search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge with 2.5.75.
[linux-2.6/linux-mips.git] / fs / jfs / acl.c
bloba83ab660a0b7e59812cf3a1ce9d139b551ce19e0
1 /*
2 * Copyright (c) International Business Machines Corp., 2002
3 * Copyright (c) Andreas Gruenbacher, 2001
4 * Copyright (c) Linus Torvalds, 1991, 1992
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
14 * the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
20
21 #include <linux/sched.h>
22 #include <linux/fs.h>
23 #include "jfs_incore.h"
24 #include "jfs_xattr.h"
25 #include "jfs_acl.h"
26
27 struct posix_acl *jfs_get_acl(struct inode *inode, int type)
28 {
29 struct posix_acl *acl;
30 char *ea_name;
31 struct jfs_inode_info *ji = JFS_IP(inode);
32 struct posix_acl **p_acl;
33 int size;
34 char *value = NULL;
35
36 switch(type) {
37 case ACL_TYPE_ACCESS:
38 ea_name = XATTR_NAME_ACL_ACCESS;
39 p_acl = &ji->i_acl;
40 break;
41 case ACL_TYPE_DEFAULT:
42 ea_name = XATTR_NAME_ACL_DEFAULT;
43 p_acl = &ji->i_default_acl;
44 break;
45 default:
46 return ERR_PTR(-EINVAL);
47 }
48
49 if (*p_acl != JFS_ACL_NOT_CACHED)
50 return posix_acl_dup(*p_acl);
51
52 size = __jfs_getxattr(inode, ea_name, NULL, 0);
53
54 if (size > 0) {
55 value = kmalloc(size, GFP_KERNEL);
56 if (!value)
57 return ERR_PTR(-ENOMEM);
58 size = __jfs_getxattr(inode, ea_name, value, size);
59 }
60
61 if (size < 0) {
62 if (size == -ENODATA) {
63 *p_acl = NULL;
64 acl = NULL;
65 } else
66 acl = ERR_PTR(size);
67 } else {
68 acl = posix_acl_from_xattr(value, size);
69 if (!IS_ERR(acl))
70 *p_acl = posix_acl_dup(acl);
71 }
72 if (value)
73 kfree(value);
74 return acl;
75 }
76
77 int jfs_set_acl(struct inode *inode, int type, struct posix_acl *acl)
78 {
79 char *ea_name;
80 struct jfs_inode_info *ji = JFS_IP(inode);
81 struct posix_acl **p_acl;
82 int rc;
83 int size = 0;
84 char *value = NULL;
85
86 if (S_ISLNK(inode->i_mode))
87 return -EOPNOTSUPP;
88
89 switch(type) {
90 case ACL_TYPE_ACCESS:
91 ea_name = XATTR_NAME_ACL_ACCESS;
92 p_acl = &ji->i_acl;
93 break;
94 case ACL_TYPE_DEFAULT:
95 ea_name = XATTR_NAME_ACL_DEFAULT;
96 p_acl = &ji->i_default_acl;
97 if (!S_ISDIR(inode->i_mode))
98 return acl ? -EACCES : 0;
99 break;
100 default:
101 return -EINVAL;
102 }
103 if (acl) {
104 size = xattr_acl_size(acl->a_count);
105 value = kmalloc(size, GFP_KERNEL);
106 if (!value)
107 return -ENOMEM;
108 rc = posix_acl_to_xattr(acl, value, size);
109 if (rc < 0)
110 goto out;
111 }
112 rc = __jfs_setxattr(inode, ea_name, value, size, 0);
113 out:
114 if (value)
115 kfree(value);
116
117 if (!rc) {
118 if (*p_acl && (*p_acl != JFS_ACL_NOT_CACHED))
119 posix_acl_release(*p_acl);
120 *p_acl = posix_acl_dup(acl);
121 }
122 return rc;
123 }
124
125 /*
126 * __jfs_permission()
127 *
128 * modified vfs_permission to check posix acl
129 */
130 static int __jfs_permission(struct inode * inode, int mask, int have_sem)
131 {
132 umode_t mode = inode->i_mode;
133 struct jfs_inode_info *ji = JFS_IP(inode);
134
135 if (mask & MAY_WRITE) {
136 /*
137 * Nobody gets write access to a read-only fs.
138 */
139 if (IS_RDONLY(inode) &&
140 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
141 return -EROFS;
142
143 /*
144 * Nobody gets write access to an immutable file.
145 */
146 if (IS_IMMUTABLE(inode))
147 return -EACCES;
148 }
149
150 if (current->fsuid == inode->i_uid) {
151 mode >>= 6;
152 goto check_mode;
153 }
154 /*
155 * ACL can't contain additional permissions if the ACL_MASK entry
156 * is zero.
157 */
158 if (!(mode & S_IRWXG))
159 goto check_groups;
160
161 if (ji->i_acl == JFS_ACL_NOT_CACHED) {
162 struct posix_acl *acl;
163
164 if (!have_sem)
165 down(&inode->i_sem);
166 acl = jfs_get_acl(inode, ACL_TYPE_ACCESS);
167 if (!have_sem)
168 up(&inode->i_sem);
169
170 if (IS_ERR(acl))
171 return PTR_ERR(acl);
172 posix_acl_release(acl);
173 }
174
175 if (ji->i_acl) {
176 int rc = posix_acl_permission(inode, ji->i_acl, mask);
177 if (rc == -EACCES)
178 goto check_capabilities;
179 return rc;
180 }
181
182 check_groups:
183 if (in_group_p(inode->i_gid))
184 mode >>= 3;
185
186 check_mode:
187 /*
188 * If the DACs are ok we don't need any capability check.
189 */
190 if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask))
191 return 0;
192
193 check_capabilities:
194 /*
195 * Read/write DACs are always overridable.
196 * Executable DACs are overridable if at least one exec bit is set.
197 */
198 if ((mask & (MAY_READ|MAY_WRITE)) || (inode->i_mode & S_IXUGO))
199 if (capable(CAP_DAC_OVERRIDE))
200 return 0;
201
202 /*
203 * Searching includes executable on directories, else just read.
204 */
205 if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
206 if (capable(CAP_DAC_READ_SEARCH))
207 return 0;
208
209 return -EACCES;
210 }
211 int jfs_permission(struct inode * inode, int mask, struct nameidata *nd)
212 {
213 return __jfs_permission(inode, mask, 0);
214 }
215 int jfs_permission_have_sem(struct inode * inode, int mask)
216 {
217 return __jfs_permission(inode, mask, 1);
218 }
219
220 int jfs_init_acl(struct inode *inode, struct inode *dir)
221 {
222 struct posix_acl *acl = NULL;
223 struct posix_acl *clone;
224 mode_t mode;
225 int rc = 0;
226
227 if (S_ISLNK(inode->i_mode))
228 return 0;
229
230 acl = jfs_get_acl(dir, ACL_TYPE_DEFAULT);
231 if (IS_ERR(acl))
232 return PTR_ERR(acl);
233
234 if (acl) {
235 if (S_ISDIR(inode->i_mode)) {
236 rc = jfs_set_acl(inode, ACL_TYPE_DEFAULT, acl);
237 if (rc)
238 goto cleanup;
239 }
240 clone = posix_acl_clone(acl, GFP_KERNEL);
241 if (!clone) {
242 rc = -ENOMEM;
243 goto cleanup;
244 }
245 mode = inode->i_mode;
246 rc = posix_acl_create_masq(clone, &mode);
247 if (rc >= 0) {
248 inode->i_mode = mode;
249 if (rc > 0)
250 rc = jfs_set_acl(inode, ACL_TYPE_ACCESS, clone);
251 }
252 posix_acl_release(clone);
253 cleanup:
254 posix_acl_release(acl);
255 } else
256 inode->i_mode &= ~current->fs->umask;
257
258 return rc;
259 }
260
261 int jfs_acl_chmod(struct inode *inode)
262 {
263 struct posix_acl *acl, *clone;
264 int rc;
265
266 if (S_ISLNK(inode->i_mode))
267 return -EOPNOTSUPP;
268
269 acl = jfs_get_acl(inode, ACL_TYPE_ACCESS);
270 if (IS_ERR(acl) || !acl)
271 return PTR_ERR(acl);
272
273 clone = posix_acl_clone(acl, GFP_KERNEL);
274 posix_acl_release(acl);
275 if (!clone)
276 return -ENOMEM;
277
278 rc = posix_acl_chmod_masq(clone, inode->i_mode);
279 if (!rc)
280 rc = jfs_set_acl(inode, ACL_TYPE_ACCESS, clone);
281
282 posix_acl_release(clone);
283 return rc;
284 }
285
286 int jfs_setattr(struct dentry *dentry, struct iattr *iattr)
287 {
288 struct inode *inode = dentry->d_inode;
289 int rc;
290
291 rc = inode_change_ok(inode, iattr);
292 if (rc)
293 return rc;
294
295 inode_setattr(inode, iattr);
296
297 if (iattr->ia_valid & ATTR_MODE)
298 rc = jfs_acl_chmod(inode);
299
300 return rc;
301 }
Mirror of the linux-mips.org kernel tree