diff options
| author | Jerry Jelinek <jerry.jelinek@joyent.com> | 2016-04-21 12:20:05 +0000 |
|---|---|---|
| committer | Jerry Jelinek <jerry.jelinek@joyent.com> | 2016-04-21 12:20:05 +0000 |
| commit | 3eacfc2b49fb2e87d561b8204560f9464c0a18cb (patch) | |
| tree | 01047ff5c7170d1af406588e3bc0a933fdc591b5 | |
| parent | a3ff90a8ed2ff994c15b0dca337baf1814d00b38 (diff) | |
| parent | 20fea7a47472aceb64d3ed48cc2a3ea268bc4795 (diff) | |
| download | illumos-joyent-3eacfc2b49fb2e87d561b8204560f9464c0a18cb.tar.gz | |
[illumos-gate merge]
commit 20fea7a47472aceb64d3ed48cc2a3ea268bc4795
6879 incorrect endianness swap for drr_spill.drr_length in libzfs_sendrecv.c
commit c5d1600c3eb0a58e493be9019c5fb8eaec72cb81
6880 zdb incorrectly reports feature count mismatch when feature is disabled
commit 88a916040716032880a2a28e8f26912aef5426da
6877 zfs_rename_006_pos fails due to missing zvol snapshot device file
commit 8fc922875ed266f52ccd5cc6f973b9ad0839c710
6871 libzpool implementation of thread_create should enforce length is 0
commit f83b46baf98d276f5f84fa84c8b461f412ac1f5e
6872 zfs libraries should not allow uninitialized variables
commit 80309ff2cfc900b5f6acfe1d7f72cf67baf81fbe
6870 Update zoneinfo to 2016c (zone_sun.tab mismerge)
commit 232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020
6875 fix zfs-tests ACL cases
commit da412744bc6f902e4519ae67e92191a2e5d85e2c
6765 zfs_zaccess_delete() comments do not accurately reflect delete permissions for ACLs
commit de0f1ddb598506a5d9a02946b67e9300b5f2a7cd
6764 zfs issues with inheritance flags during chmod(2) with aclmode=passthrough
commit 851632d6a88d512574719953cc01ae7c2ed66b88
6763 aclinherit=restricted masks inherited permissions by group perms (groupmask)
commit 1eb4e906ec75b9bde421954ace46ef137b0fc9eb
6762 POSIX write should imply DELETE_CHILD on directories - and some additional considerations
31 files changed, 1059 insertions, 1147 deletions
diff --git a/usr/src/cmd/zdb/zdb.c b/usr/src/cmd/zdb/zdb.c index 7ed097f61d..bb02c51f23 100644 --- a/usr/src/cmd/zdb/zdb.c +++ b/usr/src/cmd/zdb/zdb.c @@ -3046,7 +3046,8 @@ dump_zpool(spa_t *spa) uint64_t refcount; if (!(spa_feature_table[f].fi_flags & - ZFEATURE_FLAG_PER_DATASET)) { + ZFEATURE_FLAG_PER_DATASET) || + !spa_feature_is_enabled(spa, f)) { ASSERT0(dataset_feature_count[f]); continue; } diff --git a/usr/src/cmd/zfs/Makefile b/usr/src/cmd/zfs/Makefile index 4e420460d3..f84bcbb108 100644 --- a/usr/src/cmd/zfs/Makefile +++ b/usr/src/cmd/zfs/Makefile @@ -22,7 +22,7 @@ # Use is subject to license terms. # # Copyright 2010 Nexenta Systems, Inc. All rights reserved. -# Copyright (c) 2012 by Delphix. All rights reserved. +# Copyright (c) 2012, 2015 by Delphix. All rights reserved. # Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com>. # @@ -51,8 +51,8 @@ CPPFLAGS += -D_LARGEFILE64_SOURCE=1 -D_REENTRANT $(INCS) $(NOT_RELEASE_BUILD)CPPFLAGS += -DDEBUG # lint complains about unused _umem_* functions -LINTFLAGS += -xerroff=E_NAME_DEF_NOT_USED2 -LINTFLAGS64 += -xerroff=E_NAME_DEF_NOT_USED2 +LINTFLAGS += -xerroff=E_NAME_DEF_NOT_USED2 +LINTFLAGS64 += -xerroff=E_NAME_DEF_NOT_USED2 ROOTUSRSBINLINKS = $(PROG:%=$(ROOTUSRSBIN)/%) USRLIBFSTYPELINKS = $(LINKPROGS:%=$(USRLIBFSTYPE)/%) diff --git a/usr/src/cmd/zic/zone_sun.tab b/usr/src/cmd/zic/zone_sun.tab index 6bcc56101b..2ed7f07ed4 100644 --- a/usr/src/cmd/zic/zone_sun.tab +++ b/usr/src/cmd/zic/zone_sun.tab @@ -3,9 +3,9 @@ # This file is in the public domain, so clarified as of # 2009-05-17 by Arthur David Olson. # -# TZ zone descriptions # -# From Paul Eggert (1996-08-05): +# NOTE -- This is the special SunOS version of zone.tab, which is used +# by libzoneinfo in some illumos distros' installer software. # # This file contains a table with the following columns: # 1. ISO 3166 2-character country code. See the file `iso3166.tab'. @@ -14,7 +14,11 @@ # either +-DDMM+-DDDMM or +-DDMMSS+-DDDMMSS, # first latitude (+ is north), then longitude (+ is east). # 3. Zone name used in value of TZ environment variable. -# 4. Comments; present if and only if the country has multiple rows. +# 4. Canonical timezone name (now deprecated by the hardlinks in the real +# zoneinfo), or a '-' if not needed. +# 5. Comments; present if and only if the country has multiple rows. +# +# This file can go away once libzoneinfo is deprecated. # # Columns are separated by a single tab. # The table is sorted first by country, then an order within the country that @@ -33,22 +37,22 @@ AI +1812-06304 America/Anguilla - AL +4120+01950 Europe/Tirane - AM +4011+04430 Asia/Yerevan - AO -0848+01314 Africa/Luanda - -AQ -7750+16636 Antarctica/McMurdo New Zealand time - McMurdo, South Pole -AQ -6617+11031 Antarctica/Casey Casey -AQ -6835+07758 Antarctica/Davis Davis -AQ -6640+14001 Antarctica/DumontDUrville Dumont-d'Urville -AQ -6736+06253 Antarctica/Mawson Mawson -AQ -6448-06406 Antarctica/Palmer Palmer -AQ -6734-06808 Antarctica/Rothera Rothera -AQ -690022+0393524 Antarctica/Syowa Syowa -AQ -720041+0023206 Antarctica/Troll Troll -AQ -7824+10654 Antarctica/Vostok Vostok -AR -3436-05827 America/Argentina/Buenos_Aires America/Buenos_Aires Buenos Aires (BA, CF) -AR -3124-06411 America/Argentina/Cordoba Argentina (most areas: CB, CC, CN, ER, FM, MN, SE, SF) -AR -2447-06525 America/Argentina/Salta Salta (SA, LP, NQ, RN) +AQ -7750+16636 Antarctica/McMurdo - New Zealand time - McMurdo, South Pole +AQ -6617+11031 Antarctica/Casey - Casey +AQ -6835+07758 Antarctica/Davis - Davis +AQ -6640+14001 Antarctica/DumontDUrville - Dumont-d'Urville +AQ -6736+06253 Antarctica/Mawson - Mawson +AQ -6448-06406 Antarctica/Palmer - Palmer +AQ -6734-06808 Antarctica/Rothera - Rothera +AQ -690022+0393524 Antarctica/Syowa - Syowa +AQ -720041+0023206 Antarctica/Troll - Troll +AQ -7824+10654 Antarctica/Vostok - Vostok +AR -3436-05827 America/Argentina/Buenos_Aires - America/Buenos_Aires Buenos Aires (BA, CF) +AR -3124-06411 America/Argentina/Cordoba - Argentina (most areas: CB, CC, CN, ER, FM, MN, SE, SF) +AR -2447-06525 America/Argentina/Salta - Salta (SA, LP, NQ, RN) AR -2411-06518 America/Argentina/Jujuy America/Jujuy Jujuy (JY) AR -2649-06513 America/Argentina/Tucuman - Tucuman (TM) -AR -2828-06547 America/Argentina/Catamarca Catamarca (CT); Chubut (CH) +AR -2828-06547 America/Argentina/Catamarca America/Catamarca Catamarca (CT); Chubut (CH) AR -2926-06651 America/Argentina/La_Rioja - La Rioja (LR) AR -3132-06831 America/Argentina/San_Juan - San Juan (SJ) AR -3253-06849 America/Argentina/Mendoza America/Mendoza Mendoza (MZ) @@ -59,17 +63,17 @@ AS -1416-17042 Pacific/Pago_Pago US/Samoa AT +4813+01620 Europe/Vienna - AU -3133+15905 Australia/Lord_Howe Australia/LHI Lord Howe Island AU -5430+15857 Antarctica/Macquarie - Macquarie Island -AU -4253+14719 Australia/Hobart Tasmania (most areas) -AU -3956+14352 Australia/Currie Tasmania (King Island) +AU -4253+14719 Australia/Hobart - Tasmania (most areas) +AU -3956+14352 Australia/Currie - Tasmania (King Island) AU -3749+14458 Australia/Melbourne Australia/Victoria Victoria -AU -3352+15113 Australia/Sydney New South Wales (most areas) -AU -3157+14127 Australia/Broken_Hill New South Wales (Yancowinna) -AU -2728+15302 Australia/Brisbane Queensland (most areas) -AU -2016+14900 Australia/Lindeman Queensland (Whitsunday Islands) +AU -3352+15113 Australia/Sydney - New South Wales (most areas) +AU -3157+14127 Australia/Broken_Hill - New South Wales (Yancowinna) +AU -2728+15302 Australia/Brisbane - Queensland (most areas) +AU -2016+14900 Australia/Lindeman - Queensland (Whitsunday Islands) AU -3455+13835 Australia/Adelaide Australia/South South Australia AU -1228+13050 Australia/Darwin Australia/North Northern Territory -AU -3157+11551 Australia/Perth Western Australia (most areas) -AU -3143+12852 Australia/Eucla Western Australia (Eucla) +AU -3157+11551 Australia/Perth - Western Australia (most areas) +AU -3143+12852 Australia/Eucla - Western Australia (Eucla) AW +1230-06958 America/Aruba - AX +6006+01957 Europe/Mariehamn - AZ +4023+04951 Asia/Baku - @@ -88,63 +92,63 @@ BN +0456+11455 Asia/Brunei - BO -1630-06809 America/La_Paz - BQ +120903-0681636 America/Kralendijk - BR -0351-03225 America/Noronha Brazil/DeNoronha Atlantic islands -BR -0127-04829 America/Belem Para (east); Amapa -BR -0343-03830 America/Fortaleza Brazil (northeast: MA, PI, CE, RN, PB) +BR -0127-04829 America/Belem - Para (east); Amapa +BR -0343-03830 America/Fortaleza - Brazil (northeast: MA, PI, CE, RN, PB) BR -0803-03454 America/Recife - Pernambuco BR -0712-04812 America/Araguaina - Tocantins BR -0940-03543 America/Maceio - Alagoas, Sergipe BR -1259-03831 America/Bahia - Bahia -BR -2332-04637 America/Sao_Paulo Brazil (southeast: GO, DF, MG, ES, RJ, SP, PR, SC, RS) +BR -2332-04637 America/Sao_Paulo - Brazil (southeast: GO, DF, MG, ES, RJ, SP, PR, SC, RS) BR -2027-05437 America/Campo_Grande - Mato Grosso do Sul BR -1535-05605 America/Cuiaba - Mato Grosso -BR -0226-05452 America/Santarem Para (west) +BR -0226-05452 America/Santarem - Para (west) BR -0846-06354 America/Porto_Velho - Rondonia BR +0249-06040 America/Boa_Vista - Roraima -BR -0308-06001 America/Manaus Amazonas (east) -BR -0640-06952 America/Eirunepe Amazonas (west) +BR -0308-06001 America/Manaus - Amazonas (east) +BR -0640-06952 America/Eirunepe - Amazonas (west) BR -0958-06748 America/Rio_Branco Brazil/Acre Acre BS +2505-07721 America/Nassau - BT +2728+08939 Asia/Thimphu - BW -2439+02555 Africa/Gaborone - BY +5354+02734 Europe/Minsk - BZ +1730-08812 America/Belize - -CA +4734-05243 America/St_Johns Newfoundland; Labrador (southeast) -CA +4439-06336 America/Halifax Atlantic - NS (most areas); PE -CA +4612-05957 America/Glace_Bay Atlantic - NS (Cape Breton) -CA +4606-06447 America/Moncton Atlantic - New Brunswick -CA +5320-06025 America/Goose_Bay Atlantic - Labrador (most areas) +CA +4734-05243 America/St_Johns - Newfoundland; Labrador (southeast) +CA +4439-06336 America/Halifax - Atlantic - NS (most areas); PE +CA +4612-05957 America/Glace_Bay - Atlantic - NS (Cape Breton) +CA +4606-06447 America/Moncton - Atlantic - New Brunswick +CA +5320-06025 America/Goose_Bay - Atlantic - Labrador (most areas) CA +5125-05707 America/Blanc-Sablon AST - QC (Lower North Shore) -CA +4339-07923 America/Toronto Eastern - ON, QC (most areas) -CA +4901-08816 America/Nipigon Eastern - ON, QC (no DST 1967-73) -CA +4823-08915 America/Thunder_Bay Eastern - ON (Thunder Bay) -CA +6344-06828 America/Iqaluit Eastern - NU (most east areas) -CA +6608-06544 America/Pangnirtung Eastern - NU (Pangnirtung) -CA +484531-0913718 America/Atikokan EST - ON (Atikokan); NU (Coral H) -CA +4953-09709 America/Winnipeg Central - ON (west); Manitoba -CA +4843-09434 America/Rainy_River Central - ON (Rainy R, Ft Frances) -CA +744144-0944945 America/Resolute Central - NU (Resolute) -CA +624900-0920459 America/Rankin_Inlet Central - NU (central) -CA +5024-10439 America/Regina CST - SK (most areas) -CA +5017-10750 America/Swift_Current CST - SK (midwest) -CA +5333-11328 America/Edmonton Mountain - AB; BC (E); SK (W) -CA +690650-1050310 America/Cambridge_Bay Mountain - NU (west) -CA +6227-11421 America/Yellowknife Mountain - NT (central) -CA +682059-1334300 America/Inuvik Mountain - NT (west) -CA +4906-11631 America/Creston MST - BC (Creston) -CA +5946-12014 America/Dawson_Creek MST - BC (Dawson Cr, Ft St John) -CA +5848-12242 America/Fort_Nelson MST - BC (Ft Nelson) -CA +4916-12307 America/Vancouver Pacific - BC (most areas) -CA +6043-13503 America/Whitehorse Pacific - Yukon (south) -CA +6404-13925 America/Dawson Pacific - Yukon (north) +CA +4339-07923 America/Toronto - Eastern - ON, QC (most areas) +CA +4901-08816 America/Nipigon - Eastern - ON, QC (no DST 1967-73) +CA +4823-08915 America/Thunder_Bay - Eastern - ON (Thunder Bay) +CA +6344-06828 America/Iqaluit - Eastern - NU (most east areas) +CA +6608-06544 America/Pangnirtung - Eastern - NU (Pangnirtung) +CA +484531-0913718 America/Atikokan - EST - ON (Atikokan); NU (Coral H) +CA +4953-09709 America/Winnipeg - Central - ON (west); Manitoba +CA +4843-09434 America/Rainy_River - Central - ON (Rainy R, Ft Frances) +CA +744144-0944945 America/Resolute - Central - NU (Resolute) +CA +624900-0920459 America/Rankin_Inlet - Central - NU (central) +CA +5024-10439 America/Regina - CST - SK (most areas) +CA +5017-10750 America/Swift_Current - CST - SK (midwest) +CA +5333-11328 America/Edmonton - Mountain - AB; BC (E); SK (W) +CA +690650-1050310 America/Cambridge_Bay - Mountain - NU (west) +CA +6227-11421 America/Yellowknife - Mountain - NT (central) +CA +682059-1334300 America/Inuvik - Mountain - NT (west) +CA +4906-11631 America/Creston - MST - BC (Creston) +CA +5946-12014 America/Dawson_Creek - MST - BC (Dawson Cr, Ft St John) +CA +5848-12242 America/Fort_Nelson - MST - BC (Ft Nelson) +CA +4916-12307 America/Vancouver - Pacific - BC (most areas) +CA +6043-13503 America/Whitehorse - Pacific - Yukon (south) +CA +6404-13925 America/Dawson - Pacific - Yukon (north) CC -1210+09655 Indian/Cocos - -CD -0418+01518 Africa/Kinshasa Dem. Rep. of Congo (west) -CD -1140+02728 Africa/Lubumbashi Dem. Rep. of Congo (east) +CD -0418+01518 Africa/Kinshasa - Dem. Rep. of Congo (west) +CD -1140+02728 Africa/Lubumbashi - Dem. Rep. of Congo (east) CF +0422+01835 Africa/Bangui - CG -0416+01517 Africa/Brazzaville - CH +4723+00832 Europe/Zurich - CI +0519-00402 Africa/Abidjan - CK -2114-15946 Pacific/Rarotonga - -CL -3327-07040 America/Santiago Chile (most areas) +CL -3327-07040 America/Santiago - Chile (most areas) CL -2709-10926 Pacific/Easter Chile/EasterIsland Easter Island CM +0403+00942 Africa/Douala - CN +3114+12128 Asia/Shanghai - Beijing Time @@ -157,14 +161,14 @@ CW +1211-06900 America/Curacao - CX -1025+10543 Indian/Christmas - CY +3510+03322 Asia/Nicosia - CZ +5005+01426 Europe/Prague - -DE +5230+01322 Europe/Berlin Germany (most areas) +DE +5230+01322 Europe/Berlin - Germany (most areas) DE +4742+00841 Europe/Busingen - Busingen DJ +1136+04309 Africa/Djibouti - DK +5540+01235 Europe/Copenhagen - DM +1518-06124 America/Dominica - DO +1828-06954 America/Santo_Domingo - DZ +3647+00303 Africa/Algiers - -EC -0210-07950 America/Guayaquil Ecuador (mainland) +EC -0210-07950 America/Guayaquil - Ecuador (mainland) EC -0054-08936 Pacific/Galapagos - Galapagos Islands EE +5925+02445 Europe/Tallinn - EG +3003+03115 Africa/Cairo Egypt @@ -177,8 +181,8 @@ ET +0902+03842 Africa/Addis_Ababa - FI +6010+02458 Europe/Helsinki - FJ -1808+17825 Pacific/Fiji - FK -5142-05751 Atlantic/Stanley - -FM +0725+15147 Pacific/Chuuk Chuuk/Truk, Yap -FM +0658+15813 Pacific/Pohnpei Pohnpei/Ponape +FM +0725+15147 Pacific/Chuuk - Chuuk/Truk, Yap +FM +0658+15813 Pacific/Pohnpei - Pohnpei/Ponape FM +0519+16259 Pacific/Kosrae - Kosrae FO +6201-00646 Atlantic/Faroe - FR +4852+00220 Europe/Paris - @@ -190,8 +194,8 @@ GF +0456-05220 America/Cayenne - GG +4927-00232 Europe/Guernsey - GH +0533-00013 Africa/Accra - GI +3608-00521 Europe/Gibraltar - -GL +6411-05144 America/Godthab Greenland (most areas) -GL +7646-01840 America/Danmarkshavn National Park (east coast) +GL +6411-05144 America/Godthab - Greenland (most areas) +GL +7646-01840 America/Danmarkshavn - National Park (east coast) GL +7029-02158 America/Scoresbysund Scoresbysund/Ittoqqortoormiit GL +7634-06847 America/Thule Thule/Pituffik GM +1328-01639 Africa/Banjul - @@ -209,10 +213,10 @@ HN +1406-08713 America/Tegucigalpa - HR +4548+01558 Europe/Zagreb - HT +1832-07220 America/Port-au-Prince - HU +4730+01905 Europe/Budapest - -ID -0610+10648 Asia/Jakarta Java, Sumatra -ID -0002+10920 Asia/Pontianak Borneo (west, central) -ID -0507+11924 Asia/Makassar Borneo (east, south); Sulawesi/Celebes, Bali, Nusa Tengarra; Timor (west) -ID -0232+14042 Asia/Jayapura New Guinea (West Papua / Irian Jaya); Malukus/Moluccas +ID -0610+10648 Asia/Jakarta - Java, Sumatra +ID -0002+10920 Asia/Pontianak - Borneo (west, central) +ID -0507+11924 Asia/Makassar - Borneo (east, south); Sulawesi/Celebes, Bali, Nusa Tengarra; Timor (west) +ID -0232+14042 Asia/Jayapura - New Guinea (West Papua / Irian Jaya); Malukus/Moluccas IE +5320-00615 Europe/Dublin Eire IL +314650+0351326 Asia/Jerusalem Israel IM +5409-00428 Europe/Isle_of_Man - @@ -238,7 +242,7 @@ KP +3901+12545 Asia/Pyongyang - KR +3733+12658 Asia/Seoul ROK KW +2920+04759 Asia/Kuwait - KY +1918-08123 America/Cayman - -KZ +4315+07657 Asia/Almaty Kazakhstan (most areas) +KZ +4315+07657 Asia/Almaty - Kazakhstan (most areas) KZ +4448+06528 Asia/Qyzylorda Qyzylorda/Kyzylorda/Kzyl-Orda KZ +5017+05710 Asia/Aqtobe Aqtobe/Aktobe KZ +4431+05016 Asia/Aqtau Atyrau/Atirau/Gur'yev, Mangghystau/Mankistau @@ -260,12 +264,12 @@ MD +4700+02850 Europe/Chisinau - ME +4226+01916 Europe/Podgorica - MF +1804-06305 America/Marigot - MG -1855+04731 Indian/Antananarivo - -MH +0709+17112 Pacific/Majuro Marshall Islands (most areas) +MH +0709+17112 Pacific/Majuro - Marshall Islands (most areas) MH +0905+16720 Pacific/Kwajalein - Kwajalein MK +4159+02126 Europe/Skopje - ML +1239-00800 Africa/Bamako - MM +1647+09610 Asia/Rangoon - -MN +4755+10653 Asia/Ulaanbaatar Mongolia (most areas) +MN +4755+10653 Asia/Ulaanbaatar - Mongolia (most areas) MN +4801+09139 Asia/Hovd - Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan MN +4804+11430 Asia/Choibalsan - Dornod, Sukhbaatar MO +2214+11335 Asia/Macau Asia/Macao @@ -277,19 +281,19 @@ MT +3554+01431 Europe/Malta - MU -2010+05730 Indian/Mauritius - MV +0410+07330 Indian/Maldives - MW -1547+03500 Africa/Blantyre - -MX +1924-09909 America/Mexico_City Central Time +MX +1924-09909 America/Mexico_City - Central Time MX +2105-08646 America/Cancun - Eastern Standard Time - Quintana Roo MX +2058-08937 America/Merida - Central Time - Campeche, Yucatan -MX +2540-10019 America/Monterrey Central Time - Durango; Coahuila, Nuevo Leon, Tamaulipas (most areas) -MX +2550-09730 America/Matamoros Central Time US - Coahuila, Nuevo Leon, Tamaulipas (US border) -MX +2313-10625 America/Mazatlan Mountain Time - Baja California Sur, Nayarit, Sinaloa -MX +2838-10605 America/Chihuahua Mountain Time - Chihuahua (most areas) -MX +2934-10425 America/Ojinaga Mountain Time US - Chihuahua (US border) +MX +2540-10019 America/Monterrey - Central Time - Durango; Coahuila, Nuevo Leon, Tamaulipas (most areas) +MX +2550-09730 America/Matamoros - Central Time US - Coahuila, Nuevo Leon, Tamaulipas (US border) +MX +2313-10625 America/Mazatlan - Mountain Time - Baja California Sur, Nayarit, Sinaloa +MX +2838-10605 America/Chihuahua - Mountain Time - Chihuahua (most areas) +MX +2934-10425 America/Ojinaga - Mountain Time US - Chihuahua (US border) MX +2904-11058 America/Hermosillo - Mountain Standard Time - Sonora -MX +3232-11701 America/Tijuana Pacific Time US - Baja California -MX +2048-10515 America/Bahia_Banderas Central Time - Bahia de Banderas -MY +0310+10142 Asia/Kuala_Lumpur Malaysia (peninsula) -MY +0133+11020 Asia/Kuching Sabah, Sarawak +MX +3232-11701 America/Tijuana - Pacific Time US - Baja California +MX +2048-10515 America/Bahia_Banderas - Central Time - Bahia de Banderas +MY +0310+10142 Asia/Kuala_Lumpur - Malaysia (peninsula) +MY +0133+11020 Asia/Kuching - Sabah, Sarawak MZ -2558+03235 Africa/Maputo - NA -2234+01706 Africa/Windhoek - NC -2216+16627 Pacific/Noumea - @@ -302,7 +306,7 @@ NO +5955+01045 Europe/Oslo - NP +2743+08519 Asia/Kathmandu - NR -0031+16655 Pacific/Nauru - NU -1901-16955 Pacific/Niue - -NZ -3652+17446 Pacific/Auckland New Zealand (most areas) +NZ -3652+17446 Pacific/Auckland - New Zealand (most areas) NZ -4357-17633 Pacific/Chatham - Chatham Islands OM +2336+05835 Asia/Muscat - PA +0858-07932 America/Panama - @@ -310,7 +314,7 @@ PE -1203-07703 America/Lima - PF -1732-14934 Pacific/Tahiti - Society Islands PF -0900-13930 Pacific/Marquesas - Marquesas Islands PF -2308-13457 Pacific/Gambier - Gambier Islands -PG -0930+14710 Pacific/Port_Moresby Papua New Guinea (most areas) +PG -0930+14710 Pacific/Port_Moresby - Papua New Guinea (most areas) PG -0613+15534 Pacific/Bougainville - Bougainville PH +1435+12100 Asia/Manila - PK +2452+06703 Asia/Karachi - @@ -320,7 +324,7 @@ PN -2504-13005 Pacific/Pitcairn - PR +182806-0660622 America/Puerto_Rico - PS +3130+03428 Asia/Gaza - Gaza Strip PS +313200+0350542 Asia/Hebron - West Bank -PT +3843-00908 Europe/Lisbon Portugal (mainland) +PT +3843-00908 Europe/Lisbon - Portugal (mainland) PT +3238-01654 Atlantic/Madeira - Madeira Islands PT +3744-02540 Atlantic/Azores - Azores PW +0720+13429 Pacific/Palau - @@ -329,30 +333,30 @@ QA +2517+05132 Asia/Qatar - RE -2052+05528 Indian/Reunion - RO +4426+02606 Europe/Bucharest - RS +4450+02030 Europe/Belgrade - -RU +5443+02030 Europe/Kaliningrad MSK-01 - Kaliningrad -RU +554521+0373704 Europe/Moscow MSK+00 - Moscow area -RU +4457+03406 Europe/Simferopol MSK+00 - Crimea -RU +4844+04425 Europe/Volgograd MSK+00 - Volgograd, Kirov, Saratov -RU +4621+04803 Europe/Astrakhan MSK+01 - Astrakhan -RU +5312+05009 Europe/Samara MSK+01 - Samara, Udmurtia -RU +5420+04824 Europe/Ulyanovsk MSK+01 - Ulyanovsk -RU +5651+06036 Asia/Yekaterinburg MSK+02 - Urals -RU +5500+07324 Asia/Omsk MSK+03 - Omsk -RU +5502+08255 Asia/Novosibirsk MSK+03 - Novosibirsk, Tomsk -RU +5322+08345 Asia/Barnaul MSK+04 - Altai -RU +5345+08707 Asia/Novokuznetsk MSK+04 - Kemerovo -RU +5601+09250 Asia/Krasnoyarsk MSK+04 - Krasnoyarsk area -RU +5216+10420 Asia/Irkutsk MSK+05 - Irkutsk, Buryatia -RU +5203+11328 Asia/Chita MSK+06 - Zabaykalsky -RU +6200+12940 Asia/Yakutsk MSK+06 - Lena River -RU +623923+1353314 Asia/Khandyga MSK+06 - Tomponsky, Ust-Maysky -RU +4310+13156 Asia/Vladivostok MSK+07 - Amur River -RU +643337+1431336 Asia/Ust-Nera MSK+07 - Oymyakonsky -RU +5934+15048 Asia/Magadan MSK+07 - Magadan -RU +4658+14242 Asia/Sakhalin MSK+08 - Sakhalin Island -RU +6728+15343 Asia/Srednekolymsk MSK+08 - Sakha (E); North Kuril Is -RU +5301+15839 Asia/Kamchatka MSK+09 - Kamchatka -RU +6445+17729 Asia/Anadyr MSK+09 - Bering Sea +RU +5443+02030 Europe/Kaliningrad - MSK-01 - Kaliningrad +RU +554521+0373704 Europe/Moscow - MSK+00 - Moscow area +RU +4457+03406 Europe/Simferopol - MSK+00 - Crimea +RU +4844+04425 Europe/Volgograd - MSK+00 - Volgograd, Kirov, Saratov +RU +4621+04803 Europe/Astrakhan - MSK+01 - Astrakhan +RU +5312+05009 Europe/Samara - MSK+01 - Samara, Udmurtia +RU +5420+04824 Europe/Ulyanovsk - MSK+01 - Ulyanovsk +RU +5651+06036 Asia/Yekaterinburg - MSK+02 - Urals +RU +5500+07324 Asia/Omsk - MSK+03 - Omsk +RU +5502+08255 Asia/Novosibirsk - MSK+03 - Novosibirsk, Tomsk +RU +5322+08345 Asia/Barnaul - MSK+04 - Altai +RU +5345+08707 Asia/Novokuznetsk - MSK+04 - Kemerovo +RU +5601+09250 Asia/Krasnoyarsk - MSK+04 - Krasnoyarsk area +RU +5216+10420 Asia/Irkutsk - MSK+05 - Irkutsk, Buryatia +RU +5203+11328 Asia/Chita - MSK+06 - Zabaykalsky +RU +6200+12940 Asia/Yakutsk - MSK+06 - Lena River +RU +623923+1353314 Asia/Khandyga - MSK+06 - Tomponsky, Ust-Maysky +RU +4310+13156 Asia/Vladivostok - MSK+07 - Amur River +RU +643337+1431336 Asia/Ust-Nera - MSK+07 - Oymyakonsky +RU +5934+15048 Asia/Magadan - MSK+07 - Magadan +RU +4658+14242 Asia/Sakhalin - MSK+08 - Sakhalin Island +RU +6728+15343 Asia/Srednekolymsk - MSK+08 - Sakha (E); North Kuril Is +RU +5301+15839 Asia/Kamchatka - MSK+09 - Kamchatka +RU +6445+17729 Asia/Anadyr - MSK+09 - Bering Sea RW -0157+03004 Africa/Kigali - SA +2438+04643 Asia/Riyadh - SB -0932+16012 Pacific/Guadalcanal - @@ -391,45 +395,45 @@ TT +1039-06131 America/Port_of_Spain - TV -0831+17913 Pacific/Funafuti - TW +2503+12130 Asia/Taipei - TZ -0648+03917 Africa/Dar_es_Salaam - -UA +5026+03031 Europe/Kiev Ukraine (most areas) +UA +5026+03031 Europe/Kiev - Ukraine (most areas) UA +4837+02218 Europe/Uzhgorod - Ruthenia -UA +4750+03510 Europe/Zaporozhye Zaporozh'ye/Zaporizhia; Lugansk/Luhansk (east) +UA +4750+03510 Europe/Zaporozhye - Zaporozh'ye/Zaporizhia; Lugansk/Luhansk (east) UG +0019+03225 Africa/Kampala - UM +1645-16931 Pacific/Johnston - Johnston Atoll UM +2813-17722 Pacific/Midway - Midway Islands UM +1917+16637 Pacific/Wake - Wake Island -US +404251-0740023 America/New_York Eastern (most areas) -US +421953-0830245 America/Detroit Eastern - MI (most areas) -US +381515-0854534 America/Kentucky/Louisville Eastern - KY (Louisville area) -US +364947-0845057 America/Kentucky/Monticello Eastern - KY (Wayne) -US +394606-0860929 America/Indiana/Indianapolis Eastern - IN (most areas) -US +384038-0873143 America/Indiana/Vincennes Eastern - IN (Da, Du, K, Mn) -US +410305-0863611 America/Indiana/Winamac Eastern - IN (Pulaski) -US +382232-0862041 America/Indiana/Marengo Eastern - IN (Crawford) -US +382931-0871643 America/Indiana/Petersburg Eastern - IN (Pike) -US +384452-0850402 America/Indiana/Vevay Eastern - IN (Switzerland) -US +415100-0873900 America/Chicago Central (most areas) -US +375711-0864541 America/Indiana/Tell_City Central - IN (Perry) -US +411745-0863730 America/Indiana/Knox Central - IN (Starke) -US +450628-0873651 America/Menominee Central - MI (Wisconsin border) -US +470659-1011757 America/North_Dakota/Center Central - ND (Oliver) -US +465042-1012439 America/North_Dakota/New_Salem Central - ND (Morton rural) -US +471551-1014640 America/North_Dakota/Beulah Central - ND (Mercer) -US +394421-1045903 America/Denver Mountain (most areas) -US +433649-1161209 America/Boise Mountain - ID (south); OR (east) -US +332654-1120424 America/Phoenix MST - Arizona (except Navajo) -US +340308-1181434 America/Los_Angeles Pacific -US +611305-1495401 America/Anchorage Alaska (most areas) -US +581807-1342511 America/Juneau Alaska - Juneau area -US +571035-1351807 America/Sitka Alaska - Sitka area -US +550737-1313435 America/Metlakatla Alaska - Annette Island -US +593249-1394338 America/Yakutat Alaska - Yakutat -US +643004-1652423 America/Nome Alaska (west) -US +515248-1763929 America/Adak US/Aleutian Aleutian Islands +US +404251-0740023 America/New_York - Eastern (most areas) +US +421953-0830245 America/Detroit - Eastern - MI (most areas) +US +381515-0854534 America/Kentucky/Louisville - Eastern - KY (Louisville area) +US +364947-0845057 America/Kentucky/Monticello - Eastern - KY (Wayne) +US +394606-0860929 America/Indiana/Indianapolis - Eastern - IN (most areas) +US +384038-0873143 America/Indiana/Vincennes - Eastern - IN (Da, Du, K, Mn) +US +410305-0863611 America/Indiana/Winamac - Eastern - IN (Pulaski) +US +382232-0862041 America/Indiana/Marengo - Eastern - IN (Crawford) +US +382931-0871643 America/Indiana/Petersburg - Eastern - IN (Pike) +US +384452-0850402 America/Indiana/Vevay - Eastern - IN (Switzerland) +US +415100-0873900 America/Chicago - Central (most areas) +US +375711-0864541 America/Indiana/Tell_City - Central - IN (Perry) +US +411745-0863730 America/Indiana/Knox - Central - IN (Starke) +US +450628-0873651 America/Menominee - Central - MI (Wisconsin border) +US +470659-1011757 America/North_Dakota/Center - Central - ND (Oliver) +US +465042-1012439 America/North_Dakota/New_Salem - Central - ND (Morton rural) +US +471551-1014640 America/North_Dakota/Beulah - Central - ND (Mercer) +US +394421-1045903 America/Denver - Mountain (most areas) +US +433649-1161209 America/Boise - Mountain - ID (south); OR (east) +US +332654-1120424 America/Phoenix - MST - Arizona (except Navajo) +US +340308-1181434 America/Los_Angeles - Pacific +US +611305-1495401 America/Anchorage - Alaska (most areas) +US +581807-1342511 America/Juneau - Alaska - Juneau area +US +571035-1351807 America/Sitka - Alaska - Sitka area +US +550737-1313435 America/Metlakatla - Alaska - Annette Island +US +593249-1394338 America/Yakutat - Alaska - Yakutat +US +643004-1652423 America/Nome - Alaska (west) +US +515248-1763929 America/Adak US/Aleutian - Aleutian Islands US +211825-1575130 Pacific/Honolulu US/Hawaii Hawaii UY -3453-05611 America/Montevideo - -UZ +3940+06648 Asia/Samarkand Uzbekistan (west) -UZ +4120+06918 Asia/Tashkent Uzbekistan (east) +UZ +3940+06648 Asia/Samarkand - Uzbekistan (west) +UZ +4120+06918 Asia/Tashkent - Uzbekistan (east) VA +415408+0122711 Europe/Vatican - VC +1309-06114 America/St_Vincent - VE +1030-06656 America/Caracas - diff --git a/usr/src/cmd/zpool/Makefile b/usr/src/cmd/zpool/Makefile index 8fd0a0f76e..cefbefe56d 100644 --- a/usr/src/cmd/zpool/Makefile +++ b/usr/src/cmd/zpool/Makefile @@ -21,6 +21,7 @@ # # Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. # Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com>. +# Copyright (c) 2015 by Delphix. All rights reserved. # PROG= zpool @@ -46,8 +47,8 @@ CPPFLAGS += -D_LARGEFILE64_SOURCE=1 -D_REENTRANT $(INCS) $(NOT_RELEASE_BUILD)CPPFLAGS += -DDEBUG # lint complains about unused _umem_* functions -LINTFLAGS += -xerroff=E_NAME_DEF_NOT_USED2 -LINTFLAGS64 += -xerroff=E_NAME_DEF_NOT_USED2 +LINTFLAGS += -xerroff=E_NAME_DEF_NOT_USED2 +LINTFLAGS64 += -xerroff=E_NAME_DEF_NOT_USED2 ROOTUSRSBINLINKS = $(PROG:%=$(ROOTUSRSBIN)/%) diff --git a/usr/src/cmd/zpool/zpool_vdev.c b/usr/src/cmd/zpool/zpool_vdev.c index 3de8a9e2b5..e60d7c0751 100644 --- a/usr/src/cmd/zpool/zpool_vdev.c +++ b/usr/src/cmd/zpool/zpool_vdev.c @@ -21,7 +21,7 @@ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2013 by Delphix. All rights reserved. + * Copyright (c) 2013, 2015 by Delphix. All rights reserved. * Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com>. */ @@ -558,7 +558,6 @@ get_replication(nvlist_t *nvroot, boolean_t fatal) verify(nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_CHILDREN, &top, &toplevels) == 0); - lastrep.zprl_type = NULL; for (t = 0; t < toplevels; t++) { uint64_t is_log = B_FALSE; diff --git a/usr/src/common/acl/acl_common.c b/usr/src/common/acl/acl_common.c index 6cfcb77937..ac73beace3 100644 --- a/usr/src/common/acl/acl_common.c +++ b/usr/src/common/acl/acl_common.c @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2013 Nexenta Systems, Inc. All rights reserved. + * Copyright 2014 Nexenta Systems, Inc. All rights reserved. */ #include <sys/types.h> @@ -1578,7 +1578,8 @@ acl_trivial_access_masks(mode_t mode, boolean_t isdir, trivial_acl_t *masks) uint32_t write_mask = ACE_WRITE_DATA|ACE_APPEND_DATA; uint32_t execute_mask = ACE_EXECUTE; - (void) isdir; /* will need this later */ + if (isdir) + write_mask |= ACE_DELETE_CHILD; masks->deny1 = 0; if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH))) @@ -1722,10 +1723,17 @@ ace_trivial_common(void *acep, int aclcnt, return (1); /* - * Delete permissions are never set by default + * Delete permission is never set by default + */ + if (mask & ACE_DELETE) + return (1); + + /* + * Child delete permission should be accompanied by write */ - if (mask & (ACE_DELETE|ACE_DELETE_CHILD)) + if ((mask & ACE_DELETE_CHILD) && !(mask & ACE_WRITE_DATA)) return (1); + /* * only allow owner@ to have * write_acl/write_owner/write_attributes/write_xattr/ diff --git a/usr/src/lib/libzfs/Makefile.com b/usr/src/lib/libzfs/Makefile.com index c9632dadd8..e07700aca3 100644 --- a/usr/src/lib/libzfs/Makefile.com +++ b/usr/src/lib/libzfs/Makefile.com @@ -20,7 +20,7 @@ # # # Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. -# Copyright (c) 2011, 2014 by Delphix. All rights reserved. +# Copyright (c) 2011, 2015 by Delphix. All rights reserved. # LIBRARY= libzfs.a @@ -77,7 +77,6 @@ $(DYNLIB) := LDLIBS += -lz CERRWARN += -_gcc=-Wno-switch CERRWARN += -_gcc=-Wno-parentheses -CERRWARN += -_gcc=-Wno-uninitialized CERRWARN += -_gcc=-Wno-unused-function SRCS= $(OBJS_COMMON:%.o=$(SRCDIR)/%.c) \ diff --git a/usr/src/lib/libzfs/common/libzfs_dataset.c b/usr/src/lib/libzfs/common/libzfs_dataset.c index 77db126b5b..a31f203315 100644 --- a/usr/src/lib/libzfs/common/libzfs_dataset.c +++ b/usr/src/lib/libzfs/common/libzfs_dataset.c @@ -1550,7 +1550,7 @@ zfs_prop_set_list(zfs_handle_t *zhp, nvlist_t *props) libzfs_handle_t *hdl = zhp->zfs_hdl; nvlist_t *nvl; int nvl_len; - int added_resv; + int added_resv = 0; (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, "cannot set property for '%s'"), @@ -3160,7 +3160,7 @@ zfs_create_ancestors(libzfs_handle_t *hdl, const char *path) { int prefix; char *path_copy; - int rc; + int rc = 0; if (check_parents(hdl, path, NULL, B_TRUE, &prefix) != 0) return (-1); @@ -3799,7 +3799,7 @@ zfs_rollback(zfs_handle_t *zhp, zfs_handle_t *snap, boolean_t force) rollback_data_t cb = { 0 }; int err; boolean_t restore_resv = 0; - uint64_t old_volsize, new_volsize; + uint64_t old_volsize = 0, new_volsize; zfs_prop_t resv_prop; assert(zhp->zfs_type == ZFS_TYPE_FILESYSTEM || @@ -3988,6 +3988,7 @@ zfs_rename(zfs_handle_t *zhp, const char *target, boolean_t recursive, "child dataset with inherited mountpoint is used " "in a non-global zone")); (void) zfs_error(hdl, EZFS_ZONED, errbuf); + ret = -1; goto error; } diff --git a/usr/src/lib/libzfs/common/libzfs_import.c b/usr/src/lib/libzfs/common/libzfs_import.c index 16c2681013..b73a71e94c 100644 --- a/usr/src/lib/libzfs/common/libzfs_import.c +++ b/usr/src/lib/libzfs/common/libzfs_import.c @@ -21,7 +21,7 @@ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2013 by Delphix. All rights reserved. + * Copyright (c) 2012, 2015 by Delphix. All rights reserved. * Copyright 2015 RackTop Systems. * Copyright 2016 Nexenta Systems, Inc. */ @@ -438,12 +438,12 @@ get_configs(libzfs_handle_t *hdl, pool_list_t *pl, boolean_t active_ok) pool_entry_t *pe; vdev_entry_t *ve; config_entry_t *ce; - nvlist_t *ret = NULL, *config = NULL, *tmp, *nvtop, *nvroot; + nvlist_t *ret = NULL, *config = NULL, *tmp = NULL, *nvtop, *nvroot; nvlist_t **spares, **l2cache; uint_t i, nspares, nl2cache; boolean_t config_seen; uint64_t best_txg; - char *name, *hostname; + char *name, *hostname = NULL; uint64_t guid; uint_t children = 0; nvlist_t **child = NULL; diff --git a/usr/src/lib/libzfs/common/libzfs_sendrecv.c b/usr/src/lib/libzfs/common/libzfs_sendrecv.c index 456ad3b858..988bbe3dcc 100644 --- a/usr/src/lib/libzfs/common/libzfs_sendrecv.c +++ b/usr/src/lib/libzfs/common/libzfs_sendrecv.c @@ -2825,7 +2825,7 @@ recv_skip(libzfs_handle_t *hdl, int fd, boolean_t byteswap) break; case DRR_SPILL: if (byteswap) { - drr->drr_u.drr_write.drr_length = + drr->drr_u.drr_spill.drr_length = BSWAP_64(drr->drr_u.drr_spill.drr_length); } (void) recv_read(hdl, fd, buf, diff --git a/usr/src/lib/libzfs/common/libzfs_util.c b/usr/src/lib/libzfs/common/libzfs_util.c index 9f90788b0e..b5adef2893 100644 --- a/usr/src/lib/libzfs/common/libzfs_util.c +++ b/usr/src/lib/libzfs/common/libzfs_util.c @@ -1008,7 +1008,7 @@ zprop_print_one_property(const char *name, zprop_get_cbdata_t *cbp, const char *source, const char *recvd_value) { int i; - const char *str; + const char *str = NULL; char buf[128]; /* diff --git a/usr/src/lib/libzfs_jni/Makefile.com b/usr/src/lib/libzfs_jni/Makefile.com index e9781efe61..8d8f9c4b26 100644 --- a/usr/src/lib/libzfs_jni/Makefile.com +++ b/usr/src/lib/libzfs_jni/Makefile.com @@ -23,6 +23,10 @@ # Use is subject to license terms. # +# +# Copyright (c) 2015 by Delphix. All rights reserved. +# + LIBRARY= libzfs_jni.a VERS= .1 @@ -45,7 +49,6 @@ LDLIBS += -lc -lnvpair -ldiskmgt -lzfs CPPFLAGS += $(INCS) $(NOT_RELEASE_BUILD) CPPFLAGS += -DDEBUG CERRWARN += -_gcc=-Wno-switch -CERRWARN += -_gcc=-Wno-uninitialized SRCDIR = ../common $(LINTLIB) := SRCS= $(SRCDIR)/$(LINTSRC) diff --git a/usr/src/lib/libzfs_jni/common/libzfs_jni_diskmgt.c b/usr/src/lib/libzfs_jni/common/libzfs_jni_diskmgt.c index d1c53ffb40..cb0a01cb37 100644 --- a/usr/src/lib/libzfs_jni/common/libzfs_jni_diskmgt.c +++ b/usr/src/lib/libzfs_jni/common/libzfs_jni_diskmgt.c @@ -24,7 +24,9 @@ * Use is subject to license terms. */ -#pragma ident "%Z%%M% %I% %E% SMI" +/* + * Copyright (c) 2015 by Delphix. All rights reserved. + */ #include "libzfs_jni_diskmgt.h" #include "libzfs_jni_util.h" @@ -68,7 +70,7 @@ static void (*error_func)(const char *, va_list); static char * get_device_name(dm_descriptor_t device, int *error) { - char *dup; + char *dup = NULL; char *name; *error = 0; @@ -120,7 +122,7 @@ get_disk(dm_descriptor_t disk, int *error) /* Get media */ dm_descriptor_t *media = dm_get_associated_descriptors(disk, - DM_MEDIA, error); + DM_MEDIA, error); if (*error != 0 || media == NULL || *media == NULL) { handle_error( @@ -136,9 +138,9 @@ get_disk(dm_descriptor_t disk, int *error) /* Get free slices */ dp->slices = get_disk_usable_slices( - media[0], dp->name, - dp->blocksize, - &(dp->in_use), error); + media[0], dp->name, + dp->blocksize, + &(dp->in_use), error); } dm_free_descriptors(media); } @@ -175,7 +177,8 @@ get_disk_aliases(dm_descriptor_t disk, char *name, int *error) int j; /* Count aliases */ - for (j = 0; aliases[j] != NULL; j++); + for (j = 0; aliases[j] != NULL; j++) + ; names = (char **)calloc(j + 1, sizeof (char *)); if (names == NULL) { @@ -369,7 +372,8 @@ get_disk_usable_slices(dm_descriptor_t media, const char *name, if (slices != NULL) { int i, nslices; - for (nslices = 0; slices[nslices] != NULL; nslices++); + for (nslices = 0; slices[nslices] != NULL; nslices++) + ; /* Prune slices based on use */ for (i = nslices - 1; i >= 0; i--) { @@ -386,7 +390,7 @@ get_disk_usable_slices(dm_descriptor_t media, const char *name, s_in_use = slice_in_use(slice, error); if (*error) { - break; + break; } if (s_in_use) { @@ -627,7 +631,7 @@ slice_too_small(dmgt_slice_t *slice) if (slice->size < SPA_MINDEVSIZE) { #ifdef DEBUG (void) fprintf(stderr, "can't use %s: slice too small: %llu\n", - slice->name, (unsigned long long)slice->size); + slice->name, (unsigned long long)slice->size); #endif return (1); } diff --git a/usr/src/lib/libzpool/Makefile.com b/usr/src/lib/libzpool/Makefile.com index da5da5d936..b016ffaa70 100644 --- a/usr/src/lib/libzpool/Makefile.com +++ b/usr/src/lib/libzpool/Makefile.com @@ -20,7 +20,7 @@ # # # Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. -# Copyright (c) 2013 by Delphix. All rights reserved. +# Copyright (c) 2013, 2015 by Delphix. All rights reserved. # LIBRARY= libzpool.a @@ -71,7 +71,6 @@ CERRWARN += -_gcc=-Wno-parentheses CERRWARN += -_gcc=-Wno-switch CERRWARN += -_gcc=-Wno-type-limits CERRWARN += -_gcc=-Wno-unused-variable -CERRWARN += -_gcc=-Wno-uninitialized CERRWARN += -_gcc=-Wno-empty-body CERRWARN += -_gcc=-Wno-unused-function CERRWARN += -_gcc=-Wno-unused-label diff --git a/usr/src/lib/libzpool/common/kernel.c b/usr/src/lib/libzpool/common/kernel.c index b0f49bfe6c..4160f1d7c9 100644 --- a/usr/src/lib/libzpool/common/kernel.c +++ b/usr/src/lib/libzpool/common/kernel.c @@ -69,10 +69,11 @@ struct proc p0; */ /*ARGSUSED*/ kthread_t * -zk_thread_create(void (*func)(), void *arg) +zk_thread_create(void (*func)(), void *arg, uint64_t len) { thread_t tid; + ASSERT0(len); VERIFY(thr_create(0, 0, (void *(*)(void *))func, arg, THR_DETACHED, &tid) == 0); diff --git a/usr/src/lib/libzpool/common/sys/zfs_context.h b/usr/src/lib/libzpool/common/sys/zfs_context.h index 37a6936c05..9adba03fab 100644 --- a/usr/src/lib/libzpool/common/sys/zfs_context.h +++ b/usr/src/lib/libzpool/common/sys/zfs_context.h @@ -180,7 +180,7 @@ extern int aok; typedef struct kthread kthread_t; #define thread_create(stk, stksize, func, arg, len, pp, state, pri) \ - zk_thread_create(func, arg) + zk_thread_create(func, arg, len) #define thread_exit() thr_exit(NULL) #define thread_join(t) panic("libzpool cannot join threads") @@ -196,7 +196,7 @@ extern struct proc p0; #define PS_NONE -1 -extern kthread_t *zk_thread_create(void (*func)(), void *arg); +extern kthread_t *zk_thread_create(void (*func)(), void *arg, uint64_t len); #define issig(why) (FALSE) #define ISSIG(thr, why) (FALSE) diff --git a/usr/src/man/man1m/zfs.1m b/usr/src/man/man1m/zfs.1m index f34357003e..ddf7eb908b 100644 --- a/usr/src/man/man1m/zfs.1m +++ b/usr/src/man/man1m/zfs.1m @@ -25,10 +25,10 @@ .\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved. .\" Copyright (c) 2015, Joyent, Inc. All rights reserved. .\" Copyright (c) 2014 by Adam Stevko. All rights reserved. -.\" Copyright 2015 Nexenta Systems, Inc. All Rights Reserved. .\" Copyright (c) 2014 Integros [integros.com] +.\" Copyright 2016 Nexenta Systems, Inc. .\" -.Dd June 8, 2015 +.Dd March 20, 2016 .Dt ZFS 1M .Os .Sh NAME @@ -786,17 +786,12 @@ dataset. .Sy aclinherit Ns = Ns Sy discard Ns | Ns Sy noallow Ns | Ns .Sy restricted Ns | Ns Sy passthrough Ns | Ns Sy passthrough-x .Xc -Controls how -.Sy ACE Ns s -are inherited when files and directories are created. +Controls how ACEs are inherited when files and directories are created. .Bl -tag -width "passthrough-x" .It Sy discard -does not inherit any -.Sy ACE Ns s . +does not inherit any ACEs. .It Sy noallow -only inherits inheritable -.Sy ACE Ns s -that specify +only inherits inheritable ACEs that specify .Qq deny permissions. .It Sy restricted @@ -804,13 +799,9 @@ default, removes the .Sy write_acl and .Sy write_owner -permissions when the -.Sy ACE -is inherited. +permissions when the ACE is inherited. .It Sy passthrough -inherits all inheritable -.Sy ACE Ns s -without any modifications. +inherits all inheritable ACEs without any modifications. .It Sy passthrough-x same meaning as .Sy passthrough , @@ -819,69 +810,51 @@ except that the .Sy group@ , and .Sy everyone@ -.Sy ACE Ns s -inherit the execute permission only if the file creation mode also requests the -execute bit. +ACEs inherit the execute permission only if the file creation mode also requests +the execute bit. .El .Pp When the property value is set to .Sy passthrough , -files are created with a mode determined by the inheritable -.Sy ACE Ns s . -If no inheritable -.Sy ACE Ns s -exist that affect the mode, then the mode is set in accordance to the requested -mode from the application. +files are created with a mode determined by the inheritable ACEs. +If no inheritable ACEs exist that affect the mode, then the mode is set in +accordance to the requested mode from the application. .It Xo .Sy aclmode Ns = Ns Sy discard Ns | Ns Sy groupmask Ns | Ns .Sy passthrough Ns | Ns Sy restricted .Xc -Controls how an -.Sy ACL -is modified during -.Xr chmod 2 . +Controls how an ACL is modified during +.Xr chmod 2 +and how inherited ACEs are modified by the file creation mode. .Bl -tag -width "passthrough" .It Sy discard -default, deletes all -.Sy ACE Ns s -that do not represent the mode of the file. +default, deletes all ACEs except for those representing the mode of the file or +directory requested by +.Xr chmod 2 . .It Sy groupmask -reduces permissions granted in all +reduces permissions granted by all .Sy ALLOW -entries found in the -.Sy ACL -such that they are no greater than the group permissions specified by -.Xr chmod 2 . +entries found in the ACL such that they are no greater than the group +permissions specified by the mode. .It Sy passthrough -indicates that no changes are made to the -.Sy ACL -other than creating or updating the necessary -.Sy ACE Ns s -to represent the new mode of the file or directory. +indicates that no changes are made to the ACL other than creating or updating +the necessary ACEs to represent the new mode of the file or directory. .It Sy restricted causes the .Xr chmod 2 operation to return an error when used on any file or directory which has a -non-trivial -.Sy ACE Ns s -whose entries can not be represented by a mode. +non-trivial ACL, with entries in addition to those that represent the mode. .El .Pp .Xr chmod 2 -is required to change the set user ID, set group ID, or sticky bits on a file or -directory, as they do not have equivalent -.Sy ACE Ns s. -In order to use +is required to change the set user ID, set group ID, or sticky bit on a file or +directory, as they do not have equivalent ACEs. In order to use .Xr chmod 2 -on a file or directory with a non-trivial -.Sy ACL -when +on a file or directory with a non-trivial ACL when .Sy aclmode is set to .Sy restricted , -you must first remove all -.Sy ACE Ns s -which do not represent the current mode. +you must first remove all ACEs except for those that represent the current mode. .It Sy atime Ns = Ns Sy on Ns | Ns Sy off Controls whether the access time for files is updated when they are read. Turning this property off avoids producing write traffic when reading files and @@ -3437,9 +3410,7 @@ mount point permission is set to 755 by default, user .Sy cindys will be unable to mount file systems under .Em tank/cindys . -Add an -.Sy ACE -similar to the following syntax to provide mount point access: +Add an ACE similar to the following syntax to provide mount point access: .Bd -literal # chmod A+user:cindys:add_subdirectory:allow /tank/cindys .Ed diff --git a/usr/src/pkg/manifests/system-test-zfstest.mf b/usr/src/pkg/manifests/system-test-zfstest.mf index 43d4b57d15..9516cd0254 100644 --- a/usr/src/pkg/manifests/system-test-zfstest.mf +++ b/usr/src/pkg/manifests/system-test-zfstest.mf @@ -404,6 +404,7 @@ file path=opt/zfs-tests/tests/functional/clean_mirror/default.cfg mode=0555 file path=opt/zfs-tests/tests/functional/clean_mirror/setup mode=0555 file path=opt/zfs-tests/tests/functional/cli_root/cli_common.kshlib mode=0555 file path=opt/zfs-tests/tests/functional/cli_root/zdb/zdb_001_neg mode=0555 +file path=opt/zfs-tests/tests/functional/cli_root/zdb/zdb_002_pos mode=0555 file path=opt/zfs-tests/tests/functional/cli_root/zfs/cleanup mode=0555 file path=opt/zfs-tests/tests/functional/cli_root/zfs/setup mode=0555 file path=opt/zfs-tests/tests/functional/cli_root/zfs/zfs_001_neg mode=0555 diff --git a/usr/src/test/zfs-tests/runfiles/delphix.run b/usr/src/test/zfs-tests/runfiles/delphix.run index e8c27d21cb..796a2ebfbe 100644 --- a/usr/src/test/zfs-tests/runfiles/delphix.run +++ b/usr/src/test/zfs-tests/runfiles/delphix.run @@ -92,7 +92,7 @@ tests = [ 'clean_mirror_001_pos', 'clean_mirror_002_pos', 'clean_mirror_003_pos', 'clean_mirror_004_pos'] [/opt/zfs-tests/tests/functional/cli_root/zdb] -tests = ['zdb_001_neg'] +tests = ['zdb_001_neg', 'zdb_002_pos'] pre = post = diff --git a/usr/src/test/zfs-tests/runfiles/omnios.run b/usr/src/test/zfs-tests/runfiles/omnios.run index 72f3242ad2..8135752158 100644 --- a/usr/src/test/zfs-tests/runfiles/omnios.run +++ b/usr/src/test/zfs-tests/runfiles/omnios.run @@ -92,7 +92,7 @@ tests = [ 'clean_mirror_001_pos', 'clean_mirror_002_pos', 'clean_mirror_003_pos', 'clean_mirror_004_pos'] [/opt/zfs-tests/tests/functional/cli_root/zdb] -tests = ['zdb_001_neg'] +tests = ['zdb_001_neg', 'zdb_002_pos'] pre = post = diff --git a/usr/src/test/zfs-tests/runfiles/openindiana.run b/usr/src/test/zfs-tests/runfiles/openindiana.run index 5244544e78..2577a4e020 100644 --- a/usr/src/test/zfs-tests/runfiles/openindiana.run +++ b/usr/src/test/zfs-tests/runfiles/openindiana.run @@ -92,7 +92,7 @@ tests = [ 'clean_mirror_001_pos', 'clean_mirror_002_pos', 'clean_mirror_003_pos', 'clean_mirror_004_pos'] [/opt/zfs-tests/tests/functional/cli_root/zdb] -tests = ['zdb_001_neg'] +tests = ['zdb_001_neg', 'zdb_002_pos'] pre = post = diff --git a/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_aclmode_001_pos.ksh b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_aclmode_001_pos.ksh index 0dfd6864be..6486f58464 100644 --- a/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_aclmode_001_pos.ksh +++ b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_aclmode_001_pos.ksh @@ -27,69 +27,62 @@ # # Copyright (c) 2012 by Delphix. All rights reserved. +# Copyright 2016 Nexenta Systems, Inc. # . $STF_SUITE/tests/functional/acl/acl_common.kshlib -# # DESCRIPTION: -# Verify chmod have correct behaviour on directories and files when -# filesystem has the different aclmode setting +# Verify chmod have correct behaviour on directories and files when +# filesystem has the different aclmode setting # # STRATEGY: -# 1. Loop super user and non-super user to run the test case. -# 2. Create basedir and a set of subdirectores and files within it. -# 3. Separately chmod basedir with different aclmode options, -# combine with the variable setting of aclmode: -# "discard", "groupmask", or "passthrough". -# 4. Verify each directories and files have the correct access control -# capability. -# +# 1. Loop super user and non-super user to run the test case. +# 2. Create basedir and a set of subdirectores and files within it. +# 3. Separately chmod basedir with different aclmode options, +# combine with the variable setting of aclmode: +# "discard", "groupmask", or "passthrough". +# 4. Verify each directories and files have the correct access control +# capability. verify_runnable "both" function cleanup { - # Cleanup tarfile & basedir. - (( ${#cwd} != 0 )) && cd $cwd - if [[ -f $TARFILE ]]; then - log_must $RM -f $TARFILE - fi - - if [[ -d $basedir ]]; then - log_must $RM -rf $basedir - fi + [[ -f $TARFILE ]] && log_must $RM -f $TARFILE + [[ -d $basedir ]] && log_must $RM -rf $basedir } -log_assert "Verify chmod have correct behaviour to directory and file when " \ - "filesystem has the different aclmode setting." +log_assert "Verify chmod have correct behaviour to directory and file when" \ + "filesystem has the different aclmode setting" log_onexit cleanup -# Define aclmode flag -set -A aclmode_flag discard groupmask passthrough - -set -A ace_prefix "user:$ZFS_ACL_OTHER1" \ - "user:$ZFS_ACL_OTHER2" \ - "group:$ZFS_ACL_STAFF_GROUP" \ - "group:$ZFS_ACL_OTHER_GROUP" - -set -A argv "000" "444" "644" "777" "755" "231" "562" "413" - -set -A ace_file_preset "read_data" \ - "write_data" \ - "append_data" \ - "execute" \ - "read_data/write_data" \ - "read_data/write_data/append_data" \ - "write_data/append_data" \ - "read_data/execute" \ - "write_data/append_data/execute" \ - "read_data/write_data/append_data/execute" - -# Defile the based directory and file +set -A aclmode_flag "discard" "groupmask" "passthrough" + +set -A ace_prefix \ + "user:$ZFS_ACL_OTHER1" \ + "user:$ZFS_ACL_OTHER2" \ + "group:$ZFS_ACL_STAFF_GROUP" \ + "group:$ZFS_ACL_OTHER_GROUP" + +set -A argv "000" "444" "644" "777" "755" "231" "562" "413" + +set -A ace_file_preset \ + "read_data" \ + "write_data" \ + "append_data" \ + "execute" \ + "read_data/write_data" \ + "read_data/write_data/append_data" \ + "write_data/append_data" \ + "read_data/execute" \ + "write_data/append_data/execute" \ + "read_data/write_data/append_data/execute" + +# Define the base directory and file basedir=$TESTDIR/basedir; ofile=$basedir/ofile; odir=$basedir/odir nfile=$basedir/nfile; ndir=$basedir/ndir @@ -98,7 +91,6 @@ TARFILE=$TESTDIR/tarfile # Verify all the node have expected correct access control allnodes="$nfile $ndir" -# # According to the original bits, the input ACE access and ACE type, return the # expect bits after 'chmod A0{+|=}'. # @@ -107,7 +99,6 @@ allnodes="$nfile $ndir" # $3 bits_limit which was make up of three bit 'rwx' # $4 ACE access which is read_data, write_data or execute # $5 ctrl which is to determine allow or deny according to owner/group bit -# function cal_bits # isdir bits bits_limit acl_access ctrl { typeset -i isdir=$1 @@ -129,7 +120,7 @@ function cal_bits # isdir bits bits_limit acl_access ctrl flagx=1 fi else - #Determine ACE as per owner/group bit + # Determine ACE as per owner/group bit flagr=1 flagw=1 flagx=1 @@ -147,16 +138,16 @@ function cal_bits # isdir bits bits_limit acl_access ctrl flagx=0 fi fi + if ((flagr != 0)); then if [[ $acl_access == *"read_data"* ]]; then - if [[ $acl_access == *"allow"* && $passthrough == 0 ]]; then - tmpstr=${tmpstr} + if [[ $acl_access == *"allow"* && + $passthrough == 0 ]]; then + tmpstr=${tmpstr} + elif ((isdir == 0)); then + tmpstr=${tmpstr}/read_data else - if ((isdir == 0)); then - tmpstr=${tmpstr}/read_data - else - tmpstr=${tmpstr}/list_directory/read_data - fi + tmpstr=${tmpstr}/list_directory/read_data fi fi fi @@ -176,14 +167,17 @@ function cal_bits # isdir bits bits_limit acl_access ctrl if ((isdir == 0)); then tmpstr=${tmpstr}/append_data else - tmpstr=${tmpstr}/add_subdirectory/append_data + tmpstr=${tmpstr}/add_subdirectory + tmpstr=${tmpstr}/append_data fi fi fi fi + if ((flagx != 0)); then if [[ $acl_access == *"execute"* ]]; then - if [[ $acl_access == *"allow"* && $passthrough == 0 ]]; then + if [[ $acl_access == *"allow"* && + $passthrough == 0 ]]; then tmpstr=${tmpstr} else tmpstr=${tmpstr}/execute @@ -237,6 +231,8 @@ function check_new_acl # bit newmode isdir typeset gbit typeset ebit typeset str=":" + typeset dc="" + gbit=${mode:1:1} ebit=${mode:2:1} if (( ((bits & 4)) == 0 )); then @@ -258,6 +254,7 @@ function check_new_acl # bit newmode isdir else new_acl=${new_acl}${str}add_file/write_data/ new_acl=${new_acl}add_subdirectory/append_data + dc="/delete_child" fi str="/" fi @@ -268,6 +265,7 @@ function check_new_acl # bit newmode isdir new_acl=${new_acl}${str}execute fi fi + new_acl=${new_acl}${dc} $ECHO "$new_acl" } @@ -290,10 +288,8 @@ function build_new_acl # newmode isdir $ECHO $expect } -# # According to inherited flag, verify subdirectories and files within it has # correct inherited access control. -# function verify_aclmode # <aclmode> <node> <newmode> { # Define the nodes which will be affected by inherit. @@ -345,106 +341,103 @@ function verify_aclmode # <aclmode> <node> <newmode> # case $aclmode in - passthrough) - if ((acl_count > total_acl)); then - expect1=$(build_new_acl $newmode $isdir) - flag=1 - ((total_acl = total_acl + 1)) - ((i = i + 1)) - else - passthrough=1 - expect1=$(translate_acl $isdir $expect1) - fi - ;; - groupmask) - if ((acl_count > total_acl)); then - expect1=$(build_new_acl $newmode $isdir) - flag=1 - ((total_acl = total_acl + 1)) - ((i = i + 1)) - - elif [[ $expect1 == *":allow"* ]]; then - who=${expect1%%:*} - aclaction=${expect1##*:} - prefix=$who - acltemp="" - reduce=0 - # - # To determine the mask bits - # according to the entry type. - # - case $who in - owner@) - pos=0 - ;; - group@) - pos=1 - ;; - everyone@) - pos=2 - ;; - user) - acltemp=${expect1#*:} - acltemp=${acltemp%%:*} - owner=$(get_owner $node) - group=$(get_group $node) - if [[ $acltemp == \ - $owner ]]; then - pos=0 - else - pos=1 - fi - prefix=$prefix:$acltemp - ;; - group) - acltemp=${expect1#*:} - acltemp=${acltemp%%:*} - pos=1 - prefix=$prefix:$acltemp - reduce=1 - ;; - esac - obits=${newmode:$pos:1} - ((bits = $obits)) - # - # permission should be no greater than the - # group permission bits - # - if ((reduce != 0)); then - ((bits &= ${newmode:1:1})) + passthrough) + if ((acl_count > total_acl)); then + expect1=$(build_new_acl $newmode $isdir) + flag=1 + ((total_acl = total_acl + 1)) + ((i = i + 1)) + else + passthrough=1 + expect1=$(translate_acl $isdir $expect1) + fi + ;; + groupmask) + if ((acl_count > total_acl)); then + expect1=$(build_new_acl $newmode $isdir) + flag=1 + ((total_acl = total_acl + 1)) + ((i = i + 1)) + elif [[ $expect1 == *":allow"* ]]; then + who=${expect1%%:*} + aclaction=${expect1##*:} + prefix=$who + acltemp="" + reduce=0 + # To determine the mask bits + # according to the entry type. + # + case $who in + owner@) + pos=0 + ;; + group@) + pos=1 + ;; + everyone@) + pos=2 + ;; + user) + acltemp=${expect1#*:} + acltemp=${acltemp%%:*} + owner=$(get_owner $node) + group=$(get_group $node) + if [[ $acltemp == $owner ]]; then + pos=0 + else + pos=1 + fi + prefix=$prefix:$acltemp + ;; + group) + acltemp=${expect1#*:} + acltemp=${acltemp%%:*} + pos=1 + prefix=$prefix:$acltemp + reduce=1 + ;; + esac + + obits=${newmode:$pos:1} + ((bits = $obits)) + # permission should be no greater than the + # group permission bits + if ((reduce != 0)); then + ((bits &= ${newmode:1:1})) # The ACL permissions are reduced so # that they are no greater than owner # permission bits. + ((bits_owner = ${newmode:0:1})) + ((bits &= $bits_owner)) + fi - ((bits_owner = ${newmode:0:1})) - ((bits &= $bits_owner)) - fi - - if ((bits < obits)) && \ - [[ -n $acltemp ]]; then - expect2=$prefix: - new_bit=$(cal_bits $isdir $obits $bits_owner $expect1 1) - expect2=${expect2}${new_bit}:allow - else - expect2=$prefix: - new_bit=$(cal_bits $isdir $obits $obits $expect1 1) - expect2=${expect2}${new_bit}:allow - fi - priv=$(cal_bits $isdir $obits $bits_owner $expect2 0) - expect1=$prefix:$priv:$aclaction + if ((bits < obits)) && [[ -n $acltemp ]]; then + expect2=$prefix: + new_bit=$(cal_bits $isdir $obits \ + $bits_owner $expect1 1) + expect2=${expect2}${new_bit}:allow else - expect1=$(translate_acl $isdir $expect1) + expect2=$prefix: + new_bit=$(cal_bits $isdir $obits \ + $obits $expect1 1) + expect2=${expect2}${new_bit}:allow fi - ;; - discard) - passcnt=maxnumber - break - ;; + + priv=$(cal_bits $isdir $obits $bits_owner \ + $expect2 0) + expect1=$prefix:$priv:$aclaction + else + expect1=$(translate_acl $isdir $expect1) + fi + ;; + discard) + passcnt=maxnumber + break + ;; esac if ((pass == 0)) ; then # Get the first ACE to do comparison - aclcur=$(get_ACE $node $count) aclcur=${aclcur#$count:} if [[ -n $expect1 && $expect1 != $aclcur ]]; then @@ -487,11 +480,6 @@ cwd=$PWD cd $TESTDIR for mode in "${aclmode_flag[@]}"; do - - # - # Set different value of aclmode - # - log_must $ZFS set aclmode=$mode $TESTPOOL/$TESTFS for user in root $ZFS_ACL_STAFF1; do @@ -511,17 +499,14 @@ for mode in "${aclmode_flag[@]}"; do acl=$prefix:$preset case $((maxnumber % 2)) in - 0) - acl=$acl:deny - ;; - 1) - acl=$acl:allow - ;; + 0) + acl=$acl:deny + ;; + 1) + acl=$acl:allow + ;; esac - # - # Place on the target should succeed. - # log_must usr_exec $CHMOD A+$acl $obj acls[$maxnumber]=$acl @@ -540,8 +525,6 @@ for mode in "${aclmode_flag[@]}"; do log_must usr_exec $CHMOD $newmode $obj log_must usr_exec $CHMOD $newmode $target log_must verify_aclmode $mode $obj $newmode - - # Restore the tar archive log_must $TAR xpf@ $TARFILE done done @@ -550,4 +533,4 @@ for mode in "${aclmode_flag[@]}"; do done done -log_pass "Verify chmod behaviour co-op with aclmode setting passed." +log_pass "Verify chmod behaviour co-op with aclmode setting passed" diff --git a/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_delete_001_pos.ksh b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_delete_001_pos.ksh index 7ddf774e85..ec96c7bae6 100644 --- a/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_delete_001_pos.ksh +++ b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_delete_001_pos.ksh @@ -25,12 +25,15 @@ # Use is subject to license terms. # +# +# Copyright 2016 Nexenta Systems, Inc. +# + . $STF_SUITE/tests/functional/acl/acl_common.kshlib -# # DESCRIPTION: -# Verify that the combined delete_child/delete permission for -# owner/group/everyone are correct. +# Verify that the combined delete_child/delete permission for +# owner/group/everyone are correct. # # ------------------------------------------------------- # | Parent Dir | Target Object Permissions | @@ -39,20 +42,13 @@ # | | ACL Allows | ACL Denies| Delete | # | | Delete | Delete | unspecified| # ------------------------------------------------------- -# | ACL Allows | Permit | Permit | Permit | -# | DELETE_CHILD | | +# | ACL Denies | Permit | Deny | Deny | +# | DELETE_CHILD | | | | +# | or WRITE_DATA | | | | # ------------------------------------------------------- -# | ACL Denies | Permit | Deny | Deny | -# | DELETE_CHILD | | | | -# ------------------------------------------------------- -# | ACL specifies | | | | -# | only allows | Permit | Permit | Permit | -# | write and | | | | -# | execute | | | | -# ------------------------------------------------------- -# | ACL denies | | | | -# | write and | Permit | Deny | Deny | -# | execute | | | | +# | ACL Allows | Permit | Deny | Permit | +# | DELETE_CHILD | | | | +# | or WRITE_DATA | | | | # ------------------------------------------------------- # # STRATEGY: @@ -60,7 +56,6 @@ # 2. Set special ACE combination to the file and directory # 3. Try to remove the file # 4. Verify that combined permissions for owner/group/everyone are correct. -# verify_runnable "both" @@ -99,7 +94,7 @@ set -A access_target \ set -A a_flag "owner@" "group@" "everyone@" "user:$ZFS_ACL_STAFF1" log_assert "Verify that the combined delete_child/delete permission for" \ - "owner/group/everyone are correct." + "owner/group/everyone are correct." log_onexit cleanup function operate_node #user node @@ -139,20 +134,25 @@ function logname #acl_parent acl_target user typeset user=$3 # To super user, read and write deny permission was override. - if [[ $user == root || $acl_target == *:allow ]]; then + if [[ $user == "root" || $acl_target == *":allow"* ]]; then print "log_must" - elif [[ $acl_parent == *"delete_child"* ]]; then - if [[ $acl_parent == *"delete_child:allow"* ]]; then - print "log_must" - else - print "log_mustnot" - fi - elif [[ $acl_parent == *"write_data"* ]]; then - if [[ $acl_parent == *"write_data:allow"* ]]; then - print "log_must" - else - print "log_mustnot" - fi + # If target ACL has an ACE deny'ing delete, DENY + elif [[ $acl_target == *"delete:deny"* ]]; then + print "log_mustnot" + # If target ACL has an ACE allow'ing delete, ALLOW + elif [[ $acl_target == *"delete:allow"* ]]; then + print "log_must" + # If container ACL has an ACE deny'ing delete_child or + # write_data, DENY + elif [[ $acl_parent == *"delete_child:deny"* || + $acl_parent == *"write_data:deny"* ]]; then + print "log_mustnot" + # If container ACL has an ACE allow'ing delete_child or + # write_data, ALLOW + elif [[ $acl_parent == *"delete_child:allow"* || + $acl_parent == *"write_data:allow"* ]]; then + print "log_must" + # Otherwise, DENY else print "log_mustnot" fi @@ -298,4 +298,4 @@ while (( i < ${#users[@]} )); do done log_pass "Verify that the combined delete_child/delete permission for" \ - "owner/group/everyone are correct." + "owner/group/everyone are correct." diff --git a/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_inherit_002_neg.ksh b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_inherit_002_neg.ksh index 0b675786f7..cade1bf1be 100644 --- a/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_inherit_002_neg.ksh +++ b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_inherit_002_neg.ksh @@ -27,59 +27,49 @@ # # Copyright (c) 2012 by Delphix. All rights reserved. +# Copyright 2016 Nexenta Systems, Inc. # . $STF_SUITE/tests/functional/acl/acl_common.kshlib -# # DESCRIPTION: -# Verify chmod have correct behaviour to directory and file not inherited -# when filesystem has the different aclinherit setting +# Verify chmod have correct behaviour to directory and file not inherited +# when filesystem has the different aclinherit setting # # STRATEGY: -# 1. Loop super user and non-super user to run the test case. -# 2. Create basedir and a set of subdirectores and files within it. -# 3. Separately chmod basedir with different inherite options, -# combine with the variable setting of aclinherit: -# "discard", "noallow", "restricted" or "passthrough". -# 4. Then create nested directories and files like the following. -# -# ofile -# odir -# chmod --> basedir -| -# |_ nfile1 -# |_ ndir1 _ -# |_ nfile2 -# |_ ndir2 _ -# |_ nfile3 -# |_ ndir3 +# 1. Use both super user and non-super user to run the test case. +# 2. Create basedir and a set of subdirectores and files inside of it. +# 3. For the following values of the aclinherity property, add ACEs with +# different inherit options to basedir: +# "discard", "noallow", "restricted" and "passthrough". +# 4. Create nested directories and files like the following. # -# 5. Verify non-inherited directories and files have the correct access -# control capability. +# ofile +# odir +# chmod --> basedir -| +# |_ nfile1 +# |_ ndir1 _ +# |_ nfile2 +# |_ ndir2 _ +# |_ nfile3 +# |_ ndir3 # +# 5. Verify non-inherited directories and files have the correct access +# control capability. verify_runnable "both" function cleanup { - typeset dir - - # Cleanup basedir, compared file and dir. + [[ -f $ofile ]] && log_must $RM -f $ofile + [[ -d $odir ]] && log_must $RM -rf $odir + [[ -d $basedir ]] && log_must $RM -rf $basedir - if [[ -f $ofile ]]; then - log_must $RM -f $ofile - fi - - for dir in $odir $basedir ; do - if [[ -d $dir ]]; then - log_must $RM -rf $dir - fi - done log_must $ZFS set aclmode=discard $TESTPOOL/$TESTFS } -log_assert "Verify chmod have correct behaviour to directory and file when " \ - "filesystem has the different aclinherit setting." +log_assert "Verify different inherit options combined with different" \ + "aclinherit property values" log_onexit cleanup # Define inherit flag @@ -89,10 +79,8 @@ typeset strategy_flag=("" inherit_only no_propagate inherit_only/no_propagate) typeset ace_prefix1="user:$ZFS_ACL_OTHER1" typeset ace_prefix2="user:$ZFS_ACL_OTHER2" -typeset ace_discard ace_noallow ace_secure ace_passthrough -typeset ace_secure_new -# Defile the based directory and file +# Define the base directory and file basedir=$TESTDIR/basedir; ofile=$TESTDIR/ofile; odir=$TESTDIR/odir # Define the files and directories will be created after chmod @@ -102,10 +90,8 @@ nfile1=$basedir/nfile1; nfile2=$ndir1/nfile2; nfile3=$ndir2/nfile3 # Verify all the node have expected correct access control allnodes="$ndir1 $ndir2 $ndir3 $nfile1 $nfile2 $nfile3" -# # According to inherited flag, verify subdirectories and files within it has # correct inherited access control. -# function verify_inherit #<aclinherit> <object> [strategy] { # Define the nodes which will be affected by inherit. @@ -118,12 +104,10 @@ function verify_inherit #<aclinherit> <object> [strategy] typeset str2="/inherited:" # count: the ACE item to fetch - # maxnumber: predefine as 4 - # passcnt: counter, if it achieves to maxnumber, + # passcnt: counter, if it achieves to maxaces, # then no additional ACE should apply. # isinherit: indicate if the current target is in the inherit list. - - typeset -i count=0 pass=0 passcnt=0 isinherit=0 maxnumber=4 no_propagate=0 + typeset -i count=0 pass=0 passcnt=0 isinherit=0 no_propagate=0 log_must usr_exec $MKDIR -p $ndir3 log_must usr_exec $TOUCH $nfile1 $nfile2 $nfile3 @@ -150,7 +134,7 @@ function verify_inherit #<aclinherit> <object> [strategy] no_propagate=1 fi fi - # Verify ACE's for all the dirs/files under $basedir + # Verify ACEs for all the dirs/files under basedir for node in $allnodes; do if [[ " $non_inherit_nodes " == *" $node "* ]]; then no_inherit=1 @@ -160,87 +144,86 @@ function verify_inherit #<aclinherit> <object> [strategy] i=0 count=0 passcnt=0 - while ((i < maxnumber)); do - pass=0 - eval expect1=\$acl$i + while ((i < maxaces)); do + typeset expacl + + if [[ $inherit == "restricted" ]]; then + eval expacl=\$acls$i + else + eval expacl=\$acl$i + fi case $inherit in - noallow) - [[ $expect1 == *":allow" ]] && pass=1 - ;; - discard) - passcnt=maxnumber - break - ;; + noallow) + if [[ $expacl == *":allow" ]]; then + ((i = i + 1)) + continue + fi + ;; + discard) + ((passcnt = maxaces)) + break + ;; esac - if ((pass == 0 && no_inherit == 1)); then - aclaction=${expect1##*:} - acltemp=${expect1%:*} - # Verify ACE's for sub-directory - if [[ -d $node ]]; then - eval expect1=\$acl$i - acltemp=${expect1%:*} - if [[ $inherit_type == "directory" || \ - $inherit_type == "both" ]]; then - expect1=${acltemp}/inherited: - expect1=${expect1}${aclaction} - elif [[ $inherit_type == "file" ]]; then - if [[ $expect1 != \ - *"inherit_only"* ]]; then - # - # directory should append - # "inherit_only" if not have - # - expect1=${acltemp}${str1} - expect1=${expect1}${aclaction} - else - expect1=${acltemp}${str2} - expect1=${expect1}${aclaction} - fi - fi - aclcur=$(get_ACE $node $count) - aclcur=${aclcur#$count:} - if [[ $no_propagate == 0 ]]; then - if [[ $expect1 != $aclcur ]]; then - $LS -vd $basedir - $LS -vd $node - log_fail "$inherit $i #"\ - "$count ACE: $aclcur"\ - "expect to be $expect1" - fi + if ((no_inherit == 0)); then + ((i = i + 1)) + continue + fi + + if [[ -d $node ]]; then + # Verify ACEs for subdirectory + aclaction=${expacl##*:} + acltemp=${expacl%:*} + if [[ $inherit_type == "directory" || + $inherit_type == "both" ]]; then + expacl=${acltemp}${str2} + expacl=${expacl}${aclaction} + elif [[ $inherit_type == "file" ]]; then + if [[ $expacl != *"inherit_only"* ]]; then + # Directory should have + # "inherit_only" appended + expacl=${acltemp}${str1} + expacl=${expacl}${aclaction} else - # compare if directory has basic - # ACL's - compare_acls $node $odir - if [[ $? -ne 0 ]]; then - $LS -vd $basedir - $LS -vd $node - log_fail "Unexpect acl:"\ - " $node, $inherit" - "($str)" - fi + expacl=${acltemp}${str2} + expacl=${expacl}${aclaction} + fi + fi + aclcur=$(get_ACE $node $count) + aclcur=${aclcur#$count:} + if [[ $no_propagate == 0 ]]; then + if [[ $expacl != $aclcur ]]; then + $LS -vd $basedir + $LS -vd $node + log_fail "$inherit $i #$count" \ + "ACE: $aclcur," \ + "expected: $expacl" fi - # Verify ACE's for nested file - elif [[ -f $node ]]; then - compare_acls $node $ofile + else + # Compare if directory has trivial ACL + compare_acls $node $odir if [[ $? -ne 0 ]]; then $LS -vd $basedir $LS -vd $node - log_fail "Unexpect acl: $node," \ - "$inherit ($str)" + log_fail "unexpected ACE:" + "$node, $inherit ($str)" fi - fi - ((count = count + 1)) + # Verify ACE's for nested file + elif [[ -f $node ]]; then + compare_acls $node $ofile + if [[ $? -ne 0 ]]; then + $LS -vd $basedir + $LS -vd $node + log_fail "unexpected ACE:" \ + "$node, $inherit ($str)" + fi fi + ((count = count + 1)) ((i = i + 1)) done - # - # If there's no any ACE be checked, it should be identify as - # an normal file/dir, verify it. - # - - if ((passcnt == maxnumber)); then + # If there are no ACEs to be checked, compare the trivial ones. + if ((passcnt == maxaces)); then if [[ -d $node ]]; then compare_acls $node $odir elif [[ -f $node ]]; then @@ -250,32 +233,19 @@ function verify_inherit #<aclinherit> <object> [strategy] if [[ $? -ne 0 ]]; then $LS -vd $basedir $LS -vd $node - log_fail "Unexpect acl: $node, $inherit ($str)" + log_fail "Unexpected ACE: $node, $inherit ($str)" fi fi done } -typeset -i i=0 +typeset -i i=0 maxaces=4 typeset acl0 acl1 acl2 acl3 typeset acls0 acls1 acls2 acls3 -# -# Set aclmode=passthrough to make sure -# the acl will not change during chmod. -# A general testing should verify the combination of -# aclmode/aclinherit works well, -# here we just simple test them separately. -# - log_must $ZFS set aclmode=passthrough $TESTPOOL/$TESTFS for inherit in "${aclinherit_flag[@]}"; do - - # - # Set different value of aclinherit - # - log_must $ZFS set aclinherit=$inherit $TESTPOOL/$TESTFS for user in root $ZFS_ACL_STAFF1; do @@ -286,25 +256,20 @@ for inherit in "${aclinherit_flag[@]}"; do typeset inh_opt=$obj ((${#str} != 0)) && inh_opt=$inh_opt/$str - # - # Prepare 4 ACES, which should include : + # Prepare 4 ACES, which should include: # deny -> to verify "noallow" - # write_acl/write_owner -> to verify "secure" - # - - acl0=${ace_prefix1}":read_xattr/write_acl/" - acl0=${acl0}"write_owner:"${inh_opt}":deny" - acl1="$ace_prefix2:read_xattr/write_acl/" - acl1=${acl1}"write_owner:$inh_opt:allow" - acl2="$ace_prefix1:read_xattr:$inh_opt:deny" - acl3="$ace_prefix2:read_xattr:$inh_opt:allow" - - # - # The ACE filtered by write_acl/write_owner - # - - acls0="$ace_prefix1:read_xattr:$inh_opt:deny" - acls1="$ace_prefix2:read_xattr:$inh_opt:allow" + # write_acl/write_owner -> to verify "restricted" + acl0="${ace_prefix1}:read_xattr/write_acl" + acl0="${acl0}/write_owner:${inh_opt}:deny" + acl1="${ace_prefix2}:read_xattr/write_acl" + acl1="${acl1}/write_owner:${inh_opt}:allow" + acl2="${ace_prefix1}:read_xattr:${inh_opt}:deny" + acl3="${ace_prefix2}:read_xattr:${inh_opt}:allow" + + # The ACEs filtered by write_acl/write_owner + acls0=$acl0 + acls1="${ace_prefix2}:read_xattr" + acls1="${acls1}:${inh_opt}:allow" acls2=$acl2 acls3=$acl3 # @@ -319,12 +284,7 @@ for inherit in "${aclinherit_flag[@]}"; do i=3 while ((i >= 0)); do eval acl=\$acl$i - - # - # Place on a directory should succeed. - # log_must usr_exec $CHMOD A+$acl $basedir - ((i = i - 1)) done log_note "verify_inherit $inherit $obj $str" @@ -336,4 +296,5 @@ for inherit in "${aclinherit_flag[@]}"; do done done -log_pass "Verify chmod inherit behaviour co-op with aclinherit setting passed." +log_pass "Verify different inherit options combined with different" \ + "aclinherit property values" diff --git a/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_inherit_003_pos.ksh b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_inherit_003_pos.ksh index 3ce7547f0f..28126d5071 100644 --- a/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_inherit_003_pos.ksh +++ b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_inherit_003_pos.ksh @@ -25,83 +25,71 @@ # Use is subject to license terms. # +# +# Copyright 2016 Nexenta Systems, Inc. +# + . $STF_SUITE/tests/functional/acl/acl_common.kshlib -# # DESCRIPTION: -# Verify chmod have correct behaviour to directory and file when -# filesystem has the different aclinherit setting +# Verify chmod have correct behaviour to directory and file when +# filesystem has the different aclinherit setting # # STRATEGY: -# 1. Loop super user and non-super user to run the test case. -# 2. Create basedir and a set of subdirectores and files within it. -# 3. Separately chmod basedir with different inherite options, -# combine with the variable setting of aclinherit: -# "discard", "noallow", "secure" or "passthrough". -# 4. Then create nested directories and files like the following. -# -# ofile -# odir -# chmod --> basedir -| -# |_ nfile1 -# |_ ndir1 _ -# |_ nfile2 -# |_ ndir2 _ -# |_ nfile3 -# |_ ndir3 +# 1. Use both super user and non-super user to run the test case. +# 2. Create basedir and a set of subdirectores and files within it. +# 3. Separately chmod basedir with different inherite options, +# combine with the variable setting of aclinherit: +# "discard", "noallow", "restricted" or "passthrough". +# 4. Then create nested directories and files like the following. # -# 5. Verify each directories and files have the correct access control -# capability. +# ofile +# odir +# chmod --> basedir -| +# |_ nfile1 +# |_ ndir1 _ +# |_ nfile2 +# |_ ndir2 _ +# |_ nfile3 +# |_ ndir3 # +# 5. Verify each directories and files have the correct access control +# capability. verify_runnable "both" function cleanup { - typeset dir - - # Cleanup basedir, compared file and dir. - - if [[ -f $ofile ]]; then - log_must $RM -f $ofile - fi - - for dir in $odir $basedir ; do - if [[ -d $dir ]]; then - log_must $RM -rf $dir - fi - done + [[ -f $ofile ]] && log_must $RM -f $ofile + [[ -d $odir ]] && log_must $RM -rf $odir + [[ -d $basedir ]] && log_must $RM -rf $basedir } -log_assert "Verify chmod have correct behaviour to directory and file when " \ - "filesystem has the different aclinherit setting." +log_assert "Verify chmod have correct behaviour to directory and file when" \ + "filesystem has the different aclinherit setting" log_onexit cleanup # Define inherit flag -typeset aclinherit_flag=(discard noallow secure passthrough) +typeset aclinherit_flag=("discard" "noallow" "restricted" "passthrough") typeset object_flag=("f-" "-d" "fd") typeset strategy_flag=("--" "i-" "-n" "in") typeset ace_prefix1="owner@" typeset ace_prefix2="group@" typeset ace_prefix3="everyone@" -typeset ace_discard ace_noallow ace_secure ace_passthrough -typeset ace_secure_new -# Defile the based directory and file -basedir=$TESTDIR/basedir; ofile=$TESTDIR/ofile; odir=$TESTDIR/odir +# Define the base directory and file +basedir=$TESTDIR/basedir; ofile=$TESTDIR/ofile; odir=$TESTDIR/odir -# Define the files and directories will be created after chmod +# Define the files and directories that will be created after chmod ndir1=$basedir/ndir1; ndir2=$ndir1/ndir2; ndir3=$ndir2/ndir3 nfile1=$basedir/nfile1; nfile2=$ndir1/nfile2; nfile3=$ndir2/nfile3 -# Verify all the node have expected correct access control +# Verify all nodes have expected correct access control allnodes="$ndir1 $ndir2 $ndir3 $nfile1 $nfile2 $nfile3" -# # According to inherited flag, verify subdirectories and files within it has # correct inherited access control. -# function verify_inherit #<aclinherit> <object> [strategy] { # Define the nodes which will be affected by inherit. @@ -110,222 +98,133 @@ function verify_inherit #<aclinherit> <object> [strategy] typeset obj=$2 typeset str=$3 - # count: the ACE item to fetch - # pass: to mark if the current ACE should apply to the target - # maxnumber: predefine as 4 - # passcnt: counter, if it achieves to maxnumber, - # then no additional ACE should apply. - # isinherit: indicate if the current target is in the inherit list. - # step: indicate if the ACE be split during inherit. - - typeset -i count=0 pass=0 passcnt=0 isinherit=0 maxnumber=4 step=0 - log_must usr_exec $MKDIR -p $ndir3 log_must usr_exec $TOUCH $nfile1 $nfile2 $nfile3 - # Get the files which inherited ACE. - if [[ ${obj:0:1} == "f" ]]; then - inherit_nodes="$inherit_nodes $nfile1" - - if [[ ${str:1:1} != "n" ]]; then - inherit_nodes="$inherit_nodes $nfile2 $nfile3" + # Check if we have any inheritance flags set + if [[ $obj != "--" ]]; then + # Files should have inherited ACEs only if file_inherit is set + if [[ ${obj:0:1} == "f" ]]; then + inherit_nodes="$inherit_nodes $nfile1" + if [[ ${str:1:1} != "n" ]]; then + inherit_nodes="$inherit_nodes $nfile2 $nfile3" + fi fi - fi - # Get the directores which inherited ACE. - if [[ ${obj:1:1} == "d" ]]; then - inherit_nodes="$inherit_nodes $ndir1" - if [[ ${str:1:1} != "n" ]]; then - inherit_nodes="$inherit_nodes $ndir2 $ndir3" + # Directories should have inherited ACEs if file_inherit without + # no_propagate and/or dir_inherit is set + if [[ (${obj:0:1} == "f" && ${str:1:1} != "n") || + ${obj:1:1} == "d" ]]; then + inherit_nodes="$inherit_nodes $ndir1" + if [[ ${str:1:1} != "n" ]]; then + inherit_nodes="$inherit_nodes $ndir2 $ndir3" + fi fi fi for node in $allnodes; do - step=0 - if [[ " $inherit_nodes " == *" $node "* ]]; then - isinherit=1 - if [[ -d $node ]] ; then - step=1 - fi - else - isinherit=0 + typeset -i i=0 count=0 inherited=0 + typeset expacl perm inh act + + if [[ "$inherit_nodes" == *"$node"* ]]; then + inherited=1 fi - i=0 - count=0 - passcnt=0 - while ((i < maxnumber)); do - pass=0 - eval expect1=\$acl$i - expect2=$expect1 - - # - # aclinherit=passthrough, - # inherit all inheritable ACL entries without any - # modifications made to the ACL entries when they - # are inherited. - # - # aclinherit=secure, - # any inheritable ACL entries will remove - # write_acl and write_owner permissions when the ACL entry is - # inherited. - # - # aclinherit=noallow, - # only inherit inheritable ACE that specify "deny" permissions - # - # aclinherit=discard - # will not inherit any ACL entries - # + while ((i < $maxaces)); do + # If current node isn't in inherit list, there's + # nothing to check, skip to checking trivial ACL + if ((inherited == 0)); then + ((count = maxaces + 1)) + break + fi + eval expacl=\$acl$i case $inherit in - passthrough) - action=${expect1##*:} - expect1=${expect1%:$action} - expect1=${expect1%-} - expect1=${expect1%I} - expect1=${expect1}I:$action - ;; - secure) - eval expect2=\$acls$i - ;; - noallow) - if [[ $expect1 == *":allow" ]] ; then - pass=1 - ((passcnt = passcnt + 1)) - else - eval expect2=\$acls$i - fi - ;; - discard) - passcnt=maxnumber - break - ;; - esac - - if ((pass == 0)) ; then - acltemp=${expect2%:*} - acltemp=${acltemp%:*} - aclaction=${expect2##*:} - expect2=${acltemp}:------I:${aclaction} - - acltemp=${expect1%:*} - inh=${acltemp##*:} - - if [[ -d $node ]]; then - if [[ ${inh:3:1} == "n" ]]; then - - # - # if no_propagate is set, - # then clear all inherit flags, - # only one ACE should left. - # - - step=0 - expect1="" - - elif [[ ${inh:2:1} != "i" ]]; then - - # - # directory should append - # "inherit_only" if not have - # - acltemp=${acltemp%i*} - expect1=${acltemp}i---I:${aclaction} - else - acltemp=${acltemp%-} - acltemp=${acltemp%I} - expect1=${acltemp}I:${aclaction} - fi - - # - # cleanup the first ACE if the directory - # not in inherit list - # - - if ((isinherit == 0)); then - expect1="" - fi - elif [[ -f $node ]] ; then - expect1="" + discard) + # Do not inherit any ACEs + ((count = maxaces + 1)) + break + ;; + noallow) + # Only inherit inheritable ACEs that specify + # "deny" permissions + if [[ $expacl == *":allow" ]] ; then + ((i = i + 1)) + continue fi + ;; + restricted) + # Remove write_acl and write_owner permissions + # when the ACEs is inherited + eval expacl=\$acls$i + ;; + passthrough) + ;; + esac - # Get the first ACE to do comparison + perm=${expacl%:*} + inh=${perm##*:} + inh=${inh:0:2} + perm=${perm%:*} + act=${expacl##*:} - aclcur=$(get_ACE $node $count compact) - aclcur=${aclcur#$count:} - if [[ -n $expect1 && $expect1 != $aclcur ]]; then - $LS -Vd $basedir - $LS -Vd $node - log_fail "$inherit $i #$count " \ - "ACE: $aclcur, expect to be " \ - "$expect1" + if [[ -d $node ]]; then + # Clear inheritance flags if no_propagate is set + if [[ ${str:1:1} == "n" ]]; then + inh="--" fi - - # - # Get the second ACE (if should have) to do - # comparison - # - if ((step > 0)); then - ((count = count + step)) - - aclcur=$(get_ACE $node $count compact) - aclcur=${aclcur#$count:} - if [[ -n $expect2 && \ - $expect2 != $aclcur ]]; then - - $LS -Vd $basedir - $LS -Vd $node - log_fail "$inherit $i " \ - "#$count ACE: $aclcur, " \ - "expect to be $expect2" - fi + expacl="$perm:$inh" + # Set inherit_only if there's a file_inherit + # without dir_inherit + if [[ ${obj:0:1} == "f" && + ${obj:1:1} != "d" ]]; then + expacl="${expacl}i---I:$act" + else + expacl="${expacl}----I:$act" fi - ((count = count + 1)) + elif [[ -f $node ]] ; then + expacl="$perm:------I:$act" fi + + aclcur=$(get_ACE $node $count compact) + aclcur=${aclcur#$count:} + if [[ -n $expacl && $expacl != $aclcur ]]; then + $LS -Vd $basedir + $LS -Vd $node + log_fail "$inherit $i #$count" \ + "expected: $expacl, current: $aclcur" + fi + ((i = i + 1)) + ((count = count + 1)) done - # - # If there's no any ACE be checked, it should be identify as - # an normal file/dir, verify it. - # - - if ((passcnt == maxnumber)); then + # There were no non-trivial ACEs to check, do the trivial ones + if ((count == maxaces + 1)); then if [[ -d $node ]]; then compare_acls $node $odir - elif [[ -f $node ]]; then + elif [[ -f $node ]]; then compare_acls $node $ofile fi if [[ $? -ne 0 ]]; then $LS -Vd $basedir $LS -Vd $node - log_fail "Unexpect acl: $node, $inherit ($str)" + log_fail "unexpected acl: $node," \ + "$inherit ($str)" fi fi + done } -typeset -i i=0 -typeset acl0 acl1 acl2 acl3 -typeset acls0 acls1 acls2 acls3 - -# -# Set aclmode=passthrough to make sure -# the acl will not change during chmod. -# A general testing should verify the combination of -# aclmode/aclinherit works well, -# here we just simple test them separately. -# +typeset -i i=0 maxaces=6 +typeset acl0 acl1 acl2 acl3 acl4 acl5 +typeset acls0 acls1 acls2 acls3 acls4 acls5 log_must $ZFS set aclmode=passthrough $TESTPOOL/$TESTFS for inherit in "${aclinherit_flag[@]}"; do - - # - # Set different value of aclinherit - # - log_must $ZFS set aclinherit=$inherit $TESTPOOL/$TESTFS for user in root $ZFS_ACL_STAFF1; do @@ -334,64 +233,36 @@ for inherit in "${aclinherit_flag[@]}"; do for obj in "${object_flag[@]}"; do for str in "${strategy_flag[@]}"; do typeset inh_opt=$obj - ((${#str} != 0)) && inh_opt=${inh_opt}${str}-- - - inh_a=${inh_opt}- - inh_b=${inh_opt}I - - # - # Prepare 4 ACES, which should include : - # deny -> to verify "noallow" - # write_acl/write_owner -> to verify "secure" - # - - acl0="$ace_prefix1:rwxp---A-W-Co-:${inh_a}:allow" - acl1="$ace_prefix2:rwxp---A-W-Co-:${inh_a}:deny" - acl2="$ace_prefix3:rwxp---A-W-Co-:${inh_a}:allow" - acl3="$ace_prefix1:-------A-W----:${inh_a}:deny" - acl4="$ace_prefix2:-------A-W----:${inh_a}:allow" - acl5="$ace_prefix3:-------A-W----:${inh_a}:deny" - - - # - # The ACE filtered by write_acl/write_owner - # - - if [[ $inheri == "passthrough" ]]; then - acls0="$ace_prefix1:rwxp---A-W----:${inh_b}:allow" - acls1="$ace_prefix2:rwxp---A-W----:${inh_b}:deny" - acls2="$ace_prefix3:rwxp---A-W----:${inh_b}:allow" - acls3="$ace_prefix1:rwxp---A-W----:${inh_b}:deny" - acls4="$ace_prefix2:rwxp---A-W----:${inh_b}:allow" - acls5="$ace_prefix3:rwxp---A-W----:${inh_b}:deny" - else - acls0="$ace_prefix1:-------A-W----:${inh_b}:allow" - acls1="$ace_prefix2:-------A-W-Co-:${inh_b}:deny" - acls2="$ace_prefix3:-------A-W----:${inh_b}:allow" - acls3="$ace_prefix1:-------A-W----:${inh_b}:deny" - acls4="$ace_prefix2:-------A-W----:${inh_b}:allow" - acls5="$ace_prefix3:-------A-W----:${inh_b}:deny" - fi - - # - # Create basedir and tmp dir/file - # for comparison. - # + ((${#str} != 0)) && inh_opt="${inh_opt}${str}--" + + inh_a="${inh_opt}-" + inh_b="${inh_opt}I" + + # deny - to verify "noallow" + # write_acl/write_owner - to verify "restricted" + acl0="$ace_prefix1:-------A-W-Co-:$inh_a:allow" + acl1="$ace_prefix2:-------A-W-Co-:$inh_a:deny" + acl2="$ace_prefix3:-------A-W-Co-:$inh_a:allow" + acl3="$ace_prefix1:-------A-W----:$inh_a:deny" + acl4="$ace_prefix2:-------A-W----:$inh_a:allow" + acl5="$ace_prefix3:-------A-W----:$inh_a:deny" + + # ACEs filtered by write_acl/write_owner + acls0="$ace_prefix1:-------A-W----:$inh_b:allow" + acls1="$ace_prefix2:-------A-W-Co-:$inh_b:deny" + acls2="$ace_prefix3:-------A-W----:$inh_b:allow" + acls3="$ace_prefix1:-------A-W----:$inh_b:deny" + acls4="$ace_prefix2:-------A-W----:$inh_b:allow" + acls5="$ace_prefix3:-------A-W----:$inh_b:deny" - log_note "$user: $CHMOD $acl $basedir" log_must usr_exec $MKDIR $basedir log_must usr_exec $MKDIR $odir log_must usr_exec $TOUCH $ofile - i=5 + ((i = maxaces - 1)) while ((i >= 0)); do eval acl=\$acl$i - - # - # Place on a directory should succeed. - # log_must usr_exec $CHMOD A+$acl $basedir - ((i = i - 1)) done @@ -403,4 +274,4 @@ for inherit in "${aclinherit_flag[@]}"; do done done -log_pass "Verify chmod inherit behaviour co-op with aclinherit setting passed." +log_pass "Verify chmod inherit behaviour co-op with aclinherit setting passed" diff --git a/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_inherit_004_pos.ksh b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_inherit_004_pos.ksh index 0ecf85eccb..98b5568e8d 100644 --- a/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_inherit_004_pos.ksh +++ b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_inherit_004_pos.ksh @@ -25,125 +25,91 @@ # Use is subject to license terms. # -# # Copyright (c) 2012 by Delphix. All rights reserved. +# Copyright 2016 Nexenta Systems, Inc. # . $STF_SUITE/tests/functional/acl/acl_common.kshlib -# # DESCRIPTION: -# Verify aclinherit=passthrough-x will inherit the 'x' bits while mode request. +# Verify aclinherit=passthrough-x will inherit the execute permission only if +# file creation mode requests it. # # STRATEGY: -# 1. Loop super user and non-super user to run the test case. -# 2. Create basedir and a set of subdirectores and files within it. -# 3. Set aclinherit=passthrough-x -# 4. Verify only passthrough-x will inherit the 'x' bits while mode request. -# +# 1. Use both super user and non-super user to run the test case. +# 2. Set aclinherit=passthrough-x +# 3. Create basedir and a set of files, one with 644 and one with 755 mode. +# 4. Verify that execute permission is inherited only if file creation mode +# requests them. verify_runnable "both" function cleanup { - if [[ -d $basedir ]]; then - log_must $RM -rf $basedir - fi + [[ -d $basedir ]] && log_must $RM -rf $basedir } -$ZPOOL upgrade -v -$ZPOOL upgrade -v | $GREP "passthrough-x aclinherit" > /dev/null 2>&1 -if (($? != 0)); then - log_unsupported "passthrough-x aclinherit not supported." -fi - -log_assert "Verify aclinherit=passthrough-x will inherit the 'x' bits while" \ - " mode request." + +log_assert "aclinherit=passthrough-x should inherit the execute permission" \ + "only if file creation mode requests it" log_onexit cleanup set -A aces \ - "owner@:read_data/write_data/add_subdirectory/append_data/execute:dir_inherit/inherit_only:allow" \ - "owner@:read_data/write_data/add_subdirectory/append_data/execute::allow" \ - "group@:add_subdirectory/append_data/execute:dir_inherit/inherit_only:allow" \ - "group@:add_subdirectory/append_data/execute::allow" \ - "everyone@:add_subdirectory/append_data/execute:dir_inherit/inherit_only:allow" \ - "everyone@:add_subdirectory/append_data/execute::allow" \ - "owner@:read_data/write_data/add_subdirectory/append_data/execute:file_inherit/inherit_only:allow" \ - "group@:read_data/add_subdirectory/append_data/execute:file_inherit/inherit_only:allow" \ - "everyone@:read_data/add_subdirectory/append_data/execute:file_inherit/inherit_only:allow" - -# Defile the based directory and file -basedir=$TESTDIR/basedir + "owner@:rwxp:f:allow" \ + "group@:rxp:f:allow" \ + "everyone@:rxp:f:allow" +typeset basedir="$TESTDIR/basedir" +typeset nfile1="$basedir/nfile1" nfile2="$basedir/nfile2" -# -# According to inherited flag, verify subdirectories and files within it has -# correct inherited access control. -# -function verify_inherit # <object> +function check_execute_bit { - typeset obj=$1 + typeset ace + typeset file=$1 + typeset -i i=0 - # Define the files and directories will be created after chmod - ndir1=$obj/ndir1; ndir2=$ndir1/ndir2 - nfile1=$ndir1/nfile1.c; nfile2=$ndir1/nfile2 + while ((i < 6)); do + ace=$(get_ACE $file $i) + if [[ "$ace" == *"execute"* ]]; then + return 0 + fi + ((i = i + 1)) + done - log_must usr_exec $MKDIR -p $ndir1 + return 1 +} +function verify_inherit +{ typeset -i i=0 + + log_must usr_exec $MKDIR $basedir + + # Modify owner@, group@ and everyone@ ACEs to include execute + # permission (see above), and make them file-inheritable while ((i < ${#aces[*]})); do - if ((i < 3)); then - log_must usr_exec $CHMOD A$i=${aces[i]} $ndir1 - else - log_must usr_exec $CHMOD A$i+${aces[i]} $ndir1 - fi + log_must usr_exec $CHMOD A$i=${aces[i]} $basedir ((i = i + 1)) done - log_must usr_exec $MKDIR -p $ndir2 + + # Create file with 644 mode log_must usr_exec $TOUCH $nfile1 + # Check that execute permission wasn't inherited + log_mustnot check_execute_bit $nfile1 - $CAT > $nfile1 <<EOF -#include <stdlib.h> -#include <stdio.h> -int main() -{ return 0; } -EOF - - mode=$(get_mode $ndir2) - if [[ $mode != "drwx--x--x"* ]]; then - log_fail "Unexpect mode of $ndir2, expect: drwx--x--x, current: $mode" - fi - - mode=$(get_mode $nfile1) - if [[ $mode != "-rw-r--r--"* ]]; then - log_fail "Unexpect mode of $nfile1, expect: -rw-r--r--, current: $mode" - fi - - if [[ -x /usr/sfw/bin/gcc ]]; then - log_must /usr/sfw/bin/gcc -o $nfile2 $nfile1 - mode=$(get_mode $nfile2) - if [[ $mode != "-rwxr-xr-x"* ]]; then - log_fail "Unexpect mode of $nfile2, expect: -rwxr-xr-x, current: $mode" - fi - fi + # Use cp(1) to copy over /usr/bin/true + log_must usr_exec $CP $TRUE $nfile2 + # Check that execute permission was inherited + log_must check_execute_bit $nfile2 } -# -# Set aclmode=passthrough to make sure -# the acl will not change during chmod. -# A general testing should verify the combination of -# aclmode/aclinherit works well, -# here we just simple test them separately. -# - log_must $ZFS set aclmode=passthrough $TESTPOOL/$TESTFS log_must $ZFS set aclinherit=passthrough-x $TESTPOOL/$TESTFS for user in root $ZFS_ACL_STAFF1; do log_must set_cur_usr $user - - verify_inherit $basedir - + verify_inherit cleanup done -log_pass "Verify aclinherit=passthrough-x will inherit the 'x' bits while mode request." +log_pass "aclinherit=passthrough-x should inherit the execute permission" \ + "only if file creation mode requests it" diff --git a/usr/src/test/zfs-tests/tests/functional/cli_root/zdb/Makefile b/usr/src/test/zfs-tests/tests/functional/cli_root/zdb/Makefile index 32e23b89e9..f60ca24f1e 100644 --- a/usr/src/test/zfs-tests/tests/functional/cli_root/zdb/Makefile +++ b/usr/src/test/zfs-tests/tests/functional/cli_root/zdb/Makefile @@ -10,7 +10,7 @@ # # -# Copyright (c) 2012 by Delphix. All rights reserved. +# Copyright (c) 2015 by Delphix. All rights reserved. # include $(SRC)/Makefile.master @@ -18,7 +18,8 @@ include $(SRC)/Makefile.master ROOTOPTPKG = $(ROOT)/opt/zfs-tests TESTDIR = $(ROOTOPTPKG)/tests/functional/cli_root/zdb -PROGS = zdb_001_neg +PROGS = zdb_001_neg \ + zdb_002_pos CMDS = $(PROGS:%=$(TESTDIR)/%) $(CMDS) := FILEMODE = 0555 diff --git a/usr/src/test/zfs-tests/tests/functional/cli_root/zdb/zdb_002_pos.ksh b/usr/src/test/zfs-tests/tests/functional/cli_root/zdb/zdb_002_pos.ksh new file mode 100644 index 0000000000..6d3e3ab454 --- /dev/null +++ b/usr/src/test/zfs-tests/tests/functional/cli_root/zdb/zdb_002_pos.ksh @@ -0,0 +1,51 @@ +#!/bin/ksh + +# +# This file and its contents are supplied under the terms of the +# Common Development and Distribution License ("CDDL"), version 1.0. +# You may only use this file in accordance with the terms of version +# 1.0 of the CDDL. +# +# A full copy of the text of the CDDL should have accompanied this +# source. A copy of the CDDL is also available via the Internet at +# http://www.illumos.org/license/CDDL. +# + +# +# Copyright (c) 2015 by Delphix. All rights reserved. +# + +. $STF_SUITE/include/libtest.shlib + +# +# Description: +# zdb will accurately count the feature refcount for pools with and without +# features enabled. +# +# Strategy: +# 1. Create a pool, and collect zdb output for the pool. +# 2. Verify there are no 'feature refcount mismatch' messages. +# 3. Repeat for a pool with features disabled. +# + +log_assert "Verify zdb accurately counts feature refcounts." +log_onexit cleanup + +typeset errstr="feature refcount mismatch" +typeset tmpfile="/var/tmp/zdb-feature-mismatch" +function cleanup +{ + datasetexists $TESTPOOL && destroy_pool $TESTPOOL + grep "$errstr" $tmpfile + rm -f $tmpfile +} + +for opt in '' -d; do + log_must zpool create -f $opt $TESTPOOL ${DISKS%% *} + log_must eval "zdb $TESTPOOL >$tmpfile" + grep -q "$errstr" $tmpfile && \ + log_fail "Found feature refcount mismatches in zdb output." + destroy_pool $TESTPOOL +done + +log_pass "zdb accurately counts feature refcounts." diff --git a/usr/src/test/zfs-tests/tests/functional/cli_root/zfs_rename/zfs_rename_006_pos.ksh b/usr/src/test/zfs-tests/tests/functional/cli_root/zfs_rename/zfs_rename_006_pos.ksh index 5f6cdd54d8..25fb7330a8 100644 --- a/usr/src/test/zfs-tests/tests/functional/cli_root/zfs_rename/zfs_rename_006_pos.ksh +++ b/usr/src/test/zfs-tests/tests/functional/cli_root/zfs_rename/zfs_rename_006_pos.ksh @@ -24,6 +24,10 @@ # Copyright 2007 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # + +# +# Copyright (c) 2015 by Delphix. All rights reserved. +# . $STF_SUITE/include/libtest.shlib . $STF_SUITE/tests/functional/cli_root/zfs_rename/zfs_rename.kshlib @@ -35,6 +39,7 @@ # 1. Create a snapshot of volume. # 2. Rename volume snapshot to a new one. # 3. Rename volume to a new one. +# 4. Create a clone of the snapshot. # 5. Verify that the rename operations are successful and zfs list can # list them. # @@ -62,14 +67,18 @@ rename_dataset $vol ${vol}-new rename_dataset ${vol}-new@${snap}-new ${vol}-new@$snap rename_dataset ${vol}-new $vol +clone=$TESTPOOL/${snap}_clone +create_clone $vol@$snap $clone + #verify data integrity -for input in $VOL_R_PATH ${VOL_R_PATH}@$snap; do +for input in $VOL_R_PATH /dev/zvol/rdsk/$clone; do log_must eval "$DD if=$input of=$VOLDATA bs=$BS count=$CNT >/dev/null 2>&1" if ! cmp_data $VOLDATA $DATA ; then log_fail "$input gets corrupted after rename operation." fi done +destroy_clone $clone log_must $ZFS destroy $vol@$snap log_pass "'zfs rename' can rename volume snapshot as expected." diff --git a/usr/src/uts/common/fs/zfs/zfs_acl.c b/usr/src/uts/common/fs/zfs/zfs_acl.c index 2eecefd8cf..f2ef7e5134 100644 --- a/usr/src/uts/common/fs/zfs/zfs_acl.c +++ b/usr/src/uts/common/fs/zfs/zfs_acl.c @@ -20,8 +20,8 @@ */ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2011 Nexenta Systems, Inc. All rights reserved. * Copyright (c) 2013 by Delphix. All rights reserved. + * Copyright 2014 Nexenta Systems, Inc. All rights reserved. */ #include <sys/types.h> @@ -887,7 +887,6 @@ zfs_set_ace(zfs_acl_t *aclp, void *acep, uint32_t access_mask, /* * Determine mode of file based on ACL. - * Also, create FUIDs for any User/Group ACEs */ uint64_t zfs_mode_compute(uint64_t fmode, zfs_acl_t *aclp, @@ -913,11 +912,9 @@ zfs_mode_compute(uint64_t fmode, zfs_acl_t *aclp, entry_type = (iflags & ACE_TYPE_FLAGS); /* - * Skip over owner@, group@ or everyone@ inherit only ACEs + * Skip over any inherit_only ACEs */ - if ((iflags & ACE_INHERIT_ONLY_ACE) && - (entry_type == ACE_OWNER || entry_type == ACE_EVERYONE || - entry_type == OWNING_GROUP)) + if (iflags & ACE_INHERIT_ONLY_ACE) continue; if (entry_type == ACE_OWNER || (entry_type == 0 && @@ -1333,7 +1330,8 @@ zfs_aclset_common(znode_t *zp, zfs_acl_t *aclp, cred_t *cr, dmu_tx_t *tx) } static void -zfs_acl_chmod(vtype_t vtype, uint64_t mode, boolean_t trim, zfs_acl_t *aclp) +zfs_acl_chmod(vtype_t vtype, uint64_t mode, boolean_t split, boolean_t trim, + zfs_acl_t *aclp) { void *acep = NULL; uint64_t who; @@ -1378,15 +1376,27 @@ zfs_acl_chmod(vtype_t vtype, uint64_t mode, boolean_t trim, zfs_acl_t *aclp) while (acep = zfs_acl_next_ace(aclp, acep, &who, &access_mask, &iflags, &type)) { - uint16_t inherit_flags; - entry_type = (iflags & ACE_TYPE_FLAGS); - inherit_flags = (iflags & ALL_INHERIT); - - if ((entry_type == ACE_OWNER || entry_type == ACE_EVERYONE || - (entry_type == OWNING_GROUP)) && - ((inherit_flags & ACE_INHERIT_ONLY_ACE) == 0)) { - continue; + /* + * ACEs used to represent the file mode may be divided + * into an equivalent pair of inherit-only and regular + * ACEs, if they are inheritable. + * Skip regular ACEs, which are replaced by the new mode. + */ + if (split && (entry_type == ACE_OWNER || + entry_type == OWNING_GROUP || + entry_type == ACE_EVERYONE)) { + if (!isdir || !(iflags & + (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE))) + continue; + /* + * We preserve owner@, group@, or @everyone + * permissions, if they are inheritable, by + * copying them to inherit_only ACEs. This + * prevents inheritable permissions from being + * altered along with the file mode. + */ + iflags |= ACE_INHERIT_ONLY_ACE; } /* @@ -1394,12 +1404,12 @@ zfs_acl_chmod(vtype_t vtype, uint64_t mode, boolean_t trim, zfs_acl_t *aclp) * the hints (which are later masked into the pflags) * so create knows to do inheritance. */ - if (isdir && (inherit_flags & + if (isdir && (iflags & (ACE_FILE_INHERIT_ACE|ACE_DIRECTORY_INHERIT_ACE))) aclp->z_hints |= ZFS_INHERIT_ACE; if ((type != ALLOW && type != DENY) || - (inherit_flags & ACE_INHERIT_ONLY_ACE)) { + (iflags & ACE_INHERIT_ONLY_ACE)) { switch (type) { case ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE: case ACE_ACCESS_DENIED_OBJECT_ACE_TYPE: @@ -1409,13 +1419,11 @@ zfs_acl_chmod(vtype_t vtype, uint64_t mode, boolean_t trim, zfs_acl_t *aclp) break; } } else { - /* - * Limit permissions to be no greater than - * group permissions. - * The "aclinherit" and "aclmode" properties - * affect policy for create and chmod(2), - * respectively. + * Limit permissions granted by ACEs to be no greater + * than permissions of the requested group mode. + * Applies when the "aclmode" property is set to + * "groupmask". */ if ((type == ALLOW) && trim) access_mask &= masks.group; @@ -1426,11 +1434,11 @@ zfs_acl_chmod(vtype_t vtype, uint64_t mode, boolean_t trim, zfs_acl_t *aclp) new_count++; new_bytes += ace_size; } - zfs_set_ace(aclp, zacep, masks.owner, 0, -1, ACE_OWNER); + zfs_set_ace(aclp, zacep, masks.owner, ALLOW, -1, ACE_OWNER); zacep = (void *)((uintptr_t)zacep + abstract_size); - zfs_set_ace(aclp, zacep, masks.group, 0, -1, OWNING_GROUP); + zfs_set_ace(aclp, zacep, masks.group, ALLOW, -1, OWNING_GROUP); zacep = (void *)((uintptr_t)zacep + abstract_size); - zfs_set_ace(aclp, zacep, masks.everyone, 0, -1, ACE_EVERYONE); + zfs_set_ace(aclp, zacep, masks.everyone, ALLOW, -1, ACE_EVERYONE); new_count += 3; new_bytes += abstract_size * 3; @@ -1456,7 +1464,7 @@ zfs_acl_chmod_setattr(znode_t *zp, zfs_acl_t **aclp, uint64_t mode) if (error == 0) { (*aclp)->z_hints = zp->z_pflags & V4_ACL_WIDE_FLAGS; - zfs_acl_chmod(ZTOV(zp)->v_type, mode, + zfs_acl_chmod(ZTOV(zp)->v_type, mode, B_TRUE, (zp->z_zfsvfs->z_acl_mode == ZFS_ACL_GROUPMASK), *aclp); } mutex_exit(&zp->z_lock); @@ -1466,21 +1474,6 @@ zfs_acl_chmod_setattr(znode_t *zp, zfs_acl_t **aclp, uint64_t mode) } /* - * strip off write_owner and write_acl - */ -static void -zfs_restricted_update(zfsvfs_t *zfsvfs, zfs_acl_t *aclp, void *acep) -{ - uint32_t mask = aclp->z_ops.ace_mask_get(acep); - - if ((zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED) && - (aclp->z_ops.ace_type_get(acep) == ALLOW)) { - mask &= ~RESTRICTED_CLEAR; - aclp->z_ops.ace_mask_set(acep, mask); - } -} - -/* * Should ACE be inherited? */ static int @@ -1501,9 +1494,9 @@ zfs_ace_can_use(vtype_t vtype, uint16_t acep_flags) */ static zfs_acl_t * zfs_acl_inherit(zfsvfs_t *zfsvfs, vtype_t vtype, zfs_acl_t *paclp, - uint64_t mode, boolean_t *need_chmod) + uint64_t mode) { - void *pacep; + void *pacep = NULL; void *acep; zfs_acl_node_t *aclnode; zfs_acl_t *aclp = NULL; @@ -1513,22 +1506,14 @@ zfs_acl_inherit(zfsvfs_t *zfsvfs, vtype_t vtype, zfs_acl_t *paclp, size_t ace_size; void *data1, *data2; size_t data1sz, data2sz; - boolean_t vdir = vtype == VDIR; - boolean_t vreg = vtype == VREG; - boolean_t passthrough, passthrough_x, noallow; - - passthrough_x = - zfsvfs->z_acl_inherit == ZFS_ACL_PASSTHROUGH_X; - passthrough = passthrough_x || - zfsvfs->z_acl_inherit == ZFS_ACL_PASSTHROUGH; - noallow = - zfsvfs->z_acl_inherit == ZFS_ACL_NOALLOW; - - *need_chmod = B_TRUE; - pacep = NULL; + uint_t aclinherit; + boolean_t isdir = (vtype == VDIR); + aclp = zfs_acl_alloc(paclp->z_version); - if (zfsvfs->z_acl_inherit == ZFS_ACL_DISCARD || vtype == VLNK) + aclinherit = zfsvfs->z_acl_inherit; + if (aclinherit == ZFS_ACL_DISCARD || vtype == VLNK) return (aclp); + while (pacep = zfs_acl_next_ace(paclp, pacep, &who, &access_mask, &iflags, &type)) { @@ -1538,31 +1523,31 @@ zfs_acl_inherit(zfsvfs_t *zfsvfs, vtype_t vtype, zfs_acl_t *paclp, if (!zfs_acl_valid_ace_type(type, iflags)) continue; - if (noallow && type == ALLOW) - continue; - - ace_size = aclp->z_ops.ace_size(pacep); - - if (!zfs_ace_can_use(vtype, iflags)) + /* + * Check if ACE is inheritable by this vnode + */ + if ((aclinherit == ZFS_ACL_NOALLOW && type == ALLOW) || + !zfs_ace_can_use(vtype, iflags)) continue; /* - * If owner@, group@, or everyone@ inheritable - * then zfs_acl_chmod() isn't needed. + * Strip inherited execute permission from file if + * not in mode */ - if (passthrough && - ((iflags & (ACE_OWNER|ACE_EVERYONE)) || - ((iflags & OWNING_GROUP) == - OWNING_GROUP)) && (vreg || (vdir && (iflags & - ACE_DIRECTORY_INHERIT_ACE)))) { - *need_chmod = B_FALSE; + if (aclinherit == ZFS_ACL_PASSTHROUGH_X && type == ALLOW && + !isdir && ((mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0)) { + access_mask &= ~ACE_EXECUTE; } - if (!vdir && passthrough_x && - ((mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0)) { - access_mask &= ~ACE_EXECUTE; + /* + * Strip write_acl and write_owner from permissions + * when inheriting an ACE + */ + if (aclinherit == ZFS_ACL_RESTRICTED && type == ALLOW) { + access_mask &= ~RESTRICTED_CLEAR; } + ace_size = aclp->z_ops.ace_size(pacep); aclnode = zfs_acl_node_alloc(ace_size); list_insert_tail(&aclp->z_acl, aclnode); acep = aclnode->z_acldata; @@ -1584,18 +1569,21 @@ zfs_acl_inherit(zfsvfs_t *zfsvfs, vtype_t vtype, zfs_acl_t *paclp, aclp->z_acl_bytes += aclnode->z_size; newflags = aclp->z_ops.ace_flags_get(acep); - if (vdir) - aclp->z_hints |= ZFS_INHERIT_ACE; - - if ((iflags & ACE_NO_PROPAGATE_INHERIT_ACE) || !vdir) { + /* + * If ACE is not to be inherited further, or if the vnode is + * not a directory, remove all inheritance flags + */ + if (!isdir || (iflags & ACE_NO_PROPAGATE_INHERIT_ACE)) { newflags &= ~ALL_INHERIT; aclp->z_ops.ace_flags_set(acep, newflags|ACE_INHERITED_ACE); - zfs_restricted_update(zfsvfs, aclp, acep); continue; } - ASSERT(vdir); + /* + * This directory has an inheritable ACE + */ + aclp->z_hints |= ZFS_INHERIT_ACE; /* * If only FILE_INHERIT is set then turn on @@ -1612,12 +1600,14 @@ zfs_acl_inherit(zfsvfs_t *zfsvfs, vtype_t vtype, zfs_acl_t *paclp, newflags|ACE_INHERITED_ACE); } } + return (aclp); } /* * Create file system object initial permissions * including inheritable ACEs. + * Also, create FUIDs for owner and group. */ int zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr, @@ -1627,7 +1617,7 @@ zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr, zfsvfs_t *zfsvfs = dzp->z_zfsvfs; zfs_acl_t *paclp; gid_t gid; - boolean_t need_chmod = B_TRUE; + boolean_t trim = B_FALSE; boolean_t inherited = B_FALSE; bzero(acl_ids, sizeof (zfs_acl_ids_t)); @@ -1716,7 +1706,7 @@ zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr, VERIFY(0 == zfs_acl_node_read(dzp, B_TRUE, &paclp, B_FALSE)); acl_ids->z_aclp = zfs_acl_inherit(zfsvfs, - vap->va_type, paclp, acl_ids->z_mode, &need_chmod); + vap->va_type, paclp, acl_ids->z_mode); inherited = B_TRUE; } else { acl_ids->z_aclp = @@ -1725,13 +1715,16 @@ zfs_acl_ids_create(znode_t *dzp, int flag, vattr_t *vap, cred_t *cr, } mutex_exit(&dzp->z_lock); mutex_exit(&dzp->z_acl_lock); - if (need_chmod) { - acl_ids->z_aclp->z_hints |= (vap->va_type == VDIR) ? - ZFS_ACL_AUTO_INHERIT : 0; - zfs_acl_chmod(vap->va_type, acl_ids->z_mode, - (zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED), - acl_ids->z_aclp); - } + + if (vap->va_type == VDIR) + acl_ids->z_aclp->z_hints |= ZFS_ACL_AUTO_INHERIT; + + if (zfsvfs->z_acl_mode == ZFS_ACL_GROUPMASK && + zfsvfs->z_acl_inherit != ZFS_ACL_PASSTHROUGH && + zfsvfs->z_acl_inherit != ZFS_ACL_PASSTHROUGH_X) + trim = B_TRUE; + zfs_acl_chmod(vap->va_type, acl_ids->z_mode, B_FALSE, trim, + acl_ids->z_aclp); } if (inherited || vsecp) { @@ -2080,7 +2073,7 @@ zfs_zaccess_dataset_check(znode_t *zp, uint32_t v4_mode) * placed into the working_mode, giving the caller a mask of denied * accesses. Returns: * 0 if all AoI granted - * EACCESS if the denied mask is non-zero + * EACCES if the denied mask is non-zero * other error if abnormal failure (e.g., IO error) * * A secondary usage of the function is to determine if any of the @@ -2517,46 +2510,32 @@ zfs_zaccess_unix(znode_t *zp, mode_t mode, cred_t *cr) return (zfs_zaccess(zp, v4_mode, 0, B_FALSE, cr)); } -static int -zfs_delete_final_check(znode_t *zp, znode_t *dzp, - mode_t available_perms, cred_t *cr) -{ - int error; - uid_t downer; - - downer = zfs_fuid_map_id(dzp->z_zfsvfs, dzp->z_uid, cr, ZFS_OWNER); - - error = secpolicy_vnode_access2(cr, ZTOV(dzp), - downer, available_perms, VWRITE|VEXEC); - - if (error == 0) - error = zfs_sticky_remove_access(dzp, zp, cr); - - return (error); -} +/* See zfs_zaccess_delete() */ +int zfs_write_implies_delete_child = 1; /* - * Determine whether Access should be granted/deny, without - * consulting least priv subsystem. + * Determine whether delete access should be granted. * - * The following chart is the recommended NFSv4 enforcement for - * ability to delete an object. + * The following chart outlines how we handle delete permissions which is + * how recent versions of windows (Windows 2008) handles it. The efficiency + * comes from not having to check the parent ACL where the object itself grants + * delete: * * ------------------------------------------------------- - * | Parent Dir | Target Object Permissions | + * | Parent Dir | Target Object Permissions | * | permissions | | * ------------------------------------------------------- * | | ACL Allows | ACL Denies| Delete | * | | Delete | Delete | unspecified| * ------------------------------------------------------- - * | ACL Allows | Permit | Permit | Permit | - * | DELETE_CHILD | | + * | ACL Allows | Permit | Deny * | Permit | + * | DELETE_CHILD | | | | * ------------------------------------------------------- - * | ACL Denies | Permit | Deny | Deny | - * | DELETE_CHILD | | | | + * | ACL Denies | Permit | Deny | Deny | + * | DELETE_CHILD | | | | * ------------------------------------------------------- * | ACL specifies | | | | - * | only allow | Permit | Permit | Permit | + * | only allow | Permit | Deny * | Permit | * | write and | | | | * | execute | | | | * ------------------------------------------------------- @@ -2566,91 +2545,171 @@ zfs_delete_final_check(znode_t *zp, znode_t *dzp, * ------------------------------------------------------- * ^ * | - * No search privilege, can't even look up file? + * Re. execute permission on the directory: if that's missing, + * the vnode lookup of the target will fail before we get here. + * + * Re [*] in the table above: NFSv4 would normally Permit delete for + * these two cells of the matrix. + * See acl.h for notes on which ACE_... flags should be checked for which + * operations. Specifically, the NFSv4 committee recommendation is in + * conflict with the Windows interpretation of DENY ACEs, where DENY ACEs + * should take precedence ahead of ALLOW ACEs. * + * This implementation always consults the target object's ACL first. + * If a DENY ACE is present on the target object that specifies ACE_DELETE, + * delete access is denied. If an ALLOW ACE with ACE_DELETE is present on + * the target object, access is allowed. If and only if no entries with + * ACE_DELETE are present in the object's ACL, check the container's ACL + * for entries with ACE_DELETE_CHILD. + * + * A summary of the logic implemented from the table above is as follows: + * + * First check for DENY ACEs that apply. + * If either target or container has a deny, EACCES. + * + * Delete access can then be summarized as follows: + * 1: The object to be deleted grants ACE_DELETE, or + * 2: The containing directory grants ACE_DELETE_CHILD. + * In a Windows system, that would be the end of the story. + * In this system, (2) has some complications... + * 2a: "sticky" bit on a directory adds restrictions, and + * 2b: existing ACEs from previous versions of ZFS may + * not carry ACE_DELETE_CHILD where they should, so we + * also allow delete when ACE_WRITE_DATA is granted. + * + * Note: 2b is technically a work-around for a prior bug, + * which hopefully can go away some day. For those who + * no longer need the work around, and for testing, this + * work-around is made conditional via the tunable: + * zfs_write_implies_delete_child */ int zfs_zaccess_delete(znode_t *dzp, znode_t *zp, cred_t *cr) { + uint32_t wanted_dirperms; uint32_t dzp_working_mode = 0; uint32_t zp_working_mode = 0; int dzp_error, zp_error; - mode_t available_perms; - boolean_t dzpcheck_privs = B_TRUE; - boolean_t zpcheck_privs = B_TRUE; - - /* - * We want specific DELETE permissions to - * take precedence over WRITE/EXECUTE. We don't - * want an ACL such as this to mess us up. - * user:joe:write_data:deny,user:joe:delete:allow - * - * However, deny permissions may ultimately be overridden - * by secpolicy_vnode_access(). - * - * We will ask for all of the necessary permissions and then - * look at the working modes from the directory and target object - * to determine what was found. - */ + boolean_t dzpcheck_privs; + boolean_t zpcheck_privs; if (zp->z_pflags & (ZFS_IMMUTABLE | ZFS_NOUNLINK)) return (SET_ERROR(EPERM)); /* - * First row - * If the directory permissions allow the delete, we are done. + * Case 1: + * If target object grants ACE_DELETE then we are done. This is + * indicated by a return value of 0. For this case we don't worry + * about the sticky bit because sticky only applies to the parent + * directory and this is the child access result. + * + * If we encounter a DENY ACE here, we're also done (EACCES). + * Note that if we hit a DENY ACE here (on the target) it should + * take precedence over a DENY ACE on the container, so that when + * we have more complete auditing support we will be able to + * report an access failure against the specific target. + * (This is part of why we're checking the target first.) */ - if ((dzp_error = zfs_zaccess_common(dzp, ACE_DELETE_CHILD, - &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr)) == 0) + zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode, + &zpcheck_privs, B_FALSE, cr); + if (zp_error == EACCES) { + /* We hit a DENY ACE. */ + if (!zpcheck_privs) + return (SET_ERROR(zp_error)); + return (secpolicy_vnode_remove(cr)); + + } + if (zp_error == 0) return (0); /* - * If target object has delete permission then we are done + * Case 2: + * If the containing directory grants ACE_DELETE_CHILD, + * or we're in backward compatibility mode and the + * containing directory has ACE_WRITE_DATA, allow. + * Case 2b is handled with wanted_dirperms. */ - if ((zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode, - &zpcheck_privs, B_FALSE, cr)) == 0) - return (0); - - ASSERT(dzp_error && zp_error); - - if (!dzpcheck_privs) - return (dzp_error); - if (!zpcheck_privs) - return (zp_error); + wanted_dirperms = ACE_DELETE_CHILD; + if (zfs_write_implies_delete_child) + wanted_dirperms |= ACE_WRITE_DATA; + dzp_error = zfs_zaccess_common(dzp, wanted_dirperms, + &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr); + if (dzp_error == EACCES) { + /* We hit a DENY ACE. */ + if (!dzpcheck_privs) + return (SET_ERROR(dzp_error)); + return (secpolicy_vnode_remove(cr)); + } /* - * Second row + * Cases 2a, 2b (continued) * - * If directory returns EACCES then delete_child was denied - * due to deny delete_child. In this case send the request through - * secpolicy_vnode_remove(). We don't use zfs_delete_final_check() - * since that *could* allow the delete based on write/execute permission - * and we want delete permissions to override write/execute. + * Note: dzp_working_mode now contains any permissions + * that were NOT granted. Therefore, if any of the + * wanted_dirperms WERE granted, we will have: + * dzp_working_mode != wanted_dirperms + * We're really asking if ANY of those permissions + * were granted, and if so, grant delete access. */ - - if (dzp_error == EACCES) - return (secpolicy_vnode_remove(cr)); + if (dzp_working_mode != wanted_dirperms) + dzp_error = 0; /* - * Third Row - * only need to see if we have write/execute on directory. + * dzp_error is 0 if the container granted us permissions to "modify". + * If we do not have permission via one or more ACEs, our current + * privileges may still permit us to modify the container. + * + * dzpcheck_privs is false when i.e. the FS is read-only. + * Otherwise, do privilege checks for the container. */ + if (dzp_error != 0 && dzpcheck_privs) { + uid_t owner; - dzp_error = zfs_zaccess_common(dzp, ACE_EXECUTE|ACE_WRITE_DATA, - &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr); - - if (dzp_error != 0 && !dzpcheck_privs) - return (dzp_error); + /* + * The secpolicy call needs the requested access and + * the current access mode of the container, but it + * only knows about Unix-style modes (VEXEC, VWRITE), + * so this must condense the fine-grained ACE bits into + * Unix modes. + * + * The VEXEC flag is easy, because we know that has + * always been checked before we get here (during the + * lookup of the target vnode). The container has not + * granted us permissions to "modify", so we do not set + * the VWRITE flag in the current access mode. + */ + owner = zfs_fuid_map_id(dzp->z_zfsvfs, dzp->z_uid, cr, + ZFS_OWNER); + dzp_error = secpolicy_vnode_access2(cr, ZTOV(dzp), + owner, VEXEC, VWRITE|VEXEC); + } + if (dzp_error != 0) { + /* + * Note: We may have dzp_error = -1 here (from + * zfs_zacess_common). Don't return that. + */ + return (SET_ERROR(EACCES)); + } /* - * Fourth row + * At this point, we know that the directory permissions allow + * us to modify, but we still need to check for the additional + * restrictions that apply when the "sticky bit" is set. + * + * Yes, zfs_sticky_remove_access() also checks this bit, but + * checking it here and skipping the call below is nice when + * you're watching all of this with dtrace. */ + if ((dzp->z_mode & S_ISVTX) == 0) + return (0); - available_perms = (dzp_working_mode & ACE_WRITE_DATA) ? 0 : VWRITE; - available_perms |= (dzp_working_mode & ACE_EXECUTE) ? 0 : VEXEC; - - return (zfs_delete_final_check(zp, dzp, available_perms, cr)); - + /* + * zfs_sticky_remove_access will succeed if: + * 1. The sticky bit is absent. + * 2. We pass the sticky bit restrictions. + * 3. We have privileges that always allow file removal. + */ + return (zfs_sticky_remove_access(dzp, zp, cr)); } int diff --git a/usr/src/uts/common/sys/acl.h b/usr/src/uts/common/sys/acl.h index 079c4f473f..e546d8a11a 100644 --- a/usr/src/uts/common/sys/acl.h +++ b/usr/src/uts/common/sys/acl.h @@ -24,7 +24,7 @@ * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * - * Copyright 2013 Nexenta Systems, Inc. All rights reserved. + * Copyright 2014 Nexenta Systems, Inc. All rights reserved. */ #ifndef _SYS_ACL_H @@ -78,37 +78,55 @@ typedef struct acl_info acl_t; /* * The following are defined for ace_t. + * + * Note, these are intentionally the same as the Windows + * "File Access Rights Constants" you can find on MSDN. + * (See also: "Standard Access Rights" on MSDN). + * + * The equivalent Windows names for these are just like + * those show below, with FILE_ in place of ACE_, except + * as noted below. Also note that Windows uses a special + * privilege: BYPASS_TRAVERSE_CHECKING, normally granted + * to everyone, that causes the absence of ACE_TRAVERSE + * to be ignored. + */ +#define ACE_READ_DATA 0x00000001 /* file: read data */ +#define ACE_LIST_DIRECTORY 0x00000001 /* dir: list files */ +#define ACE_WRITE_DATA 0x00000002 /* file: write data */ +#define ACE_ADD_FILE 0x00000002 /* dir: create file */ +#define ACE_APPEND_DATA 0x00000004 /* file: append data */ +#define ACE_ADD_SUBDIRECTORY 0x00000004 /* dir: create subdir */ +#define ACE_READ_NAMED_ATTRS 0x00000008 /* FILE_READ_EA */ +#define ACE_WRITE_NAMED_ATTRS 0x00000010 /* FILE_WRITE_EA */ +#define ACE_EXECUTE 0x00000020 /* file: execute */ +#define ACE_TRAVERSE 0x00000020 /* dir: lookup name */ +#define ACE_DELETE_CHILD 0x00000040 /* dir: unlink child */ +#define ACE_READ_ATTRIBUTES 0x00000080 /* (all) stat, etc. */ +#define ACE_WRITE_ATTRIBUTES 0x00000100 /* (all) utimes, etc. */ +#define ACE_DELETE 0x00010000 /* (all) unlink self */ +#define ACE_READ_ACL 0x00020000 /* (all) getsecattr */ +#define ACE_WRITE_ACL 0x00040000 /* (all) setsecattr */ +#define ACE_WRITE_OWNER 0x00080000 /* (all) chown */ +#define ACE_SYNCHRONIZE 0x00100000 /* (all) see MSDN */ + +/* + * Some of the following are the same as Windows uses. (but NOT ALL!) + * See the "ACE_HEADER" structure description on MSDN for details. + * Comments show relations to the MSDN names. */ -#define ACE_READ_DATA 0x00000001 -#define ACE_LIST_DIRECTORY 0x00000001 -#define ACE_WRITE_DATA 0x00000002 -#define ACE_ADD_FILE 0x00000002 -#define ACE_APPEND_DATA 0x00000004 -#define ACE_ADD_SUBDIRECTORY 0x00000004 -#define ACE_READ_NAMED_ATTRS 0x00000008 -#define ACE_WRITE_NAMED_ATTRS 0x00000010 -#define ACE_EXECUTE 0x00000020 -#define ACE_DELETE_CHILD 0x00000040 -#define ACE_READ_ATTRIBUTES 0x00000080 -#define ACE_WRITE_ATTRIBUTES 0x00000100 -#define ACE_DELETE 0x00010000 -#define ACE_READ_ACL 0x00020000 -#define ACE_WRITE_ACL 0x00040000 -#define ACE_WRITE_OWNER 0x00080000 -#define ACE_SYNCHRONIZE 0x00100000 - -#define ACE_FILE_INHERIT_ACE 0x0001 -#define ACE_DIRECTORY_INHERIT_ACE 0x0002 -#define ACE_NO_PROPAGATE_INHERIT_ACE 0x0004 -#define ACE_INHERIT_ONLY_ACE 0x0008 +#define ACE_FILE_INHERIT_ACE 0x0001 /* = OBJECT_INHERIT_ACE */ +#define ACE_DIRECTORY_INHERIT_ACE 0x0002 /* = CONTAINER_INHERIT_ACE */ +#define ACE_NO_PROPAGATE_INHERIT_ACE 0x0004 /* = NO_PROPAGATE_INHERIT_ACE */ +#define ACE_INHERIT_ONLY_ACE 0x0008 /* = INHERIT_ONLY_ACE */ #define ACE_SUCCESSFUL_ACCESS_ACE_FLAG 0x0010 #define ACE_FAILED_ACCESS_ACE_FLAG 0x0020 #define ACE_IDENTIFIER_GROUP 0x0040 -#define ACE_INHERITED_ACE 0x0080 +#define ACE_INHERITED_ACE 0x0080 /* INHERITED_ACE, 0x10 on NT */ #define ACE_OWNER 0x1000 #define ACE_GROUP 0x2000 #define ACE_EVERYONE 0x4000 +/* These four are the same as Windows, but with an ACE_ prefix added. */ #define ACE_ACCESS_ALLOWED_ACE_TYPE 0x0000 #define ACE_ACCESS_DENIED_ACE_TYPE 0x0001 #define ACE_SYSTEM_AUDIT_ACE_TYPE 0x0002 @@ -122,6 +140,7 @@ typedef struct acl_info acl_t; /* * These are only applicable in a CIFS context. + * Here again, same as Windows, but with an ACE_ prefix added. */ #define ACE_ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x04 #define ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE 0x05 |