Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/contrib/openzfs/module/zcommon/zfs_deleg.c
48383 views
1
// SPDX-License-Identifier: CDDL-1.0

2
/*

3
 * CDDL HEADER START

4
 *

5
 * The contents of this file are subject to the terms of the

6
 * Common Development and Distribution License (the "License").

7
 * You may not use this file except in compliance with the License.

8
 *

9
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE

10
 * or https://opensource.org/licenses/CDDL-1.0.

11
 * See the License for the specific language governing permissions

12
 * and limitations under the License.

13
 *

14
 * When distributing Covered Code, include this CDDL HEADER in each

15
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.

16
 * If applicable, add the following below this CDDL HEADER, with the

17
 * fields enclosed by brackets "[]" replaced with your own identifying

18
 * information: Portions Copyright [yyyy] [name of copyright owner]

19
 *

20
 * CDDL HEADER END

21
 */

22
/*

23
 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.

24
 * Copyright 2010 Nexenta Systems, Inc. All rights reserved.

25
 * Copyright (c) 2013, 2015 by Delphix. All rights reserved.

26
 * Copyright 2016 Igor Kozhukhov <[email protected]>

27
 */

28


29
#include <sys/zfs_context.h>

30


31
#if defined(_KERNEL)

32
#include <sys/sunddi.h>

33
#include <sys/ctype.h>

34
#else

35
#include <stdio.h>

36
#include <unistd.h>

37
#include <libnvpair.h>

38
#include <ctype.h>

39
#endif

40
#include <sys/string.h>

41
#include <sys/dsl_deleg.h>

42
#include "zfs_prop.h"

43
#include "zfs_deleg.h"

44
#include "zfs_namecheck.h"

45


46
const zfs_deleg_perm_tab_t zfs_deleg_perm_tab[] = {

47
	{ZFS_DELEG_PERM_ALLOW},

48
	{ZFS_DELEG_PERM_BOOKMARK},

49
	{ZFS_DELEG_PERM_CLONE},

50
	{ZFS_DELEG_PERM_CREATE},

51
	{ZFS_DELEG_PERM_DESTROY},

52
	{ZFS_DELEG_PERM_DIFF},

53
	{ZFS_DELEG_PERM_MOUNT},

54
	{ZFS_DELEG_PERM_PROMOTE},

55
	{ZFS_DELEG_PERM_RECEIVE},

56
	{ZFS_DELEG_PERM_RECEIVE_APPEND},

57
	{ZFS_DELEG_PERM_RENAME},

58
	{ZFS_DELEG_PERM_ROLLBACK},

59
	{ZFS_DELEG_PERM_SNAPSHOT},

60
	{ZFS_DELEG_PERM_SHARE},

61
	{ZFS_DELEG_PERM_SEND},

62
	{ZFS_DELEG_PERM_SEND_RAW},

63
	{ZFS_DELEG_PERM_USERPROP},

64
	{ZFS_DELEG_PERM_USERQUOTA},

65
	{ZFS_DELEG_PERM_GROUPQUOTA},

66
	{ZFS_DELEG_PERM_USERUSED},

67
	{ZFS_DELEG_PERM_GROUPUSED},

68
	{ZFS_DELEG_PERM_USEROBJQUOTA},

69
	{ZFS_DELEG_PERM_GROUPOBJQUOTA},

70
	{ZFS_DELEG_PERM_USEROBJUSED},

71
	{ZFS_DELEG_PERM_GROUPOBJUSED},

72
	{ZFS_DELEG_PERM_HOLD},

73
	{ZFS_DELEG_PERM_RELEASE},

74
	{ZFS_DELEG_PERM_LOAD_KEY},

75
	{ZFS_DELEG_PERM_CHANGE_KEY},

76
	{ZFS_DELEG_PERM_PROJECTUSED},

77
	{ZFS_DELEG_PERM_PROJECTQUOTA},

78
	{ZFS_DELEG_PERM_PROJECTOBJUSED},

79
	{ZFS_DELEG_PERM_PROJECTOBJQUOTA},

80
	{NULL}

81
};

82


83
static int

84
zfs_valid_permission_name(const char *perm)

85
{

86
	if (zfs_deleg_canonicalize_perm(perm))

87
		return (0);

88


89
	return (permset_namecheck(perm, NULL, NULL));

90
}

91


92
const char *

93
zfs_deleg_canonicalize_perm(const char *perm)

94
{

95
	for (int i = 0; zfs_deleg_perm_tab[i].z_perm != NULL; i++) {

96
		if (strcmp(perm, zfs_deleg_perm_tab[i].z_perm) == 0)

97
			return (perm);

98
	}

99


100
	zfs_prop_t prop = zfs_name_to_prop(perm);

101
	if (prop != ZPROP_INVAL && zfs_prop_delegatable(prop))

102
		return (zfs_prop_to_name(prop));

103
	return (NULL);

104


105
}

106


107
static int

108
zfs_validate_who(const char *who)

109
{

110
	const char *p;

111


112
	if (who[2] != ZFS_DELEG_FIELD_SEP_CHR)

113
		return (-1);

114


115
	switch (who[0]) {

116
	case ZFS_DELEG_USER:

117
	case ZFS_DELEG_GROUP:

118
	case ZFS_DELEG_USER_SETS:

119
	case ZFS_DELEG_GROUP_SETS:

120
		if (who[1] != ZFS_DELEG_LOCAL && who[1] != ZFS_DELEG_DESCENDENT)

121
			return (-1);

122
		for (p = &who[3]; *p; p++)

123
			if (!isdigit(*p))

124
				return (-1);

125
		break;

126


127
	case ZFS_DELEG_NAMED_SET:

128
	case ZFS_DELEG_NAMED_SET_SETS:

129
		if (who[1] != ZFS_DELEG_NA)

130
			return (-1);

131
		return (permset_namecheck(&who[3], NULL, NULL));

132


133
	case ZFS_DELEG_CREATE:

134
	case ZFS_DELEG_CREATE_SETS:

135
		if (who[1] != ZFS_DELEG_NA)

136
			return (-1);

137
		if (who[3] != '\0')

138
			return (-1);

139
		break;

140


141
	case ZFS_DELEG_EVERYONE:

142
	case ZFS_DELEG_EVERYONE_SETS:

143
		if (who[1] != ZFS_DELEG_LOCAL && who[1] != ZFS_DELEG_DESCENDENT)

144
			return (-1);

145
		if (who[3] != '\0')

146
			return (-1);

147
		break;

148


149
	default:

150
		return (-1);

151
	}

152


153
	return (0);

154
}

155


156
int

157
zfs_deleg_verify_nvlist(nvlist_t *nvp)

158
{

159
	nvpair_t *who, *perm_name;

160
	nvlist_t *perms;

161
	int error;

162


163
	if (nvp == NULL)

164
		return (-1);

165


166
	who = nvlist_next_nvpair(nvp, NULL);

167
	if (who == NULL)

168
		return (-1);

169


170
	do {

171
		if (zfs_validate_who(nvpair_name(who)))

172
			return (-1);

173


174
		error = nvlist_lookup_nvlist(nvp, nvpair_name(who), &perms);

175


176
		if (error && error != ENOENT)

177
			return (-1);

178
		if (error == ENOENT)

179
			continue;

180


181
		perm_name = nvlist_next_nvpair(perms, NULL);

182
		if (perm_name == NULL) {

183
			return (-1);

184
		}

185
		do {

186
			error = zfs_valid_permission_name(

187
			    nvpair_name(perm_name));

188
			if (error)

189
				return (-1);

190
		} while ((perm_name = nvlist_next_nvpair(perms, perm_name))

191
		    != NULL);

192
	} while ((who = nvlist_next_nvpair(nvp, who)) != NULL);

193
	return (0);

194
}

195


196
/*

197
 * Construct the base attribute name.  The base attribute names

198
 * are the "key" to locate the jump objects which contain the actual

199
 * permissions.  The base attribute names are encoded based on

200
 * type of entry and whether it is a local or descendent permission.

201
 *

202
 * Arguments:

203
 * attr - attribute name return string, attribute is assumed to be

204
 *        ZFS_MAX_DELEG_NAME long.

205
 * type - type of entry to construct

206
 * inheritchr - inheritance type (local,descendent, or NA for create and

207
 *                               permission set definitions

208
 * data - is either a permission set name or a 64 bit uid/gid.

209
 */

210
void

211
zfs_deleg_whokey(char *attr, zfs_deleg_who_type_t type,

212
    char inheritchr, void *data)

213
{

214
	int len = ZFS_MAX_DELEG_NAME;

215
	uint64_t *id = data;

216


217
	switch (type) {

218
	case ZFS_DELEG_USER:

219
	case ZFS_DELEG_GROUP:

220
	case ZFS_DELEG_USER_SETS:

221
	case ZFS_DELEG_GROUP_SETS:

222
		(void) snprintf(attr, len, "%c%c%c%lld", type, inheritchr,

223
		    ZFS_DELEG_FIELD_SEP_CHR, (longlong_t)*id);

224
		break;

225
	case ZFS_DELEG_NAMED_SET_SETS:

226
	case ZFS_DELEG_NAMED_SET:

227
		(void) snprintf(attr, len, "%c-%c%s", type,

228
		    ZFS_DELEG_FIELD_SEP_CHR, (char *)data);

229
		break;

230
	case ZFS_DELEG_CREATE:

231
	case ZFS_DELEG_CREATE_SETS:

232
		(void) snprintf(attr, len, "%c-%c", type,

233
		    ZFS_DELEG_FIELD_SEP_CHR);

234
		break;

235
	case ZFS_DELEG_EVERYONE:

236
	case ZFS_DELEG_EVERYONE_SETS:

237
		(void) snprintf(attr, len, "%c%c%c", type, inheritchr,

238
		    ZFS_DELEG_FIELD_SEP_CHR);

239
		break;

240
	default:

241
		ASSERT(!"bad zfs_deleg_who_type_t");

242
	}

243
}

244


245
#if defined(_KERNEL)

246
EXPORT_SYMBOL(zfs_deleg_verify_nvlist);

247
EXPORT_SYMBOL(zfs_deleg_whokey);

248
EXPORT_SYMBOL(zfs_deleg_canonicalize_perm);

249
#endif

250


251