Print this page 
*** NO COMMENTS ***


 668 
 669         return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
 670 }
 671 
 672 static int
 673 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr)
 674 {
 675         return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
 676 }
 677 
 678 /*
 679  * Destroying snapshots with delegated permissions requires
 680  * descendent mount and destroy permissions.
 681  * Reassemble the full filesystem@snap name so dsl_deleg_access()
 682  * can do the correct permission check.
 683  *
 684  * Since this routine is used when doing a recursive destroy of snapshots
 685  * and destroying snapshots requires descendent permissions, a successfull
 686  * check of the top level snapshot applies to snapshots of all descendent
 687  * datasets as well.



 688  */
 689 static int
 690 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, cred_t *cr)
 691 {
 692         int error;
 693         char *dsname;
 694 
 695         dsname = kmem_asprintf("%s@%s", zc->zc_name, zc->zc_value);
 696 
 697         error = zfs_secpolicy_destroy_perms(dsname, cr);
 698 



 699         strfree(dsname);
 700         return (error);
 701 }
 702 
 703 int
 704 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
 705 {
 706         char    parentname[MAXNAMELEN];
 707         int     error;
 708 
 709         if ((error = zfs_secpolicy_write_perms(from,
 710             ZFS_DELEG_PERM_RENAME, cr)) != 0)
 711                 return (error);
 712 
 713         if ((error = zfs_secpolicy_write_perms(from,
 714             ZFS_DELEG_PERM_MOUNT, cr)) != 0)
 715                 return (error);
 716 
 717         if ((error = zfs_get_parent(to, parentname,
 718             sizeof (parentname))) != 0)




 668 
 669         return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
 670 }
 671 
 672 static int
 673 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr)
 674 {
 675         return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
 676 }
 677 
 678 /*
 679  * Destroying snapshots with delegated permissions requires
 680  * descendent mount and destroy permissions.
 681  * Reassemble the full filesystem@snap name so dsl_deleg_access()
 682  * can do the correct permission check.
 683  *
 684  * Since this routine is used when doing a recursive destroy of snapshots
 685  * and destroying snapshots requires descendent permissions, a successfull
 686  * check of the top level snapshot applies to snapshots of all descendent
 687  * datasets as well.
 688  *
 689  * The target snapshot may not exist when doing a recursive destroy.
 690  * In this case fallback to permissions of the parent dataset.
 691  */
 692 static int
 693 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, cred_t *cr)
 694 {
 695         int error;
 696         char *dsname;
 697 
 698         dsname = kmem_asprintf("%s@%s", zc->zc_name, zc->zc_value);
 699 
 700         error = zfs_secpolicy_destroy_perms(dsname, cr);
 701 
 702         if (error == ENOENT)
 703                 error = zfs_secpolicy_destroy_perms(zc->zc_name, cr);
 704 
 705         strfree(dsname);
 706         return (error);
 707 }
 708 
 709 int
 710 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
 711 {
 712         char    parentname[MAXNAMELEN];
 713         int     error;
 714 
 715         if ((error = zfs_secpolicy_write_perms(from,
 716             ZFS_DELEG_PERM_RENAME, cr)) != 0)
 717                 return (error);
 718 
 719         if ((error = zfs_secpolicy_write_perms(from,
 720             ZFS_DELEG_PERM_MOUNT, cr)) != 0)
 721                 return (error);
 722 
 723         if ((error = zfs_get_parent(to, parentname,
 724             sizeof (parentname))) != 0)