zfs_fuid.c revision 1209a471b5681c43d839d4b890f708f500da7346
d9638e547d8811f2c689977f8dd2a353938b61fdmws * CDDL HEADER START
d9638e547d8811f2c689977f8dd2a353938b61fdmws * The contents of this file are subject to the terms of the
6925cc42fcfffef1cafe5a65944be35a27987b37cindi * Common Development and Distribution License (the "License").
6925cc42fcfffef1cafe5a65944be35a27987b37cindi * You may not use this file except in compliance with the License.
d9638e547d8811f2c689977f8dd2a353938b61fdmws * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
d9638e547d8811f2c689977f8dd2a353938b61fdmws * See the License for the specific language governing permissions
d9638e547d8811f2c689977f8dd2a353938b61fdmws * and limitations under the License.
d9638e547d8811f2c689977f8dd2a353938b61fdmws * When distributing Covered Code, include this CDDL HEADER in each
d9638e547d8811f2c689977f8dd2a353938b61fdmws * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
d9638e547d8811f2c689977f8dd2a353938b61fdmws * If applicable, add the following below this CDDL HEADER, with the
d9638e547d8811f2c689977f8dd2a353938b61fdmws * fields enclosed by brackets "[]" replaced with your own identifying
d9638e547d8811f2c689977f8dd2a353938b61fdmws * information: Portions Copyright [yyyy] [name of copyright owner]
d9638e547d8811f2c689977f8dd2a353938b61fdmws * CDDL HEADER END
d9638e547d8811f2c689977f8dd2a353938b61fdmws * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * Use is subject to license terms.
d9638e547d8811f2c689977f8dd2a353938b61fdmws * FUID Domain table(s).
d9638e547d8811f2c689977f8dd2a353938b61fdmws * The FUID table is stored as a packed nvlist of an array
d9638e547d8811f2c689977f8dd2a353938b61fdmws * of nvlists which contain an index, domain string and offset
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * During file system initialization the nvlist(s) are read and
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * two AVL trees are created. One tree is keyed by the index number
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * and the other by the domain string. Nodes are never removed from
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * trees, but new entries may be added. If a new entry is added then the
d9638e547d8811f2c689977f8dd2a353938b61fdmws * on-disk packed nvlist will also be updated.
d9638e547d8811f2c689977f8dd2a353938b61fdmwstypedef struct fuid_domain {
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * Compare two indexes.
d9638e547d8811f2c689977f8dd2a353938b61fdmws return (-1);
dc8f2b859f821ae6843b73f65d2468778f15cdbaJames Kremer * Compare two domain strings.
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer val = strcmp(node1->f_ksid->kd_name, node2->f_ksid->kd_name);
d9638e547d8811f2c689977f8dd2a353938b61fdmws return (0);
d9638e547d8811f2c689977f8dd2a353938b61fdmws * load initial fuid domain and idx trees. This function is used by
d9638e547d8811f2c689977f8dd2a353938b61fdmws * both the kernel and zdb.
d9638e547d8811f2c689977f8dd2a353938b61fdmwszfs_fuid_table_load(objset_t *os, uint64_t fuid_obj, avl_tree_t *idx_tree,
d9638e547d8811f2c689977f8dd2a353938b61fdmws sizeof (fuid_domain_t), offsetof(fuid_domain_t, f_idxnode));
cbf75e67acb6c32a2f4884f28a839d59f7988d37Stephen Hanson sizeof (fuid_domain_t), offsetof(fuid_domain_t, f_domnode));
cbf75e67acb6c32a2f4884f28a839d59f7988d37Stephen Hanson VERIFY(0 == dmu_bonus_hold(os, fuid_obj, FTAG, &db));
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer VERIFY(dmu_read(os, fuid_obj, 0, fuid_size, packed) == 0);
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer VERIFY(nvlist_lookup_nvlist_array(nvp, FUID_NVP_ARRAY,
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer for (i = 0; i != count; i++) {
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer VERIFY(nvlist_lookup_string(fuidnvp[i], FUID_DOMAIN,
af9cbda568b929fc35782877e1d8bb0c2a856802James Kremerzfs_fuid_table_destroy(avl_tree_t *idx_tree, avl_tree_t *domain_tree)
d9638e547d8811f2c689977f8dd2a353938b61fdmws while (domnode = avl_destroy_nodes(domain_tree, &cookie))
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer while (domnode = avl_destroy_nodes(idx_tree, &cookie))
d9638e547d8811f2c689977f8dd2a353938b61fdmws return (findnode ? findnode->f_ksid->kd_name : nulldomain);
d9638e547d8811f2c689977f8dd2a353938b61fdmws * Load the fuid table(s) into memory.
d9638e547d8811f2c689977f8dd2a353938b61fdmwsstatic void
d9638e547d8811f2c689977f8dd2a353938b61fdmws /* first make sure we need to allocate object */
af9cbda568b929fc35782877e1d8bb0c2a856802James Kremer * Query domain table for a given domain.
af9cbda568b929fc35782877e1d8bb0c2a856802James Kremer * If domain isn't found it is added to AVL trees and
af9cbda568b929fc35782877e1d8bb0c2a856802James Kremer * the results are pushed out to disk.
af9cbda568b929fc35782877e1d8bb0c2a856802James Kremerzfs_fuid_find_by_domain(zfsvfs_t *zfsvfs, const char *domain, char **retdomain,
af9cbda568b929fc35782877e1d8bb0c2a856802James Kremer * If the dummy "nobody" domain then return an index of 0
af9cbda568b929fc35782877e1d8bb0c2a856802James Kremer * to cause the created FUID to be a standard POSIX id
dc8f2b859f821ae6843b73f65d2468778f15cdbaJames Kremer * for the user nobody.
d9638e547d8811f2c689977f8dd2a353938b61fdmws findnode = avl_find(&zfsvfs->z_fuid_domain, &searchnode, &loc);
d9638e547d8811f2c689977f8dd2a353938b61fdmws int i = 0;
d9638e547d8811f2c689977f8dd2a353938b61fdmws if (rw == RW_READER && !rw_tryupgrade(&zfsvfs->z_fuid_lock)) {
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer retidx = domnode->f_idx = avl_numnodes(&zfsvfs->z_fuid_idx) + 1;
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * Now resync the on-disk nvlist.
dc8f2b859f821ae6843b73f65d2468778f15cdbaJames Kremer VERIFY(nvlist_alloc(&nvp, NV_UNIQUE_NAME, KM_SLEEP) == 0);
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer VERIFY(nvlist_add_string(fuids[i++], FUID_DOMAIN,
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer domnode = AVL_NEXT(&zfsvfs->z_fuid_domain, domnode);
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer VERIFY(nvlist_add_nvlist_array(nvp, FUID_NVP_ARRAY,
d9638e547d8811f2c689977f8dd2a353938b61fdmws for (i = 0; i != retidx; i++)
d9638e547d8811f2c689977f8dd2a353938b61fdmws VERIFY(0 == dmu_bonus_hold(zfsvfs->z_os, zfsvfs->z_fuid_obj,
d9638e547d8811f2c689977f8dd2a353938b61fdmws * Query domain table by index, returning domain string
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * Returns a pointer from an avl node of the domain string.
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremerstatic char *
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremerzfs_fuid_find_by_idx(zfsvfs_t *zfsvfs, uint32_t idx)
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer domain = zfs_fuid_idx_domain(&zfsvfs->z_fuid_idx, idx);
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremerzfs_fuid_map_ids(znode_t *zp, cred_t *cr, uid_t *uidp, uid_t *gidp)
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer *uidp = zfs_fuid_map_id(zp->z_zfsvfs, zp->z_phys->zp_uid,
d9638e547d8811f2c689977f8dd2a353938b61fdmws *gidp = zfs_fuid_map_id(zp->z_zfsvfs, zp->z_phys->zp_gid,
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer (void) kidmap_getgidbysid(crgetzone(cr), domain,
d9638e547d8811f2c689977f8dd2a353938b61fdmws * Add a FUID node to the list of fuid's being created for this
d9638e547d8811f2c689977f8dd2a353938b61fdmws * If ACL has multiple domains, then keep only one copy of each unique
d9638e547d8811f2c689977f8dd2a353938b61fdmwsstatic void
d9638e547d8811f2c689977f8dd2a353938b61fdmwszfs_fuid_node_add(zfs_fuid_info_t **fuidpp, const char *domain, uint32_t rid,
d9638e547d8811f2c689977f8dd2a353938b61fdmws * First find fuid domain index in linked list
d9638e547d8811f2c689977f8dd2a353938b61fdmws * If one isn't found then create an entry.
d9638e547d8811f2c689977f8dd2a353938b61fdmws for (fuididx = 1, fuid_domain = list_head(&fuidp->z_domains);
cbf75e67acb6c32a2f4884f28a839d59f7988d37Stephen Hanson fuid_domain = kmem_alloc(sizeof (zfs_fuid_domain_t), KM_SLEEP);
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer if (type == ZFS_ACE_USER || type == ZFS_ACE_GROUP) {
d9638e547d8811f2c689977f8dd2a353938b61fdmws * Now allocate fuid entry and add it on the end of the list
d9638e547d8811f2c689977f8dd2a353938b61fdmws * Create a file system FUID, based on information in the users cred
d9638e547d8811f2c689977f8dd2a353938b61fdmwszfs_fuid_create_cred(zfsvfs_t *zfsvfs, zfs_fuid_type_t type,
d9638e547d8811f2c689977f8dd2a353938b61fdmws const char *domain;
d9638e547d8811f2c689977f8dd2a353938b61fdmws ksid = crgetsid(cr, (type == ZFS_OWNER) ? KSID_OWNER : KSID_GROUP);
af9cbda568b929fc35782877e1d8bb0c2a856802James Kremer if (!zfsvfs->z_use_fuids || (!IS_EPHEMERAL(id)))
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, tx);
d9638e547d8811f2c689977f8dd2a353938b61fdmws * Create a file system FUID for an ACL ace
d9638e547d8811f2c689977f8dd2a353938b61fdmws * or a chown/chgrp of the file.
d9638e547d8811f2c689977f8dd2a353938b61fdmws * This is similar to zfs_fuid_create_cred, except that
d9638e547d8811f2c689977f8dd2a353938b61fdmws * we can't find the domain + rid information in the
d9638e547d8811f2c689977f8dd2a353938b61fdmws * cred. Instead we have to query Winchester for the
dc8f2b859f821ae6843b73f65d2468778f15cdbaJames Kremer * domain and rid.
dc8f2b859f821ae6843b73f65d2468778f15cdbaJames Kremer * During replay operations the domain+rid information is
d9638e547d8811f2c689977f8dd2a353938b61fdmws * found in the zfs_fuid_info_t that the replay code has
d9638e547d8811f2c689977f8dd2a353938b61fdmws * attached to the zfsvfs of the file system.
d9638e547d8811f2c689977f8dd2a353938b61fdmwszfs_fuid_create(zfsvfs_t *zfsvfs, uint64_t id, cred_t *cr,
d9638e547d8811f2c689977f8dd2a353938b61fdmws zfs_fuid_type_t type, dmu_tx_t *tx, zfs_fuid_info_t **fuidpp)
d9638e547d8811f2c689977f8dd2a353938b61fdmws * If POSIX ID, or entry is already a FUID then
d9638e547d8811f2c689977f8dd2a353938b61fdmws * just return the id
d9638e547d8811f2c689977f8dd2a353938b61fdmws * We may also be handed an already FUID'ized id via
d9638e547d8811f2c689977f8dd2a353938b61fdmws if (!zfsvfs->z_use_fuids || !IS_EPHEMERAL(id) || fuid_idx != 0)
d9638e547d8811f2c689977f8dd2a353938b61fdmws * If we are passed an ephemeral id, but no
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * fuid_info was logged then return NOBODY.
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * This is most likely a result of idmap service
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * not being available.
d9638e547d8811f2c689977f8dd2a353938b61fdmws switch (type) {
d9638e547d8811f2c689977f8dd2a353938b61fdmws if (status != 0) {
d9638e547d8811f2c689977f8dd2a353938b61fdmws * When returning nobody we will need to
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * make a dummy fuid table entry for logging
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, tx);
cbf75e67acb6c32a2f4884f28a839d59f7988d37Stephen Hanson zfs_fuid_table_destroy(&zfsvfs->z_fuid_idx, &zfsvfs->z_fuid_domain);
dc8f2b859f821ae6843b73f65d2468778f15cdbaJames Kremer * Allocate zfs_fuid_info for tracking FUIDs created during
dc8f2b859f821ae6843b73f65d2468778f15cdbaJames Kremer * zfs_mknode, VOP_SETATTR() or VOP_SETSECATTR()
cbf75e67acb6c32a2f4884f28a839d59f7988d37Stephen Hanson fuidp = kmem_zalloc(sizeof (zfs_fuid_info_t), KM_SLEEP);
cbf75e67acb6c32a2f4884f28a839d59f7988d37Stephen Hanson list_create(&fuidp->z_domains, sizeof (zfs_fuid_domain_t),
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer list_create(&fuidp->z_fuids, sizeof (zfs_fuid_t),
d9638e547d8811f2c689977f8dd2a353938b61fdmws * Release all memory associated with zfs_fuid_info_t
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer while ((zdomain = list_head(&fuidp->z_domains)) != NULL) {
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * Check to see if id is a groupmember. If cred
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * has ksid info then sidlist is checked first
d9638e547d8811f2c689977f8dd2a353938b61fdmws * and if still not found then POSIX groups are checked
d9638e547d8811f2c689977f8dd2a353938b61fdmws * Will use a straight FUID compare when possible.
d9638e547d8811f2c689977f8dd2a353938b61fdmwszfs_groupmember(zfsvfs_t *zfsvfs, uint64_t id, cred_t *cr)
b5875ddd9f650174db2616fc7cc262d30eb77bf0James Kremer * Not found in ksidlist, check posix groups