1b3b94faaSDavid Teigland /* 2b3b94faaSDavid Teigland * Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved. 33a8a9a10SSteven Whitehouse * Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved. 4b3b94faaSDavid Teigland * 5b3b94faaSDavid Teigland * This copyrighted material is made available to anyone wishing to use, 6b3b94faaSDavid Teigland * modify, copy, or redistribute it subject to the terms and conditions 7e9fc2aa0SSteven Whitehouse * of the GNU General Public License version 2. 8b3b94faaSDavid Teigland */ 9b3b94faaSDavid Teigland 10b3b94faaSDavid Teigland #include <linux/sched.h> 11b3b94faaSDavid Teigland #include <linux/slab.h> 12b3b94faaSDavid Teigland #include <linux/spinlock.h> 13b3b94faaSDavid Teigland #include <linux/completion.h> 14b3b94faaSDavid Teigland #include <linux/buffer_head.h> 152646a1f6SSteven Whitehouse #include <linux/xattr.h> 16b3b94faaSDavid Teigland #include <linux/posix_acl.h> 17b3b94faaSDavid Teigland #include <linux/posix_acl_xattr.h> 185c676f6dSSteven Whitehouse #include <linux/gfs2_ondisk.h> 19b3b94faaSDavid Teigland 20b3b94faaSDavid Teigland #include "gfs2.h" 215c676f6dSSteven Whitehouse #include "incore.h" 22b3b94faaSDavid Teigland #include "acl.h" 23307cf6e6SSteven Whitehouse #include "xattr.h" 24b3b94faaSDavid Teigland #include "glock.h" 25b3b94faaSDavid Teigland #include "inode.h" 26b3b94faaSDavid Teigland #include "meta_io.h" 27b3b94faaSDavid Teigland #include "trans.h" 285c676f6dSSteven Whitehouse #include "util.h" 29b3b94faaSDavid Teigland 3040b78a32SSteven Whitehouse static int acl_get(struct gfs2_inode *ip, const char *name, 3140b78a32SSteven Whitehouse struct posix_acl **acl, struct gfs2_ea_location *el, 3240b78a32SSteven Whitehouse char **datap, unsigned int *lenp) 33b3b94faaSDavid Teigland { 3440b78a32SSteven Whitehouse char *data; 3540b78a32SSteven Whitehouse unsigned int len; 36b3b94faaSDavid Teigland int error; 37b3b94faaSDavid Teigland 3840b78a32SSteven Whitehouse el->el_bh = NULL; 3940b78a32SSteven Whitehouse 403767ac21SSteven Whitehouse if (!ip->i_eattr) 41b3b94faaSDavid Teigland return 0; 42b3b94faaSDavid Teigland 4340b78a32SSteven Whitehouse error = gfs2_ea_find(ip, GFS2_EATYPE_SYS, name, el); 44b3b94faaSDavid Teigland if (error) 45b3b94faaSDavid Teigland return error; 46b3b94faaSDavid Teigland if (!el->el_ea) 47b3b94faaSDavid Teigland return 0; 48b3b94faaSDavid Teigland if (!GFS2_EA_DATA_LEN(el->el_ea)) 49b3b94faaSDavid Teigland goto out; 50b3b94faaSDavid Teigland 5140b78a32SSteven Whitehouse len = GFS2_EA_DATA_LEN(el->el_ea); 5240b78a32SSteven Whitehouse data = kmalloc(len, GFP_NOFS); 53b3b94faaSDavid Teigland error = -ENOMEM; 5440b78a32SSteven Whitehouse if (!data) 55b3b94faaSDavid Teigland goto out; 56b3b94faaSDavid Teigland 5740b78a32SSteven Whitehouse error = gfs2_ea_get_copy(ip, el, data, len); 5840b78a32SSteven Whitehouse if (error < 0) 59b3b94faaSDavid Teigland goto out_kfree; 6040b78a32SSteven Whitehouse error = 0; 61b3b94faaSDavid Teigland 62b3b94faaSDavid Teigland if (acl) { 6340b78a32SSteven Whitehouse *acl = posix_acl_from_xattr(data, len); 64b3b94faaSDavid Teigland if (IS_ERR(*acl)) 65b3b94faaSDavid Teigland error = PTR_ERR(*acl); 66b3b94faaSDavid Teigland } 67b3b94faaSDavid Teigland 68b3b94faaSDavid Teigland out_kfree: 6940b78a32SSteven Whitehouse if (error || !datap) { 7040b78a32SSteven Whitehouse kfree(data); 7140b78a32SSteven Whitehouse } else { 7240b78a32SSteven Whitehouse *datap = data; 7340b78a32SSteven Whitehouse *lenp = len; 74b3b94faaSDavid Teigland } 75b3b94faaSDavid Teigland out: 76b3b94faaSDavid Teigland return error; 77b3b94faaSDavid Teigland } 78b3b94faaSDavid Teigland 79b3b94faaSDavid Teigland /** 8077386e1fSSteven Whitehouse * gfs2_check_acl - Check an ACL to see if we're allowed to do something 81b3b94faaSDavid Teigland * @inode: the file we want to do something to 82b3b94faaSDavid Teigland * @mask: what we want to do 83b3b94faaSDavid Teigland * 84b3b94faaSDavid Teigland * Returns: errno 85b3b94faaSDavid Teigland */ 86b3b94faaSDavid Teigland 8777386e1fSSteven Whitehouse int gfs2_check_acl(struct inode *inode, int mask) 88b3b94faaSDavid Teigland { 8940b78a32SSteven Whitehouse struct gfs2_ea_location el; 90b3b94faaSDavid Teigland struct posix_acl *acl = NULL; 91b3b94faaSDavid Teigland int error; 92b3b94faaSDavid Teigland 9340b78a32SSteven Whitehouse error = acl_get(GFS2_I(inode), GFS2_POSIX_ACL_ACCESS, &acl, &el, NULL, NULL); 9440b78a32SSteven Whitehouse brelse(el.el_bh); 95b3b94faaSDavid Teigland if (error) 96b3b94faaSDavid Teigland return error; 97b3b94faaSDavid Teigland 98b3b94faaSDavid Teigland if (acl) { 99b3b94faaSDavid Teigland error = posix_acl_permission(inode, acl, mask); 100b3b94faaSDavid Teigland posix_acl_release(acl); 101b3b94faaSDavid Teigland return error; 102b3b94faaSDavid Teigland } 103b3b94faaSDavid Teigland 104b3b94faaSDavid Teigland return -EAGAIN; 105b3b94faaSDavid Teigland } 106b3b94faaSDavid Teigland 107b3b94faaSDavid Teigland static int munge_mode(struct gfs2_inode *ip, mode_t mode) 108b3b94faaSDavid Teigland { 109feaa7bbaSSteven Whitehouse struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode); 110b3b94faaSDavid Teigland struct buffer_head *dibh; 111b3b94faaSDavid Teigland int error; 112b3b94faaSDavid Teigland 113b3b94faaSDavid Teigland error = gfs2_trans_begin(sdp, RES_DINODE, 0); 114b3b94faaSDavid Teigland if (error) 115b3b94faaSDavid Teigland return error; 116b3b94faaSDavid Teigland 117b3b94faaSDavid Teigland error = gfs2_meta_inode_buffer(ip, &dibh); 118b3b94faaSDavid Teigland if (!error) { 119b3b94faaSDavid Teigland gfs2_assert_withdraw(sdp, 120b60623c2SSteven Whitehouse (ip->i_inode.i_mode & S_IFMT) == (mode & S_IFMT)); 121b60623c2SSteven Whitehouse ip->i_inode.i_mode = mode; 122d4e9c4c3SSteven Whitehouse gfs2_trans_add_bh(ip->i_gl, dibh, 1); 123539e5d6bSSteven Whitehouse gfs2_dinode_out(ip, dibh->b_data); 124b3b94faaSDavid Teigland brelse(dibh); 125b3b94faaSDavid Teigland } 126b3b94faaSDavid Teigland 127b3b94faaSDavid Teigland gfs2_trans_end(sdp); 128b3b94faaSDavid Teigland 129b3b94faaSDavid Teigland return 0; 130b3b94faaSDavid Teigland } 131b3b94faaSDavid Teigland 132b3b94faaSDavid Teigland int gfs2_acl_create(struct gfs2_inode *dip, struct gfs2_inode *ip) 133b3b94faaSDavid Teigland { 13440b78a32SSteven Whitehouse struct gfs2_ea_location el; 135feaa7bbaSSteven Whitehouse struct gfs2_sbd *sdp = GFS2_SB(&dip->i_inode); 136b3b94faaSDavid Teigland struct posix_acl *acl = NULL, *clone; 137b60623c2SSteven Whitehouse mode_t mode = ip->i_inode.i_mode; 13840b78a32SSteven Whitehouse char *data = NULL; 13940b78a32SSteven Whitehouse unsigned int len; 140b3b94faaSDavid Teigland int error; 141b3b94faaSDavid Teigland 142b3b94faaSDavid Teigland if (!sdp->sd_args.ar_posix_acl) 143b3b94faaSDavid Teigland return 0; 144b60623c2SSteven Whitehouse if (S_ISLNK(ip->i_inode.i_mode)) 145b3b94faaSDavid Teigland return 0; 146b3b94faaSDavid Teigland 14740b78a32SSteven Whitehouse error = acl_get(dip, GFS2_POSIX_ACL_DEFAULT, &acl, &el, &data, &len); 14840b78a32SSteven Whitehouse brelse(el.el_bh); 149b3b94faaSDavid Teigland if (error) 150b3b94faaSDavid Teigland return error; 151b3b94faaSDavid Teigland if (!acl) { 152ce3b0f8dSAl Viro mode &= ~current_umask(); 153b60623c2SSteven Whitehouse if (mode != ip->i_inode.i_mode) 154b3b94faaSDavid Teigland error = munge_mode(ip, mode); 155b3b94faaSDavid Teigland return error; 156b3b94faaSDavid Teigland } 157b3b94faaSDavid Teigland 15816c5f06fSJosef Bacik clone = posix_acl_clone(acl, GFP_NOFS); 159b3b94faaSDavid Teigland error = -ENOMEM; 160b3b94faaSDavid Teigland if (!clone) 161b3b94faaSDavid Teigland goto out; 162b3b94faaSDavid Teigland posix_acl_release(acl); 163b3b94faaSDavid Teigland acl = clone; 164b3b94faaSDavid Teigland 165b60623c2SSteven Whitehouse if (S_ISDIR(ip->i_inode.i_mode)) { 16640b78a32SSteven Whitehouse error = gfs2_xattr_set(&ip->i_inode, GFS2_EATYPE_SYS, 16740b78a32SSteven Whitehouse GFS2_POSIX_ACL_DEFAULT, data, len, 0); 168b3b94faaSDavid Teigland if (error) 169b3b94faaSDavid Teigland goto out; 170b3b94faaSDavid Teigland } 171b3b94faaSDavid Teigland 172b3b94faaSDavid Teigland error = posix_acl_create_masq(acl, &mode); 173b3b94faaSDavid Teigland if (error < 0) 174b3b94faaSDavid Teigland goto out; 17540b78a32SSteven Whitehouse if (error == 0) 17640b78a32SSteven Whitehouse goto munge; 17740b78a32SSteven Whitehouse 17840b78a32SSteven Whitehouse posix_acl_to_xattr(acl, data, len); 17940b78a32SSteven Whitehouse error = gfs2_xattr_set(&ip->i_inode, GFS2_EATYPE_SYS, 18040b78a32SSteven Whitehouse GFS2_POSIX_ACL_ACCESS, data, len, 0); 181b3b94faaSDavid Teigland if (error) 182b3b94faaSDavid Teigland goto out; 18340b78a32SSteven Whitehouse munge: 18440b78a32SSteven Whitehouse error = munge_mode(ip, mode); 185b3b94faaSDavid Teigland out: 186b3b94faaSDavid Teigland posix_acl_release(acl); 18740b78a32SSteven Whitehouse kfree(data); 188b3b94faaSDavid Teigland return error; 189b3b94faaSDavid Teigland } 190b3b94faaSDavid Teigland 191b3b94faaSDavid Teigland int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr) 192b3b94faaSDavid Teigland { 193b3b94faaSDavid Teigland struct posix_acl *acl = NULL, *clone; 194b3b94faaSDavid Teigland struct gfs2_ea_location el; 195b3b94faaSDavid Teigland char *data; 196b3b94faaSDavid Teigland unsigned int len; 197b3b94faaSDavid Teigland int error; 198b3b94faaSDavid Teigland 19940b78a32SSteven Whitehouse error = acl_get(ip, GFS2_POSIX_ACL_ACCESS, &acl, &el, &data, &len); 200b3b94faaSDavid Teigland if (error) 20140b78a32SSteven Whitehouse goto out_brelse; 202b3b94faaSDavid Teigland if (!acl) 203b3b94faaSDavid Teigland return gfs2_setattr_simple(ip, attr); 204b3b94faaSDavid Teigland 20516c5f06fSJosef Bacik clone = posix_acl_clone(acl, GFP_NOFS); 206b3b94faaSDavid Teigland error = -ENOMEM; 207b3b94faaSDavid Teigland if (!clone) 208b3b94faaSDavid Teigland goto out; 209b3b94faaSDavid Teigland posix_acl_release(acl); 210b3b94faaSDavid Teigland acl = clone; 211b3b94faaSDavid Teigland 212b3b94faaSDavid Teigland error = posix_acl_chmod_masq(acl, attr->ia_mode); 213b3b94faaSDavid Teigland if (!error) { 214b3b94faaSDavid Teigland posix_acl_to_xattr(acl, data, len); 215b3b94faaSDavid Teigland error = gfs2_ea_acl_chmod(ip, &el, attr, data); 216b3b94faaSDavid Teigland } 217b3b94faaSDavid Teigland 218b3b94faaSDavid Teigland out: 219b3b94faaSDavid Teigland posix_acl_release(acl); 220b3b94faaSDavid Teigland kfree(data); 22140b78a32SSteven Whitehouse out_brelse: 22240b78a32SSteven Whitehouse brelse(el.el_bh); 223b3b94faaSDavid Teigland return error; 224b3b94faaSDavid Teigland } 225b3b94faaSDavid Teigland 2262646a1f6SSteven Whitehouse static int gfs2_acl_type(const char *name) 2272646a1f6SSteven Whitehouse { 2282646a1f6SSteven Whitehouse if (strcmp(name, GFS2_POSIX_ACL_ACCESS) == 0) 2292646a1f6SSteven Whitehouse return ACL_TYPE_ACCESS; 2302646a1f6SSteven Whitehouse if (strcmp(name, GFS2_POSIX_ACL_DEFAULT) == 0) 2312646a1f6SSteven Whitehouse return ACL_TYPE_DEFAULT; 2322646a1f6SSteven Whitehouse return -EINVAL; 2332646a1f6SSteven Whitehouse } 2342646a1f6SSteven Whitehouse 2352646a1f6SSteven Whitehouse static int gfs2_xattr_system_get(struct inode *inode, const char *name, 2362646a1f6SSteven Whitehouse void *buffer, size_t size) 2372646a1f6SSteven Whitehouse { 2382646a1f6SSteven Whitehouse int type; 2392646a1f6SSteven Whitehouse 2402646a1f6SSteven Whitehouse type = gfs2_acl_type(name); 2412646a1f6SSteven Whitehouse if (type < 0) 2422646a1f6SSteven Whitehouse return type; 2432646a1f6SSteven Whitehouse 2442646a1f6SSteven Whitehouse return gfs2_xattr_get(inode, GFS2_EATYPE_SYS, name, buffer, size); 2452646a1f6SSteven Whitehouse } 2462646a1f6SSteven Whitehouse 2472646a1f6SSteven Whitehouse static int gfs2_set_mode(struct inode *inode, mode_t mode) 2482646a1f6SSteven Whitehouse { 2492646a1f6SSteven Whitehouse int error = 0; 2502646a1f6SSteven Whitehouse 2512646a1f6SSteven Whitehouse if (mode != inode->i_mode) { 2522646a1f6SSteven Whitehouse struct iattr iattr; 2532646a1f6SSteven Whitehouse 2542646a1f6SSteven Whitehouse iattr.ia_valid = ATTR_MODE; 2552646a1f6SSteven Whitehouse iattr.ia_mode = mode; 2562646a1f6SSteven Whitehouse 2572646a1f6SSteven Whitehouse error = gfs2_setattr_simple(GFS2_I(inode), &iattr); 2582646a1f6SSteven Whitehouse } 2592646a1f6SSteven Whitehouse 2602646a1f6SSteven Whitehouse return error; 2612646a1f6SSteven Whitehouse } 2622646a1f6SSteven Whitehouse 2632646a1f6SSteven Whitehouse static int gfs2_xattr_system_set(struct inode *inode, const char *name, 2642646a1f6SSteven Whitehouse const void *value, size_t size, int flags) 2652646a1f6SSteven Whitehouse { 2662646a1f6SSteven Whitehouse struct gfs2_sbd *sdp = GFS2_SB(inode); 2672646a1f6SSteven Whitehouse struct posix_acl *acl = NULL; 2682646a1f6SSteven Whitehouse int error = 0, type; 2692646a1f6SSteven Whitehouse 2702646a1f6SSteven Whitehouse if (!sdp->sd_args.ar_posix_acl) 2712646a1f6SSteven Whitehouse return -EOPNOTSUPP; 2722646a1f6SSteven Whitehouse 2732646a1f6SSteven Whitehouse type = gfs2_acl_type(name); 2742646a1f6SSteven Whitehouse if (type < 0) 2752646a1f6SSteven Whitehouse return type; 2762646a1f6SSteven Whitehouse if (flags & XATTR_CREATE) 2772646a1f6SSteven Whitehouse return -EINVAL; 2782646a1f6SSteven Whitehouse if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) 2792646a1f6SSteven Whitehouse return value ? -EACCES : 0; 2802646a1f6SSteven Whitehouse if ((current_fsuid() != inode->i_uid) && !capable(CAP_FOWNER)) 2812646a1f6SSteven Whitehouse return -EPERM; 2822646a1f6SSteven Whitehouse if (S_ISLNK(inode->i_mode)) 2832646a1f6SSteven Whitehouse return -EOPNOTSUPP; 2842646a1f6SSteven Whitehouse 2852646a1f6SSteven Whitehouse if (!value) 2862646a1f6SSteven Whitehouse goto set_acl; 2872646a1f6SSteven Whitehouse 2882646a1f6SSteven Whitehouse acl = posix_acl_from_xattr(value, size); 2892646a1f6SSteven Whitehouse if (!acl) { 2902646a1f6SSteven Whitehouse /* 2912646a1f6SSteven Whitehouse * acl_set_file(3) may request that we set default ACLs with 2922646a1f6SSteven Whitehouse * zero length -- defend (gracefully) against that here. 2932646a1f6SSteven Whitehouse */ 2942646a1f6SSteven Whitehouse goto out; 2952646a1f6SSteven Whitehouse } 2962646a1f6SSteven Whitehouse if (IS_ERR(acl)) { 2972646a1f6SSteven Whitehouse error = PTR_ERR(acl); 2982646a1f6SSteven Whitehouse goto out; 2992646a1f6SSteven Whitehouse } 3002646a1f6SSteven Whitehouse 3012646a1f6SSteven Whitehouse error = posix_acl_valid(acl); 3022646a1f6SSteven Whitehouse if (error) 3032646a1f6SSteven Whitehouse goto out_release; 3042646a1f6SSteven Whitehouse 3052646a1f6SSteven Whitehouse error = -EINVAL; 3062646a1f6SSteven Whitehouse if (acl->a_count > GFS2_ACL_MAX_ENTRIES) 3072646a1f6SSteven Whitehouse goto out_release; 3082646a1f6SSteven Whitehouse 3092646a1f6SSteven Whitehouse if (type == ACL_TYPE_ACCESS) { 3102646a1f6SSteven Whitehouse mode_t mode = inode->i_mode; 3112646a1f6SSteven Whitehouse error = posix_acl_equiv_mode(acl, &mode); 3122646a1f6SSteven Whitehouse 3132646a1f6SSteven Whitehouse if (error <= 0) { 3142646a1f6SSteven Whitehouse posix_acl_release(acl); 3152646a1f6SSteven Whitehouse acl = NULL; 3162646a1f6SSteven Whitehouse 3172646a1f6SSteven Whitehouse if (error < 0) 3182646a1f6SSteven Whitehouse return error; 3192646a1f6SSteven Whitehouse } 3202646a1f6SSteven Whitehouse 3212646a1f6SSteven Whitehouse error = gfs2_set_mode(inode, mode); 3222646a1f6SSteven Whitehouse if (error) 3232646a1f6SSteven Whitehouse goto out_release; 3242646a1f6SSteven Whitehouse } 3252646a1f6SSteven Whitehouse 3262646a1f6SSteven Whitehouse set_acl: 3272646a1f6SSteven Whitehouse error = gfs2_xattr_set(inode, GFS2_EATYPE_SYS, name, value, size, 0); 3282646a1f6SSteven Whitehouse out_release: 3292646a1f6SSteven Whitehouse posix_acl_release(acl); 3302646a1f6SSteven Whitehouse out: 3312646a1f6SSteven Whitehouse return error; 3322646a1f6SSteven Whitehouse } 3332646a1f6SSteven Whitehouse 3342646a1f6SSteven Whitehouse struct xattr_handler gfs2_xattr_system_handler = { 3352646a1f6SSteven Whitehouse .prefix = XATTR_SYSTEM_PREFIX, 3362646a1f6SSteven Whitehouse .get = gfs2_xattr_system_get, 3372646a1f6SSteven Whitehouse .set = gfs2_xattr_system_set, 3382646a1f6SSteven Whitehouse }; 3392646a1f6SSteven Whitehouse 340