1 #include <linux/capability.h> 2 #include <linux/fs.h> 3 #include <linux/posix_acl.h> 4 #include "reiserfs.h" 5 #include <linux/errno.h> 6 #include <linux/pagemap.h> 7 #include <linux/xattr.h> 8 #include <linux/slab.h> 9 #include <linux/posix_acl_xattr.h> 10 #include "xattr.h" 11 #include "acl.h" 12 #include <asm/uaccess.h> 13 14 static int __reiserfs_set_acl(struct reiserfs_transaction_handle *th, 15 struct inode *inode, int type, 16 struct posix_acl *acl); 17 18 19 int 20 reiserfs_set_acl(struct inode *inode, struct posix_acl *acl, int type) 21 { 22 int error, error2; 23 struct reiserfs_transaction_handle th; 24 size_t jcreate_blocks; 25 int size = acl ? posix_acl_xattr_size(acl->a_count) : 0; 26 27 28 /* Pessimism: We can't assume that anything from the xattr root up 29 * has been created. */ 30 31 jcreate_blocks = reiserfs_xattr_jcreate_nblocks(inode) + 32 reiserfs_xattr_nblocks(inode, size) * 2; 33 34 reiserfs_write_lock(inode->i_sb); 35 error = journal_begin(&th, inode->i_sb, jcreate_blocks); 36 reiserfs_write_unlock(inode->i_sb); 37 if (error == 0) { 38 error = __reiserfs_set_acl(&th, inode, type, acl); 39 reiserfs_write_lock(inode->i_sb); 40 error2 = journal_end(&th, inode->i_sb, jcreate_blocks); 41 reiserfs_write_unlock(inode->i_sb); 42 if (error2) 43 error = error2; 44 } 45 46 return error; 47 } 48 49 /* 50 * Convert from filesystem to in-memory representation. 51 */ 52 static struct posix_acl *reiserfs_posix_acl_from_disk(const void *value, size_t size) 53 { 54 const char *end = (char *)value + size; 55 int n, count; 56 struct posix_acl *acl; 57 58 if (!value) 59 return NULL; 60 if (size < sizeof(reiserfs_acl_header)) 61 return ERR_PTR(-EINVAL); 62 if (((reiserfs_acl_header *) value)->a_version != 63 cpu_to_le32(REISERFS_ACL_VERSION)) 64 return ERR_PTR(-EINVAL); 65 value = (char *)value + sizeof(reiserfs_acl_header); 66 count = reiserfs_acl_count(size); 67 if (count < 0) 68 return ERR_PTR(-EINVAL); 69 if (count == 0) 70 return NULL; 71 acl = posix_acl_alloc(count, GFP_NOFS); 72 if (!acl) 73 return ERR_PTR(-ENOMEM); 74 for (n = 0; n < count; n++) { 75 reiserfs_acl_entry *entry = (reiserfs_acl_entry *) value; 76 if ((char *)value + sizeof(reiserfs_acl_entry_short) > end) 77 goto fail; 78 acl->a_entries[n].e_tag = le16_to_cpu(entry->e_tag); 79 acl->a_entries[n].e_perm = le16_to_cpu(entry->e_perm); 80 switch (acl->a_entries[n].e_tag) { 81 case ACL_USER_OBJ: 82 case ACL_GROUP_OBJ: 83 case ACL_MASK: 84 case ACL_OTHER: 85 value = (char *)value + 86 sizeof(reiserfs_acl_entry_short); 87 break; 88 89 case ACL_USER: 90 value = (char *)value + sizeof(reiserfs_acl_entry); 91 if ((char *)value > end) 92 goto fail; 93 acl->a_entries[n].e_uid = 94 make_kuid(&init_user_ns, 95 le32_to_cpu(entry->e_id)); 96 break; 97 case ACL_GROUP: 98 value = (char *)value + sizeof(reiserfs_acl_entry); 99 if ((char *)value > end) 100 goto fail; 101 acl->a_entries[n].e_gid = 102 make_kgid(&init_user_ns, 103 le32_to_cpu(entry->e_id)); 104 break; 105 106 default: 107 goto fail; 108 } 109 } 110 if (value != end) 111 goto fail; 112 return acl; 113 114 fail: 115 posix_acl_release(acl); 116 return ERR_PTR(-EINVAL); 117 } 118 119 /* 120 * Convert from in-memory to filesystem representation. 121 */ 122 static void *reiserfs_posix_acl_to_disk(const struct posix_acl *acl, size_t * size) 123 { 124 reiserfs_acl_header *ext_acl; 125 char *e; 126 int n; 127 128 *size = reiserfs_acl_size(acl->a_count); 129 ext_acl = kmalloc(sizeof(reiserfs_acl_header) + 130 acl->a_count * 131 sizeof(reiserfs_acl_entry), 132 GFP_NOFS); 133 if (!ext_acl) 134 return ERR_PTR(-ENOMEM); 135 ext_acl->a_version = cpu_to_le32(REISERFS_ACL_VERSION); 136 e = (char *)ext_acl + sizeof(reiserfs_acl_header); 137 for (n = 0; n < acl->a_count; n++) { 138 const struct posix_acl_entry *acl_e = &acl->a_entries[n]; 139 reiserfs_acl_entry *entry = (reiserfs_acl_entry *) e; 140 entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); 141 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); 142 switch (acl->a_entries[n].e_tag) { 143 case ACL_USER: 144 entry->e_id = cpu_to_le32( 145 from_kuid(&init_user_ns, acl_e->e_uid)); 146 e += sizeof(reiserfs_acl_entry); 147 break; 148 case ACL_GROUP: 149 entry->e_id = cpu_to_le32( 150 from_kgid(&init_user_ns, acl_e->e_gid)); 151 e += sizeof(reiserfs_acl_entry); 152 break; 153 154 case ACL_USER_OBJ: 155 case ACL_GROUP_OBJ: 156 case ACL_MASK: 157 case ACL_OTHER: 158 e += sizeof(reiserfs_acl_entry_short); 159 break; 160 161 default: 162 goto fail; 163 } 164 } 165 return (char *)ext_acl; 166 167 fail: 168 kfree(ext_acl); 169 return ERR_PTR(-EINVAL); 170 } 171 172 /* 173 * Inode operation get_posix_acl(). 174 * 175 * inode->i_mutex: down 176 * BKL held [before 2.5.x] 177 */ 178 struct posix_acl *reiserfs_get_acl(struct inode *inode, int type) 179 { 180 char *name, *value; 181 struct posix_acl *acl; 182 int size; 183 int retval; 184 185 switch (type) { 186 case ACL_TYPE_ACCESS: 187 name = POSIX_ACL_XATTR_ACCESS; 188 break; 189 case ACL_TYPE_DEFAULT: 190 name = POSIX_ACL_XATTR_DEFAULT; 191 break; 192 default: 193 BUG(); 194 } 195 196 size = reiserfs_xattr_get(inode, name, NULL, 0); 197 if (size < 0) { 198 if (size == -ENODATA || size == -ENOSYS) { 199 set_cached_acl(inode, type, NULL); 200 return NULL; 201 } 202 return ERR_PTR(size); 203 } 204 205 value = kmalloc(size, GFP_NOFS); 206 if (!value) 207 return ERR_PTR(-ENOMEM); 208 209 retval = reiserfs_xattr_get(inode, name, value, size); 210 if (retval == -ENODATA || retval == -ENOSYS) { 211 /* This shouldn't actually happen as it should have 212 been caught above.. but just in case */ 213 acl = NULL; 214 } else if (retval < 0) { 215 acl = ERR_PTR(retval); 216 } else { 217 acl = reiserfs_posix_acl_from_disk(value, retval); 218 } 219 if (!IS_ERR(acl)) 220 set_cached_acl(inode, type, acl); 221 222 kfree(value); 223 return acl; 224 } 225 226 /* 227 * Inode operation set_posix_acl(). 228 * 229 * inode->i_mutex: down 230 * BKL held [before 2.5.x] 231 */ 232 static int 233 __reiserfs_set_acl(struct reiserfs_transaction_handle *th, struct inode *inode, 234 int type, struct posix_acl *acl) 235 { 236 char *name; 237 void *value = NULL; 238 size_t size = 0; 239 int error; 240 241 switch (type) { 242 case ACL_TYPE_ACCESS: 243 name = POSIX_ACL_XATTR_ACCESS; 244 if (acl) { 245 error = posix_acl_equiv_mode(acl, &inode->i_mode); 246 if (error < 0) 247 return error; 248 else { 249 if (error == 0) 250 acl = NULL; 251 } 252 } 253 break; 254 case ACL_TYPE_DEFAULT: 255 name = POSIX_ACL_XATTR_DEFAULT; 256 if (!S_ISDIR(inode->i_mode)) 257 return acl ? -EACCES : 0; 258 break; 259 default: 260 return -EINVAL; 261 } 262 263 if (acl) { 264 value = reiserfs_posix_acl_to_disk(acl, &size); 265 if (IS_ERR(value)) 266 return (int)PTR_ERR(value); 267 } 268 269 error = reiserfs_xattr_set_handle(th, inode, name, value, size, 0); 270 271 /* 272 * Ensure that the inode gets dirtied if we're only using 273 * the mode bits and an old ACL didn't exist. We don't need 274 * to check if the inode is hashed here since we won't get 275 * called by reiserfs_inherit_default_acl(). 276 */ 277 if (error == -ENODATA) { 278 error = 0; 279 if (type == ACL_TYPE_ACCESS) { 280 inode->i_ctime = CURRENT_TIME_SEC; 281 mark_inode_dirty(inode); 282 } 283 } 284 285 kfree(value); 286 287 if (!error) 288 set_cached_acl(inode, type, acl); 289 290 return error; 291 } 292 293 /* dir->i_mutex: locked, 294 * inode is new and not released into the wild yet */ 295 int 296 reiserfs_inherit_default_acl(struct reiserfs_transaction_handle *th, 297 struct inode *dir, struct dentry *dentry, 298 struct inode *inode) 299 { 300 struct posix_acl *default_acl, *acl; 301 int err = 0; 302 303 /* ACLs only get applied to files and directories */ 304 if (S_ISLNK(inode->i_mode)) 305 return 0; 306 307 /* ACLs can only be used on "new" objects, so if it's an old object 308 * there is nothing to inherit from */ 309 if (get_inode_sd_version(dir) == STAT_DATA_V1) 310 goto apply_umask; 311 312 /* Don't apply ACLs to objects in the .reiserfs_priv tree.. This 313 * would be useless since permissions are ignored, and a pain because 314 * it introduces locking cycles */ 315 if (IS_PRIVATE(dir)) { 316 inode->i_flags |= S_PRIVATE; 317 goto apply_umask; 318 } 319 320 err = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl); 321 if (err) 322 return err; 323 324 if (default_acl) { 325 err = __reiserfs_set_acl(th, inode, ACL_TYPE_DEFAULT, 326 default_acl); 327 posix_acl_release(default_acl); 328 } 329 if (acl) { 330 if (!err) 331 err = __reiserfs_set_acl(th, inode, ACL_TYPE_ACCESS, 332 acl); 333 posix_acl_release(acl); 334 } 335 336 return err; 337 338 apply_umask: 339 /* no ACL, apply umask */ 340 inode->i_mode &= ~current_umask(); 341 return err; 342 } 343 344 /* This is used to cache the default acl before a new object is created. 345 * The biggest reason for this is to get an idea of how many blocks will 346 * actually be required for the create operation if we must inherit an ACL. 347 * An ACL write can add up to 3 object creations and an additional file write 348 * so we'd prefer not to reserve that many blocks in the journal if we can. 349 * It also has the advantage of not loading the ACL with a transaction open, 350 * this may seem silly, but if the owner of the directory is doing the 351 * creation, the ACL may not be loaded since the permissions wouldn't require 352 * it. 353 * We return the number of blocks required for the transaction. 354 */ 355 int reiserfs_cache_default_acl(struct inode *inode) 356 { 357 struct posix_acl *acl; 358 int nblocks = 0; 359 360 if (IS_PRIVATE(inode)) 361 return 0; 362 363 acl = reiserfs_get_acl(inode, ACL_TYPE_DEFAULT); 364 365 if (acl && !IS_ERR(acl)) { 366 int size = reiserfs_acl_size(acl->a_count); 367 368 /* Other xattrs can be created during inode creation. We don't 369 * want to claim too many blocks, so we check to see if we 370 * we need to create the tree to the xattrs, and then we 371 * just want two files. */ 372 nblocks = reiserfs_xattr_jcreate_nblocks(inode); 373 nblocks += JOURNAL_BLOCKS_PER_OBJECT(inode->i_sb); 374 375 REISERFS_I(inode)->i_flags |= i_has_xattr_dir; 376 377 /* We need to account for writes + bitmaps for two files */ 378 nblocks += reiserfs_xattr_nblocks(inode, size) * 4; 379 posix_acl_release(acl); 380 } 381 382 return nblocks; 383 } 384 385 /* 386 * Called under i_mutex 387 */ 388 int reiserfs_acl_chmod(struct inode *inode) 389 { 390 if (IS_PRIVATE(inode)) 391 return 0; 392 if (get_inode_sd_version(inode) == STAT_DATA_V1 || 393 !reiserfs_posixacl(inode->i_sb)) 394 return 0; 395 396 return posix_acl_chmod(inode, inode->i_mode); 397 } 398