1 /*
2  * Copyright (C) Sistina Software, Inc.  1997-2003 All rights reserved.
3  * Copyright (C) 2004-2006 Red Hat, Inc.  All rights reserved.
4  *
5  * This copyrighted material is made available to anyone wishing to use,
6  * modify, copy, or redistribute it subject to the terms and conditions
7  * of the GNU General Public License version 2.
8  */
9 
10 #include <linux/sched.h>
11 #include <linux/slab.h>
12 #include <linux/spinlock.h>
13 #include <linux/completion.h>
14 #include <linux/buffer_head.h>
15 #include <linux/xattr.h>
16 #include <linux/posix_acl.h>
17 #include <linux/posix_acl_xattr.h>
18 #include <linux/gfs2_ondisk.h>
19 
20 #include "gfs2.h"
21 #include "incore.h"
22 #include "acl.h"
23 #include "xattr.h"
24 #include "glock.h"
25 #include "inode.h"
26 #include "meta_io.h"
27 #include "trans.h"
28 #include "util.h"
29 
gfs2_acl_name(int type)30 static const char *gfs2_acl_name(int type)
31 {
32 	switch (type) {
33 	case ACL_TYPE_ACCESS:
34 		return GFS2_POSIX_ACL_ACCESS;
35 	case ACL_TYPE_DEFAULT:
36 		return GFS2_POSIX_ACL_DEFAULT;
37 	}
38 	return NULL;
39 }
40 
gfs2_acl_get(struct gfs2_inode * ip,int type)41 static struct posix_acl *gfs2_acl_get(struct gfs2_inode *ip, int type)
42 {
43 	struct posix_acl *acl;
44 	const char *name;
45 	char *data;
46 	int len;
47 
48 	if (!ip->i_eattr)
49 		return NULL;
50 
51 	acl = get_cached_acl(&ip->i_inode, type);
52 	if (acl != ACL_NOT_CACHED)
53 		return acl;
54 
55 	name = gfs2_acl_name(type);
56 	if (name == NULL)
57 		return ERR_PTR(-EINVAL);
58 
59 	len = gfs2_xattr_acl_get(ip, name, &data);
60 	if (len < 0)
61 		return ERR_PTR(len);
62 	if (len == 0)
63 		return NULL;
64 
65 	acl = posix_acl_from_xattr(data, len);
66 	kfree(data);
67 	return acl;
68 }
69 
70 /**
71  * gfs2_check_acl - Check an ACL to see if we're allowed to do something
72  * @inode: the file we want to do something to
73  * @mask: what we want to do
74  *
75  * Returns: errno
76  */
77 
gfs2_check_acl(struct inode * inode,int mask,unsigned int flags)78 int gfs2_check_acl(struct inode *inode, int mask, unsigned int flags)
79 {
80 	struct posix_acl *acl;
81 	int error;
82 
83 	if (flags & IPERM_FLAG_RCU) {
84 		if (!negative_cached_acl(inode, ACL_TYPE_ACCESS))
85 			return -ECHILD;
86 		return -EAGAIN;
87 	}
88 
89 	acl = gfs2_acl_get(GFS2_I(inode), ACL_TYPE_ACCESS);
90 	if (IS_ERR(acl))
91 		return PTR_ERR(acl);
92 
93 	if (acl) {
94 		error = posix_acl_permission(inode, acl, mask);
95 		posix_acl_release(acl);
96 		return error;
97 	}
98 
99 	return -EAGAIN;
100 }
101 
gfs2_set_mode(struct inode * inode,mode_t mode)102 static int gfs2_set_mode(struct inode *inode, mode_t mode)
103 {
104 	int error = 0;
105 
106 	if (mode != inode->i_mode) {
107 		struct iattr iattr;
108 
109 		iattr.ia_valid = ATTR_MODE;
110 		iattr.ia_mode = mode;
111 
112 		error = gfs2_setattr_simple(GFS2_I(inode), &iattr);
113 	}
114 
115 	return error;
116 }
117 
gfs2_acl_set(struct inode * inode,int type,struct posix_acl * acl)118 static int gfs2_acl_set(struct inode *inode, int type, struct posix_acl *acl)
119 {
120 	int error;
121 	int len;
122 	char *data;
123 	const char *name = gfs2_acl_name(type);
124 
125 	BUG_ON(name == NULL);
126 	len = posix_acl_to_xattr(acl, NULL, 0);
127 	if (len == 0)
128 		return 0;
129 	data = kmalloc(len, GFP_NOFS);
130 	if (data == NULL)
131 		return -ENOMEM;
132 	error = posix_acl_to_xattr(acl, data, len);
133 	if (error < 0)
134 		goto out;
135 	error = __gfs2_xattr_set(inode, name, data, len, 0, GFS2_EATYPE_SYS);
136 	if (!error)
137 		set_cached_acl(inode, type, acl);
138 out:
139 	kfree(data);
140 	return error;
141 }
142 
gfs2_acl_create(struct gfs2_inode * dip,struct inode * inode)143 int gfs2_acl_create(struct gfs2_inode *dip, struct inode *inode)
144 {
145 	struct gfs2_sbd *sdp = GFS2_SB(&dip->i_inode);
146 	struct posix_acl *acl, *clone;
147 	mode_t mode = inode->i_mode;
148 	int error = 0;
149 
150 	if (!sdp->sd_args.ar_posix_acl)
151 		return 0;
152 	if (S_ISLNK(inode->i_mode))
153 		return 0;
154 
155 	acl = gfs2_acl_get(dip, ACL_TYPE_DEFAULT);
156 	if (IS_ERR(acl))
157 		return PTR_ERR(acl);
158 	if (!acl) {
159 		mode &= ~current_umask();
160 		if (mode != inode->i_mode)
161 			error = gfs2_set_mode(inode, mode);
162 		return error;
163 	}
164 
165 	if (S_ISDIR(inode->i_mode)) {
166 		error = gfs2_acl_set(inode, ACL_TYPE_DEFAULT, acl);
167 		if (error)
168 			goto out;
169 	}
170 
171 	clone = posix_acl_clone(acl, GFP_NOFS);
172 	error = -ENOMEM;
173 	if (!clone)
174 		goto out;
175 	posix_acl_release(acl);
176 	acl = clone;
177 
178 	error = posix_acl_create_masq(acl, &mode);
179 	if (error < 0)
180 		goto out;
181 	if (error == 0)
182 		goto munge;
183 
184 	error = gfs2_acl_set(inode, ACL_TYPE_ACCESS, acl);
185 	if (error)
186 		goto out;
187 munge:
188 	error = gfs2_set_mode(inode, mode);
189 out:
190 	posix_acl_release(acl);
191 	return error;
192 }
193 
gfs2_acl_chmod(struct gfs2_inode * ip,struct iattr * attr)194 int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr)
195 {
196 	struct posix_acl *acl, *clone;
197 	char *data;
198 	unsigned int len;
199 	int error;
200 
201 	acl = gfs2_acl_get(ip, ACL_TYPE_ACCESS);
202 	if (IS_ERR(acl))
203 		return PTR_ERR(acl);
204 	if (!acl)
205 		return gfs2_setattr_simple(ip, attr);
206 
207 	clone = posix_acl_clone(acl, GFP_NOFS);
208 	error = -ENOMEM;
209 	if (!clone)
210 		goto out;
211 	posix_acl_release(acl);
212 	acl = clone;
213 
214 	error = posix_acl_chmod_masq(acl, attr->ia_mode);
215 	if (!error) {
216 		len = posix_acl_to_xattr(acl, NULL, 0);
217 		data = kmalloc(len, GFP_NOFS);
218 		error = -ENOMEM;
219 		if (data == NULL)
220 			goto out;
221 		posix_acl_to_xattr(acl, data, len);
222 		error = gfs2_xattr_acl_chmod(ip, attr, data);
223 		kfree(data);
224 		set_cached_acl(&ip->i_inode, ACL_TYPE_ACCESS, acl);
225 	}
226 
227 out:
228 	posix_acl_release(acl);
229 	return error;
230 }
231 
gfs2_acl_type(const char * name)232 static int gfs2_acl_type(const char *name)
233 {
234 	if (strcmp(name, GFS2_POSIX_ACL_ACCESS) == 0)
235 		return ACL_TYPE_ACCESS;
236 	if (strcmp(name, GFS2_POSIX_ACL_DEFAULT) == 0)
237 		return ACL_TYPE_DEFAULT;
238 	return -EINVAL;
239 }
240 
gfs2_xattr_system_get(struct dentry * dentry,const char * name,void * buffer,size_t size,int xtype)241 static int gfs2_xattr_system_get(struct dentry *dentry, const char *name,
242 				 void *buffer, size_t size, int xtype)
243 {
244 	struct inode *inode = dentry->d_inode;
245 	struct gfs2_sbd *sdp = GFS2_SB(inode);
246 	struct posix_acl *acl;
247 	int type;
248 	int error;
249 
250 	if (!sdp->sd_args.ar_posix_acl)
251 		return -EOPNOTSUPP;
252 
253 	type = gfs2_acl_type(name);
254 	if (type < 0)
255 		return type;
256 
257 	acl = gfs2_acl_get(GFS2_I(inode), type);
258 	if (IS_ERR(acl))
259 		return PTR_ERR(acl);
260 	if (acl == NULL)
261 		return -ENODATA;
262 
263 	error = posix_acl_to_xattr(acl, buffer, size);
264 	posix_acl_release(acl);
265 
266 	return error;
267 }
268 
gfs2_xattr_system_set(struct dentry * dentry,const char * name,const void * value,size_t size,int flags,int xtype)269 static int gfs2_xattr_system_set(struct dentry *dentry, const char *name,
270 				 const void *value, size_t size, int flags,
271 				 int xtype)
272 {
273 	struct inode *inode = dentry->d_inode;
274 	struct gfs2_sbd *sdp = GFS2_SB(inode);
275 	struct posix_acl *acl = NULL;
276 	int error = 0, type;
277 
278 	if (!sdp->sd_args.ar_posix_acl)
279 		return -EOPNOTSUPP;
280 
281 	type = gfs2_acl_type(name);
282 	if (type < 0)
283 		return type;
284 	if (flags & XATTR_CREATE)
285 		return -EINVAL;
286 	if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
287 		return value ? -EACCES : 0;
288 	if ((current_fsuid() != inode->i_uid) && !capable(CAP_FOWNER))
289 		return -EPERM;
290 	if (S_ISLNK(inode->i_mode))
291 		return -EOPNOTSUPP;
292 
293 	if (!value)
294 		goto set_acl;
295 
296 	acl = posix_acl_from_xattr(value, size);
297 	if (!acl) {
298 		/*
299 		 * acl_set_file(3) may request that we set default ACLs with
300 		 * zero length -- defend (gracefully) against that here.
301 		 */
302 		goto out;
303 	}
304 	if (IS_ERR(acl)) {
305 		error = PTR_ERR(acl);
306 		goto out;
307 	}
308 
309 	error = posix_acl_valid(acl);
310 	if (error)
311 		goto out_release;
312 
313 	error = -EINVAL;
314 	if (acl->a_count > GFS2_ACL_MAX_ENTRIES)
315 		goto out_release;
316 
317 	if (type == ACL_TYPE_ACCESS) {
318 		mode_t mode = inode->i_mode;
319 		error = posix_acl_equiv_mode(acl, &mode);
320 
321 		if (error <= 0) {
322 			posix_acl_release(acl);
323 			acl = NULL;
324 
325 			if (error < 0)
326 				return error;
327 		}
328 
329 		error = gfs2_set_mode(inode, mode);
330 		if (error)
331 			goto out_release;
332 	}
333 
334 set_acl:
335 	error = __gfs2_xattr_set(inode, name, value, size, 0, GFS2_EATYPE_SYS);
336 	if (!error) {
337 		if (acl)
338 			set_cached_acl(inode, type, acl);
339 		else
340 			forget_cached_acl(inode, type);
341 	}
342 out_release:
343 	posix_acl_release(acl);
344 out:
345 	return error;
346 }
347 
348 const struct xattr_handler gfs2_xattr_system_handler = {
349 	.prefix = XATTR_SYSTEM_PREFIX,
350 	.flags  = GFS2_EATYPE_SYS,
351 	.get    = gfs2_xattr_system_get,
352 	.set    = gfs2_xattr_system_set,
353 };
354 
355