1 /* 2 * Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved. 3 * Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved. 4 * 5 * This copyrighted material is made available to anyone wishing to use, 6 * modify, copy, or redistribute it subject to the terms and conditions 7 * of the GNU General Public License version 2. 8 */ 9 10 #include <linux/sched.h> 11 #include <linux/slab.h> 12 #include <linux/spinlock.h> 13 #include <linux/completion.h> 14 #include <linux/buffer_head.h> 15 #include <linux/xattr.h> 16 #include <linux/posix_acl.h> 17 #include <linux/posix_acl_xattr.h> 18 #include <linux/gfs2_ondisk.h> 19 20 #include "gfs2.h" 21 #include "incore.h" 22 #include "acl.h" 23 #include "xattr.h" 24 #include "glock.h" 25 #include "inode.h" 26 #include "meta_io.h" 27 #include "trans.h" 28 #include "util.h" 29 30 static const char *gfs2_acl_name(int type) 31 { 32 switch (type) { 33 case ACL_TYPE_ACCESS: 34 return GFS2_POSIX_ACL_ACCESS; 35 case ACL_TYPE_DEFAULT: 36 return GFS2_POSIX_ACL_DEFAULT; 37 } 38 return NULL; 39 } 40 41 static struct posix_acl *gfs2_acl_get(struct gfs2_inode *ip, int type) 42 { 43 struct posix_acl *acl; 44 const char *name; 45 char *data; 46 int len; 47 48 if (!ip->i_eattr) 49 return NULL; 50 51 acl = get_cached_acl(&ip->i_inode, type); 52 if (acl != ACL_NOT_CACHED) 53 return acl; 54 55 name = gfs2_acl_name(type); 56 if (name == NULL) 57 return ERR_PTR(-EINVAL); 58 59 len = gfs2_xattr_acl_get(ip, name, &data); 60 if (len < 0) 61 return ERR_PTR(len); 62 if (len == 0) 63 return NULL; 64 65 acl = posix_acl_from_xattr(data, len); 66 kfree(data); 67 return acl; 68 } 69 70 struct posix_acl *gfs2_get_acl(struct inode *inode, int type) 71 { 72 return gfs2_acl_get(GFS2_I(inode), type); 73 } 74 75 static int gfs2_set_mode(struct inode *inode, umode_t mode) 76 { 77 int error = 0; 78 79 if (mode != inode->i_mode) { 80 struct iattr iattr; 81 82 iattr.ia_valid = ATTR_MODE; 83 iattr.ia_mode = mode; 84 85 error = gfs2_setattr_simple(GFS2_I(inode), &iattr); 86 } 87 88 return error; 89 } 90 91 static int gfs2_acl_set(struct inode *inode, int type, struct posix_acl *acl) 92 { 93 int error; 94 int len; 95 char *data; 96 const char *name = gfs2_acl_name(type); 97 98 BUG_ON(name == NULL); 99 len = posix_acl_to_xattr(acl, NULL, 0); 100 if (len == 0) 101 return 0; 102 data = kmalloc(len, GFP_NOFS); 103 if (data == NULL) 104 return -ENOMEM; 105 error = posix_acl_to_xattr(acl, data, len); 106 if (error < 0) 107 goto out; 108 error = __gfs2_xattr_set(inode, name, data, len, 0, GFS2_EATYPE_SYS); 109 if (!error) 110 set_cached_acl(inode, type, acl); 111 out: 112 kfree(data); 113 return error; 114 } 115 116 int gfs2_acl_create(struct gfs2_inode *dip, struct inode *inode) 117 { 118 struct gfs2_sbd *sdp = GFS2_SB(&dip->i_inode); 119 struct posix_acl *acl; 120 umode_t mode = inode->i_mode; 121 int error = 0; 122 123 if (!sdp->sd_args.ar_posix_acl) 124 return 0; 125 if (S_ISLNK(inode->i_mode)) 126 return 0; 127 128 acl = gfs2_acl_get(dip, ACL_TYPE_DEFAULT); 129 if (IS_ERR(acl)) 130 return PTR_ERR(acl); 131 if (!acl) { 132 mode &= ~current_umask(); 133 if (mode != inode->i_mode) 134 error = gfs2_set_mode(inode, mode); 135 return error; 136 } 137 138 if (S_ISDIR(inode->i_mode)) { 139 error = gfs2_acl_set(inode, ACL_TYPE_DEFAULT, acl); 140 if (error) 141 goto out; 142 } 143 144 error = posix_acl_create(&acl, GFP_NOFS, &mode); 145 if (error < 0) 146 return error; 147 148 if (error == 0) 149 goto munge; 150 151 error = gfs2_acl_set(inode, ACL_TYPE_ACCESS, acl); 152 if (error) 153 goto out; 154 munge: 155 error = gfs2_set_mode(inode, mode); 156 out: 157 posix_acl_release(acl); 158 return error; 159 } 160 161 int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr) 162 { 163 struct posix_acl *acl; 164 char *data; 165 unsigned int len; 166 int error; 167 168 acl = gfs2_acl_get(ip, ACL_TYPE_ACCESS); 169 if (IS_ERR(acl)) 170 return PTR_ERR(acl); 171 if (!acl) 172 return gfs2_setattr_simple(ip, attr); 173 174 error = posix_acl_chmod(&acl, GFP_NOFS, attr->ia_mode); 175 if (error) 176 return error; 177 178 len = posix_acl_to_xattr(acl, NULL, 0); 179 data = kmalloc(len, GFP_NOFS); 180 error = -ENOMEM; 181 if (data == NULL) 182 goto out; 183 posix_acl_to_xattr(acl, data, len); 184 error = gfs2_xattr_acl_chmod(ip, attr, data); 185 kfree(data); 186 set_cached_acl(&ip->i_inode, ACL_TYPE_ACCESS, acl); 187 188 out: 189 posix_acl_release(acl); 190 return error; 191 } 192 193 static int gfs2_acl_type(const char *name) 194 { 195 if (strcmp(name, GFS2_POSIX_ACL_ACCESS) == 0) 196 return ACL_TYPE_ACCESS; 197 if (strcmp(name, GFS2_POSIX_ACL_DEFAULT) == 0) 198 return ACL_TYPE_DEFAULT; 199 return -EINVAL; 200 } 201 202 static int gfs2_xattr_system_get(struct dentry *dentry, const char *name, 203 void *buffer, size_t size, int xtype) 204 { 205 struct inode *inode = dentry->d_inode; 206 struct gfs2_sbd *sdp = GFS2_SB(inode); 207 struct posix_acl *acl; 208 int type; 209 int error; 210 211 if (!sdp->sd_args.ar_posix_acl) 212 return -EOPNOTSUPP; 213 214 type = gfs2_acl_type(name); 215 if (type < 0) 216 return type; 217 218 acl = gfs2_acl_get(GFS2_I(inode), type); 219 if (IS_ERR(acl)) 220 return PTR_ERR(acl); 221 if (acl == NULL) 222 return -ENODATA; 223 224 error = posix_acl_to_xattr(acl, buffer, size); 225 posix_acl_release(acl); 226 227 return error; 228 } 229 230 static int gfs2_xattr_system_set(struct dentry *dentry, const char *name, 231 const void *value, size_t size, int flags, 232 int xtype) 233 { 234 struct inode *inode = dentry->d_inode; 235 struct gfs2_sbd *sdp = GFS2_SB(inode); 236 struct posix_acl *acl = NULL; 237 int error = 0, type; 238 239 if (!sdp->sd_args.ar_posix_acl) 240 return -EOPNOTSUPP; 241 242 type = gfs2_acl_type(name); 243 if (type < 0) 244 return type; 245 if (flags & XATTR_CREATE) 246 return -EINVAL; 247 if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) 248 return value ? -EACCES : 0; 249 if ((current_fsuid() != inode->i_uid) && !capable(CAP_FOWNER)) 250 return -EPERM; 251 if (S_ISLNK(inode->i_mode)) 252 return -EOPNOTSUPP; 253 254 if (!value) 255 goto set_acl; 256 257 acl = posix_acl_from_xattr(value, size); 258 if (!acl) { 259 /* 260 * acl_set_file(3) may request that we set default ACLs with 261 * zero length -- defend (gracefully) against that here. 262 */ 263 goto out; 264 } 265 if (IS_ERR(acl)) { 266 error = PTR_ERR(acl); 267 goto out; 268 } 269 270 error = posix_acl_valid(acl); 271 if (error) 272 goto out_release; 273 274 error = -EINVAL; 275 if (acl->a_count > GFS2_ACL_MAX_ENTRIES) 276 goto out_release; 277 278 if (type == ACL_TYPE_ACCESS) { 279 umode_t mode = inode->i_mode; 280 error = posix_acl_equiv_mode(acl, &mode); 281 282 if (error <= 0) { 283 posix_acl_release(acl); 284 acl = NULL; 285 286 if (error < 0) 287 return error; 288 } 289 290 error = gfs2_set_mode(inode, mode); 291 if (error) 292 goto out_release; 293 } 294 295 set_acl: 296 error = __gfs2_xattr_set(inode, name, value, size, 0, GFS2_EATYPE_SYS); 297 if (!error) { 298 if (acl) 299 set_cached_acl(inode, type, acl); 300 else 301 forget_cached_acl(inode, type); 302 } 303 out_release: 304 posix_acl_release(acl); 305 out: 306 return error; 307 } 308 309 const struct xattr_handler gfs2_xattr_system_handler = { 310 .prefix = XATTR_SYSTEM_PREFIX, 311 .flags = GFS2_EATYPE_SYS, 312 .get = gfs2_xattr_system_get, 313 .set = gfs2_xattr_system_set, 314 }; 315 316