1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/stat.h> 28 #include <sys/errno.h> 29 #include <sys/kmem.h> 30 #include <sys/t_lock.h> 31 #include <sys/ksynch.h> 32 #include <sys/buf.h> 33 #include <sys/vfs.h> 34 #include <sys/vnode.h> 35 #include <sys/mode.h> 36 #include <sys/systm.h> 37 #include <vm/seg.h> 38 #include <sys/file.h> 39 #include <sys/acl.h> 40 #include <sys/fs/ufs_inode.h> 41 #include <sys/fs/ufs_acl.h> 42 #include <sys/fs/ufs_quota.h> 43 #include <sys/sysmacros.h> 44 #include <sys/debug.h> 45 #include <sys/policy.h> 46 47 /* Cache routines */ 48 static int si_signature(si_t *); 49 static int si_cachei_get(struct inode *, si_t **); 50 static int si_cachea_get(struct inode *, si_t *, si_t **); 51 static int si_cmp(si_t *, si_t *); 52 static void si_cache_put(si_t *); 53 void si_cache_del(si_t *, int); 54 void si_cache_init(void); 55 56 static void ufs_si_free_mem(si_t *); 57 static int ufs_si_store(struct inode *, si_t *, int, cred_t *); 58 static si_t *ufs_acl_cp(si_t *); 59 static int ufs_sectobuf(si_t *, caddr_t *, size_t *); 60 static int acl_count(ufs_ic_acl_t *); 61 static int acl_validate(aclent_t *, int, int); 62 static int vsecattr2aclentry(vsecattr_t *, si_t **); 63 static int aclentry2vsecattr(si_t *, vsecattr_t *); 64 65 krwlock_t si_cache_lock; /* Protects si_cache */ 66 int si_cachecnt = 64; /* # buckets in si_cache[a|i] */ 67 si_t **si_cachea; /* The 'by acl' cache chains */ 68 si_t **si_cachei; /* The 'by inode' cache chains */ 69 long si_cachehit = 0; 70 long si_cachemiss = 0; 71 72 #define SI_HASH(S) ((int)(S) & (si_cachecnt - 1)) 73 74 /* 75 * Store the new acls in aclp. Attempts to make things atomic. 76 * Search the acl cache for an identical sp and, if found, attach 77 * the cache'd acl to ip. If the acl is new (not in the cache), 78 * add it to the cache, then attach it to ip. Last, remove and 79 * decrement the reference count of any prior acl list attached 80 * to the ip. 81 * 82 * Parameters: 83 * ip - Ptr to inode to receive the acl list 84 * sp - Ptr to in-core acl structure to attach to the inode. 85 * puship - 0 do not push the object inode(ip) 1 push the ip 86 * cr - Ptr to credentials 87 * 88 * Returns: 0 - Success 89 * N - From errno.h 90 */ 91 static int 92 ufs_si_store(struct inode *ip, si_t *sp, int puship, cred_t *cr) 93 { 94 struct vfs *vfsp; 95 struct inode *sip; 96 si_t *oldsp; 97 si_t *csp; 98 caddr_t acldata; 99 ino_t oldshadow; 100 size_t acldatalen; 101 off_t offset; 102 int shadow; 103 int err; 104 int refcnt; 105 int usecnt; 106 int signature; 107 int resid; 108 struct ufsvfs *ufsvfsp = ip->i_ufsvfs; 109 struct fs *fs = ufsvfsp->vfs_fs; 110 111 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 112 ASSERT(ip->i_ufs_acl != sp); 113 114 if (!CHECK_ACL_ALLOWED(ip->i_mode & IFMT)) 115 return (ENOSYS); 116 117 /* 118 * if there are only the three owner/group/other then do not 119 * create a shadow inode. If there is already a shadow with 120 * the file, remove it. 121 * 122 */ 123 if (!sp->ausers && 124 !sp->agroups && 125 !sp->downer && 126 !sp->dgroup && 127 !sp->dother && 128 sp->dclass.acl_ismask == 0 && 129 !sp->dusers && 130 !sp->dgroups) { 131 if (ip->i_ufs_acl) 132 err = ufs_si_free(ip->i_ufs_acl, ITOV(ip)->v_vfsp, cr); 133 ip->i_ufs_acl = NULL; 134 ip->i_shadow = 0; 135 ip->i_flag |= IMOD | IACC; 136 ip->i_mode = (ip->i_smode & ~0777) | 137 ((sp->aowner->acl_ic_perm & 07) << 6) | 138 (MASK2MODE(sp)) | 139 (sp->aother->acl_ic_perm & 07); 140 TRANS_INODE(ip->i_ufsvfs, ip); 141 ufs_iupdat(ip, 1); 142 ufs_si_free_mem(sp); 143 return (0); 144 } 145 146 loop: 147 148 /* 149 * Check cache. If in cache, use existing shadow inode. 150 * Increment the shadow link count, then attach to the 151 * cached ufs_acl_entry struct, and increment it's reference 152 * count. Then discard the passed-in ufs_acl_entry and 153 * return. 154 */ 155 if (si_cachea_get(ip, sp, &csp) == 0) { 156 ASSERT(RW_WRITE_HELD(&csp->s_lock)); 157 if (ip->i_ufs_acl == csp) { 158 rw_exit(&csp->s_lock); 159 (void) ufs_si_free_mem(sp); 160 return (0); 161 } 162 vfsp = ITOV(ip)->v_vfsp; 163 ASSERT(csp->s_shadow <= INT_MAX); 164 shadow = (int)csp->s_shadow; 165 /* 166 * We can't call ufs_iget while holding the csp locked, 167 * because we might deadlock. So we drop the 168 * lock on csp, then go search the si_cache again 169 * to see if the csp is still there. 170 */ 171 rw_exit(&csp->s_lock); 172 if ((err = ufs_iget(vfsp, shadow, &sip, cr)) != 0) { 173 (void) ufs_si_free_mem(sp); 174 return (EIO); 175 } 176 rw_enter(&sip->i_contents, RW_WRITER); 177 if ((sip->i_mode & IFMT) != IFSHAD || sip->i_nlink <= 0) { 178 rw_exit(&sip->i_contents); 179 VN_RELE(ITOV(sip)); 180 goto loop; 181 } 182 /* Get the csp again */ 183 if (si_cachea_get(ip, sp, &csp) != 0) { 184 rw_exit(&sip->i_contents); 185 VN_RELE(ITOV(sip)); 186 goto loop; 187 } 188 ASSERT(RW_WRITE_HELD(&csp->s_lock)); 189 /* See if we got the right shadow */ 190 if (csp->s_shadow != shadow) { 191 rw_exit(&csp->s_lock); 192 rw_exit(&sip->i_contents); 193 VN_RELE(ITOV(sip)); 194 goto loop; 195 } 196 ASSERT(RW_WRITE_HELD(&sip->i_contents)); 197 ASSERT(sip->i_dquot == 0); 198 /* Increment link count */ 199 ASSERT(sip->i_nlink > 0); 200 sip->i_nlink++; 201 TRANS_INODE(ufsvfsp, sip); 202 csp->s_use = sip->i_nlink; 203 csp->s_ref++; 204 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use); 205 sip->i_flag |= ICHG | IMOD; 206 sip->i_seq++; 207 ITIMES_NOLOCK(sip); 208 /* 209 * Always release s_lock before both releasing i_contents 210 * and calling VN_RELE. 211 */ 212 rw_exit(&csp->s_lock); 213 rw_exit(&sip->i_contents); 214 VN_RELE(ITOV(sip)); 215 (void) ufs_si_free_mem(sp); 216 sp = csp; 217 si_cachehit++; 218 goto switchshadows; 219 } 220 221 /* Alloc a shadow inode and fill it in */ 222 err = ufs_ialloc(ip, ip->i_number, (mode_t)IFSHAD, &sip, cr); 223 if (err) { 224 (void) ufs_si_free_mem(sp); 225 return (err); 226 } 227 rw_enter(&sip->i_contents, RW_WRITER); 228 sip->i_flag |= IACC | IUPD | ICHG; 229 sip->i_seq++; 230 sip->i_mode = (o_mode_t)IFSHAD; 231 ITOV(sip)->v_type = VREG; 232 ufs_reset_vnode(ITOV(sip)); 233 sip->i_nlink = 1; 234 sip->i_uid = crgetuid(cr); 235 sip->i_suid = (ulong_t)sip->i_uid > (ulong_t)USHRT_MAX ? 236 UID_LONG : sip->i_uid; 237 sip->i_gid = crgetgid(cr); 238 sip->i_sgid = (ulong_t)sip->i_gid > (ulong_t)USHRT_MAX ? 239 GID_LONG : sip->i_gid; 240 sip->i_shadow = 0; 241 TRANS_INODE(ufsvfsp, sip); 242 sip->i_ufs_acl = NULL; 243 ASSERT(sip->i_size == 0); 244 245 sp->s_shadow = sip->i_number; 246 247 if ((err = ufs_sectobuf(sp, &acldata, &acldatalen)) != 0) 248 goto errout; 249 offset = 0; 250 251 /* 252 * We don't actually care about the residual count upon failure, 253 * but giving ufs_rdwri() the pointer means it won't translate 254 * all failures to EIO. Our caller needs to know when ENOSPC 255 * gets hit. 256 */ 257 resid = 0; 258 if (((err = ufs_rdwri(UIO_WRITE, FWRITE|FSYNC, sip, acldata, 259 acldatalen, (offset_t)0, UIO_SYSSPACE, &resid, cr)) != 0) || 260 (resid != 0)) { 261 kmem_free(acldata, acldatalen); 262 if ((resid != 0) && (err == 0)) 263 err = ENOSPC; 264 goto errout; 265 } 266 267 offset += acldatalen; 268 if ((acldatalen + fs->fs_bsize) > ufsvfsp->vfs_maxacl) 269 ufsvfsp->vfs_maxacl = acldatalen + fs->fs_bsize; 270 271 kmem_free(acldata, acldatalen); 272 /* Sync & free the shadow inode */ 273 ufs_iupdat(sip, 1); 274 rw_exit(&sip->i_contents); 275 VN_RELE(ITOV(sip)); 276 277 /* We're committed to using this sp */ 278 sp->s_use = 1; 279 sp->s_ref = 1; 280 281 /* Now put the new acl stuff in the cache */ 282 /* XXX Might make a duplicate */ 283 si_cache_put(sp); 284 si_cachemiss++; 285 286 switchshadows: 287 /* Now switch the parent inode to use the new shadow inode */ 288 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 289 rw_enter(&sp->s_lock, RW_READER); 290 oldsp = ip->i_ufs_acl; 291 oldshadow = ip->i_shadow; 292 ip->i_ufs_acl = sp; 293 ASSERT(sp->s_shadow <= INT_MAX); 294 ip->i_shadow = (int32_t)sp->s_shadow; 295 ASSERT(oldsp != sp); 296 ASSERT(oldshadow != ip->i_number); 297 ASSERT(ip->i_number != ip->i_shadow); 298 /* 299 * Change the mode bits to follow the acl list 300 * 301 * NOTE: a directory is not required to have a "regular" acl 302 * bug id's 1238908, 1257173, 1263171 and 1263188 303 * 304 * but if a "regular" acl is present, it must contain 305 * an "owner", "group", and "other" acl 306 * 307 * If an ACL mask exists, the effective group rights are 308 * set to the mask. Otherwise, the effective group rights 309 * are set to the object group bits. 310 */ 311 if (sp->aowner) { /* Owner */ 312 ip->i_mode &= ~0700; /* clear Owner */ 313 ip->i_mode |= (sp->aowner->acl_ic_perm & 07) << 6; 314 ip->i_uid = sp->aowner->acl_ic_who; 315 } 316 317 if (sp->agroup) { /* Group */ 318 ip->i_mode &= ~0070; /* clear Group */ 319 ip->i_mode |= MASK2MODE(sp); /* apply mask */ 320 ip->i_gid = sp->agroup->acl_ic_who; 321 } 322 323 if (sp->aother) { /* Other */ 324 ip->i_mode &= ~0007; /* clear Other */ 325 ip->i_mode |= (sp->aother->acl_ic_perm & 07); 326 } 327 328 if (sp->aclass.acl_ismask) 329 ip->i_mode = (ip->i_mode & ~070) | 330 (((sp->aclass.acl_maskbits & 07) << 3) & 331 ip->i_mode); 332 333 TRANS_INODE(ufsvfsp, ip); 334 rw_exit(&sp->s_lock); 335 ip->i_flag |= ICHG; 336 ip->i_seq++; 337 /* 338 * when creating a file there is no need to push the inode, it 339 * is pushed later 340 */ 341 if (puship == 1) 342 ufs_iupdat(ip, 1); 343 344 /* 345 * Decrement link count on the old shadow inode, 346 * and decrement reference count on the old aclp, 347 */ 348 if (oldshadow) { 349 /* Get the shadow inode */ 350 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 351 vfsp = ITOV(ip)->v_vfsp; 352 if ((err = ufs_iget_alloced(vfsp, oldshadow, &sip, cr)) != 0) { 353 return (EIO); 354 } 355 /* Decrement link count */ 356 rw_enter(&sip->i_contents, RW_WRITER); 357 if (oldsp) 358 rw_enter(&oldsp->s_lock, RW_WRITER); 359 ASSERT(sip->i_dquot == 0); 360 ASSERT(sip->i_nlink > 0); 361 usecnt = --sip->i_nlink; 362 ufs_setreclaim(sip); 363 TRANS_INODE(ufsvfsp, sip); 364 sip->i_flag |= ICHG | IMOD; 365 sip->i_seq++; 366 ITIMES_NOLOCK(sip); 367 if (oldsp) { 368 oldsp->s_use = usecnt; 369 refcnt = --oldsp->s_ref; 370 signature = oldsp->s_signature; 371 /* 372 * Always release s_lock before both releasing 373 * i_contents and calling VN_RELE. 374 */ 375 rw_exit(&oldsp->s_lock); 376 } 377 rw_exit(&sip->i_contents); 378 VN_RELE(ITOV(sip)); 379 if (oldsp && (refcnt == 0)) 380 si_cache_del(oldsp, signature); 381 } 382 return (0); 383 384 errout: 385 /* Throw the newly alloc'd inode away */ 386 sip->i_nlink = 0; 387 ufs_setreclaim(sip); 388 TRANS_INODE(ufsvfsp, sip); 389 ITIMES_NOLOCK(sip); 390 rw_exit(&sip->i_contents); 391 VN_RELE(ITOV(sip)); 392 ASSERT(!sp->s_use && !sp->s_ref && !(sp->s_flags & SI_CACHED)); 393 (void) ufs_si_free_mem(sp); 394 return (err); 395 } 396 397 /* 398 * Load the acls for inode ip either from disk (adding to the cache), 399 * or search the cache and attach the cache'd acl list to the ip. 400 * In either case, maintain the proper reference count on the cached entry. 401 * 402 * Parameters: 403 * ip - Ptr to the inode which needs the acl list loaded 404 * cr - Ptr to credentials 405 * 406 * Returns: 0 - Success 407 * N - From errno.h 408 */ 409 int 410 ufs_si_load(struct inode *ip, cred_t *cr) 411 /* 412 * ip parent inode in 413 * cr credentials in 414 */ 415 { 416 struct vfs *vfsp; 417 struct inode *sip; 418 ufs_fsd_t *fsdp; 419 si_t *sp; 420 vsecattr_t vsecattr = { 421 (uint_t)0, 422 (int)0, 423 (void *)NULL, 424 (int)0, 425 (void *)NULL}; 426 aclent_t *aclp; 427 ufs_acl_t *ufsaclp; 428 caddr_t acldata = NULL; 429 ino_t maxino; 430 int err; 431 size_t acldatalen; 432 int numacls; 433 int shadow; 434 int usecnt; 435 struct ufsvfs *ufsvfsp = ip->i_ufsvfs; 436 struct fs *fs = ufsvfsp->vfs_fs; 437 438 ASSERT(ip != NULL); 439 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 440 ASSERT(ip->i_shadow && ip->i_ufs_acl == NULL); 441 ASSERT((ip->i_mode & IFMT) != IFSHAD); 442 443 if (!CHECK_ACL_ALLOWED(ip->i_mode & IFMT)) 444 return (ENOSYS); 445 446 if (ip->i_shadow == ip->i_number) 447 return (EIO); 448 449 maxino = (ino_t)(ITOF(ip)->fs_ncg * ITOF(ip)->fs_ipg); 450 if (ip->i_shadow < UFSROOTINO || ip->i_shadow > maxino) 451 return (EIO); 452 453 /* 454 * XXX Check cache. If in cache, link to it and increment 455 * the reference count, then return. 456 */ 457 if (si_cachei_get(ip, &sp) == 0) { 458 ASSERT(RW_WRITE_HELD(&sp->s_lock)); 459 ip->i_ufs_acl = sp; 460 sp->s_ref++; 461 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use); 462 rw_exit(&sp->s_lock); 463 si_cachehit++; 464 return (0); 465 } 466 467 /* Get the shadow inode */ 468 vfsp = ITOV(ip)->v_vfsp; 469 shadow = ip->i_shadow; 470 if ((err = ufs_iget_alloced(vfsp, shadow, &sip, cr)) != 0) { 471 return (err); 472 } 473 rw_enter(&sip->i_contents, RW_WRITER); 474 475 if ((sip->i_mode & IFMT) != IFSHAD) { 476 rw_exit(&sip->i_contents); 477 err = EINVAL; 478 goto alldone; 479 } 480 481 ASSERT(sip->i_dquot == 0); 482 usecnt = sip->i_nlink; 483 if ((!ULOCKFS_IS_NOIACC(&ufsvfsp->vfs_ulockfs)) && 484 (!(sip)->i_ufsvfs->vfs_noatime)) { 485 sip->i_flag |= IACC; 486 } 487 rw_downgrade(&sip->i_contents); 488 489 ASSERT(sip->i_size <= MAXOFF_T); 490 /* Read the acl's and other stuff from disk */ 491 acldata = kmem_zalloc((size_t)sip->i_size, KM_SLEEP); 492 acldatalen = sip->i_size; 493 494 err = ufs_rdwri(UIO_READ, FREAD, sip, acldata, acldatalen, (offset_t)0, 495 UIO_SYSSPACE, (int *)0, cr); 496 497 rw_exit(&sip->i_contents); 498 499 if (err) 500 goto alldone; 501 502 /* 503 * Convert from disk format 504 * Result is a vsecattr struct which we then convert to the 505 * si struct. 506 */ 507 bzero((caddr_t)&vsecattr, sizeof (vsecattr_t)); 508 for (fsdp = (ufs_fsd_t *)acldata; 509 fsdp < (ufs_fsd_t *)(acldata + acldatalen); 510 fsdp = (ufs_fsd_t *)((caddr_t)fsdp + 511 FSD_RECSZ(fsdp, fsdp->fsd_size))) { 512 if (fsdp->fsd_size <= 0) 513 break; 514 switch (fsdp->fsd_type) { 515 case FSD_ACL: 516 numacls = vsecattr.vsa_aclcnt = 517 (int)((fsdp->fsd_size - 2 * sizeof (int)) / 518 sizeof (ufs_acl_t)); 519 aclp = vsecattr.vsa_aclentp = 520 kmem_zalloc(numacls * sizeof (aclent_t), KM_SLEEP); 521 for (ufsaclp = (ufs_acl_t *)fsdp->fsd_data; 522 numacls; ufsaclp++) { 523 aclp->a_type = ufsaclp->acl_tag; 524 aclp->a_id = ufsaclp->acl_who; 525 aclp->a_perm = ufsaclp->acl_perm; 526 aclp++; 527 numacls--; 528 } 529 break; 530 case FSD_DFACL: 531 numacls = vsecattr.vsa_dfaclcnt = 532 (int)((fsdp->fsd_size - 2 * sizeof (int)) / 533 sizeof (ufs_acl_t)); 534 aclp = vsecattr.vsa_dfaclentp = 535 kmem_zalloc(numacls * sizeof (aclent_t), KM_SLEEP); 536 for (ufsaclp = (ufs_acl_t *)fsdp->fsd_data; 537 numacls; ufsaclp++) { 538 aclp->a_type = ufsaclp->acl_tag; 539 aclp->a_id = ufsaclp->acl_who; 540 aclp->a_perm = ufsaclp->acl_perm; 541 aclp++; 542 numacls--; 543 } 544 break; 545 } 546 } 547 /* Sort the lists */ 548 if (vsecattr.vsa_aclentp) { 549 ksort((caddr_t)vsecattr.vsa_aclentp, vsecattr.vsa_aclcnt, 550 sizeof (aclent_t), cmp2acls); 551 if ((err = acl_validate(vsecattr.vsa_aclentp, 552 vsecattr.vsa_aclcnt, ACL_CHECK)) != 0) { 553 goto alldone; 554 } 555 } 556 if (vsecattr.vsa_dfaclentp) { 557 ksort((caddr_t)vsecattr.vsa_dfaclentp, vsecattr.vsa_dfaclcnt, 558 sizeof (aclent_t), cmp2acls); 559 if ((err = acl_validate(vsecattr.vsa_dfaclentp, 560 vsecattr.vsa_dfaclcnt, DEF_ACL_CHECK)) != 0) { 561 goto alldone; 562 } 563 } 564 565 /* ignore shadow inodes without ACLs */ 566 if (!vsecattr.vsa_aclentp && !vsecattr.vsa_dfaclentp) { 567 err = 0; 568 goto alldone; 569 } 570 571 /* Convert from vsecattr struct to ufs_acl_entry struct */ 572 if ((err = vsecattr2aclentry(&vsecattr, &sp)) != 0) { 573 goto alldone; 574 } 575 576 /* There aren't filled in by vsecattr2aclentry */ 577 sp->s_shadow = ip->i_shadow; 578 sp->s_dev = ip->i_dev; 579 sp->s_use = usecnt; 580 sp->s_ref = 1; 581 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use); 582 583 /* XXX Might make a duplicate */ 584 si_cache_put(sp); 585 586 /* Signal anyone waiting on this shadow to be loaded */ 587 ip->i_ufs_acl = sp; 588 err = 0; 589 si_cachemiss++; 590 if ((acldatalen + fs->fs_bsize) > ufsvfsp->vfs_maxacl) 591 ufsvfsp->vfs_maxacl = acldatalen + fs->fs_bsize; 592 alldone: 593 /* 594 * Common exit point. Mark shadow inode as ISTALE 595 * if we detect an internal inconsistency, to 596 * prevent stray inodes appearing in the cache. 597 */ 598 if (err) { 599 rw_enter(&sip->i_contents, RW_READER); 600 mutex_enter(&sip->i_tlock); 601 sip->i_flag |= ISTALE; 602 mutex_exit(&sip->i_tlock); 603 rw_exit(&sip->i_contents); 604 } 605 VN_RELE(ITOV(sip)); 606 607 /* 608 * Cleanup of data structures allocated 609 * on the fly. 610 */ 611 if (acldata) 612 kmem_free(acldata, acldatalen); 613 614 if (vsecattr.vsa_aclentp) 615 kmem_free(vsecattr.vsa_aclentp, 616 vsecattr.vsa_aclcnt * sizeof (aclent_t)); 617 if (vsecattr.vsa_dfaclentp) 618 kmem_free(vsecattr.vsa_dfaclentp, 619 vsecattr.vsa_dfaclcnt * sizeof (aclent_t)); 620 return (err); 621 } 622 623 /* 624 * Check the inode's ACL's to see if this mode of access is 625 * allowed; return 0 if allowed, EACCES if not. 626 * 627 * We follow the procedure defined in Sec. 3.3.5, ACL Access 628 * Check Algorithm, of the POSIX 1003.6 Draft Standard. 629 */ 630 int 631 ufs_acl_access(struct inode *ip, int mode, cred_t *cr) 632 /* 633 * ip parent inode 634 * mode mode of access read, write, execute/examine 635 * cr credentials 636 */ 637 { 638 ufs_ic_acl_t *acl; 639 int ismask, mask = 0; 640 int gperm = 0; 641 int ngroup = 0; 642 si_t *sp = NULL; 643 uid_t uid = crgetuid(cr); 644 uid_t owner; 645 646 ASSERT(ip->i_ufs_acl != NULL); 647 ASSERT(RW_LOCK_HELD(&ip->i_contents)); 648 649 sp = ip->i_ufs_acl; 650 651 ismask = sp->aclass.acl_ismask ? 652 sp->aclass.acl_ismask : NULL; 653 654 if (ismask) 655 mask = sp->aclass.acl_maskbits; 656 else 657 mask = -1; 658 659 /* 660 * (1) If user owns the file, obey user mode bits 661 */ 662 owner = sp->aowner->acl_ic_who; 663 if (uid == owner) { 664 return (MODE_CHECK(owner, mode, (sp->aowner->acl_ic_perm << 6), 665 cr, ip)); 666 } 667 668 /* 669 * (2) Obey any matching ACL_USER entry 670 */ 671 if (sp->ausers) 672 for (acl = sp->ausers; acl != NULL; acl = acl->acl_ic_next) { 673 if (acl->acl_ic_who == uid) { 674 return (MODE_CHECK(owner, mode, 675 (mask & acl->acl_ic_perm) << 6, cr, ip)); 676 } 677 } 678 679 /* 680 * (3) If user belongs to file's group, obey group mode bits 681 * if no ACL mask is defined; if there is an ACL mask, we look 682 * at both the group mode bits and any ACL_GROUP entries. 683 */ 684 if (groupmember((uid_t)sp->agroup->acl_ic_who, cr)) { 685 ngroup++; 686 gperm = (sp->agroup->acl_ic_perm); 687 if (!ismask) 688 return (MODE_CHECK(owner, mode, (gperm << 6), cr, ip)); 689 } 690 691 /* 692 * (4) Accumulate the permissions in matching ACL_GROUP entries 693 */ 694 if (sp->agroups) 695 for (acl = sp->agroups; acl != NULL; acl = acl->acl_ic_next) 696 { 697 if (groupmember(acl->acl_ic_who, cr)) { 698 ngroup++; 699 gperm |= acl->acl_ic_perm; 700 } 701 } 702 703 if (ngroup != 0) 704 return (MODE_CHECK(owner, mode, ((gperm & mask) << 6), cr, ip)); 705 706 /* 707 * (5) Finally, use the "other" mode bits 708 */ 709 return (MODE_CHECK(owner, mode, sp->aother->acl_ic_perm << 6, cr, ip)); 710 } 711 712 /*ARGSUSED2*/ 713 int 714 ufs_acl_get(struct inode *ip, vsecattr_t *vsap, int flag, cred_t *cr) 715 { 716 aclent_t *aclentp; 717 718 ASSERT(RW_LOCK_HELD(&ip->i_contents)); 719 720 /* XXX Range check, sanity check, shadow check */ 721 /* If an ACL is present, get the data from the shadow inode info */ 722 if (ip->i_ufs_acl) 723 return (aclentry2vsecattr(ip->i_ufs_acl, vsap)); 724 725 /* 726 * If no ACLs are present, fabricate one from the mode bits. 727 * This code is almost identical to fs_fab_acl(), but we 728 * already have the mode bits handy, so we'll avoid going 729 * through VOP_GETATTR() again. 730 */ 731 732 vsap->vsa_aclcnt = 0; 733 vsap->vsa_aclentp = NULL; 734 vsap->vsa_dfaclcnt = 0; /* Default ACLs are not fabricated */ 735 vsap->vsa_dfaclentp = NULL; 736 737 if (vsap->vsa_mask & (VSA_ACLCNT | VSA_ACL)) 738 vsap->vsa_aclcnt = 4; /* USER, GROUP, OTHER, and CLASS */ 739 740 if (vsap->vsa_mask & VSA_ACL) { 741 vsap->vsa_aclentp = kmem_zalloc(4 * sizeof (aclent_t), 742 KM_SLEEP); 743 744 aclentp = vsap->vsa_aclentp; 745 746 /* Owner */ 747 aclentp->a_type = USER_OBJ; 748 aclentp->a_perm = ((ushort_t)(ip->i_mode & 0700)) >> 6; 749 aclentp->a_id = ip->i_uid; /* Really undefined */ 750 aclentp++; 751 752 /* Group */ 753 aclentp->a_type = GROUP_OBJ; 754 aclentp->a_perm = ((ushort_t)(ip->i_mode & 0070)) >> 3; 755 aclentp->a_id = ip->i_gid; /* Really undefined */ 756 aclentp++; 757 758 /* Other */ 759 aclentp->a_type = OTHER_OBJ; 760 aclentp->a_perm = ip->i_mode & 0007; 761 aclentp->a_id = 0; /* Really undefined */ 762 aclentp++; 763 764 /* Class */ 765 aclentp->a_type = CLASS_OBJ; 766 aclentp->a_perm = ((ushort_t)(ip->i_mode & 0070)) >> 3; 767 aclentp->a_id = 0; /* Really undefined */ 768 ksort((caddr_t)vsap->vsa_aclentp, vsap->vsa_aclcnt, 769 sizeof (aclent_t), cmp2acls); 770 } 771 772 return (0); 773 } 774 775 /*ARGSUSED2*/ 776 int 777 ufs_acl_set(struct inode *ip, vsecattr_t *vsap, int flag, cred_t *cr) 778 { 779 si_t *sp; 780 int err; 781 782 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 783 784 if (!CHECK_ACL_ALLOWED(ip->i_mode & IFMT)) 785 return (ENOSYS); 786 787 /* 788 * only the owner of the file or privileged users can change the ACLs 789 */ 790 if (secpolicy_vnode_setdac(cr, ip->i_uid) != 0) 791 return (EPERM); 792 793 /* Convert from vsecattr struct to ufs_acl_entry struct */ 794 if ((err = vsecattr2aclentry(vsap, &sp)) != 0) 795 return (err); 796 sp->s_dev = ip->i_dev; 797 798 /* 799 * Make the user & group objs in the acl list follow what's 800 * in the inode. 801 */ 802 #ifdef DEBUG 803 if (vsap->vsa_mask == VSA_ACL) { 804 ASSERT(sp->aowner); 805 ASSERT(sp->agroup); 806 ASSERT(sp->aother); 807 } 808 #endif /* DEBUG */ 809 810 if (sp->aowner) 811 sp->aowner->acl_ic_who = ip->i_uid; 812 if (sp->agroup) 813 sp->agroup->acl_ic_who = ip->i_gid; 814 815 /* 816 * Write and cache the new acl list 817 */ 818 err = ufs_si_store(ip, sp, 1, cr); 819 820 return (err); 821 } 822 823 /* 824 * XXX Scan sorted array of acl's, checking for: 825 * 1) Any duplicate/conflicting entries (same type and id) 826 * 2) More than 1 of USER_OBJ, GROUP_OBJ, OTHER_OBJ, CLASS_OBJ 827 * 3) More than 1 of DEF_USER_OBJ, DEF_GROUP_OBJ, DEF_OTHER_OBJ, DEF_CLASS_OBJ 828 * 829 * Parameters: 830 * aclentp - ptr to sorted list of acl entries. 831 * nentries - # acl entries on the list 832 * flag - Bitmap (ACL_CHECK and/or DEF_ACL_CHECK) indicating whether the 833 * list contains regular acls, default acls, or both. 834 * 835 * Returns: 0 - Success 836 * EINVAL - Invalid list (dups or multiple entries of type USER_OBJ, etc) 837 */ 838 static int 839 acl_validate(aclent_t *aclentp, int nentries, int flag) 840 { 841 int i; 842 int nuser_objs = 0; 843 int ngroup_objs = 0; 844 int nother_objs = 0; 845 int nclass_objs = 0; 846 int ndef_user_objs = 0; 847 int ndef_group_objs = 0; 848 int ndef_other_objs = 0; 849 int ndef_class_objs = 0; 850 int nusers = 0; 851 int ngroups = 0; 852 int ndef_users = 0; 853 int ndef_groups = 0; 854 int numdefs = 0; 855 856 /* Null list or list of one */ 857 if (aclentp == NULL) 858 return (0); 859 860 if (nentries <= 0) 861 return (EINVAL); 862 863 for (i = 1; i < nentries; i++) { 864 if (((aclentp[i - 1].a_type == aclentp[i].a_type) && 865 (aclentp[i - 1].a_id == aclentp[i].a_id)) || 866 (aclentp[i - 1].a_perm > 07)) { 867 return (EINVAL); 868 } 869 } 870 871 if (flag == 0 || (flag != ACL_CHECK && flag != DEF_ACL_CHECK)) 872 return (EINVAL); 873 874 /* Count types */ 875 for (i = 0; i < nentries; i++) { 876 switch (aclentp[i].a_type) { 877 case USER_OBJ: /* Owner */ 878 nuser_objs++; 879 break; 880 case GROUP_OBJ: /* Group */ 881 ngroup_objs++; 882 break; 883 case OTHER_OBJ: /* Other */ 884 nother_objs++; 885 break; 886 case CLASS_OBJ: /* Mask */ 887 nclass_objs++; 888 break; 889 case DEF_USER_OBJ: /* Default Owner */ 890 ndef_user_objs++; 891 break; 892 case DEF_GROUP_OBJ: /* Default Group */ 893 ndef_group_objs++; 894 break; 895 case DEF_OTHER_OBJ: /* Default Other */ 896 ndef_other_objs++; 897 break; 898 case DEF_CLASS_OBJ: /* Default Mask */ 899 ndef_class_objs++; 900 break; 901 case USER: /* Users */ 902 nusers++; 903 break; 904 case GROUP: /* Groups */ 905 ngroups++; 906 break; 907 case DEF_USER: /* Default Users */ 908 ndef_users++; 909 break; 910 case DEF_GROUP: /* Default Groups */ 911 ndef_groups++; 912 break; 913 default: /* Unknown type */ 914 return (EINVAL); 915 } 916 } 917 918 /* 919 * For normal acl's, we require there be one (and only one) 920 * USER_OBJ, GROUP_OBJ and OTHER_OBJ. There is either zero 921 * or one CLASS_OBJ. 922 */ 923 if (flag & ACL_CHECK) { 924 if (nuser_objs != 1 || ngroup_objs != 1 || 925 nother_objs != 1 || nclass_objs > 1) { 926 return (EINVAL); 927 } 928 /* 929 * If there are ANY group acls, there MUST be a 930 * class_obj(mask) acl (1003.6/D12 p. 29 lines 75-80). 931 */ 932 if (ngroups && !nclass_objs) { 933 return (EINVAL); 934 } 935 if (nuser_objs + ngroup_objs + nother_objs + nclass_objs + 936 ngroups + nusers > MAX_ACL_ENTRIES) 937 return (EINVAL); 938 } 939 940 /* 941 * For default acl's, we require that there be either one (and only one) 942 * DEF_USER_OBJ, DEF_GROUP_OBJ and DEF_OTHER_OBJ 943 * or there be none of them. 944 */ 945 if (flag & DEF_ACL_CHECK) { 946 if (ndef_other_objs > 1 || ndef_user_objs > 1 || 947 ndef_group_objs > 1 || ndef_class_objs > 1) { 948 return (EINVAL); 949 } 950 951 numdefs = ndef_other_objs + ndef_user_objs + ndef_group_objs; 952 953 if (numdefs != 0 && numdefs != 3) { 954 return (EINVAL); 955 } 956 /* 957 * If there are ANY def_group acls, there MUST be a 958 * def_class_obj(mask) acl (1003.6/D12 P. 29 lines 75-80). 959 * XXX(jimh) This is inferred. 960 */ 961 if (ndef_groups && !ndef_class_objs) { 962 return (EINVAL); 963 } 964 if ((ndef_users || ndef_groups) && 965 ((numdefs != 3) && !ndef_class_objs)) { 966 return (EINVAL); 967 } 968 if (ndef_user_objs + ndef_group_objs + ndef_other_objs + 969 ndef_class_objs + ndef_users + ndef_groups > 970 MAX_ACL_ENTRIES) 971 return (EINVAL); 972 } 973 return (0); 974 } 975 976 static int 977 formacl(ufs_ic_acl_t **aclpp, aclent_t *aclentp) 978 { 979 ufs_ic_acl_t *uaclp; 980 981 uaclp = kmem_alloc(sizeof (ufs_ic_acl_t), KM_SLEEP); 982 uaclp->acl_ic_perm = aclentp->a_perm; 983 uaclp->acl_ic_who = aclentp->a_id; 984 uaclp->acl_ic_next = *aclpp; 985 *aclpp = uaclp; 986 return (0); 987 } 988 989 /* 990 * XXX - Make more efficient 991 * Convert from the vsecattr struct, used by the VOP interface, to 992 * the ufs_acl_entry struct used for in-core storage of acl's. 993 * 994 * Parameters: 995 * vsap - Ptr to array of security attributes. 996 * spp - Ptr to ptr to si struct for the results 997 * 998 * Returns: 0 - Success 999 * N - From errno.h 1000 */ 1001 static int 1002 vsecattr2aclentry(vsecattr_t *vsap, si_t **spp) 1003 { 1004 aclent_t *aclentp, *aclp; 1005 si_t *sp; 1006 int err; 1007 int i; 1008 1009 /* Sort & validate the lists on the vsap */ 1010 ksort((caddr_t)vsap->vsa_aclentp, vsap->vsa_aclcnt, 1011 sizeof (aclent_t), cmp2acls); 1012 ksort((caddr_t)vsap->vsa_dfaclentp, vsap->vsa_dfaclcnt, 1013 sizeof (aclent_t), cmp2acls); 1014 if ((err = acl_validate(vsap->vsa_aclentp, 1015 vsap->vsa_aclcnt, ACL_CHECK)) != 0) 1016 return (err); 1017 if ((err = acl_validate(vsap->vsa_dfaclentp, 1018 vsap->vsa_dfaclcnt, DEF_ACL_CHECK)) != 0) 1019 return (err); 1020 1021 /* Create new si struct and hang acl's off it */ 1022 sp = kmem_zalloc(sizeof (si_t), KM_SLEEP); 1023 rw_init(&sp->s_lock, NULL, RW_DEFAULT, NULL); 1024 1025 /* Process acl list */ 1026 aclp = (aclent_t *)vsap->vsa_aclentp; 1027 aclentp = aclp + vsap->vsa_aclcnt - 1; 1028 for (i = 0; i < vsap->vsa_aclcnt; i++) { 1029 switch (aclentp->a_type) { 1030 case USER_OBJ: /* Owner */ 1031 if (err = formacl(&sp->aowner, aclentp)) 1032 goto error; 1033 break; 1034 case GROUP_OBJ: /* Group */ 1035 if (err = formacl(&sp->agroup, aclentp)) 1036 goto error; 1037 break; 1038 case OTHER_OBJ: /* Other */ 1039 if (err = formacl(&sp->aother, aclentp)) 1040 goto error; 1041 break; 1042 case USER: 1043 if (err = formacl(&sp->ausers, aclentp)) 1044 goto error; 1045 break; 1046 case CLASS_OBJ: /* Mask */ 1047 sp->aclass.acl_ismask = 1; 1048 sp->aclass.acl_maskbits = aclentp->a_perm; 1049 break; 1050 case GROUP: 1051 if (err = formacl(&sp->agroups, aclentp)) 1052 goto error; 1053 break; 1054 default: 1055 break; 1056 } 1057 aclentp--; 1058 } 1059 1060 /* Process default acl list */ 1061 aclp = (aclent_t *)vsap->vsa_dfaclentp; 1062 aclentp = aclp + vsap->vsa_dfaclcnt - 1; 1063 for (i = 0; i < vsap->vsa_dfaclcnt; i++) { 1064 switch (aclentp->a_type) { 1065 case DEF_USER_OBJ: /* Default Owner */ 1066 if (err = formacl(&sp->downer, aclentp)) 1067 goto error; 1068 break; 1069 case DEF_GROUP_OBJ: /* Default Group */ 1070 if (err = formacl(&sp->dgroup, aclentp)) 1071 goto error; 1072 break; 1073 case DEF_OTHER_OBJ: /* Default Other */ 1074 if (err = formacl(&sp->dother, aclentp)) 1075 goto error; 1076 break; 1077 case DEF_USER: 1078 if (err = formacl(&sp->dusers, aclentp)) 1079 goto error; 1080 break; 1081 case DEF_CLASS_OBJ: /* Default Mask */ 1082 sp->dclass.acl_ismask = 1; 1083 sp->dclass.acl_maskbits = aclentp->a_perm; 1084 break; 1085 case DEF_GROUP: 1086 if (err = formacl(&sp->dgroups, aclentp)) 1087 goto error; 1088 break; 1089 default: 1090 break; 1091 } 1092 aclentp--; 1093 } 1094 *spp = sp; 1095 return (0); 1096 1097 error: 1098 ufs_si_free_mem(sp); 1099 return (err); 1100 } 1101 1102 void 1103 formvsec(int obj_type, ufs_ic_acl_t *aclp, aclent_t **aclentpp) 1104 { 1105 for (; aclp; aclp = aclp->acl_ic_next) { 1106 (*aclentpp)->a_type = obj_type; 1107 (*aclentpp)->a_perm = aclp->acl_ic_perm; 1108 (*aclentpp)->a_id = aclp->acl_ic_who; 1109 (*aclentpp)++; 1110 } 1111 } 1112 1113 /* 1114 * XXX - Make more efficient 1115 * Convert from the ufs_acl_entry struct used for in-core storage of acl's 1116 * to the vsecattr struct, used by the VOP interface. 1117 * 1118 * Parameters: 1119 * sp - Ptr to si struct with the acls 1120 * vsap - Ptr to a vsecattr struct which will take the results. 1121 * 1122 * Returns: 0 - Success 1123 * N - From errno table 1124 */ 1125 static int 1126 aclentry2vsecattr(si_t *sp, vsecattr_t *vsap) 1127 { 1128 aclent_t *aclentp; 1129 int numacls = 0; 1130 int err; 1131 1132 vsap->vsa_aclentp = vsap->vsa_dfaclentp = NULL; 1133 1134 numacls = acl_count(sp->aowner) + 1135 acl_count(sp->agroup) + 1136 acl_count(sp->aother) + 1137 acl_count(sp->ausers) + 1138 acl_count(sp->agroups); 1139 if (sp->aclass.acl_ismask) 1140 numacls++; 1141 1142 if (vsap->vsa_mask & (VSA_ACLCNT | VSA_ACL)) 1143 vsap->vsa_aclcnt = numacls; 1144 1145 if (numacls == 0) 1146 goto do_defaults; 1147 1148 if (vsap->vsa_mask & VSA_ACL) { 1149 vsap->vsa_aclentp = kmem_zalloc(numacls * sizeof (aclent_t), 1150 KM_SLEEP); 1151 aclentp = vsap->vsa_aclentp; 1152 1153 formvsec(USER_OBJ, sp->aowner, &aclentp); 1154 formvsec(USER, sp->ausers, &aclentp); 1155 formvsec(GROUP_OBJ, sp->agroup, &aclentp); 1156 formvsec(GROUP, sp->agroups, &aclentp); 1157 formvsec(OTHER_OBJ, sp->aother, &aclentp); 1158 1159 if (sp->aclass.acl_ismask) { 1160 aclentp->a_type = CLASS_OBJ; /* Mask */ 1161 aclentp->a_perm = sp->aclass.acl_maskbits; 1162 aclentp->a_id = 0; 1163 aclentp++; 1164 } 1165 1166 /* Sort the acl list */ 1167 ksort((caddr_t)vsap->vsa_aclentp, vsap->vsa_aclcnt, 1168 sizeof (aclent_t), cmp2acls); 1169 /* Check the acl list */ 1170 if ((err = acl_validate(vsap->vsa_aclentp, 1171 vsap->vsa_aclcnt, ACL_CHECK)) != 0) { 1172 kmem_free(vsap->vsa_aclentp, 1173 numacls * sizeof (aclent_t)); 1174 vsap->vsa_aclentp = NULL; 1175 return (err); 1176 } 1177 1178 } 1179 do_defaults: 1180 /* Process Defaults */ 1181 1182 numacls = acl_count(sp->downer) + 1183 acl_count(sp->dgroup) + 1184 acl_count(sp->dother) + 1185 acl_count(sp->dusers) + 1186 acl_count(sp->dgroups); 1187 if (sp->dclass.acl_ismask) 1188 numacls++; 1189 1190 if (vsap->vsa_mask & (VSA_DFACLCNT | VSA_DFACL)) 1191 vsap->vsa_dfaclcnt = numacls; 1192 1193 if (numacls == 0) 1194 goto do_others; 1195 1196 if (vsap->vsa_mask & VSA_DFACL) { 1197 vsap->vsa_dfaclentp = 1198 kmem_zalloc(numacls * sizeof (aclent_t), KM_SLEEP); 1199 aclentp = vsap->vsa_dfaclentp; 1200 formvsec(DEF_USER_OBJ, sp->downer, &aclentp); 1201 formvsec(DEF_USER, sp->dusers, &aclentp); 1202 formvsec(DEF_GROUP_OBJ, sp->dgroup, &aclentp); 1203 formvsec(DEF_GROUP, sp->dgroups, &aclentp); 1204 formvsec(DEF_OTHER_OBJ, sp->dother, &aclentp); 1205 1206 if (sp->dclass.acl_ismask) { 1207 aclentp->a_type = DEF_CLASS_OBJ; /* Mask */ 1208 aclentp->a_perm = sp->dclass.acl_maskbits; 1209 aclentp->a_id = 0; 1210 aclentp++; 1211 } 1212 1213 /* Sort the default acl list */ 1214 ksort((caddr_t)vsap->vsa_dfaclentp, vsap->vsa_dfaclcnt, 1215 sizeof (aclent_t), cmp2acls); 1216 if ((err = acl_validate(vsap->vsa_dfaclentp, 1217 vsap->vsa_dfaclcnt, DEF_ACL_CHECK)) != 0) { 1218 if (vsap->vsa_aclentp != NULL) 1219 kmem_free(vsap->vsa_aclentp, 1220 vsap->vsa_aclcnt * sizeof (aclent_t)); 1221 kmem_free(vsap->vsa_dfaclentp, 1222 vsap->vsa_dfaclcnt * sizeof (aclent_t)); 1223 vsap->vsa_aclentp = vsap->vsa_dfaclentp = NULL; 1224 return (err); 1225 } 1226 } 1227 1228 do_others: 1229 return (0); 1230 } 1231 1232 static void 1233 acl_free(ufs_ic_acl_t *aclp) 1234 { 1235 while (aclp != NULL) { 1236 ufs_ic_acl_t *nextaclp = aclp->acl_ic_next; 1237 kmem_free(aclp, sizeof (ufs_ic_acl_t)); 1238 aclp = nextaclp; 1239 } 1240 } 1241 1242 /* 1243 * ufs_si_free_mem will discard the sp, and the acl hanging off of the 1244 * sp. It is required that the sp not be locked, and not be in the 1245 * cache. 1246 * 1247 * input: pointer to sp to discard. 1248 * 1249 * return - nothing. 1250 * 1251 */ 1252 static void 1253 ufs_si_free_mem(si_t *sp) 1254 { 1255 ASSERT(!(sp->s_flags & SI_CACHED)); 1256 ASSERT(!RW_LOCK_HELD(&sp->s_lock)); 1257 /* 1258 * remove from the cache 1259 * free the acl entries 1260 */ 1261 acl_free(sp->aowner); 1262 acl_free(sp->agroup); 1263 acl_free(sp->aother); 1264 acl_free(sp->ausers); 1265 acl_free(sp->agroups); 1266 1267 acl_free(sp->downer); 1268 acl_free(sp->dgroup); 1269 acl_free(sp->dother); 1270 acl_free(sp->dusers); 1271 acl_free(sp->dgroups); 1272 1273 rw_destroy(&sp->s_lock); 1274 kmem_free(sp, sizeof (si_t)); 1275 } 1276 1277 void 1278 acl_cpy(ufs_ic_acl_t *saclp, ufs_ic_acl_t *daclp) 1279 { 1280 ufs_ic_acl_t *aclp, *prev_aclp = NULL, *aclp1; 1281 1282 if (saclp == NULL) { 1283 daclp = NULL; 1284 return; 1285 } 1286 prev_aclp = daclp; 1287 1288 for (aclp = saclp; aclp != NULL; aclp = aclp->acl_ic_next) { 1289 aclp1 = kmem_alloc(sizeof (ufs_ic_acl_t), KM_SLEEP); 1290 aclp1->acl_ic_next = NULL; 1291 aclp1->acl_ic_who = aclp->acl_ic_who; 1292 aclp1->acl_ic_perm = aclp->acl_ic_perm; 1293 prev_aclp->acl_ic_next = aclp1; 1294 prev_aclp = (ufs_ic_acl_t *)&aclp1->acl_ic_next; 1295 } 1296 } 1297 1298 /* 1299 * ufs_si_inherit takes a parent acl structure (saclp) and the inode 1300 * of the object that is inheriting an acl and returns the inode 1301 * with the acl linked to it. It also writes the acl to disk if 1302 * it is a unique inode. 1303 * 1304 * ip - pointer to inode of object inheriting the acl (contents lock) 1305 * tdp - parent inode (rw_lock and contents lock) 1306 * mode - creation modes 1307 * cr - credentials pointer 1308 */ 1309 int 1310 ufs_si_inherit(struct inode *ip, struct inode *tdp, o_mode_t mode, cred_t *cr) 1311 { 1312 si_t *tsp, *sp = tdp->i_ufs_acl; 1313 int error; 1314 o_mode_t old_modes, old_uid, old_gid; 1315 int mask; 1316 1317 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 1318 ASSERT(RW_WRITE_HELD(&tdp->i_rwlock)); 1319 ASSERT(RW_WRITE_HELD(&tdp->i_contents)); 1320 1321 /* 1322 * if links/symbolic links, or other invalid acl objects are copied 1323 * or moved to a directory with a default acl do not allow inheritance 1324 * just return. 1325 */ 1326 if (!CHECK_ACL_ALLOWED(ip->i_mode & IFMT)) 1327 return (0); 1328 1329 /* lock the parent security information */ 1330 rw_enter(&sp->s_lock, RW_READER); 1331 1332 ASSERT(((tdp->i_mode & IFMT) == IFDIR) || 1333 ((tdp->i_mode & IFMT) == IFATTRDIR)); 1334 1335 mask = ((sp->downer != NULL) ? 1 : 0) | 1336 ((sp->dgroup != NULL) ? 2 : 0) | 1337 ((sp->dother != NULL) ? 4 : 0); 1338 1339 if (mask == 0) { 1340 rw_exit(&sp->s_lock); 1341 return (0); 1342 } 1343 1344 if (mask != 7) { 1345 rw_exit(&sp->s_lock); 1346 return (EINVAL); 1347 } 1348 1349 tsp = kmem_zalloc(sizeof (si_t), KM_SLEEP); 1350 rw_init(&tsp->s_lock, NULL, RW_DEFAULT, NULL); 1351 1352 /* copy the default acls */ 1353 1354 ASSERT(RW_READ_HELD(&sp->s_lock)); 1355 acl_cpy(sp->downer, (ufs_ic_acl_t *)&tsp->aowner); 1356 acl_cpy(sp->dgroup, (ufs_ic_acl_t *)&tsp->agroup); 1357 acl_cpy(sp->dother, (ufs_ic_acl_t *)&tsp->aother); 1358 acl_cpy(sp->dusers, (ufs_ic_acl_t *)&tsp->ausers); 1359 acl_cpy(sp->dgroups, (ufs_ic_acl_t *)&tsp->agroups); 1360 tsp->aclass.acl_ismask = sp->dclass.acl_ismask; 1361 tsp->aclass.acl_maskbits = sp->dclass.acl_maskbits; 1362 1363 /* 1364 * set the owner, group, and other values from the master 1365 * inode. 1366 */ 1367 1368 MODE2ACL(tsp->aowner, (mode >> 6), ip->i_uid); 1369 MODE2ACL(tsp->agroup, (mode >> 3), ip->i_gid); 1370 MODE2ACL(tsp->aother, (mode), 0); 1371 1372 if (tsp->aclass.acl_ismask) { 1373 tsp->aclass.acl_maskbits &= mode >> 3; 1374 } 1375 1376 1377 /* copy default acl if necessary */ 1378 1379 if (((ip->i_mode & IFMT) == IFDIR) || 1380 ((ip->i_mode & IFMT) == IFATTRDIR)) { 1381 acl_cpy(sp->downer, (ufs_ic_acl_t *)&tsp->downer); 1382 acl_cpy(sp->dgroup, (ufs_ic_acl_t *)&tsp->dgroup); 1383 acl_cpy(sp->dother, (ufs_ic_acl_t *)&tsp->dother); 1384 acl_cpy(sp->dusers, (ufs_ic_acl_t *)&tsp->dusers); 1385 acl_cpy(sp->dgroups, (ufs_ic_acl_t *)&tsp->dgroups); 1386 tsp->dclass.acl_ismask = sp->dclass.acl_ismask; 1387 tsp->dclass.acl_maskbits = sp->dclass.acl_maskbits; 1388 } 1389 /* 1390 * save the new 9 mode bits in the inode (ip->ic_smode) for 1391 * ufs_getattr. Be sure the mode can be recovered if the store 1392 * fails. 1393 */ 1394 old_modes = ip->i_mode; 1395 old_uid = ip->i_uid; 1396 old_gid = ip->i_gid; 1397 /* 1398 * store the acl, and get back a new security anchor if 1399 * it is a duplicate. 1400 */ 1401 rw_exit(&sp->s_lock); 1402 rw_enter(&ip->i_rwlock, RW_WRITER); 1403 1404 /* 1405 * Suppress out of inodes messages if instructed in the 1406 * tdp inode. 1407 */ 1408 ip->i_flag |= tdp->i_flag & IQUIET; 1409 1410 if ((error = ufs_si_store(ip, tsp, 0, cr)) != 0) { 1411 ip->i_mode = old_modes; 1412 ip->i_uid = old_uid; 1413 ip->i_gid = old_gid; 1414 } 1415 ip->i_flag &= ~IQUIET; 1416 rw_exit(&ip->i_rwlock); 1417 return (error); 1418 } 1419 1420 si_t * 1421 ufs_acl_cp(si_t *sp) 1422 { 1423 1424 si_t *dsp; 1425 1426 ASSERT(RW_READ_HELD(&sp->s_lock)); 1427 ASSERT(sp->s_ref && sp->s_use); 1428 1429 dsp = kmem_zalloc(sizeof (si_t), KM_SLEEP); 1430 rw_init(&dsp->s_lock, NULL, RW_DEFAULT, NULL); 1431 1432 acl_cpy(sp->aowner, (ufs_ic_acl_t *)&dsp->aowner); 1433 acl_cpy(sp->agroup, (ufs_ic_acl_t *)&dsp->agroup); 1434 acl_cpy(sp->aother, (ufs_ic_acl_t *)&dsp->aother); 1435 acl_cpy(sp->ausers, (ufs_ic_acl_t *)&dsp->ausers); 1436 acl_cpy(sp->agroups, (ufs_ic_acl_t *)&dsp->agroups); 1437 1438 dsp->aclass.acl_ismask = sp->aclass.acl_ismask; 1439 dsp->aclass.acl_maskbits = sp->aclass.acl_maskbits; 1440 1441 acl_cpy(sp->downer, (ufs_ic_acl_t *)&dsp->downer); 1442 acl_cpy(sp->dgroup, (ufs_ic_acl_t *)&dsp->dgroup); 1443 acl_cpy(sp->dother, (ufs_ic_acl_t *)&dsp->dother); 1444 acl_cpy(sp->dusers, (ufs_ic_acl_t *)&dsp->dusers); 1445 acl_cpy(sp->dgroups, (ufs_ic_acl_t *)&dsp->dgroups); 1446 1447 dsp->dclass.acl_ismask = sp->dclass.acl_ismask; 1448 dsp->dclass.acl_maskbits = sp->dclass.acl_maskbits; 1449 1450 return (dsp); 1451 1452 } 1453 1454 int 1455 ufs_acl_setattr(struct inode *ip, struct vattr *vap, cred_t *cr) 1456 { 1457 1458 si_t *sp; 1459 int mask = vap->va_mask; 1460 int error = 0; 1461 1462 ASSERT(RW_WRITE_HELD(&ip->i_contents)); 1463 1464 if (!(mask & (AT_MODE|AT_UID|AT_GID))) 1465 return (0); 1466 1467 /* 1468 * if no regular acl's, nothing to do, so let's get out 1469 */ 1470 if (!(ip->i_ufs_acl) || !(ip->i_ufs_acl->aowner)) 1471 return (0); 1472 1473 rw_enter(&ip->i_ufs_acl->s_lock, RW_READER); 1474 sp = ufs_acl_cp(ip->i_ufs_acl); 1475 ASSERT(sp != ip->i_ufs_acl); 1476 1477 /* 1478 * set the mask to the group permissions if a mask entry 1479 * exists. Otherwise, set the group obj bits to the group 1480 * permissions. Since non-trivial ACLs always have a mask, 1481 * and the mask is the final arbiter of group permissions, 1482 * setting the mask has the effect of changing the effective 1483 * group permissions, even if the group_obj permissions in 1484 * the ACL aren't changed. Posix P1003.1e states that when 1485 * an ACL mask exists, chmod(2) must set the acl mask (NOT the 1486 * group_obj permissions) to the requested group permissions. 1487 */ 1488 if (mask & AT_MODE) { 1489 sp->aowner->acl_ic_perm = (o_mode_t)(ip->i_mode & 0700) >> 6; 1490 if (sp->aclass.acl_ismask) 1491 sp->aclass.acl_maskbits = 1492 (o_mode_t)(ip->i_mode & 070) >> 3; 1493 else 1494 sp->agroup->acl_ic_perm = 1495 (o_mode_t)(ip->i_mode & 070) >> 3; 1496 sp->aother->acl_ic_perm = (o_mode_t)(ip->i_mode & 07); 1497 } 1498 1499 if (mask & AT_UID) { 1500 /* Caller has verified our privileges */ 1501 sp->aowner->acl_ic_who = ip->i_uid; 1502 } 1503 1504 if (mask & AT_GID) { 1505 sp->agroup->acl_ic_who = ip->i_gid; 1506 } 1507 1508 rw_exit(&ip->i_ufs_acl->s_lock); 1509 error = ufs_si_store(ip, sp, 0, cr); 1510 return (error); 1511 } 1512 1513 static int 1514 acl_count(ufs_ic_acl_t *p) 1515 { 1516 ufs_ic_acl_t *acl; 1517 int count; 1518 1519 for (count = 0, acl = p; acl; acl = acl->acl_ic_next, count++) 1520 ; 1521 return (count); 1522 } 1523 1524 /* 1525 * Takes as input a security structure and generates a buffer 1526 * with fsd's in a form which be written to the shadow inode. 1527 */ 1528 static int 1529 ufs_sectobuf(si_t *sp, caddr_t *buf, size_t *len) 1530 { 1531 size_t acl_size; 1532 size_t def_acl_size; 1533 caddr_t buffer; 1534 struct ufs_fsd *fsdp; 1535 ufs_acl_t *bufaclp; 1536 1537 /* 1538 * Calc size of buffer to hold all the acls 1539 */ 1540 acl_size = acl_count(sp->aowner) + /* owner */ 1541 acl_count(sp->agroup) + /* owner group */ 1542 acl_count(sp->aother) + /* owner other */ 1543 acl_count(sp->ausers) + /* acl list */ 1544 acl_count(sp->agroups); /* group alcs */ 1545 if (sp->aclass.acl_ismask) 1546 acl_size++; 1547 1548 /* Convert to bytes */ 1549 acl_size *= sizeof (ufs_acl_t); 1550 1551 /* Add fsd header */ 1552 if (acl_size) 1553 acl_size += 2 * sizeof (int); 1554 1555 /* 1556 * Calc size of buffer to hold all the default acls 1557 */ 1558 def_acl_size = 1559 acl_count(sp->downer) + /* def owner */ 1560 acl_count(sp->dgroup) + /* def owner group */ 1561 acl_count(sp->dother) + /* def owner other */ 1562 acl_count(sp->dusers) + /* def users */ 1563 acl_count(sp->dgroups); /* def group acls */ 1564 if (sp->dclass.acl_ismask) 1565 def_acl_size++; 1566 1567 /* 1568 * Convert to bytes 1569 */ 1570 def_acl_size *= sizeof (ufs_acl_t); 1571 1572 /* 1573 * Add fsd header 1574 */ 1575 if (def_acl_size) 1576 def_acl_size += 2 * sizeof (int); 1577 1578 if (acl_size + def_acl_size == 0) 1579 return (0); 1580 1581 buffer = kmem_zalloc((acl_size + def_acl_size), KM_SLEEP); 1582 bufaclp = (ufs_acl_t *)buffer; 1583 1584 if (acl_size == 0) 1585 goto wrtdefs; 1586 1587 /* create fsd and copy acls */ 1588 fsdp = (struct ufs_fsd *)bufaclp; 1589 fsdp->fsd_type = FSD_ACL; 1590 bufaclp = (ufs_acl_t *)&fsdp->fsd_data[0]; 1591 1592 ACL_MOVE(sp->aowner, USER_OBJ, bufaclp); 1593 ACL_MOVE(sp->agroup, GROUP_OBJ, bufaclp); 1594 ACL_MOVE(sp->aother, OTHER_OBJ, bufaclp); 1595 ACL_MOVE(sp->ausers, USER, bufaclp); 1596 ACL_MOVE(sp->agroups, GROUP, bufaclp); 1597 1598 if (sp->aclass.acl_ismask) { 1599 bufaclp->acl_tag = CLASS_OBJ; 1600 bufaclp->acl_who = (uid_t)sp->aclass.acl_ismask; 1601 bufaclp->acl_perm = (o_mode_t)sp->aclass.acl_maskbits; 1602 bufaclp++; 1603 } 1604 ASSERT(acl_size <= INT_MAX); 1605 fsdp->fsd_size = (int)acl_size; 1606 1607 wrtdefs: 1608 if (def_acl_size == 0) 1609 goto alldone; 1610 1611 /* if defaults exist then create fsd and copy default acls */ 1612 fsdp = (struct ufs_fsd *)bufaclp; 1613 fsdp->fsd_type = FSD_DFACL; 1614 bufaclp = (ufs_acl_t *)&fsdp->fsd_data[0]; 1615 1616 ACL_MOVE(sp->downer, DEF_USER_OBJ, bufaclp); 1617 ACL_MOVE(sp->dgroup, DEF_GROUP_OBJ, bufaclp); 1618 ACL_MOVE(sp->dother, DEF_OTHER_OBJ, bufaclp); 1619 ACL_MOVE(sp->dusers, DEF_USER, bufaclp); 1620 ACL_MOVE(sp->dgroups, DEF_GROUP, bufaclp); 1621 if (sp->dclass.acl_ismask) { 1622 bufaclp->acl_tag = DEF_CLASS_OBJ; 1623 bufaclp->acl_who = (uid_t)sp->dclass.acl_ismask; 1624 bufaclp->acl_perm = (o_mode_t)sp->dclass.acl_maskbits; 1625 bufaclp++; 1626 } 1627 ASSERT(def_acl_size <= INT_MAX); 1628 fsdp->fsd_size = (int)def_acl_size; 1629 1630 alldone: 1631 *buf = buffer; 1632 *len = acl_size + def_acl_size; 1633 1634 return (0); 1635 } 1636 1637 /* 1638 * free a shadow inode on disk and in memory 1639 */ 1640 int 1641 ufs_si_free(si_t *sp, struct vfs *vfsp, cred_t *cr) 1642 { 1643 struct inode *sip; 1644 int shadow; 1645 int err = 0; 1646 int refcnt; 1647 int signature; 1648 1649 ASSERT(vfsp); 1650 ASSERT(sp); 1651 1652 rw_enter(&sp->s_lock, RW_READER); 1653 ASSERT(sp->s_shadow <= INT_MAX); 1654 shadow = (int)sp->s_shadow; 1655 ASSERT(sp->s_ref); 1656 rw_exit(&sp->s_lock); 1657 1658 /* 1659 * Decrement link count on the shadow inode, 1660 * and decrement reference count on the sip. 1661 */ 1662 if ((err = ufs_iget_alloced(vfsp, shadow, &sip, cr)) == 0) { 1663 rw_enter(&sip->i_contents, RW_WRITER); 1664 rw_enter(&sp->s_lock, RW_WRITER); 1665 ASSERT(sp->s_shadow == shadow); 1666 ASSERT(sip->i_dquot == 0); 1667 /* Decrement link count */ 1668 ASSERT(sip->i_nlink > 0); 1669 /* 1670 * bug #1264710 assertion failure below 1671 */ 1672 sp->s_use = --sip->i_nlink; 1673 ufs_setreclaim(sip); 1674 TRANS_INODE(sip->i_ufsvfs, sip); 1675 sip->i_flag |= ICHG | IMOD; 1676 sip->i_seq++; 1677 ITIMES_NOLOCK(sip); 1678 /* Dec ref counts on si referenced by this ip */ 1679 refcnt = --sp->s_ref; 1680 signature = sp->s_signature; 1681 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use); 1682 /* 1683 * Release s_lock before calling VN_RELE 1684 * (which may want to acquire i_contents). 1685 */ 1686 rw_exit(&sp->s_lock); 1687 rw_exit(&sip->i_contents); 1688 VN_RELE(ITOV(sip)); 1689 } else { 1690 rw_enter(&sp->s_lock, RW_WRITER); 1691 /* Dec ref counts on si referenced by this ip */ 1692 refcnt = --sp->s_ref; 1693 signature = sp->s_signature; 1694 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use); 1695 rw_exit(&sp->s_lock); 1696 } 1697 1698 if (refcnt == 0) 1699 si_cache_del(sp, signature); 1700 return (err); 1701 } 1702 1703 /* 1704 * Seach the si cache for an si structure by inode #. 1705 * Returns a locked si structure. 1706 * 1707 * Parameters: 1708 * ip - Ptr to an inode on this fs 1709 * spp - Ptr to ptr to si struct for the results, if found. 1710 * 1711 * Returns: 0 - Success (results in spp) 1712 * 1 - Failure (spp undefined) 1713 */ 1714 static int 1715 si_cachei_get(struct inode *ip, si_t **spp) 1716 { 1717 si_t *sp; 1718 1719 rw_enter(&si_cache_lock, RW_READER); 1720 loop: 1721 for (sp = si_cachei[SI_HASH(ip->i_shadow)]; sp; sp = sp->s_forw) 1722 if (sp->s_shadow == ip->i_shadow && sp->s_dev == ip->i_dev) 1723 break; 1724 1725 if (sp == NULL) { 1726 /* Not in cache */ 1727 rw_exit(&si_cache_lock); 1728 return (1); 1729 } 1730 /* Found it */ 1731 rw_enter(&sp->s_lock, RW_WRITER); 1732 alldone: 1733 rw_exit(&si_cache_lock); 1734 *spp = sp; 1735 return (0); 1736 } 1737 1738 /* 1739 * Seach the si cache by si structure (ie duplicate of the one passed in). 1740 * In order for a match the signatures must be the same and 1741 * the devices must be the same, the acls must match and 1742 * link count of the cached shadow must be less than the 1743 * size of ic_nlink - 1. MAXLINK - 1 is used to allow the count 1744 * to be incremented one more time by the caller. 1745 * Returns a locked si structure. 1746 * 1747 * Parameters: 1748 * ip - Ptr to an inode on this fs 1749 * spi - Ptr to si the struct we're searching the cache for. 1750 * spp - Ptr to ptr to si struct for the results, if found. 1751 * 1752 * Returns: 0 - Success (results in spp) 1753 * 1 - Failure (spp undefined) 1754 */ 1755 static int 1756 si_cachea_get(struct inode *ip, si_t *spi, si_t **spp) 1757 { 1758 si_t *sp; 1759 1760 spi->s_dev = ip->i_dev; 1761 spi->s_signature = si_signature(spi); 1762 rw_enter(&si_cache_lock, RW_READER); 1763 loop: 1764 for (sp = si_cachea[SI_HASH(spi->s_signature)]; sp; sp = sp->s_next) { 1765 if (sp->s_signature == spi->s_signature && 1766 sp->s_dev == spi->s_dev && 1767 sp->s_use > 0 && /* deleting */ 1768 sp->s_use <= (MAXLINK - 1) && /* Too many links */ 1769 !si_cmp(sp, spi)) 1770 break; 1771 } 1772 1773 if (sp == NULL) { 1774 /* Cache miss */ 1775 rw_exit(&si_cache_lock); 1776 return (1); 1777 } 1778 /* Found it */ 1779 rw_enter(&sp->s_lock, RW_WRITER); 1780 alldone: 1781 spi->s_shadow = sp->s_shadow; /* XXX For debugging */ 1782 rw_exit(&si_cache_lock); 1783 *spp = sp; 1784 return (0); 1785 } 1786 1787 /* 1788 * Place an si structure in the si cache. May cause duplicates. 1789 * 1790 * Parameters: 1791 * sp - Ptr to the si struct to add to the cache. 1792 * 1793 * Returns: Nothing (void) 1794 */ 1795 static void 1796 si_cache_put(si_t *sp) 1797 { 1798 si_t **tspp; 1799 1800 ASSERT(sp->s_fore == NULL); 1801 rw_enter(&si_cache_lock, RW_WRITER); 1802 if (!sp->s_signature) 1803 sp->s_signature = si_signature(sp); 1804 sp->s_flags |= SI_CACHED; 1805 sp->s_fore = NULL; 1806 1807 /* The 'by acl' chains */ 1808 tspp = &si_cachea[SI_HASH(sp->s_signature)]; 1809 sp->s_next = *tspp; 1810 *tspp = sp; 1811 1812 /* The 'by inode' chains */ 1813 tspp = &si_cachei[SI_HASH(sp->s_shadow)]; 1814 sp->s_forw = *tspp; 1815 *tspp = sp; 1816 1817 rw_exit(&si_cache_lock); 1818 } 1819 1820 /* 1821 * The sp passed in is a candidate for deletion from the cache. We acquire 1822 * the cache lock first, so no cache searches can be done. Then we search 1823 * for the acl in the cache, and if we find it we can lock it and check that 1824 * nobody else attached to it while we were acquiring the locks. If the acl 1825 * is in the cache and still has a zero reference count, then we remove it 1826 * from the cache and deallocate it. If the reference count is non-zero or 1827 * it is not found in the cache, then someone else attached to it or has 1828 * already freed it, so we just return. 1829 * 1830 * Parameters: 1831 * sp - Ptr to the sp struct which is the candicate for deletion. 1832 * signature - the signature for the acl for lookup in the hash table 1833 * 1834 * Returns: Nothing (void) 1835 */ 1836 void 1837 si_cache_del(si_t *sp, int signature) 1838 { 1839 si_t **tspp; 1840 int hash; 1841 int foundacl = 0; 1842 1843 /* 1844 * Unlink & free the sp from the other queues, then destroy it. 1845 * Search the 'by acl' chain first, then the 'by inode' chain 1846 * after the acl is locked. 1847 */ 1848 rw_enter(&si_cache_lock, RW_WRITER); 1849 hash = SI_HASH(signature); 1850 for (tspp = &si_cachea[hash]; *tspp; tspp = &(*tspp)->s_next) { 1851 if (*tspp == sp) { 1852 /* 1853 * Wait to grab the acl lock until after the acl has 1854 * been found in the cache. Otherwise it might try to 1855 * grab a lock that has already been destroyed, or 1856 * delete an acl that has already been freed. 1857 */ 1858 rw_enter(&sp->s_lock, RW_WRITER); 1859 /* See if someone else attached to it */ 1860 if (sp->s_ref) { 1861 rw_exit(&sp->s_lock); 1862 rw_exit(&si_cache_lock); 1863 return; 1864 } 1865 ASSERT(sp->s_fore == NULL); 1866 ASSERT(sp->s_flags & SI_CACHED); 1867 foundacl = 1; 1868 *tspp = sp->s_next; 1869 break; 1870 } 1871 } 1872 1873 /* 1874 * If the acl was not in the cache, we assume another thread has 1875 * deleted it already. This could happen if another thread attaches to 1876 * the acl and then releases it after this thread has already found the 1877 * reference count to be zero but has not yet taken the cache lock. 1878 * Both threads end up seeing a reference count of zero, and call into 1879 * si_cache_del. See bug 4244827 for details on the race condition. 1880 */ 1881 if (foundacl == 0) { 1882 rw_exit(&si_cache_lock); 1883 return; 1884 } 1885 1886 /* Now check the 'by inode' chain */ 1887 hash = SI_HASH(sp->s_shadow); 1888 for (tspp = &si_cachei[hash]; *tspp; tspp = &(*tspp)->s_forw) { 1889 if (*tspp == sp) { 1890 *tspp = sp->s_forw; 1891 break; 1892 } 1893 } 1894 1895 /* 1896 * At this point, we can unlock everything because this si 1897 * is no longer in the cache, thus cannot be attached to. 1898 */ 1899 rw_exit(&sp->s_lock); 1900 rw_exit(&si_cache_lock); 1901 sp->s_flags &= ~SI_CACHED; 1902 (void) ufs_si_free_mem(sp); 1903 } 1904 1905 /* 1906 * Alloc the hash buckets for the si cache & initialize 1907 * the unreferenced anchor and the cache lock. 1908 */ 1909 void 1910 si_cache_init(void) 1911 { 1912 rw_init(&si_cache_lock, NULL, RW_DEFAULT, NULL); 1913 1914 /* The 'by acl' headers */ 1915 si_cachea = kmem_zalloc(si_cachecnt * sizeof (si_t *), KM_SLEEP); 1916 /* The 'by inode' headers */ 1917 si_cachei = kmem_zalloc(si_cachecnt * sizeof (si_t *), KM_SLEEP); 1918 } 1919 1920 /* 1921 * aclcksum takes an acl and generates a checksum. It takes as input 1922 * the acl to start at. 1923 * 1924 * s_aclp - pointer to starting acl 1925 * 1926 * returns checksum 1927 */ 1928 static int 1929 aclcksum(ufs_ic_acl_t *s_aclp) 1930 { 1931 ufs_ic_acl_t *aclp; 1932 int signature = 0; 1933 for (aclp = s_aclp; aclp; aclp = aclp->acl_ic_next) { 1934 signature += aclp->acl_ic_perm; 1935 signature += aclp->acl_ic_who; 1936 } 1937 return (signature); 1938 } 1939 1940 /* 1941 * Generate a unique signature for an si structure. Used by the 1942 * search routine si_cachea_get() to quickly identify candidates 1943 * prior to calling si_cmp(). 1944 * Parameters: 1945 * sp - Ptr to the si struct to generate the signature for. 1946 * 1947 * Returns: A signature for the si struct (really a checksum) 1948 */ 1949 static int 1950 si_signature(si_t *sp) 1951 { 1952 int signature = sp->s_dev; 1953 1954 signature += aclcksum(sp->aowner) + aclcksum(sp->agroup) + 1955 aclcksum(sp->aother) + aclcksum(sp->ausers) + 1956 aclcksum(sp->agroups) + aclcksum(sp->downer) + 1957 aclcksum(sp->dgroup) + aclcksum(sp->dother) + 1958 aclcksum(sp->dusers) + aclcksum(sp->dgroups); 1959 if (sp->aclass.acl_ismask) 1960 signature += sp->aclass.acl_maskbits; 1961 if (sp->dclass.acl_ismask) 1962 signature += sp->dclass.acl_maskbits; 1963 1964 return (signature); 1965 } 1966 1967 /* 1968 * aclcmp compares to acls to see if they are identical. 1969 * 1970 * sp1 is source 1971 * sp2 is sourceb 1972 * 1973 * returns 0 if equal and 1 if not equal 1974 */ 1975 static int 1976 aclcmp(ufs_ic_acl_t *aclin1p, ufs_ic_acl_t *aclin2p) 1977 { 1978 ufs_ic_acl_t *aclp1; 1979 ufs_ic_acl_t *aclp2; 1980 1981 /* 1982 * if the starting pointers are equal then they are equal so 1983 * just return. 1984 */ 1985 if (aclin1p == aclin2p) 1986 return (0); 1987 /* 1988 * check element by element 1989 */ 1990 for (aclp1 = aclin1p, aclp2 = aclin2p; aclp1 && aclp2; 1991 aclp1 = aclp1->acl_ic_next, aclp2 = aclp2->acl_ic_next) { 1992 if (aclp1->acl_ic_perm != aclp2->acl_ic_perm || 1993 aclp1->acl_ic_who != aclp2->acl_ic_who) 1994 return (1); 1995 } 1996 /* 1997 * both must be zero (at the end of the acl) 1998 */ 1999 if (aclp1 || aclp2) 2000 return (1); 2001 2002 return (0); 2003 } 2004 2005 /* 2006 * Do extensive, field-by-field compare of two si structures. Returns 2007 * 0 if they are exactly identical, 1 otherwise. 2008 * 2009 * Paramters: 2010 * sp1 - Ptr to 1st si struct 2011 * sp2 - Ptr to 2nd si struct 2012 * 2013 * Returns: 2014 * 0 - Not identical 2015 * 1 - Identical 2016 */ 2017 static int 2018 si_cmp(si_t *sp1, si_t *sp2) 2019 { 2020 if (sp1->s_dev != sp2->s_dev) 2021 return (1); 2022 if (aclcmp(sp1->aowner, sp2->aowner) || 2023 aclcmp(sp1->agroup, sp2->agroup) || 2024 aclcmp(sp1->aother, sp2->aother) || 2025 aclcmp(sp1->ausers, sp2->ausers) || 2026 aclcmp(sp1->agroups, sp2->agroups) || 2027 aclcmp(sp1->downer, sp2->downer) || 2028 aclcmp(sp1->dgroup, sp2->dgroup) || 2029 aclcmp(sp1->dother, sp2->dother) || 2030 aclcmp(sp1->dusers, sp2->dusers) || 2031 aclcmp(sp1->dgroups, sp2->dgroups)) 2032 return (1); 2033 if (sp1->aclass.acl_ismask != sp2->aclass.acl_ismask) 2034 return (1); 2035 if (sp1->dclass.acl_ismask != sp2->dclass.acl_ismask) 2036 return (1); 2037 if (sp1->aclass.acl_ismask && 2038 sp1->aclass.acl_maskbits != sp2->aclass.acl_maskbits) 2039 return (1); 2040 if (sp1->dclass.acl_ismask && 2041 sp1->dclass.acl_maskbits != sp2->dclass.acl_maskbits) 2042 return (1); 2043 2044 return (0); 2045 } 2046 2047 /* 2048 * Remove all acls associated with a device. All acls must have 2049 * a reference count of zero. 2050 * 2051 * inputs: 2052 * device - device to remove from the cache 2053 * 2054 * outputs: 2055 * none 2056 */ 2057 void 2058 ufs_si_cache_flush(dev_t dev) 2059 { 2060 si_t *tsp, **tspp; 2061 int i; 2062 2063 rw_enter(&si_cache_lock, RW_WRITER); 2064 for (i = 0; i < si_cachecnt; i++) { 2065 tspp = &si_cachea[i]; 2066 while (*tspp) { 2067 if ((*tspp)->s_dev == dev) { 2068 *tspp = (*tspp)->s_next; 2069 } else { 2070 tspp = &(*tspp)->s_next; 2071 } 2072 } 2073 } 2074 for (i = 0; i < si_cachecnt; i++) { 2075 tspp = &si_cachei[i]; 2076 while (*tspp) { 2077 if ((*tspp)->s_dev == dev) { 2078 tsp = *tspp; 2079 *tspp = (*tspp)->s_forw; 2080 tsp->s_flags &= ~SI_CACHED; 2081 ufs_si_free_mem(tsp); 2082 } else { 2083 tspp = &(*tspp)->s_forw; 2084 } 2085 } 2086 } 2087 rw_exit(&si_cache_lock); 2088 } 2089 2090 /* 2091 * ufs_si_del is used to unhook a sp from a inode in memory 2092 * 2093 * ip is the inode to remove the sp from. 2094 */ 2095 void 2096 ufs_si_del(struct inode *ip) 2097 { 2098 si_t *sp = ip->i_ufs_acl; 2099 int refcnt; 2100 int signature; 2101 2102 if (sp) { 2103 rw_enter(&sp->s_lock, RW_WRITER); 2104 refcnt = --sp->s_ref; 2105 signature = sp->s_signature; 2106 ASSERT(sp->s_ref >= 0 && sp->s_ref <= sp->s_use); 2107 rw_exit(&sp->s_lock); 2108 if (refcnt == 0) 2109 si_cache_del(sp, signature); 2110 ip->i_ufs_acl = NULL; 2111 } 2112 }