xref: /openbmc/linux/fs/gfs2/acl.c (revision 63dc02bd) 
1 /*
2  * Copyright (C) Sistina Software, Inc.  1997-2003 All rights reserved.
3  * Copyright (C) 2004-2006 Red Hat, Inc.  All rights reserved.
4  *
5  * This copyrighted material is made available to anyone wishing to use,
6  * modify, copy, or redistribute it subject to the terms and conditions
7  * of the GNU General Public License version 2.
8  */
9 
10 #include <linux/sched.h>
11 #include <linux/slab.h>
12 #include <linux/spinlock.h>
13 #include <linux/completion.h>
14 #include <linux/buffer_head.h>
15 #include <linux/xattr.h>
16 #include <linux/posix_acl.h>
17 #include <linux/posix_acl_xattr.h>
18 #include <linux/gfs2_ondisk.h>
19 
20 #include "gfs2.h"
21 #include "incore.h"
22 #include "acl.h"
23 #include "xattr.h"
24 #include "glock.h"
25 #include "inode.h"
26 #include "meta_io.h"
27 #include "trans.h"
28 #include "util.h"
29 
30 static const char *gfs2_acl_name(int type)
31 {
32 	switch (type) {
33 	case ACL_TYPE_ACCESS:
34 		return GFS2_POSIX_ACL_ACCESS;
35 	case ACL_TYPE_DEFAULT:
36 		return GFS2_POSIX_ACL_DEFAULT;
37 	}
38 	return NULL;
39 }
40 
41 struct posix_acl *gfs2_get_acl(struct inode *inode, int type)
42 {
43 	struct gfs2_inode *ip = GFS2_I(inode);
44 	struct posix_acl *acl;
45 	const char *name;
46 	char *data;
47 	int len;
48 
49 	if (!ip->i_eattr)
50 		return NULL;
51 
52 	acl = get_cached_acl(&ip->i_inode, type);
53 	if (acl != ACL_NOT_CACHED)
54 		return acl;
55 
56 	name = gfs2_acl_name(type);
57 	if (name == NULL)
58 		return ERR_PTR(-EINVAL);
59 
60 	len = gfs2_xattr_acl_get(ip, name, &data);
61 	if (len < 0)
62 		return ERR_PTR(len);
63 	if (len == 0)
64 		return NULL;
65 
66 	acl = posix_acl_from_xattr(data, len);
67 	kfree(data);
68 	return acl;
69 }
70 
71 static int gfs2_set_mode(struct inode *inode, umode_t mode)
72 {
73 	int error = 0;
74 
75 	if (mode != inode->i_mode) {
76 		struct iattr iattr;
77 
78 		iattr.ia_valid = ATTR_MODE;
79 		iattr.ia_mode = mode;
80 
81 		error = gfs2_setattr_simple(inode, &iattr);
82 	}
83 
84 	return error;
85 }
86 
87 static int gfs2_acl_set(struct inode *inode, int type, struct posix_acl *acl)
88 {
89 	int error;
90 	int len;
91 	char *data;
92 	const char *name = gfs2_acl_name(type);
93 
94 	BUG_ON(name == NULL);
95 	len = posix_acl_to_xattr(acl, NULL, 0);
96 	if (len == 0)
97 		return 0;
98 	data = kmalloc(len, GFP_NOFS);
99 	if (data == NULL)
100 		return -ENOMEM;
101 	error = posix_acl_to_xattr(acl, data, len);
102 	if (error < 0)
103 		goto out;
104 	error = __gfs2_xattr_set(inode, name, data, len, 0, GFS2_EATYPE_SYS);
105 	if (!error)
106 		set_cached_acl(inode, type, acl);
107 out:
108 	kfree(data);
109 	return error;
110 }
111 
112 int gfs2_acl_create(struct gfs2_inode *dip, struct inode *inode)
113 {
114 	struct gfs2_sbd *sdp = GFS2_SB(&dip->i_inode);
115 	struct posix_acl *acl;
116 	umode_t mode = inode->i_mode;
117 	int error = 0;
118 
119 	if (!sdp->sd_args.ar_posix_acl)
120 		return 0;
121 	if (S_ISLNK(inode->i_mode))
122 		return 0;
123 
124 	acl = gfs2_get_acl(&dip->i_inode, ACL_TYPE_DEFAULT);
125 	if (IS_ERR(acl))
126 		return PTR_ERR(acl);
127 	if (!acl) {
128 		mode &= ~current_umask();
129 		if (mode != inode->i_mode)
130 			error = gfs2_set_mode(inode, mode);
131 		return error;
132 	}
133 
134 	if (S_ISDIR(inode->i_mode)) {
135 		error = gfs2_acl_set(inode, ACL_TYPE_DEFAULT, acl);
136 		if (error)
137 			goto out;
138 	}
139 
140 	error = posix_acl_create(&acl, GFP_NOFS, &mode);
141 	if (error < 0)
142 		return error;
143 
144 	if (error == 0)
145 		goto munge;
146 
147 	error = gfs2_acl_set(inode, ACL_TYPE_ACCESS, acl);
148 	if (error)
149 		goto out;
150 munge:
151 	error = gfs2_set_mode(inode, mode);
152 out:
153 	posix_acl_release(acl);
154 	return error;
155 }
156 
157 int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr)
158 {
159 	struct inode *inode = &ip->i_inode;
160 	struct posix_acl *acl;
161 	char *data;
162 	unsigned int len;
163 	int error;
164 
165 	acl = gfs2_get_acl(&ip->i_inode, ACL_TYPE_ACCESS);
166 	if (IS_ERR(acl))
167 		return PTR_ERR(acl);
168 	if (!acl)
169 		return gfs2_setattr_simple(inode, attr);
170 
171 	error = posix_acl_chmod(&acl, GFP_NOFS, attr->ia_mode);
172 	if (error)
173 		return error;
174 
175 	len = posix_acl_to_xattr(acl, NULL, 0);
176 	data = kmalloc(len, GFP_NOFS);
177 	error = -ENOMEM;
178 	if (data == NULL)
179 		goto out;
180 	posix_acl_to_xattr(acl, data, len);
181 	error = gfs2_xattr_acl_chmod(ip, attr, data);
182 	kfree(data);
183 	set_cached_acl(&ip->i_inode, ACL_TYPE_ACCESS, acl);
184 
185 out:
186 	posix_acl_release(acl);
187 	return error;
188 }
189 
190 static int gfs2_acl_type(const char *name)
191 {
192 	if (strcmp(name, GFS2_POSIX_ACL_ACCESS) == 0)
193 		return ACL_TYPE_ACCESS;
194 	if (strcmp(name, GFS2_POSIX_ACL_DEFAULT) == 0)
195 		return ACL_TYPE_DEFAULT;
196 	return -EINVAL;
197 }
198 
199 static int gfs2_xattr_system_get(struct dentry *dentry, const char *name,
200 				 void *buffer, size_t size, int xtype)
201 {
202 	struct inode *inode = dentry->d_inode;
203 	struct gfs2_sbd *sdp = GFS2_SB(inode);
204 	struct posix_acl *acl;
205 	int type;
206 	int error;
207 
208 	if (!sdp->sd_args.ar_posix_acl)
209 		return -EOPNOTSUPP;
210 
211 	type = gfs2_acl_type(name);
212 	if (type < 0)
213 		return type;
214 
215 	acl = gfs2_get_acl(inode, type);
216 	if (IS_ERR(acl))
217 		return PTR_ERR(acl);
218 	if (acl == NULL)
219 		return -ENODATA;
220 
221 	error = posix_acl_to_xattr(acl, buffer, size);
222 	posix_acl_release(acl);
223 
224 	return error;
225 }
226 
227 static int gfs2_xattr_system_set(struct dentry *dentry, const char *name,
228 				 const void *value, size_t size, int flags,
229 				 int xtype)
230 {
231 	struct inode *inode = dentry->d_inode;
232 	struct gfs2_sbd *sdp = GFS2_SB(inode);
233 	struct posix_acl *acl = NULL;
234 	int error = 0, type;
235 
236 	if (!sdp->sd_args.ar_posix_acl)
237 		return -EOPNOTSUPP;
238 
239 	type = gfs2_acl_type(name);
240 	if (type < 0)
241 		return type;
242 	if (flags & XATTR_CREATE)
243 		return -EINVAL;
244 	if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
245 		return value ? -EACCES : 0;
246 	if ((current_fsuid() != inode->i_uid) && !capable(CAP_FOWNER))
247 		return -EPERM;
248 	if (S_ISLNK(inode->i_mode))
249 		return -EOPNOTSUPP;
250 
251 	if (!value)
252 		goto set_acl;
253 
254 	acl = posix_acl_from_xattr(value, size);
255 	if (!acl) {
256 		/*
257 		 * acl_set_file(3) may request that we set default ACLs with
258 		 * zero length -- defend (gracefully) against that here.
259 		 */
260 		goto out;
261 	}
262 	if (IS_ERR(acl)) {
263 		error = PTR_ERR(acl);
264 		goto out;
265 	}
266 
267 	error = posix_acl_valid(acl);
268 	if (error)
269 		goto out_release;
270 
271 	error = -EINVAL;
272 	if (acl->a_count > GFS2_ACL_MAX_ENTRIES)
273 		goto out_release;
274 
275 	if (type == ACL_TYPE_ACCESS) {
276 		umode_t mode = inode->i_mode;
277 		error = posix_acl_equiv_mode(acl, &mode);
278 
279 		if (error <= 0) {
280 			posix_acl_release(acl);
281 			acl = NULL;
282 
283 			if (error < 0)
284 				return error;
285 		}
286 
287 		error = gfs2_set_mode(inode, mode);
288 		if (error)
289 			goto out_release;
290 	}
291 
292 set_acl:
293 	error = __gfs2_xattr_set(inode, name, value, size, 0, GFS2_EATYPE_SYS);
294 	if (!error) {
295 		if (acl)
296 			set_cached_acl(inode, type, acl);
297 		else
298 			forget_cached_acl(inode, type);
299 	}
300 out_release:
301 	posix_acl_release(acl);
302 out:
303 	return error;
304 }
305 
306 const struct xattr_handler gfs2_xattr_system_handler = {
307 	.prefix = XATTR_SYSTEM_PREFIX,
308 	.flags  = GFS2_EATYPE_SYS,
309 	.get    = gfs2_xattr_system_get,
310 	.set    = gfs2_xattr_system_set,
311 };
312 
313