zfs_fuid.c revision 3b12c289fe048d2e1698e22811cbfd6d3b3ed96e
2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 2N/A * Use is subject to license terms. 2N/A * FUID Domain table(s). 2N/A * The FUID table is stored as a packed nvlist of an array 2N/A * of nvlists which contain an index, domain string and offset 2N/A * During file system initialization the nvlist(s) are read and 2N/A * two AVL trees are created. One tree is keyed by the index number 2N/A * and the other by the domain string. Nodes are never removed from 2N/A * trees, but new entries may be added. If a new entry is added then 2N/A * the zfsvfs->z_fuid_dirty flag is set to true and the caller will then 2N/A * be responsible for calling zfs_fuid_sync() to sync the changes to disk. 2N/A * Compare two indexes. 2N/A * Compare two domain strings. 2N/A * load initial fuid domain and idx trees. This function is used by 2N/A * both the kernel and zdb. 2N/A * Load the fuid table(s) into memory. 2N/A * sync out AVL trees to persistent storage. 2N/A * First see if table needs to be created? 2N/A * Query domain table for a given domain. 2N/A * If domain isn't found and addok is set, it is added to AVL trees and 2N/A * the zfsvfs->z_fuid_dirty flag will be set to TRUE. It will then be 2N/A * necessary for the caller or another thread to detect the dirty table 2N/A * and sync out the changes. 2N/A * If the dummy "nobody" domain then return an index of 0 2N/A * to cause the created FUID to be a standard POSIX id 2N/A * for the user nobody. 2N/A * Query domain table by index, returning domain string 2N/A * Returns a pointer from an avl node of the domain string. 2N/A * Add a FUID node to the list of fuid's being created for this 2N/A * If ACL has multiple domains, then keep only one copy of each unique 2N/A * First find fuid domain index in linked list 2N/A * If one isn't found then create an entry. 2N/A * Now allocate fuid entry and add it on the end of the list 2N/A * Create a file system FUID, based on information in the users cred 2N/A * Create a file system FUID for an ACL ace 2N/A * This is similar to zfs_fuid_create_cred, except that 2N/A * we can't find the domain + rid information in the 2N/A * cred. Instead we have to query Winchester for the 2N/A * During replay operations the domain+rid information is 2N/A * found in the zfs_fuid_info_t that the replay code has 2N/A * attached to the zfsvfs of the file system. 2N/A * If POSIX ID, or entry is already a FUID then 2N/A * just return the id 2N/A * We may also be handed an already FUID'ized id via 2N/A * If we are passed an ephemeral id, but no 2N/A * fuid_info was logged then return NOBODY. 2N/A * This is most likely a result of idmap service 2N/A * not being available. 2N/A * When returning nobody we will need to 2N/A * make a dummy fuid table entry for logging 2N/A * Allocate zfs_fuid_info for tracking FUIDs created during 2N/A * zfs_mknode, VOP_SETATTR() or VOP_SETSECATTR() 2N/A * Release all memory associated with zfs_fuid_info_t 2N/A * Check to see if id is a groupmember. If cred 2N/A * has ksid info then sidlist is checked first 2N/A * and if still not found then POSIX groups are checked 2N/A * Will use a straight FUID compare when possible. 2N/A * Not found in ksidlist, check posix groups