Print this page
NEX-15035 Allow user ACE in ACL to match SID in token extra SIDs
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
NEX-15035 Allow user ACE in ACL to match SID in token extra SIDs
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/fs/zfs/sys/zfs_fuid.h
+++ new/usr/src/uts/common/fs/zfs/sys/zfs_fuid.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 + *
25 + * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
24 26 */
25 27
26 28 #ifndef _SYS_FS_ZFS_FUID_H
27 29 #define _SYS_FS_ZFS_FUID_H
28 30
29 31 #ifdef _KERNEL
30 32 #include <sys/kidmap.h>
31 33 #include <sys/sid.h>
32 34 #include <sys/dmu.h>
33 35 #include <sys/zfs_vfsops.h>
34 36 #endif
35 37 #include <sys/avl.h>
36 38
37 39 #ifdef __cplusplus
38 40 extern "C" {
39 41 #endif
40 42
41 43 typedef enum {
42 44 ZFS_OWNER,
43 45 ZFS_GROUP,
44 46 ZFS_ACE_USER,
45 47 ZFS_ACE_GROUP
46 48 } zfs_fuid_type_t;
47 49
48 50 /*
49 51 * Estimate space needed for one more fuid table entry.
50 52 * for now assume its current size + 1K
51 53 */
52 54 #define FUID_SIZE_ESTIMATE(z) ((z)->z_fuid_size + (SPA_MINBLOCKSIZE << 1))
53 55
54 56 #define FUID_INDEX(x) ((x) >> 32)
55 57 #define FUID_RID(x) ((x) & 0xffffffff)
56 58 #define FUID_ENCODE(idx, rid) (((uint64_t)(idx) << 32) | (rid))
57 59 /*
58 60 * FUIDs cause problems for the intent log
59 61 * we need to replay the creation of the FUID,
60 62 * but we can't count on the idmapper to be around
61 63 * and during replay the FUID index may be different than
62 64 * before. Also, if an ACL has 100 ACEs and 12 different
63 65 * domains we don't want to log 100 domain strings, but rather
64 66 * just the unique 12.
65 67 */
66 68
67 69 /*
68 70 * The FUIDs in the log will index into
69 71 * domain string table and the bottom half will be the rid.
70 72 * Used for mapping ephemeral uid/gid during ACL setting to FUIDs
71 73 */
72 74 typedef struct zfs_fuid {
73 75 list_node_t z_next;
74 76 uint64_t z_id; /* uid/gid being converted to fuid */
75 77 uint64_t z_domidx; /* index in AVL domain table */
76 78 uint64_t z_logfuid; /* index for domain in log */
77 79 } zfs_fuid_t;
78 80
79 81 /* list of unique domains */
80 82 typedef struct zfs_fuid_domain {
81 83 list_node_t z_next;
82 84 uint64_t z_domidx; /* AVL tree idx */
83 85 const char *z_domain; /* domain string */
84 86 } zfs_fuid_domain_t;
85 87
86 88 /*
87 89 * FUID information necessary for logging create, setattr, and setacl.
88 90 */
89 91 typedef struct zfs_fuid_info {
90 92 list_t z_fuids;
91 93 list_t z_domains;
92 94 uint64_t z_fuid_owner;
93 95 uint64_t z_fuid_group;
94 96 char **z_domain_table; /* Used during replay */
95 97 uint32_t z_fuid_cnt; /* How many fuids in z_fuids */
96 98 uint32_t z_domain_cnt; /* How many domains */
97 99 size_t z_domain_str_sz; /* len of domain strings z_domain list */
98 100 } zfs_fuid_info_t;
99 101
100 102 #ifdef _KERNEL
101 103 struct znode;
102 104 extern uid_t zfs_fuid_map_id(zfsvfs_t *, uint64_t, cred_t *, zfs_fuid_type_t);
103 105 extern void zfs_fuid_node_add(zfs_fuid_info_t **, const char *, uint32_t,
|
↓ open down ↓ |
70 lines elided |
↑ open up ↑ |
104 106 uint64_t, uint64_t, zfs_fuid_type_t);
105 107 extern void zfs_fuid_destroy(zfsvfs_t *);
106 108 extern uint64_t zfs_fuid_create_cred(zfsvfs_t *, zfs_fuid_type_t,
107 109 cred_t *, zfs_fuid_info_t **);
108 110 extern uint64_t zfs_fuid_create(zfsvfs_t *, uint64_t, cred_t *, zfs_fuid_type_t,
109 111 zfs_fuid_info_t **);
110 112 extern void zfs_fuid_map_ids(struct znode *zp, cred_t *cr,
111 113 uid_t *uid, uid_t *gid);
112 114 extern zfs_fuid_info_t *zfs_fuid_info_alloc(void);
113 115 extern void zfs_fuid_info_free(zfs_fuid_info_t *);
116 +extern boolean_t zfs_user_in_cred(zfsvfs_t *, uint64_t, cred_t *);
114 117 extern boolean_t zfs_groupmember(zfsvfs_t *, uint64_t, cred_t *);
115 118 void zfs_fuid_sync(zfsvfs_t *, dmu_tx_t *);
116 119 extern int zfs_fuid_find_by_domain(zfsvfs_t *, const char *domain,
117 120 char **retdomain, boolean_t addok);
118 121 extern const char *zfs_fuid_find_by_idx(zfsvfs_t *zfsvfs, uint32_t idx);
119 122 extern void zfs_fuid_txhold(zfsvfs_t *zfsvfs, dmu_tx_t *tx);
120 123 #endif
121 124
122 125 char *zfs_fuid_idx_domain(avl_tree_t *, uint32_t);
123 126 void zfs_fuid_avl_tree_create(avl_tree_t *, avl_tree_t *);
124 127 uint64_t zfs_fuid_table_load(objset_t *, uint64_t, avl_tree_t *, avl_tree_t *);
125 128 void zfs_fuid_table_destroy(avl_tree_t *, avl_tree_t *);
126 129
127 130 #ifdef __cplusplus
128 131 }
129 132 #endif
130 133
131 134 #endif /* _SYS_FS_ZFS_FUID_H */
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX