search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 2.6.32.48
[linux/fpc-iii.git] / fs / gfs2 / acl.c
blob2168da1216475b2b9d3a9611730b77c89a3022d4
1 /*
2 * Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved.
3 * Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved.
4 *
5 * This copyrighted material is made available to anyone wishing to use,
6 * modify, copy, or redistribute it subject to the terms and conditions
7 * of the GNU General Public License version 2.
8 */
9
10 #include <linux/sched.h>
11 #include <linux/slab.h>
12 #include <linux/spinlock.h>
13 #include <linux/completion.h>
14 #include <linux/buffer_head.h>
15 #include <linux/xattr.h>
16 #include <linux/posix_acl.h>
17 #include <linux/posix_acl_xattr.h>
18 #include <linux/gfs2_ondisk.h>
19
20 #include "gfs2.h"
21 #include "incore.h"
22 #include "acl.h"
23 #include "xattr.h"
24 #include "glock.h"
25 #include "inode.h"
26 #include "meta_io.h"
27 #include "trans.h"
28 #include "util.h"
29
30 static int acl_get(struct gfs2_inode *ip, const char *name,
31 struct posix_acl **acl, struct gfs2_ea_location *el,
32 char **datap, unsigned int *lenp)
33 {
34 char *data;
35 unsigned int len;
36 int error;
37
38 el->el_bh = NULL;
39
40 if (!ip->i_eattr)
41 return 0;
42
43 error = gfs2_ea_find(ip, GFS2_EATYPE_SYS, name, el);
44 if (error)
45 return error;
46 if (!el->el_ea)
47 return 0;
48 if (!GFS2_EA_DATA_LEN(el->el_ea))
49 goto out;
50
51 len = GFS2_EA_DATA_LEN(el->el_ea);
52 data = kmalloc(len, GFP_NOFS);
53 error = -ENOMEM;
54 if (!data)
55 goto out;
56
57 error = gfs2_ea_get_copy(ip, el, data, len);
58 if (error < 0)
59 goto out_kfree;
60 error = 0;
61
62 if (acl) {
63 *acl = posix_acl_from_xattr(data, len);
64 if (IS_ERR(*acl))
65 error = PTR_ERR(*acl);
66 }
67
68 out_kfree:
69 if (error || !datap) {
70 kfree(data);
71 } else {
72 *datap = data;
73 *lenp = len;
74 }
75 out:
76 return error;
77 }
78
79 /**
80 * gfs2_check_acl - Check an ACL to see if we're allowed to do something
81 * @inode: the file we want to do something to
82 * @mask: what we want to do
83 *
84 * Returns: errno
85 */
86
87 int gfs2_check_acl(struct inode *inode, int mask)
88 {
89 struct gfs2_ea_location el;
90 struct posix_acl *acl = NULL;
91 int error;
92
93 error = acl_get(GFS2_I(inode), GFS2_POSIX_ACL_ACCESS, &acl, &el, NULL, NULL);
94 brelse(el.el_bh);
95 if (error)
96 return error;
97
98 if (acl) {
99 error = posix_acl_permission(inode, acl, mask);
100 posix_acl_release(acl);
101 return error;
102 }
103
104 return -EAGAIN;
105 }
106
107 static int munge_mode(struct gfs2_inode *ip, mode_t mode)
108 {
109 struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode);
110 struct buffer_head *dibh;
111 int error;
112
113 error = gfs2_trans_begin(sdp, RES_DINODE, 0);
114 if (error)
115 return error;
116
117 error = gfs2_meta_inode_buffer(ip, &dibh);
118 if (!error) {
119 gfs2_assert_withdraw(sdp,
120 (ip->i_inode.i_mode & S_IFMT) == (mode & S_IFMT));
121 ip->i_inode.i_mode = mode;
122 gfs2_trans_add_bh(ip->i_gl, dibh, 1);
123 gfs2_dinode_out(ip, dibh->b_data);
124 brelse(dibh);
125 }
126
127 gfs2_trans_end(sdp);
128
129 return 0;
130 }
131
132 int gfs2_acl_create(struct gfs2_inode *dip, struct gfs2_inode *ip)
133 {
134 struct gfs2_ea_location el;
135 struct gfs2_sbd *sdp = GFS2_SB(&dip->i_inode);
136 struct posix_acl *acl = NULL, *clone;
137 mode_t mode = ip->i_inode.i_mode;
138 char *data = NULL;
139 unsigned int len;
140 int error;
141
142 if (!sdp->sd_args.ar_posix_acl)
143 return 0;
144 if (S_ISLNK(ip->i_inode.i_mode))
145 return 0;
146
147 error = acl_get(dip, GFS2_POSIX_ACL_DEFAULT, &acl, &el, &data, &len);
148 brelse(el.el_bh);
149 if (error)
150 return error;
151 if (!acl) {
152 mode &= ~current_umask();
153 if (mode != ip->i_inode.i_mode)
154 error = munge_mode(ip, mode);
155 return error;
156 }
157
158 clone = posix_acl_clone(acl, GFP_NOFS);
159 error = -ENOMEM;
160 if (!clone)
161 goto out;
162 posix_acl_release(acl);
163 acl = clone;
164
165 if (S_ISDIR(ip->i_inode.i_mode)) {
166 error = gfs2_xattr_set(&ip->i_inode, GFS2_EATYPE_SYS,
167 GFS2_POSIX_ACL_DEFAULT, data, len, 0);
168 if (error)
169 goto out;
170 }
171
172 error = posix_acl_create_masq(acl, &mode);
173 if (error < 0)
174 goto out;
175 if (error == 0)
176 goto munge;
177
178 posix_acl_to_xattr(acl, data, len);
179 error = gfs2_xattr_set(&ip->i_inode, GFS2_EATYPE_SYS,
180 GFS2_POSIX_ACL_ACCESS, data, len, 0);
181 if (error)
182 goto out;
183 munge:
184 error = munge_mode(ip, mode);
185 out:
186 posix_acl_release(acl);
187 kfree(data);
188 return error;
189 }
190
191 int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr)
192 {
193 struct posix_acl *acl = NULL, *clone;
194 struct gfs2_ea_location el;
195 char *data;
196 unsigned int len;
197 int error;
198
199 error = acl_get(ip, GFS2_POSIX_ACL_ACCESS, &acl, &el, &data, &len);
200 if (error)
201 goto out_brelse;
202 if (!acl)
203 return gfs2_setattr_simple(ip, attr);
204
205 clone = posix_acl_clone(acl, GFP_NOFS);
206 error = -ENOMEM;
207 if (!clone)
208 goto out;
209 posix_acl_release(acl);
210 acl = clone;
211
212 error = posix_acl_chmod_masq(acl, attr->ia_mode);
213 if (!error) {
214 posix_acl_to_xattr(acl, data, len);
215 error = gfs2_ea_acl_chmod(ip, &el, attr, data);
216 }
217
218 out:
219 posix_acl_release(acl);
220 kfree(data);
221 out_brelse:
222 brelse(el.el_bh);
223 return error;
224 }
225
226 static int gfs2_acl_type(const char *name)
227 {
228 if (strcmp(name, GFS2_POSIX_ACL_ACCESS) == 0)
229 return ACL_TYPE_ACCESS;
230 if (strcmp(name, GFS2_POSIX_ACL_DEFAULT) == 0)
231 return ACL_TYPE_DEFAULT;
232 return -EINVAL;
233 }
234
235 static int gfs2_xattr_system_get(struct inode *inode, const char *name,
236 void *buffer, size_t size)
237 {
238 int type;
239
240 type = gfs2_acl_type(name);
241 if (type < 0)
242 return type;
243
244 return gfs2_xattr_get(inode, GFS2_EATYPE_SYS, name, buffer, size);
245 }
246
247 static int gfs2_set_mode(struct inode *inode, mode_t mode)
248 {
249 int error = 0;
250
251 if (mode != inode->i_mode) {
252 struct iattr iattr;
253
254 iattr.ia_valid = ATTR_MODE;
255 iattr.ia_mode = mode;
256
257 error = gfs2_setattr_simple(GFS2_I(inode), &iattr);
258 }
259
260 return error;
261 }
262
263 static int gfs2_xattr_system_set(struct inode *inode, const char *name,
264 const void *value, size_t size, int flags)
265 {
266 struct gfs2_sbd *sdp = GFS2_SB(inode);
267 struct posix_acl *acl = NULL;
268 int error = 0, type;
269
270 if (!sdp->sd_args.ar_posix_acl)
271 return -EOPNOTSUPP;
272
273 type = gfs2_acl_type(name);
274 if (type < 0)
275 return type;
276 if (flags & XATTR_CREATE)
277 return -EINVAL;
278 if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
279 return value ? -EACCES : 0;
280 if ((current_fsuid() != inode->i_uid) && !capable(CAP_FOWNER))
281 return -EPERM;
282 if (S_ISLNK(inode->i_mode))
283 return -EOPNOTSUPP;
284
285 if (!value)
286 goto set_acl;
287
288 acl = posix_acl_from_xattr(value, size);
289 if (!acl) {
290 /*
291 * acl_set_file(3) may request that we set default ACLs with
292 * zero length -- defend (gracefully) against that here.
293 */
294 goto out;
295 }
296 if (IS_ERR(acl)) {
297 error = PTR_ERR(acl);
298 goto out;
299 }
300
301 error = posix_acl_valid(acl);
302 if (error)
303 goto out_release;
304
305 error = -EINVAL;
306 if (acl->a_count > GFS2_ACL_MAX_ENTRIES)
307 goto out_release;
308
309 if (type == ACL_TYPE_ACCESS) {
310 mode_t mode = inode->i_mode;
311 error = posix_acl_equiv_mode(acl, &mode);
312
313 if (error <= 0) {
314 posix_acl_release(acl);
315 acl = NULL;
316
317 if (error < 0)
318 return error;
319 }
320
321 error = gfs2_set_mode(inode, mode);
322 if (error)
323 goto out_release;
324 }
325
326 set_acl:
327 error = gfs2_xattr_set(inode, GFS2_EATYPE_SYS, name, value, size, 0);
328 out_release:
329 posix_acl_release(acl);
330 out:
331 return error;
332 }
333
334 struct xattr_handler gfs2_xattr_system_handler = {
335 .prefix = XATTR_SYSTEM_PREFIX,
336 .get = gfs2_xattr_system_get,
337 .set = gfs2_xattr_system_set,
338 };
339
Linux with added FPC-III support