 * Copy special opaque data if any 1702 */ 1703 if ((data1sz = paclp->z_ops.ace_data(pacep, 1704 &data1)) != 0) { 1705 VERIFY((data2sz = aclp->z_ops.ace_data(acep, 1706 &data2)) == data1sz); 1707 bcopy(data1, data2, data2sz); 1708 } 1709 aclp->z_acl_count++; 1710 aclnode->z_ace_count++; 1711 aclp->z_acl_bytes += aclnode->z_size; 1712 newflags = aclp->z_ops.ace_flags_get(acep); 1713 1714 if (vntype == VDIR) 1715 aclp->z_hints |= ZFS_INHERIT_ACE; 1716 1717 if ((iflags & ACE_NO_PROPAGATE_INHERIT_ACE) || 1718 (vntype != VDIR)) { 1719 newflags &= ~ALL_INHERIT; 1720 aclp->z_ops.ace_flags_set(acep, 1721 newflags|ACE_INHERITED_ACE); 1722 zfs_restricted_update(zfsvfs, aclp, acep); 1723 continue; 1724 } 1725 1726 ASSERT(vntype == VDIR); 1727 1728 newflags = aclp->z_ops.ace_flags_get(acep); 1729 if ((iflags & (ACE_FILE_INHERIT_ACE | 1730 ACE_DIRECTORY_INHERIT_ACE)) != 1731 ACE_FILE_INHERIT_ACE) { 1732 aclnode2 = zfs_acl_node_alloc(ace_size); 1733 list_insert_tail(&aclp->z_acl, aclnode2); 1734 acep2 = aclnode2->z_acldata; 1735 zfs_set_ace(aclp, acep2, 1736 access_mask, type, who, 1737 iflags|ACE_INHERITED_ACE); 1738 newflags |= ACE_INHERIT_ONLY_ACE; 1739 aclp->z_ops.ace_flags_set(acep, newflags); 1740 newflags &= ~ALL_INHERIT; 1741 aclp->z_ops.ace_flags_set(acep2, 1742 newflags|ACE_INHERITED_ACE); 1743 1744 /* 1745 * Copy special opaque data if any 1746 */ 1747 if ((data1sz = aclp->z_ops.ace_data(acep, 1748 &data1)) != 0) { 1749 VERIFY((data2sz = 1750 aclp->z_ops.ace_data(acep2, 1751 &data2)) == data1sz); 1752 bcopy(data1, data2, data1sz); 1753 } 1754 aclp->z_acl_count++; 1755 aclnode2->z_ace_count++; 1756 aclp->z_acl_bytes += aclnode->z_size; 1757 zfs_restricted_update(zfsvfs, aclp, acep2); 1758 } else { 1759 newflags |= ACE_INHERIT_ONLY_ACE; 1760 aclp->z_ops.ace_flags_set(acep, 1761 newflags|ACE_INHERITED_ACE); 1762 } 1763 } 1764 } 1765 return (aclp); 1766 } 1767 1768 /* 1769 * Create file system object initial permissions 1770 * including inheritable ACEs. 1771 */ 1772 void 1773 zfs_perm_init(znode_t *zp, znode_t *parent, int flag, 1774 vattr_t *vap, dmu_tx_t *tx, cred_t *cr, 1775 zfs_acl_t *setaclp, zfs_fuid_info_t **fuidp) 1776 { 1777 uint64_t mode, fuid, fgid; 1778 int error; 1779 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 1780 zfs_acl_t *aclp = NULL; 1781 zfs_acl_t *paclp; 1782 xvattr_t *xvap = (xvattr_t *)vap; 1783 gid_t gid; 1784 boolean_t need_chmod = B_TRUE; 1785 1786 if (setaclp) 1787 aclp = setaclp; 1788 1789 mode = MAKEIMODE(vap->va_type, vap->va_mode); 1790 1791 /* 1792 * Determine uid and gid. 1793 */ 1794 if ((flag & (IS_ROOT_NODE | IS_REPLAY)) || 1795 ((flag & IS_XATTR) && (vap->va_type == VDIR))) { 1796 fuid = zfs_fuid_create(zfsvfs, vap->va_uid, cr, 1797 ZFS_OWNER, tx, fuidp); 1798 fgid = zfs_fuid_create(zfsvfs, vap->va_gid, cr, 1799 ZFS_GROUP, tx, fuidp); 1800 gid = vap->va_gid; 1801 } else { 1802 fuid = zfs_fuid_create_cred(zfsvfs, ZFS_OWNER, tx, cr, fuidp); 1803 fgid = 0; 1804 if (vap->va_mask & AT_GID) { 1805 fgid = zfs_fuid_create(zfsvfs, vap->va_gid, cr, 1806 ZFS_GROUP, tx, fuidp); 1807 gid = vap->va_gid; 1808 if (fgid != parent->z_phys->zp_gid && 1809 !groupmember(vap->va_gid, cr) && 1810 secpolicy_vnode_create_gid(cr) != 0) 1811 fgid = 0; 1812 } 1813 if (fgid == 0) { 1814 if (parent->z_phys->zp_mode & S_ISGID) { 1815 fgid = parent->z_phys->zp_gid; 1816 gid = zfs_fuid_map_id(zfsvfs, fgid, 1817 cr, ZFS_GROUP); 1818 } else { 1819 fgid = zfs_fuid_create_cred(zfsvfs, 1820 ZFS_GROUP, tx, cr, fuidp); 1821 gid = crgetgid(cr); 1822 } 1823 } 1824 } 1825 1826 /* 1827 * If we're creating a directory, and the parent directory has the 1828 * set-GID bit set, set in on the new directory. 1829 * Otherwise, if the user is neither privileged nor a member of the 1830 * file's new group, clear the file's set-GID bit. 1831 */ 1832 1833 if ((parent->z_phys->zp_mode & S_ISGID) && (vap->va_type == VDIR)) { 1834 mode |= S_ISGID; 1835 } else { 1836 if ((mode & S_ISGID) && 1837 secpolicy_vnode_setids_setgids(cr, gid) != 0) 1838 mode &= ~S_ISGID; 1839 } 1840 1841 zp->z_phys->zp_uid = fuid; 1842 zp->z_phys->zp_gid = fgid; 1843 zp->z_phys->zp_mode = mode; 1844 1845 if (aclp == NULL) { 1846 mutex_enter(&parent->z_lock); 1847 if (parent->z_phys->zp_flags & ZFS_INHERIT_ACE) { 1848 mutex_enter(&parent->z_acl_lock); 1849 VERIFY(0 == zfs_acl_node_read(parent, &paclp, B_FALSE)); 1850 mutex_exit(&parent->z_acl_lock); 1851 aclp = zfs_acl_inherit(zp, paclp, &need_chmod); 1852 zfs_acl_free(paclp); 1853 } else { 1854 aclp = zfs_acl_alloc(zfs_acl_version_zp(zp)); 1855 } 1856 mutex_exit(&parent->z_lock); 1857 mutex_enter(&zp->z_lock); 1858 mutex_enter(&zp->z_acl_lock); 1859 if (need_chmod) 1860 zfs_acl_chmod(zp, mode, aclp); 1861 } else { 1862 mutex_enter(&zp->z_lock); 1863 mutex_enter(&zp->z_acl_lock); 1864 } 1865 1866 /* Force auto_inherit on all new directory objects */ 1867 if (vap->va_type == VDIR) 1868 aclp->z_hints |= ZFS_ACL_AUTO_INHERIT; 1869 1870 error = zfs_aclset_common(zp, aclp, cr, fuidp, tx); 1871 1872 /* Set optional attributes if any */ 1873 if (vap->va_mask & AT_XVATTR) 1874 zfs_xvattr_set(zp, xvap); 1875 1876 mutex_exit(&zp->z_lock); 1877 mutex_exit(&zp->z_acl_lock); 1878 ASSERT3U(error, ==, 0); 1879 1880 if (aclp != setaclp) 1881 zfs_acl_free(aclp); 1882 } 1883 1884 /* 1885 * Retrieve a files ACL 1886 */ 1887 int 1888 zfs_getacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr) 1889 { 1890 zfs_acl_t *aclp; 1891 ulong_t mask; 1892 int error; 1893 int count = 0; 1894 int largeace = 0; 1895 1896 mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT | 1897 VSA_ACE_ACLFLAGS | VSA_ACE_ALLTYPES); 1898 1899 if (error = zfs_zaccess(zp, ACE_READ_ACL, 0, skipaclchk, cr)) 1900 return (error); 1901 1902 if (mask == 0) 1903 return (ENOSYS); 1904 1905 mutex_enter(&zp->z_acl_lock); 1906 1907 error = zfs_acl_node_read(zp, &aclp, B_FALSE); 1908 if (error != 0) { 1909 mutex_exit(&zp->z_acl_lock); 1910 return (error); 1911 } 1912 1913 /* 1914 * Scan ACL to determine number of ACEs 1915 */ 1916 if ((zp->z_phys->zp_flags & ZFS_ACL_OBJ_ACE) && 1917 !(mask & VSA_ACE_ALLTYPES)) { 1918 void *zacep = NULL; 1919 uint64_t who; 1920 uint32_t access_mask; 1921 uint16_t type, iflags; 1922 1923 while (zacep = zfs_acl_next_ace(aclp, zacep, 1924 &who, &access_mask, &iflags, &type)) { 1925 switch (type) { 1926 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: 1927 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: 1928 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE: 1929 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE: 1930 largeace++; 1931 continue; 1932 default: 1933 count++; 1934 } 1935 } 1936 vsecp->vsa_aclcnt = count; 1937 } else 1938 count = aclp->z_acl_count; 1939 1940 if (mask & VSA_ACECNT) { 1941 vsecp->vsa_aclcnt = count; 1942 } 1943 1944 if (mask & VSA_ACE) { 1945 size_t aclsz; 1946 1947 zfs_acl_node_t *aclnode = list_head(&aclp->z_acl); 1948 1949 aclsz = count * sizeof (ace_t) + 1950 sizeof (ace_object_t) * largeace; 1951 1952 vsecp->vsa_aclentp = kmem_alloc(aclsz, KM_SLEEP); 1953 vsecp->vsa_aclentsz = aclsz; 1954 1955 if (aclp->z_version == ZFS_ACL_VERSION_FUID) 1956 zfs_copy_fuid_2_ace(zp->z_zfsvfs, aclp, cr, 1957 vsecp->vsa_aclentp, !(mask & VSA_ACE_ALLTYPES)); 1958 else { 1959 bcopy(aclnode->z_acldata, vsecp->vsa_aclentp, 1960 count * sizeof (ace_t)); 1961 } 1962 } 1963 if (mask & VSA_ACE_ACLFLAGS) { 1964 vsecp->vsa_aclflags = 0; 1965 if (zp->z_phys->zp_flags & ZFS_ACL_DEFAULTED) 1966 vsecp->vsa_aclflags |= ACL_DEFAULTED; 1967 if (zp->z_phys->zp_flags & ZFS_ACL_PROTECTED) 1968 vsecp->vsa_aclflags |= ACL_PROTECTED; 1969 if (zp->z_phys->zp_flags & ZFS_ACL_AUTO_INHERIT) 1970 vsecp->vsa_aclflags |= ACL_AUTO_INHERIT; 1971 } 1972 1973 mutex_exit(&zp->z_acl_lock); 1974 1975 zfs_acl_free(aclp); 1976 1977 return (0); 1978 } 1979 1980 int 1981 zfs_vsec_2_aclp(zfsvfs_t *zfsvfs, vtype_t obj_type, 1982 vsecattr_t *vsecp, zfs_acl_t **zaclp) 1983 { 1984 zfs_acl_t *aclp; 1985 zfs_acl_node_t *aclnode; 1986 int aclcnt = vsecp->vsa_aclcnt; 1987 int error; 1988 1989 if (vsecp->vsa_aclcnt > MAX_ACL_ENTRIES || vsecp->vsa_aclcnt <= 0) 1990 return (EINVAL); 1991 1992 aclp = zfs_acl_alloc(zfs_acl_version(zfsvfs->z_version)); 1993 1994 aclp->z_hints = 0; 1995 aclnode = zfs_acl_node_alloc(aclcnt * sizeof (zfs_object_ace_t)); 1996 if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) { 1997 if ((error = zfs_copy_ace_2_oldace(obj_type, aclp, 1998 (ace_t *)vsecp->vsa_aclentp, aclnode->z_acldata, 1999 aclcnt, &aclnode->z_size)) != 0) { 2000 zfs_acl_free(aclp); 2001 zfs_acl_node_free(aclnode); 2002 return (error); 2003 } 2004 } else { 2005 if ((error = zfs_copy_ace_2_fuid(obj_type, aclp, 2006 vsecp->vsa_aclentp, aclnode->z_acldata, aclcnt, 2007 &aclnode->z_size)) != 0) { 2008 zfs_acl_free(aclp); 2009 zfs_acl_node_free(aclnode); 2010 return (error); 2011 } 2012 } 2013 aclp->z_acl_bytes = aclnode->z_size; 2014 aclnode->z_ace_count = aclcnt; 2015 aclp->z_acl_count = aclcnt; 2016 list_insert_head(&aclp->z_acl, aclnode); 2017 2018 /* 2019 * If flags are being set then add them to z_hints 2020 */ 2021 if (vsecp->vsa_mask & VSA_ACE_ACLFLAGS) { 2022 if (vsecp->vsa_aclflags & ACL_PROTECTED) 2023 aclp->z_hints |= ZFS_ACL_PROTECTED; 2024 if (vsecp->vsa_aclflags & ACL_DEFAULTED) 2025 aclp->z_hints |= ZFS_ACL_DEFAULTED; 2026 if (vsecp->vsa_aclflags & ACL_AUTO_INHERIT) 2027 aclp->z_hints |= ZFS_ACL_AUTO_INHERIT; 2028 } 2029 2030 *zaclp = aclp; 2031 2032 return (0); 2033 } 2034 2035 /* 2036 * Set a files ACL 2037 */ 2038 int 2039 zfs_setacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr) 2040 { 2041 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 2042 zilog_t *zilog = zfsvfs->z_log; 2043 ulong_t mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT); 2044 dmu_tx_t *tx; 2045 int error; 2046 zfs_acl_t *aclp; 2047 zfs_fuid_info_t *fuidp = NULL; 2048 2049 if (mask == 0) 2050 return (ENOSYS); 2051 2052 if (zp->z_phys->zp_flags & ZFS_IMMUTABLE) 2053 return (EPERM); 2054 2055 if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr)) 2056 return (error); 2057 2058 error = zfs_vsec_2_aclp(zfsvfs, ZTOV(zp)->v_type, vsecp, &aclp); 2059 if (error) 2060 return (error); 2061 2062 /* 2063 * If ACL wide flags aren't being set then preserve any 2064 * existing flags. 2065 */ 2066 if (!(vsecp->vsa_mask & VSA_ACE_ACLFLAGS)) { 2067 aclp->z_hints |= (zp->z_phys->zp_flags & V4_ACL_WIDE_FLAGS); 2068 } 2069 top: 2070 if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr)) { 2071 zfs_acl_free(aclp); 2072 return (error); 2073 } 2074 2075 mutex_enter(&zp->z_lock); 2076 mutex_enter(&zp->z_acl_lock); 2077 2078 tx = dmu_tx_create(zfsvfs->z_os); 2079 dmu_tx_hold_bonus(tx, zp->z_id); 2080 2081 if (zp->z_phys->zp_acl.z_acl_extern_obj) { 2082 /* Are we upgrading ACL? */ 2083 if (zfsvfs->z_version <= ZPL_VERSION_FUID && 2084 zp->z_phys->zp_acl.z_acl_version == 2085 ZFS_ACL_VERSION_INITIAL) { 2086 dmu_tx_hold_free(tx, 2087 zp->z_phys->zp_acl.z_acl_extern_obj, 2088 0, DMU_OBJECT_END); 2089 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 2090 0, aclp->z_acl_bytes); 2091 } else { 2092 dmu_tx_hold_write(tx, 2093 zp->z_phys->zp_acl.z_acl_extern_obj, 2094 0, aclp->z_acl_bytes); 2095 } 2096 } else if (aclp->z_acl_bytes > ZFS_ACE_SPACE) { 2097 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, aclp->z_acl_bytes); 2098 } 2099 if (aclp->z_has_fuids) { 2100 if (zfsvfs->z_fuid_obj == 0) { 2101 dmu_tx_hold_bonus(tx, DMU_NEW_OBJECT); 2102 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, 2103 FUID_SIZE_ESTIMATE(zfsvfs)); 2104 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, FALSE, NULL); 2105 } else { 2106 dmu_tx_hold_bonus(tx, zfsvfs->z_fuid_obj); 2107 dmu_tx_hold_write(tx, zfsvfs->z_fuid_obj, 0, 2108 FUID_SIZE_ESTIMATE(zfsvfs)); 2109 } 2110 } 2111 2112 error = dmu_tx_assign(tx, zfsvfs->z_assign); 2113 if (error) { 2114 mutex_exit(&zp->z_acl_lock); 2115 mutex_exit(&zp->z_lock); 2116 2117 if (error == ERESTART && zfsvfs->z_assign == TXG_NOWAIT) { 2118 dmu_tx_wait(tx); 2119 dmu_tx_abort(tx); 2120 goto top; 2121 } 2122 dmu_tx_abort(tx); 2123 zfs_acl_free(aclp); 2124 return (error); 2125 } 2126 2127 error = zfs_aclset_common(zp, aclp, cr, &fuidp, tx); 2128 ASSERT(error == 0); 2129 2130 zfs_log_acl(zilog, tx, zp, vsecp, fuidp); 2131 2132 if (fuidp) 2133 zfs_fuid_info_free(fuidp); 2134 zfs_acl_free(aclp); 2135 dmu_tx_commit(tx); 2136 done: 2137 mutex_exit(&zp->z_acl_lock); 2138 mutex_exit(&zp->z_lock); 2139 2140 return (error); 2141 } 2142 2143 /* 2144 * working_mode returns the permissions that were not granted 2145 */ 2146 static int 2147 zfs_zaccess_common(znode_t *zp, uint32_t v4_mode, uint32_t *working_mode, 2148 boolean_t *check_privs, boolean_t skipaclchk, cred_t *cr) 2149 { 2150 zfs_acl_t *aclp; 2151 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 2152 int error; 2153 uid_t uid = crgetuid(cr); 2154 uint64_t who; 2155 uint16_t type, iflags; 2156 uint16_t entry_type; 2157 uint32_t access_mask; 2158 uint32_t deny_mask = 0; 2159 zfs_ace_hdr_t *acep = NULL; 2160 boolean_t checkit; 2161 uid_t fowner; 2162 uid_t gowner; 2163 2164 /* 2165 * Short circuit empty requests 2166 */ 2167 if (v4_mode == 0) 2168 return (0); 2169 2170 *check_privs = B_TRUE; 2171 2172 if (zfsvfs->z_assign >= TXG_INITIAL) { /* ZIL replay */ 2173 *working_mode = 0; 2174 return (0); 2175 } 2176 2177 *working_mode = v4_mode; 2178 2179 if ((v4_mode & WRITE_MASK) && 2180 (zp->z_zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) && 2181 (!IS_DEVVP(ZTOV(zp)))) { 2182 *check_privs = B_FALSE; 2183 return (EROFS); 2184 } 2185 2186 /* 2187 * Only check for READONLY on non-directories. 2188 */ 2189 if ((v4_mode & WRITE_MASK_DATA) && 2190 (((ZTOV(zp)->v_type != VDIR) && 2191 (zp->z_phys->zp_flags & (ZFS_READONLY | ZFS_IMMUTABLE))) || 2192 (ZTOV(zp)->v_type == VDIR && 2193 (zp->z_phys->zp_flags & ZFS_IMMUTABLE)))) { 2194 *check_privs = B_FALSE; 2195 return (EPERM); 2196 } 2197 2198 if ((v4_mode & (ACE_DELETE | ACE_DELETE_CHILD)) && 2199 (zp->z_phys->zp_flags & ZFS_NOUNLINK)) { 2200 *check_privs = B_FALSE; 2201 return (EPERM); 2202 } 2203 2204 if (((v4_mode & (ACE_READ_DATA|ACE_EXECUTE)) && 2205 (zp->z_phys->zp_flags & ZFS_AV_QUARANTINED))) { 2206 *check_privs = B_FALSE; 2207 return (EACCES); 2208 } 2209 2210 /* 2211 * The caller requested that the ACL check be skipped. This 2212 * would only happen if the caller checked VOP_ACCESS() with a 2213 * 32 bit ACE mask and already had the appropriate permissions. 2214 */ 2215 if (skipaclchk) { 2216 *working_mode = 0; 2217 return (0); 2218 } 2219 2220 zfs_fuid_map_ids(zp, cr, &fowner, &gowner); 2221 2222 mutex_enter(&zp->z_acl_lock); 2223 2224 error = zfs_acl_node_read(zp, &aclp, B_FALSE); 2225 if (error != 0) { 2226 mutex_exit(&zp->z_acl_lock); 2227 return (error); 2228 } 2229 2230 while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask, 2231 &iflags, &type)) { 2232 2233 if (iflags & ACE_INHERIT_ONLY_ACE) 2234 continue; 2235 2236 entry_type = (iflags & ACE_TYPE_FLAGS); 2237 2238 checkit = B_FALSE; 2239 2240 switch (entry_type) { 2241 case ACE_OWNER: 2242 if (uid == fowner) 2243 checkit = B_TRUE; 2244 break; 2245 case OWNING_GROUP: 2246 who = gowner; 2247 /*FALLTHROUGH*/ 2248 case ACE_IDENTIFIER_GROUP: 2249 checkit = zfs_groupmember(zfsvfs, who, cr); 2250 break; 2251 case ACE_EVERYONE: 2252 checkit = B_TRUE; 2253 break; 2254 2255 /* USER Entry */ 2256 default: 2257 if (entry_type == 0) { 2258 uid_t newid; 2259 2260 newid = zfs_fuid_map_id(zfsvfs, who, cr, 2261 ZFS_ACE_USER); 2262 if (newid != IDMAP_WK_CREATOR_OWNER_UID && 2263 uid == newid) 2264 checkit = B_TRUE; 2265 break; 2266 } else { 2267 zfs_acl_free(aclp); 2268 mutex_exit(&zp->z_acl_lock); 2269 return (EIO); 2270 } 2271 } 2272 2273 if (checkit) { 2274 uint32_t mask_matched = (access_mask & *working_mode); 2275 2276 if (mask_matched) { 2277 if (type == DENY) 2278 deny_mask |= mask_matched; 2279 2280 *working_mode &= ~mask_matched; 2281 } 2282 } 2283 2284 /* Are we done? */ 2285 if (*working_mode == 0) 2286 break; 2287 } 2288 2289 mutex_exit(&zp->z_acl_lock); 2290 zfs_acl_free(aclp); 2291 2292 /* Put the found 'denies' back on the working mode */ 2293 *working_mode |= deny_mask; 2294 2295 if (*working_mode) 2296 return (EACCES); 2297 2298 return (0); 2299 } 2300 2301 static int 2302 zfs_zaccess_append(znode_t *zp, uint32_t *working_mode, boolean_t *check_privs, 2303 cred_t *cr) 2304 { 2305 if (*working_mode != ACE_WRITE_DATA) 2306 return (EACCES); 2307 2308 return (zfs_zaccess_common(zp, ACE_APPEND_DATA, working_mode, 2309 check_privs, B_FALSE, cr)); 2310 } 2311 2312 /* 2313 * Determine whether Access should be granted/denied, invoking least 2314 * priv subsytem when a deny is determined. 2315 */ 2316 int 2317 zfs_zaccess(znode_t *zp, int mode, int flags, boolean_t skipaclchk, cred_t *cr) 2318 { 2319 uint32_t working_mode; 2320 int error; 2321 int is_attr; 2322 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 2323 boolean_t check_privs; 2324 znode_t *xzp; 2325 znode_t *check_zp = zp; 2326 2327 is_attr = ((zp->z_phys->zp_flags & ZFS_XATTR) && 2328 (ZTOV(zp)->v_type == VDIR)); 2329 2330 /* 2331 * If attribute then validate against base file 2332 */ 2333 if (is_attr) { 2334 if ((error = zfs_zget(zp->z_zfsvfs, 2335 zp->z_phys->zp_parent, &xzp)) != 0) { 2336 return (error); 2337 } 2338 2339 check_zp = xzp; 2340 2341 /* 2342 * fixup mode to map to xattr perms 2343 */ 2344 2345 if (mode & (ACE_WRITE_DATA|ACE_APPEND_DATA)) { 2346 mode &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA); 2347 mode |= ACE_WRITE_NAMED_ATTRS; 2348 } 2349 2350 if (mode & (ACE_READ_DATA|ACE_EXECUTE)) { 2351 mode &= ~(ACE_READ_DATA|ACE_EXECUTE); 2352 mode |= ACE_READ_NAMED_ATTRS; 2353 } 2354 } 2355 2356 if ((error = zfs_zaccess_common(check_zp, mode, &working_mode, 2357 &check_privs, skipaclchk, cr)) == 0) { 2358 if (is_attr) 2359 VN_RELE(ZTOV(xzp)); 2360 return (0); 2361 } 2362 2363 if (error && !check_privs) { 2364 if (is_attr) 2365 VN_RELE(ZTOV(xzp)); 2366 return (error); 2367 } 2368 2369 if (error && (flags & V_APPEND)) { 2370 error = zfs_zaccess_append(zp, &working_mode, &check_privs, cr); 2371 } 2372 2373 if (error && check_privs) { 2374 uid_t owner; 2375 mode_t checkmode = 0; 2376 2377 owner = zfs_fuid_map_id(zfsvfs, check_zp->z_phys->zp_uid, cr, 2378 ZFS_OWNER); 2379 2380 /* 2381 * First check for implicit owner permission on 2382 * read_acl/read_attributes 2383 */ 2384 2385 error = 0; 2386 ASSERT(working_mode != 0); 2387 2388 if ((working_mode & (ACE_READ_ACL|ACE_READ_ATTRIBUTES) && 2389 owner == crgetuid(cr))) 2390 working_mode &= ~(ACE_READ_ACL|ACE_READ_ATTRIBUTES); 2391 2392 if (working_mode & (ACE_READ_DATA|ACE_READ_NAMED_ATTRS| 2393 ACE_READ_ACL|ACE_READ_ATTRIBUTES)) 2394 checkmode |= VREAD; 2395 if (working_mode & (ACE_WRITE_DATA|ACE_WRITE_NAMED_ATTRS| 2396 ACE_APPEND_DATA|ACE_WRITE_ATTRIBUTES)) 2397 checkmode |= VWRITE; 2398 if (working_mode & ACE_EXECUTE) 2399 checkmode |= VEXEC; 2400 2401 if (checkmode) 2402 error = secpolicy_vnode_access(cr, ZTOV(check_zp), 2403 owner, checkmode); 2404 2405 if (error == 0 && (working_mode & ACE_WRITE_OWNER)) 2406 error = secpolicy_vnode_create_gid(cr); 2407 if (error == 0 && (working_mode & ACE_WRITE_ACL)) 2408 error = secpolicy_vnode_setdac(cr, owner); 2409 2410 if (error == 0 && (working_mode & 2411 (ACE_DELETE|ACE_DELETE_CHILD))) 2412 error = secpolicy_vnode_remove(cr); 2413 2414 if (error == 0 && (working_mode & ACE_SYNCHRONIZE)) 2415 error = secpolicy_vnode_owner(cr, owner); 2416 2417 if (error == 0) { 2418 /* 2419 * See if any bits other than those already checked 2420 * for are still present. If so then return EACCES 2421 */ 2422 if (working_mode & ~(ZFS_CHECKED_MASKS)) { 2423 error = EACCES; 2424 } 2425 } 2426 } 2427 2428 if (is_attr) 2429 VN_RELE(ZTOV(xzp)); 2430 2431 return (error); 2432 } 2433 2434 /* 2435 * Translate traditional unix VREAD/VWRITE/VEXEC mode into 2436 * native ACL format and call zfs_zaccess() 2437 */ 2438 int 2439 zfs_zaccess_rwx(znode_t *zp, mode_t mode, int flags, cred_t *cr) 2440 { 2441 return (zfs_zaccess(zp, zfs_unix_to_v4(mode >> 6), flags, B_FALSE, cr)); 2442 } 2443 2444 /* 2445 * Access function for secpolicy_vnode_setattr 2446 */ 2447 int 2448 zfs_zaccess_unix(znode_t *zp, mode_t mode, cred_t *cr) 2449 { 2450 int v4_mode = zfs_unix_to_v4(mode >> 6); 2451 2452 return (zfs_zaccess(zp, v4_mode, 0, B_FALSE, cr)); 2453 } 2454 2455 static int 2456 zfs_delete_final_check(znode_t *zp, znode_t *dzp, 2457 mode_t missing_perms, cred_t *cr) 2458 { 2459 int error; 2460 uid_t downer; 2461 zfsvfs_t *zfsvfs = zp->z_zfsvfs; 2462 2463 downer = zfs_fuid_map_id(zfsvfs, dzp->z_phys->zp_uid, cr, ZFS_OWNER); 2464 2465 error = secpolicy_vnode_access(cr, ZTOV(dzp), downer, missing_perms); 2466 2467 if (error == 0) 2468 error = zfs_sticky_remove_access(dzp, zp, cr); 2469 2470 return (error); 2471 } 2472 2473 /* 2474 * Determine whether Access should be granted/deny, without 2475 * consulting least priv subsystem. 2476 * 2477 * 2478 * The following chart is the recommended NFSv4 enforcement for 2479 * ability to delete an object. 2480 * 2481 * ------------------------------------------------------- 2482 * | Parent Dir | Target Object Permissions | 2483 * | permissions | | 2484 * ------------------------------------------------------- 2485 * | | ACL Allows | ACL Denies| Delete | 2486 * | | Delete | Delete | unspecified| 2487 * ------------------------------------------------------- 2488 * | ACL Allows | Permit | Permit | Permit | 2489 * | DELETE_CHILD | | 2490 * ------------------------------------------------------- 2491 * | ACL Denies | Permit | Deny | Deny | 2492 * | DELETE_CHILD | | | | 2493 * ------------------------------------------------------- 2494 * | ACL specifies | | | | 2495 * | only allow | Permit | Permit | Permit | 2496 * | write and | | | | 2497 * | execute | | | | 2498 * ------------------------------------------------------- 2499 * | ACL denies | | | | 2500 * | write and | Permit | Deny | Deny | 2501 * | execute | | | | 2502 * ------------------------------------------------------- 2503 * ^ 2504 * | 2505 * No search privilege, can't even look up file? 2506 * 2507 */ 2508 int 2509 zfs_zaccess_delete(znode_t *dzp, znode_t *zp, cred_t *cr) 2510 { 2511 uint32_t dzp_working_mode = 0; 2512 uint32_t zp_working_mode = 0; 2513 int dzp_error, zp_error; 2514 mode_t missing_perms; 2515 boolean_t dzpcheck_privs = B_TRUE; 2516 boolean_t zpcheck_privs = B_TRUE; 2517 2518 /* 2519 * We want specific DELETE permissions to 2520 * take precedence over WRITE/EXECUTE. We don't 2521 * want an ACL such as this to mess us up. 2522 * user:joe:write_data:deny,user:joe:delete:allow 2523 * 2524 * However, deny permissions may ultimately be overridden 2525 * by secpolicy_vnode_access(). 2526 * 2527 * We will ask for all of the necessary permissions and then 2528 * look at the working modes from the directory and target object 2529 * to determine what was found. 2530 */ 2531 2532 if (zp->z_phys->zp_flags & (ZFS_IMMUTABLE | ZFS_NOUNLINK)) 2533 return (EPERM); 2534 2535 /* 2536 * If the directory permissions allow the delete, we are done. 2537 */ 2538 if ((dzp_error = zfs_zaccess_common(dzp, 2539 ACE_DELETE_CHILD|ACE_EXECUTE|ACE_WRITE_DATA, 2540 &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr)) == 0) 2541 return (0); 2542 2543 /* 2544 * If target object has delete permission then we are done 2545 */ 2546 if ((zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode, 2547 &zpcheck_privs, B_FALSE, cr)) == 0) 2548 return (0); 2549 2550 if (!dzpcheck_privs) 2551 return (dzp_error); 2552 else if (!zpcheck_privs) 2553 return (zp_error); 2554 2555 /* 2556 * First check the first row. 2557 * We only need to see if parent Allows delete_child 2558 */ 2559 if ((dzp_working_mode & ACE_DELETE_CHILD) == 0) 2560 return (0); 2561 2562 /* 2563 * Second row 2564 * we already have the necessary information in 2565 * zp_working_mode, zp_error and dzp_error. 2566 */ 2567 2568 if ((zp_working_mode & ACE_DELETE) == 0) 2569 return (0); 2570 2571 /* 2572 * determine the needed permissions based off of the directories 2573 * working mode 2574 */ 2575 2576 missing_perms = (dzp_working_mode & ACE_WRITE_DATA) ? VWRITE : 0; 2577 missing_perms |= (dzp_working_mode & ACE_EXECUTE) ? VEXEC : 0; 2578 2579 if (dzp_error == EACCES) 2580 return (zfs_delete_final_check(zp, dzp, missing_perms, cr)); 2581 2582 /* 2583 * Third Row 2584 * only need to see if we have write/execute on directory. 2585 */ 2586 2587 if (missing_perms == 0) 2588 return (zfs_sticky_remove_access(dzp, zp, cr)); 2589 2590 /* 2591 * Fourth Row 2592 */ 2593 2594 if (missing_perms && ((zp_working_mode & ACE_DELETE) == 0)) 2595 return (zfs_sticky_remove_access(dzp, zp, cr)); 2596 2597 return (zfs_delete_final_check(zp, dzp, missing_perms, cr)); 2598 } 2599 2600 int 2601 zfs_zaccess_rename(znode_t *sdzp, znode_t *szp, znode_t *tdzp, 2602 znode_t *tzp, cred_t *cr) 2603 { 2604 int add_perm; 2605 int error; 2606 2607 if (szp->z_phys->zp_flags & ZFS_AV_QUARANTINED) 2608 return (EACCES); 2609 2610 add_perm = (ZTOV(szp)->v_type == VDIR) ? 2611 ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE; 2612 2613 /* 2614 * Rename permissions are combination of delete permission + 2615 * add file/subdir permission. 2616 */ 2617 2618 /* 2619 * first make sure we do the delete portion. 2620 * 2621 * If that succeeds then check for add_file/add_subdir permissions 2622 */ 2623 2624 if (error = zfs_zaccess_delete(sdzp, szp, cr)) 2625 return (error); 2626 2627 /* 2628 * If we have a tzp, see if we can delete it? 2629 */ 2630 if (tzp) { 2631 if (error = zfs_zaccess_delete(tdzp, tzp, cr)) 2632 return (error); 2633 } 2634 2635 /* 2636 * Now check for add permissions 2637 */ 2638 error = zfs_zaccess(tdzp, add_perm, 0, B_FALSE, cr); 2639 2640 return (error); 2641 } 2642