Mercurial > illumos > illumos-gate
changeset 11314:489ae7372a1f
6901122 destroy snapshot by delegated user succeeds without descendent permissions when -r or -R used.
author | William Gorrell <william.gorrell@sun.com> |
---|---|
date | Mon, 14 Dec 2009 13:57:29 -0700 |
parents | 5a24da420284 |
children | 92ff2a8d2f86 |
files | usr/src/uts/common/fs/zfs/zfs_ioctl.c |
diffstat | 1 files changed, 27 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/uts/common/fs/zfs/zfs_ioctl.c Mon Dec 14 12:40:53 2009 -0800 +++ b/usr/src/uts/common/fs/zfs/zfs_ioctl.c Mon Dec 14 13:57:29 2009 -0700 @@ -601,6 +601,31 @@ } /* + * Destroying snapshots with delegated permissions requires + * descendent mount and destroy permissions. + * Reassemble the full filesystem@snap name so dsl_deleg_access() + * can do the correct permission check. + * + * Since this routine is used when doing a recursive destroy of snapshots + * and destroying snapshots requires descendent permissions, a successfull + * check of the top level snapshot applies to snapshots of all descendent + * datasets as well. + */ +static int +zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, cred_t *cr) +{ + int error; + char *dsname; + + dsname = kmem_asprintf("%s@%s", zc->zc_name, zc->zc_value); + + error = zfs_secpolicy_destroy_perms(dsname, cr); + + strfree(dsname); + return (error); +} + +/* * Must have sys_config privilege to check the iscsi permission */ /* ARGSUSED */ @@ -4264,8 +4289,8 @@ { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE, B_FALSE }, { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE, B_TRUE }, - { zfs_ioc_destroy_snaps, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE, - B_TRUE }, + { zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, DATASET_NAME, + B_TRUE, B_TRUE }, { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE, B_TRUE }, { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_config, POOL_NAME, B_FALSE,