fs/gfs2/eaops.c

   1 /*
   2  * Copyright (C) Sistina Software, Inc.  1997-2003 All rights reserved.
   3  * Copyright (C) 2004-2006 Red Hat, Inc.  All rights reserved.
   4  *
   5  * This copyrighted material is made available to anyone wishing to use,
   6  * modify, copy, or redistribute it subject to the terms and conditions
   7  * of the GNU General Public License version 2.
   8  */
   9
  10 #include <linux/slab.h>
  11 #include <linux/spinlock.h>
  12 #include <linux/completion.h>
  13 #include <linux/buffer_head.h>
  14 #include <linux/xattr.h>
  15 #include <linux/gfs2_ondisk.h>
  16 #include <linux/lm_interface.h>
  17 #include <asm/uaccess.h>
  18
  19 #include "gfs2.h"
  20 #include "incore.h"
  21 #include "acl.h"
  22 #include "eaops.h"
  23 #include "eattr.h"
  24 #include "util.h"
  25
  26 /**
  27  * gfs2_ea_name2type - get the type of the ea, and truncate type from the name
  28  * @namep: ea name, possibly with type appended
  29  *
  30  * Returns: GFS2_EATYPE_XXX
  31  */
  32
  33 unsigned int gfs2_ea_name2type(const char *name, const char **truncated_name)
  34 {
  35         unsigned int type;
  36
  37         if (strncmp(name, "system.", 7) == 0) {
  38                 type = GFS2_EATYPE_SYS;
  39                 if (truncated_name)
  40                         *truncated_name = name + sizeof("system.") - 1;
  41         } else if (strncmp(name, "user.", 5) == 0) {
  42                 type = GFS2_EATYPE_USR;
  43                 if (truncated_name)
  44                         *truncated_name = name + sizeof("user.") - 1;
  45         } else if (strncmp(name, "security.", 9) == 0) {
  46                 type = GFS2_EATYPE_SECURITY;
  47                 if (truncated_name)
  48                         *truncated_name = name + sizeof("security.") - 1;
  49         } else {
  50                 type = GFS2_EATYPE_UNUSED;
  51                 if (truncated_name)
  52                         *truncated_name = NULL;
  53         }
  54
  55         return type;
  56 }
  57
  58 static int user_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
  59 {
  60         struct inode *inode = &ip->i_inode;
  61         int error = permission(inode, MAY_READ, NULL);
  62         if (error)
  63                 return error;
  64
  65         return gfs2_ea_get_i(ip, er);
  66 }
  67
  68 static int user_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
  69 {
  70         struct inode *inode = &ip->i_inode;
  71
  72         if (S_ISREG(inode->i_mode) ||
  73             (S_ISDIR(inode->i_mode) && !(inode->i_mode & S_ISVTX))) {
  74                 int error = permission(inode, MAY_WRITE, NULL);
  75                 if (error)
  76                         return error;
  77         } else
  78                 return -EPERM;
  79
  80         return gfs2_ea_set_i(ip, er);
  81 }
  82
  83 static int user_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
  84 {
  85         struct inode *inode = &ip->i_inode;
  86
  87         if (S_ISREG(inode->i_mode) ||
  88             (S_ISDIR(inode->i_mode) && !(inode->i_mode & S_ISVTX))) {
  89                 int error = permission(inode, MAY_WRITE, NULL);
  90                 if (error)
  91                         return error;
  92         } else
  93                 return -EPERM;
  94
  95         return gfs2_ea_remove_i(ip, er);
  96 }
  97
  98 static int system_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
  99 {
 100         if (!GFS2_ACL_IS_ACCESS(er->er_name, er->er_name_len) &&
 101             !GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len) &&
 102             !capable(CAP_SYS_ADMIN))
 103                 return -EPERM;
 104
 105         if (GFS2_SB(&ip->i_inode)->sd_args.ar_posix_acl == 0 &&
 106             (GFS2_ACL_IS_ACCESS(er->er_name, er->er_name_len) ||
 107              GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len)))
 108                 return -EOPNOTSUPP;
 109
 110
 111
 112         return gfs2_ea_get_i(ip, er);
 113 }
 114
 115 static int system_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 116 {
 117         int remove = 0;
 118         int error;
 119
 120         if (GFS2_ACL_IS_ACCESS(er->er_name, er->er_name_len)) {
 121                 if (!(er->er_flags & GFS2_ERF_MODE)) {
 122                         er->er_mode = ip->i_inode.i_mode;
 123                         er->er_flags |= GFS2_ERF_MODE;
 124                 }
 125                 error = gfs2_acl_validate_set(ip, 1, er,
 126                                               &remove, &er->er_mode);
 127                 if (error)
 128                         return error;
 129                 error = gfs2_ea_set_i(ip, er);
 130                 if (error)
 131                         return error;
 132                 if (remove)
 133                         gfs2_ea_remove_i(ip, er);
 134                 return 0;
 135
 136         } else if (GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len)) {
 137                 error = gfs2_acl_validate_set(ip, 0, er,
 138                                               &remove, NULL);
 139                 if (error)
 140                         return error;
 141                 if (!remove)
 142                         error = gfs2_ea_set_i(ip, er);
 143                 else {
 144                         error = gfs2_ea_remove_i(ip, er);
 145                         if (error == -ENODATA)
 146                                 error = 0;
 147                 }
 148                 return error;
 149         }
 150
 151         return -EPERM;
 152 }
 153
 154 static int system_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 155 {
 156         if (GFS2_ACL_IS_ACCESS(er->er_name, er->er_name_len)) {
 157                 int error = gfs2_acl_validate_remove(ip, 1);
 158                 if (error)
 159                         return error;
 160
 161         } else if (GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len)) {
 162                 int error = gfs2_acl_validate_remove(ip, 0);
 163                 if (error)
 164                         return error;
 165
 166         } else
 167                 return -EPERM;
 168
 169         return gfs2_ea_remove_i(ip, er);
 170 }
 171
 172 static int security_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 173 {
 174         struct inode *inode = &ip->i_inode;
 175         int error = permission(inode, MAY_READ, NULL);
 176         if (error)
 177                 return error;
 178
 179         return gfs2_ea_get_i(ip, er);
 180 }
 181
 182 static int security_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 183 {
 184         struct inode *inode = &ip->i_inode;
 185         int error = permission(inode, MAY_WRITE, NULL);
 186         if (error)
 187                 return error;
 188
 189         return gfs2_ea_set_i(ip, er);
 190 }
 191
 192 static int security_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
 193 {
 194         struct inode *inode = &ip->i_inode;
 195         int error = permission(inode, MAY_WRITE, NULL);
 196         if (error)
 197                 return error;
 198
 199         return gfs2_ea_remove_i(ip, er);
 200 }
 201
 202 static struct gfs2_eattr_operations gfs2_user_eaops = {
 203         .eo_get = user_eo_get,
 204         .eo_set = user_eo_set,
 205         .eo_remove = user_eo_remove,
 206         .eo_name = "user",
 207 };
 208
 209 struct gfs2_eattr_operations gfs2_system_eaops = {
 210         .eo_get = system_eo_get,
 211         .eo_set = system_eo_set,
 212         .eo_remove = system_eo_remove,
 213         .eo_name = "system",
 214 };
 215
 216 static struct gfs2_eattr_operations gfs2_security_eaops = {
 217         .eo_get = security_eo_get,
 218         .eo_set = security_eo_set,
 219         .eo_remove = security_eo_remove,
 220         .eo_name = "security",
 221 };
 222
 223 struct gfs2_eattr_operations *gfs2_ea_ops[] = {
 224         NULL,
 225         &gfs2_user_eaops,
 226         &gfs2_system_eaops,
 227         &gfs2_security_eaops,
 228 };
 229