1 #include <linux/capability.h> 2 #include <linux/fs.h> 3 #include <linux/posix_acl.h> 4 #include <linux/reiserfs_fs.h> 5 #include <linux/errno.h> 6 #include <linux/pagemap.h> 7 #include <linux/xattr.h> 8 #include <linux/slab.h> 9 #include <linux/posix_acl_xattr.h> 10 #include <linux/reiserfs_xattr.h> 11 #include <linux/reiserfs_acl.h> 12 #include <asm/uaccess.h> 13 14 static int reiserfs_set_acl(struct reiserfs_transaction_handle *th, 15 struct inode *inode, int type, 16 struct posix_acl *acl); 17 18 static int 19 posix_acl_set(struct dentry *dentry, const char *name, const void *value, 20 size_t size, int flags, int type) 21 { 22 struct inode *inode = dentry->d_inode; 23 struct posix_acl *acl; 24 int error, error2; 25 struct reiserfs_transaction_handle th; 26 size_t jcreate_blocks; 27 if (!reiserfs_posixacl(inode->i_sb)) 28 return -EOPNOTSUPP; 29 if (!is_owner_or_cap(inode)) 30 return -EPERM; 31 32 if (value) { 33 acl = posix_acl_from_xattr(value, size); 34 if (IS_ERR(acl)) { 35 return PTR_ERR(acl); 36 } else if (acl) { 37 error = posix_acl_valid(acl); 38 if (error) 39 goto release_and_out; 40 } 41 } else 42 acl = NULL; 43 44 /* Pessimism: We can't assume that anything from the xattr root up 45 * has been created. */ 46 47 jcreate_blocks = reiserfs_xattr_jcreate_nblocks(inode) + 48 reiserfs_xattr_nblocks(inode, size) * 2; 49 50 reiserfs_write_lock(inode->i_sb); 51 error = journal_begin(&th, inode->i_sb, jcreate_blocks); 52 if (error == 0) { 53 error = reiserfs_set_acl(&th, inode, type, acl); 54 error2 = journal_end(&th, inode->i_sb, jcreate_blocks); 55 if (error2) 56 error = error2; 57 } 58 reiserfs_write_unlock(inode->i_sb); 59 60 release_and_out: 61 posix_acl_release(acl); 62 return error; 63 } 64 65 static int 66 posix_acl_get(struct dentry *dentry, const char *name, void *buffer, 67 size_t size, int type) 68 { 69 struct posix_acl *acl; 70 int error; 71 72 if (!reiserfs_posixacl(dentry->d_sb)) 73 return -EOPNOTSUPP; 74 75 acl = reiserfs_get_acl(dentry->d_inode, type); 76 if (IS_ERR(acl)) 77 return PTR_ERR(acl); 78 if (acl == NULL) 79 return -ENODATA; 80 error = posix_acl_to_xattr(acl, buffer, size); 81 posix_acl_release(acl); 82 83 return error; 84 } 85 86 /* 87 * Convert from filesystem to in-memory representation. 88 */ 89 static struct posix_acl *posix_acl_from_disk(const void *value, size_t size) 90 { 91 const char *end = (char *)value + size; 92 int n, count; 93 struct posix_acl *acl; 94 95 if (!value) 96 return NULL; 97 if (size < sizeof(reiserfs_acl_header)) 98 return ERR_PTR(-EINVAL); 99 if (((reiserfs_acl_header *) value)->a_version != 100 cpu_to_le32(REISERFS_ACL_VERSION)) 101 return ERR_PTR(-EINVAL); 102 value = (char *)value + sizeof(reiserfs_acl_header); 103 count = reiserfs_acl_count(size); 104 if (count < 0) 105 return ERR_PTR(-EINVAL); 106 if (count == 0) 107 return NULL; 108 acl = posix_acl_alloc(count, GFP_NOFS); 109 if (!acl) 110 return ERR_PTR(-ENOMEM); 111 for (n = 0; n < count; n++) { 112 reiserfs_acl_entry *entry = (reiserfs_acl_entry *) value; 113 if ((char *)value + sizeof(reiserfs_acl_entry_short) > end) 114 goto fail; 115 acl->a_entries[n].e_tag = le16_to_cpu(entry->e_tag); 116 acl->a_entries[n].e_perm = le16_to_cpu(entry->e_perm); 117 switch (acl->a_entries[n].e_tag) { 118 case ACL_USER_OBJ: 119 case ACL_GROUP_OBJ: 120 case ACL_MASK: 121 case ACL_OTHER: 122 value = (char *)value + 123 sizeof(reiserfs_acl_entry_short); 124 acl->a_entries[n].e_id = ACL_UNDEFINED_ID; 125 break; 126 127 case ACL_USER: 128 case ACL_GROUP: 129 value = (char *)value + sizeof(reiserfs_acl_entry); 130 if ((char *)value > end) 131 goto fail; 132 acl->a_entries[n].e_id = le32_to_cpu(entry->e_id); 133 break; 134 135 default: 136 goto fail; 137 } 138 } 139 if (value != end) 140 goto fail; 141 return acl; 142 143 fail: 144 posix_acl_release(acl); 145 return ERR_PTR(-EINVAL); 146 } 147 148 /* 149 * Convert from in-memory to filesystem representation. 150 */ 151 static void *posix_acl_to_disk(const struct posix_acl *acl, size_t * size) 152 { 153 reiserfs_acl_header *ext_acl; 154 char *e; 155 int n; 156 157 *size = reiserfs_acl_size(acl->a_count); 158 ext_acl = kmalloc(sizeof(reiserfs_acl_header) + 159 acl->a_count * 160 sizeof(reiserfs_acl_entry), 161 GFP_NOFS); 162 if (!ext_acl) 163 return ERR_PTR(-ENOMEM); 164 ext_acl->a_version = cpu_to_le32(REISERFS_ACL_VERSION); 165 e = (char *)ext_acl + sizeof(reiserfs_acl_header); 166 for (n = 0; n < acl->a_count; n++) { 167 reiserfs_acl_entry *entry = (reiserfs_acl_entry *) e; 168 entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); 169 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); 170 switch (acl->a_entries[n].e_tag) { 171 case ACL_USER: 172 case ACL_GROUP: 173 entry->e_id = cpu_to_le32(acl->a_entries[n].e_id); 174 e += sizeof(reiserfs_acl_entry); 175 break; 176 177 case ACL_USER_OBJ: 178 case ACL_GROUP_OBJ: 179 case ACL_MASK: 180 case ACL_OTHER: 181 e += sizeof(reiserfs_acl_entry_short); 182 break; 183 184 default: 185 goto fail; 186 } 187 } 188 return (char *)ext_acl; 189 190 fail: 191 kfree(ext_acl); 192 return ERR_PTR(-EINVAL); 193 } 194 195 /* 196 * Inode operation get_posix_acl(). 197 * 198 * inode->i_mutex: down 199 * BKL held [before 2.5.x] 200 */ 201 struct posix_acl *reiserfs_get_acl(struct inode *inode, int type) 202 { 203 char *name, *value; 204 struct posix_acl *acl; 205 int size; 206 int retval; 207 208 acl = get_cached_acl(inode, type); 209 if (acl != ACL_NOT_CACHED) 210 return acl; 211 212 switch (type) { 213 case ACL_TYPE_ACCESS: 214 name = POSIX_ACL_XATTR_ACCESS; 215 break; 216 case ACL_TYPE_DEFAULT: 217 name = POSIX_ACL_XATTR_DEFAULT; 218 break; 219 default: 220 BUG(); 221 } 222 223 size = reiserfs_xattr_get(inode, name, NULL, 0); 224 if (size < 0) { 225 if (size == -ENODATA || size == -ENOSYS) { 226 set_cached_acl(inode, type, NULL); 227 return NULL; 228 } 229 return ERR_PTR(size); 230 } 231 232 value = kmalloc(size, GFP_NOFS); 233 if (!value) 234 return ERR_PTR(-ENOMEM); 235 236 retval = reiserfs_xattr_get(inode, name, value, size); 237 if (retval == -ENODATA || retval == -ENOSYS) { 238 /* This shouldn't actually happen as it should have 239 been caught above.. but just in case */ 240 acl = NULL; 241 } else if (retval < 0) { 242 acl = ERR_PTR(retval); 243 } else { 244 acl = posix_acl_from_disk(value, retval); 245 } 246 if (!IS_ERR(acl)) 247 set_cached_acl(inode, type, acl); 248 249 kfree(value); 250 return acl; 251 } 252 253 /* 254 * Inode operation set_posix_acl(). 255 * 256 * inode->i_mutex: down 257 * BKL held [before 2.5.x] 258 */ 259 static int 260 reiserfs_set_acl(struct reiserfs_transaction_handle *th, struct inode *inode, 261 int type, struct posix_acl *acl) 262 { 263 char *name; 264 void *value = NULL; 265 size_t size = 0; 266 int error; 267 268 if (S_ISLNK(inode->i_mode)) 269 return -EOPNOTSUPP; 270 271 switch (type) { 272 case ACL_TYPE_ACCESS: 273 name = POSIX_ACL_XATTR_ACCESS; 274 if (acl) { 275 mode_t mode = inode->i_mode; 276 error = posix_acl_equiv_mode(acl, &mode); 277 if (error < 0) 278 return error; 279 else { 280 inode->i_mode = mode; 281 if (error == 0) 282 acl = NULL; 283 } 284 } 285 break; 286 case ACL_TYPE_DEFAULT: 287 name = POSIX_ACL_XATTR_DEFAULT; 288 if (!S_ISDIR(inode->i_mode)) 289 return acl ? -EACCES : 0; 290 break; 291 default: 292 return -EINVAL; 293 } 294 295 if (acl) { 296 value = posix_acl_to_disk(acl, &size); 297 if (IS_ERR(value)) 298 return (int)PTR_ERR(value); 299 } 300 301 error = reiserfs_xattr_set_handle(th, inode, name, value, size, 0); 302 303 /* 304 * Ensure that the inode gets dirtied if we're only using 305 * the mode bits and an old ACL didn't exist. We don't need 306 * to check if the inode is hashed here since we won't get 307 * called by reiserfs_inherit_default_acl(). 308 */ 309 if (error == -ENODATA) { 310 error = 0; 311 if (type == ACL_TYPE_ACCESS) { 312 inode->i_ctime = CURRENT_TIME_SEC; 313 mark_inode_dirty(inode); 314 } 315 } 316 317 kfree(value); 318 319 if (!error) 320 set_cached_acl(inode, type, acl); 321 322 return error; 323 } 324 325 /* dir->i_mutex: locked, 326 * inode is new and not released into the wild yet */ 327 int 328 reiserfs_inherit_default_acl(struct reiserfs_transaction_handle *th, 329 struct inode *dir, struct dentry *dentry, 330 struct inode *inode) 331 { 332 struct posix_acl *acl; 333 int err = 0; 334 335 /* ACLs only get applied to files and directories */ 336 if (S_ISLNK(inode->i_mode)) 337 return 0; 338 339 /* ACLs can only be used on "new" objects, so if it's an old object 340 * there is nothing to inherit from */ 341 if (get_inode_sd_version(dir) == STAT_DATA_V1) 342 goto apply_umask; 343 344 /* Don't apply ACLs to objects in the .reiserfs_priv tree.. This 345 * would be useless since permissions are ignored, and a pain because 346 * it introduces locking cycles */ 347 if (IS_PRIVATE(dir)) { 348 inode->i_flags |= S_PRIVATE; 349 goto apply_umask; 350 } 351 352 acl = reiserfs_get_acl(dir, ACL_TYPE_DEFAULT); 353 if (IS_ERR(acl)) 354 return PTR_ERR(acl); 355 356 if (acl) { 357 struct posix_acl *acl_copy; 358 mode_t mode = inode->i_mode; 359 int need_acl; 360 361 /* Copy the default ACL to the default ACL of a new directory */ 362 if (S_ISDIR(inode->i_mode)) { 363 err = reiserfs_set_acl(th, inode, ACL_TYPE_DEFAULT, 364 acl); 365 if (err) 366 goto cleanup; 367 } 368 369 /* Now we reconcile the new ACL and the mode, 370 potentially modifying both */ 371 acl_copy = posix_acl_clone(acl, GFP_NOFS); 372 if (!acl_copy) { 373 err = -ENOMEM; 374 goto cleanup; 375 } 376 377 need_acl = posix_acl_create_masq(acl_copy, &mode); 378 if (need_acl >= 0) { 379 if (mode != inode->i_mode) { 380 inode->i_mode = mode; 381 } 382 383 /* If we need an ACL.. */ 384 if (need_acl > 0) { 385 err = reiserfs_set_acl(th, inode, 386 ACL_TYPE_ACCESS, 387 acl_copy); 388 if (err) 389 goto cleanup_copy; 390 } 391 } 392 cleanup_copy: 393 posix_acl_release(acl_copy); 394 cleanup: 395 posix_acl_release(acl); 396 } else { 397 apply_umask: 398 /* no ACL, apply umask */ 399 inode->i_mode &= ~current_umask(); 400 } 401 402 return err; 403 } 404 405 /* This is used to cache the default acl before a new object is created. 406 * The biggest reason for this is to get an idea of how many blocks will 407 * actually be required for the create operation if we must inherit an ACL. 408 * An ACL write can add up to 3 object creations and an additional file write 409 * so we'd prefer not to reserve that many blocks in the journal if we can. 410 * It also has the advantage of not loading the ACL with a transaction open, 411 * this may seem silly, but if the owner of the directory is doing the 412 * creation, the ACL may not be loaded since the permissions wouldn't require 413 * it. 414 * We return the number of blocks required for the transaction. 415 */ 416 int reiserfs_cache_default_acl(struct inode *inode) 417 { 418 struct posix_acl *acl; 419 int nblocks = 0; 420 421 if (IS_PRIVATE(inode)) 422 return 0; 423 424 acl = reiserfs_get_acl(inode, ACL_TYPE_DEFAULT); 425 426 if (acl && !IS_ERR(acl)) { 427 int size = reiserfs_acl_size(acl->a_count); 428 429 /* Other xattrs can be created during inode creation. We don't 430 * want to claim too many blocks, so we check to see if we 431 * we need to create the tree to the xattrs, and then we 432 * just want two files. */ 433 nblocks = reiserfs_xattr_jcreate_nblocks(inode); 434 nblocks += JOURNAL_BLOCKS_PER_OBJECT(inode->i_sb); 435 436 REISERFS_I(inode)->i_flags |= i_has_xattr_dir; 437 438 /* We need to account for writes + bitmaps for two files */ 439 nblocks += reiserfs_xattr_nblocks(inode, size) * 4; 440 posix_acl_release(acl); 441 } 442 443 return nblocks; 444 } 445 446 int reiserfs_acl_chmod(struct inode *inode) 447 { 448 struct posix_acl *acl, *clone; 449 int error; 450 451 if (S_ISLNK(inode->i_mode)) 452 return -EOPNOTSUPP; 453 454 if (get_inode_sd_version(inode) == STAT_DATA_V1 || 455 !reiserfs_posixacl(inode->i_sb)) { 456 return 0; 457 } 458 459 reiserfs_write_unlock(inode->i_sb); 460 acl = reiserfs_get_acl(inode, ACL_TYPE_ACCESS); 461 reiserfs_write_lock(inode->i_sb); 462 if (!acl) 463 return 0; 464 if (IS_ERR(acl)) 465 return PTR_ERR(acl); 466 clone = posix_acl_clone(acl, GFP_NOFS); 467 posix_acl_release(acl); 468 if (!clone) 469 return -ENOMEM; 470 error = posix_acl_chmod_masq(clone, inode->i_mode); 471 if (!error) { 472 struct reiserfs_transaction_handle th; 473 size_t size = reiserfs_xattr_nblocks(inode, 474 reiserfs_acl_size(clone->a_count)); 475 int depth; 476 477 depth = reiserfs_write_lock_once(inode->i_sb); 478 error = journal_begin(&th, inode->i_sb, size * 2); 479 if (!error) { 480 int error2; 481 error = reiserfs_set_acl(&th, inode, ACL_TYPE_ACCESS, 482 clone); 483 error2 = journal_end(&th, inode->i_sb, size * 2); 484 if (error2) 485 error = error2; 486 } 487 reiserfs_write_unlock_once(inode->i_sb, depth); 488 } 489 posix_acl_release(clone); 490 return error; 491 } 492 493 static size_t posix_acl_access_list(struct dentry *dentry, char *list, 494 size_t list_size, const char *name, 495 size_t name_len, int type) 496 { 497 const size_t size = sizeof(POSIX_ACL_XATTR_ACCESS); 498 if (!reiserfs_posixacl(dentry->d_sb)) 499 return 0; 500 if (list && size <= list_size) 501 memcpy(list, POSIX_ACL_XATTR_ACCESS, size); 502 return size; 503 } 504 505 const struct xattr_handler reiserfs_posix_acl_access_handler = { 506 .prefix = POSIX_ACL_XATTR_ACCESS, 507 .flags = ACL_TYPE_ACCESS, 508 .get = posix_acl_get, 509 .set = posix_acl_set, 510 .list = posix_acl_access_list, 511 }; 512 513 static size_t posix_acl_default_list(struct dentry *dentry, char *list, 514 size_t list_size, const char *name, 515 size_t name_len, int type) 516 { 517 const size_t size = sizeof(POSIX_ACL_XATTR_DEFAULT); 518 if (!reiserfs_posixacl(dentry->d_sb)) 519 return 0; 520 if (list && size <= list_size) 521 memcpy(list, POSIX_ACL_XATTR_DEFAULT, size); 522 return size; 523 } 524 525 const struct xattr_handler reiserfs_posix_acl_default_handler = { 526 .prefix = POSIX_ACL_XATTR_DEFAULT, 527 .flags = ACL_TYPE_DEFAULT, 528 .get = posix_acl_get, 529 .set = posix_acl_set, 530 .list = posix_acl_default_list, 531 }; 532