fs/zfs/zfs_acl.c

789Sahrens/*
789Sahrens * CDDL HEADER START
789Sahrens *
789Sahrens * The contents of this file are subject to the terms of the
1544Seschrock * Common Development and Distribution License (the "License").
1544Seschrock * You may not use this file except in compliance with the License.
789Sahrens *
789Sahrens * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
789Sahrens * or http://www.opensolaris.org/os/licensing.
789Sahrens * See the License for the specific language governing permissions
789Sahrens * and limitations under the License.
789Sahrens *
789Sahrens * When distributing Covered Code, include this CDDL HEADER in each
789Sahrens * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
789Sahrens * If applicable, add the following below this CDDL HEADER, with the
789Sahrens * fields enclosed by brackets "[]" replaced with your own identifying
789Sahrens * information: Portions Copyright [yyyy] [name of copyright owner]
789Sahrens *
789Sahrens * CDDL HEADER END
789Sahrens */
789Sahrens/*
4300Smarks * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
789Sahrens * Use is subject to license terms.
789Sahrens */
789Sahrens
789Sahrens#pragma ident	"%Z%%M%	%I%	%E% SMI"
789Sahrens
789Sahrens#include <sys/types.h>
789Sahrens#include <sys/param.h>
789Sahrens#include <sys/time.h>
789Sahrens#include <sys/systm.h>
789Sahrens#include <sys/sysmacros.h>
789Sahrens#include <sys/resource.h>
789Sahrens#include <sys/vfs.h>
789Sahrens#include <sys/vnode.h>
*5331Samw#include <sys/sid.h>
789Sahrens#include <sys/file.h>
789Sahrens#include <sys/stat.h>
789Sahrens#include <sys/kmem.h>
789Sahrens#include <sys/cmn_err.h>
789Sahrens#include <sys/errno.h>
789Sahrens#include <sys/unistd.h>
1576Smarks#include <sys/sdt.h>
789Sahrens#include <sys/fs/zfs.h>
789Sahrens#include <sys/mode.h>
789Sahrens#include <sys/policy.h>
789Sahrens#include <sys/zfs_znode.h>
*5331Samw#include <sys/zfs_fuid.h>
789Sahrens#include <sys/zfs_acl.h>
789Sahrens#include <sys/zfs_dir.h>
789Sahrens#include <sys/zfs_vfsops.h>
789Sahrens#include <sys/dmu.h>
*5331Samw#include <sys/dnode.h>
789Sahrens#include <sys/zap.h>
789Sahrens#include "fs/fs_subr.h"
789Sahrens#include <acl/acl_common.h>
789Sahrens
789Sahrens#define	ALLOW	ACE_ACCESS_ALLOWED_ACE_TYPE
789Sahrens#define	DENY	ACE_ACCESS_DENIED_ACE_TYPE
*5331Samw#define	MAX_ACE_TYPE	ACE_SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE
789Sahrens
789Sahrens#define	OWNING_GROUP		(ACE_GROUP|ACE_IDENTIFIER_GROUP)
789Sahrens#define	EVERYONE_ALLOW_MASK (ACE_READ_ACL|ACE_READ_ATTRIBUTES | \
789Sahrens    ACE_READ_NAMED_ATTRS|ACE_SYNCHRONIZE)
789Sahrens#define	EVERYONE_DENY_MASK (ACE_WRITE_ACL|ACE_WRITE_OWNER | \
789Sahrens    ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS)
789Sahrens#define	OWNER_ALLOW_MASK (ACE_WRITE_ACL | ACE_WRITE_OWNER | \
789Sahrens    ACE_WRITE_ATTRIBUTES|ACE_WRITE_NAMED_ATTRS)
*5331Samw#define	WRITE_MASK_DATA (ACE_WRITE_DATA|ACE_APPEND_DATA|ACE_WRITE_NAMED_ATTRS)
*5331Samw
*5331Samw#define	ZFS_CHECKED_MASKS (ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_DATA| \
*5331Samw    ACE_READ_NAMED_ATTRS|ACE_WRITE_DATA|ACE_WRITE_ATTRIBUTES| \
*5331Samw    ACE_WRITE_NAMED_ATTRS|ACE_APPEND_DATA|ACE_EXECUTE|ACE_WRITE_OWNER| \
*5331Samw    ACE_WRITE_ACL|ACE_DELETE|ACE_DELETE_CHILD|ACE_SYNCHRONIZE)
*5331Samw
*5331Samw#define	WRITE_MASK (WRITE_MASK_DATA|ACE_WRITE_ATTRIBUTES|ACE_WRITE_ACL|\
*5331Samw    ACE_WRITE_OWNER)
789Sahrens
789Sahrens#define	OGE_CLEAR	(ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \
789Sahrens    ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE)
789Sahrens
789Sahrens#define	OKAY_MASK_BITS (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \
789Sahrens    ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_EXECUTE)
789Sahrens
789Sahrens#define	ALL_INHERIT	(ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE | \
*5331Samw    ACE_NO_PROPAGATE_INHERIT_ACE|ACE_INHERIT_ONLY_ACE|ACE_INHERITED_ACE)
789Sahrens
1576Smarks#define	SECURE_CLEAR	(ACE_WRITE_ACL|ACE_WRITE_OWNER)
789Sahrens
*5331Samw#define	V4_ACL_WIDE_FLAGS (ZFS_ACL_AUTO_INHERIT|ZFS_ACL_DEFAULTED|\
*5331Samw    ZFS_ACL_PROTECTED)
*5331Samw
*5331Samw#define	ZFS_ACL_WIDE_FLAGS (V4_ACL_WIDE_FLAGS|ZFS_ACL_TRIVIAL|ZFS_INHERIT_ACE|\
*5331Samw    ZFS_ACL_OBJ_ACE)
*5331Samw
*5331Samwstatic uint16_t
*5331Samwzfs_ace_v0_get_type(void *acep)
*5331Samw{
*5331Samw	return (((zfs_oldace_t *)acep)->z_type);
*5331Samw}
*5331Samw
*5331Samwstatic uint16_t
*5331Samwzfs_ace_v0_get_flags(void *acep)
*5331Samw{
*5331Samw	return (((zfs_oldace_t *)acep)->z_flags);
*5331Samw}
*5331Samw
*5331Samwstatic uint32_t
*5331Samwzfs_ace_v0_get_mask(void *acep)
*5331Samw{
*5331Samw	return (((zfs_oldace_t *)acep)->z_access_mask);
*5331Samw}
*5331Samw
*5331Samwstatic uint64_t
*5331Samwzfs_ace_v0_get_who(void *acep)
*5331Samw{
*5331Samw	return (((zfs_oldace_t *)acep)->z_fuid);
*5331Samw}
*5331Samw
*5331Samwstatic void
*5331Samwzfs_ace_v0_set_type(void *acep, uint16_t type)
*5331Samw{
*5331Samw	((zfs_oldace_t *)acep)->z_type = type;
*5331Samw}
*5331Samw
*5331Samwstatic void
*5331Samwzfs_ace_v0_set_flags(void *acep, uint16_t flags)
*5331Samw{
*5331Samw	((zfs_oldace_t *)acep)->z_flags = flags;
*5331Samw}
*5331Samw
*5331Samwstatic void
*5331Samwzfs_ace_v0_set_mask(void *acep, uint32_t mask)
*5331Samw{
*5331Samw	((zfs_oldace_t *)acep)->z_access_mask = mask;
*5331Samw}
*5331Samw
*5331Samwstatic void
*5331Samwzfs_ace_v0_set_who(void *acep, uint64_t who)
*5331Samw{
*5331Samw	((zfs_oldace_t *)acep)->z_fuid = who;
*5331Samw}
*5331Samw
*5331Samw/*ARGSUSED*/
*5331Samwstatic size_t
*5331Samwzfs_ace_v0_size(void *acep)
*5331Samw{
*5331Samw	return (sizeof (zfs_oldace_t));
*5331Samw}
*5331Samw
*5331Samwstatic size_t
*5331Samwzfs_ace_v0_abstract_size(void)
*5331Samw{
*5331Samw	return (sizeof (zfs_oldace_t));
*5331Samw}
*5331Samw
*5331Samwstatic int
*5331Samwzfs_ace_v0_mask_off(void)
*5331Samw{
*5331Samw	return (offsetof(zfs_oldace_t, z_access_mask));
*5331Samw}
*5331Samw
*5331Samw/*ARGSUSED*/
*5331Samwstatic int
*5331Samwzfs_ace_v0_data(void *acep, void **datap)
*5331Samw{
*5331Samw	*datap = NULL;
*5331Samw	return (0);
*5331Samw}
*5331Samw
*5331Samwstatic acl_ops_t zfs_acl_v0_ops = {
*5331Samw	zfs_ace_v0_get_mask,
*5331Samw	zfs_ace_v0_set_mask,
*5331Samw	zfs_ace_v0_get_flags,
*5331Samw	zfs_ace_v0_set_flags,
*5331Samw	zfs_ace_v0_get_type,
*5331Samw	zfs_ace_v0_set_type,
*5331Samw	zfs_ace_v0_get_who,
*5331Samw	zfs_ace_v0_set_who,
*5331Samw	zfs_ace_v0_size,
*5331Samw	zfs_ace_v0_abstract_size,
*5331Samw	zfs_ace_v0_mask_off,
*5331Samw	zfs_ace_v0_data
*5331Samw};
*5331Samw
*5331Samwstatic uint16_t
*5331Samwzfs_ace_fuid_get_type(void *acep)
*5331Samw{
*5331Samw	return (((zfs_ace_hdr_t *)acep)->z_type);
*5331Samw}
*5331Samw
*5331Samwstatic uint16_t
*5331Samwzfs_ace_fuid_get_flags(void *acep)
*5331Samw{
*5331Samw	return (((zfs_ace_hdr_t *)acep)->z_flags);
*5331Samw}
*5331Samw
*5331Samwstatic uint32_t
*5331Samwzfs_ace_fuid_get_mask(void *acep)
*5331Samw{
*5331Samw	return (((zfs_ace_hdr_t *)acep)->z_access_mask);
*5331Samw}
*5331Samw
*5331Samwstatic uint64_t
*5331Samwzfs_ace_fuid_get_who(void *args)
*5331Samw{
*5331Samw	uint16_t entry_type;
*5331Samw	zfs_ace_t *acep = args;
*5331Samw
*5331Samw	entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS;
789Sahrens
*5331Samw	if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP ||
*5331Samw	    entry_type == ACE_EVERYONE)
*5331Samw		return (-1);
*5331Samw	return (((zfs_ace_t *)acep)->z_fuid);
*5331Samw}
*5331Samw
*5331Samwstatic void
*5331Samwzfs_ace_fuid_set_type(void *acep, uint16_t type)
*5331Samw{
*5331Samw	((zfs_ace_hdr_t *)acep)->z_type = type;
*5331Samw}
*5331Samw
*5331Samwstatic void
*5331Samwzfs_ace_fuid_set_flags(void *acep, uint16_t flags)
*5331Samw{
*5331Samw	((zfs_ace_hdr_t *)acep)->z_flags = flags;
*5331Samw}
*5331Samw
*5331Samwstatic void
*5331Samwzfs_ace_fuid_set_mask(void *acep, uint32_t mask)
*5331Samw{
*5331Samw	((zfs_ace_hdr_t *)acep)->z_access_mask = mask;
*5331Samw}
*5331Samw
*5331Samwstatic void
*5331Samwzfs_ace_fuid_set_who(void *arg, uint64_t who)
*5331Samw{
*5331Samw	zfs_ace_t *acep = arg;
*5331Samw
*5331Samw	uint16_t entry_type = acep->z_hdr.z_flags & ACE_TYPE_FLAGS;
*5331Samw
*5331Samw	if (entry_type == ACE_OWNER || entry_type == OWNING_GROUP ||
*5331Samw	    entry_type == ACE_EVERYONE)
*5331Samw		return;
*5331Samw	acep->z_fuid = who;
*5331Samw}
*5331Samw
*5331Samwstatic size_t
*5331Samwzfs_ace_fuid_size(void *acep)
*5331Samw{
*5331Samw	zfs_ace_hdr_t *zacep = acep;
*5331Samw	uint16_t entry_type;
*5331Samw
*5331Samw	switch (zacep->z_type) {
*5331Samw	case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
*5331Samw	case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
*5331Samw	case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
*5331Samw	case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
*5331Samw		return (sizeof (zfs_object_ace_t));
*5331Samw	case ALLOW:
*5331Samw	case DENY:
*5331Samw		entry_type =
*5331Samw		    (((zfs_ace_hdr_t *)acep)->z_flags & ACE_TYPE_FLAGS);
*5331Samw		if (entry_type == ACE_OWNER ||
*5331Samw		    entry_type == (ACE_GROUP | ACE_IDENTIFIER_GROUP) ||
*5331Samw		    entry_type == ACE_EVERYONE)
*5331Samw			return (sizeof (zfs_ace_hdr_t));
*5331Samw		/*FALLTHROUGH*/
*5331Samw	default:
*5331Samw		return (sizeof (zfs_ace_t));
*5331Samw	}
*5331Samw}
*5331Samw
*5331Samwstatic size_t
*5331Samwzfs_ace_fuid_abstract_size(void)
*5331Samw{
*5331Samw	return (sizeof (zfs_ace_hdr_t));
*5331Samw}
*5331Samw
*5331Samwstatic int
*5331Samwzfs_ace_fuid_mask_off(void)
*5331Samw{
*5331Samw	return (offsetof(zfs_ace_hdr_t, z_access_mask));
*5331Samw}
*5331Samw
*5331Samwstatic int
*5331Samwzfs_ace_fuid_data(void *acep, void **datap)
*5331Samw{
*5331Samw	zfs_ace_t *zacep = acep;
*5331Samw	zfs_object_ace_t *zobjp;
*5331Samw
*5331Samw	switch (zacep->z_hdr.z_type) {
*5331Samw	case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
*5331Samw	case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
*5331Samw	case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
*5331Samw	case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
*5331Samw		zobjp = acep;
*5331Samw		*datap = (caddr_t)zobjp + sizeof (zfs_ace_t);
*5331Samw		return (sizeof (zfs_object_ace_t) - sizeof (zfs_ace_t));
*5331Samw	default:
*5331Samw		*datap = NULL;
*5331Samw		return (0);
*5331Samw	}
*5331Samw}
*5331Samw
*5331Samwstatic acl_ops_t zfs_acl_fuid_ops = {
*5331Samw	zfs_ace_fuid_get_mask,
*5331Samw	zfs_ace_fuid_set_mask,
*5331Samw	zfs_ace_fuid_get_flags,
*5331Samw	zfs_ace_fuid_set_flags,
*5331Samw	zfs_ace_fuid_get_type,
*5331Samw	zfs_ace_fuid_set_type,
*5331Samw	zfs_ace_fuid_get_who,
*5331Samw	zfs_ace_fuid_set_who,
*5331Samw	zfs_ace_fuid_size,
*5331Samw	zfs_ace_fuid_abstract_size,
*5331Samw	zfs_ace_fuid_mask_off,
*5331Samw	zfs_ace_fuid_data
*5331Samw};
*5331Samw
*5331Samwstatic int
*5331Samwzfs_acl_version(int version)
*5331Samw{
*5331Samw	if (version < ZPL_VERSION_FUID)
*5331Samw		return (ZFS_ACL_VERSION_INITIAL);
*5331Samw	else
*5331Samw		return (ZFS_ACL_VERSION_FUID);
*5331Samw}
*5331Samw
*5331Samwstatic int
*5331Samwzfs_acl_version_zp(znode_t *zp)
*5331Samw{
*5331Samw	return (zfs_acl_version(zp->z_zfsvfs->z_version));
*5331Samw}
789Sahrens
789Sahrensstatic zfs_acl_t *
*5331Samwzfs_acl_alloc(int vers)
789Sahrens{
789Sahrens	zfs_acl_t *aclp;
789Sahrens
789Sahrens	aclp = kmem_zalloc(sizeof (zfs_acl_t), KM_SLEEP);
*5331Samw	list_create(&aclp->z_acl, sizeof (zfs_acl_node_t),
*5331Samw	    offsetof(zfs_acl_node_t, z_next));
*5331Samw	aclp->z_version = vers;
*5331Samw	if (vers == ZFS_ACL_VERSION_FUID)
*5331Samw		aclp->z_ops = zfs_acl_fuid_ops;
*5331Samw	else
*5331Samw		aclp->z_ops = zfs_acl_v0_ops;
*5331Samw	return (aclp);
*5331Samw}
*5331Samw
*5331Samwstatic zfs_acl_node_t *
*5331Samwzfs_acl_node_alloc(size_t bytes)
*5331Samw{
*5331Samw	zfs_acl_node_t *aclnode;
*5331Samw
*5331Samw	aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP);
*5331Samw	if (bytes) {
*5331Samw		aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP);
*5331Samw		aclnode->z_allocdata = aclnode->z_acldata;
*5331Samw		aclnode->z_allocsize = bytes;
*5331Samw		aclnode->z_size = bytes;
789Sahrens	}
*5331Samw
*5331Samw	return (aclnode);
*5331Samw}
*5331Samw
*5331Samwstatic void
*5331Samwzfs_acl_node_free(zfs_acl_node_t *aclnode)
*5331Samw{
*5331Samw	if (aclnode->z_allocsize)
*5331Samw		kmem_free(aclnode->z_allocdata, aclnode->z_allocsize);
*5331Samw	kmem_free(aclnode, sizeof (zfs_acl_node_t));
789Sahrens}
789Sahrens
789Sahrensvoid
789Sahrenszfs_acl_free(zfs_acl_t *aclp)
789Sahrens{
*5331Samw	zfs_acl_node_t *aclnode;
*5331Samw
*5331Samw	while (aclnode = list_head(&aclp->z_acl)) {
*5331Samw		list_remove(&aclp->z_acl, aclnode);
*5331Samw		zfs_acl_node_free(aclnode);
789Sahrens	}
*5331Samw
*5331Samw	list_destroy(&aclp->z_acl);
789Sahrens	kmem_free(aclp, sizeof (zfs_acl_t));
789Sahrens}
789Sahrens
*5331Samwstatic boolean_t
*5331Samwzfs_ace_valid(vtype_t obj_type, zfs_acl_t *aclp, uint16_t type, uint16_t iflags)
789Sahrens{
*5331Samw	/*
*5331Samw	 * first check type of entry
*5331Samw	 */
*5331Samw
*5331Samw	switch (iflags & ACE_TYPE_FLAGS) {
*5331Samw	case ACE_OWNER:
*5331Samw	case (ACE_IDENTIFIER_GROUP | ACE_GROUP):
*5331Samw	case ACE_IDENTIFIER_GROUP:
*5331Samw	case ACE_EVERYONE:
*5331Samw	case 0:	/* User entry */
*5331Samw		break;
*5331Samw	default:
*5331Samw		return (B_FALSE);
*5331Samw
*5331Samw	}
*5331Samw
*5331Samw	/*
*5331Samw	 * next check inheritance level flags
*5331Samw	 */
*5331Samw
*5331Samw	if (type != ALLOW && type > MAX_ACE_TYPE) {
*5331Samw		return (B_FALSE);
*5331Samw	}
*5331Samw
*5331Samw	switch (type) {
*5331Samw	case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
*5331Samw	case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
*5331Samw	case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
*5331Samw	case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
*5331Samw		if (aclp->z_version < ZFS_ACL_VERSION_FUID)
*5331Samw			return (B_FALSE);
*5331Samw		aclp->z_hints |= ZFS_ACL_OBJ_ACE;
*5331Samw	}
789Sahrens
1576Smarks	/*
*5331Samw	 * Only directories should have inheritance flags.
1576Smarks	 */
*5331Samw	if (obj_type != VDIR && (iflags &
*5331Samw	    (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE|
*5331Samw	    ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE))) {
*5331Samw		return (B_FALSE);
*5331Samw	}
*5331Samw
*5331Samw	if (iflags & (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE))
*5331Samw		aclp->z_hints |= ZFS_INHERIT_ACE;
*5331Samw
*5331Samw	if (iflags & (ACE_INHERIT_ONLY_ACE|ACE_NO_PROPAGATE_INHERIT_ACE)) {
*5331Samw		if ((iflags & (ACE_FILE_INHERIT_ACE|
*5331Samw		    ACE_DIRECTORY_INHERIT_ACE)) == 0) {
*5331Samw			return (B_FALSE);
*5331Samw		}
*5331Samw	}
*5331Samw
*5331Samw	return (B_TRUE);
*5331Samw}
*5331Samw
*5331Samwstatic void *
*5331Samwzfs_acl_next_ace(zfs_acl_t *aclp, void *start, uint64_t *who,
*5331Samw    uint32_t *access_mask, uint16_t *iflags, uint16_t *type)
*5331Samw{
*5331Samw	zfs_acl_node_t *aclnode;
*5331Samw
*5331Samw	if (start == NULL) {
*5331Samw		aclnode = list_head(&aclp->z_acl);
*5331Samw		if (aclnode == NULL)
*5331Samw			return (NULL);
*5331Samw
*5331Samw		aclp->z_next_ace = aclnode->z_acldata;
*5331Samw		aclp->z_curr_node = aclnode;
*5331Samw		aclnode->z_ace_idx = 0;
*5331Samw	}
*5331Samw
*5331Samw	aclnode = aclp->z_curr_node;
*5331Samw
*5331Samw	if (aclnode == NULL)
*5331Samw		return (NULL);
*5331Samw
*5331Samw	if (aclnode->z_ace_idx >= aclnode->z_ace_count) {
*5331Samw		aclnode = list_next(&aclp->z_acl, aclnode);
*5331Samw		if (aclnode == NULL)
*5331Samw			return (NULL);
*5331Samw		else {
*5331Samw			aclp->z_curr_node = aclnode;
*5331Samw			aclnode->z_ace_idx = 0;
*5331Samw			aclp->z_next_ace = aclnode->z_acldata;
*5331Samw		}
*5331Samw	}
*5331Samw
*5331Samw	if (aclnode->z_ace_idx < aclnode->z_ace_count) {
*5331Samw		void *acep = aclp->z_next_ace;
*5331Samw		*iflags = aclp->z_ops.ace_flags_get(acep);
*5331Samw		*type = aclp->z_ops.ace_type_get(acep);
*5331Samw		*access_mask = aclp->z_ops.ace_mask_get(acep);
*5331Samw		*who = aclp->z_ops.ace_who_get(acep);
*5331Samw		aclp->z_next_ace = (caddr_t)aclp->z_next_ace +
*5331Samw		    aclp->z_ops.ace_size(acep);
*5331Samw		aclnode->z_ace_idx++;
*5331Samw		return ((void *)acep);
*5331Samw	}
*5331Samw	return (NULL);
*5331Samw}
*5331Samw
*5331Samw/*ARGSUSED*/
*5331Samwstatic uint64_t
*5331Samwzfs_ace_walk(void *datap, uint64_t cookie, int aclcnt,
*5331Samw    uint16_t *flags, uint16_t *type, uint32_t *mask)
*5331Samw{
*5331Samw	zfs_acl_t *aclp = datap;
*5331Samw	zfs_ace_hdr_t *acep = (zfs_ace_hdr_t *)(uintptr_t)cookie;
*5331Samw	uint64_t who;
*5331Samw
*5331Samw	acep = zfs_acl_next_ace(aclp, acep, &who, mask,
*5331Samw	    flags, type);
*5331Samw	return ((uint64_t)(uintptr_t)acep);
*5331Samw}
*5331Samw
*5331Samwstatic zfs_acl_node_t *
*5331Samwzfs_acl_curr_node(zfs_acl_t *aclp)
*5331Samw{
*5331Samw	ASSERT(aclp->z_curr_node);
*5331Samw	return (aclp->z_curr_node);
*5331Samw}
*5331Samw
*5331Samw/*
*5331Samw * Copy ACE to internal ZFS format.
*5331Samw * While processing the ACL each ACE will be validated for correctness.
*5331Samw * ACE FUIDs will be created later.
*5331Samw */
*5331Samwint
*5331Samwzfs_copy_ace_2_fuid(vtype_t obj_type, zfs_acl_t *aclp, void *datap,
*5331Samw    zfs_ace_t *z_acl, int aclcnt, size_t *size)
*5331Samw{
*5331Samw	int i;
*5331Samw	uint16_t entry_type;
*5331Samw	zfs_ace_t *aceptr = z_acl;
*5331Samw	ace_t *acep = datap;
*5331Samw	zfs_object_ace_t *zobjacep;
*5331Samw	ace_object_t *aceobjp;
*5331Samw
*5331Samw	for (i = 0; i != aclcnt; i++) {
*5331Samw		aceptr->z_hdr.z_access_mask = acep->a_access_mask;
*5331Samw		aceptr->z_hdr.z_flags = acep->a_flags;
*5331Samw		aceptr->z_hdr.z_type = acep->a_type;
*5331Samw		entry_type = aceptr->z_hdr.z_flags & ACE_TYPE_FLAGS;
*5331Samw		if (entry_type != ACE_OWNER && entry_type != OWNING_GROUP &&
*5331Samw		    entry_type != ACE_EVERYONE)
*5331Samw			aceptr->z_fuid = (uint64_t)acep->a_who;
*5331Samw		/*
*5331Samw		 * Make sure ACE is valid
*5331Samw		 */
*5331Samw		if (zfs_ace_valid(obj_type, aclp, aceptr->z_hdr.z_type,
*5331Samw		    aceptr->z_hdr.z_flags) != B_TRUE)
*5331Samw			return (EINVAL);
*5331Samw
*5331Samw		switch (acep->a_type) {
*5331Samw		case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
*5331Samw		case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
*5331Samw		case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
*5331Samw		case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
*5331Samw			zobjacep = (zfs_object_ace_t *)aceptr;
*5331Samw			aceobjp = (ace_object_t *)acep;
*5331Samw
*5331Samw			bcopy(aceobjp->a_obj_type, zobjacep->z_object_type,
*5331Samw			    sizeof (aceobjp->a_obj_type));
*5331Samw			bcopy(aceobjp->a_inherit_obj_type,
*5331Samw			    zobjacep->z_inherit_type,
*5331Samw			    sizeof (aceobjp->a_inherit_obj_type));
*5331Samw			acep = (ace_t *)((caddr_t)acep + sizeof (ace_object_t));
*5331Samw			break;
*5331Samw		default:
*5331Samw			acep = (ace_t *)((caddr_t)acep + sizeof (ace_t));
*5331Samw		}
*5331Samw
*5331Samw		aceptr = (zfs_ace_t *)((caddr_t)aceptr +
*5331Samw		    aclp->z_ops.ace_size(aceptr));
*5331Samw	}
*5331Samw
*5331Samw	*size = (caddr_t)aceptr - (caddr_t)z_acl;
789Sahrens
*5331Samw	return (0);
*5331Samw}
*5331Samw
*5331Samw/*
*5331Samw * Copy ZFS ACEs to fixed size ace_t layout
*5331Samw */
*5331Samwstatic void
*5331Samwzfs_copy_fuid_2_ace(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, void *datap, int filter)
*5331Samw{
*5331Samw	uint64_t who;
*5331Samw	uint32_t access_mask;
*5331Samw	uint16_t iflags, type;
*5331Samw	zfs_ace_hdr_t *zacep = NULL;
*5331Samw	ace_t *acep = datap;
*5331Samw	ace_object_t *objacep;
*5331Samw	zfs_object_ace_t *zobjacep;
*5331Samw	zfs_fuid_hdl_t hdl = { 0 };
*5331Samw	size_t ace_size;
*5331Samw	uint16_t entry_type;
*5331Samw
*5331Samw	while (zacep = zfs_acl_next_ace(aclp, zacep,
*5331Samw	    &who, &access_mask, &iflags, &type)) {
*5331Samw
*5331Samw		switch (type) {
*5331Samw		case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
*5331Samw		case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
*5331Samw		case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
*5331Samw		case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
*5331Samw			if (filter) {
*5331Samw				continue;
*5331Samw			}
*5331Samw			zobjacep = (zfs_object_ace_t *)zacep;
*5331Samw			objacep = (ace_object_t *)acep;
*5331Samw			bcopy(zobjacep->z_object_type,
*5331Samw			    objacep->a_obj_type,
*5331Samw			    sizeof (zobjacep->z_object_type));
*5331Samw			bcopy(zobjacep->z_inherit_type,
*5331Samw			    objacep->a_inherit_obj_type,
*5331Samw			    sizeof (zobjacep->z_inherit_type));
*5331Samw			ace_size = sizeof (ace_object_t);
*5331Samw			break;
*5331Samw		default:
*5331Samw			ace_size = sizeof (ace_t);
*5331Samw			break;
*5331Samw		}
*5331Samw
*5331Samw		entry_type = (iflags & ACE_TYPE_FLAGS);
*5331Samw		if ((entry_type != ACE_OWNER &&
*5331Samw		    entry_type != (ACE_GROUP | ACE_IDENTIFIER_GROUP) &&
*5331Samw		    entry_type != ACE_EVERYONE))
*5331Samw			zfs_fuid_queue_map_id(zfsvfs, &hdl, who,
*5331Samw			    (entry_type & ACE_IDENTIFIER_GROUP) ?
*5331Samw			    ZFS_ACE_GROUP : ZFS_ACE_USER, &acep->a_who);
*5331Samw		else
*5331Samw			acep->a_who = (uid_t)(int64_t)who;
*5331Samw		acep->a_access_mask = access_mask;
*5331Samw		acep->a_flags = iflags;
*5331Samw		acep->a_type = type;
*5331Samw		acep = (ace_t *)((caddr_t)acep + ace_size);
*5331Samw	}
*5331Samw	zfs_fuid_get_mappings(&hdl);
*5331Samw}
*5331Samw
*5331Samwstatic int
*5331Samwzfs_copy_ace_2_oldace(vtype_t obj_type, zfs_acl_t *aclp, ace_t *acep,
*5331Samw    zfs_oldace_t *z_acl, int aclcnt, size_t *size)
*5331Samw{
*5331Samw	int i;
*5331Samw	zfs_oldace_t *aceptr = z_acl;
*5331Samw
*5331Samw	for (i = 0; i != aclcnt; i++, aceptr++) {
*5331Samw		aceptr->z_access_mask = acep[i].a_access_mask;
*5331Samw		aceptr->z_type = acep[i].a_type;
*5331Samw		aceptr->z_flags = acep[i].a_flags;
*5331Samw		aceptr->z_fuid = acep[i].a_who;
*5331Samw		/*
*5331Samw		 * Make sure ACE is valid
*5331Samw		 */
*5331Samw		if (zfs_ace_valid(obj_type, aclp, aceptr->z_type,
*5331Samw		    aceptr->z_flags) != B_TRUE)
*5331Samw			return (EINVAL);
*5331Samw	}
*5331Samw	*size = (caddr_t)aceptr - (caddr_t)z_acl;
*5331Samw	return (0);
*5331Samw}
*5331Samw
*5331Samw/*
*5331Samw * convert old ACL format to new
*5331Samw */
*5331Samwvoid
*5331Samwzfs_acl_xform(znode_t *zp, zfs_acl_t *aclp)
*5331Samw{
*5331Samw	zfs_oldace_t *oldaclp;
*5331Samw	int i;
*5331Samw	uint16_t type, iflags;
*5331Samw	uint32_t access_mask;
*5331Samw	uint64_t who;
*5331Samw	void *cookie = NULL;
*5331Samw	zfs_acl_node_t *aclnode, *newaclnode;
*5331Samw
*5331Samw	ASSERT(aclp->z_version == ZFS_ACL_VERSION_INITIAL);
*5331Samw	/*
*5331Samw	 * First create the ACE in a contiguous piece of memory
*5331Samw	 * for zfs_copy_ace_2_fuid().
*5331Samw	 *
*5331Samw	 * We only convert an ACL once, so this won't happen
*5331Samw	 * everytime.
*5331Samw	 */
*5331Samw	oldaclp = kmem_alloc(sizeof (zfs_oldace_t) * aclp->z_acl_count,
*5331Samw	    KM_SLEEP);
*5331Samw	i = 0;
*5331Samw	while (cookie = zfs_acl_next_ace(aclp, cookie, &who,
*5331Samw	    &access_mask, &iflags, &type)) {
*5331Samw		oldaclp[i].z_flags = iflags;
*5331Samw		oldaclp[i].z_type = type;
*5331Samw		oldaclp[i].z_fuid = who;
*5331Samw		oldaclp[i++].z_access_mask = access_mask;
*5331Samw	}
*5331Samw
*5331Samw	newaclnode = zfs_acl_node_alloc(aclp->z_acl_count *
*5331Samw	    sizeof (zfs_object_ace_t));
*5331Samw	aclp->z_ops = zfs_acl_fuid_ops;
*5331Samw	VERIFY(zfs_copy_ace_2_fuid(ZTOV(zp)->v_type, aclp, oldaclp,
*5331Samw	    newaclnode->z_acldata, aclp->z_acl_count,
*5331Samw	    &newaclnode->z_size) == 0);
*5331Samw	aclp->z_acl_bytes = newaclnode->z_size;
*5331Samw	newaclnode->z_ace_count = aclp->z_acl_count;
*5331Samw	aclp->z_version = ZFS_ACL_VERSION;
*5331Samw	kmem_free(oldaclp, aclp->z_acl_count * sizeof (zfs_oldace_t));
*5331Samw
*5331Samw	/*
*5331Samw	 * Release all previous ACL nodes
*5331Samw	 */
*5331Samw
*5331Samw	while (aclnode = list_head(&aclp->z_acl)) {
*5331Samw		list_remove(&aclp->z_acl, aclnode);
*5331Samw		if (aclnode->z_allocsize)
*5331Samw			kmem_free(aclnode->z_allocdata, aclnode->z_allocsize);
*5331Samw		kmem_free(aclnode, sizeof (zfs_acl_node_t));
*5331Samw	}
*5331Samw	list_insert_head(&aclp->z_acl, newaclnode);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Convert unix access mask to v4 access mask
789Sahrens */
789Sahrensstatic uint32_t
789Sahrenszfs_unix_to_v4(uint32_t access_mask)
789Sahrens{
789Sahrens	uint32_t new_mask = 0;
789Sahrens
*5331Samw	if (access_mask & S_IXOTH)
*5331Samw		new_mask |= ACE_EXECUTE;
*5331Samw	if (access_mask & S_IWOTH)
*5331Samw		new_mask |= ACE_WRITE_DATA;
*5331Samw	if (access_mask & S_IROTH)
789Sahrens		new_mask |= ACE_READ_DATA;
789Sahrens	return (new_mask);
789Sahrens}
789Sahrens
789Sahrensstatic void
*5331Samwzfs_set_ace(zfs_acl_t *aclp, void *acep, uint32_t access_mask,
*5331Samw    uint16_t access_type, uint64_t fuid, uint16_t entry_type)
789Sahrens{
*5331Samw	uint16_t type = entry_type & ACE_TYPE_FLAGS;
*5331Samw
*5331Samw	aclp->z_ops.ace_mask_set(acep, access_mask);
*5331Samw	aclp->z_ops.ace_type_set(acep, access_type);
*5331Samw	aclp->z_ops.ace_flags_set(acep, entry_type);
*5331Samw	if ((type != ACE_OWNER && type != (ACE_GROUP | ACE_IDENTIFIER_GROUP) &&
*5331Samw	    type != ACE_EVERYONE))
*5331Samw		aclp->z_ops.ace_who_set(acep, fuid);
789Sahrens}
789Sahrens
*5331Samw/*
*5331Samw * Determine mode of file based on ACL.
*5331Samw * Also, create FUIDs for any User/Group ACEs
*5331Samw */
789Sahrensstatic uint64_t
*5331Samwzfs_mode_fuid_compute(znode_t *zp, zfs_acl_t *aclp, zfs_fuid_info_t **fuidp,
*5331Samw    dmu_tx_t *tx)
789Sahrens{
*5331Samw	int		entry_type;
*5331Samw	mode_t		mode;
*5331Samw	mode_t		seen = 0;
*5331Samw	zfs_ace_hdr_t 	*acep = NULL;
*5331Samw	uint64_t	who;
*5331Samw	uint16_t	iflags, type;
*5331Samw	uint32_t	access_mask;
789Sahrens
*5331Samw	mode = (zp->z_phys->zp_mode & (S_IFMT | S_ISUID | S_ISGID | S_ISVTX));
*5331Samw
*5331Samw	while (acep = zfs_acl_next_ace(aclp, acep, &who,
*5331Samw	    &access_mask, &iflags, &type)) {
*5331Samw		entry_type = (iflags & ACE_TYPE_FLAGS);
4869Smarks
4869Smarks		/*
4869Smarks		 * Skip over inherit only ACEs
4869Smarks		 */
*5331Samw		if (entry_type ==  ACE_INHERIT_ONLY_ACE)
4869Smarks			continue;
4869Smarks
789Sahrens		if (entry_type == ACE_OWNER) {
*5331Samw			if ((access_mask & ACE_READ_DATA) &&
789Sahrens			    (!(seen & S_IRUSR))) {
789Sahrens				seen |= S_IRUSR;
*5331Samw				if (type == ALLOW) {
789Sahrens					mode |= S_IRUSR;
789Sahrens				}
789Sahrens			}
*5331Samw			if ((access_mask & ACE_WRITE_DATA) &&
789Sahrens			    (!(seen & S_IWUSR))) {
789Sahrens				seen |= S_IWUSR;
*5331Samw				if (type == ALLOW) {
789Sahrens					mode |= S_IWUSR;
789Sahrens				}
789Sahrens			}
*5331Samw			if ((access_mask & ACE_EXECUTE) &&
789Sahrens			    (!(seen & S_IXUSR))) {
789Sahrens				seen |= S_IXUSR;
*5331Samw				if (type == ALLOW) {
789Sahrens					mode |= S_IXUSR;
789Sahrens				}
789Sahrens			}
789Sahrens		} else if (entry_type == OWNING_GROUP) {
*5331Samw			if ((access_mask & ACE_READ_DATA) &&
789Sahrens			    (!(seen & S_IRGRP))) {
789Sahrens				seen |= S_IRGRP;
*5331Samw				if (type == ALLOW) {
789Sahrens					mode |= S_IRGRP;
789Sahrens				}
789Sahrens			}
*5331Samw			if ((access_mask & ACE_WRITE_DATA) &&
789Sahrens			    (!(seen & S_IWGRP))) {
789Sahrens				seen |= S_IWGRP;
*5331Samw				if (type == ALLOW) {
789Sahrens					mode |= S_IWGRP;
789Sahrens				}
789Sahrens			}
*5331Samw			if ((access_mask & ACE_EXECUTE) &&
789Sahrens			    (!(seen & S_IXGRP))) {
789Sahrens				seen |= S_IXGRP;
*5331Samw				if (type == ALLOW) {
789Sahrens					mode |= S_IXGRP;
789Sahrens				}
789Sahrens			}
789Sahrens		} else if (entry_type == ACE_EVERYONE) {
*5331Samw			if ((access_mask & ACE_READ_DATA)) {
789Sahrens				if (!(seen & S_IRUSR)) {
789Sahrens					seen |= S_IRUSR;
*5331Samw					if (type == ALLOW) {
789Sahrens						mode |= S_IRUSR;
789Sahrens					}
789Sahrens				}
789Sahrens				if (!(seen & S_IRGRP)) {
789Sahrens					seen |= S_IRGRP;
*5331Samw					if (type == ALLOW) {
789Sahrens						mode |= S_IRGRP;
789Sahrens					}
789Sahrens				}
789Sahrens				if (!(seen & S_IROTH)) {
789Sahrens					seen |= S_IROTH;
*5331Samw					if (type == ALLOW) {
789Sahrens						mode |= S_IROTH;
789Sahrens					}
789Sahrens				}
789Sahrens			}
*5331Samw			if ((access_mask & ACE_WRITE_DATA)) {
789Sahrens				if (!(seen & S_IWUSR)) {
789Sahrens					seen |= S_IWUSR;
*5331Samw					if (type == ALLOW) {
789Sahrens						mode |= S_IWUSR;
789Sahrens					}
789Sahrens				}
789Sahrens				if (!(seen & S_IWGRP)) {
789Sahrens					seen |= S_IWGRP;
*5331Samw					if (type == ALLOW) {
789Sahrens						mode |= S_IWGRP;
789Sahrens					}
789Sahrens				}
789Sahrens				if (!(seen & S_IWOTH)) {
789Sahrens					seen |= S_IWOTH;
*5331Samw					if (type == ALLOW) {
789Sahrens						mode |= S_IWOTH;
789Sahrens					}
789Sahrens				}
789Sahrens			}
*5331Samw			if ((access_mask & ACE_EXECUTE)) {
789Sahrens				if (!(seen & S_IXUSR)) {
789Sahrens					seen |= S_IXUSR;
*5331Samw					if (type == ALLOW) {
789Sahrens						mode |= S_IXUSR;
789Sahrens					}
789Sahrens				}
789Sahrens				if (!(seen & S_IXGRP)) {
789Sahrens					seen |= S_IXGRP;
*5331Samw					if (type == ALLOW) {
789Sahrens						mode |= S_IXGRP;
789Sahrens					}
789Sahrens				}
789Sahrens				if (!(seen & S_IXOTH)) {
789Sahrens					seen |= S_IXOTH;
*5331Samw					if (type == ALLOW) {
789Sahrens						mode |= S_IXOTH;
789Sahrens					}
789Sahrens				}
789Sahrens			}
789Sahrens		}
*5331Samw		/*
*5331Samw		 * Now handle FUID create for user/group ACEs
*5331Samw		 */
*5331Samw		if (entry_type == 0 || entry_type == ACE_IDENTIFIER_GROUP) {
*5331Samw			aclp->z_ops.ace_who_set(acep,
*5331Samw			    zfs_fuid_create(zp->z_zfsvfs, who,
*5331Samw			    entry_type == 0 ? ZFS_ACE_USER : ZFS_ACE_GROUP, tx,
*5331Samw			    fuidp));
*5331Samw		}
789Sahrens	}
789Sahrens	return (mode);
789Sahrens}
789Sahrens
789Sahrensstatic zfs_acl_t *
*5331Samwzfs_acl_node_read_internal(znode_t *zp, boolean_t will_modify)
789Sahrens{
789Sahrens	zfs_acl_t	*aclp;
*5331Samw	zfs_acl_node_t	*aclnode;
789Sahrens
*5331Samw	aclp = zfs_acl_alloc(zp->z_phys->zp_acl.z_acl_version);
*5331Samw
*5331Samw	/*
*5331Samw	 * Version 0 to 1 znode_acl_phys has the size/count fields swapped.
*5331Samw	 * Version 0 didn't have a size field, only a count.
*5331Samw	 */
*5331Samw	if (zp->z_phys->zp_acl.z_acl_version == ZFS_ACL_VERSION_INITIAL) {
*5331Samw		aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_size;
*5331Samw		aclp->z_acl_bytes = ZFS_ACL_SIZE(aclp->z_acl_count);
*5331Samw	} else {
*5331Samw		aclp->z_acl_count = zp->z_phys->zp_acl.z_acl_count;
*5331Samw		aclp->z_acl_bytes = zp->z_phys->zp_acl.z_acl_size;
*5331Samw	}
*5331Samw
*5331Samw	aclnode = zfs_acl_node_alloc(will_modify ? aclp->z_acl_bytes : 0);
*5331Samw	aclnode->z_ace_count = aclp->z_acl_count;
*5331Samw	if (will_modify) {
*5331Samw		bcopy(zp->z_phys->zp_acl.z_ace_data, aclnode->z_acldata,
*5331Samw		    aclp->z_acl_bytes);
*5331Samw	} else {
*5331Samw		aclnode->z_size = aclp->z_acl_bytes;
*5331Samw		aclnode->z_acldata = &zp->z_phys->zp_acl.z_ace_data[0];
*5331Samw	}
*5331Samw
*5331Samw	list_insert_head(&aclp->z_acl, aclnode);
789Sahrens
789Sahrens	return (aclp);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Read an external acl object.
789Sahrens */
1544Seschrockstatic int
*5331Samwzfs_acl_node_read(znode_t *zp, zfs_acl_t **aclpp, boolean_t will_modify)
789Sahrens{
789Sahrens	uint64_t extacl = zp->z_phys->zp_acl.z_acl_extern_obj;
789Sahrens	zfs_acl_t	*aclp;
*5331Samw	size_t		aclsize;
*5331Samw	size_t		acl_count;
*5331Samw	zfs_acl_node_t	*aclnode;
1544Seschrock	int error;
789Sahrens
789Sahrens	ASSERT(MUTEX_HELD(&zp->z_acl_lock));
789Sahrens
1544Seschrock	if (zp->z_phys->zp_acl.z_acl_extern_obj == 0) {
*5331Samw		*aclpp = zfs_acl_node_read_internal(zp, will_modify);
1544Seschrock		return (0);
1544Seschrock	}
789Sahrens
*5331Samw	aclp = zfs_acl_alloc(zp->z_phys->zp_acl.z_acl_version);
*5331Samw	if (zp->z_phys->zp_acl.z_acl_version == ZFS_ACL_VERSION_INITIAL) {
*5331Samw		zfs_acl_phys_v0_t *zacl0 =
*5331Samw		    (zfs_acl_phys_v0_t *)&zp->z_phys->zp_acl;
789Sahrens
*5331Samw		aclsize = ZFS_ACL_SIZE(zacl0->z_acl_count);
*5331Samw		acl_count = zacl0->z_acl_count;
*5331Samw	} else {
*5331Samw		aclsize = zp->z_phys->zp_acl.z_acl_size;
*5331Samw		acl_count = zp->z_phys->zp_acl.z_acl_count;
*5331Samw		if (aclsize == 0)
*5331Samw			aclsize = acl_count * sizeof (zfs_ace_t);
*5331Samw	}
*5331Samw	aclnode = zfs_acl_node_alloc(aclsize);
*5331Samw	list_insert_head(&aclp->z_acl, aclnode);
1544Seschrock	error = dmu_read(zp->z_zfsvfs->z_os, extacl, 0,
*5331Samw	    aclsize, aclnode->z_acldata);
*5331Samw	aclnode->z_ace_count = acl_count;
*5331Samw	aclp->z_acl_count = acl_count;
*5331Samw	aclp->z_acl_bytes = aclsize;
*5331Samw
1544Seschrock	if (error != 0) {
1544Seschrock		zfs_acl_free(aclp);
1544Seschrock		return (error);
1544Seschrock	}
789Sahrens
1544Seschrock	*aclpp = aclp;
1544Seschrock	return (0);
789Sahrens}
789Sahrens
789Sahrens/*
*5331Samw * common code for setting ACLs.
789Sahrens *
789Sahrens * This function is called from zfs_mode_update, zfs_perm_init, and zfs_setacl.
789Sahrens * zfs_setacl passes a non-NULL inherit pointer (ihp) to indicate that it's
789Sahrens * already checked the acl and knows whether to inherit.
789Sahrens */
789Sahrensint
*5331Samwzfs_aclset_common(znode_t *zp, zfs_acl_t *aclp, zfs_fuid_info_t **fuidp,
*5331Samw    dmu_tx_t *tx)
789Sahrens{
789Sahrens	int		error;
789Sahrens	znode_phys_t	*zphys = zp->z_phys;
*5331Samw	zfs_acl_phys_t	*zacl = &zphys->zp_acl;
789Sahrens	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
789Sahrens	uint64_t	aoid = zphys->zp_acl.z_acl_extern_obj;
*5331Samw	uint64_t	off = 0;
*5331Samw	dmu_object_type_t otype;
*5331Samw	zfs_acl_node_t	*aclnode;
789Sahrens
789Sahrens	ASSERT(MUTEX_HELD(&zp->z_lock));
789Sahrens	ASSERT(MUTEX_HELD(&zp->z_acl_lock));
789Sahrens
*5331Samw	dmu_buf_will_dirty(zp->z_dbuf, tx);
789Sahrens
*5331Samw	zphys->zp_mode = zfs_mode_fuid_compute(zp, aclp, fuidp, tx);
789Sahrens
789Sahrens	/*
*5331Samw	 * Decide which opbject type to use.  If we are forced to
*5331Samw	 * use old ACL format than transform ACL into zfs_oldace_t
*5331Samw	 * layout.
789Sahrens	 */
*5331Samw	if (!zfsvfs->z_use_fuids) {
*5331Samw		otype = DMU_OT_OLDACL;
*5331Samw	} else {
*5331Samw		if ((aclp->z_version == ZFS_ACL_VERSION_INITIAL) &&
*5331Samw		    (zfsvfs->z_version >= ZPL_VERSION_FUID))
*5331Samw			zfs_acl_xform(zp, aclp);
*5331Samw		ASSERT(aclp->z_version >= ZFS_ACL_VERSION_FUID);
*5331Samw		otype = DMU_OT_ACL;
*5331Samw	}
*5331Samw
*5331Samw	if (aclp->z_acl_bytes > ZFS_ACE_SPACE) {
*5331Samw		/*
*5331Samw		 * If ACL was previously external and we are now
*5331Samw		 * converting to new ACL format then release old
*5331Samw		 * ACL object and create a new one.
*5331Samw		 */
*5331Samw		if (aoid && aclp->z_version != zacl->z_acl_version) {
*5331Samw			error = dmu_object_free(zfsvfs->z_os,
*5331Samw			    zp->z_phys->zp_acl.z_acl_extern_obj, tx);
*5331Samw			if (error)
*5331Samw				return (error);
*5331Samw			aoid = 0;
*5331Samw		}
789Sahrens		if (aoid == 0) {
789Sahrens			aoid = dmu_object_alloc(zfsvfs->z_os,
*5331Samw			    otype, aclp->z_acl_bytes,
*5331Samw			    otype == DMU_OT_ACL ? DMU_OT_SYSACL : DMU_OT_NONE,
*5331Samw			    otype == DMU_OT_ACL ? DN_MAX_BONUSLEN : 0, tx);
789Sahrens		} else {
789Sahrens			(void) dmu_object_set_blocksize(zfsvfs->z_os, aoid,
*5331Samw			    aclp->z_acl_bytes, 0, tx);
789Sahrens		}
789Sahrens		zphys->zp_acl.z_acl_extern_obj = aoid;
*5331Samw		for (aclnode = list_head(&aclp->z_acl); aclnode;
*5331Samw		    aclnode = list_next(&aclp->z_acl, aclnode)) {
*5331Samw			if (aclnode->z_ace_count == 0)
*5331Samw				continue;
*5331Samw			dmu_write(zfsvfs->z_os, aoid, off,
*5331Samw			    aclnode->z_size, aclnode->z_acldata, tx);
*5331Samw			off += aclnode->z_size;
*5331Samw		}
789Sahrens	} else {
*5331Samw		void *start = zacl->z_ace_data;
789Sahrens		/*
789Sahrens		 * Migrating back embedded?
789Sahrens		 */
789Sahrens		if (zphys->zp_acl.z_acl_extern_obj) {
789Sahrens			error = dmu_object_free(zfsvfs->z_os,
4300Smarks			    zp->z_phys->zp_acl.z_acl_extern_obj, tx);
789Sahrens			if (error)
789Sahrens				return (error);
789Sahrens			zphys->zp_acl.z_acl_extern_obj = 0;
789Sahrens		}
*5331Samw
*5331Samw		for (aclnode = list_head(&aclp->z_acl); aclnode;
*5331Samw		    aclnode = list_next(&aclp->z_acl, aclnode)) {
*5331Samw			if (aclnode->z_ace_count == 0)
*5331Samw				continue;
*5331Samw			bcopy(aclnode->z_acldata, start, aclnode->z_size);
*5331Samw			start = (caddr_t)start + aclnode->z_size;
*5331Samw		}
789Sahrens	}
905Smarks
*5331Samw	/*
*5331Samw	 * If Old version then swap count/bytes to match old
*5331Samw	 * layout of znode_acl_phys_t.
*5331Samw	 */
*5331Samw	if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) {
*5331Samw		zphys->zp_acl.z_acl_size = aclp->z_acl_count;
*5331Samw		zphys->zp_acl.z_acl_count = aclp->z_acl_bytes;
*5331Samw	} else {
*5331Samw		zphys->zp_acl.z_acl_size = aclp->z_acl_bytes;
*5331Samw		zphys->zp_acl.z_acl_count = aclp->z_acl_count;
905Smarks	}
789Sahrens
*5331Samw	zphys->zp_acl.z_acl_version = aclp->z_version;
*5331Samw
*5331Samw	/*
*5331Samw	 * Replace ACL wide bits, but first clear them.
*5331Samw	 */
*5331Samw	zp->z_phys->zp_flags &= ~ZFS_ACL_WIDE_FLAGS;
*5331Samw
*5331Samw	zp->z_phys->zp_flags |= aclp->z_hints;
*5331Samw
*5331Samw	if (ace_trivial_common(aclp, 0, zfs_ace_walk) == 0)
*5331Samw		zp->z_phys->zp_flags |= ZFS_ACL_TRIVIAL;
*5331Samw
789Sahrens	zfs_time_stamper_locked(zp, STATE_CHANGED, tx);
789Sahrens	return (0);
789Sahrens}
789Sahrens
789Sahrens/*
*5331Samw * Remove ACE from aclp
789Sahrens */
789Sahrensstatic void
*5331Samwzfs_ace_remove(zfs_acl_t *aclp, void *acep)
789Sahrens{
*5331Samw	zfs_acl_node_t 	*currnode = zfs_acl_curr_node(aclp);
*5331Samw	size_t		length;
789Sahrens
*5331Samw	/*
*5331Samw	 * If first entry then just alter acldata ptr
*5331Samw	 *
*5331Samw	 * Otherwise split node in two
*5331Samw	 */
*5331Samw	if (currnode->z_ace_count > 1) {
*5331Samw		length = currnode->z_size - ((caddr_t)aclp->z_next_ace -
*5331Samw		    (caddr_t)currnode->z_acldata);
*5331Samw		(void) memmove(acep, aclp->z_next_ace, length);
*5331Samw		currnode->z_size = currnode->z_size -
*5331Samw		    aclp->z_ops.ace_size(acep);
*5331Samw		aclp->z_next_ace = acep;
*5331Samw		aclp->z_acl_bytes -= ((caddr_t)aclp->z_next_ace -
*5331Samw		    (caddr_t)currnode->z_acldata);
*5331Samw	} else {
*5331Samw		list_remove(&aclp->z_acl, currnode);
*5331Samw		aclp->z_next_ace = NULL;
*5331Samw		aclp->z_acl_bytes = 0;
789Sahrens	}
*5331Samw	currnode->z_ace_count--;
*5331Samw	currnode->z_ace_idx--;
*5331Samw	aclp->z_acl_count--;
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Update access mask for prepended ACE
789Sahrens *
789Sahrens * This applies the "groupmask" value for aclmode property.
789Sahrens */
789Sahrensstatic void
*5331Samwzfs_acl_prepend_fixup(zfs_acl_t *aclp, void  *acep, void  *origacep,
*5331Samw    mode_t mode, uint64_t owner)
789Sahrens{
789Sahrens	int	rmask, wmask, xmask;
789Sahrens	int	user_ace;
*5331Samw	uint16_t aceflags;
*5331Samw	uint32_t origmask, acepmask;
*5331Samw	uint64_t fuid;
789Sahrens
*5331Samw	aceflags = aclp->z_ops.ace_flags_get(acep);
*5331Samw	fuid = aclp->z_ops.ace_who_get(acep);
*5331Samw	origmask = aclp->z_ops.ace_mask_get(origacep);
*5331Samw	acepmask = aclp->z_ops.ace_mask_get(acep);
*5331Samw
*5331Samw	user_ace = (!(aceflags &
789Sahrens	    (ACE_OWNER|ACE_GROUP|ACE_IDENTIFIER_GROUP)));
789Sahrens
*5331Samw	if (user_ace && (fuid == owner)) {
789Sahrens		rmask = S_IRUSR;
789Sahrens		wmask = S_IWUSR;
789Sahrens		xmask = S_IXUSR;
789Sahrens	} else {
789Sahrens		rmask = S_IRGRP;
789Sahrens		wmask = S_IWGRP;
789Sahrens		xmask = S_IXGRP;
789Sahrens	}
789Sahrens
*5331Samw	if (origmask & ACE_READ_DATA) {
*5331Samw		if (mode & rmask) {
*5331Samw			acepmask &= ~ACE_READ_DATA;
*5331Samw		} else {
*5331Samw			acepmask |= ACE_READ_DATA;
*5331Samw		}
789Sahrens	}
789Sahrens
*5331Samw	if (origmask & ACE_WRITE_DATA) {
*5331Samw		if (mode & wmask) {
*5331Samw			acepmask &= ~ACE_WRITE_DATA;
*5331Samw		} else {
*5331Samw			acepmask |= ACE_WRITE_DATA;
*5331Samw		}
789Sahrens	}
789Sahrens
*5331Samw	if (origmask & ACE_APPEND_DATA) {
*5331Samw		if (mode & wmask) {
*5331Samw			acepmask &= ~ACE_APPEND_DATA;
*5331Samw		} else {
*5331Samw			acepmask |= ACE_APPEND_DATA;
*5331Samw		}
789Sahrens	}
789Sahrens
*5331Samw	if (origmask & ACE_EXECUTE) {
*5331Samw		if (mode & xmask) {
*5331Samw			acepmask &= ~ACE_EXECUTE;
*5331Samw		} else {
*5331Samw			acepmask |= ACE_EXECUTE;
*5331Samw		}
789Sahrens	}
*5331Samw	aclp->z_ops.ace_mask_set(acep, acepmask);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Apply mode to canonical six ACEs.
789Sahrens */
789Sahrensstatic void
789Sahrenszfs_acl_fixup_canonical_six(zfs_acl_t *aclp, mode_t mode)
789Sahrens{
*5331Samw	zfs_acl_node_t *aclnode = list_tail(&aclp->z_acl);
*5331Samw	void	*acep;
*5331Samw	int	maskoff = aclp->z_ops.ace_mask_off();
*5331Samw	size_t abstract_size = aclp->z_ops.ace_abstract_size();
789Sahrens
*5331Samw	ASSERT(aclnode != NULL);
*5331Samw
*5331Samw	acep = (void *)((caddr_t)aclnode->z_acldata +
*5331Samw	    aclnode->z_size - (abstract_size * 6));
789Sahrens
789Sahrens	/*
789Sahrens	 * Fixup final ACEs to match the mode
789Sahrens	 */
789Sahrens
*5331Samw	adjust_ace_pair_common(acep, maskoff, abstract_size,
*5331Samw	    (mode & 0700) >> 6);	/* owner@ */
*5331Samw
*5331Samw	acep = (caddr_t)acep + (abstract_size * 2);
*5331Samw
*5331Samw	adjust_ace_pair_common(acep, maskoff, abstract_size,
*5331Samw	    (mode & 0070) >> 3);	/* group@ */
*5331Samw
*5331Samw	acep = (caddr_t)acep + (abstract_size * 2);
*5331Samw	adjust_ace_pair_common(acep, maskoff,
*5331Samw	    abstract_size, mode);	/* everyone@ */
789Sahrens}
789Sahrens
789Sahrens
789Sahrensstatic int
*5331Samwzfs_acl_ace_match(zfs_acl_t *aclp, void *acep, int allow_deny,
*5331Samw    int entry_type, int accessmask)
789Sahrens{
*5331Samw	uint32_t mask = aclp->z_ops.ace_mask_get(acep);
*5331Samw	uint16_t type = aclp->z_ops.ace_type_get(acep);
*5331Samw	uint16_t flags = aclp->z_ops.ace_flags_get(acep);
*5331Samw
*5331Samw	return (mask == accessmask && type == allow_deny &&
*5331Samw	    ((flags & ACE_TYPE_FLAGS) == entry_type));
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Can prepended ACE be reused?
789Sahrens */
789Sahrensstatic int
*5331Samwzfs_reuse_deny(zfs_acl_t *aclp, void *acep, void *prevacep)
789Sahrens{
789Sahrens	int okay_masks;
*5331Samw	uint16_t prevtype;
*5331Samw	uint16_t prevflags;
*5331Samw	uint16_t flags;
*5331Samw	uint32_t mask, prevmask;
789Sahrens
*5331Samw	if (prevacep == NULL)
789Sahrens		return (B_FALSE);
789Sahrens
*5331Samw	prevtype = aclp->z_ops.ace_type_get(prevacep);
*5331Samw	prevflags = aclp->z_ops.ace_flags_get(prevacep);
*5331Samw	flags = aclp->z_ops.ace_flags_get(acep);
*5331Samw	mask = aclp->z_ops.ace_mask_get(acep);
*5331Samw	prevmask = aclp->z_ops.ace_mask_get(prevacep);
*5331Samw
*5331Samw	if (prevtype != DENY)
789Sahrens		return (B_FALSE);
789Sahrens
*5331Samw	if (prevflags != (flags & ACE_IDENTIFIER_GROUP))
789Sahrens		return (B_FALSE);
789Sahrens
*5331Samw	okay_masks = (mask & OKAY_MASK_BITS);
789Sahrens
*5331Samw	if (prevmask & ~okay_masks)
789Sahrens		return (B_FALSE);
789Sahrens
789Sahrens	return (B_TRUE);
789Sahrens}
789Sahrens
789Sahrens
*5331Samw/*
*5331Samw * Insert new ACL node into chain of zfs_acl_node_t's
*5331Samw *
*5331Samw * This will result in two possible results.
*5331Samw * 1. If the ACL is currently just a single zfs_acl_node and
*5331Samw *    we are prepending the entry then current acl node will have
*5331Samw *    a new node inserted above it.
*5331Samw *
*5331Samw * 2. If we are inserting in the middle of current acl node then
*5331Samw *    the current node will be split in two and new node will be inserted
*5331Samw *    in between the two split nodes.
*5331Samw */
*5331Samwstatic zfs_acl_node_t *
*5331Samwzfs_acl_ace_insert(zfs_acl_t *aclp, void  *acep)
*5331Samw{
*5331Samw	zfs_acl_node_t 	*newnode;
*5331Samw	zfs_acl_node_t 	*trailernode = NULL;
*5331Samw	zfs_acl_node_t 	*currnode = zfs_acl_curr_node(aclp);
*5331Samw	int		curr_idx = aclp->z_curr_node->z_ace_idx;
*5331Samw	int		trailer_count;
*5331Samw	size_t		oldsize;
789Sahrens
*5331Samw	newnode = zfs_acl_node_alloc(aclp->z_ops.ace_size(acep));
*5331Samw	newnode->z_ace_count = 1;
*5331Samw
*5331Samw	oldsize = currnode->z_size;
*5331Samw
*5331Samw	if (curr_idx != 1) {
*5331Samw		trailernode = zfs_acl_node_alloc(0);
*5331Samw		trailernode->z_acldata = acep;
*5331Samw
*5331Samw		trailer_count = currnode->z_ace_count - curr_idx + 1;
*5331Samw		currnode->z_ace_count = curr_idx - 1;
*5331Samw		currnode->z_size = (caddr_t)acep - (caddr_t)currnode->z_acldata;
*5331Samw		trailernode->z_size = oldsize - currnode->z_size;
*5331Samw		trailernode->z_ace_count = trailer_count;
789Sahrens	}
789Sahrens
*5331Samw	aclp->z_acl_count += 1;
*5331Samw	aclp->z_acl_bytes += aclp->z_ops.ace_size(acep);
789Sahrens
*5331Samw	if (curr_idx == 1)
*5331Samw		list_insert_before(&aclp->z_acl, currnode, newnode);
*5331Samw	else
*5331Samw		list_insert_after(&aclp->z_acl, currnode, newnode);
*5331Samw	if (trailernode) {
*5331Samw		list_insert_after(&aclp->z_acl, newnode, trailernode);
*5331Samw		aclp->z_curr_node = trailernode;
*5331Samw		trailernode->z_ace_idx = 1;
789Sahrens	}
789Sahrens
*5331Samw	return (newnode);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Prepend deny ACE
789Sahrens */
*5331Samwstatic void *
*5331Samwzfs_acl_prepend_deny(znode_t *zp, zfs_acl_t *aclp, void *acep,
789Sahrens    mode_t mode)
789Sahrens{
*5331Samw	zfs_acl_node_t *aclnode;
*5331Samw	void  *newacep;
*5331Samw	uint64_t fuid;
*5331Samw	uint16_t flags;
789Sahrens
*5331Samw	aclnode = zfs_acl_ace_insert(aclp, acep);
*5331Samw	newacep = aclnode->z_acldata;
*5331Samw	fuid = aclp->z_ops.ace_who_get(acep);
*5331Samw	flags = aclp->z_ops.ace_flags_get(acep);
*5331Samw	zfs_set_ace(aclp, newacep, 0, DENY, fuid, (flags & ACE_TYPE_FLAGS));
*5331Samw	zfs_acl_prepend_fixup(aclp, newacep, acep, mode, zp->z_phys->zp_uid);
*5331Samw
*5331Samw	return (newacep);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Split an inherited ACE into inherit_only ACE
789Sahrens * and original ACE with inheritance flags stripped off.
789Sahrens */
789Sahrensstatic void
*5331Samwzfs_acl_split_ace(zfs_acl_t *aclp, zfs_ace_hdr_t *acep)
789Sahrens{
*5331Samw	zfs_acl_node_t *aclnode;
*5331Samw	zfs_acl_node_t *currnode = zfs_acl_curr_node(aclp);
*5331Samw	void  *newacep;
*5331Samw	uint16_t type, flags;
*5331Samw	uint32_t mask;
*5331Samw	uint64_t fuid;
789Sahrens
*5331Samw	type = aclp->z_ops.ace_type_get(acep);
*5331Samw	flags = aclp->z_ops.ace_flags_get(acep);
*5331Samw	mask = aclp->z_ops.ace_mask_get(acep);
*5331Samw	fuid = aclp->z_ops.ace_who_get(acep);
*5331Samw
*5331Samw	aclnode = zfs_acl_ace_insert(aclp, acep);
*5331Samw	newacep = aclnode->z_acldata;
*5331Samw
*5331Samw	aclp->z_ops.ace_type_set(newacep, type);
*5331Samw	aclp->z_ops.ace_flags_set(newacep, flags | ACE_INHERIT_ONLY_ACE);
*5331Samw	aclp->z_ops.ace_mask_set(newacep, mask);
*5331Samw	aclp->z_ops.ace_type_set(newacep, type);
*5331Samw	aclp->z_ops.ace_who_set(newacep, fuid);
*5331Samw	aclp->z_next_ace = acep;
*5331Samw	flags &= ~ALL_INHERIT;
*5331Samw	aclp->z_ops.ace_flags_set(acep, flags);
*5331Samw	currnode->z_ace_idx -= 1;
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Are ACES started at index i, the canonical six ACES?
789Sahrens */
789Sahrensstatic int
*5331Samwzfs_have_canonical_six(zfs_acl_t *aclp)
789Sahrens{
*5331Samw	void *acep;
*5331Samw	zfs_acl_node_t *aclnode = list_tail(&aclp->z_acl);
*5331Samw	int		i = 0;
*5331Samw	size_t abstract_size = aclp->z_ops.ace_abstract_size();
*5331Samw
*5331Samw	ASSERT(aclnode != NULL);
789Sahrens
*5331Samw	if (aclnode->z_ace_count < 6)
*5331Samw		return (0);
*5331Samw
*5331Samw	acep = (void *)((caddr_t)aclnode->z_acldata +
*5331Samw	    aclnode->z_size - (aclp->z_ops.ace_abstract_size() * 6));
*5331Samw
*5331Samw	if ((zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++),
789Sahrens	    DENY, ACE_OWNER, 0) &&
*5331Samw	    zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++),
*5331Samw	    ALLOW, ACE_OWNER, OWNER_ALLOW_MASK) &&
*5331Samw	    zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++), DENY,
*5331Samw	    OWNING_GROUP, 0) && zfs_acl_ace_match(aclp, (caddr_t)acep +
*5331Samw	    (abstract_size * i++),
*5331Samw	    ALLOW, OWNING_GROUP, 0) &&
*5331Samw	    zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++),
789Sahrens	    DENY, ACE_EVERYONE, EVERYONE_DENY_MASK) &&
*5331Samw	    zfs_acl_ace_match(aclp, (caddr_t)acep + (abstract_size * i++),
*5331Samw	    ALLOW, ACE_EVERYONE, EVERYONE_ALLOW_MASK))) {
789Sahrens		return (1);
789Sahrens	} else {
789Sahrens		return (0);
789Sahrens	}
789Sahrens}
789Sahrens
*5331Samw
789Sahrens/*
789Sahrens * Apply step 1g, to group entries
789Sahrens *
789Sahrens * Need to deal with corner case where group may have
789Sahrens * greater permissions than owner.  If so then limit
789Sahrens * group permissions, based on what extra permissions
789Sahrens * group has.
789Sahrens */
789Sahrensstatic void
*5331Samwzfs_fixup_group_entries(zfs_acl_t *aclp, void *acep, void *prevacep,
*5331Samw    mode_t mode)
789Sahrens{
*5331Samw	uint32_t prevmask = aclp->z_ops.ace_mask_get(prevacep);
*5331Samw	uint32_t mask = aclp->z_ops.ace_mask_get(acep);
*5331Samw	uint16_t prevflags = aclp->z_ops.ace_flags_get(prevacep);
789Sahrens	mode_t extramode = (mode >> 3) & 07;
789Sahrens	mode_t ownermode = (mode >> 6);
789Sahrens
*5331Samw	if (prevflags & ACE_IDENTIFIER_GROUP) {
789Sahrens
789Sahrens		extramode &= ~ownermode;
789Sahrens
789Sahrens		if (extramode) {
*5331Samw			if (extramode & S_IROTH) {
*5331Samw				prevmask &= ~ACE_READ_DATA;
*5331Samw				mask &= ~ACE_READ_DATA;
789Sahrens			}
*5331Samw			if (extramode & S_IWOTH) {
*5331Samw				prevmask &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA);
*5331Samw				mask &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA);
789Sahrens			}
*5331Samw			if (extramode & S_IXOTH) {
*5331Samw				prevmask  &= ~ACE_EXECUTE;
*5331Samw				mask &= ~ACE_EXECUTE;
789Sahrens			}
789Sahrens		}
789Sahrens	}
*5331Samw	aclp->z_ops.ace_mask_set(acep, mask);
*5331Samw	aclp->z_ops.ace_mask_set(prevacep, prevmask);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Apply the chmod algorithm as described
789Sahrens * in PSARC/2002/240
789Sahrens */
789Sahrensstatic int
789Sahrenszfs_acl_chmod(znode_t *zp, uint64_t mode, zfs_acl_t *aclp,
789Sahrens    dmu_tx_t *tx)
789Sahrens{
789Sahrens	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
*5331Samw	void		*acep = NULL, *prevacep = NULL;
*5331Samw	uint64_t	who;
789Sahrens	int 		i;
789Sahrens	int		error;
789Sahrens	int 		entry_type;
789Sahrens	int 		reuse_deny;
789Sahrens	int 		need_canonical_six = 1;
*5331Samw	uint16_t	iflags, type;
*5331Samw	uint32_t	access_mask;
789Sahrens
789Sahrens	ASSERT(MUTEX_HELD(&zp->z_acl_lock));
789Sahrens	ASSERT(MUTEX_HELD(&zp->z_lock));
789Sahrens
*5331Samw	aclp->z_hints = (zp->z_phys->zp_flags & V4_ACL_WIDE_FLAGS);
*5331Samw	while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask,
*5331Samw	    &iflags, &type)) {
*5331Samw
*5331Samw		entry_type = (iflags & ACE_TYPE_FLAGS);
*5331Samw		iflags = (iflags & ALL_INHERIT);
789Sahrens
*5331Samw		if ((type != ALLOW && type != DENY) ||
905Smarks		    (iflags & ACE_INHERIT_ONLY_ACE)) {
905Smarks			if (iflags)
*5331Samw				aclp->z_hints |= ZFS_INHERIT_ACE;
*5331Samw			switch (type) {
*5331Samw			case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
*5331Samw			case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
*5331Samw			case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
*5331Samw			case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
*5331Samw				aclp->z_hints |= ZFS_ACL_OBJ_ACE;
*5331Samw				break;
*5331Samw			}
*5331Samw			goto nextace;
789Sahrens		}
789Sahrens
2676Seschrock		if (zfsvfs->z_acl_mode == ZFS_ACL_DISCARD) {
*5331Samw			zfs_ace_remove(aclp, acep);
*5331Samw			goto nextace;
789Sahrens		}
789Sahrens		/*
789Sahrens		 * Need to split ace into two?
789Sahrens		 */
905Smarks		if ((iflags & (ACE_FILE_INHERIT_ACE|
789Sahrens		    ACE_DIRECTORY_INHERIT_ACE)) &&
905Smarks		    (!(iflags & ACE_INHERIT_ONLY_ACE))) {
*5331Samw			zfs_acl_split_ace(aclp, acep);
*5331Samw			aclp->z_hints |= ZFS_INHERIT_ACE;
*5331Samw			goto nextace;
789Sahrens		}
789Sahrens
789Sahrens		if (entry_type == ACE_OWNER || entry_type == ACE_EVERYONE ||
789Sahrens		    (entry_type == OWNING_GROUP)) {
*5331Samw			access_mask &= ~OGE_CLEAR;
*5331Samw			aclp->z_ops.ace_mask_set(acep, access_mask);
*5331Samw			goto nextace;
789Sahrens		} else {
*5331Samw			reuse_deny = B_TRUE;
*5331Samw			if (type == ALLOW) {
789Sahrens
789Sahrens				/*
789Sahrens				 * Check preceding ACE if any, to see
789Sahrens				 * if we need to prepend a DENY ACE.
789Sahrens				 * This is only applicable when the acl_mode
789Sahrens				 * property == groupmask.
789Sahrens				 */
2676Seschrock				if (zfsvfs->z_acl_mode == ZFS_ACL_GROUPMASK) {
789Sahrens
*5331Samw					reuse_deny = zfs_reuse_deny(aclp, acep,
*5331Samw					    prevacep);
789Sahrens
789Sahrens					if (reuse_deny == B_FALSE) {
*5331Samw						prevacep =
*5331Samw						    zfs_acl_prepend_deny(zp,
*5331Samw						    aclp, acep, mode);
789Sahrens					} else {
789Sahrens						zfs_acl_prepend_fixup(
*5331Samw						    aclp, prevacep,
*5331Samw						    acep, mode,
789Sahrens						    zp->z_phys->zp_uid);
789Sahrens					}
*5331Samw					zfs_fixup_group_entries(aclp, acep,
*5331Samw					    prevacep, mode);
*5331Samw
789Sahrens				}
789Sahrens			}
789Sahrens		}
*5331Samwnextace:
*5331Samw		prevacep = acep;
789Sahrens	}
789Sahrens
789Sahrens	/*
789Sahrens	 * Check out last six aces, if we have six.
789Sahrens	 */
789Sahrens
789Sahrens	if (aclp->z_acl_count >= 6) {
*5331Samw		if (zfs_have_canonical_six(aclp)) {
789Sahrens			need_canonical_six = 0;
789Sahrens		}
789Sahrens	}
789Sahrens
789Sahrens	if (need_canonical_six) {
*5331Samw		size_t abstract_size = aclp->z_ops.ace_abstract_size();
*5331Samw		void *zacep;
*5331Samw		zfs_acl_node_t *aclnode =
*5331Samw		    zfs_acl_node_alloc(abstract_size * 6);
789Sahrens
*5331Samw		aclnode->z_size = abstract_size * 6;
*5331Samw		aclnode->z_ace_count = 6;
*5331Samw		aclp->z_acl_bytes += aclnode->z_size;
*5331Samw		list_insert_tail(&aclp->z_acl, aclnode);
*5331Samw
*5331Samw		zacep = aclnode->z_acldata;
*5331Samw
*5331Samw		i = 0;
*5331Samw		zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++),
*5331Samw		    0, DENY, -1, ACE_OWNER);
*5331Samw		zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++),
*5331Samw		    OWNER_ALLOW_MASK, ALLOW, -1, ACE_OWNER);
*5331Samw		zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 0,
*5331Samw		    DENY, -1, OWNING_GROUP);
*5331Samw		zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++), 0,
*5331Samw		    ALLOW, -1, OWNING_GROUP);
*5331Samw		zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++),
*5331Samw		    EVERYONE_DENY_MASK, DENY, -1, ACE_EVERYONE);
*5331Samw		zfs_set_ace(aclp, (caddr_t)zacep + (abstract_size * i++),
*5331Samw		    EVERYONE_ALLOW_MASK, ALLOW, -1, ACE_EVERYONE);
789Sahrens		aclp->z_acl_count += 6;
789Sahrens	}
789Sahrens
789Sahrens	zfs_acl_fixup_canonical_six(aclp, mode);
789Sahrens	zp->z_phys->zp_mode = mode;
*5331Samw	error = zfs_aclset_common(zp, aclp, NULL, tx);
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrensint
789Sahrenszfs_acl_chmod_setattr(znode_t *zp, uint64_t mode, dmu_tx_t *tx)
789Sahrens{
1544Seschrock	zfs_acl_t *aclp = NULL;
789Sahrens	int error;
789Sahrens
789Sahrens	ASSERT(MUTEX_HELD(&zp->z_lock));
789Sahrens	mutex_enter(&zp->z_acl_lock);
*5331Samw	error = zfs_acl_node_read(zp, &aclp, B_TRUE);
1544Seschrock	if (error == 0)
1544Seschrock		error = zfs_acl_chmod(zp, mode, aclp, tx);
789Sahrens	mutex_exit(&zp->z_acl_lock);
1544Seschrock	if (aclp)
1544Seschrock		zfs_acl_free(aclp);
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * strip off write_owner and write_acl
789Sahrens */
789Sahrensstatic void
*5331Samwzfs_securemode_update(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, void *acep)
789Sahrens{
*5331Samw	uint32_t mask = aclp->z_ops.ace_mask_get(acep);
*5331Samw
2676Seschrock	if ((zfsvfs->z_acl_inherit == ZFS_ACL_SECURE) &&
*5331Samw	    (aclp->z_ops.ace_type_get(acep) == ALLOW)) {
*5331Samw		mask &= ~SECURE_CLEAR;
*5331Samw		aclp->z_ops.ace_mask_set(acep, mask);
*5331Samw	}
*5331Samw}
*5331Samw
*5331Samw/*
*5331Samw * Should ACE be inherited?
*5331Samw */
*5331Samwstatic int
*5331Samwzfs_ace_can_use(znode_t *zp, uint16_t acep_flags)
*5331Samw{
*5331Samw	int vtype = ZTOV(zp)->v_type;
*5331Samw	int	iflags = (acep_flags & 0xf);
*5331Samw
*5331Samw	if ((vtype == VDIR) && (iflags & ACE_DIRECTORY_INHERIT_ACE))
*5331Samw		return (1);
*5331Samw	else if (iflags & ACE_FILE_INHERIT_ACE)
*5331Samw		return (!((vtype == VDIR) &&
*5331Samw		    (iflags & ACE_NO_PROPAGATE_INHERIT_ACE)));
*5331Samw	return (0);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * inherit inheritable ACEs from parent
789Sahrens */
789Sahrensstatic zfs_acl_t *
789Sahrenszfs_acl_inherit(znode_t *zp, zfs_acl_t *paclp)
789Sahrens{
789Sahrens	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
*5331Samw	void		*pacep;
*5331Samw	void		*acep, *acep2;
*5331Samw	zfs_acl_node_t  *aclnode, *aclnode2;
789Sahrens	zfs_acl_t	*aclp = NULL;
*5331Samw	uint64_t	who;
*5331Samw	uint32_t	access_mask;
*5331Samw	uint16_t	iflags, newflags, type;
*5331Samw	size_t		ace_size;
*5331Samw	void		*data1, *data2;
*5331Samw	size_t		data1sz, data2sz;
789Sahrens
*5331Samw	pacep = NULL;
*5331Samw	aclp = zfs_acl_alloc(zfs_acl_version_zp(zp));
2676Seschrock	if (zfsvfs->z_acl_inherit != ZFS_ACL_DISCARD) {
*5331Samw		while (pacep = zfs_acl_next_ace(paclp, pacep, &who,
*5331Samw		    &access_mask, &iflags, &type)) {
789Sahrens
2676Seschrock			if (zfsvfs->z_acl_inherit == ZFS_ACL_NOALLOW &&
*5331Samw			    type == ALLOW)
789Sahrens				continue;
789Sahrens
*5331Samw			ace_size = aclp->z_ops.ace_size(pacep);
789Sahrens
*5331Samw			if (zfs_ace_can_use(zp, iflags)) {
*5331Samw				aclnode =
*5331Samw				    zfs_acl_node_alloc(ace_size);
789Sahrens
*5331Samw				list_insert_tail(&aclp->z_acl, aclnode);
*5331Samw				acep = aclnode->z_acldata;
*5331Samw				zfs_set_ace(aclp, acep, access_mask, type,
*5331Samw				    who, iflags|ACE_INHERITED_ACE);
1576Smarks
789Sahrens				/*
*5331Samw				 * Copy special opaque data if any
789Sahrens				 */
*5331Samw				if ((data1sz = paclp->z_ops.ace_data(pacep,
*5331Samw				    &data1)) != 0) {
*5331Samw					VERIFY((data2sz =
*5331Samw					    aclp->z_ops.ace_data(acep,
*5331Samw					    &data2)) == data1sz);
*5331Samw					bcopy(data1, data2, data2sz);
*5331Samw				}
*5331Samw				aclp->z_acl_count++;
*5331Samw				aclnode->z_ace_count++;
*5331Samw				aclp->z_acl_bytes += aclnode->z_size;
*5331Samw				newflags = aclp->z_ops.ace_flags_get(acep);
*5331Samw				if ((iflags &
1576Smarks				    ACE_NO_PROPAGATE_INHERIT_ACE) ||
1576Smarks				    (ZTOV(zp)->v_type != VDIR)) {
*5331Samw					newflags &= ~ALL_INHERIT;
*5331Samw					aclp->z_ops.ace_flags_set(acep,
*5331Samw					    newflags|ACE_INHERITED_ACE);
*5331Samw					zfs_securemode_update(zfsvfs,
*5331Samw					    aclp, acep);
789Sahrens					continue;
789Sahrens				}
789Sahrens
789Sahrens				ASSERT(ZTOV(zp)->v_type == VDIR);
789Sahrens
*5331Samw				newflags = aclp->z_ops.ace_flags_get(acep);
*5331Samw				if ((iflags & (ACE_FILE_INHERIT_ACE |
1576Smarks				    ACE_DIRECTORY_INHERIT_ACE)) !=
865Smarks				    ACE_FILE_INHERIT_ACE) {
*5331Samw					aclnode2 = zfs_acl_node_alloc(ace_size);
*5331Samw					list_insert_tail(&aclp->z_acl,
*5331Samw					    aclnode2);
*5331Samw					acep2 = aclnode2->z_acldata;
*5331Samw					zfs_set_ace(aclp, acep2,
*5331Samw					    access_mask, type, who,
*5331Samw					    iflags|ACE_INHERITED_ACE);
*5331Samw					newflags |= ACE_INHERIT_ONLY_ACE;
*5331Samw					aclp->z_ops.ace_flags_set(acep,
*5331Samw					    newflags);
*5331Samw					newflags &= ~ALL_INHERIT;
*5331Samw					aclp->z_ops.ace_flags_set(acep2,
*5331Samw					    newflags|ACE_INHERITED_ACE);
*5331Samw
*5331Samw					/*
*5331Samw					 * Copy special opaque data if any
*5331Samw					 */
*5331Samw					if ((data1sz =
*5331Samw					    aclp->z_ops.ace_data(acep,
*5331Samw					    &data1)) != 0) {
*5331Samw						VERIFY((data2sz =
*5331Samw						    aclp->z_ops.ace_data(acep2,
*5331Samw						    &data2)) == data1sz);
*5331Samw						bcopy(data1, data2, data1sz);
*5331Samw					}
*5331Samw					aclp->z_acl_count++;
*5331Samw					aclnode2->z_ace_count++;
*5331Samw					aclp->z_acl_bytes += aclnode->z_size;
*5331Samw					zfs_securemode_update(zfsvfs,
*5331Samw					    aclp, acep2);
865Smarks				} else {
*5331Samw					newflags |= ACE_INHERIT_ONLY_ACE;
*5331Samw					aclp->z_ops.ace_flags_set(acep,
*5331Samw					    newflags|ACE_INHERITED_ACE);
865Smarks				}
*5331Samw
789Sahrens			}
789Sahrens		}
789Sahrens	}
789Sahrens	return (aclp);
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Create file system object initial permissions
789Sahrens * including inheritable ACEs.
789Sahrens */
789Sahrensvoid
789Sahrenszfs_perm_init(znode_t *zp, znode_t *parent, int flag,
*5331Samw    vattr_t *vap, dmu_tx_t *tx, cred_t *cr,
*5331Samw    zfs_acl_t *setaclp, zfs_fuid_info_t **fuidp)
789Sahrens{
789Sahrens	uint64_t	mode;
*5331Samw	uint64_t	uid;
*5331Samw	uint64_t	gid;
789Sahrens	int		error;
789Sahrens	int		pull_down;
*5331Samw	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
*5331Samw	zfs_acl_t	*aclp = NULL;
*5331Samw	zfs_acl_t	*paclp;
*5331Samw	xvattr_t	*xvap = (xvattr_t *)vap;
*5331Samw
*5331Samw	if (setaclp)
*5331Samw		aclp = setaclp;
789Sahrens
789Sahrens	mode = MAKEIMODE(vap->va_type, vap->va_mode);
789Sahrens
789Sahrens	/*
789Sahrens	 * Determine uid and gid.
789Sahrens	 */
789Sahrens	if ((flag & (IS_ROOT_NODE | IS_REPLAY)) ||
789Sahrens	    ((flag & IS_XATTR) && (vap->va_type == VDIR))) {
*5331Samw		uid = zfs_fuid_create(zfsvfs, vap->va_uid,
*5331Samw		    ZFS_OWNER, tx, fuidp);
*5331Samw		gid = zfs_fuid_create(zfsvfs, vap->va_gid,
*5331Samw		    ZFS_GROUP, tx, fuidp);
789Sahrens	} else {
*5331Samw		uid = zfs_fuid_create_cred(zfsvfs, crgetuid(cr),
*5331Samw		    ZFS_OWNER, tx, cr, fuidp);
789Sahrens		if ((vap->va_mask & AT_GID) &&
789Sahrens		    ((vap->va_gid == parent->z_phys->zp_gid) ||
789Sahrens		    groupmember(vap->va_gid, cr) ||
*5331Samw		    secpolicy_vnode_create_gid(cr) == 0)) {
*5331Samw			gid = zfs_fuid_create_cred(zfsvfs, vap->va_gid,
*5331Samw			    ZFS_GROUP, tx, cr, fuidp);
*5331Samw		} else {
789Sahrens			gid = (parent->z_phys->zp_mode & S_ISGID) ?
789Sahrens			    parent->z_phys->zp_gid : crgetgid(cr);
*5331Samw			gid = zfs_fuid_create_cred(zfsvfs, gid,
*5331Samw			    ZFS_GROUP, tx, cr, fuidp);
*5331Samw		}
789Sahrens	}
789Sahrens
789Sahrens	/*
789Sahrens	 * If we're creating a directory, and the parent directory has the
789Sahrens	 * set-GID bit set, set in on the new directory.
789Sahrens	 * Otherwise, if the user is neither privileged nor a member of the
789Sahrens	 * file's new group, clear the file's set-GID bit.
789Sahrens	 */
789Sahrens
789Sahrens	if ((parent->z_phys->zp_mode & S_ISGID) && (vap->va_type == VDIR))
789Sahrens		mode |= S_ISGID;
789Sahrens	else {
789Sahrens		if ((mode & S_ISGID) &&
789Sahrens		    secpolicy_vnode_setids_setgids(cr, gid) != 0)
789Sahrens			mode &= ~S_ISGID;
789Sahrens	}
789Sahrens
789Sahrens	zp->z_phys->zp_uid = uid;
789Sahrens	zp->z_phys->zp_gid = gid;
789Sahrens	zp->z_phys->zp_mode = mode;
789Sahrens
*5331Samw	if (aclp == NULL) {
*5331Samw		mutex_enter(&parent->z_lock);
*5331Samw		pull_down = (parent->z_phys->zp_flags & ZFS_INHERIT_ACE);
*5331Samw		if (pull_down) {
*5331Samw			mutex_enter(&parent->z_acl_lock);
*5331Samw			VERIFY(0 == zfs_acl_node_read(parent, &paclp, B_FALSE));
*5331Samw			mutex_exit(&parent->z_acl_lock);
*5331Samw			aclp = zfs_acl_inherit(zp, paclp);
*5331Samw			zfs_acl_free(paclp);
*5331Samw		} else {
*5331Samw			aclp = zfs_acl_alloc(zfs_acl_version_zp(zp));
*5331Samw		}
*5331Samw		mutex_exit(&parent->z_lock);
*5331Samw		mutex_enter(&zp->z_lock);
*5331Samw		mutex_enter(&zp->z_acl_lock);
*5331Samw		error = zfs_acl_chmod(zp, mode, aclp, tx);
789Sahrens	} else {
*5331Samw		mutex_enter(&zp->z_lock);
*5331Samw		mutex_enter(&zp->z_acl_lock);
789Sahrens	}
*5331Samw
*5331Samw	/* Force auto_inherit on all new directory objects */
*5331Samw	if (vap->va_type == VDIR)
*5331Samw		aclp->z_hints |= ZFS_ACL_AUTO_INHERIT;
*5331Samw
*5331Samw	error = zfs_aclset_common(zp, aclp, fuidp, tx);
*5331Samw
*5331Samw	/* Set optional attributes if any */
*5331Samw	if (vap->va_mask & AT_XVATTR)
*5331Samw		zfs_xvattr_set(zp, xvap);
*5331Samw
789Sahrens	mutex_exit(&zp->z_lock);
789Sahrens	mutex_exit(&zp->z_acl_lock);
789Sahrens	ASSERT3U(error, ==, 0);
789Sahrens
*5331Samw	if (aclp != setaclp) {
*5331Samw		zfs_acl_free(aclp);
*5331Samw	}
789Sahrens}
789Sahrens
789Sahrens/*
789Sahrens * Retrieve a files ACL
789Sahrens */
789Sahrensint
*5331Samwzfs_getacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr)
789Sahrens{
789Sahrens	zfs_acl_t	*aclp;
*5331Samw	ulong_t		mask;
789Sahrens	int		error;
*5331Samw	int 		count = 0;
*5331Samw	int		largeace = 0;
789Sahrens
*5331Samw	mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT |
*5331Samw	    VSA_ACE_ACLFLAGS | VSA_ACE_ALLTYPES);
*5331Samw
*5331Samw	if (error = zfs_zaccess(zp, ACE_READ_ACL, 0, skipaclchk, cr))
*5331Samw		return (error);
789Sahrens
789Sahrens	if (mask == 0)
789Sahrens		return (ENOSYS);
789Sahrens
789Sahrens	mutex_enter(&zp->z_acl_lock);
789Sahrens
*5331Samw	error = zfs_acl_node_read(zp, &aclp, B_FALSE);
1544Seschrock	if (error != 0) {
1544Seschrock		mutex_exit(&zp->z_acl_lock);
1544Seschrock		return (error);
1544Seschrock	}
1544Seschrock
*5331Samw	/*
*5331Samw	 * Scan ACL to determine number of ACEs
*5331Samw	 */
*5331Samw	if ((zp->z_phys->zp_flags & ZFS_ACL_OBJ_ACE) &&
*5331Samw	    !(mask & VSA_ACE_ALLTYPES)) {
*5331Samw		void *zacep = NULL;
*5331Samw		uint64_t who;
*5331Samw		uint32_t access_mask;
*5331Samw		uint16_t type, iflags;
*5331Samw
*5331Samw		while (zacep = zfs_acl_next_ace(aclp, zacep,
*5331Samw		    &who, &access_mask, &iflags, &type)) {
*5331Samw			switch (type) {
*5331Samw			case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE:
*5331Samw			case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE:
*5331Samw			case ACE_SYSTEM_AUDIT_OBJECT_ACE_TYPE:
*5331Samw			case ACE_SYSTEM_ALARM_OBJECT_ACE_TYPE:
*5331Samw				largeace++;
*5331Samw				continue;
*5331Samw			default:
*5331Samw				count++;
*5331Samw			}
*5331Samw		}
*5331Samw		vsecp->vsa_aclcnt = count;
*5331Samw	} else
*5331Samw		count = aclp->z_acl_count;
789Sahrens
789Sahrens	if (mask & VSA_ACECNT) {
*5331Samw		vsecp->vsa_aclcnt = count;
789Sahrens	}
789Sahrens
789Sahrens	if (mask & VSA_ACE) {
*5331Samw		size_t aclsz;
*5331Samw
*5331Samw		zfs_acl_node_t *aclnode = list_head(&aclp->z_acl);
*5331Samw
*5331Samw		aclsz = count * sizeof (ace_t) +
*5331Samw		    sizeof (ace_object_t) * largeace;
*5331Samw
*5331Samw		vsecp->vsa_aclentp = kmem_alloc(aclsz, KM_SLEEP);
*5331Samw		vsecp->vsa_aclentsz = aclsz;
*5331Samw
*5331Samw		if (aclp->z_version == ZFS_ACL_VERSION_FUID)
*5331Samw			zfs_copy_fuid_2_ace(zp->z_zfsvfs, aclp,
*5331Samw			    vsecp->vsa_aclentp, !(mask & VSA_ACE_ALLTYPES));
*5331Samw		else {
*5331Samw			bcopy(aclnode->z_acldata, vsecp->vsa_aclentp,
*5331Samw			    count * sizeof (ace_t));
*5331Samw		}
*5331Samw	}
*5331Samw	if (mask & VSA_ACE_ACLFLAGS) {
*5331Samw		vsecp->vsa_aclflags = 0;
*5331Samw		if (zp->z_phys->zp_flags & ZFS_ACL_DEFAULTED)
*5331Samw			vsecp->vsa_aclflags |= ACL_DEFAULTED;
*5331Samw		if (zp->z_phys->zp_flags & ZFS_ACL_PROTECTED)
*5331Samw			vsecp->vsa_aclflags |= ACL_PROTECTED;
*5331Samw		if (zp->z_phys->zp_flags & ZFS_ACL_AUTO_INHERIT)
*5331Samw			vsecp->vsa_aclflags |= ACL_AUTO_INHERIT;
789Sahrens	}
789Sahrens
789Sahrens	mutex_exit(&zp->z_acl_lock);
789Sahrens
789Sahrens	zfs_acl_free(aclp);
789Sahrens
789Sahrens	return (0);
789Sahrens}
789Sahrens
*5331Samwint
*5331Samwzfs_vsec_2_aclp(zfsvfs_t *zfsvfs, vtype_t obj_type,
*5331Samw    vsecattr_t *vsecp, zfs_acl_t **zaclp)
*5331Samw{
*5331Samw	zfs_acl_t *aclp;
*5331Samw	zfs_acl_node_t *aclnode;
*5331Samw	int aclcnt = vsecp->vsa_aclcnt;
*5331Samw	int error;
*5331Samw
*5331Samw	if (vsecp->vsa_aclcnt > MAX_ACL_ENTRIES || vsecp->vsa_aclcnt <= 0)
*5331Samw		return (EINVAL);
*5331Samw
*5331Samw	aclp = zfs_acl_alloc(zfs_acl_version(zfsvfs->z_version));
*5331Samw
*5331Samw	aclp->z_hints = 0;
*5331Samw	aclnode = zfs_acl_node_alloc(aclcnt * sizeof (zfs_object_ace_t));
*5331Samw	if (aclp->z_version == ZFS_ACL_VERSION_INITIAL) {
*5331Samw		if ((error = zfs_copy_ace_2_oldace(obj_type, aclp,
*5331Samw		    (ace_t *)vsecp->vsa_aclentp, aclnode->z_acldata,
*5331Samw		    aclcnt, &aclnode->z_size)) != 0) {
*5331Samw			zfs_acl_free(aclp);
*5331Samw			zfs_acl_node_free(aclnode);
*5331Samw			return (error);
*5331Samw		}
*5331Samw	} else {
*5331Samw		if ((error = zfs_copy_ace_2_fuid(obj_type, aclp,
*5331Samw		    vsecp->vsa_aclentp, aclnode->z_acldata, aclcnt,
*5331Samw		    &aclnode->z_size)) != 0) {
*5331Samw			zfs_acl_free(aclp);
*5331Samw			zfs_acl_node_free(aclnode);
*5331Samw			return (error);
*5331Samw		}
*5331Samw	}
*5331Samw	aclp->z_acl_bytes = aclnode->z_size;
*5331Samw	aclnode->z_ace_count = aclcnt;
*5331Samw	aclp->z_acl_count = aclcnt;
*5331Samw	list_insert_head(&aclp->z_acl, aclnode);
*5331Samw
*5331Samw	/*
*5331Samw	 * If flags are being set then add them to z_hints
*5331Samw	 */
*5331Samw	if (vsecp->vsa_mask & VSA_ACE_ACLFLAGS) {
*5331Samw		if (vsecp->vsa_aclflags & ACL_PROTECTED)
*5331Samw			aclp->z_hints |= ZFS_ACL_PROTECTED;
*5331Samw		if (vsecp->vsa_aclflags & ACL_DEFAULTED)
*5331Samw			aclp->z_hints |= ZFS_ACL_DEFAULTED;
*5331Samw		if (vsecp->vsa_aclflags & ACL_AUTO_INHERIT)
*5331Samw			aclp->z_hints |= ZFS_ACL_AUTO_INHERIT;
*5331Samw	}
*5331Samw
*5331Samw	*zaclp = aclp;
*5331Samw
*5331Samw	return (0);
*5331Samw}
*5331Samw
789Sahrens/*
789Sahrens * Set a files ACL
789Sahrens */
789Sahrensint
*5331Samwzfs_setacl(znode_t *zp, vsecattr_t *vsecp, boolean_t skipaclchk, cred_t *cr)
789Sahrens{
789Sahrens	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
789Sahrens	zilog_t		*zilog = zfsvfs->z_log;
789Sahrens	ulong_t		mask = vsecp->vsa_mask & (VSA_ACE | VSA_ACECNT);
789Sahrens	dmu_tx_t	*tx;
789Sahrens	int		error;
789Sahrens	zfs_acl_t	*aclp;
*5331Samw	zfs_fuid_info_t	*fuidp = NULL;
789Sahrens
789Sahrens	if (mask == 0)
4300Smarks		return (ENOSYS);
789Sahrens
*5331Samw	if (zp->z_phys->zp_flags & ZFS_IMMUTABLE)
*5331Samw		return (EPERM);
*5331Samw
*5331Samw	if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr))
*5331Samw		return (error);
*5331Samw
*5331Samw	error = zfs_vsec_2_aclp(zfsvfs, ZTOV(zp)->v_type, vsecp, &aclp);
*5331Samw	if (error)
*5331Samw		return (error);
*5331Samw
*5331Samw	/*
*5331Samw	 * If ACL wide flags aren't being set then preserve any
*5331Samw	 * existing flags.
*5331Samw	 */
*5331Samw	if (!(vsecp->vsa_mask & VSA_ACE_ACLFLAGS)) {
*5331Samw		aclp->z_hints |= (zp->z_phys->zp_flags & V4_ACL_WIDE_FLAGS);
*5331Samw	}
789Sahrenstop:
*5331Samw	if (error = zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr)) {
*5331Samw		zfs_acl_free(aclp);
*5331Samw		return (error);
789Sahrens	}
789Sahrens
789Sahrens	mutex_enter(&zp->z_lock);
789Sahrens	mutex_enter(&zp->z_acl_lock);
789Sahrens
789Sahrens	tx = dmu_tx_create(zfsvfs->z_os);
789Sahrens	dmu_tx_hold_bonus(tx, zp->z_id);
789Sahrens
789Sahrens	if (zp->z_phys->zp_acl.z_acl_extern_obj) {
*5331Samw		/* Are we upgrading ACL? */
*5331Samw		if (zfsvfs->z_version <= ZPL_VERSION_FUID &&
*5331Samw		    zp->z_phys->zp_acl.z_acl_version ==
*5331Samw		    ZFS_ACL_VERSION_INITIAL) {
*5331Samw			dmu_tx_hold_free(tx,
*5331Samw			    zp->z_phys->zp_acl.z_acl_extern_obj,
*5331Samw			    0, DMU_OBJECT_END);
*5331Samw			dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
*5331Samw			    0, sizeof (zfs_object_ace_t) * 2048 + 6);
*5331Samw		} else {
*5331Samw			dmu_tx_hold_write(tx,
*5331Samw			    zp->z_phys->zp_acl.z_acl_extern_obj,
*5331Samw			    0, aclp->z_acl_bytes);
*5331Samw		}
*5331Samw	} else if (aclp->z_acl_bytes > ZFS_ACE_SPACE) {
*5331Samw		dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, aclp->z_acl_bytes);
*5331Samw	}
*5331Samw	if (zfsvfs->z_fuid_obj == 0) {
*5331Samw		dmu_tx_hold_bonus(tx, DMU_NEW_OBJECT);
*5331Samw			dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
*5331Samw			    SPA_MAXBLOCKSIZE);
*5331Samw		dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, FALSE, NULL);
*5331Samw	} else {
*5331Samw		dmu_tx_hold_bonus(tx, zfsvfs->z_fuid_obj);
*5331Samw		dmu_tx_hold_write(tx, zfsvfs->z_fuid_obj, 0,
*5331Samw		    SPA_MAXBLOCKSIZE);
789Sahrens	}
789Sahrens
789Sahrens	error = dmu_tx_assign(tx, zfsvfs->z_assign);
789Sahrens	if (error) {
789Sahrens		mutex_exit(&zp->z_acl_lock);
789Sahrens		mutex_exit(&zp->z_lock);
789Sahrens
789Sahrens		if (error == ERESTART && zfsvfs->z_assign == TXG_NOWAIT) {
2113Sahrens			dmu_tx_wait(tx);
2113Sahrens			dmu_tx_abort(tx);
789Sahrens			goto top;
789Sahrens		}
2113Sahrens		dmu_tx_abort(tx);
*5331Samw		zfs_acl_free(aclp);
789Sahrens		return (error);
789Sahrens	}
789Sahrens
*5331Samw	error = zfs_aclset_common(zp, aclp, &fuidp, tx);
789Sahrens	ASSERT(error == 0);
789Sahrens
*5331Samw	zfs_log_acl(zilog, tx, zp, vsecp, fuidp);
*5331Samw
*5331Samw	if (fuidp)
*5331Samw		zfs_fuid_info_free(fuidp);
789Sahrens	zfs_acl_free(aclp);
789Sahrens	dmu_tx_commit(tx);
789Sahrensdone:
789Sahrens	mutex_exit(&zp->z_acl_lock);
789Sahrens	mutex_exit(&zp->z_lock);
789Sahrens
789Sahrens	return (error);
789Sahrens}
789Sahrens
*5331Samw/*
*5331Samw * working_mode returns the permissions that were not granted
*5331Samw */
789Sahrensstatic int
*5331Samwzfs_zaccess_common(znode_t *zp, uint32_t v4_mode, uint32_t *working_mode,
*5331Samw    boolean_t *check_privs, boolean_t skipaclchk, cred_t *cr)
789Sahrens{
789Sahrens	zfs_acl_t	*aclp;
789Sahrens	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
1544Seschrock	int		error;
789Sahrens	int		access_deny = ACCESS_UNDETERMINED;
789Sahrens	uid_t		uid = crgetuid(cr);
*5331Samw	uint64_t 	who;
*5331Samw	uint16_t	type, iflags;
*5331Samw	uint16_t	entry_type;
*5331Samw	uint32_t	access_mask;
*5331Samw	zfs_ace_hdr_t	*acep = NULL;
*5331Samw	boolean_t	checkit;
*5331Samw	uid_t		fowner;
*5331Samw	uid_t		gowner;
*5331Samw
*5331Samw	/*
*5331Samw	 * Short circuit empty requests
*5331Samw	 */
*5331Samw	if (v4_mode == 0)
*5331Samw		return (0);
*5331Samw
*5331Samw	*check_privs = B_TRUE;
789Sahrens
2638Sperrin	if (zfsvfs->z_assign >= TXG_INITIAL) {		/* ZIL replay */
2638Sperrin		*working_mode = 0;
2638Sperrin		return (0);
2638Sperrin	}
789Sahrens
2638Sperrin	*working_mode = v4_mode;
789Sahrens
789Sahrens	if ((v4_mode & WRITE_MASK) &&
789Sahrens	    (zp->z_zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) &&
789Sahrens	    (!IS_DEVVP(ZTOV(zp)))) {
*5331Samw		*check_privs = B_FALSE;
789Sahrens		return (EROFS);
789Sahrens	}
789Sahrens
*5331Samw	/*
*5331Samw	 * Only check for READONLY on non-directories.
*5331Samw	 */
*5331Samw	if ((v4_mode & WRITE_MASK_DATA) &&
*5331Samw	    (((ZTOV(zp)->v_type != VDIR) &&
*5331Samw	    (zp->z_phys->zp_flags & (ZFS_READONLY | ZFS_IMMUTABLE))) ||
*5331Samw	    (ZTOV(zp)->v_type == VDIR &&
*5331Samw	    (zp->z_phys->zp_flags & ZFS_IMMUTABLE)))) {
*5331Samw		*check_privs = B_FALSE;
*5331Samw		return (EPERM);
*5331Samw	}
*5331Samw
*5331Samw	if ((v4_mode & (ACE_DELETE | ACE_DELETE_CHILD)) &&
*5331Samw	    (zp->z_phys->zp_flags & ZFS_NOUNLINK)) {
*5331Samw		*check_privs = B_FALSE;
*5331Samw		return (EPERM);
*5331Samw	}
*5331Samw
*5331Samw	if (((v4_mode & (ACE_READ_DATA|ACE_EXECUTE)) &&
*5331Samw	    (zp->z_phys->zp_flags & ZFS_AV_QUARANTINED))) {
*5331Samw		*check_privs = B_FALSE;
*5331Samw		return (EACCES);
*5331Samw	}
*5331Samw
*5331Samw	/*
*5331Samw	 * The caller requested that the ACL check be skipped.  This
*5331Samw	 * would only happen if the caller checked VOP_ACCESS() with a
*5331Samw	 * 32 bit ACE mask and already had the appropriate permissions.
*5331Samw	 */
*5331Samw	if (skipaclchk) {
*5331Samw		*working_mode = 0;
*5331Samw		return (0);
*5331Samw	}
*5331Samw
*5331Samw	zfs_fuid_map_ids(zp, &fowner, &gowner);
*5331Samw
789Sahrens	mutex_enter(&zp->z_acl_lock);
789Sahrens
*5331Samw	error = zfs_acl_node_read(zp, &aclp, B_FALSE);
1544Seschrock	if (error != 0) {
1544Seschrock		mutex_exit(&zp->z_acl_lock);
1544Seschrock		return (error);
1544Seschrock	}
1544Seschrock
*5331Samw	while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask,
*5331Samw	    &iflags, &type)) {
789Sahrens
*5331Samw		if (iflags & ACE_INHERIT_ONLY_ACE)
789Sahrens			continue;
789Sahrens
*5331Samw		entry_type = (iflags & ACE_TYPE_FLAGS);
*5331Samw
*5331Samw		checkit = B_FALSE;
*5331Samw
789Sahrens		switch (entry_type) {
789Sahrens		case ACE_OWNER:
*5331Samw			if (uid == fowner)
*5331Samw				checkit = B_TRUE;
789Sahrens			break;
*5331Samw		case OWNING_GROUP:
*5331Samw			who = gowner;
*5331Samw			/*FALLTHROUGH*/
789Sahrens		case ACE_IDENTIFIER_GROUP:
*5331Samw			checkit = zfs_groupmember(zfsvfs, who, cr);
789Sahrens			break;
789Sahrens		case ACE_EVERYONE:
*5331Samw			checkit = B_TRUE;
789Sahrens			break;
789Sahrens
789Sahrens		/* USER Entry */
789Sahrens		default:
789Sahrens			if (entry_type == 0) {
*5331Samw				uid_t newid;
*5331Samw
*5331Samw				zfs_fuid_map_id(zfsvfs, who,
*5331Samw				    ZFS_ACE_USER, &newid);
*5331Samw				if (newid != IDMAP_WK_CREATOR_OWNER_UID &&
*5331Samw				    uid == newid)
*5331Samw					checkit = B_TRUE;
789Sahrens				break;
*5331Samw			} else {
*5331Samw				zfs_acl_free(aclp);
*5331Samw				mutex_exit(&zp->z_acl_lock);
*5331Samw				return (EIO);
789Sahrens			}
*5331Samw		}
*5331Samw
*5331Samw		if (checkit) {
*5331Samw			if (access_mask & *working_mode) {
*5331Samw				if (type == ALLOW) {
*5331Samw					*working_mode &=
*5331Samw					    ~(*working_mode & access_mask);
*5331Samw					if (*working_mode == 0) {
*5331Samw						access_deny = 0;
*5331Samw					}
*5331Samw				} else if (type == DENY) {
*5331Samw					access_deny = EACCES;
*5331Samw				}
*5331Samw			}
789Sahrens		}
789Sahrens
789Sahrens		if (access_deny != ACCESS_UNDETERMINED)
789Sahrens			break;
789Sahrens	}
789Sahrens
789Sahrens	mutex_exit(&zp->z_acl_lock);
789Sahrens	zfs_acl_free(aclp);
*5331Samwout:
789Sahrens	return (access_deny);
789Sahrens}
789Sahrens
*5331Samwstatic int
*5331Samwzfs_zaccess_append(znode_t *zp, uint32_t *working_mode, boolean_t *check_privs,
*5331Samw    cred_t *cr)
*5331Samw{
*5331Samw	if (*working_mode != ACE_WRITE_DATA)
*5331Samw		return (EACCES);
*5331Samw
*5331Samw	return (zfs_zaccess_common(zp, ACE_APPEND_DATA, working_mode,
*5331Samw	    check_privs, B_FALSE, cr));
*5331Samw}
789Sahrens
789Sahrens/*
789Sahrens * Determine whether Access should be granted/denied, invoking least
789Sahrens * priv subsytem when a deny is determined.
789Sahrens */
789Sahrensint
*5331Samwzfs_zaccess(znode_t *zp, int mode, int flags, boolean_t skipaclchk, cred_t *cr)
789Sahrens{
*5331Samw	uint32_t	working_mode;
*5331Samw	int		error;
*5331Samw	int		is_attr;
*5331Samw	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
*5331Samw	boolean_t 	check_privs;
*5331Samw	znode_t		*xzp;
*5331Samw	znode_t 	*check_zp = zp;
789Sahrens
789Sahrens	is_attr = ((zp->z_phys->zp_flags & ZFS_XATTR) &&
789Sahrens	    (ZTOV(zp)->v_type == VDIR));
789Sahrens
789Sahrens	/*
789Sahrens	 * If attribute then validate against base file
789Sahrens	 */
789Sahrens	if (is_attr) {
789Sahrens		if ((error = zfs_zget(zp->z_zfsvfs,
789Sahrens		    zp->z_phys->zp_parent, &xzp)) != 0)	{
789Sahrens			return (error);
789Sahrens		}
*5331Samw
789Sahrens		check_zp = xzp;
*5331Samw
789Sahrens		/*
789Sahrens		 * fixup mode to map to xattr perms
789Sahrens		 */
789Sahrens
789Sahrens		if (mode & (ACE_WRITE_DATA|ACE_APPEND_DATA)) {
789Sahrens			mode &= ~(ACE_WRITE_DATA|ACE_APPEND_DATA);
789Sahrens			mode |= ACE_WRITE_NAMED_ATTRS;
789Sahrens		}
789Sahrens
789Sahrens		if (mode & (ACE_READ_DATA|ACE_EXECUTE)) {
789Sahrens			mode &= ~(ACE_READ_DATA|ACE_EXECUTE);
789Sahrens			mode |= ACE_READ_NAMED_ATTRS;
789Sahrens		}
789Sahrens	}
789Sahrens
*5331Samw	if ((error = zfs_zaccess_common(check_zp, mode, &working_mode,
*5331Samw	    &check_privs, skipaclchk, cr)) == 0) {
*5331Samw		if (is_attr)
*5331Samw			VN_RELE(ZTOV(xzp));
*5331Samw		return (0);
*5331Samw	}
789Sahrens
*5331Samw	if (error && check_privs == B_FALSE) {
789Sahrens		if (is_attr)
789Sahrens			VN_RELE(ZTOV(xzp));
789Sahrens		return (error);
789Sahrens	}
789Sahrens
*5331Samw	if (error && (flags & V_APPEND)) {
*5331Samw		error = zfs_zaccess_append(zp, &working_mode, &check_privs, cr);
*5331Samw	}
*5331Samw
*5331Samw	if (error && check_privs) {
*5331Samw		uid_t		owner;
*5331Samw		mode_t		checkmode = 0;
*5331Samw
*5331Samw		zfs_fuid_map_id(zfsvfs, check_zp->z_phys->zp_uid,
*5331Samw		    ZFS_OWNER, &owner);
*5331Samw
*5331Samw		/*
*5331Samw		 * First check for implicit owner permission on
*5331Samw		 * read_acl/read_attributes
*5331Samw		 */
*5331Samw
*5331Samw		error = 0;
*5331Samw		ASSERT(working_mode != 0);
*5331Samw
*5331Samw		if ((working_mode & (ACE_READ_ACL|ACE_READ_ATTRIBUTES) &&
*5331Samw		    owner == crgetuid(cr)))
*5331Samw			working_mode &= ~(ACE_READ_ACL|ACE_READ_ATTRIBUTES);
*5331Samw
*5331Samw		if (working_mode & (ACE_READ_DATA|ACE_READ_NAMED_ATTRS|
*5331Samw		    ACE_READ_ACL|ACE_READ_ATTRIBUTES))
*5331Samw			checkmode |= VREAD;
*5331Samw		if (working_mode & (ACE_WRITE_DATA|ACE_WRITE_NAMED_ATTRS|
*5331Samw		    ACE_APPEND_DATA|ACE_WRITE_ATTRIBUTES))
*5331Samw			checkmode |= VWRITE;
*5331Samw		if (working_mode & ACE_EXECUTE)
*5331Samw			checkmode |= VEXEC;
*5331Samw
*5331Samw		if (checkmode)
*5331Samw			error = secpolicy_vnode_access(cr, ZTOV(check_zp),
*5331Samw			    owner, checkmode);
*5331Samw
*5331Samw		if (error == 0 && (working_mode & ACE_WRITE_OWNER))
*5331Samw			error = secpolicy_vnode_create_gid(cr);
*5331Samw		if (error == 0 && (working_mode & ACE_WRITE_ACL))
*5331Samw			error = secpolicy_vnode_setdac(cr, owner);
*5331Samw
*5331Samw		if (error == 0 && (working_mode &
*5331Samw		    (ACE_DELETE|ACE_DELETE_CHILD)))
*5331Samw			error = secpolicy_vnode_remove(cr);
*5331Samw
*5331Samw		if (error == 0 && (working_mode & ACE_SYNCHRONIZE))
*5331Samw			error = secpolicy_vnode_owner(cr, owner);
*5331Samw
*5331Samw		if (error == 0) {
*5331Samw			/*
*5331Samw			 * See if any bits other than those already checked
*5331Samw			 * for are still present.  If so then return EACCES
*5331Samw			 */
*5331Samw			if (working_mode & ~(ZFS_CHECKED_MASKS)) {
*5331Samw				error = EACCES;
*5331Samw			}
*5331Samw		}
789Sahrens	}
789Sahrens
789Sahrens	if (is_attr)
789Sahrens		VN_RELE(ZTOV(xzp));
789Sahrens
789Sahrens	return (error);
789Sahrens}
789Sahrens
789Sahrens/*
*5331Samw * Translate traditional unix VREAD/VWRITE/VEXEC mode into
*5331Samw * native ACL format and call zfs_zaccess()
789Sahrens */
789Sahrensint
*5331Samwzfs_zaccess_rwx(znode_t *zp, mode_t mode, int flags, cred_t *cr)
789Sahrens{
*5331Samw	return (zfs_zaccess(zp, zfs_unix_to_v4(mode >> 6), flags, B_FALSE, cr));
789Sahrens}
789Sahrens
789Sahrens/*
*5331Samw * Access function for secpolicy_vnode_setattr
789Sahrens */
789Sahrensint
*5331Samwzfs_zaccess_unix(znode_t *zp, mode_t mode, cred_t *cr)
789Sahrens{
789Sahrens	int v4_mode = zfs_unix_to_v4(mode >> 6);
789Sahrens
*5331Samw	return (zfs_zaccess(zp, v4_mode, 0, B_FALSE, cr));
789Sahrens}
789Sahrens
2604Smarksstatic int
2604Smarkszfs_delete_final_check(znode_t *zp, znode_t *dzp, cred_t *cr)
2604Smarks{
2604Smarks	int error;
*5331Samw	uid_t downer;
*5331Samw	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2604Smarks
*5331Samw	zfs_fuid_map_id(zfsvfs, dzp->z_phys->zp_uid, ZFS_OWNER, &downer);
*5331Samw
*5331Samw	error = secpolicy_vnode_access(cr, ZTOV(zp), downer, S_IWRITE|S_IEXEC);
2604Smarks
2604Smarks	if (error == 0)
2604Smarks		error = zfs_sticky_remove_access(dzp, zp, cr);
2604Smarks
2604Smarks	return (error);
2604Smarks}
2604Smarks
789Sahrens/*
789Sahrens * Determine whether Access should be granted/deny, without
789Sahrens * consulting least priv subsystem.
789Sahrens *
789Sahrens *
789Sahrens * The following chart is the recommended NFSv4 enforcement for
789Sahrens * ability to delete an object.
789Sahrens *
789Sahrens *      -------------------------------------------------------
789Sahrens *      |   Parent Dir  |           Target Object Permissions |
789Sahrens *      |  permissions  |                                     |
789Sahrens *      -------------------------------------------------------
789Sahrens *      |               | ACL Allows | ACL Denies| Delete     |
789Sahrens *      |               |  Delete    |  Delete   | unspecified|
789Sahrens *      -------------------------------------------------------
789Sahrens *      |  ACL Allows   | Permit     | Permit    | Permit     |
789Sahrens *      |  DELETE_CHILD |                                     |
789Sahrens *      -------------------------------------------------------
789Sahrens *      |  ACL Denies   | Permit     | Deny      | Deny       |
789Sahrens *      |  DELETE_CHILD |            |           |            |
789Sahrens *      -------------------------------------------------------
789Sahrens *      | ACL specifies |            |           |            |
789Sahrens *      | only allow    | Permit     | Permit    | Permit     |
789Sahrens *      | write and     |            |           |            |
789Sahrens *      | execute       |            |           |            |
789Sahrens *      -------------------------------------------------------
789Sahrens *      | ACL denies    |            |           |            |
789Sahrens *      | write and     | Permit     | Deny      | Deny       |
789Sahrens *      | execute       |            |           |            |
789Sahrens *      -------------------------------------------------------
789Sahrens *         ^
789Sahrens *         |
789Sahrens *         No search privilege, can't even look up file?
789Sahrens *
789Sahrens */
789Sahrensint
789Sahrenszfs_zaccess_delete(znode_t *dzp, znode_t *zp, cred_t *cr)
789Sahrens{
*5331Samw	uint32_t dzp_working_mode = 0;
*5331Samw	uint32_t zp_working_mode = 0;
789Sahrens	int dzp_error, zp_error;
*5331Samw	boolean_t dzpcheck_privs = B_TRUE;
*5331Samw	boolean_t zpcheck_privs = B_TRUE;
789Sahrens
789Sahrens	/*
789Sahrens	 * Arghh, this check is going to require a couple of questions
789Sahrens	 * to be asked.  We want specific DELETE permissions to
789Sahrens	 * take precedence over WRITE/EXECUTE.  We don't
789Sahrens	 * want an ACL such as this to mess us up.
2604Smarks	 * user:joe:write_data:deny,user:joe:delete:allow
789Sahrens	 *
789Sahrens	 * However, deny permissions may ultimately be overridden
789Sahrens	 * by secpolicy_vnode_access().
789Sahrens	 */
789Sahrens
*5331Samw	if (zp->z_phys->zp_flags & (ZFS_IMMUTABLE | ZFS_NOUNLINK))
*5331Samw		return (EPERM);
*5331Samw
789Sahrens	dzp_error = zfs_zaccess_common(dzp, ACE_DELETE_CHILD,
*5331Samw	    &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr);
*5331Samw	zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode,
*5331Samw	    &zpcheck_privs, B_FALSE, cr);
789Sahrens
*5331Samw	if ((dzp_error && dzpcheck_privs == B_FALSE) ||
*5331Samw	    (zp_error && zpcheck_privs == B_FALSE))
789Sahrens		return (dzp_error);
789Sahrens
789Sahrens	/*
2604Smarks	 * First check the first row.
2604Smarks	 * We only need to see if parent Allows delete_child
789Sahrens	 */
1576Smarks	if ((dzp_working_mode & ACE_DELETE_CHILD) == 0)
789Sahrens		return (0);
789Sahrens
789Sahrens	/*
789Sahrens	 * Second row
2604Smarks	 * we already have the necessary information in
2604Smarks	 * zp_working_mode, zp_error and dzp_error.
789Sahrens	 */
789Sahrens
1576Smarks	if ((zp_working_mode & ACE_DELETE) == 0)
789Sahrens		return (0);
789Sahrens
789Sahrens	/*
2604Smarks	 * Now zp_error should either be EACCES which indicates
2604Smarks	 * a "deny" delete entry or ACCESS_UNDETERMINED if the "delete"
2604Smarks	 * entry exists on the target.
2604Smarks	 *
2604Smarks	 * dzp_error should be either EACCES which indicates a "deny"
2604Smarks	 * entry for delete_child or ACCESS_UNDETERMINED if no delete_child
2604Smarks	 * entry exists.  If value is EACCES then we are done
2604Smarks	 * and zfs_delete_final_check() will make the final decision
2604Smarks	 * regarding to allow the delete.
2604Smarks	 */
2604Smarks
2604Smarks	ASSERT(zp_error != 0 && dzp_error != 0);
2604Smarks	if (dzp_error == EACCES)
2604Smarks		return (zfs_delete_final_check(zp, dzp, cr));
2604Smarks
2604Smarks	/*
789Sahrens	 * Third Row
2604Smarks	 * Only need to check for write/execute on parent
789Sahrens	 */
789Sahrens
789Sahrens	dzp_error = zfs_zaccess_common(dzp, ACE_WRITE_DATA|ACE_EXECUTE,
*5331Samw	    &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr);
789Sahrens
*5331Samw	if (dzp_error && dzpcheck_privs == B_FALSE)
789Sahrens		return (dzp_error);
789Sahrens
1576Smarks	if ((dzp_working_mode & (ACE_WRITE_DATA|ACE_EXECUTE)) == 0)
2604Smarks		return (zfs_sticky_remove_access(dzp, zp, cr));
789Sahrens
789Sahrens	/*
789Sahrens	 * Fourth Row
789Sahrens	 */
789Sahrens
1576Smarks	if (((dzp_working_mode & (ACE_WRITE_DATA|ACE_EXECUTE)) != 0) &&
1576Smarks	    ((zp_working_mode & ACE_DELETE) == 0))
2604Smarks		return (zfs_sticky_remove_access(dzp, zp, cr));
789Sahrens
2604Smarks	return (zfs_delete_final_check(zp, dzp, cr));
789Sahrens}
789Sahrens
789Sahrensint
789Sahrenszfs_zaccess_rename(znode_t *sdzp, znode_t *szp, znode_t *tdzp,
789Sahrens    znode_t *tzp, cred_t *cr)
789Sahrens{
789Sahrens	int add_perm;
789Sahrens	int error;
789Sahrens
*5331Samw	if (szp->z_phys->zp_flags & ZFS_AV_QUARANTINED)
*5331Samw		return (EACCES);
*5331Samw
789Sahrens	add_perm = (ZTOV(szp)->v_type == VDIR) ?
789Sahrens	    ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE;
789Sahrens
789Sahrens	/*
789Sahrens	 * Rename permissions are combination of delete permission +
789Sahrens	 * add file/subdir permission.
789Sahrens	 */
789Sahrens
789Sahrens	/*
789Sahrens	 * first make sure we do the delete portion.
789Sahrens	 *
789Sahrens	 * If that succeeds then check for add_file/add_subdir permissions
789Sahrens	 */
789Sahrens
789Sahrens	if (error = zfs_zaccess_delete(sdzp, szp, cr))
789Sahrens		return (error);
789Sahrens
789Sahrens	/*
789Sahrens	 * If we have a tzp, see if we can delete it?
789Sahrens	 */
789Sahrens	if (tzp) {
789Sahrens		if (error = zfs_zaccess_delete(tdzp, tzp, cr))
789Sahrens			return (error);
789Sahrens	}
789Sahrens
789Sahrens	/*
789Sahrens	 * Now check for add permissions
789Sahrens	 */
*5331Samw	error = zfs_zaccess(tdzp, add_perm, 0, B_FALSE, cr);
789Sahrens
789Sahrens	return (error);
789Sahrens}