fs/gfs2/eaops.c

   1 /*
   2  * Copyright (C) Sistina Software, Inc.  1997-2003 All rights reserved.
   3  * Copyright (C) 2004-2006 Red Hat, Inc.  All rights reserved.
   4  *
   5  * This copyrighted material is made available to anyone wishing to use,
   6  * modify, copy, or redistribute it subject to the terms and conditions
   7  * of the GNU General Public License version 2.
   8  */
   9
  10 #include <linux/sched.h>
  11 #include <linux/slab.h>
  12 #include <linux/spinlock.h>
  13 #include <linux/completion.h>
  14 #include <linux/buffer_head.h>
  15 #include <linux/xattr.h>
  16 #include <linux/gfs2_ondisk.h>
  17 #include <linux/lm_interface.h>
  18 #include <asm/uaccess.h>
  19
  20 #include "gfs2.h"
  21 #include "incore.h"
  22 #include "acl.h"
  23 #include "eaops.h"
  24 #include "eattr.h"
  25 #include "util.h"
  26
  27 /**
  28  * gfs2_ea_name2type - get the type of the ea, and truncate type from the name
  29  * @namep: ea name, possibly with type appended
  30  *
  31  * Returns: GFS2_EATYPE_XXX
  32  */
  33
  34 unsigned int gfs2_ea_name2type(const char *name, const char **truncated_name)
  35 {
  36         unsigned int type;
  37
  38         if (strncmp(name, "system.", 7) == 0) {
  39                 type = GFS2_EATYPE_SYS;
  40                 if (truncated_name)
  41                         *truncated_name = name + sizeof("system.") - 1;
  42         } else if (strncmp(name, "user.", 5) == 0) {
  43                 type = GFS2_EATYPE_USR;
  44                 if (truncated_name)
  45                         *truncated_name = name + sizeof("user.") - 1;
  46         } else if (strncmp(name, "security.", 9) == 0) {
  47                 type = GFS2_EATYPE_SECURITY;
  48                 if (truncated_name)
  49                         *truncated_name = name + sizeof("security.") - 1;
  50         } else {
  51                 type = GFS2_EATYPE_UNUSED;
  52                 if (truncated_name)
  53                         *truncated_name = NULL;
  54         }
  55
  56         return type;
  57 }
  58
  59 static int user_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
  60 {
  61         struct inode *inode = &ip->i_inode;
  62         int error = permission(inode, MAY_READ, NULL);
  63         if (error)
  64                 return error;
  65
  66         return gfs2_ea_get_i(ip, er);
  67 }
  68
  69 static int user_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
  70 {
  71         struct inode *inode = &ip->i_inode;
  72
  73         if (S_ISREG(inode->i_mode) ||
  74             (S_ISDIR(inode->i_mode) && !(inode->i_mode & S_ISVTX))) {
  75                 int error = permission(inode, MAY_WRITE, NULL);
  76                 if (error)
  77                         return error;
  78         } else
  79                 return -EPERM;
  80
  81         return gfs2_ea_set_i(ip, er);
  82 }
  83
  84 static int user_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
  85 {
  86         struct inode *inode = &ip->i_inode;
  87
  88         if (S_ISREG(inode->i_mode) ||
  89             (S_ISDIR(inode->i_mode) && !(inode->i_mode & S_ISVTX))) {
  90                 int error = permission(inode, MAY_WRITE, NULL);
  91                 if (error)
  92                         return error;
  93         } else
  94                 return -EPERM;
  95
  96         return gfs2_ea_remove_i(ip, er);
  97 }
  98
  99 static int system_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 100 {
 101         if (!GFS2_ACL_IS_ACCESS(er->er_name, er->er_name_len) &&
 102             !GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len) &&
 103             !capable(CAP_SYS_ADMIN))
 104                 return -EPERM;
 105
 106         if (GFS2_SB(&ip->i_inode)->sd_args.ar_posix_acl == 0 &&
 107             (GFS2_ACL_IS_ACCESS(er->er_name, er->er_name_len) ||
 108              GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len)))
 109                 return -EOPNOTSUPP;
 110
 111
 112
 113         return gfs2_ea_get_i(ip, er);
 114 }
 115
 116 static int system_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 117 {
 118         int remove = 0;
 119         int error;
 120
 121         if (GFS2_ACL_IS_ACCESS(er->er_name, er->er_name_len)) {
 122                 if (!(er->er_flags & GFS2_ERF_MODE)) {
 123                         er->er_mode = ip->i_di.di_mode;
 124                         er->er_flags |= GFS2_ERF_MODE;
 125                 }
 126                 error = gfs2_acl_validate_set(ip, 1, er,
 127                                               &remove, &er->er_mode);
 128                 if (error)
 129                         return error;
 130                 error = gfs2_ea_set_i(ip, er);
 131                 if (error)
 132                         return error;
 133                 if (remove)
 134                         gfs2_ea_remove_i(ip, er);
 135                 return 0;
 136
 137         } else if (GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len)) {
 138                 error = gfs2_acl_validate_set(ip, 0, er,
 139                                               &remove, NULL);
 140                 if (error)
 141                         return error;
 142                 if (!remove)
 143                         error = gfs2_ea_set_i(ip, er);
 144                 else {
 145                         error = gfs2_ea_remove_i(ip, er);
 146                         if (error == -ENODATA)
 147                                 error = 0;
 148                 }
 149                 return error;
 150         }
 151
 152         return -EPERM;
 153 }
 154
 155 static int system_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 156 {
 157         if (GFS2_ACL_IS_ACCESS(er->er_name, er->er_name_len)) {
 158                 int error = gfs2_acl_validate_remove(ip, 1);
 159                 if (error)
 160                         return error;
 161
 162         } else if (GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len)) {
 163                 int error = gfs2_acl_validate_remove(ip, 0);
 164                 if (error)
 165                         return error;
 166
 167         } else
 168                 return -EPERM;
 169
 170         return gfs2_ea_remove_i(ip, er);
 171 }
 172
 173 static int security_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 174 {
 175         struct inode *inode = &ip->i_inode;
 176         int error = permission(inode, MAY_READ, NULL);
 177         if (error)
 178                 return error;
 179
 180         return gfs2_ea_get_i(ip, er);
 181 }
 182
 183 static int security_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 184 {
 185         struct inode *inode = &ip->i_inode;
 186         int error = permission(inode, MAY_WRITE, NULL);
 187         if (error)
 188                 return error;
 189
 190         return gfs2_ea_set_i(ip, er);
 191 }
 192
 193 static int security_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 194 {
 195         struct inode *inode = &ip->i_inode;
 196         int error = permission(inode, MAY_WRITE, NULL);
 197         if (error)
 198                 return error;
 199
 200         return gfs2_ea_remove_i(ip, er);
 201 }
 202
 203 static struct gfs2_eattr_operations gfs2_user_eaops = {
 204         .eo_get = user_eo_get,
 205         .eo_set = user_eo_set,
 206         .eo_remove = user_eo_remove,
 207         .eo_name = "user",
 208 };
 209
 210 struct gfs2_eattr_operations gfs2_system_eaops = {
 211         .eo_get = system_eo_get,
 212         .eo_set = system_eo_set,
 213         .eo_remove = system_eo_remove,
 214         .eo_name = "system",
 215 };
 216
 217 static struct gfs2_eattr_operations gfs2_security_eaops = {
 218         .eo_get = security_eo_get,
 219         .eo_set = security_eo_set,
 220         .eo_remove = security_eo_remove,
 221         .eo_name = "security",
 222 };
 223
 224 struct gfs2_eattr_operations *gfs2_ea_ops[] = {
 225         NULL,
 226         &gfs2_user_eaops,
 227         &gfs2_system_eaops,
 228         &gfs2_security_eaops,
 229 };
 230