fs/gfs2/acl.c

   1 /*
   2  * Copyright (C) Sistina Software, Inc.  1997-2003 All rights reserved.
   3  * Copyright (C) 2004-2006 Red Hat, Inc.  All rights reserved.
   4  *
   5  * This copyrighted material is made available to anyone wishing to use,
   6  * modify, copy, or redistribute it subject to the terms and conditions
   7  * of the GNU General Public License version 2.
   8  */
   9
  10 #include <linux/sched.h>
  11 #include <linux/slab.h>
  12 #include <linux/spinlock.h>
  13 #include <linux/completion.h>
  14 #include <linux/buffer_head.h>
  15 #include <linux/xattr.h>
  16 #include <linux/posix_acl.h>
  17 #include <linux/posix_acl_xattr.h>
  18 #include <linux/gfs2_ondisk.h>
  19
  20 #include "gfs2.h"
  21 #include "incore.h"
  22 #include "acl.h"
  23 #include "xattr.h"
  24 #include "glock.h"
  25 #include "inode.h"
  26 #include "meta_io.h"
  27 #include "trans.h"
  28 #include "util.h"
  29
  30 static const char *gfs2_acl_name(int type)
  31 {
  32         switch (type) {
  33         case ACL_TYPE_ACCESS:
  34                 return GFS2_POSIX_ACL_ACCESS;
  35         case ACL_TYPE_DEFAULT:
  36                 return GFS2_POSIX_ACL_DEFAULT;
  37         }
  38         return NULL;
  39 }
  40
  41 static struct posix_acl *gfs2_acl_get(struct gfs2_inode *ip, int type)
  42 {
  43         struct posix_acl *acl;
  44         const char *name;
  45         char *data;
  46         int len;
  47
  48         if (!ip->i_eattr)
  49                 return NULL;
  50
  51         acl = get_cached_acl(&ip->i_inode, type);
  52         if (acl != ACL_NOT_CACHED)
  53                 return acl;
  54
  55         name = gfs2_acl_name(type);
  56         if (name == NULL)
  57                 return ERR_PTR(-EINVAL);
  58
  59         len = gfs2_xattr_acl_get(ip, name, &data);
  60         if (len < 0)
  61                 return ERR_PTR(len);
  62         if (len == 0)
  63                 return NULL;
  64
  65         acl = posix_acl_from_xattr(data, len);
  66         kfree(data);
  67         return acl;
  68 }
  69
  70 /**
  71  * gfs2_check_acl - Check an ACL to see if we're allowed to do something
  72  * @inode: the file we want to do something to
  73  * @mask: what we want to do
  74  *
  75  * Returns: errno
  76  */
  77
  78 int gfs2_check_acl(struct inode *inode, int mask, unsigned int flags)
  79 {
  80         struct posix_acl *acl;
  81         int error;
  82
  83         if (flags & IPERM_FLAG_RCU) {
  84                 if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
  85                         return -ECHILD;
  86                 return -EAGAIN;
  87         }
  88
  89         acl = gfs2_acl_get(GFS2_I(inode), ACL_TYPE_ACCESS);
  90         if (IS_ERR(acl))
  91                 return PTR_ERR(acl);
  92
  93         if (acl) {
  94                 error = posix_acl_permission(inode, acl, mask);
  95                 posix_acl_release(acl);
  96                 return error;
  97         }
  98
  99         return -EAGAIN;
 100 }
 101
 102 static int gfs2_set_mode(struct inode *inode, mode_t mode)
 103 {
 104         int error = 0;
 105
 106         if (mode != inode->i_mode) {
 107                 struct iattr iattr;
 108
 109                 iattr.ia_valid = ATTR_MODE;
 110                 iattr.ia_mode = mode;
 111
 112                 error = gfs2_setattr_simple(GFS2_I(inode), &iattr);
 113         }
 114
 115         return error;
 116 }
 117
 118 static int gfs2_acl_set(struct inode *inode, int type, struct posix_acl *acl)
 119 {
 120         int error;
 121         int len;
 122         char *data;
 123         const char *name = gfs2_acl_name(type);
 124
 125         BUG_ON(name == NULL);
 126         len = posix_acl_to_xattr(acl, NULL, 0);
 127         if (len == 0)
 128                 return 0;
 129         data = kmalloc(len, GFP_NOFS);
 130         if (data == NULL)
 131                 return -ENOMEM;
 132         error = posix_acl_to_xattr(acl, data, len);
 133         if (error < 0)
 134                 goto out;
 135         error = __gfs2_xattr_set(inode, name, data, len, 0, GFS2_EATYPE_SYS);
 136         if (!error)
 137                 set_cached_acl(inode, type, acl);
 138 out:
 139         kfree(data);
 140         return error;
 141 }
 142
 143 int gfs2_acl_create(struct gfs2_inode *dip, struct inode *inode)
 144 {
 145         struct gfs2_sbd *sdp = GFS2_SB(&dip->i_inode);
 146         struct posix_acl *acl, *clone;
 147         mode_t mode = inode->i_mode;
 148         int error = 0;
 149
 150         if (!sdp->sd_args.ar_posix_acl)
 151                 return 0;
 152         if (S_ISLNK(inode->i_mode))
 153                 return 0;
 154
 155         acl = gfs2_acl_get(dip, ACL_TYPE_DEFAULT);
 156         if (IS_ERR(acl))
 157                 return PTR_ERR(acl);
 158         if (!acl) {
 159                 mode &= ~current_umask();
 160                 if (mode != inode->i_mode)
 161                         error = gfs2_set_mode(inode, mode);
 162                 return error;
 163         }
 164
 165         if (S_ISDIR(inode->i_mode)) {
 166                 error = gfs2_acl_set(inode, ACL_TYPE_DEFAULT, acl);
 167                 if (error)
 168                         goto out;
 169         }
 170
 171         clone = posix_acl_clone(acl, GFP_NOFS);
 172         error = -ENOMEM;
 173         if (!clone)
 174                 goto out;
 175         posix_acl_release(acl);
 176         acl = clone;
 177
 178         error = posix_acl_create_masq(acl, &mode);
 179         if (error < 0)
 180                 goto out;
 181         if (error == 0)
 182                 goto munge;
 183
 184         error = gfs2_acl_set(inode, ACL_TYPE_ACCESS, acl);
 185         if (error)
 186                 goto out;
 187 munge:
 188         error = gfs2_set_mode(inode, mode);
 189 out:
 190         posix_acl_release(acl);
 191         return error;
 192 }
 193
 194 int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr)
 195 {
 196         struct posix_acl *acl, *clone;
 197         char *data;
 198         unsigned int len;
 199         int error;
 200
 201         acl = gfs2_acl_get(ip, ACL_TYPE_ACCESS);
 202         if (IS_ERR(acl))
 203                 return PTR_ERR(acl);
 204         if (!acl)
 205                 return gfs2_setattr_simple(ip, attr);
 206
 207         clone = posix_acl_clone(acl, GFP_NOFS);
 208         error = -ENOMEM;
 209         if (!clone)
 210                 goto out;
 211         posix_acl_release(acl);
 212         acl = clone;
 213
 214         error = posix_acl_chmod_masq(acl, attr->ia_mode);
 215         if (!error) {
 216                 len = posix_acl_to_xattr(acl, NULL, 0);
 217                 data = kmalloc(len, GFP_NOFS);
 218                 error = -ENOMEM;
 219                 if (data == NULL)
 220                         goto out;
 221                 posix_acl_to_xattr(acl, data, len);
 222                 error = gfs2_xattr_acl_chmod(ip, attr, data);
 223                 kfree(data);
 224                 set_cached_acl(&ip->i_inode, ACL_TYPE_ACCESS, acl);
 225         }
 226
 227 out:
 228         posix_acl_release(acl);
 229         return error;
 230 }
 231
 232 static int gfs2_acl_type(const char *name)
 233 {
 234         if (strcmp(name, GFS2_POSIX_ACL_ACCESS) == 0)
 235                 return ACL_TYPE_ACCESS;
 236         if (strcmp(name, GFS2_POSIX_ACL_DEFAULT) == 0)
 237                 return ACL_TYPE_DEFAULT;
 238         return -EINVAL;
 239 }
 240
 241 static int gfs2_xattr_system_get(struct dentry *dentry, const char *name,
 242                                  void *buffer, size_t size, int xtype)
 243 {
 244         struct inode *inode = dentry->d_inode;
 245         struct gfs2_sbd *sdp = GFS2_SB(inode);
 246         struct posix_acl *acl;
 247         int type;
 248         int error;
 249
 250         if (!sdp->sd_args.ar_posix_acl)
 251                 return -EOPNOTSUPP;
 252
 253         type = gfs2_acl_type(name);
 254         if (type < 0)
 255                 return type;
 256
 257         acl = gfs2_acl_get(GFS2_I(inode), type);
 258         if (IS_ERR(acl))
 259                 return PTR_ERR(acl);
 260         if (acl == NULL)
 261                 return -ENODATA;
 262
 263         error = posix_acl_to_xattr(acl, buffer, size);
 264         posix_acl_release(acl);
 265
 266         return error;
 267 }
 268
 269 static int gfs2_xattr_system_set(struct dentry *dentry, const char *name,
 270                                  const void *value, size_t size, int flags,
 271                                  int xtype)
 272 {
 273         struct inode *inode = dentry->d_inode;
 274         struct gfs2_sbd *sdp = GFS2_SB(inode);
 275         struct posix_acl *acl = NULL;
 276         int error = 0, type;
 277
 278         if (!sdp->sd_args.ar_posix_acl)
 279                 return -EOPNOTSUPP;
 280
 281         type = gfs2_acl_type(name);
 282         if (type < 0)
 283                 return type;
 284         if (flags & XATTR_CREATE)
 285                 return -EINVAL;
 286         if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
 287                 return value ? -EACCES : 0;
 288         if ((current_fsuid() != inode->i_uid) && !capable(CAP_FOWNER))
 289                 return -EPERM;
 290         if (S_ISLNK(inode->i_mode))
 291                 return -EOPNOTSUPP;
 292
 293         if (!value)
 294                 goto set_acl;
 295
 296         acl = posix_acl_from_xattr(value, size);
 297         if (!acl) {
 298                 /*
 299                  * acl_set_file(3) may request that we set default ACLs with
 300                  * zero length -- defend (gracefully) against that here.
 301                  */
 302                 goto out;
 303         }
 304         if (IS_ERR(acl)) {
 305                 error = PTR_ERR(acl);
 306                 goto out;
 307         }
 308
 309         error = posix_acl_valid(acl);
 310         if (error)
 311                 goto out_release;
 312
 313         error = -EINVAL;
 314         if (acl->a_count > GFS2_ACL_MAX_ENTRIES)
 315                 goto out_release;
 316
 317         if (type == ACL_TYPE_ACCESS) {
 318                 mode_t mode = inode->i_mode;
 319                 error = posix_acl_equiv_mode(acl, &mode);
 320
 321                 if (error <= 0) {
 322                         posix_acl_release(acl);
 323                         acl = NULL;
 324
 325                         if (error < 0)
 326                                 return error;
 327                 }
 328
 329                 error = gfs2_set_mode(inode, mode);
 330                 if (error)
 331                         goto out_release;
 332         }
 333
 334 set_acl:
 335         error = __gfs2_xattr_set(inode, name, value, size, 0, GFS2_EATYPE_SYS);
 336         if (!error) {
 337                 if (acl)
 338                         set_cached_acl(inode, type, acl);
 339                 else
 340                         forget_cached_acl(inode, type);
 341         }
 342 out_release:
 343         posix_acl_release(acl);
 344 out:
 345         return error;
 346 }
 347
 348 const struct xattr_handler gfs2_xattr_system_handler = {
 349         .prefix = XATTR_SYSTEM_PREFIX,
 350         .flags  = GFS2_EATYPE_SYS,
 351         .get    = gfs2_xattr_system_get,
 352         .set    = gfs2_xattr_system_set,
 353 };
 354