Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/contrib/openzfs/module/zcommon/zfs_deleg.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or https://opensource.org/licenses/CDDL-1.0. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright 2010 Nexenta Systems, Inc. All rights reserved. 24 * Copyright (c) 2013, 2015 by Delphix. All rights reserved. 25 * Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com> 26 */ 27 28 #include <sys/zfs_context.h> 29 30 #if defined(_KERNEL) 31 #include <sys/sunddi.h> 32 #include <sys/ctype.h> 33 #else 34 #include <stdio.h> 35 #include <unistd.h> 36 #include <libnvpair.h> 37 #include <ctype.h> 38 #endif 39 #include <sys/string.h> 40 #include <sys/dsl_deleg.h> 41 #include "zfs_prop.h" 42 #include "zfs_deleg.h" 43 #include "zfs_namecheck.h" 44 45 const zfs_deleg_perm_tab_t zfs_deleg_perm_tab[] = { 46 {ZFS_DELEG_PERM_ALLOW}, 47 {ZFS_DELEG_PERM_BOOKMARK}, 48 {ZFS_DELEG_PERM_CLONE}, 49 {ZFS_DELEG_PERM_CREATE}, 50 {ZFS_DELEG_PERM_DESTROY}, 51 {ZFS_DELEG_PERM_DIFF}, 52 {ZFS_DELEG_PERM_MOUNT}, 53 {ZFS_DELEG_PERM_PROMOTE}, 54 {ZFS_DELEG_PERM_RECEIVE}, 55 {ZFS_DELEG_PERM_RENAME}, 56 {ZFS_DELEG_PERM_ROLLBACK}, 57 {ZFS_DELEG_PERM_SNAPSHOT}, 58 {ZFS_DELEG_PERM_SHARE}, 59 {ZFS_DELEG_PERM_SEND}, 60 {ZFS_DELEG_PERM_USERPROP}, 61 {ZFS_DELEG_PERM_USERQUOTA}, 62 {ZFS_DELEG_PERM_GROUPQUOTA}, 63 {ZFS_DELEG_PERM_USERUSED}, 64 {ZFS_DELEG_PERM_GROUPUSED}, 65 {ZFS_DELEG_PERM_USEROBJQUOTA}, 66 {ZFS_DELEG_PERM_GROUPOBJQUOTA}, 67 {ZFS_DELEG_PERM_USEROBJUSED}, 68 {ZFS_DELEG_PERM_GROUPOBJUSED}, 69 {ZFS_DELEG_PERM_HOLD}, 70 {ZFS_DELEG_PERM_RELEASE}, 71 {ZFS_DELEG_PERM_LOAD_KEY}, 72 {ZFS_DELEG_PERM_CHANGE_KEY}, 73 {ZFS_DELEG_PERM_PROJECTUSED}, 74 {ZFS_DELEG_PERM_PROJECTQUOTA}, 75 {ZFS_DELEG_PERM_PROJECTOBJUSED}, 76 {ZFS_DELEG_PERM_PROJECTOBJQUOTA}, 77 {NULL} 78 }; 79 80 static int 81 zfs_valid_permission_name(const char *perm) 82 { 83 if (zfs_deleg_canonicalize_perm(perm)) 84 return (0); 85 86 return (permset_namecheck(perm, NULL, NULL)); 87 } 88 89 const char * 90 zfs_deleg_canonicalize_perm(const char *perm) 91 { 92 for (int i = 0; zfs_deleg_perm_tab[i].z_perm != NULL; i++) { 93 if (strcmp(perm, zfs_deleg_perm_tab[i].z_perm) == 0) 94 return (perm); 95 } 96 97 zfs_prop_t prop = zfs_name_to_prop(perm); 98 if (prop != ZPROP_INVAL && zfs_prop_delegatable(prop)) 99 return (zfs_prop_to_name(prop)); 100 return (NULL); 101 102 } 103 104 static int 105 zfs_validate_who(char *who) 106 { 107 char *p; 108 109 if (who[2] != ZFS_DELEG_FIELD_SEP_CHR) 110 return (-1); 111 112 switch (who[0]) { 113 case ZFS_DELEG_USER: 114 case ZFS_DELEG_GROUP: 115 case ZFS_DELEG_USER_SETS: 116 case ZFS_DELEG_GROUP_SETS: 117 if (who[1] != ZFS_DELEG_LOCAL && who[1] != ZFS_DELEG_DESCENDENT) 118 return (-1); 119 for (p = &who[3]; *p; p++) 120 if (!isdigit(*p)) 121 return (-1); 122 break; 123 124 case ZFS_DELEG_NAMED_SET: 125 case ZFS_DELEG_NAMED_SET_SETS: 126 if (who[1] != ZFS_DELEG_NA) 127 return (-1); 128 return (permset_namecheck(&who[3], NULL, NULL)); 129 130 case ZFS_DELEG_CREATE: 131 case ZFS_DELEG_CREATE_SETS: 132 if (who[1] != ZFS_DELEG_NA) 133 return (-1); 134 if (who[3] != '\0') 135 return (-1); 136 break; 137 138 case ZFS_DELEG_EVERYONE: 139 case ZFS_DELEG_EVERYONE_SETS: 140 if (who[1] != ZFS_DELEG_LOCAL && who[1] != ZFS_DELEG_DESCENDENT) 141 return (-1); 142 if (who[3] != '\0') 143 return (-1); 144 break; 145 146 default: 147 return (-1); 148 } 149 150 return (0); 151 } 152 153 int 154 zfs_deleg_verify_nvlist(nvlist_t *nvp) 155 { 156 nvpair_t *who, *perm_name; 157 nvlist_t *perms; 158 int error; 159 160 if (nvp == NULL) 161 return (-1); 162 163 who = nvlist_next_nvpair(nvp, NULL); 164 if (who == NULL) 165 return (-1); 166 167 do { 168 if (zfs_validate_who(nvpair_name(who))) 169 return (-1); 170 171 error = nvlist_lookup_nvlist(nvp, nvpair_name(who), &perms); 172 173 if (error && error != ENOENT) 174 return (-1); 175 if (error == ENOENT) 176 continue; 177 178 perm_name = nvlist_next_nvpair(perms, NULL); 179 if (perm_name == NULL) { 180 return (-1); 181 } 182 do { 183 error = zfs_valid_permission_name( 184 nvpair_name(perm_name)); 185 if (error) 186 return (-1); 187 } while ((perm_name = nvlist_next_nvpair(perms, perm_name)) 188 != NULL); 189 } while ((who = nvlist_next_nvpair(nvp, who)) != NULL); 190 return (0); 191 } 192 193 /* 194 * Construct the base attribute name. The base attribute names 195 * are the "key" to locate the jump objects which contain the actual 196 * permissions. The base attribute names are encoded based on 197 * type of entry and whether it is a local or descendent permission. 198 * 199 * Arguments: 200 * attr - attribute name return string, attribute is assumed to be 201 * ZFS_MAX_DELEG_NAME long. 202 * type - type of entry to construct 203 * inheritchr - inheritance type (local,descendent, or NA for create and 204 * permission set definitions 205 * data - is either a permission set name or a 64 bit uid/gid. 206 */ 207 void 208 zfs_deleg_whokey(char *attr, zfs_deleg_who_type_t type, 209 char inheritchr, void *data) 210 { 211 int len = ZFS_MAX_DELEG_NAME; 212 uint64_t *id = data; 213 214 switch (type) { 215 case ZFS_DELEG_USER: 216 case ZFS_DELEG_GROUP: 217 case ZFS_DELEG_USER_SETS: 218 case ZFS_DELEG_GROUP_SETS: 219 (void) snprintf(attr, len, "%c%c%c%lld", type, inheritchr, 220 ZFS_DELEG_FIELD_SEP_CHR, (longlong_t)*id); 221 break; 222 case ZFS_DELEG_NAMED_SET_SETS: 223 case ZFS_DELEG_NAMED_SET: 224 (void) snprintf(attr, len, "%c-%c%s", type, 225 ZFS_DELEG_FIELD_SEP_CHR, (char *)data); 226 break; 227 case ZFS_DELEG_CREATE: 228 case ZFS_DELEG_CREATE_SETS: 229 (void) snprintf(attr, len, "%c-%c", type, 230 ZFS_DELEG_FIELD_SEP_CHR); 231 break; 232 case ZFS_DELEG_EVERYONE: 233 case ZFS_DELEG_EVERYONE_SETS: 234 (void) snprintf(attr, len, "%c%c%c", type, inheritchr, 235 ZFS_DELEG_FIELD_SEP_CHR); 236 break; 237 default: 238 ASSERT(!"bad zfs_deleg_who_type_t"); 239 } 240 } 241 242 #if defined(_KERNEL) 243 EXPORT_SYMBOL(zfs_deleg_verify_nvlist); 244 EXPORT_SYMBOL(zfs_deleg_whokey); 245 EXPORT_SYMBOL(zfs_deleg_canonicalize_perm); 246 #endif
Cache object: ab09c85babf82158112f35e2e9524685
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]