Print this page
NEX-16818 Add fksmbcl development tool
NEX-17264 SMB client test tp_smbutil_013 fails after NEX-14666
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
and: (fix ref leaks)
NEX-16783 Panic in smbfs_delmap_callback (cstyle)
NEX-16783 Panic in smbfs_delmap_callback (fix leak)
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Dan Fields <dan.fields@nexenta.com>
5404 smbfs needs mmap support
Portions contributed by: Gordon Ross <gordon.w.ross@gmail.com>
Reviewed by: C Fraire <cfraire@me.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Reviewed by: Jason King <jason.brian.king@gmail.com>
Reviewed by: Andrew Stormont <andyjstormont@gmail.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
1586 mount_smbfs doesn't document noacl
Reviewed by: Jason King <jason.brian.king@gmail.com>
Reviewed by: C Fraire <cfraire@me.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/fs/smbclnt/smbfs/smbfs_vfsops.c
+++ new/usr/src/uts/common/fs/smbclnt/smbfs/smbfs_vfsops.c
1 1 /*
2 2 * Copyright (c) 2000-2001, Boris Popov
3 3 * All rights reserved.
4 4 *
5 5 * Redistribution and use in source and binary forms, with or without
6 6 * modification, are permitted provided that the following conditions
7 7 * are met:
8 8 * 1. Redistributions of source code must retain the above copyright
9 9 * notice, this list of conditions and the following disclaimer.
10 10 * 2. Redistributions in binary form must reproduce the above copyright
11 11 * notice, this list of conditions and the following disclaimer in the
12 12 * documentation and/or other materials provided with the distribution.
13 13 * 3. All advertising materials mentioning features or use of this software
14 14 * must display the following acknowledgement:
15 15 * This product includes software developed by Boris Popov.
16 16 * 4. Neither the name of the author nor the names of any co-contributors
17 17 * may be used to endorse or promote products derived from this software
18 18 * without specific prior written permission.
19 19 *
20 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
↓ open down ↓ |
28 lines elided |
↑ open up ↑ |
29 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 30 * SUCH DAMAGE.
31 31 *
32 32 * $Id: smbfs_vfsops.c,v 1.73.64.1 2005/05/27 02:35:28 lindak Exp $
33 33 */
34 34
35 35 /*
36 36 * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
37 37 * Copyright 2013, Joyent, Inc. All rights reserved.
38 38 * Copyright (c) 2016 by Delphix. All rights reserved.
39 + * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
39 40 */
40 41
41 42 #include <sys/systm.h>
42 43 #include <sys/cred.h>
43 44 #include <sys/time.h>
44 45 #include <sys/vfs.h>
45 46 #include <sys/vnode.h>
46 47 #include <fs/fs_subr.h>
47 48 #include <sys/sysmacros.h>
48 49 #include <sys/kmem.h>
49 50 #include <sys/mkdev.h>
50 51 #include <sys/mount.h>
51 52 #include <sys/statvfs.h>
52 53 #include <sys/errno.h>
53 54 #include <sys/debug.h>
55 +#include <sys/disp.h>
54 56 #include <sys/cmn_err.h>
55 57 #include <sys/modctl.h>
56 58 #include <sys/policy.h>
57 59 #include <sys/atomic.h>
58 60 #include <sys/zone.h>
59 61 #include <sys/vfs_opreg.h>
60 62 #include <sys/mntent.h>
61 63 #include <sys/priv.h>
64 +#include <sys/taskq.h>
62 65 #include <sys/tsol/label.h>
63 66 #include <sys/tsol/tndb.h>
64 67 #include <inet/ip.h>
65 68
66 69 #include <netsmb/smb_osdep.h>
67 70 #include <netsmb/smb.h>
68 71 #include <netsmb/smb_conn.h>
69 72 #include <netsmb/smb_subr.h>
70 73 #include <netsmb/smb_dev.h>
71 74
72 75 #include <smbfs/smbfs.h>
73 76 #include <smbfs/smbfs_node.h>
74 77 #include <smbfs/smbfs_subr.h>
75 78
79 +#ifndef _KERNEL
80 +
81 +#include <libfksmbfs.h>
82 +
83 +#define STRUCT_DECL(s, a) struct s a
84 +#define STRUCT_FGET(handle, field) ((handle).field)
85 +#define _init(v) fksmbfs_init(v)
86 +#define _fini(v) fksmbfs_fini(v)
87 +
88 +#endif /* !_KERNEL */
89 +
76 90 /*
91 + * Should smbfs mount enable "-o acl" by default? There are good
92 + * arguments for both. The most common use case is individual users
93 + * accessing files on some SMB server, for which "noacl" is the more
94 + * convenient default. A less common use case is data migration,
95 + * where the "acl" option might be a desirable default. We'll make
96 + * the common use case the default. This default can be changed via
97 + * /etc/system, and/or set per-mount via the "acl" mount option.
98 + */
99 +int smbfs_default_opt_acl = 0;
100 +
101 +/*
102 + * How many taskq threads per-mount should we use.
103 + * Just one is fine (until we do more async work).
104 + */
105 +int smbfs_tq_nthread = 1;
106 +
107 +/*
77 108 * Local functions definitions.
78 109 */
79 110 int smbfsinit(int fstyp, char *name);
80 111 void smbfsfini();
112 +
113 +#ifdef _KERNEL
81 114 static int smbfs_mount_label_policy(vfs_t *, void *, int, cred_t *);
115 +#endif /* _KERNEL */
82 116
83 117 /*
84 118 * SMBFS Mount options table for MS_OPTIONSTR
85 119 * Note: These are not all the options.
86 120 * Some options come in via MS_DATA.
87 121 * Others are generic (see vfs.c)
88 122 */
89 123 static char *intr_cancel[] = { MNTOPT_NOINTR, NULL };
90 124 static char *nointr_cancel[] = { MNTOPT_INTR, NULL };
91 125 static char *acl_cancel[] = { MNTOPT_NOACL, NULL };
92 126 static char *noacl_cancel[] = { MNTOPT_ACL, NULL };
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
93 127 static char *xattr_cancel[] = { MNTOPT_NOXATTR, NULL };
94 128 static char *noxattr_cancel[] = { MNTOPT_XATTR, NULL };
95 129
96 130 static mntopt_t mntopts[] = {
97 131 /*
98 132 * option name cancel option default arg flags
99 133 * ufs arg flag
100 134 */
101 135 { MNTOPT_INTR, intr_cancel, NULL, MO_DEFAULT, 0 },
102 136 { MNTOPT_NOINTR, nointr_cancel, NULL, 0, 0 },
103 - { MNTOPT_ACL, acl_cancel, NULL, MO_DEFAULT, 0 },
137 + { MNTOPT_ACL, acl_cancel, NULL, 0, 0 },
104 138 { MNTOPT_NOACL, noacl_cancel, NULL, 0, 0 },
105 139 { MNTOPT_XATTR, xattr_cancel, NULL, MO_DEFAULT, 0 },
106 - { MNTOPT_NOXATTR, noxattr_cancel, NULL, 0, 0 }
140 + { MNTOPT_NOXATTR, noxattr_cancel, NULL, 0, 0 },
141 +#ifndef _KERNEL
142 + /* See vfs_optionisset MNTOPT_NOAC below. */
143 + { MNTOPT_NOAC, NULL, NULL, 0, 0 },
144 +#endif /* !_KERNEL */
107 145 };
108 146
109 147 static mntopts_t smbfs_mntopts = {
110 148 sizeof (mntopts) / sizeof (mntopt_t),
111 149 mntopts
112 150 };
113 151
114 152 static const char fs_type_name[FSTYPSZ] = "smbfs";
115 153
116 154 static vfsdef_t vfw = {
117 155 VFSDEF_VERSION,
118 156 (char *)fs_type_name,
119 157 smbfsinit, /* init routine */
120 158 VSW_HASPROTO|VSW_NOTZONESAFE, /* flags */
121 159 &smbfs_mntopts /* mount options table prototype */
122 160 };
123 161
162 +#ifdef _KERNEL
124 163 static struct modlfs modlfs = {
125 164 &mod_fsops,
126 165 "SMBFS filesystem",
127 166 &vfw
128 167 };
129 168
130 169 static struct modlinkage modlinkage = {
131 170 MODREV_1, (void *)&modlfs, NULL
132 171 };
172 +#endif /* _KERNEL */
133 173
134 174 /*
135 175 * Mutex to protect the following variables:
136 176 * smbfs_major
137 177 * smbfs_minor
138 178 */
139 179 extern kmutex_t smbfs_minor_lock;
140 180 extern int smbfs_major;
141 181 extern int smbfs_minor;
142 182
143 183 /*
144 184 * Prevent unloads while we have mounts
145 185 */
146 186 uint32_t smbfs_mountcount;
147 187
148 188 /*
149 189 * smbfs vfs operations.
150 190 */
151 191 static int smbfs_mount(vfs_t *, vnode_t *, struct mounta *, cred_t *);
152 192 static int smbfs_unmount(vfs_t *, int, cred_t *);
153 193 static int smbfs_root(vfs_t *, vnode_t **);
154 194 static int smbfs_statvfs(vfs_t *, statvfs64_t *);
155 195 static int smbfs_sync(vfs_t *, short, cred_t *);
156 196 static void smbfs_freevfs(vfs_t *);
157 197
158 198 /*
159 199 * Module loading
160 200 */
161 201
162 202 /*
163 203 * This routine is invoked automatically when the kernel module
164 204 * containing this routine is loaded. This allows module specific
165 205 * initialization to be done when the module is loaded.
166 206 */
167 207 int
168 208 _init(void)
169 209 {
170 210 int error;
171 211
172 212 /*
173 213 * Check compiled-in version of "nsmb"
174 214 * that we're linked with. (paranoid)
175 215 */
176 216 if (nsmb_version != NSMB_VERSION) {
177 217 cmn_err(CE_WARN, "_init: nsmb version mismatch");
178 218 return (ENOTTY);
179 219 }
180 220
181 221 smbfs_mountcount = 0;
182 222
183 223 /*
184 224 * NFS calls these two in _clntinit
185 225 * Easier to follow this way.
186 226 */
187 227 if ((error = smbfs_subrinit()) != 0) {
188 228 cmn_err(CE_WARN, "_init: smbfs_subrinit failed");
189 229 return (error);
190 230 }
191 231
192 232 if ((error = smbfs_vfsinit()) != 0) {
193 233 cmn_err(CE_WARN, "_init: smbfs_vfsinit failed");
194 234 smbfs_subrfini();
|
↓ open down ↓ |
52 lines elided |
↑ open up ↑ |
195 235 return (error);
196 236 }
197 237
198 238 if ((error = smbfs_clntinit()) != 0) {
199 239 cmn_err(CE_WARN, "_init: smbfs_clntinit failed");
200 240 smbfs_vfsfini();
201 241 smbfs_subrfini();
202 242 return (error);
203 243 }
204 244
245 +#ifdef _KERNEL
205 246 error = mod_install((struct modlinkage *)&modlinkage);
247 +#else /* _KERNEL */
248 + error = fake_installfs(&vfw);
249 +#endif /* _KERNEL */
250 +
206 251 return (error);
207 252 }
208 253
209 254 /*
210 255 * Free kernel module resources that were allocated in _init
211 256 * and remove the linkage information into the kernel
212 257 */
213 258 int
214 259 _fini(void)
215 260 {
216 261 int error;
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
217 262
218 263 /*
219 264 * If a forcedly unmounted instance is still hanging around,
220 265 * we cannot allow the module to be unloaded because that would
221 266 * cause panics once the VFS framework decides it's time to call
222 267 * into VFS_FREEVFS().
223 268 */
224 269 if (smbfs_mountcount)
225 270 return (EBUSY);
226 271
272 +#ifdef _KERNEL
227 273 error = mod_remove(&modlinkage);
274 +#else /* _KERNEL */
275 + error = fake_removefs(&vfw);
276 +#endif /* _KERNEL */
228 277 if (error)
229 278 return (error);
230 279
231 280 /*
232 281 * Free the allocated smbnodes, etc.
233 282 */
234 283 smbfs_clntfini();
235 284
236 285 /* NFS calls these two in _clntfini */
237 286 smbfs_vfsfini();
238 287 smbfs_subrfini();
239 288
|
↓ open down ↓ |
2 lines elided |
↑ open up ↑ |
240 289 /*
241 290 * Free the ops vectors
242 291 */
243 292 smbfsfini();
244 293 return (0);
245 294 }
246 295
247 296 /*
248 297 * Return information about the module
249 298 */
299 +#ifdef _KERNEL
250 300 int
251 301 _info(struct modinfo *modinfop)
252 302 {
253 303 return (mod_info((struct modlinkage *)&modlinkage, modinfop));
254 304 }
305 +#endif /* _KERNEL */
255 306
256 307 /*
257 308 * Initialize the vfs structure
258 309 */
259 310
260 -int smbfsfstyp;
311 +int smbfs_fstyp;
261 312 vfsops_t *smbfs_vfsops = NULL;
262 313
263 314 static const fs_operation_def_t smbfs_vfsops_template[] = {
264 315 { VFSNAME_MOUNT, { .vfs_mount = smbfs_mount } },
265 316 { VFSNAME_UNMOUNT, { .vfs_unmount = smbfs_unmount } },
266 317 { VFSNAME_ROOT, { .vfs_root = smbfs_root } },
267 318 { VFSNAME_STATVFS, { .vfs_statvfs = smbfs_statvfs } },
268 319 { VFSNAME_SYNC, { .vfs_sync = smbfs_sync } },
269 320 { VFSNAME_VGET, { .error = fs_nosys } },
270 321 { VFSNAME_MOUNTROOT, { .error = fs_nosys } },
271 322 { VFSNAME_FREEVFS, { .vfs_freevfs = smbfs_freevfs } },
272 323 { NULL, NULL }
273 324 };
274 325
326 +/*
327 + * This is the VFS switch initialization routine, normally called
328 + * via vfssw[x].vsw_init by vfsinit() or mod_install
329 + */
275 330 int
276 331 smbfsinit(int fstyp, char *name)
277 332 {
278 333 int error;
279 334
280 335 error = vfs_setfsops(fstyp, smbfs_vfsops_template, &smbfs_vfsops);
281 336 if (error != 0) {
282 - zcmn_err(GLOBAL_ZONEID, CE_WARN,
337 + cmn_err(CE_WARN,
283 338 "smbfsinit: bad vfs ops template");
284 339 return (error);
285 340 }
286 341
287 342 error = vn_make_ops(name, smbfs_vnodeops_template, &smbfs_vnodeops);
288 343 if (error != 0) {
289 344 (void) vfs_freevfsops_by_type(fstyp);
290 - zcmn_err(GLOBAL_ZONEID, CE_WARN,
345 + cmn_err(CE_WARN,
291 346 "smbfsinit: bad vnode ops template");
292 347 return (error);
293 348 }
294 349
295 - smbfsfstyp = fstyp;
350 + smbfs_fstyp = fstyp;
296 351
297 352 return (0);
298 353 }
299 354
300 355 void
301 356 smbfsfini()
302 357 {
303 358 if (smbfs_vfsops) {
304 - (void) vfs_freevfsops_by_type(smbfsfstyp);
359 + (void) vfs_freevfsops_by_type(smbfs_fstyp);
305 360 smbfs_vfsops = NULL;
306 361 }
307 362 if (smbfs_vnodeops) {
308 363 vn_freevnodeops(smbfs_vnodeops);
309 364 smbfs_vnodeops = NULL;
310 365 }
311 366 }
312 367
313 368 void
314 369 smbfs_free_smi(smbmntinfo_t *smi)
315 370 {
316 371 if (smi == NULL)
317 372 return;
318 373
374 +#ifdef _KERNEL
319 375 if (smi->smi_zone_ref.zref_zone != NULL)
320 376 zone_rele_ref(&smi->smi_zone_ref, ZONE_REF_SMBFS);
377 +#endif /* _KERNEL */
321 378
322 379 if (smi->smi_share != NULL)
323 380 smb_share_rele(smi->smi_share);
324 381
325 382 avl_destroy(&smi->smi_hash_avl);
326 383 rw_destroy(&smi->smi_hash_lk);
327 384 cv_destroy(&smi->smi_statvfs_cv);
328 385 mutex_destroy(&smi->smi_lock);
329 386
330 387 kmem_free(smi, sizeof (smbmntinfo_t));
331 388 }
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
332 389
333 390 /*
334 391 * smbfs mount vfsop
335 392 * Set up mount info record and attach it to vfs struct.
336 393 */
337 394 static int
338 395 smbfs_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr)
339 396 {
340 397 char *data = uap->dataptr;
341 398 int error;
342 - smbnode_t *rtnp = NULL; /* root of this fs */
343 - smbmntinfo_t *smi = NULL;
344 - dev_t smbfs_dev;
345 - int version;
346 - int devfd;
347 - zone_t *zone = curproc->p_zone;
399 + smbnode_t *rtnp = NULL; /* root of this fs */
400 + smbmntinfo_t *smi = NULL;
401 + dev_t smbfs_dev;
402 + int version;
403 + int devfd;
404 + zone_t *zone = curzone;
405 +#ifdef _KERNEL
348 406 zone_t *mntzone = NULL;
349 - smb_share_t *ssp = NULL;
350 - smb_cred_t scred;
407 +#else /* _KERNEL */
408 + short minclsyspri = MINCLSYSPRI;
409 +#endif /* _KERNEL */
410 + smb_share_t *ssp = NULL;
411 + smb_cred_t scred;
351 412 int flags, sec;
352 -
353 413 STRUCT_DECL(smbfs_args, args); /* smbfs mount arguments */
354 414
415 +#ifdef _KERNEL
355 416 if ((error = secpolicy_fs_mount(cr, mvp, vfsp)) != 0)
356 417 return (error);
418 +#endif /* _KERNEL */
357 419
358 420 if (mvp->v_type != VDIR)
359 421 return (ENOTDIR);
360 422
361 423 /*
362 424 * get arguments
363 425 *
364 426 * uap->datalen might be different from sizeof (args)
365 427 * in a compatible situation.
366 428 */
429 +#ifdef _KERNEL
367 430 STRUCT_INIT(args, get_udatamodel());
368 431 bzero(STRUCT_BUF(args), SIZEOF_STRUCT(smbfs_args, DATAMODEL_NATIVE));
369 432 if (copyin(data, STRUCT_BUF(args), MIN(uap->datalen,
370 433 SIZEOF_STRUCT(smbfs_args, DATAMODEL_NATIVE))))
371 434 return (EFAULT);
435 +#else /* _KERNEL */
436 + bzero(&args, sizeof (args));
437 + if (copyin(data, &args, MIN(uap->datalen, sizeof (args))))
438 + return (EFAULT);
439 +#endif /* _KERNEL */
372 440
373 441 /*
374 442 * Check mount program version
375 443 */
376 444 version = STRUCT_FGET(args, version);
377 445 if (version != SMBFS_VERSION) {
378 446 cmn_err(CE_WARN, "mount version mismatch:"
379 447 " kernel=%d, mount=%d\n",
380 448 SMBFS_VERSION, version);
381 449 return (EINVAL);
382 450 }
383 451
384 452 /*
385 453 * Deal with re-mount requests.
386 454 */
387 455 if (uap->flags & MS_REMOUNT) {
388 456 cmn_err(CE_WARN, "MS_REMOUNT not implemented");
389 457 return (ENOTSUP);
390 458 }
391 459
392 460 /*
393 461 * Check for busy
394 462 */
395 463 mutex_enter(&mvp->v_lock);
396 464 if (!(uap->flags & MS_OVERLAY) &&
397 465 (mvp->v_count != 1 || (mvp->v_flag & VROOT))) {
398 466 mutex_exit(&mvp->v_lock);
399 467 return (EBUSY);
400 468 }
401 469 mutex_exit(&mvp->v_lock);
402 470
403 471 /*
404 472 * Get the "share" from the netsmb driver (ssp).
405 473 * It is returned with a "ref" (hold) for us.
406 474 * Release this hold: at errout below, or in
407 475 * smbfs_freevfs().
408 476 */
409 477 devfd = STRUCT_FGET(args, devfd);
410 478 error = smb_dev2share(devfd, &ssp);
411 479 if (error) {
|
↓ open down ↓ |
30 lines elided |
↑ open up ↑ |
412 480 cmn_err(CE_WARN, "invalid device handle %d (%d)\n",
413 481 devfd, error);
414 482 return (error);
415 483 }
416 484
417 485 /*
418 486 * Use "goto errout" from here on.
419 487 * See: ssp, smi, rtnp, mntzone
420 488 */
421 489
490 +#ifdef _KERNEL
422 491 /*
423 492 * Determine the zone we're being mounted into.
424 493 */
425 494 zone_hold(mntzone = zone); /* start with this assumption */
426 495 if (getzoneid() == GLOBAL_ZONEID) {
427 496 zone_rele(mntzone);
428 497 mntzone = zone_find_by_path(refstr_value(vfsp->vfs_mntpt));
429 498 ASSERT(mntzone != NULL);
430 499 if (mntzone != zone) {
431 500 error = EBUSY;
432 501 goto errout;
433 502 }
434 503 }
435 504
436 505 /*
437 506 * Stop the mount from going any further if the zone is going away.
438 507 */
439 508 if (zone_status_get(mntzone) >= ZONE_IS_SHUTTING_DOWN) {
440 509 error = EBUSY;
441 510 goto errout;
442 511 }
443 512
444 513 /*
445 514 * On a Trusted Extensions client, we may have to force read-only
446 515 * for read-down mounts.
447 516 */
448 517 if (is_system_labeled()) {
449 518 void *addr;
450 519 int ipvers = 0;
451 520 struct smb_vc *vcp;
452 521
453 522 vcp = SSTOVC(ssp);
454 523 addr = smb_vc_getipaddr(vcp, &ipvers);
|
↓ open down ↓ |
23 lines elided |
↑ open up ↑ |
455 524 error = smbfs_mount_label_policy(vfsp, addr, ipvers, cr);
456 525
457 526 if (error > 0)
458 527 goto errout;
459 528
460 529 if (error == -1) {
461 530 /* change mount to read-only to prevent write-down */
462 531 vfs_setmntopt(vfsp, MNTOPT_RO, NULL, 0);
463 532 }
464 533 }
534 +#endif /* _KERNEL */
465 535
466 536 /* Prevent unload. */
467 537 atomic_inc_32(&smbfs_mountcount);
468 538
469 539 /*
470 540 * Create a mount record and link it to the vfs struct.
471 541 * No more possiblities for errors from here on.
472 542 * Tear-down of this stuff is in smbfs_free_smi()
473 543 *
474 544 * Compare with NFS: nfsrootvp()
475 545 */
476 546 smi = kmem_zalloc(sizeof (*smi), KM_SLEEP);
|
↓ open down ↓ |
2 lines elided |
↑ open up ↑ |
477 547
478 548 mutex_init(&smi->smi_lock, NULL, MUTEX_DEFAULT, NULL);
479 549 cv_init(&smi->smi_statvfs_cv, NULL, CV_DEFAULT, NULL);
480 550
481 551 rw_init(&smi->smi_hash_lk, NULL, RW_DEFAULT, NULL);
482 552 smbfs_init_hash_avl(&smi->smi_hash_avl);
483 553
484 554 smi->smi_share = ssp;
485 555 ssp = NULL;
486 556
557 +#ifdef _KERNEL
487 558 /*
488 559 * Convert the anonymous zone hold acquired via zone_hold() above
489 560 * into a zone reference.
490 561 */
491 562 zone_init_ref(&smi->smi_zone_ref);
492 563 zone_hold_ref(mntzone, &smi->smi_zone_ref, ZONE_REF_SMBFS);
493 564 zone_rele(mntzone);
494 565 mntzone = NULL;
566 +#else /* _KERNEL */
567 + smi->smi_zone_ref.zref_zone = curzone;
568 +#endif /* _KERNEL */
495 569
496 570 /*
497 571 * Initialize option defaults
498 572 */
499 - smi->smi_flags = SMI_LLOCK;
500 573 smi->smi_acregmin = SEC2HR(SMBFS_ACREGMIN);
501 574 smi->smi_acregmax = SEC2HR(SMBFS_ACREGMAX);
502 575 smi->smi_acdirmin = SEC2HR(SMBFS_ACDIRMIN);
503 576 smi->smi_acdirmax = SEC2HR(SMBFS_ACDIRMAX);
577 + smi->smi_flags = SMI_LLOCK;
578 +#ifndef _KERNEL
579 + /* Always direct IO with fakekernel */
580 + smi->smi_flags |= SMI_DIRECTIO;
581 +#endif /* _KERNEL */
504 582
505 583 /*
506 584 * All "generic" mount options have already been
507 585 * handled in vfs.c:domount() - see mntopts stuff.
508 586 * Query generic options using vfs_optionisset().
587 + * Give ACL an adjustable system-wide default.
509 588 */
589 + if (smbfs_default_opt_acl ||
590 + vfs_optionisset(vfsp, MNTOPT_ACL, NULL))
591 + smi->smi_flags |= SMI_ACL;
592 + if (vfs_optionisset(vfsp, MNTOPT_NOACL, NULL))
593 + smi->smi_flags &= ~SMI_ACL;
510 594 if (vfs_optionisset(vfsp, MNTOPT_INTR, NULL))
511 595 smi->smi_flags |= SMI_INT;
512 - if (vfs_optionisset(vfsp, MNTOPT_ACL, NULL))
513 - smi->smi_flags |= SMI_ACL;
514 596
515 597 /*
516 598 * Get the mount options that come in as smbfs_args,
517 599 * starting with args.flags (SMBFS_MF_xxx)
518 600 */
519 601 flags = STRUCT_FGET(args, flags);
520 - smi->smi_uid = STRUCT_FGET(args, uid);
521 - smi->smi_gid = STRUCT_FGET(args, gid);
522 602 smi->smi_fmode = STRUCT_FGET(args, file_mode) & 0777;
523 603 smi->smi_dmode = STRUCT_FGET(args, dir_mode) & 0777;
604 +#ifdef _KERNEL
605 + smi->smi_uid = STRUCT_FGET(args, uid);
606 + smi->smi_gid = STRUCT_FGET(args, gid);
607 +#else /* _KERNEL */
608 + /*
609 + * Need uid/gid to match our fake cred we'll fail in
610 + * smbfs_access_rwx later.
611 + */
612 + smi->smi_uid = crgetuid(cr);
613 + smi->smi_gid = crgetgid(cr);
524 614
525 615 /*
616 + * Our user-level do_mount() passes the mount options sting
617 + * as-is, where the real mount program would convert some
618 + * of those options to bits set in smbfs_args.flags.
619 + * To avoid replicating all that conversion code, this
620 + * uses the generic vfs option support to handle those
621 + * option flag bits we need, i.e.: "noac"
622 + */
623 + if (vfs_optionisset(vfsp, MNTOPT_NOAC, NULL))
624 + flags |= SMBFS_MF_NOAC;
625 +#endif /* _KERNEL */
626 +
627 + /*
526 628 * Hande the SMBFS_MF_xxx flags.
527 629 */
528 630 if (flags & SMBFS_MF_NOAC)
529 631 smi->smi_flags |= SMI_NOAC;
530 632 if (flags & SMBFS_MF_ACREGMIN) {
531 633 sec = STRUCT_FGET(args, acregmin);
532 634 if (sec < 0 || sec > SMBFS_ACMINMAX)
533 635 sec = SMBFS_ACMINMAX;
534 636 smi->smi_acregmin = SEC2HR(sec);
535 637 }
536 638 if (flags & SMBFS_MF_ACREGMAX) {
537 639 sec = STRUCT_FGET(args, acregmax);
538 640 if (sec < 0 || sec > SMBFS_ACMAXMAX)
539 641 sec = SMBFS_ACMAXMAX;
540 642 smi->smi_acregmax = SEC2HR(sec);
541 643 }
542 644 if (flags & SMBFS_MF_ACDIRMIN) {
543 645 sec = STRUCT_FGET(args, acdirmin);
544 646 if (sec < 0 || sec > SMBFS_ACMINMAX)
545 647 sec = SMBFS_ACMINMAX;
546 648 smi->smi_acdirmin = SEC2HR(sec);
547 649 }
548 650 if (flags & SMBFS_MF_ACDIRMAX) {
549 651 sec = STRUCT_FGET(args, acdirmax);
550 652 if (sec < 0 || sec > SMBFS_ACMAXMAX)
551 653 sec = SMBFS_ACMAXMAX;
552 654 smi->smi_acdirmax = SEC2HR(sec);
553 655 }
554 656
555 657 /*
556 658 * Get attributes of the remote file system,
557 659 * i.e. ACL support, named streams, etc.
558 660 */
559 661 smb_credinit(&scred, cr);
560 662 error = smbfs_smb_qfsattr(smi->smi_share, &smi->smi_fsa, &scred);
561 663 smb_credrele(&scred);
562 664 if (error) {
563 665 SMBVDEBUG("smbfs_smb_qfsattr error %d\n", error);
564 666 }
565 667
566 668 /*
567 669 * We enable XATTR by default (via smbfs_mntopts)
568 670 * but if the share does not support named streams,
569 671 * force the NOXATTR option (also clears XATTR).
570 672 * Caller will set or clear VFS_XATTR after this.
571 673 */
572 674 if ((smi->smi_fsattr & FILE_NAMED_STREAMS) == 0)
573 675 vfs_setmntopt(vfsp, MNTOPT_NOXATTR, NULL, 0);
574 676
575 677 /*
576 678 * Ditto ACLs (disable if not supported on this share)
577 679 */
578 680 if ((smi->smi_fsattr & FILE_PERSISTENT_ACLS) == 0) {
579 681 vfs_setmntopt(vfsp, MNTOPT_NOACL, NULL, 0);
580 682 smi->smi_flags &= ~SMI_ACL;
581 683 }
582 684
583 685 /*
|
↓ open down ↓ |
48 lines elided |
↑ open up ↑ |
584 686 * Assign a unique device id to the mount
585 687 */
586 688 mutex_enter(&smbfs_minor_lock);
587 689 do {
588 690 smbfs_minor = (smbfs_minor + 1) & MAXMIN32;
589 691 smbfs_dev = makedevice(smbfs_major, smbfs_minor);
590 692 } while (vfs_devismounted(smbfs_dev));
591 693 mutex_exit(&smbfs_minor_lock);
592 694
593 695 vfsp->vfs_dev = smbfs_dev;
594 - vfs_make_fsid(&vfsp->vfs_fsid, smbfs_dev, smbfsfstyp);
696 + vfs_make_fsid(&vfsp->vfs_fsid, smbfs_dev, smbfs_fstyp);
595 697 vfsp->vfs_data = (caddr_t)smi;
596 - vfsp->vfs_fstype = smbfsfstyp;
698 + vfsp->vfs_fstype = smbfs_fstyp;
597 699 vfsp->vfs_bsize = MAXBSIZE;
598 700 vfsp->vfs_bcount = 0;
599 701
600 702 smi->smi_vfsp = vfsp;
601 703 smbfs_zonelist_add(smi); /* undo in smbfs_freevfs */
602 704
603 705 /* PSARC 2007/227 VFS Feature Registration */
604 706 vfs_set_feature(vfsp, VFSFT_XVATTR);
605 707 vfs_set_feature(vfsp, VFSFT_SYSATTR_VIEWS);
606 708
607 709 /*
608 710 * Create the root vnode, which we need in unmount
609 711 * for the call to smbfs_check_table(), etc.
|
↓ open down ↓ |
3 lines elided |
↑ open up ↑ |
610 712 * Release this hold in smbfs_unmount.
611 713 */
612 714 rtnp = smbfs_node_findcreate(smi, "\\", 1, NULL, 0, 0,
613 715 &smbfs_fattr0);
614 716 ASSERT(rtnp != NULL);
615 717 rtnp->r_vnode->v_type = VDIR;
616 718 rtnp->r_vnode->v_flag |= VROOT;
617 719 smi->smi_root = rtnp;
618 720
619 721 /*
722 + * Create a taskq for async work (i.e. putpage)
723 + */
724 + smi->smi_taskq = taskq_create_proc("smbfs",
725 + smbfs_tq_nthread, minclsyspri,
726 + smbfs_tq_nthread, smbfs_tq_nthread * 2,
727 + zone->zone_zsched, TASKQ_PREPOPULATE);
728 +
729 + /*
620 730 * NFS does other stuff here too:
621 731 * async worker threads
622 732 * init kstats
623 733 *
624 734 * End of code from NFS nfsrootvp()
625 735 */
626 736 return (0);
627 737
738 +#ifdef _KERNEL
628 739 errout:
629 740 vfsp->vfs_data = NULL;
630 741 if (smi != NULL)
631 742 smbfs_free_smi(smi);
632 743
633 744 if (mntzone != NULL)
634 745 zone_rele(mntzone);
635 746
636 747 if (ssp != NULL)
637 748 smb_share_rele(ssp);
638 749
639 750 return (error);
751 +#endif /* _KERNEL */
640 752 }
641 753
642 754 /*
643 755 * vfs operations
644 756 */
645 757 static int
646 758 smbfs_unmount(vfs_t *vfsp, int flag, cred_t *cr)
647 759 {
648 760 smbmntinfo_t *smi;
649 761 smbnode_t *rtnp;
650 762
651 763 smi = VFTOSMI(vfsp);
652 764
765 +#ifdef _KERNEL
653 766 if (secpolicy_fs_unmount(cr, vfsp) != 0)
654 767 return (EPERM);
768 +#endif /* _KERNEL */
655 769
656 770 if ((flag & MS_FORCE) == 0) {
657 771 smbfs_rflush(vfsp, cr);
658 772
659 773 /*
660 774 * If there are any active vnodes on this file system,
661 775 * (other than the root vnode) then the file system is
662 776 * busy and can't be umounted.
663 777 */
664 778 if (smbfs_check_table(vfsp, smi->smi_root))
665 779 return (EBUSY);
666 780
667 781 /*
668 782 * We normally hold a ref to the root vnode, so
669 783 * check for references beyond the one we expect:
670 784 * smbmntinfo_t -> smi_root
671 785 * Note that NFS does not hold the root vnode.
672 786 */
673 787 if (smi->smi_root &&
674 788 smi->smi_root->r_vnode->v_count > 1)
675 789 return (EBUSY);
676 790 }
677 791
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
678 792 /*
679 793 * common code for both forced and non-forced
680 794 *
681 795 * Setting VFS_UNMOUNTED prevents new operations.
682 796 * Operations already underway may continue,
683 797 * but not for long.
684 798 */
685 799 vfsp->vfs_flag |= VFS_UNMOUNTED;
686 800
687 801 /*
688 - * Shutdown any outstanding I/O requests on this share,
689 - * and force a tree disconnect. The share object will
690 - * continue to hang around until smb_share_rele().
691 - * This should also cause most active nodes to be
692 - * released as their operations fail with EIO.
693 - */
694 - smb_share_kill(smi->smi_share);
695 -
696 - /*
697 802 * If we hold the root VP (and we normally do)
698 803 * then it's safe to release it now.
699 804 */
700 805 if (smi->smi_root) {
701 806 rtnp = smi->smi_root;
702 807 smi->smi_root = NULL;
703 808 VN_RELE(rtnp->r_vnode); /* release root vnode */
704 809 }
705 810
706 811 /*
707 812 * Remove all nodes from the node hash tables.
708 813 * This (indirectly) calls: smbfs_addfree, smbinactive,
|
↓ open down ↓ |
2 lines elided |
↑ open up ↑ |
709 814 * which will try to flush dirty pages, etc. so
710 815 * don't destroy the underlying share just yet.
711 816 *
712 817 * Also, with a forced unmount, some nodes may
713 818 * remain active, and those will get cleaned up
714 819 * after their last vn_rele.
715 820 */
716 821 smbfs_destroy_table(vfsp);
717 822
718 823 /*
824 + * Shutdown any outstanding I/O requests on this share,
825 + * and force a tree disconnect. The share object will
826 + * continue to hang around until smb_share_rele().
827 + * This should also cause most active nodes to be
828 + * released as their operations fail with EIO.
829 + */
830 + smb_share_kill(smi->smi_share);
831 +
832 + /*
833 + * Any async taskq work should be giving up.
834 + * Wait for those to exit.
835 + */
836 + taskq_destroy(smi->smi_taskq);
837 +
838 + /*
719 839 * Delete our kstats...
720 840 *
721 841 * Doing it here, rather than waiting until
722 842 * smbfs_freevfs so these are not visible
723 843 * after the unmount.
724 844 */
725 845 if (smi->smi_io_kstats) {
726 846 kstat_delete(smi->smi_io_kstats);
727 847 smi->smi_io_kstats = NULL;
728 848 }
729 849 if (smi->smi_ro_kstats) {
730 850 kstat_delete(smi->smi_ro_kstats);
731 851 smi->smi_ro_kstats = NULL;
732 852 }
733 853
734 854 /*
735 855 * The rest happens in smbfs_freevfs()
736 856 */
737 857 return (0);
738 858 }
739 859
740 860
741 861 /*
742 862 * find root of smbfs
743 863 */
744 864 static int
745 865 smbfs_root(vfs_t *vfsp, vnode_t **vpp)
746 866 {
747 867 smbmntinfo_t *smi;
748 868 vnode_t *vp;
749 869
750 870 smi = VFTOSMI(vfsp);
751 871
752 872 if (curproc->p_zone != smi->smi_zone_ref.zref_zone)
753 873 return (EPERM);
754 874
755 875 if (smi->smi_flags & SMI_DEAD || vfsp->vfs_flag & VFS_UNMOUNTED)
756 876 return (EIO);
757 877
758 878 /*
759 879 * The root vp is created in mount and held
760 880 * until unmount, so this is paranoia.
761 881 */
762 882 if (smi->smi_root == NULL)
763 883 return (EIO);
764 884
765 885 /* Just take a reference and return it. */
766 886 vp = SMBTOV(smi->smi_root);
767 887 VN_HOLD(vp);
768 888 *vpp = vp;
769 889
770 890 return (0);
771 891 }
772 892
773 893 /*
774 894 * Get file system statistics.
775 895 */
776 896 static int
777 897 smbfs_statvfs(vfs_t *vfsp, statvfs64_t *sbp)
778 898 {
779 899 int error;
780 900 smbmntinfo_t *smi = VFTOSMI(vfsp);
781 901 smb_share_t *ssp = smi->smi_share;
782 902 statvfs64_t stvfs;
783 903 hrtime_t now;
784 904 smb_cred_t scred;
785 905
786 906 if (curproc->p_zone != smi->smi_zone_ref.zref_zone)
787 907 return (EPERM);
788 908
789 909 if (smi->smi_flags & SMI_DEAD || vfsp->vfs_flag & VFS_UNMOUNTED)
790 910 return (EIO);
791 911
792 912 mutex_enter(&smi->smi_lock);
793 913
794 914 /*
795 915 * Use cached result if still valid.
796 916 */
797 917 recheck:
798 918 now = gethrtime();
799 919 if (now < smi->smi_statfstime) {
800 920 error = 0;
801 921 goto cache_hit;
802 922 }
803 923
804 924 /*
805 925 * FS attributes are stale, so someone
806 926 * needs to do an OTW call to get them.
807 927 * Serialize here so only one thread
808 928 * does the OTW call.
809 929 */
810 930 if (smi->smi_status & SM_STATUS_STATFS_BUSY) {
811 931 smi->smi_status |= SM_STATUS_STATFS_WANT;
812 932 if (!cv_wait_sig(&smi->smi_statvfs_cv, &smi->smi_lock)) {
813 933 mutex_exit(&smi->smi_lock);
814 934 return (EINTR);
815 935 }
816 936 /* Hope status is valid now. */
817 937 goto recheck;
818 938 }
819 939 smi->smi_status |= SM_STATUS_STATFS_BUSY;
820 940 mutex_exit(&smi->smi_lock);
821 941
822 942 /*
823 943 * Do the OTW call. Note: lock NOT held.
824 944 */
825 945 smb_credinit(&scred, NULL);
826 946 bzero(&stvfs, sizeof (stvfs));
827 947 error = smbfs_smb_statfs(ssp, &stvfs, &scred);
828 948 smb_credrele(&scred);
829 949 if (error) {
830 950 SMBVDEBUG("statfs error=%d\n", error);
831 951 } else {
832 952
833 953 /*
834 954 * Set a few things the OTW call didn't get.
835 955 */
836 956 stvfs.f_frsize = stvfs.f_bsize;
837 957 stvfs.f_favail = stvfs.f_ffree;
838 958 stvfs.f_fsid = (unsigned long)vfsp->vfs_fsid.val[0];
839 959 bcopy(fs_type_name, stvfs.f_basetype, FSTYPSZ);
840 960 stvfs.f_flag = vf_to_stf(vfsp->vfs_flag);
841 961 stvfs.f_namemax = smi->smi_fsa.fsa_maxname;
842 962
843 963 /*
844 964 * Save the result, update lifetime
845 965 */
846 966 now = gethrtime();
847 967 smi->smi_statfstime = now +
848 968 (SM_MAX_STATFSTIME * (hrtime_t)NANOSEC);
849 969 smi->smi_statvfsbuf = stvfs; /* struct assign! */
850 970 }
851 971
852 972 mutex_enter(&smi->smi_lock);
853 973 if (smi->smi_status & SM_STATUS_STATFS_WANT)
854 974 cv_broadcast(&smi->smi_statvfs_cv);
855 975 smi->smi_status &= ~(SM_STATUS_STATFS_BUSY | SM_STATUS_STATFS_WANT);
856 976
857 977 /*
|
↓ open down ↓ |
129 lines elided |
↑ open up ↑ |
858 978 * Copy the statvfs data to caller's buf.
859 979 * Note: struct assignment
860 980 */
861 981 cache_hit:
862 982 if (error == 0)
863 983 *sbp = smi->smi_statvfsbuf;
864 984 mutex_exit(&smi->smi_lock);
865 985 return (error);
866 986 }
867 987
868 -static kmutex_t smbfs_syncbusy;
869 -
870 988 /*
871 989 * Flush dirty smbfs files for file system vfsp.
872 990 * If vfsp == NULL, all smbfs files are flushed.
873 991 */
874 992 /*ARGSUSED*/
875 993 static int
876 994 smbfs_sync(vfs_t *vfsp, short flag, cred_t *cr)
877 995 {
996 +
878 997 /*
879 - * Cross-zone calls are OK here, since this translates to a
880 - * VOP_PUTPAGE(B_ASYNC), which gets picked up by the right zone.
998 + * SYNC_ATTR is used by fsflush() to force old filesystems like UFS
999 + * to sync metadata, which they would otherwise cache indefinitely.
1000 + * Semantically, the only requirement is that the sync be initiated.
1001 + * Assume the server-side takes care of attribute sync.
881 1002 */
882 - if (!(flag & SYNC_ATTR) && mutex_tryenter(&smbfs_syncbusy) != 0) {
883 - smbfs_rflush(vfsp, cr);
884 - mutex_exit(&smbfs_syncbusy);
1003 + if (flag & SYNC_ATTR)
1004 + return (0);
1005 +
1006 + if (vfsp == NULL) {
1007 + /*
1008 + * Flush ALL smbfs mounts in this zone.
1009 + */
1010 + smbfs_flushall(cr);
1011 + return (0);
885 1012 }
886 1013
1014 + smbfs_rflush(vfsp, cr);
1015 +
887 1016 return (0);
888 1017 }
889 1018
890 1019 /*
891 1020 * Initialization routine for VFS routines. Should only be called once
892 1021 */
893 1022 int
894 1023 smbfs_vfsinit(void)
895 1024 {
896 - mutex_init(&smbfs_syncbusy, NULL, MUTEX_DEFAULT, NULL);
897 1025 return (0);
898 1026 }
899 1027
900 1028 /*
901 1029 * Shutdown routine for VFS routines. Should only be called once
902 1030 */
903 1031 void
904 1032 smbfs_vfsfini(void)
905 1033 {
906 - mutex_destroy(&smbfs_syncbusy);
907 1034 }
908 1035
909 1036 void
910 1037 smbfs_freevfs(vfs_t *vfsp)
911 1038 {
912 1039 smbmntinfo_t *smi;
913 1040
914 1041 /* free up the resources */
915 1042 smi = VFTOSMI(vfsp);
916 1043
917 1044 /*
918 1045 * By this time we should have already deleted the
919 1046 * smi kstats in the unmount code. If they are still around
920 1047 * something is wrong
921 1048 */
922 1049 ASSERT(smi->smi_io_kstats == NULL);
923 1050
|
↓ open down ↓ |
7 lines elided |
↑ open up ↑ |
924 1051 smbfs_zonelist_remove(smi);
925 1052
926 1053 smbfs_free_smi(smi);
927 1054
928 1055 /*
929 1056 * Allow _fini() to succeed now, if so desired.
930 1057 */
931 1058 atomic_dec_32(&smbfs_mountcount);
932 1059 }
933 1060
1061 +#ifdef _KERNEL
934 1062 /*
935 1063 * smbfs_mount_label_policy:
936 1064 * Determine whether the mount is allowed according to MAC check,
937 1065 * by comparing (where appropriate) label of the remote server
938 1066 * against the label of the zone being mounted into.
939 1067 *
940 1068 * Returns:
941 1069 * 0 : access allowed
942 1070 * -1 : read-only access allowed (i.e., read-down)
943 1071 * >0 : error code, such as EACCES
944 1072 *
945 1073 * NB:
946 1074 * NFS supports Cipso labels by parsing the vfs_resource
947 1075 * to see what the Solaris server global zone has shared.
948 1076 * We can't support that for CIFS since resource names
949 1077 * contain share names, not paths.
950 1078 */
951 1079 static int
952 1080 smbfs_mount_label_policy(vfs_t *vfsp, void *ipaddr, int addr_type, cred_t *cr)
953 1081 {
954 1082 bslabel_t *server_sl, *mntlabel;
955 1083 zone_t *mntzone = NULL;
956 1084 ts_label_t *zlabel;
957 1085 tsol_tpc_t *tp;
958 1086 ts_label_t *tsl = NULL;
959 1087 int retv;
960 1088
961 1089 /*
962 1090 * Get the zone's label. Each zone on a labeled system has a label.
963 1091 */
964 1092 mntzone = zone_find_by_any_path(refstr_value(vfsp->vfs_mntpt), B_FALSE);
965 1093 zlabel = mntzone->zone_slabel;
966 1094 ASSERT(zlabel != NULL);
967 1095 label_hold(zlabel);
968 1096
969 1097 retv = EACCES; /* assume the worst */
970 1098
971 1099 /*
972 1100 * Next, get the assigned label of the remote server.
973 1101 */
974 1102 tp = find_tpc(ipaddr, addr_type, B_FALSE);
975 1103 if (tp == NULL)
976 1104 goto out; /* error getting host entry */
977 1105
978 1106 if (tp->tpc_tp.tp_doi != zlabel->tsl_doi)
979 1107 goto rel_tpc; /* invalid domain */
980 1108 if ((tp->tpc_tp.host_type != UNLABELED))
981 1109 goto rel_tpc; /* invalid hosttype */
982 1110
983 1111 server_sl = &tp->tpc_tp.tp_def_label;
984 1112 mntlabel = label2bslabel(zlabel);
985 1113
986 1114 /*
987 1115 * Now compare labels to complete the MAC check. If the labels
988 1116 * are equal or if the requestor is in the global zone and has
989 1117 * NET_MAC_AWARE, then allow read-write access. (Except for
990 1118 * mounts into the global zone itself; restrict these to
991 1119 * read-only.)
992 1120 *
993 1121 * If the requestor is in some other zone, but their label
994 1122 * dominates the server, then allow read-down.
995 1123 *
996 1124 * Otherwise, access is denied.
997 1125 */
998 1126 if (blequal(mntlabel, server_sl) ||
999 1127 (crgetzoneid(cr) == GLOBAL_ZONEID &&
1000 1128 getpflags(NET_MAC_AWARE, cr) != 0)) {
1001 1129 if ((mntzone == global_zone) ||
1002 1130 !blequal(mntlabel, server_sl))
1003 1131 retv = -1; /* read-only */
1004 1132 else
1005 1133 retv = 0; /* access OK */
1006 1134 } else if (bldominates(mntlabel, server_sl)) {
1007 1135 retv = -1; /* read-only */
1008 1136 } else {
1009 1137 retv = EACCES;
1010 1138 }
1011 1139
1012 1140 if (tsl != NULL)
1013 1141 label_rele(tsl);
|
↓ open down ↓ |
70 lines elided |
↑ open up ↑ |
1014 1142
1015 1143 rel_tpc:
1016 1144 /*LINTED*/
1017 1145 TPC_RELE(tp);
1018 1146 out:
1019 1147 if (mntzone)
1020 1148 zone_rele(mntzone);
1021 1149 label_rele(zlabel);
1022 1150 return (retv);
1023 1151 }
1152 +#endif /* _KERNEL */
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX