search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
initial commit with v2.6.9
[linux-2.6.9-moxart.git] / fs / jfs / acl.c
blobfc584f2194f4fa65542ba500485f3ab5ddc99fd6
1 /*
2 * Copyright (C) International Business Machines Corp., 2002-2004
3 * Copyright (C) Andreas Gruenbacher, 2001
4 * Copyright (C) Linus Torvalds, 1991, 1992
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
14 * the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
20
21 #include <linux/sched.h>
22 #include <linux/fs.h>
23 #include <linux/quotaops.h>
24 #include "jfs_incore.h"
25 #include "jfs_xattr.h"
26 #include "jfs_acl.h"
27
28 static struct posix_acl *jfs_get_acl(struct inode *inode, int type)
29 {
30 struct posix_acl *acl;
31 char *ea_name;
32 struct jfs_inode_info *ji = JFS_IP(inode);
33 struct posix_acl **p_acl;
34 int size;
35 char *value = NULL;
36
37 switch(type) {
38 case ACL_TYPE_ACCESS:
39 ea_name = XATTR_NAME_ACL_ACCESS;
40 p_acl = &ji->i_acl;
41 break;
42 case ACL_TYPE_DEFAULT:
43 ea_name = XATTR_NAME_ACL_DEFAULT;
44 p_acl = &ji->i_default_acl;
45 break;
46 default:
47 return ERR_PTR(-EINVAL);
48 }
49
50 if (*p_acl != JFS_ACL_NOT_CACHED)
51 return posix_acl_dup(*p_acl);
52
53 size = __jfs_getxattr(inode, ea_name, NULL, 0);
54
55 if (size > 0) {
56 value = kmalloc(size, GFP_KERNEL);
57 if (!value)
58 return ERR_PTR(-ENOMEM);
59 size = __jfs_getxattr(inode, ea_name, value, size);
60 }
61
62 if (size < 0) {
63 if (size == -ENODATA) {
64 *p_acl = NULL;
65 acl = NULL;
66 } else
67 acl = ERR_PTR(size);
68 } else {
69 acl = posix_acl_from_xattr(value, size);
70 if (!IS_ERR(acl))
71 *p_acl = posix_acl_dup(acl);
72 }
73 if (value)
74 kfree(value);
75 return acl;
76 }
77
78 static int jfs_set_acl(struct inode *inode, int type, struct posix_acl *acl)
79 {
80 char *ea_name;
81 struct jfs_inode_info *ji = JFS_IP(inode);
82 struct posix_acl **p_acl;
83 int rc;
84 int size = 0;
85 char *value = NULL;
86
87 if (S_ISLNK(inode->i_mode))
88 return -EOPNOTSUPP;
89
90 switch(type) {
91 case ACL_TYPE_ACCESS:
92 ea_name = XATTR_NAME_ACL_ACCESS;
93 p_acl = &ji->i_acl;
94 break;
95 case ACL_TYPE_DEFAULT:
96 ea_name = XATTR_NAME_ACL_DEFAULT;
97 p_acl = &ji->i_default_acl;
98 if (!S_ISDIR(inode->i_mode))
99 return acl ? -EACCES : 0;
100 break;
101 default:
102 return -EINVAL;
103 }
104 if (acl) {
105 size = xattr_acl_size(acl->a_count);
106 value = kmalloc(size, GFP_KERNEL);
107 if (!value)
108 return -ENOMEM;
109 rc = posix_acl_to_xattr(acl, value, size);
110 if (rc < 0)
111 goto out;
112 }
113 rc = __jfs_setxattr(inode, ea_name, value, size, 0);
114 out:
115 if (value)
116 kfree(value);
117
118 if (!rc) {
119 if (*p_acl && (*p_acl != JFS_ACL_NOT_CACHED))
120 posix_acl_release(*p_acl);
121 *p_acl = posix_acl_dup(acl);
122 }
123 return rc;
124 }
125
126 /*
127 * jfs_permission()
128 *
129 * modified vfs_permission to check posix acl
130 */
131 int jfs_permission(struct inode * inode, int mask, struct nameidata *nd)
132 {
133 umode_t mode = inode->i_mode;
134 struct jfs_inode_info *ji = JFS_IP(inode);
135
136 if (mask & MAY_WRITE) {
137 /*
138 * Nobody gets write access to a read-only fs.
139 */
140 if (IS_RDONLY(inode) &&
141 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
142 return -EROFS;
143
144 /*
145 * Nobody gets write access to an immutable file.
146 */
147 if (IS_IMMUTABLE(inode))
148 return -EACCES;
149 }
150
151 if (current->fsuid == inode->i_uid) {
152 mode >>= 6;
153 goto check_mode;
154 }
155 /*
156 * ACL can't contain additional permissions if the ACL_MASK entry
157 * is zero.
158 */
159 if (!(mode & S_IRWXG))
160 goto check_groups;
161
162 if (ji->i_acl == JFS_ACL_NOT_CACHED) {
163 struct posix_acl *acl;
164
165 acl = jfs_get_acl(inode, ACL_TYPE_ACCESS);
166
167 if (IS_ERR(acl))
168 return PTR_ERR(acl);
169 posix_acl_release(acl);
170 }
171
172 if (ji->i_acl) {
173 int rc = posix_acl_permission(inode, ji->i_acl, mask);
174 if (rc == -EACCES)
175 goto check_capabilities;
176 return rc;
177 }
178
179 check_groups:
180 if (in_group_p(inode->i_gid))
181 mode >>= 3;
182
183 check_mode:
184 /*
185 * If the DACs are ok we don't need any capability check.
186 */
187 if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask))
188 return 0;
189
190 check_capabilities:
191 /*
192 * Read/write DACs are always overridable.
193 * Executable DACs are overridable if at least one exec bit is set.
194 */
195 if (!(mask & MAY_EXEC) ||
196 (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
197 if (capable(CAP_DAC_OVERRIDE))
198 return 0;
199
200 /*
201 * Searching includes executable on directories, else just read.
202 */
203 if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
204 if (capable(CAP_DAC_READ_SEARCH))
205 return 0;
206
207 return -EACCES;
208 }
209
210 int jfs_init_acl(struct inode *inode, struct inode *dir)
211 {
212 struct posix_acl *acl = NULL;
213 struct posix_acl *clone;
214 mode_t mode;
215 int rc = 0;
216
217 if (S_ISLNK(inode->i_mode))
218 return 0;
219
220 acl = jfs_get_acl(dir, ACL_TYPE_DEFAULT);
221 if (IS_ERR(acl))
222 return PTR_ERR(acl);
223
224 if (acl) {
225 if (S_ISDIR(inode->i_mode)) {
226 rc = jfs_set_acl(inode, ACL_TYPE_DEFAULT, acl);
227 if (rc)
228 goto cleanup;
229 }
230 clone = posix_acl_clone(acl, GFP_KERNEL);
231 if (!clone) {
232 rc = -ENOMEM;
233 goto cleanup;
234 }
235 mode = inode->i_mode;
236 rc = posix_acl_create_masq(clone, &mode);
237 if (rc >= 0) {
238 inode->i_mode = mode;
239 if (rc > 0)
240 rc = jfs_set_acl(inode, ACL_TYPE_ACCESS, clone);
241 }
242 posix_acl_release(clone);
243 cleanup:
244 posix_acl_release(acl);
245 } else
246 inode->i_mode &= ~current->fs->umask;
247
248 return rc;
249 }
250
251 static int jfs_acl_chmod(struct inode *inode)
252 {
253 struct posix_acl *acl, *clone;
254 int rc;
255
256 if (S_ISLNK(inode->i_mode))
257 return -EOPNOTSUPP;
258
259 acl = jfs_get_acl(inode, ACL_TYPE_ACCESS);
260 if (IS_ERR(acl) || !acl)
261 return PTR_ERR(acl);
262
263 clone = posix_acl_clone(acl, GFP_KERNEL);
264 posix_acl_release(acl);
265 if (!clone)
266 return -ENOMEM;
267
268 rc = posix_acl_chmod_masq(clone, inode->i_mode);
269 if (!rc)
270 rc = jfs_set_acl(inode, ACL_TYPE_ACCESS, clone);
271
272 posix_acl_release(clone);
273 return rc;
274 }
275
276 int jfs_setattr(struct dentry *dentry, struct iattr *iattr)
277 {
278 struct inode *inode = dentry->d_inode;
279 int rc;
280
281 rc = inode_change_ok(inode, iattr);
282 if (rc)
283 return rc;
284
285 if ((iattr->ia_valid & ATTR_UID && iattr->ia_uid != inode->i_uid) ||
286 (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid)) {
287 if (DQUOT_TRANSFER(inode, iattr))
288 return -EDQUOT;
289 }
290
291 rc = inode_setattr(inode, iattr);
292
293 if (!rc && (iattr->ia_valid & ATTR_MODE))
294 rc = jfs_acl_chmod(inode);
295
296 return rc;
297 }
MOXA 2.6.9 from sdlinux-moxaart.tgz