1b3b94faaSDavid Teigland /* 2b3b94faaSDavid Teigland * Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved. 33a8a9a10SSteven Whitehouse * Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved. 4b3b94faaSDavid Teigland * 5b3b94faaSDavid Teigland * This copyrighted material is made available to anyone wishing to use, 6b3b94faaSDavid Teigland * modify, copy, or redistribute it subject to the terms and conditions 7e9fc2aa0SSteven Whitehouse * of the GNU General Public License version 2. 8b3b94faaSDavid Teigland */ 9b3b94faaSDavid Teigland 10b3b94faaSDavid Teigland #include <linux/sched.h> 11b3b94faaSDavid Teigland #include <linux/slab.h> 12b3b94faaSDavid Teigland #include <linux/spinlock.h> 13b3b94faaSDavid Teigland #include <linux/completion.h> 14b3b94faaSDavid Teigland #include <linux/buffer_head.h> 15b3b94faaSDavid Teigland #include <linux/posix_acl.h> 16b3b94faaSDavid Teigland #include <linux/posix_acl_xattr.h> 175c676f6dSSteven Whitehouse #include <linux/gfs2_ondisk.h> 18b3b94faaSDavid Teigland 19b3b94faaSDavid Teigland #include "gfs2.h" 205c676f6dSSteven Whitehouse #include "incore.h" 21b3b94faaSDavid Teigland #include "acl.h" 22b3b94faaSDavid Teigland #include "eattr.h" 23b3b94faaSDavid Teigland #include "glock.h" 24b3b94faaSDavid Teigland #include "inode.h" 25b3b94faaSDavid Teigland #include "meta_io.h" 26b3b94faaSDavid Teigland #include "trans.h" 275c676f6dSSteven Whitehouse #include "util.h" 28b3b94faaSDavid Teigland 29b3b94faaSDavid Teigland #define ACL_ACCESS 1 30b3b94faaSDavid Teigland #define ACL_DEFAULT 0 31b3b94faaSDavid Teigland 32b3b94faaSDavid Teigland int gfs2_acl_validate_set(struct gfs2_inode *ip, int access, 3340b78a32SSteven Whitehouse struct gfs2_ea_request *er, int *remove, mode_t *mode) 34b3b94faaSDavid Teigland { 35b3b94faaSDavid Teigland struct posix_acl *acl; 36b3b94faaSDavid Teigland int error; 37b3b94faaSDavid Teigland 38b3b94faaSDavid Teigland error = gfs2_acl_validate_remove(ip, access); 39b3b94faaSDavid Teigland if (error) 40b3b94faaSDavid Teigland return error; 41b3b94faaSDavid Teigland 42b3b94faaSDavid Teigland if (!er->er_data) 43b3b94faaSDavid Teigland return -EINVAL; 44b3b94faaSDavid Teigland 45b3b94faaSDavid Teigland acl = posix_acl_from_xattr(er->er_data, er->er_data_len); 46b3b94faaSDavid Teigland if (IS_ERR(acl)) 47b3b94faaSDavid Teigland return PTR_ERR(acl); 48b3b94faaSDavid Teigland if (!acl) { 49b3b94faaSDavid Teigland *remove = 1; 50b3b94faaSDavid Teigland return 0; 51b3b94faaSDavid Teigland } 52b3b94faaSDavid Teigland 53b3b94faaSDavid Teigland error = posix_acl_valid(acl); 54b3b94faaSDavid Teigland if (error) 55b3b94faaSDavid Teigland goto out; 56b3b94faaSDavid Teigland 57b3b94faaSDavid Teigland if (access) { 58b3b94faaSDavid Teigland error = posix_acl_equiv_mode(acl, mode); 59b3b94faaSDavid Teigland if (!error) 60b3b94faaSDavid Teigland *remove = 1; 61b3b94faaSDavid Teigland else if (error > 0) 62b3b94faaSDavid Teigland error = 0; 63b3b94faaSDavid Teigland } 64b3b94faaSDavid Teigland 65b3b94faaSDavid Teigland out: 66b3b94faaSDavid Teigland posix_acl_release(acl); 67b3b94faaSDavid Teigland return error; 68b3b94faaSDavid Teigland } 69b3b94faaSDavid Teigland 70b3b94faaSDavid Teigland int gfs2_acl_validate_remove(struct gfs2_inode *ip, int access) 71b3b94faaSDavid Teigland { 72feaa7bbaSSteven Whitehouse if (!GFS2_SB(&ip->i_inode)->sd_args.ar_posix_acl) 73b3b94faaSDavid Teigland return -EOPNOTSUPP; 743bd858abSSatyam Sharma if (!is_owner_or_cap(&ip->i_inode)) 75b3b94faaSDavid Teigland return -EPERM; 76b60623c2SSteven Whitehouse if (S_ISLNK(ip->i_inode.i_mode)) 77b3b94faaSDavid Teigland return -EOPNOTSUPP; 78b60623c2SSteven Whitehouse if (!access && !S_ISDIR(ip->i_inode.i_mode)) 79b3b94faaSDavid Teigland return -EACCES; 80b3b94faaSDavid Teigland 81b3b94faaSDavid Teigland return 0; 82b3b94faaSDavid Teigland } 83b3b94faaSDavid Teigland 8440b78a32SSteven Whitehouse static int acl_get(struct gfs2_inode *ip, const char *name, 8540b78a32SSteven Whitehouse struct posix_acl **acl, struct gfs2_ea_location *el, 8640b78a32SSteven Whitehouse char **datap, unsigned int *lenp) 87b3b94faaSDavid Teigland { 8840b78a32SSteven Whitehouse char *data; 8940b78a32SSteven Whitehouse unsigned int len; 90b3b94faaSDavid Teigland int error; 91b3b94faaSDavid Teigland 9240b78a32SSteven Whitehouse el->el_bh = NULL; 9340b78a32SSteven Whitehouse 943767ac21SSteven Whitehouse if (!ip->i_eattr) 95b3b94faaSDavid Teigland return 0; 96b3b94faaSDavid Teigland 9740b78a32SSteven Whitehouse error = gfs2_ea_find(ip, GFS2_EATYPE_SYS, name, el); 98b3b94faaSDavid Teigland if (error) 99b3b94faaSDavid Teigland return error; 100b3b94faaSDavid Teigland if (!el->el_ea) 101b3b94faaSDavid Teigland return 0; 102b3b94faaSDavid Teigland if (!GFS2_EA_DATA_LEN(el->el_ea)) 103b3b94faaSDavid Teigland goto out; 104b3b94faaSDavid Teigland 10540b78a32SSteven Whitehouse len = GFS2_EA_DATA_LEN(el->el_ea); 10640b78a32SSteven Whitehouse data = kmalloc(len, GFP_NOFS); 107b3b94faaSDavid Teigland error = -ENOMEM; 10840b78a32SSteven Whitehouse if (!data) 109b3b94faaSDavid Teigland goto out; 110b3b94faaSDavid Teigland 11140b78a32SSteven Whitehouse error = gfs2_ea_get_copy(ip, el, data, len); 11240b78a32SSteven Whitehouse if (error < 0) 113b3b94faaSDavid Teigland goto out_kfree; 11440b78a32SSteven Whitehouse error = 0; 115b3b94faaSDavid Teigland 116b3b94faaSDavid Teigland if (acl) { 11740b78a32SSteven Whitehouse *acl = posix_acl_from_xattr(data, len); 118b3b94faaSDavid Teigland if (IS_ERR(*acl)) 119b3b94faaSDavid Teigland error = PTR_ERR(*acl); 120b3b94faaSDavid Teigland } 121b3b94faaSDavid Teigland 122b3b94faaSDavid Teigland out_kfree: 12340b78a32SSteven Whitehouse if (error || !datap) { 12440b78a32SSteven Whitehouse kfree(data); 12540b78a32SSteven Whitehouse } else { 12640b78a32SSteven Whitehouse *datap = data; 12740b78a32SSteven Whitehouse *lenp = len; 128b3b94faaSDavid Teigland } 129b3b94faaSDavid Teigland out: 130b3b94faaSDavid Teigland return error; 131b3b94faaSDavid Teigland } 132b3b94faaSDavid Teigland 133b3b94faaSDavid Teigland /** 13477386e1fSSteven Whitehouse * gfs2_check_acl - Check an ACL to see if we're allowed to do something 135b3b94faaSDavid Teigland * @inode: the file we want to do something to 136b3b94faaSDavid Teigland * @mask: what we want to do 137b3b94faaSDavid Teigland * 138b3b94faaSDavid Teigland * Returns: errno 139b3b94faaSDavid Teigland */ 140b3b94faaSDavid Teigland 14177386e1fSSteven Whitehouse int gfs2_check_acl(struct inode *inode, int mask) 142b3b94faaSDavid Teigland { 14340b78a32SSteven Whitehouse struct gfs2_ea_location el; 144b3b94faaSDavid Teigland struct posix_acl *acl = NULL; 145b3b94faaSDavid Teigland int error; 146b3b94faaSDavid Teigland 14740b78a32SSteven Whitehouse error = acl_get(GFS2_I(inode), GFS2_POSIX_ACL_ACCESS, &acl, &el, NULL, NULL); 14840b78a32SSteven Whitehouse brelse(el.el_bh); 149b3b94faaSDavid Teigland if (error) 150b3b94faaSDavid Teigland return error; 151b3b94faaSDavid Teigland 152b3b94faaSDavid Teigland if (acl) { 153b3b94faaSDavid Teigland error = posix_acl_permission(inode, acl, mask); 154b3b94faaSDavid Teigland posix_acl_release(acl); 155b3b94faaSDavid Teigland return error; 156b3b94faaSDavid Teigland } 157b3b94faaSDavid Teigland 158b3b94faaSDavid Teigland return -EAGAIN; 159b3b94faaSDavid Teigland } 160b3b94faaSDavid Teigland 161b3b94faaSDavid Teigland static int munge_mode(struct gfs2_inode *ip, mode_t mode) 162b3b94faaSDavid Teigland { 163feaa7bbaSSteven Whitehouse struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode); 164b3b94faaSDavid Teigland struct buffer_head *dibh; 165b3b94faaSDavid Teigland int error; 166b3b94faaSDavid Teigland 167b3b94faaSDavid Teigland error = gfs2_trans_begin(sdp, RES_DINODE, 0); 168b3b94faaSDavid Teigland if (error) 169b3b94faaSDavid Teigland return error; 170b3b94faaSDavid Teigland 171b3b94faaSDavid Teigland error = gfs2_meta_inode_buffer(ip, &dibh); 172b3b94faaSDavid Teigland if (!error) { 173b3b94faaSDavid Teigland gfs2_assert_withdraw(sdp, 174b60623c2SSteven Whitehouse (ip->i_inode.i_mode & S_IFMT) == (mode & S_IFMT)); 175b60623c2SSteven Whitehouse ip->i_inode.i_mode = mode; 176d4e9c4c3SSteven Whitehouse gfs2_trans_add_bh(ip->i_gl, dibh, 1); 177539e5d6bSSteven Whitehouse gfs2_dinode_out(ip, dibh->b_data); 178b3b94faaSDavid Teigland brelse(dibh); 179b3b94faaSDavid Teigland } 180b3b94faaSDavid Teigland 181b3b94faaSDavid Teigland gfs2_trans_end(sdp); 182b3b94faaSDavid Teigland 183b3b94faaSDavid Teigland return 0; 184b3b94faaSDavid Teigland } 185b3b94faaSDavid Teigland 186b3b94faaSDavid Teigland int gfs2_acl_create(struct gfs2_inode *dip, struct gfs2_inode *ip) 187b3b94faaSDavid Teigland { 18840b78a32SSteven Whitehouse struct gfs2_ea_location el; 189feaa7bbaSSteven Whitehouse struct gfs2_sbd *sdp = GFS2_SB(&dip->i_inode); 190b3b94faaSDavid Teigland struct posix_acl *acl = NULL, *clone; 191b60623c2SSteven Whitehouse mode_t mode = ip->i_inode.i_mode; 19240b78a32SSteven Whitehouse char *data = NULL; 19340b78a32SSteven Whitehouse unsigned int len; 194b3b94faaSDavid Teigland int error; 195b3b94faaSDavid Teigland 196b3b94faaSDavid Teigland if (!sdp->sd_args.ar_posix_acl) 197b3b94faaSDavid Teigland return 0; 198b60623c2SSteven Whitehouse if (S_ISLNK(ip->i_inode.i_mode)) 199b3b94faaSDavid Teigland return 0; 200b3b94faaSDavid Teigland 20140b78a32SSteven Whitehouse error = acl_get(dip, GFS2_POSIX_ACL_DEFAULT, &acl, &el, &data, &len); 20240b78a32SSteven Whitehouse brelse(el.el_bh); 203b3b94faaSDavid Teigland if (error) 204b3b94faaSDavid Teigland return error; 205b3b94faaSDavid Teigland if (!acl) { 206ce3b0f8dSAl Viro mode &= ~current_umask(); 207b60623c2SSteven Whitehouse if (mode != ip->i_inode.i_mode) 208b3b94faaSDavid Teigland error = munge_mode(ip, mode); 209b3b94faaSDavid Teigland return error; 210b3b94faaSDavid Teigland } 211b3b94faaSDavid Teigland 21216c5f06fSJosef Bacik clone = posix_acl_clone(acl, GFP_NOFS); 213b3b94faaSDavid Teigland error = -ENOMEM; 214b3b94faaSDavid Teigland if (!clone) 215b3b94faaSDavid Teigland goto out; 216b3b94faaSDavid Teigland posix_acl_release(acl); 217b3b94faaSDavid Teigland acl = clone; 218b3b94faaSDavid Teigland 219b60623c2SSteven Whitehouse if (S_ISDIR(ip->i_inode.i_mode)) { 22040b78a32SSteven Whitehouse error = gfs2_xattr_set(&ip->i_inode, GFS2_EATYPE_SYS, 22140b78a32SSteven Whitehouse GFS2_POSIX_ACL_DEFAULT, data, len, 0); 222b3b94faaSDavid Teigland if (error) 223b3b94faaSDavid Teigland goto out; 224b3b94faaSDavid Teigland } 225b3b94faaSDavid Teigland 226b3b94faaSDavid Teigland error = posix_acl_create_masq(acl, &mode); 227b3b94faaSDavid Teigland if (error < 0) 228b3b94faaSDavid Teigland goto out; 22940b78a32SSteven Whitehouse if (error == 0) 23040b78a32SSteven Whitehouse goto munge; 23140b78a32SSteven Whitehouse 23240b78a32SSteven Whitehouse posix_acl_to_xattr(acl, data, len); 23340b78a32SSteven Whitehouse error = gfs2_xattr_set(&ip->i_inode, GFS2_EATYPE_SYS, 23440b78a32SSteven Whitehouse GFS2_POSIX_ACL_ACCESS, data, len, 0); 235b3b94faaSDavid Teigland if (error) 236b3b94faaSDavid Teigland goto out; 23740b78a32SSteven Whitehouse munge: 23840b78a32SSteven Whitehouse error = munge_mode(ip, mode); 239b3b94faaSDavid Teigland out: 240b3b94faaSDavid Teigland posix_acl_release(acl); 24140b78a32SSteven Whitehouse kfree(data); 242b3b94faaSDavid Teigland return error; 243b3b94faaSDavid Teigland } 244b3b94faaSDavid Teigland 245b3b94faaSDavid Teigland int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr) 246b3b94faaSDavid Teigland { 247b3b94faaSDavid Teigland struct posix_acl *acl = NULL, *clone; 248b3b94faaSDavid Teigland struct gfs2_ea_location el; 249b3b94faaSDavid Teigland char *data; 250b3b94faaSDavid Teigland unsigned int len; 251b3b94faaSDavid Teigland int error; 252b3b94faaSDavid Teigland 25340b78a32SSteven Whitehouse error = acl_get(ip, GFS2_POSIX_ACL_ACCESS, &acl, &el, &data, &len); 254b3b94faaSDavid Teigland if (error) 25540b78a32SSteven Whitehouse goto out_brelse; 256b3b94faaSDavid Teigland if (!acl) 257b3b94faaSDavid Teigland return gfs2_setattr_simple(ip, attr); 258b3b94faaSDavid Teigland 25916c5f06fSJosef Bacik clone = posix_acl_clone(acl, GFP_NOFS); 260b3b94faaSDavid Teigland error = -ENOMEM; 261b3b94faaSDavid Teigland if (!clone) 262b3b94faaSDavid Teigland goto out; 263b3b94faaSDavid Teigland posix_acl_release(acl); 264b3b94faaSDavid Teigland acl = clone; 265b3b94faaSDavid Teigland 266b3b94faaSDavid Teigland error = posix_acl_chmod_masq(acl, attr->ia_mode); 267b3b94faaSDavid Teigland if (!error) { 268b3b94faaSDavid Teigland posix_acl_to_xattr(acl, data, len); 269b3b94faaSDavid Teigland error = gfs2_ea_acl_chmod(ip, &el, attr, data); 270b3b94faaSDavid Teigland } 271b3b94faaSDavid Teigland 272b3b94faaSDavid Teigland out: 273b3b94faaSDavid Teigland posix_acl_release(acl); 274b3b94faaSDavid Teigland kfree(data); 27540b78a32SSteven Whitehouse out_brelse: 27640b78a32SSteven Whitehouse brelse(el.el_bh); 277b3b94faaSDavid Teigland return error; 278b3b94faaSDavid Teigland } 279b3b94faaSDavid Teigland 280