int
secpolicy_vnode_any_access(const cred_t *cr, struct inode *ip, uid_t owner)
{
- if (crgetuid(cr) == owner)
+ if (crgetfsuid(cr) == owner)
return (0);
if (zpl_inode_owner_or_capable(ip))
int
secpolicy_vnode_chown(const cred_t *cr, uid_t owner)
{
- if (crgetuid(cr) == owner)
+ if (crgetfsuid(cr) == owner)
return (0);
return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM));
int
secpolicy_vnode_setdac(const cred_t *cr, uid_t owner)
{
- if (crgetuid(cr) == owner)
+ if (crgetfsuid(cr) == owner)
return (0);
return (priv_policy(cr, CAP_FOWNER, B_FALSE, EPERM));
int
secpolicy_vnode_setids_setgids(const cred_t *cr, gid_t gid)
{
- if (!groupmember(gid, cr))
+ if (crgetfsgid(cr) != gid && !groupmember(gid, cr))
return (priv_policy(cr, CAP_FSETID, B_FALSE, EPERM));
return (0);
static int
secpolicy_vnode_setid_modify(const cred_t *cr, uid_t owner)
{
- if (crgetuid(cr) == owner)
+ if (crgetfsuid(cr) == owner)
return (0);
return (priv_policy(cr, CAP_FSETID, B_FALSE, EPERM));
int error;
zfs_sb_t *zsb = ZTOZSB(dzp);
zfs_acl_t *paclp;
- gid_t gid;
+ gid_t gid = vap->va_gid;
boolean_t need_chmod = B_TRUE;
boolean_t inherited = B_FALSE;
acl_ids->z_fuid = vap->va_uid;
acl_ids->z_fgid = vap->va_gid;
+#ifdef HAVE_KSID
/*
* Determine uid and gid.
*/
}
}
}
+#endif /* HAVE_KSID */
/*
* If we're creating a directory, and the parent directory has the
}
}
+#ifdef HAVE_KSID
/*
* Create a file system FUID, based on information in the users cred
*
zfs_fuid_create_cred(zfs_sb_t *zsb, zfs_fuid_type_t type,
cred_t *cr, zfs_fuid_info_t **fuidp)
{
-#ifdef HAVE_KSID
uint64_t idx;
ksid_t *ksid;
uint32_t rid;
zfs_fuid_node_add(fuidp, kdomain, rid, idx, id, type);
return (FUID_ENCODE(idx, rid));
-#else
- VERIFY(type == ZFS_OWNER || type == ZFS_GROUP);
-
- return ((uint64_t)((type == ZFS_OWNER) ? crgetuid(cr) : crgetgid(cr)));
-#endif /* HAVE_KSID */
}
+#endif /* HAVE_KSID */
/*
* Create a file system FUID for an ACL ace
projects / zfs / commitdiff