1b3b94faaSDavid Teigland /* 2b3b94faaSDavid Teigland * Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved. 33a8a9a10SSteven Whitehouse * Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved. 4b3b94faaSDavid Teigland * 5b3b94faaSDavid Teigland * This copyrighted material is made available to anyone wishing to use, 6b3b94faaSDavid Teigland * modify, copy, or redistribute it subject to the terms and conditions 7e9fc2aa0SSteven Whitehouse * of the GNU General Public License version 2. 8b3b94faaSDavid Teigland */ 9b3b94faaSDavid Teigland 10b3b94faaSDavid Teigland #include <linux/sched.h> 11b3b94faaSDavid Teigland #include <linux/slab.h> 12b3b94faaSDavid Teigland #include <linux/spinlock.h> 13b3b94faaSDavid Teigland #include <linux/completion.h> 14b3b94faaSDavid Teigland #include <linux/buffer_head.h> 152646a1f6SSteven Whitehouse #include <linux/xattr.h> 16b3b94faaSDavid Teigland #include <linux/posix_acl.h> 17b3b94faaSDavid Teigland #include <linux/posix_acl_xattr.h> 185c676f6dSSteven Whitehouse #include <linux/gfs2_ondisk.h> 19b3b94faaSDavid Teigland 20b3b94faaSDavid Teigland #include "gfs2.h" 215c676f6dSSteven Whitehouse #include "incore.h" 22b3b94faaSDavid Teigland #include "acl.h" 23307cf6e6SSteven Whitehouse #include "xattr.h" 24b3b94faaSDavid Teigland #include "glock.h" 25b3b94faaSDavid Teigland #include "inode.h" 26b3b94faaSDavid Teigland #include "meta_io.h" 27b3b94faaSDavid Teigland #include "trans.h" 285c676f6dSSteven Whitehouse #include "util.h" 29b3b94faaSDavid Teigland 30479c427dSSteven Whitehouse static const char *gfs2_acl_name(int type) 31b3b94faaSDavid Teigland { 32479c427dSSteven Whitehouse switch (type) { 33479c427dSSteven Whitehouse case ACL_TYPE_ACCESS: 34479c427dSSteven Whitehouse return GFS2_POSIX_ACL_ACCESS; 35479c427dSSteven Whitehouse case ACL_TYPE_DEFAULT: 36479c427dSSteven Whitehouse return GFS2_POSIX_ACL_DEFAULT; 37479c427dSSteven Whitehouse } 38479c427dSSteven Whitehouse return NULL; 39479c427dSSteven Whitehouse } 40b3b94faaSDavid Teigland 41479c427dSSteven Whitehouse static struct posix_acl *gfs2_acl_get(struct gfs2_inode *ip, int type) 42479c427dSSteven Whitehouse { 43479c427dSSteven Whitehouse struct posix_acl *acl; 44479c427dSSteven Whitehouse const char *name; 45479c427dSSteven Whitehouse char *data; 46479c427dSSteven Whitehouse int len; 4740b78a32SSteven Whitehouse 483767ac21SSteven Whitehouse if (!ip->i_eattr) 49479c427dSSteven Whitehouse return NULL; 50b3b94faaSDavid Teigland 51106381bfSSteven Whitehouse acl = get_cached_acl(&ip->i_inode, type); 52106381bfSSteven Whitehouse if (acl != ACL_NOT_CACHED) 53106381bfSSteven Whitehouse return acl; 54106381bfSSteven Whitehouse 55479c427dSSteven Whitehouse name = gfs2_acl_name(type); 56479c427dSSteven Whitehouse if (name == NULL) 57479c427dSSteven Whitehouse return ERR_PTR(-EINVAL); 58b3b94faaSDavid Teigland 59479c427dSSteven Whitehouse len = gfs2_xattr_acl_get(ip, name, &data); 60479c427dSSteven Whitehouse if (len < 0) 61479c427dSSteven Whitehouse return ERR_PTR(len); 62479c427dSSteven Whitehouse if (len == 0) 63479c427dSSteven Whitehouse return NULL; 64b3b94faaSDavid Teigland 65479c427dSSteven Whitehouse acl = posix_acl_from_xattr(data, len); 6640b78a32SSteven Whitehouse kfree(data); 67479c427dSSteven Whitehouse return acl; 68b3b94faaSDavid Teigland } 69b3b94faaSDavid Teigland 70b3b94faaSDavid Teigland /** 7177386e1fSSteven Whitehouse * gfs2_check_acl - Check an ACL to see if we're allowed to do something 72b3b94faaSDavid Teigland * @inode: the file we want to do something to 73b3b94faaSDavid Teigland * @mask: what we want to do 74b3b94faaSDavid Teigland * 75b3b94faaSDavid Teigland * Returns: errno 76b3b94faaSDavid Teigland */ 77b3b94faaSDavid Teigland 7877386e1fSSteven Whitehouse int gfs2_check_acl(struct inode *inode, int mask) 79b3b94faaSDavid Teigland { 80479c427dSSteven Whitehouse struct posix_acl *acl; 81b3b94faaSDavid Teigland int error; 82b3b94faaSDavid Teigland 83479c427dSSteven Whitehouse acl = gfs2_acl_get(GFS2_I(inode), ACL_TYPE_ACCESS); 84479c427dSSteven Whitehouse if (IS_ERR(acl)) 85479c427dSSteven Whitehouse return PTR_ERR(acl); 86b3b94faaSDavid Teigland 87b3b94faaSDavid Teigland if (acl) { 88b3b94faaSDavid Teigland error = posix_acl_permission(inode, acl, mask); 89b3b94faaSDavid Teigland posix_acl_release(acl); 90b3b94faaSDavid Teigland return error; 91b3b94faaSDavid Teigland } 92b3b94faaSDavid Teigland 93b3b94faaSDavid Teigland return -EAGAIN; 94b3b94faaSDavid Teigland } 95b3b94faaSDavid Teigland 9669dca424SSteven Whitehouse static int gfs2_set_mode(struct inode *inode, mode_t mode) 97b3b94faaSDavid Teigland { 9869dca424SSteven Whitehouse int error = 0; 99b3b94faaSDavid Teigland 10069dca424SSteven Whitehouse if (mode != inode->i_mode) { 10169dca424SSteven Whitehouse struct iattr iattr; 102b3b94faaSDavid Teigland 10369dca424SSteven Whitehouse iattr.ia_valid = ATTR_MODE; 10469dca424SSteven Whitehouse iattr.ia_mode = mode; 10569dca424SSteven Whitehouse 10669dca424SSteven Whitehouse error = gfs2_setattr_simple(GFS2_I(inode), &iattr); 107b3b94faaSDavid Teigland } 108b3b94faaSDavid Teigland 10969dca424SSteven Whitehouse return error; 110b3b94faaSDavid Teigland } 111b3b94faaSDavid Teigland 112479c427dSSteven Whitehouse static int gfs2_acl_set(struct inode *inode, int type, struct posix_acl *acl) 113b3b94faaSDavid Teigland { 114b3b94faaSDavid Teigland int error; 115479c427dSSteven Whitehouse int len; 116479c427dSSteven Whitehouse char *data; 117479c427dSSteven Whitehouse const char *name = gfs2_acl_name(type); 118479c427dSSteven Whitehouse 119479c427dSSteven Whitehouse BUG_ON(name == NULL); 120479c427dSSteven Whitehouse len = posix_acl_to_xattr(acl, NULL, 0); 121479c427dSSteven Whitehouse if (len == 0) 122479c427dSSteven Whitehouse return 0; 123479c427dSSteven Whitehouse data = kmalloc(len, GFP_NOFS); 124479c427dSSteven Whitehouse if (data == NULL) 125479c427dSSteven Whitehouse return -ENOMEM; 126479c427dSSteven Whitehouse error = posix_acl_to_xattr(acl, data, len); 127479c427dSSteven Whitehouse if (error < 0) 128479c427dSSteven Whitehouse goto out; 129479c427dSSteven Whitehouse error = gfs2_xattr_set(inode, GFS2_EATYPE_SYS, name, data, len, 0); 130106381bfSSteven Whitehouse if (!error) 131106381bfSSteven Whitehouse set_cached_acl(inode, type, acl); 132479c427dSSteven Whitehouse out: 133479c427dSSteven Whitehouse kfree(data); 134479c427dSSteven Whitehouse return error; 135479c427dSSteven Whitehouse } 136479c427dSSteven Whitehouse 137479c427dSSteven Whitehouse int gfs2_acl_create(struct gfs2_inode *dip, struct inode *inode) 138479c427dSSteven Whitehouse { 139479c427dSSteven Whitehouse struct gfs2_sbd *sdp = GFS2_SB(&dip->i_inode); 140479c427dSSteven Whitehouse struct posix_acl *acl, *clone; 141479c427dSSteven Whitehouse mode_t mode = inode->i_mode; 142479c427dSSteven Whitehouse int error = 0; 143b3b94faaSDavid Teigland 144b3b94faaSDavid Teigland if (!sdp->sd_args.ar_posix_acl) 145b3b94faaSDavid Teigland return 0; 146479c427dSSteven Whitehouse if (S_ISLNK(inode->i_mode)) 147b3b94faaSDavid Teigland return 0; 148b3b94faaSDavid Teigland 149479c427dSSteven Whitehouse acl = gfs2_acl_get(dip, ACL_TYPE_DEFAULT); 150479c427dSSteven Whitehouse if (IS_ERR(acl)) 151479c427dSSteven Whitehouse return PTR_ERR(acl); 152b3b94faaSDavid Teigland if (!acl) { 153ce3b0f8dSAl Viro mode &= ~current_umask(); 154479c427dSSteven Whitehouse if (mode != inode->i_mode) 155479c427dSSteven Whitehouse error = gfs2_set_mode(inode, mode); 156b3b94faaSDavid Teigland return error; 157b3b94faaSDavid Teigland } 158b3b94faaSDavid Teigland 159479c427dSSteven Whitehouse if (S_ISDIR(inode->i_mode)) { 160479c427dSSteven Whitehouse error = gfs2_acl_set(inode, ACL_TYPE_DEFAULT, acl); 161479c427dSSteven Whitehouse if (error) 162479c427dSSteven Whitehouse goto out; 163479c427dSSteven Whitehouse } 164479c427dSSteven Whitehouse 16516c5f06fSJosef Bacik clone = posix_acl_clone(acl, GFP_NOFS); 166b3b94faaSDavid Teigland error = -ENOMEM; 167b3b94faaSDavid Teigland if (!clone) 168b3b94faaSDavid Teigland goto out; 169b3b94faaSDavid Teigland posix_acl_release(acl); 170b3b94faaSDavid Teigland acl = clone; 171b3b94faaSDavid Teigland 172b3b94faaSDavid Teigland error = posix_acl_create_masq(acl, &mode); 173b3b94faaSDavid Teigland if (error < 0) 174b3b94faaSDavid Teigland goto out; 17540b78a32SSteven Whitehouse if (error == 0) 17640b78a32SSteven Whitehouse goto munge; 17740b78a32SSteven Whitehouse 178479c427dSSteven Whitehouse error = gfs2_acl_set(inode, ACL_TYPE_ACCESS, acl); 179b3b94faaSDavid Teigland if (error) 180b3b94faaSDavid Teigland goto out; 18140b78a32SSteven Whitehouse munge: 182479c427dSSteven Whitehouse error = gfs2_set_mode(inode, mode); 183b3b94faaSDavid Teigland out: 184b3b94faaSDavid Teigland posix_acl_release(acl); 185b3b94faaSDavid Teigland return error; 186b3b94faaSDavid Teigland } 187b3b94faaSDavid Teigland 188b3b94faaSDavid Teigland int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr) 189b3b94faaSDavid Teigland { 190479c427dSSteven Whitehouse struct posix_acl *acl, *clone; 191b3b94faaSDavid Teigland char *data; 192b3b94faaSDavid Teigland unsigned int len; 193b3b94faaSDavid Teigland int error; 194b3b94faaSDavid Teigland 195479c427dSSteven Whitehouse acl = gfs2_acl_get(ip, ACL_TYPE_ACCESS); 196479c427dSSteven Whitehouse if (IS_ERR(acl)) 197479c427dSSteven Whitehouse return PTR_ERR(acl); 198b3b94faaSDavid Teigland if (!acl) 199b3b94faaSDavid Teigland return gfs2_setattr_simple(ip, attr); 200b3b94faaSDavid Teigland 20116c5f06fSJosef Bacik clone = posix_acl_clone(acl, GFP_NOFS); 202b3b94faaSDavid Teigland error = -ENOMEM; 203b3b94faaSDavid Teigland if (!clone) 204b3b94faaSDavid Teigland goto out; 205b3b94faaSDavid Teigland posix_acl_release(acl); 206b3b94faaSDavid Teigland acl = clone; 207b3b94faaSDavid Teigland 208b3b94faaSDavid Teigland error = posix_acl_chmod_masq(acl, attr->ia_mode); 209b3b94faaSDavid Teigland if (!error) { 210479c427dSSteven Whitehouse len = posix_acl_to_xattr(acl, NULL, 0); 211479c427dSSteven Whitehouse data = kmalloc(len, GFP_NOFS); 212479c427dSSteven Whitehouse error = -ENOMEM; 213479c427dSSteven Whitehouse if (data == NULL) 214479c427dSSteven Whitehouse goto out; 215b3b94faaSDavid Teigland posix_acl_to_xattr(acl, data, len); 216479c427dSSteven Whitehouse error = gfs2_xattr_acl_chmod(ip, attr, data); 217479c427dSSteven Whitehouse kfree(data); 218106381bfSSteven Whitehouse set_cached_acl(&ip->i_inode, ACL_TYPE_ACCESS, acl); 219b3b94faaSDavid Teigland } 220b3b94faaSDavid Teigland 221b3b94faaSDavid Teigland out: 222b3b94faaSDavid Teigland posix_acl_release(acl); 223b3b94faaSDavid Teigland return error; 224b3b94faaSDavid Teigland } 225b3b94faaSDavid Teigland 2262646a1f6SSteven Whitehouse static int gfs2_acl_type(const char *name) 2272646a1f6SSteven Whitehouse { 2282646a1f6SSteven Whitehouse if (strcmp(name, GFS2_POSIX_ACL_ACCESS) == 0) 2292646a1f6SSteven Whitehouse return ACL_TYPE_ACCESS; 2302646a1f6SSteven Whitehouse if (strcmp(name, GFS2_POSIX_ACL_DEFAULT) == 0) 2312646a1f6SSteven Whitehouse return ACL_TYPE_DEFAULT; 2322646a1f6SSteven Whitehouse return -EINVAL; 2332646a1f6SSteven Whitehouse } 2342646a1f6SSteven Whitehouse 2352646a1f6SSteven Whitehouse static int gfs2_xattr_system_get(struct inode *inode, const char *name, 2362646a1f6SSteven Whitehouse void *buffer, size_t size) 2372646a1f6SSteven Whitehouse { 238106381bfSSteven Whitehouse struct posix_acl *acl; 2392646a1f6SSteven Whitehouse int type; 240106381bfSSteven Whitehouse int error; 2412646a1f6SSteven Whitehouse 2422646a1f6SSteven Whitehouse type = gfs2_acl_type(name); 2432646a1f6SSteven Whitehouse if (type < 0) 2442646a1f6SSteven Whitehouse return type; 2452646a1f6SSteven Whitehouse 246106381bfSSteven Whitehouse acl = gfs2_acl_get(GFS2_I(inode), type); 247106381bfSSteven Whitehouse if (IS_ERR(acl)) 248106381bfSSteven Whitehouse return PTR_ERR(acl); 249106381bfSSteven Whitehouse if (acl == NULL) 250106381bfSSteven Whitehouse return -ENODATA; 2512646a1f6SSteven Whitehouse 252106381bfSSteven Whitehouse error = posix_acl_to_xattr(acl, buffer, size); 253106381bfSSteven Whitehouse posix_acl_release(acl); 254106381bfSSteven Whitehouse 255106381bfSSteven Whitehouse return error; 256106381bfSSteven Whitehouse } 2572646a1f6SSteven Whitehouse 2582646a1f6SSteven Whitehouse static int gfs2_xattr_system_set(struct inode *inode, const char *name, 2592646a1f6SSteven Whitehouse const void *value, size_t size, int flags) 2602646a1f6SSteven Whitehouse { 2612646a1f6SSteven Whitehouse struct gfs2_sbd *sdp = GFS2_SB(inode); 2622646a1f6SSteven Whitehouse struct posix_acl *acl = NULL; 2632646a1f6SSteven Whitehouse int error = 0, type; 2642646a1f6SSteven Whitehouse 2652646a1f6SSteven Whitehouse if (!sdp->sd_args.ar_posix_acl) 2662646a1f6SSteven Whitehouse return -EOPNOTSUPP; 2672646a1f6SSteven Whitehouse 2682646a1f6SSteven Whitehouse type = gfs2_acl_type(name); 2692646a1f6SSteven Whitehouse if (type < 0) 2702646a1f6SSteven Whitehouse return type; 2712646a1f6SSteven Whitehouse if (flags & XATTR_CREATE) 2722646a1f6SSteven Whitehouse return -EINVAL; 2732646a1f6SSteven Whitehouse if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) 2742646a1f6SSteven Whitehouse return value ? -EACCES : 0; 2752646a1f6SSteven Whitehouse if ((current_fsuid() != inode->i_uid) && !capable(CAP_FOWNER)) 2762646a1f6SSteven Whitehouse return -EPERM; 2772646a1f6SSteven Whitehouse if (S_ISLNK(inode->i_mode)) 2782646a1f6SSteven Whitehouse return -EOPNOTSUPP; 2792646a1f6SSteven Whitehouse 2802646a1f6SSteven Whitehouse if (!value) 2812646a1f6SSteven Whitehouse goto set_acl; 2822646a1f6SSteven Whitehouse 2832646a1f6SSteven Whitehouse acl = posix_acl_from_xattr(value, size); 2842646a1f6SSteven Whitehouse if (!acl) { 2852646a1f6SSteven Whitehouse /* 2862646a1f6SSteven Whitehouse * acl_set_file(3) may request that we set default ACLs with 2872646a1f6SSteven Whitehouse * zero length -- defend (gracefully) against that here. 2882646a1f6SSteven Whitehouse */ 2892646a1f6SSteven Whitehouse goto out; 2902646a1f6SSteven Whitehouse } 2912646a1f6SSteven Whitehouse if (IS_ERR(acl)) { 2922646a1f6SSteven Whitehouse error = PTR_ERR(acl); 2932646a1f6SSteven Whitehouse goto out; 2942646a1f6SSteven Whitehouse } 2952646a1f6SSteven Whitehouse 2962646a1f6SSteven Whitehouse error = posix_acl_valid(acl); 2972646a1f6SSteven Whitehouse if (error) 2982646a1f6SSteven Whitehouse goto out_release; 2992646a1f6SSteven Whitehouse 3002646a1f6SSteven Whitehouse error = -EINVAL; 3012646a1f6SSteven Whitehouse if (acl->a_count > GFS2_ACL_MAX_ENTRIES) 3022646a1f6SSteven Whitehouse goto out_release; 3032646a1f6SSteven Whitehouse 3042646a1f6SSteven Whitehouse if (type == ACL_TYPE_ACCESS) { 3052646a1f6SSteven Whitehouse mode_t mode = inode->i_mode; 3062646a1f6SSteven Whitehouse error = posix_acl_equiv_mode(acl, &mode); 3072646a1f6SSteven Whitehouse 3082646a1f6SSteven Whitehouse if (error <= 0) { 3092646a1f6SSteven Whitehouse posix_acl_release(acl); 3102646a1f6SSteven Whitehouse acl = NULL; 3112646a1f6SSteven Whitehouse 3122646a1f6SSteven Whitehouse if (error < 0) 3132646a1f6SSteven Whitehouse return error; 3142646a1f6SSteven Whitehouse } 3152646a1f6SSteven Whitehouse 3162646a1f6SSteven Whitehouse error = gfs2_set_mode(inode, mode); 3172646a1f6SSteven Whitehouse if (error) 3182646a1f6SSteven Whitehouse goto out_release; 3192646a1f6SSteven Whitehouse } 3202646a1f6SSteven Whitehouse 3212646a1f6SSteven Whitehouse set_acl: 3222646a1f6SSteven Whitehouse error = gfs2_xattr_set(inode, GFS2_EATYPE_SYS, name, value, size, 0); 323106381bfSSteven Whitehouse if (!error) { 324106381bfSSteven Whitehouse if (acl) 325106381bfSSteven Whitehouse set_cached_acl(inode, type, acl); 326106381bfSSteven Whitehouse else 327106381bfSSteven Whitehouse forget_cached_acl(inode, type); 328106381bfSSteven Whitehouse } 3292646a1f6SSteven Whitehouse out_release: 3302646a1f6SSteven Whitehouse posix_acl_release(acl); 3312646a1f6SSteven Whitehouse out: 3322646a1f6SSteven Whitehouse return error; 3332646a1f6SSteven Whitehouse } 3342646a1f6SSteven Whitehouse 3352646a1f6SSteven Whitehouse struct xattr_handler gfs2_xattr_system_handler = { 3362646a1f6SSteven Whitehouse .prefix = XATTR_SYSTEM_PREFIX, 3372646a1f6SSteven Whitehouse .get = gfs2_xattr_system_get, 3382646a1f6SSteven Whitehouse .set = gfs2_xattr_system_set, 3392646a1f6SSteven Whitehouse }; 3402646a1f6SSteven Whitehouse 341