2 * Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved.
3 * Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved.
5 * This copyrighted material is made available to anyone wishing to use,
6 * modify, copy, or redistribute it subject to the terms and conditions
7 * of the GNU General Public License version 2.
10 #include <linux/slab.h>
11 #include <linux/spinlock.h>
12 #include <linux/completion.h>
13 #include <linux/buffer_head.h>
14 #include <linux/capability.h>
15 #include <linux/xattr.h>
16 #include <linux/gfs2_ondisk.h>
17 #include <linux/lm_interface.h>
18 #include <asm/uaccess.h>
28 * gfs2_ea_name2type - get the type of the ea, and truncate type from the name
29 * @namep: ea name, possibly with type appended
31 * Returns: GFS2_EATYPE_XXX
34 unsigned int gfs2_ea_name2type(const char *name
, const char **truncated_name
)
38 if (strncmp(name
, "system.", 7) == 0) {
39 type
= GFS2_EATYPE_SYS
;
41 *truncated_name
= name
+ sizeof("system.") - 1;
42 } else if (strncmp(name
, "user.", 5) == 0) {
43 type
= GFS2_EATYPE_USR
;
45 *truncated_name
= name
+ sizeof("user.") - 1;
46 } else if (strncmp(name
, "security.", 9) == 0) {
47 type
= GFS2_EATYPE_SECURITY
;
49 *truncated_name
= name
+ sizeof("security.") - 1;
51 type
= GFS2_EATYPE_UNUSED
;
53 *truncated_name
= NULL
;
59 static int user_eo_get(struct gfs2_inode
*ip
, struct gfs2_ea_request
*er
)
61 struct inode
*inode
= &ip
->i_inode
;
62 int error
= permission(inode
, MAY_READ
, NULL
);
66 return gfs2_ea_get_i(ip
, er
);
69 static int user_eo_set(struct gfs2_inode
*ip
, struct gfs2_ea_request
*er
)
71 struct inode
*inode
= &ip
->i_inode
;
73 if (S_ISREG(inode
->i_mode
) ||
74 (S_ISDIR(inode
->i_mode
) && !(inode
->i_mode
& S_ISVTX
))) {
75 int error
= permission(inode
, MAY_WRITE
, NULL
);
81 return gfs2_ea_set_i(ip
, er
);
84 static int user_eo_remove(struct gfs2_inode
*ip
, struct gfs2_ea_request
*er
)
86 struct inode
*inode
= &ip
->i_inode
;
88 if (S_ISREG(inode
->i_mode
) ||
89 (S_ISDIR(inode
->i_mode
) && !(inode
->i_mode
& S_ISVTX
))) {
90 int error
= permission(inode
, MAY_WRITE
, NULL
);
96 return gfs2_ea_remove_i(ip
, er
);
99 static int system_eo_get(struct gfs2_inode
*ip
, struct gfs2_ea_request
*er
)
101 if (!GFS2_ACL_IS_ACCESS(er
->er_name
, er
->er_name_len
) &&
102 !GFS2_ACL_IS_DEFAULT(er
->er_name
, er
->er_name_len
) &&
103 !capable(CAP_SYS_ADMIN
))
106 if (GFS2_SB(&ip
->i_inode
)->sd_args
.ar_posix_acl
== 0 &&
107 (GFS2_ACL_IS_ACCESS(er
->er_name
, er
->er_name_len
) ||
108 GFS2_ACL_IS_DEFAULT(er
->er_name
, er
->er_name_len
)))
113 return gfs2_ea_get_i(ip
, er
);
116 static int system_eo_set(struct gfs2_inode
*ip
, struct gfs2_ea_request
*er
)
121 if (GFS2_ACL_IS_ACCESS(er
->er_name
, er
->er_name_len
)) {
122 if (!(er
->er_flags
& GFS2_ERF_MODE
)) {
123 er
->er_mode
= ip
->i_inode
.i_mode
;
124 er
->er_flags
|= GFS2_ERF_MODE
;
126 error
= gfs2_acl_validate_set(ip
, 1, er
,
127 &remove
, &er
->er_mode
);
130 error
= gfs2_ea_set_i(ip
, er
);
134 gfs2_ea_remove_i(ip
, er
);
137 } else if (GFS2_ACL_IS_DEFAULT(er
->er_name
, er
->er_name_len
)) {
138 error
= gfs2_acl_validate_set(ip
, 0, er
,
143 error
= gfs2_ea_set_i(ip
, er
);
145 error
= gfs2_ea_remove_i(ip
, er
);
146 if (error
== -ENODATA
)
155 static int system_eo_remove(struct gfs2_inode
*ip
, struct gfs2_ea_request
*er
)
157 if (GFS2_ACL_IS_ACCESS(er
->er_name
, er
->er_name_len
)) {
158 int error
= gfs2_acl_validate_remove(ip
, 1);
162 } else if (GFS2_ACL_IS_DEFAULT(er
->er_name
, er
->er_name_len
)) {
163 int error
= gfs2_acl_validate_remove(ip
, 0);
170 return gfs2_ea_remove_i(ip
, er
);
173 static int security_eo_get(struct gfs2_inode
*ip
, struct gfs2_ea_request
*er
)
175 struct inode
*inode
= &ip
->i_inode
;
176 int error
= permission(inode
, MAY_READ
, NULL
);
180 return gfs2_ea_get_i(ip
, er
);
183 static int security_eo_set(struct gfs2_inode
*ip
, struct gfs2_ea_request
*er
)
185 struct inode
*inode
= &ip
->i_inode
;
186 int error
= permission(inode
, MAY_WRITE
, NULL
);
190 return gfs2_ea_set_i(ip
, er
);
193 static int security_eo_remove(struct gfs2_inode
*ip
, struct gfs2_ea_request
*er
)
195 struct inode
*inode
= &ip
->i_inode
;
196 int error
= permission(inode
, MAY_WRITE
, NULL
);
200 return gfs2_ea_remove_i(ip
, er
);
203 static const struct gfs2_eattr_operations gfs2_user_eaops
= {
204 .eo_get
= user_eo_get
,
205 .eo_set
= user_eo_set
,
206 .eo_remove
= user_eo_remove
,
210 const struct gfs2_eattr_operations gfs2_system_eaops
= {
211 .eo_get
= system_eo_get
,
212 .eo_set
= system_eo_set
,
213 .eo_remove
= system_eo_remove
,
217 static const struct gfs2_eattr_operations gfs2_security_eaops
= {
218 .eo_get
= security_eo_get
,
219 .eo_set
= security_eo_set
,
220 .eo_remove
= security_eo_remove
,
221 .eo_name
= "security",
224 const struct gfs2_eattr_operations
*gfs2_ea_ops
[] = {
228 &gfs2_security_eaops
,