4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
26 #pragma ident "@(#)zfs_acl.c 1.25 08/04/08 SMI"
28 #include <sys/types.h>
29 #include <sys/param.h>
31 #include <sys/systm.h>
32 #include <sys/sysmacros.h>
33 #include <sys/resource.h>
35 #include <sys/vnode.h>
40 #include <sys/cmn_err.h>
41 #include <sys/errno.h>
42 #include <sys/unistd.h>
44 #include <sys/fs/zfs.h>
46 #include <sys/policy.h>
47 #include <sys/zfs_znode.h>
48 #include <sys/zfs_fuid.h>
49 #include <sys/zfs_acl.h>
50 #include <sys/zfs_dir.h>
51 #include <sys/zfs_vfsops.h>
53 #include <sys/dnode.h>
55 #include "fs/fs_subr.h"
56 #include <acl/acl_common.h>
58 #define ALLOW ACE_ACCESS_ALLOWED_ACE_TYPE
59 #define DENY ACE_ACCESS_DENIED_ACE_TYPE
60 #define MAX_ACE_TYPE ACE_SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE
62 #define OWNING_GROUP (ACE_GROUP|ACE_IDENTIFIER_GROUP)
63 #define EVERYONE_ALLOW_MASK (ACE_READ_ACL|ACE_READ_ATTRIBUTES | \
64 ACE_READ_NAMED_ATTRS|ACE_SYNCHRONIZE)
65 #define EVERYONE_DENY_MASK (ACE_WRITE_ACL|ACE_WRITE_OWNER | \
66 ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS)
67 #define OWNER_ALLOW_MASK (ACE_WRITE_ACL | ACE_WRITE_OWNER | \
68 ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS)
69 #define WRITE_MASK_DATA (ACE_WRITE_DATA|ACE_APPEND_DATA|ACE_WRITE_NAMED_ATTRS)
71 #define ZFS_CHECKED_MASKS (ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_DATA| \
72 ACE_READ_NAMED_ATTRS|ACE_WRITE_DATA|ACE_WRITE_ATTRIBUTES| \
73 ACE_WRITE_NAMED_ATTRS|ACE_APPEND_DATA|ACE_EXECUTE|ACE_WRITE_OWNER| \
74 ACE_WRITE_ACL|ACE_DELETE|ACE_DELETE_CHILD|ACE_SYNCHRONIZE)
76 #define WRITE_MASK (WRITE_MASK_DATA|ACE_WRITE_ATTRIBUTES|ACE_WRITE_ACL|\
79 #define OGE_CLEAR (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \
80 ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE)
82 #define OKAY_MASK_BITS (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \
83 ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE)
85 #define ALL_INHERIT (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE | \
86 ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE|ACE_INHERITED_ACE)
88 #define RESTRICTED_CLEAR (ACE_WRITE_ACL|ACE_WRITE_OWNER)
90 #define V4_ACL_WIDE_FLAGS (ZFS_ACL_AUTO_INHERIT|ZFS_ACL_DEFAULTED|\
93 #define ZFS_ACL_WIDE_FLAGS (V4_ACL_WIDE_FLAGS|ZFS_ACL_TRIVIAL|ZFS_INHERIT_ACE|\
97 zfs_ace_v0_get_type(void *acep)
99 return (((zfs_oldace_t *)acep)->z_type);
103 zfs_ace_v0_get_flags(void *acep)
105 return (((zfs_oldace_t *)acep)->z_flags);
109 zfs_ace_v0_get_mask(void *acep)
111 return (((zfs_oldace_t *)acep)->z_access_mask);
115 zfs_ace_v0_get_who(void *acep)
117 return (((zfs_oldace_t *)acep)->z_fuid);
121 zfs_ace_v0_set_type(void *acep, uint16_t type)
123 ((zfs_oldace_t *)acep)->z_type = type;
127 zfs_ace_v0_set_flags(void *acep, uint16_t flags)
129 ((zfs_oldace_t *)acep)->z_flags = flags;
133 zfs_ace_v0_set_mask(void *acep, uint32_t mask)
135 ((zfs_oldace_t *)acep)->z_access_mask = mask;
139 zfs_ace_v0_set_who(void *acep, uint64_t who)
141 ((zfs_oldace_t *)acep)->z_fuid = who;
146 zfs_ace_v0_size(void *acep)
148 return (sizeof (zfs_oldace_t));
152 zfs_ace_v0_abstract_size(void)
154 return (sizeof (zfs_oldace_t));
158 zfs_ace_v0_mask_off(void)
160 return (offsetof(zfs_oldace_t, z_access_mask));
165 zfs_ace_v0_data(void *acep, void **datap)
171 static acl_ops_t zfs_acl_v0_ops = {
174 zfs_ace_v0_get_flags,
175 zfs_ace_v0_set_flags,
181 zfs_ace_v0_abstract_size,
187 zfs_ace_fuid_get_type(void *acep)
189 return (((zfs_ace_hdr_t *)acep)->z_type);
193 zfs_ace_fuid_get_flags(void *acep)
195 return (((zfs_ace_hdr_t *)acep)->z_flags);
199 zfs_ace_fuid_get_mask(void *acep)
201 return (((zfs_ace_hdr_t *)acep)->z_access_mask);
205 zfs_ace_fuid_get_who(void *args)
208 zfs_ace_t *acep = args;
210 entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS;
212 if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP ||
213 entry_type == ACE_EVERYONE)
215 return (((zfs_ace_t *)acep)->z_fuid);
219 zfs_ace_fuid_set_type(void *acep, uint16_t type)
221 ((zfs_ace_hdr_t *)acep)->z_type = type;
225 zfs_ace_fuid_set_flags(void *acep, uint16_t flags)
227 ((zfs_ace_hdr_t *)acep)->z_flags = flags;
231 zfs_ace_fuid_set_mask(void *acep, uint32_t mask)
233 ((zfs_ace_hdr_t *)acep)->z_access_mask = mask;
237 zfs_ace_fuid_set_who(void *arg, uint64_t who)
239 zfs_ace_t *acep = arg;
241 uint16_t entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS;
243 if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP ||
244 entry_type == ACE_EVERYONE)
250 zfs_ace_fuid_size(void *acep)
252 zfs_ace_hdr_t *zacep = acep;
255 switch (zacep->z_type) {
256 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
257 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
258 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
259 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
260 return (sizeof (zfs_object_ace_t));
264 (((zfs_ace_hdr_t *)acep)->z_flags & ACE_TYPE_FLAGS);
265 if (entry_type == ACE_OWNER ||
266 entry_type == (ACE_GROUP | ACE_IDENTIFIER_GROUP) ||
267 entry_type == ACE_EVERYONE)
268 return (sizeof (zfs_ace_hdr_t));
271 return (sizeof (zfs_ace_t));
276 zfs_ace_fuid_abstract_size(void)
278 return (sizeof (zfs_ace_hdr_t));
282 zfs_ace_fuid_mask_off(void)
284 return (offsetof(zfs_ace_hdr_t, z_access_mask));
288 zfs_ace_fuid_data(void *acep, void **datap)
290 zfs_ace_t *zacep = acep;
291 zfs_object_ace_t *zobjp;
293 switch (zacep->z_hdr.z_type) {
294 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
295 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
296 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
297 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
299 *datap = (caddr_t)zobjp + sizeof (zfs_ace_t);
300 return (sizeof (zfs_object_ace_t) - sizeof (zfs_ace_t));
307 static acl_ops_t zfs_acl_fuid_ops = {
308 zfs_ace_fuid_get_mask,
309 zfs_ace_fuid_set_mask,
310 zfs_ace_fuid_get_flags,
311 zfs_ace_fuid_set_flags,
312 zfs_ace_fuid_get_type,
313 zfs_ace_fuid_set_type,
314 zfs_ace_fuid_get_who,
315 zfs_ace_fuid_set_who,
317 zfs_ace_fuid_abstract_size,
318 zfs_ace_fuid_mask_off,
323 zfs_acl_version(int version)
325 if (version < ZPL_VERSION_FUID)
326 return (ZFS_ACL_VERSION_INITIAL);
328 return (ZFS_ACL_VERSION_FUID);
332 zfs_acl_version_zp(znode_t *zp)
334 return (zfs_acl_version(zp->z_zfsvfs->z_version));
338 zfs_acl_alloc(int vers)
342 aclp = kmem_zalloc(sizeof (zfs_acl_t), KM_SLEEP);
343 list_create(&aclp->z_acl, sizeof (zfs_acl_node_t),
344 offsetof(zfs_acl_node_t, z_next));
345 aclp->z_version = vers;
346 if (vers == ZFS_ACL_VERSION_FUID)
347 aclp->z_ops = zfs_acl_fuid_ops;
349 aclp->z_ops = zfs_acl_v0_ops;
353 static zfs_acl_node_t *
354 zfs_acl_node_alloc(size_t bytes)
356 zfs_acl_node_t *aclnode;
358 aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP);
360 aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP);
361 aclnode->z_allocdata = aclnode->z_acldata;
362 aclnode->z_allocsize = bytes;
363 aclnode->z_size = bytes;
370 zfs_acl_node_free(zfs_acl_node_t *aclnode)
372 if (aclnode->z_allocsize)
373 kmem_free(aclnode->z_allocdata, aclnode->z_allocsize);
374 kmem_free(aclnode, sizeof (zfs_acl_node_t));
378 zfs_acl_release_nodes(zfs_acl_t *aclp)
380 zfs_acl_node_t *aclnode;
382 while (aclnode = list_head(&aclp->z_acl)) {
383 list_remove(&aclp->z_acl, aclnode);
384 zfs_acl_node_free(aclnode);
386 aclp->z_acl_count = 0;
387 aclp->z_acl_bytes = 0;
391 zfs_acl_free(zfs_acl_t *aclp)
393 zfs_acl_release_nodes(aclp);
394 list_destroy(&aclp->z_acl);
395 kmem_free(aclp, sizeof (zfs_acl_t));
399 zfs_ace_valid(vtype_t obj_type, zfs_acl_t *aclp, uint16_t type, uint16_t iflags)
402 * first check type of entry
405 switch (iflags & ACE_TYPE_FLAGS) {
407 case (ACE_IDENTIFIER_GROUP | ACE_GROUP):
408 case ACE_IDENTIFIER_GROUP:
410 case 0: /* User entry */
418 * next check inheritance level flags
421 if (type != ALLOW && type > MAX_ACE_TYPE) {
426 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
427 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
428 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
429 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
430 if (aclp->z_version < ZFS_ACL_VERSION_FUID)
432 aclp->z_hints |= ZFS_ACL_OBJ_ACE;
436 * Only directories should have inheritance flags.
438 if (obj_type != VDIR && (iflags &
439 (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE|
440 ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE))) {
444 if (iflags & (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE))
445 aclp->z_hints |= ZFS_INHERIT_ACE;
447 if (iflags & (ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) {
448 if ((iflags & (ACE_FILE_INHERIT_ACE|
449 ACE_DIRECTORY_INHERIT_ACE)) == 0) {
458 zfs_acl_next_ace(zfs_acl_t *aclp, void *start, uint64_t *who,
459 uint32_t *access_mask, uint16_t *iflags, uint16_t *type)
461 zfs_acl_node_t *aclnode;
464 aclnode = list_head(&aclp->z_acl);
468 aclp->z_next_ace = aclnode->z_acldata;
469 aclp->z_curr_node = aclnode;
470 aclnode->z_ace_idx = 0;
473 aclnode = aclp->z_curr_node;
478 if (aclnode->z_ace_idx >= aclnode->z_ace_count) {
479 aclnode = list_next(&aclp->z_acl, aclnode);
483 aclp->z_curr_node = aclnode;
484 aclnode->z_ace_idx = 0;
485 aclp->z_next_ace = aclnode->z_acldata;
489 if (aclnode->z_ace_idx < aclnode->z_ace_count) {
490 void *acep = aclp->z_next_ace;
491 *iflags = aclp->z_ops.ace_flags_get(acep);
492 *type = aclp->z_ops.ace_type_get(acep);
493 *access_mask = aclp->z_ops.ace_mask_get(acep);
494 *who = aclp->z_ops.ace_who_get(acep);
495 aclp->z_next_ace = (caddr_t)aclp->z_next_ace +
496 aclp->z_ops.ace_size(acep);
497 aclnode->z_ace_idx++;
498 return ((void *)acep);
505 zfs_ace_walk(void *datap, uint64_t cookie, int aclcnt,
506 uint16_t *flags, uint16_t *type, uint32_t *mask)
508 zfs_acl_t *aclp = datap;
509 zfs_ace_hdr_t *acep = (zfs_ace_hdr_t *)(uintptr_t)cookie;
512 acep = zfs_acl_next_ace(aclp, acep, &who, mask,
514 return ((uint64_t)(uintptr_t)acep);
517 static zfs_acl_node_t *
518 zfs_acl_curr_node(zfs_acl_t *aclp)
520 ASSERT(aclp->z_curr_node);
521 return (aclp->z_curr_node);
525 * Copy ACE to internal ZFS format.
526 * While processing the ACL each ACE will be validated for correctness.
527 * ACE FUIDs will be created later.
530 zfs_copy_ace_2_fuid(vtype_t obj_type, zfs_acl_t *aclp, void *datap,
531 zfs_ace_t *z_acl, int aclcnt, size_t *size)
535 zfs_ace_t *aceptr = z_acl;
537 zfs_object_ace_t *zobjacep;
538 ace_object_t *aceobjp;
540 for (i = 0; i != aclcnt; i++) {
541 aceptr->z_hdr.z_access_mask = acep->a_access_mask;
542 aceptr->z_hdr.z_flags = acep->a_flags;
543 aceptr->z_hdr.z_type = acep->a_type;
544 entry_type = aceptr->z_hdr.z_flags & ACE_TYPE_FLAGS;
545 if (entry_type != ACE_OWNER && entry_type != OWNING_GROUP &&
546 entry_type != ACE_EVERYONE) {
547 if (!aclp->z_has_fuids)
548 aclp->z_has_fuids = IS_EPHEMERAL(acep->a_who);
549 aceptr->z_fuid = (uint64_t)acep->a_who;
553 * Make sure ACE is valid
555 if (zfs_ace_valid(obj_type, aclp, aceptr->z_hdr.z_type,
556 aceptr->z_hdr.z_flags) != B_TRUE)
559 switch (acep->a_type) {
560 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
561 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
562 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
563 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
564 zobjacep = (zfs_object_ace_t *)aceptr;
565 aceobjp = (ace_object_t *)acep;
567 bcopy(aceobjp->a_obj_type, zobjacep->z_object_type,
568 sizeof (aceobjp->a_obj_type));
569 bcopy(aceobjp->a_inherit_obj_type,
570 zobjacep->z_inherit_type,
571 sizeof (aceobjp->a_inherit_obj_type));
572 acep = (ace_t *)((caddr_t)acep + sizeof (ace_object_t));
575 acep = (ace_t *)((caddr_t)acep + sizeof (ace_t));
578 aceptr = (zfs_ace_t *)((caddr_t)aceptr +
579 aclp->z_ops.ace_size(aceptr));
582 *size = (caddr_t)aceptr - (caddr_t)z_acl;
588 * Copy ZFS ACEs to fixed size ace_t layout
591 zfs_copy_fuid_2_ace(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, cred_t *cr,
592 void *datap, int filter)
595 uint32_t access_mask;
596 uint16_t iflags, type;
597 zfs_ace_hdr_t *zacep = NULL;
599 ace_object_t *objacep;
600 zfs_object_ace_t *zobjacep;
604 while (zacep = zfs_acl_next_ace(aclp, zacep,
605 &who, &access_mask, &iflags, &type)) {
608 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
609 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
610 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
611 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
615 zobjacep = (zfs_object_ace_t *)zacep;
616 objacep = (ace_object_t *)acep;
617 bcopy(zobjacep->z_object_type,
619 sizeof (zobjacep->z_object_type));
620 bcopy(zobjacep->z_inherit_type,
621 objacep->a_inherit_obj_type,
622 sizeof (zobjacep->z_inherit_type));
623 ace_size = sizeof (ace_object_t);
626 ace_size = sizeof (ace_t);
630 entry_type = (iflags & ACE_TYPE_FLAGS);
631 if ((entry_type != ACE_OWNER &&
632 entry_type != (ACE_GROUP | ACE_IDENTIFIER_GROUP) &&
633 entry_type != ACE_EVERYONE)) {
634 acep->a_who = zfs_fuid_map_id(zfsvfs, who,
635 cr, (entry_type & ACE_IDENTIFIER_GROUP) ?
636 ZFS_ACE_GROUP : ZFS_ACE_USER);
638 acep->a_who = (uid_t)(int64_t)who;
640 acep->a_access_mask = access_mask;
641 acep->a_flags = iflags;
643 acep = (ace_t *)((caddr_t)acep + ace_size);
648 zfs_copy_ace_2_oldace(vtype_t obj_type, zfs_acl_t *aclp, ace_t *acep,
649 zfs_oldace_t *z_acl, int aclcnt, size_t *size)
652 zfs_oldace_t *aceptr = z_acl;
654 for (i = 0; i != aclcnt; i++, aceptr++) {
655 aceptr->z_access_mask = acep[i].a_access_mask;
656 aceptr->z_type = acep[i].a_type;
657 aceptr->z_flags = acep[i].a_flags;
658 aceptr->z_fuid = acep[i].a_who;
660 * Make sure ACE is valid
662 if (zfs_ace_valid(obj_type, aclp, aceptr->z_type,
663 aceptr->z_flags) != B_TRUE)
666 *size = (caddr_t)aceptr - (caddr_t)z_acl;
671 * convert old ACL format to new
674 zfs_acl_xform(znode_t *zp, zfs_acl_t *aclp)
676 zfs_oldace_t *oldaclp;
678 uint16_t type, iflags;
679 uint32_t access_mask;
682 zfs_acl_node_t *newaclnode;
684 ASSERT(aclp->z_version == ZFS_ACL_VERSION_INITIAL);
686 * First create the ACE in a contiguous piece of memory
687 * for zfs_copy_ace_2_fuid().
689 * We only convert an ACL once, so this won't happen
692 oldaclp = kmem_alloc(sizeof (zfs_oldace_t) * aclp->z_acl_count,
695 while (cookie = zfs_acl_next_ace(aclp, cookie, &who,
696 &access_mask, &iflags, &type)) {
697 oldaclp[i].z_flags = iflags;
698 oldaclp[i].z_type = type;
699 oldaclp[i].z_fuid = who;
700 oldaclp[i++].z_access_mask = access_mask;
703 newaclnode = zfs_acl_node_alloc(aclp->z_acl_count *
704 sizeof (zfs_object_ace_t));
705 aclp->z_ops = zfs_acl_fuid_ops;
706 VERIFY(zfs_copy_ace_2_fuid(ZTOV(zp)->v_type, aclp, oldaclp,
707 newaclnode->z_acldata, aclp->z_acl_count,
708 &newaclnode->z_size) == 0);
709 newaclnode->z_ace_count = aclp->z_acl_count;
710 aclp->z_version = ZFS_ACL_VERSION;
711 kmem_free(oldaclp, aclp->z_acl_count * sizeof (zfs_oldace_t));
714 * Release all previous ACL nodes
717 zfs_acl_release_nodes(aclp);
719 list_insert_head(&aclp->z_acl, newaclnode);
721 aclp->z_acl_bytes = newaclnode->z_size;
722 aclp->z_acl_count = newaclnode->z_ace_count;
727 * Convert unix access mask to v4 access mask
730 zfs_unix_to_v4(uint32_t access_mask)
732 uint32_t new_mask = 0;
734 if (access_mask & S_IXOTH)
735 new_mask |= ACE_EXECUTE;
736 if (access_mask & S_IWOTH)
737 new_mask |= ACE_WRITE_DATA;
738 if (access_mask & S_IROTH)
739 new_mask |= ACE_READ_DATA;
744 zfs_set_ace(zfs_acl_t *aclp, void *acep, uint32_t access_mask,
745 uint16_t access_type, uint64_t fuid, uint16_t entry_type)
747 uint16_t type = entry_type & ACE_TYPE_FLAGS;
749 aclp->z_ops.ace_mask_set(acep, access_mask);
750 aclp->z_ops.ace_type_set(acep, access_type);
751 aclp->z_ops.ace_flags_set(acep, entry_type);
752 if ((type != ACE_OWNER && type != (ACE_GROUP | ACE_IDENTIFIER_GROUP) &&
753 type != ACE_EVERYONE))
754 aclp->z_ops.ace_who_set(acep, fuid);
758 * Determine mode of file based on ACL.
759 * Also, create FUIDs for any User/Group ACEs
762 zfs_mode_fuid_compute(znode_t *zp, zfs_acl_t *aclp, cred_t *cr,
763 zfs_fuid_info_t **fuidp, dmu_tx_t *tx)
768 zfs_ace_hdr_t *acep = NULL;
770 uint16_t iflags, type;
771 uint32_t access_mask;
773 mode = (zp->z_phys->zp_mode & (S_IFMT | S_ISUID | S_ISGID | S_ISVTX));
775 while (acep = zfs_acl_next_ace(aclp, acep, &who,
776 &access_mask, &iflags, &type)) {
779 * Skip over inherit only ACEs
781 if (iflags & ACE_INHERIT_ONLY_ACE)
784 entry_type = (iflags & ACE_TYPE_FLAGS);
786 if (entry_type == ACE_OWNER) {
787 if ((access_mask & ACE_READ_DATA) &&
788 (!(seen & S_IRUSR))) {
794 if ((access_mask & ACE_WRITE_DATA) &&
795 (!(seen & S_IWUSR))) {
801 if ((access_mask & ACE_EXECUTE) &&
802 (!(seen & S_IXUSR))) {
808 } else if (entry_type == OWNING_GROUP) {
809 if ((access_mask & ACE_READ_DATA) &&
810 (!(seen & S_IRGRP))) {
816 if ((access_mask & ACE_WRITE_DATA) &&
817 (!(seen & S_IWGRP))) {
823 if ((access_mask & ACE_EXECUTE) &&
824 (!(seen & S_IXGRP))) {
830 } else if (entry_type == ACE_EVERYONE) {
831 if ((access_mask & ACE_READ_DATA)) {
832 if (!(seen & S_IRUSR)) {
838 if (!(seen & S_IRGRP)) {
844 if (!(seen & S_IROTH)) {
851 if ((access_mask & ACE_WRITE_DATA)) {
852 if (!(seen & S_IWUSR)) {
858 if (!(seen & S_IWGRP)) {
864 if (!(seen & S_IWOTH)) {
871 if ((access_mask & ACE_EXECUTE)) {
872 if (!(seen & S_IXUSR)) {
878 if (!(seen & S_IXGRP)) {
884 if (!(seen & S_IXOTH)) {
893 * Now handle FUID create for user/group ACEs
895 if (entry_type == 0 || entry_type == ACE_IDENTIFIER_GROUP) {
896 aclp->z_ops.ace_who_set(acep,
897 zfs_fuid_create(zp->z_zfsvfs, who, cr,
898 (entry_type == 0) ? ZFS_ACE_USER : ZFS_ACE_GROUP,
906 zfs_acl_node_read_internal(znode_t *zp, boolean_t will_modify)
909 zfs_acl_node_t *aclnode;
911 aclp = zfs_acl_alloc(zp->z_phys->zp_acl.z_acl_version);
914 * Version 0 to 1 znode_acl_phys has the size/count fields swapped.
915 * Version 0 didn't have a size field, only a count.
917 if (zp->z_phys->zp_acl.z_acl_version == ZFS_ACL_VERSION_INITIAL) {
918 aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_size;
919 aclp->z_acl_bytes = ZFS_ACL_SIZE(aclp->z_acl_count);
921 aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_count;
922 aclp->z_acl_bytes = zp->z_phys->zp_acl.z_acl_size;
925 aclnode = zfs_acl_node_alloc(will_modify ? aclp->z_acl_bytes : 0);
926 aclnode->z_ace_count = aclp->z_acl_count;
928 bcopy(zp->z_phys->zp_acl.z_ace_data, aclnode->z_acldata,
931 aclnode->z_size = aclp->z_acl_bytes;
932 aclnode->z_acldata = &zp->z_phys->zp_acl.z_ace_data[0];
935 list_insert_head(&aclp->z_acl, aclnode);
941 * Read an external acl object.
944 zfs_acl_node_read(znode_t *zp, zfs_acl_t **aclpp, boolean_t will_modify)
946 uint64_t extacl = zp->z_phys->zp_acl.z_acl_extern_obj;
950 zfs_acl_node_t *aclnode;
953 ASSERT(MUTEX_HELD(&zp->z_acl_lock));
955 if (zp->z_phys->zp_acl.z_acl_extern_obj == 0) {
956 *aclpp = zfs_acl_node_read_internal(zp, will_modify);
960 aclp = zfs_acl_alloc(zp->z_phys->zp_acl.z_acl_version);
961 if (zp->z_phys->zp_acl.z_acl_version == ZFS_ACL_VERSION_INITIAL) {
962 zfs_acl_phys_v0_t *zacl0 =
963 (zfs_acl_phys_v0_t *)&zp->z_phys->zp_acl;
965 aclsize = ZFS_ACL_SIZE(zacl0->z_acl_count);
966 acl_count = zacl0->z_acl_count;
968 aclsize = zp->z_phys->zp_acl.z_acl_size;
969 acl_count = zp->z_phys->zp_acl.z_acl_count;
971 aclsize = acl_count * sizeof (zfs_ace_t);
973 aclnode = zfs_acl_node_alloc(aclsize);
974 list_insert_head(&aclp->z_acl, aclnode);
975 error = dmu_read(zp->z_zfsvfs->z_os, extacl, 0,
976 aclsize, aclnode->z_acldata);
977 aclnode->z_ace_count = acl_count;
978 aclp->z_acl_count = acl_count;
979 aclp->z_acl_bytes = aclsize;
991 * common code for setting ACLs.
993 * This function is called from zfs_mode_update, zfs_perm_init, and zfs_setacl.
994 * zfs_setacl passes a non-NULL inherit pointer (ihp) to indicate that it's
995 * already checked the acl and knows whether to inherit.
998 zfs_aclset_common(znode_t *zp, zfs_acl_t *aclp, cred_t *cr,
999 zfs_fuid_info_t **fuidp, dmu_tx_t *tx)
1002 znode_phys_t *zphys = zp->z_phys;
1003 zfs_acl_phys_t *zacl = &zphys->zp_acl;
1004 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1005 uint64_t aoid = zphys->zp_acl.z_acl_extern_obj;
1007 dmu_object_type_t otype;
1008 zfs_acl_node_t *aclnode;
1010 ASSERT(MUTEX_HELD(&zp->z_lock));
1011 ASSERT(MUTEX_HELD(&zp->z_acl_lock));
1013 dmu_buf_will_dirty(zp->z_dbuf, tx);
1015 zphys->zp_mode = zfs_mode_fuid_compute(zp, aclp, cr, fuidp, tx);
1018 * Decide which opbject type to use. If we are forced to
1019 * use old ACL format than transform ACL into zfs_oldace_t
1022 if (!zfsvfs->z_use_fuids) {
1023 otype = DMU_OT_OLDACL;
1025 if ((aclp->z_version == ZFS_ACL_VERSION_INITIAL) &&
1026 (zfsvfs->z_version >= ZPL_VERSION_FUID))
1027 zfs_acl_xform(zp, aclp);
1028 ASSERT(aclp->z_version >= ZFS_ACL_VERSION_FUID);
1032 if (aclp->z_acl_bytes > ZFS_ACE_SPACE) {
1034 * If ACL was previously external and we are now
1035 * converting to new ACL format then release old
1036 * ACL object and create a new one.
1038 if (aoid && aclp->z_version != zacl->z_acl_version) {
1039 error = dmu_object_free(zfsvfs->z_os,
1040 zp->z_phys->zp_acl.z_acl_extern_obj, tx);
1046 aoid = dmu_object_alloc(zfsvfs->z_os,
1047 otype, aclp->z_acl_bytes,
1048 otype == DMU_OT_ACL ? DMU_OT_SYSACL : DMU_OT_NONE,
1049 otype == DMU_OT_ACL ? DN_MAX_BONUSLEN : 0, tx);
1051 (void) dmu_object_set_blocksize(zfsvfs->z_os, aoid,
1052 aclp->z_acl_bytes, 0, tx);
1054 zphys->zp_acl.z_acl_extern_obj = aoid;
1055 for (aclnode = list_head(&aclp->z_acl); aclnode;
1056 aclnode = list_next(&aclp->z_acl, aclnode)) {
1057 if (aclnode->z_ace_count == 0)
1059 dmu_write(zfsvfs->z_os, aoid, off,
1060 aclnode->z_size, aclnode->z_acldata, tx);
1061 off += aclnode->z_size;
1064 void *start = zacl->z_ace_data;
1066 * Migrating back embedded?
1068 if (zphys->zp_acl.z_acl_extern_obj) {
1069 error = dmu_object_free(zfsvfs->z_os,
1070 zp->z_phys->zp_acl.z_acl_extern_obj, tx);
1073 zphys->zp_acl.z_acl_extern_obj = 0;
1076 for (aclnode = list_head(&aclp->z_acl); aclnode;
1077 aclnode = list_next(&aclp->z_acl, aclnode)) {
1078 if (aclnode->z_ace_count == 0)
1080 bcopy(aclnode->z_acldata, start, aclnode->z_size);
1081 start = (caddr_t)start + aclnode->z_size;
1086 * If Old version then swap count/bytes to match old
1087 * layout of znode_acl_phys_t.
1089 if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) {
1090 zphys->zp_acl.z_acl_size = aclp->z_acl_count;
1091 zphys->zp_acl.z_acl_count = aclp->z_acl_bytes;
1093 zphys->zp_acl.z_acl_size = aclp->z_acl_bytes;
1094 zphys->zp_acl.z_acl_count = aclp->z_acl_count;
1097 zphys->zp_acl.z_acl_version = aclp->z_version;
1100 * Replace ACL wide bits, but first clear them.
1102 zp->z_phys->zp_flags &= ~ZFS_ACL_WIDE_FLAGS;
1104 zp->z_phys->zp_flags |= aclp->z_hints;
1106 if (ace_trivial_common(aclp, 0, zfs_ace_walk) == 0)
1107 zp->z_phys->zp_flags |= ZFS_ACL_TRIVIAL;
1109 zfs_time_stamper_locked(zp, STATE_CHANGED, tx);
1114 * Update access mask for prepended ACE
1116 * This applies the "groupmask" value for aclmode property.
1119 zfs_acl_prepend_fixup(zfs_acl_t *aclp, void *acep, void *origacep,
1120 mode_t mode, uint64_t owner)
1122 int rmask, wmask, xmask;
1125 uint32_t origmask, acepmask;
1128 aceflags = aclp->z_ops.ace_flags_get(acep);
1129 fuid = aclp->z_ops.ace_who_get(acep);
1130 origmask = aclp->z_ops.ace_mask_get(origacep);
1131 acepmask = aclp->z_ops.ace_mask_get(acep);
1133 user_ace = (!(aceflags &
1134 (ACE_OWNER|ACE_GROUP|ACE_IDENTIFIER_GROUP)));
1136 if (user_ace && (fuid == owner)) {
1146 if (origmask & ACE_READ_DATA) {
1148 acepmask &= ~ACE_READ_DATA;
1150 acepmask |= ACE_READ_DATA;
1154 if (origmask & ACE_WRITE_DATA) {
1156 acepmask &= ~ACE_WRITE_DATA;
1158 acepmask |= ACE_WRITE_DATA;
1162 if (origmask & ACE_APPEND_DATA) {
1164 acepmask &= ~ACE_APPEND_DATA;
1166 acepmask |= ACE_APPEND_DATA;
1170 if (origmask & ACE_EXECUTE) {
1172 acepmask &= ~ACE_EXECUTE;
1174 acepmask |= ACE_EXECUTE;
1177 aclp->z_ops.ace_mask_set(acep, acepmask);
1181 * Apply mode to canonical six ACEs.
1184 zfs_acl_fixup_canonical_six(zfs_acl_t *aclp, mode_t mode)
1186 zfs_acl_node_t *aclnode = list_tail(&aclp->z_acl);
1188 int maskoff = aclp->z_ops.ace_mask_off();
1189 size_t abstract_size = aclp->z_ops.ace_abstract_size();
1191 ASSERT(aclnode != NULL);
1193 acep = (void *)((caddr_t)aclnode->z_acldata +
1194 aclnode->z_size - (abstract_size * 6));
1197 * Fixup final ACEs to match the mode
1200 adjust_ace_pair_common(acep, maskoff, abstract_size,
1201 (mode & 0700) >> 6); /* owner@ */
1203 acep = (caddr_t)acep + (abstract_size * 2);
1205 adjust_ace_pair_common(acep, maskoff, abstract_size,
1206 (mode & 0070) >> 3); /* group@ */
1208 acep = (caddr_t)acep + (abstract_size * 2);
1209 adjust_ace_pair_common(acep, maskoff,
1210 abstract_size, mode); /* everyone@ */
1215 zfs_acl_ace_match(zfs_acl_t *aclp, void *acep, int allow_deny,
1216 int entry_type, int accessmask)
1218 uint32_t mask = aclp->z_ops.ace_mask_get(acep);
1219 uint16_t type = aclp->z_ops.ace_type_get(acep);
1220 uint16_t flags = aclp->z_ops.ace_flags_get(acep);
1222 return (mask == accessmask && type == allow_deny &&
1223 ((flags & ACE_TYPE_FLAGS) == entry_type));
1227 * Can prepended ACE be reused?
1230 zfs_reuse_deny(zfs_acl_t *aclp, void *acep, void *prevacep)
1236 uint32_t mask, prevmask;
1238 if (prevacep == NULL)
1241 prevtype = aclp->z_ops.ace_type_get(prevacep);
1242 prevflags = aclp->z_ops.ace_flags_get(prevacep);
1243 flags = aclp->z_ops.ace_flags_get(acep);
1244 mask = aclp->z_ops.ace_mask_get(acep);
1245 prevmask = aclp->z_ops.ace_mask_get(prevacep);
1247 if (prevtype != DENY)
1250 if (prevflags != (flags & ACE_IDENTIFIER_GROUP))
1253 okay_masks = (mask & OKAY_MASK_BITS);
1255 if (prevmask & ~okay_masks)
1263 * Insert new ACL node into chain of zfs_acl_node_t's
1265 * This will result in two possible results.
1266 * 1. If the ACL is currently just a single zfs_acl_node and
1267 * we are prepending the entry then current acl node will have
1268 * a new node inserted above it.
1270 * 2. If we are inserting in the middle of current acl node then
1271 * the current node will be split in two and new node will be inserted
1272 * in between the two split nodes.
1274 static zfs_acl_node_t *
1275 zfs_acl_ace_insert(zfs_acl_t *aclp, void *acep)
1277 zfs_acl_node_t *newnode;
1278 zfs_acl_node_t *trailernode = NULL;
1279 zfs_acl_node_t *currnode = zfs_acl_curr_node(aclp);
1280 int curr_idx = aclp->z_curr_node->z_ace_idx;
1284 newnode = zfs_acl_node_alloc(aclp->z_ops.ace_size(acep));
1285 newnode->z_ace_count = 1;
1287 oldsize = currnode->z_size;
1289 if (curr_idx != 1) {
1290 trailernode = zfs_acl_node_alloc(0);
1291 trailernode->z_acldata = acep;
1293 trailer_count = currnode->z_ace_count - curr_idx + 1;
1294 currnode->z_ace_count = curr_idx - 1;
1295 currnode->z_size = (caddr_t)acep - (caddr_t)currnode->z_acldata;
1296 trailernode->z_size = oldsize - currnode->z_size;
1297 trailernode->z_ace_count = trailer_count;
1300 aclp->z_acl_count += 1;
1301 aclp->z_acl_bytes += aclp->z_ops.ace_size(acep);
1304 list_insert_before(&aclp->z_acl, currnode, newnode);
1306 list_insert_after(&aclp->z_acl, currnode, newnode);
1308 list_insert_after(&aclp->z_acl, newnode, trailernode);
1309 aclp->z_curr_node = trailernode;
1310 trailernode->z_ace_idx = 1;
1320 zfs_acl_prepend_deny(znode_t *zp, zfs_acl_t *aclp, void *acep,
1323 zfs_acl_node_t *aclnode;
1328 aclnode = zfs_acl_ace_insert(aclp, acep);
1329 newacep = aclnode->z_acldata;
1330 fuid = aclp->z_ops.ace_who_get(acep);
1331 flags = aclp->z_ops.ace_flags_get(acep);
1332 zfs_set_ace(aclp, newacep, 0, DENY, fuid, (flags & ACE_TYPE_FLAGS));
1333 zfs_acl_prepend_fixup(aclp, newacep, acep, mode, zp->z_phys->zp_uid);
1339 * Split an inherited ACE into inherit_only ACE
1340 * and original ACE with inheritance flags stripped off.
1343 zfs_acl_split_ace(zfs_acl_t *aclp, zfs_ace_hdr_t *acep)
1345 zfs_acl_node_t *aclnode;
1346 zfs_acl_node_t *currnode;
1348 uint16_t type, flags;
1352 type = aclp->z_ops.ace_type_get(acep);
1353 flags = aclp->z_ops.ace_flags_get(acep);
1354 mask = aclp->z_ops.ace_mask_get(acep);
1355 fuid = aclp->z_ops.ace_who_get(acep);
1357 aclnode = zfs_acl_ace_insert(aclp, acep);
1358 newacep = aclnode->z_acldata;
1360 aclp->z_ops.ace_type_set(newacep, type);
1361 aclp->z_ops.ace_flags_set(newacep, flags | ACE_INHERIT_ONLY_ACE);
1362 aclp->z_ops.ace_mask_set(newacep, mask);
1363 aclp->z_ops.ace_type_set(newacep, type);
1364 aclp->z_ops.ace_who_set(newacep, fuid);
1365 aclp->z_next_ace = acep;
1366 flags &= ~ALL_INHERIT;
1367 aclp->z_ops.ace_flags_set(acep, flags);
1368 currnode = zfs_acl_curr_node(aclp);
1369 ASSERT(currnode->z_ace_idx >= 1);
1370 currnode->z_ace_idx -= 1;
1374 * Are ACES started at index i, the canonical six ACES?
1377 zfs_have_canonical_six(zfs_acl_t *aclp)
1380 zfs_acl_node_t *aclnode = list_tail(&aclp->z_acl);
1382 size_t abstract_size = aclp->z_ops.ace_abstract_size();
1384 ASSERT(aclnode != NULL);
1386 if (aclnode->z_ace_count < 6)
1389 acep = (void *)((caddr_t)aclnode->z_acldata +
1390 aclnode->z_size - (aclp->z_ops.ace_abstract_size() * 6));
1392 if ((zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++),
1393 DENY, ACE_OWNER, 0) &&
1394 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++),
1395 ALLOW, ACE_OWNER, OWNER_ALLOW_MASK) &&
1396 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), DENY,
1397 OWNING_GROUP, 0) && zfs_acl_ace_match(aclp, (caddr_t)acep +
1398 (abstract_size * i++),
1399 ALLOW, OWNING_GROUP, 0) &&
1400 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++),
1401 DENY, ACE_EVERYONE, EVERYONE_DENY_MASK) &&
1402 zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++),
1403 ALLOW, ACE_EVERYONE, EVERYONE_ALLOW_MASK))) {
1412 * Apply step 1g, to group entries
1414 * Need to deal with corner case where group may have
1415 * greater permissions than owner. If so then limit
1416 * group permissions, based on what extra permissions
1420 zfs_fixup_group_entries(zfs_acl_t *aclp, void *acep, void *prevacep,
1423 uint32_t prevmask = aclp->z_ops.ace_mask_get(prevacep);
1424 uint32_t mask = aclp->z_ops.ace_mask_get(acep);
1425 uint16_t prevflags = aclp->z_ops.ace_flags_get(prevacep);
1426 mode_t extramode = (mode >> 3) & 07;
1427 mode_t ownermode = (mode >> 6);
1429 if (prevflags & ACE_IDENTIFIER_GROUP) {
1431 extramode &= ~ownermode;
1434 if (extramode & S_IROTH) {
1435 prevmask &= ~ACE_READ_DATA;
1436 mask &= ~ACE_READ_DATA;
1438 if (extramode & S_IWOTH) {
1439 prevmask &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA);
1440 mask &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA);
1442 if (extramode & S_IXOTH) {
1443 prevmask &= ~ACE_EXECUTE;
1444 mask &= ~ACE_EXECUTE;
1448 aclp->z_ops.ace_mask_set(acep, mask);
1449 aclp->z_ops.ace_mask_set(prevacep, prevmask);
1453 * Apply the chmod algorithm as described
1457 zfs_acl_chmod(znode_t *zp, uint64_t mode, zfs_acl_t *aclp)
1459 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1460 void *acep = NULL, *prevacep = NULL;
1465 int need_canonical_six = 1;
1466 uint16_t iflags, type;
1467 uint32_t access_mask;
1469 ASSERT(MUTEX_HELD(&zp->z_acl_lock));
1470 ASSERT(MUTEX_HELD(&zp->z_lock));
1472 aclp->z_hints = (zp->z_phys->zp_flags & V4_ACL_WIDE_FLAGS);
1475 * If discard then just discard all ACL nodes which
1476 * represent the ACEs.
1478 * New owner@/group@/everone@ ACEs will be added
1481 if (zfsvfs->z_acl_mode == ZFS_ACL_DISCARD)
1482 zfs_acl_release_nodes(aclp);
1484 while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask,
1487 entry_type = (iflags & ACE_TYPE_FLAGS);
1488 iflags = (iflags & ALL_INHERIT);
1490 if ((type != ALLOW && type != DENY) ||
1491 (iflags & ACE_INHERIT_ONLY_ACE)) {
1493 aclp->z_hints |= ZFS_INHERIT_ACE;
1495 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
1496 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
1497 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
1498 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
1499 aclp->z_hints |= ZFS_ACL_OBJ_ACE;
1506 * Need to split ace into two?
1508 if ((iflags & (ACE_FILE_INHERIT_ACE|
1509 ACE_DIRECTORY_INHERIT_ACE)) &&
1510 (!(iflags & ACE_INHERIT_ONLY_ACE))) {
1511 zfs_acl_split_ace(aclp, acep);
1512 aclp->z_hints |= ZFS_INHERIT_ACE;
1516 if (entry_type == ACE_OWNER || entry_type == ACE_EVERYONE ||
1517 (entry_type == OWNING_GROUP)) {
1518 access_mask &= ~OGE_CLEAR;
1519 aclp->z_ops.ace_mask_set(acep, access_mask);
1522 reuse_deny = B_TRUE;
1523 if (type == ALLOW) {
1526 * Check preceding ACE if any, to see
1527 * if we need to prepend a DENY ACE.
1528 * This is only applicable when the acl_mode
1529 * property == groupmask.
1531 if (zfsvfs->z_acl_mode == ZFS_ACL_GROUPMASK) {
1533 reuse_deny = zfs_reuse_deny(aclp, acep,
1538 zfs_acl_prepend_deny(zp,
1541 zfs_acl_prepend_fixup(
1544 zp->z_phys->zp_uid);
1546 zfs_fixup_group_entries(aclp, acep,
1557 * Check out last six aces, if we have six.
1560 if (aclp->z_acl_count >= 6) {
1561 if (zfs_have_canonical_six(aclp)) {
1562 need_canonical_six = 0;
1566 if (need_canonical_six) {
1567 size_t abstract_size = aclp->z_ops.ace_abstract_size();
1569 zfs_acl_node_t *aclnode =
1570 zfs_acl_node_alloc(abstract_size * 6);
1572 aclnode->z_size = abstract_size * 6;
1573 aclnode->z_ace_count = 6;
1574 aclp->z_acl_bytes += aclnode->z_size;
1575 list_insert_tail(&aclp->z_acl, aclnode);
1577 zacep = aclnode->z_acldata;
1580 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++),
1581 0, DENY, -1, ACE_OWNER);
1582 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++),
1583 OWNER_ALLOW_MASK, ALLOW, -1, ACE_OWNER);
1584 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 0,
1585 DENY, -1, OWNING_GROUP);
1586 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 0,
1587 ALLOW, -1, OWNING_GROUP);
1588 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++),
1589 EVERYONE_DENY_MASK, DENY, -1, ACE_EVERYONE);
1590 zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++),
1591 EVERYONE_ALLOW_MASK, ALLOW, -1, ACE_EVERYONE);
1592 aclp->z_acl_count += 6;
1595 zfs_acl_fixup_canonical_six(aclp, mode);
1599 zfs_acl_chmod_setattr(znode_t *zp, zfs_acl_t **aclp, uint64_t mode)
1603 mutex_enter(&zp->z_lock);
1604 mutex_enter(&zp->z_acl_lock);
1606 error = zfs_acl_node_read(zp, aclp, B_TRUE);
1608 zfs_acl_chmod(zp, mode, *aclp);
1609 mutex_exit(&zp->z_acl_lock);
1610 mutex_exit(&zp->z_lock);
1615 * strip off write_owner and write_acl
1618 zfs_restricted_update(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, void *acep)
1620 uint32_t mask = aclp->z_ops.ace_mask_get(acep);
1622 if ((zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED) &&
1623 (aclp->z_ops.ace_type_get(acep) == ALLOW)) {
1624 mask &= ~RESTRICTED_CLEAR;
1625 aclp->z_ops.ace_mask_set(acep, mask);
1630 * Should ACE be inherited?
1633 zfs_ace_can_use(znode_t *zp, uint16_t acep_flags)
1635 int vtype = ZTOV(zp)->v_type;
1636 int iflags = (acep_flags & 0xf);
1638 if ((vtype == VDIR) && (iflags & ACE_DIRECTORY_INHERIT_ACE))
1640 else if (iflags & ACE_FILE_INHERIT_ACE)
1641 return (!((vtype == VDIR) &&
1642 (iflags & ACE_NO_PROPAGATE_INHERIT_ACE)));
1647 * inherit inheritable ACEs from parent
1650 zfs_acl_inherit(znode_t *zp, zfs_acl_t *paclp, boolean_t *need_chmod)
1652 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1655 zfs_acl_node_t *aclnode, *aclnode2;
1656 zfs_acl_t *aclp = NULL;
1658 uint32_t access_mask;
1659 uint16_t iflags, newflags, type;
1661 void *data1, *data2;
1662 size_t data1sz, data2sz;
1663 enum vtype vntype = ZTOV(zp)->v_type;
1665 *need_chmod = B_TRUE;
1667 aclp = zfs_acl_alloc(zfs_acl_version_zp(zp));
1668 if (zfsvfs->z_acl_inherit != ZFS_ACL_DISCARD) {
1669 while (pacep = zfs_acl_next_ace(paclp, pacep, &who,
1670 &access_mask, &iflags, &type)) {
1672 if (zfsvfs->z_acl_inherit == ZFS_ACL_NOALLOW &&
1676 ace_size = aclp->z_ops.ace_size(pacep);
1678 if (!zfs_ace_can_use(zp, iflags))
1682 * If owner@, group@, or everyone@ inheritable
1683 * then zfs_acl_chmod() isn't needed.
1685 if (zfsvfs->z_acl_inherit ==
1686 ZFS_ACL_PASSTHROUGH &&
1687 ((iflags & (ACE_OWNER|ACE_EVERYONE)) ||
1688 ((iflags & OWNING_GROUP) ==
1689 OWNING_GROUP)) && (vntype == VREG ||
1691 (iflags & ACE_DIRECTORY_INHERIT_ACE))))
1692 *need_chmod = B_FALSE;
1694 aclnode = zfs_acl_node_alloc(ace_size);
1695 list_insert_tail(&aclp->z_acl, aclnode);
1696 acep = aclnode->z_acldata;
1697 zfs_set_ace(aclp, acep, access_mask, type,
1698 who, iflags|ACE_INHERITED_ACE);
1701 * Copy special opaque data if any
1703 if ((data1sz = paclp->z_ops.ace_data(pacep,
1705 VERIFY((data2sz = aclp->z_ops.ace_data(acep,
1706 &data2)) == data1sz);
1707 bcopy(data1, data2, data2sz);
1709 aclp->z_acl_count++;
1710 aclnode->z_ace_count++;
1711 aclp->z_acl_bytes += aclnode->z_size;
1712 newflags = aclp->z_ops.ace_flags_get(acep);
1715 aclp->z_hints |= ZFS_INHERIT_ACE;
1717 if ((iflags & ACE_NO_PROPAGATE_INHERIT_ACE) ||
1719 newflags &= ~ALL_INHERIT;
1720 aclp->z_ops.ace_flags_set(acep,
1721 newflags|ACE_INHERITED_ACE);
1722 zfs_restricted_update(zfsvfs, aclp, acep);
1726 ASSERT(vntype == VDIR);
1728 newflags = aclp->z_ops.ace_flags_get(acep);
1729 if ((iflags & (ACE_FILE_INHERIT_ACE |
1730 ACE_DIRECTORY_INHERIT_ACE)) !=
1731 ACE_FILE_INHERIT_ACE) {
1732 aclnode2 = zfs_acl_node_alloc(ace_size);
1733 list_insert_tail(&aclp->z_acl, aclnode2);
1734 acep2 = aclnode2->z_acldata;
1735 zfs_set_ace(aclp, acep2,
1736 access_mask, type, who,
1737 iflags|ACE_INHERITED_ACE);
1738 newflags |= ACE_INHERIT_ONLY_ACE;
1739 aclp->z_ops.ace_flags_set(acep, newflags);
1740 newflags &= ~ALL_INHERIT;
1741 aclp->z_ops.ace_flags_set(acep2,
1742 newflags|ACE_INHERITED_ACE);
1745 * Copy special opaque data if any
1747 if ((data1sz = aclp->z_ops.ace_data(acep,
1750 aclp->z_ops.ace_data(acep2,
1751 &data2)) == data1sz);
1752 bcopy(data1, data2, data1sz);
1754 aclp->z_acl_count++;
1755 aclnode2->z_ace_count++;
1756 aclp->z_acl_bytes += aclnode->z_size;
1757 zfs_restricted_update(zfsvfs, aclp, acep2);
1759 newflags |= ACE_INHERIT_ONLY_ACE;
1760 aclp->z_ops.ace_flags_set(acep,
1761 newflags|ACE_INHERITED_ACE);
1769 * Create file system object initial permissions
1770 * including inheritable ACEs.
1773 zfs_perm_init(znode_t *zp, znode_t *parent, int flag,
1774 vattr_t *vap, dmu_tx_t *tx, cred_t *cr,
1775 zfs_acl_t *setaclp, zfs_fuid_info_t **fuidp)
1777 uint64_t mode, fuid, fgid;
1779 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1780 zfs_acl_t *aclp = NULL;
1782 xvattr_t *xvap = (xvattr_t *)vap;
1784 boolean_t need_chmod = B_TRUE;
1789 mode = MAKEIMODE(vap->va_type, vap->va_mode);
1792 * Determine uid and gid.
1794 if ((flag & (IS_ROOT_NODE | IS_REPLAY)) ||
1795 ((flag & IS_XATTR) && (vap->va_type == VDIR))) {
1796 fuid = zfs_fuid_create(zfsvfs, vap->va_uid, cr,
1797 ZFS_OWNER, tx, fuidp);
1798 fgid = zfs_fuid_create(zfsvfs, vap->va_gid, cr,
1799 ZFS_GROUP, tx, fuidp);
1802 fuid = zfs_fuid_create_cred(zfsvfs, ZFS_OWNER, tx, cr, fuidp);
1804 if (vap->va_mask & AT_GID) {
1805 fgid = zfs_fuid_create(zfsvfs, vap->va_gid, cr,
1806 ZFS_GROUP, tx, fuidp);
1808 if (fgid != parent->z_phys->zp_gid &&
1809 !groupmember(vap->va_gid, cr) &&
1810 secpolicy_vnode_create_gid(cr) != 0)
1814 if (parent->z_phys->zp_mode & S_ISGID) {
1815 fgid = parent->z_phys->zp_gid;
1816 gid = zfs_fuid_map_id(zfsvfs, fgid,
1819 fgid = zfs_fuid_create_cred(zfsvfs,
1820 ZFS_GROUP, tx, cr, fuidp);
1827 * If we're creating a directory, and the parent directory has the
1828 * set-GID bit set, set in on the new directory.
1829 * Otherwise, if the user is neither privileged nor a member of the
1830 * file's new group, clear the file's set-GID bit.
1833 if ((parent->z_phys->zp_mode & S_ISGID) && (vap->va_type == VDIR)) {
1836 if ((mode & S_ISGID) &&
1837 secpolicy_vnode_setids_setgids(cr, gid) != 0)
1841 zp->z_phys->zp_uid = fuid;
1842 zp->z_phys->zp_gid = fgid;
1843 zp->z_phys->zp_mode = mode;
1846 mutex_enter(&parent->z_lock);
1847 if (parent->z_phys->zp_flags & ZFS_INHERIT_ACE) {
1848 mutex_enter(&parent->z_acl_lock);
1849 VERIFY(0 == zfs_acl_node_read(parent, &paclp, B_FALSE));
1850 mutex_exit(&parent->z_acl_lock);
1851 aclp = zfs_acl_inherit(zp, paclp, &need_chmod);
1852 zfs_acl_free(paclp);
1854 aclp = zfs_acl_alloc(zfs_acl_version_zp(zp));
1856 mutex_exit(&parent->z_lock);
1857 mutex_enter(&zp->z_lock);
1858 mutex_enter(&zp->z_acl_lock);
1860 zfs_acl_chmod(zp, mode, aclp);
1862 mutex_enter(&zp->z_lock);
1863 mutex_enter(&zp->z_acl_lock);
1866 /* Force auto_inherit on all new directory objects */
1867 if (vap->va_type == VDIR)
1868 aclp->z_hints |= ZFS_ACL_AUTO_INHERIT;
1870 error = zfs_aclset_common(zp, aclp, cr, fuidp, tx);
1872 /* Set optional attributes if any */
1873 if (vap->va_mask & AT_XVATTR)
1874 zfs_xvattr_set(zp, xvap);
1876 mutex_exit(&zp->z_lock);
1877 mutex_exit(&zp->z_acl_lock);
1878 ASSERT3U(error, ==, 0);
1880 if (aclp != setaclp)
1885 * Retrieve a files ACL
1888 zfs_getacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr)
1896 mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT |
1897 VSA_ACE_ACLFLAGS | VSA_ACE_ALLTYPES);
1899 if (error = zfs_zaccess(zp, ACE_READ_ACL, 0, skipaclchk, cr))
1905 mutex_enter(&zp->z_acl_lock);
1907 error = zfs_acl_node_read(zp, &aclp, B_FALSE);
1909 mutex_exit(&zp->z_acl_lock);
1914 * Scan ACL to determine number of ACEs
1916 if ((zp->z_phys->zp_flags & ZFS_ACL_OBJ_ACE) &&
1917 !(mask & VSA_ACE_ALLTYPES)) {
1920 uint32_t access_mask;
1921 uint16_t type, iflags;
1923 while (zacep = zfs_acl_next_ace(aclp, zacep,
1924 &who, &access_mask, &iflags, &type)) {
1926 case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
1927 case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
1928 case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
1929 case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
1936 vsecp->vsa_aclcnt = count;
1938 count = aclp->z_acl_count;
1940 if (mask & VSA_ACECNT) {
1941 vsecp->vsa_aclcnt = count;
1944 if (mask & VSA_ACE) {
1947 zfs_acl_node_t *aclnode = list_head(&aclp->z_acl);
1949 aclsz = count * sizeof (ace_t) +
1950 sizeof (ace_object_t) * largeace;
1952 vsecp->vsa_aclentp = kmem_alloc(aclsz, KM_SLEEP);
1953 vsecp->vsa_aclentsz = aclsz;
1955 if (aclp->z_version == ZFS_ACL_VERSION_FUID)
1956 zfs_copy_fuid_2_ace(zp->z_zfsvfs, aclp, cr,
1957 vsecp->vsa_aclentp, !(mask & VSA_ACE_ALLTYPES));
1959 bcopy(aclnode->z_acldata, vsecp->vsa_aclentp,
1960 count * sizeof (ace_t));
1963 if (mask & VSA_ACE_ACLFLAGS) {
1964 vsecp->vsa_aclflags = 0;
1965 if (zp->z_phys->zp_flags & ZFS_ACL_DEFAULTED)
1966 vsecp->vsa_aclflags |= ACL_DEFAULTED;
1967 if (zp->z_phys->zp_flags & ZFS_ACL_PROTECTED)
1968 vsecp->vsa_aclflags |= ACL_PROTECTED;
1969 if (zp->z_phys->zp_flags & ZFS_ACL_AUTO_INHERIT)
1970 vsecp->vsa_aclflags |= ACL_AUTO_INHERIT;
1973 mutex_exit(&zp->z_acl_lock);
1981 zfs_vsec_2_aclp(zfsvfs_t *zfsvfs, vtype_t obj_type,
1982 vsecattr_t *vsecp, zfs_acl_t **zaclp)
1985 zfs_acl_node_t *aclnode;
1986 int aclcnt = vsecp->vsa_aclcnt;
1989 if (vsecp->vsa_aclcnt > MAX_ACL_ENTRIES || vsecp->vsa_aclcnt <= 0)
1992 aclp = zfs_acl_alloc(zfs_acl_version(zfsvfs->z_version));
1995 aclnode = zfs_acl_node_alloc(aclcnt * sizeof (zfs_object_ace_t));
1996 if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) {
1997 if ((error = zfs_copy_ace_2_oldace(obj_type, aclp,
1998 (ace_t *)vsecp->vsa_aclentp, aclnode->z_acldata,
1999 aclcnt, &aclnode->z_size)) != 0) {
2001 zfs_acl_node_free(aclnode);
2005 if ((error = zfs_copy_ace_2_fuid(obj_type, aclp,
2006 vsecp->vsa_aclentp, aclnode->z_acldata, aclcnt,
2007 &aclnode->z_size)) != 0) {
2009 zfs_acl_node_free(aclnode);
2013 aclp->z_acl_bytes = aclnode->z_size;
2014 aclnode->z_ace_count = aclcnt;
2015 aclp->z_acl_count = aclcnt;
2016 list_insert_head(&aclp->z_acl, aclnode);
2019 * If flags are being set then add them to z_hints
2021 if (vsecp->vsa_mask & VSA_ACE_ACLFLAGS) {
2022 if (vsecp->vsa_aclflags & ACL_PROTECTED)
2023 aclp->z_hints |= ZFS_ACL_PROTECTED;
2024 if (vsecp->vsa_aclflags & ACL_DEFAULTED)
2025 aclp->z_hints |= ZFS_ACL_DEFAULTED;
2026 if (vsecp->vsa_aclflags & ACL_AUTO_INHERIT)
2027 aclp->z_hints |= ZFS_ACL_AUTO_INHERIT;
2039 zfs_setacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr)
2041 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2042 zilog_t *zilog = zfsvfs->z_log;
2043 ulong_t mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT);
2047 zfs_fuid_info_t *fuidp = NULL;
2052 if (zp->z_phys->zp_flags & ZFS_IMMUTABLE)
2055 if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr))
2058 error = zfs_vsec_2_aclp(zfsvfs, ZTOV(zp)->v_type, vsecp, &aclp);
2063 * If ACL wide flags aren't being set then preserve any
2066 if (!(vsecp->vsa_mask & VSA_ACE_ACLFLAGS)) {
2067 aclp->z_hints |= (zp->z_phys->zp_flags & V4_ACL_WIDE_FLAGS);
2070 if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr)) {
2075 mutex_enter(&zp->z_lock);
2076 mutex_enter(&zp->z_acl_lock);
2078 tx = dmu_tx_create(zfsvfs->z_os);
2079 dmu_tx_hold_bonus(tx, zp->z_id);
2081 if (zp->z_phys->zp_acl.z_acl_extern_obj) {
2082 /* Are we upgrading ACL? */
2083 if (zfsvfs->z_version <= ZPL_VERSION_FUID &&
2084 zp->z_phys->zp_acl.z_acl_version ==
2085 ZFS_ACL_VERSION_INITIAL) {
2086 dmu_tx_hold_free(tx,
2087 zp->z_phys->zp_acl.z_acl_extern_obj,
2089 dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
2090 0, aclp->z_acl_bytes);
2092 dmu_tx_hold_write(tx,
2093 zp->z_phys->zp_acl.z_acl_extern_obj,
2094 0, aclp->z_acl_bytes);
2096 } else if (aclp->z_acl_bytes > ZFS_ACE_SPACE) {
2097 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, aclp->z_acl_bytes);
2099 if (aclp->z_has_fuids) {
2100 if (zfsvfs->z_fuid_obj == 0) {
2101 dmu_tx_hold_bonus(tx, DMU_NEW_OBJECT);
2102 dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
2103 FUID_SIZE_ESTIMATE(zfsvfs));
2104 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, FALSE, NULL);
2106 dmu_tx_hold_bonus(tx, zfsvfs->z_fuid_obj);
2107 dmu_tx_hold_write(tx, zfsvfs->z_fuid_obj, 0,
2108 FUID_SIZE_ESTIMATE(zfsvfs));
2112 error = dmu_tx_assign(tx, zfsvfs->z_assign);
2114 mutex_exit(&zp->z_acl_lock);
2115 mutex_exit(&zp->z_lock);
2117 if (error == ERESTART && zfsvfs->z_assign == TXG_NOWAIT) {
2127 error = zfs_aclset_common(zp, aclp, cr, &fuidp, tx);
2130 zfs_log_acl(zilog, tx, zp, vsecp, fuidp);
2133 zfs_fuid_info_free(fuidp);
2137 mutex_exit(&zp->z_acl_lock);
2138 mutex_exit(&zp->z_lock);
2144 * working_mode returns the permissions that were not granted
2147 zfs_zaccess_common(znode_t *zp, uint32_t v4_mode, uint32_t *working_mode,
2148 boolean_t *check_privs, boolean_t skipaclchk, cred_t *cr)
2151 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2153 uid_t uid = crgetuid(cr);
2155 uint16_t type, iflags;
2156 uint16_t entry_type;
2157 uint32_t access_mask;
2158 uint32_t deny_mask = 0;
2159 zfs_ace_hdr_t *acep = NULL;
2165 * Short circuit empty requests
2170 *check_privs = B_TRUE;
2172 if (zfsvfs->z_assign >= TXG_INITIAL) { /* ZIL replay */
2177 *working_mode = v4_mode;
2179 if ((v4_mode & WRITE_MASK) &&
2180 (zp->z_zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) &&
2181 (!IS_DEVVP(ZTOV(zp)))) {
2182 *check_privs = B_FALSE;
2187 * Only check for READONLY on non-directories.
2189 if ((v4_mode & WRITE_MASK_DATA) &&
2190 (((ZTOV(zp)->v_type != VDIR) &&
2191 (zp->z_phys->zp_flags & (ZFS_READONLY | ZFS_IMMUTABLE))) ||
2192 (ZTOV(zp)->v_type == VDIR &&
2193 (zp->z_phys->zp_flags & ZFS_IMMUTABLE)))) {
2194 *check_privs = B_FALSE;
2198 if ((v4_mode & (ACE_DELETE | ACE_DELETE_CHILD)) &&
2199 (zp->z_phys->zp_flags & ZFS_NOUNLINK)) {
2200 *check_privs = B_FALSE;
2204 if (((v4_mode & (ACE_READ_DATA|ACE_EXECUTE)) &&
2205 (zp->z_phys->zp_flags & ZFS_AV_QUARANTINED))) {
2206 *check_privs = B_FALSE;
2211 * The caller requested that the ACL check be skipped. This
2212 * would only happen if the caller checked VOP_ACCESS() with a
2213 * 32 bit ACE mask and already had the appropriate permissions.
2220 zfs_fuid_map_ids(zp, cr, &fowner, &gowner);
2222 mutex_enter(&zp->z_acl_lock);
2224 error = zfs_acl_node_read(zp, &aclp, B_FALSE);
2226 mutex_exit(&zp->z_acl_lock);
2230 while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask,
2233 if (iflags & ACE_INHERIT_ONLY_ACE)
2236 entry_type = (iflags & ACE_TYPE_FLAGS);
2240 switch (entry_type) {
2248 case ACE_IDENTIFIER_GROUP:
2249 checkit = zfs_groupmember(zfsvfs, who, cr);
2257 if (entry_type == 0) {
2260 newid = zfs_fuid_map_id(zfsvfs, who, cr,
2262 if (newid != IDMAP_WK_CREATOR_OWNER_UID &&
2268 mutex_exit(&zp->z_acl_lock);
2274 uint32_t mask_matched = (access_mask & *working_mode);
2278 deny_mask |= mask_matched;
2280 *working_mode &= ~mask_matched;
2285 if (*working_mode == 0)
2289 mutex_exit(&zp->z_acl_lock);
2292 /* Put the found 'denies' back on the working mode */
2293 *working_mode |= deny_mask;
2302 zfs_zaccess_append(znode_t *zp, uint32_t *working_mode, boolean_t *check_privs,
2305 if (*working_mode != ACE_WRITE_DATA)
2308 return (zfs_zaccess_common(zp, ACE_APPEND_DATA, working_mode,
2309 check_privs, B_FALSE, cr));
2313 * Determine whether Access should be granted/denied, invoking least
2314 * priv subsytem when a deny is determined.
2317 zfs_zaccess(znode_t *zp, int mode, int flags, boolean_t skipaclchk, cred_t *cr)
2319 uint32_t working_mode;
2322 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2323 boolean_t check_privs;
2325 znode_t *check_zp = zp;
2327 is_attr = ((zp->z_phys->zp_flags & ZFS_XATTR) &&
2328 (ZTOV(zp)->v_type == VDIR));
2331 * If attribute then validate against base file
2334 if ((error = zfs_zget(zp->z_zfsvfs,
2335 zp->z_phys->zp_parent, &xzp)) != 0) {
2342 * fixup mode to map to xattr perms
2345 if (mode & (ACE_WRITE_DATA|ACE_APPEND_DATA)) {
2346 mode &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA);
2347 mode |= ACE_WRITE_NAMED_ATTRS;
2350 if (mode & (ACE_READ_DATA|ACE_EXECUTE)) {
2351 mode &= ~(ACE_READ_DATA|ACE_EXECUTE);
2352 mode |= ACE_READ_NAMED_ATTRS;
2356 if ((error = zfs_zaccess_common(check_zp, mode, &working_mode,
2357 &check_privs, skipaclchk, cr)) == 0) {
2363 if (error && !check_privs) {
2369 if (error && (flags & V_APPEND)) {
2370 error = zfs_zaccess_append(zp, &working_mode, &check_privs, cr);
2373 if (error && check_privs) {
2375 mode_t checkmode = 0;
2377 owner = zfs_fuid_map_id(zfsvfs, check_zp->z_phys->zp_uid, cr,
2381 * First check for implicit owner permission on
2382 * read_acl/read_attributes
2386 ASSERT(working_mode != 0);
2388 if ((working_mode & (ACE_READ_ACL|ACE_READ_ATTRIBUTES) &&
2389 owner == crgetuid(cr)))
2390 working_mode &= ~(ACE_READ_ACL|ACE_READ_ATTRIBUTES);
2392 if (working_mode & (ACE_READ_DATA|ACE_READ_NAMED_ATTRS|
2393 ACE_READ_ACL|ACE_READ_ATTRIBUTES))
2395 if (working_mode & (ACE_WRITE_DATA|ACE_WRITE_NAMED_ATTRS|
2396 ACE_APPEND_DATA|ACE_WRITE_ATTRIBUTES))
2397 checkmode |= VWRITE;
2398 if (working_mode & ACE_EXECUTE)
2402 error = secpolicy_vnode_access(cr, ZTOV(check_zp),
2405 if (error == 0 && (working_mode & ACE_WRITE_OWNER))
2406 error = secpolicy_vnode_create_gid(cr);
2407 if (error == 0 && (working_mode & ACE_WRITE_ACL))
2408 error = secpolicy_vnode_setdac(cr, owner);
2410 if (error == 0 && (working_mode &
2411 (ACE_DELETE|ACE_DELETE_CHILD)))
2412 error = secpolicy_vnode_remove(cr);
2414 if (error == 0 && (working_mode & ACE_SYNCHRONIZE))
2415 error = secpolicy_vnode_owner(cr, owner);
2419 * See if any bits other than those already checked
2420 * for are still present. If so then return EACCES
2422 if (working_mode & ~(ZFS_CHECKED_MASKS)) {
2435 * Translate traditional unix VREAD/VWRITE/VEXEC mode into
2436 * native ACL format and call zfs_zaccess()
2439 zfs_zaccess_rwx(znode_t *zp, mode_t mode, int flags, cred_t *cr)
2441 return (zfs_zaccess(zp, zfs_unix_to_v4(mode >> 6), flags, B_FALSE, cr));
2445 * Access function for secpolicy_vnode_setattr
2448 zfs_zaccess_unix(znode_t *zp, mode_t mode, cred_t *cr)
2450 int v4_mode = zfs_unix_to_v4(mode >> 6);
2452 return (zfs_zaccess(zp, v4_mode, 0, B_FALSE, cr));
2456 zfs_delete_final_check(znode_t *zp, znode_t *dzp,
2457 mode_t missing_perms, cred_t *cr)
2461 zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2463 downer = zfs_fuid_map_id(zfsvfs, dzp->z_phys->zp_uid, cr, ZFS_OWNER);
2465 error = secpolicy_vnode_access(cr, ZTOV(dzp), downer, missing_perms);
2468 error = zfs_sticky_remove_access(dzp, zp, cr);
2474 * Determine whether Access should be granted/deny, without
2475 * consulting least priv subsystem.
2478 * The following chart is the recommended NFSv4 enforcement for
2479 * ability to delete an object.
2481 * -------------------------------------------------------
2482 * | Parent Dir | Target Object Permissions |
2484 * -------------------------------------------------------
2485 * | | ACL Allows | ACL Denies| Delete |
2486 * | | Delete | Delete | unspecified|
2487 * -------------------------------------------------------
2488 * | ACL Allows | Permit | Permit | Permit |
2489 * | DELETE_CHILD | |
2490 * -------------------------------------------------------
2491 * | ACL Denies | Permit | Deny | Deny |
2492 * | DELETE_CHILD | | | |
2493 * -------------------------------------------------------
2494 * | ACL specifies | | | |
2495 * | only allow | Permit | Permit | Permit |
2496 * | write and | | | |
2498 * -------------------------------------------------------
2499 * | ACL denies | | | |
2500 * | write and | Permit | Deny | Deny |
2502 * -------------------------------------------------------
2505 * No search privilege, can't even look up file?
2509 zfs_zaccess_delete(znode_t *dzp, znode_t *zp, cred_t *cr)
2511 uint32_t dzp_working_mode = 0;
2512 uint32_t zp_working_mode = 0;
2513 int dzp_error, zp_error;
2514 mode_t missing_perms;
2515 boolean_t dzpcheck_privs = B_TRUE;
2516 boolean_t zpcheck_privs = B_TRUE;
2519 * We want specific DELETE permissions to
2520 * take precedence over WRITE/EXECUTE. We don't
2521 * want an ACL such as this to mess us up.
2522 * user:joe:write_data:deny,user:joe:delete:allow
2524 * However, deny permissions may ultimately be overridden
2525 * by secpolicy_vnode_access().
2527 * We will ask for all of the necessary permissions and then
2528 * look at the working modes from the directory and target object
2529 * to determine what was found.
2532 if (zp->z_phys->zp_flags & (ZFS_IMMUTABLE | ZFS_NOUNLINK))
2536 * If the directory permissions allow the delete, we are done.
2538 if ((dzp_error = zfs_zaccess_common(dzp,
2539 ACE_DELETE_CHILD|ACE_EXECUTE|ACE_WRITE_DATA,
2540 &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr)) == 0)
2544 * If target object has delete permission then we are done
2546 if ((zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode,
2547 &zpcheck_privs, B_FALSE, cr)) == 0)
2550 if (!dzpcheck_privs)
2552 else if (!zpcheck_privs)
2556 * First check the first row.
2557 * We only need to see if parent Allows delete_child
2559 if ((dzp_working_mode & ACE_DELETE_CHILD) == 0)
2564 * we already have the necessary information in
2565 * zp_working_mode, zp_error and dzp_error.
2568 if ((zp_working_mode & ACE_DELETE) == 0)
2572 * determine the needed permissions based off of the directories
2576 missing_perms = (dzp_working_mode & ACE_WRITE_DATA) ? VWRITE : 0;
2577 missing_perms |= (dzp_working_mode & ACE_EXECUTE) ? VEXEC : 0;
2579 if (dzp_error == EACCES)
2580 return (zfs_delete_final_check(zp, dzp, missing_perms, cr));
2584 * only need to see if we have write/execute on directory.
2587 if (missing_perms == 0)
2588 return (zfs_sticky_remove_access(dzp, zp, cr));
2594 if (missing_perms && ((zp_working_mode & ACE_DELETE) == 0))
2595 return (zfs_sticky_remove_access(dzp, zp, cr));
2597 return (zfs_delete_final_check(zp, dzp, missing_perms, cr));
2601 zfs_zaccess_rename(znode_t *sdzp, znode_t *szp, znode_t *tdzp,
2602 znode_t *tzp, cred_t *cr)
2607 if (szp->z_phys->zp_flags & ZFS_AV_QUARANTINED)
2610 add_perm = (ZTOV(szp)->v_type == VDIR) ?
2611 ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE;
2614 * Rename permissions are combination of delete permission +
2615 * add file/subdir permission.
2619 * first make sure we do the delete portion.
2621 * If that succeeds then check for add_file/add_subdir permissions
2624 if (error = zfs_zaccess_delete(sdzp, szp, cr))
2628 * If we have a tzp, see if we can delete it?
2631 if (error = zfs_zaccess_delete(tdzp, tzp, cr))
2636 * Now check for add permissions
2638 error = zfs_zaccess(tdzp, add_perm, 0, B_FALSE, cr);