/*
- * Copyright (c) 2001-2002 Silicon Graphics, Inc. All Rights Reserved.
+ * Copyright (c) 2001-2002,2005 Silicon Graphics, Inc.
+ * All Rights Reserved.
*
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of version 2 of the GNU General Public License as
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation.
*
- * This program is distributed in the hope that it would be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * This program is distributed in the hope that it would be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
*
- * Further, this software is distributed without any warranty that it is
- * free of the rightful claim of any third person regarding infringement
- * or the like. Any license provided herein, whether implied or
- * otherwise, applies only to this software file. Patent licenses, if
- * any, provided herein do not apply to combinations of this program with
- * other software, or any other product whatsoever.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write the Free Software Foundation, Inc., 59
- * Temple Place - Suite 330, Boston MA 02111-1307, USA.
- *
- * Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy,
- * Mountain View, CA 94043, or:
- *
- * http://www.sgi.com
- *
- * For further information regarding this notice, see:
- *
- * http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
-
#include "xfs.h"
-
+#include "xfs_fs.h"
+#include "xfs_types.h"
+#include "xfs_bit.h"
#include "xfs_inum.h"
-#include "xfs_dir.h"
+#include "xfs_ag.h"
#include "xfs_dir2.h"
-#include "xfs_alloc_btree.h"
#include "xfs_bmap_btree.h"
+#include "xfs_alloc_btree.h"
#include "xfs_ialloc_btree.h"
-#include "xfs_btree.h"
-#include "xfs_attr_sf.h"
-#include "xfs_dir_sf.h"
#include "xfs_dir2_sf.h"
+#include "xfs_attr_sf.h"
#include "xfs_dinode.h"
#include "xfs_inode.h"
+#include "xfs_btree.h"
#include "xfs_acl.h"
#include "xfs_mac.h"
#include "xfs_attr.h"
+#include <linux/capability.h>
#include <linux/posix_acl_xattr.h>
-STATIC int xfs_acl_setmode(vnode_t *, xfs_acl_t *, int *);
+STATIC int xfs_acl_setmode(bhv_vnode_t *, xfs_acl_t *, int *);
STATIC void xfs_acl_filter_mode(mode_t, xfs_acl_t *);
STATIC void xfs_acl_get_endian(xfs_acl_t *);
STATIC int xfs_acl_access(uid_t, gid_t, xfs_acl_t *, mode_t, cred_t *);
STATIC int xfs_acl_invalid(xfs_acl_t *);
STATIC void xfs_acl_sync_mode(mode_t, xfs_acl_t *);
-STATIC void xfs_acl_get_attr(vnode_t *, xfs_acl_t *, int, int, int *);
-STATIC void xfs_acl_set_attr(vnode_t *, xfs_acl_t *, int, int *);
-STATIC int xfs_acl_allow_set(vnode_t *, int);
+STATIC void xfs_acl_get_attr(bhv_vnode_t *, xfs_acl_t *, int, int, int *);
+STATIC void xfs_acl_set_attr(bhv_vnode_t *, xfs_acl_t *, int, int *);
+STATIC int xfs_acl_allow_set(bhv_vnode_t *, int);
kmem_zone_t *xfs_acl_zone;
*/
int
xfs_acl_vhasacl_access(
- vnode_t *vp)
+ bhv_vnode_t *vp)
{
int error;
*/
int
xfs_acl_vhasacl_default(
- vnode_t *vp)
+ bhv_vnode_t *vp)
{
int error;
- if (vp->v_type != VDIR)
+ if (!VN_ISDIR(vp))
return 0;
xfs_acl_get_attr(vp, NULL, _ACL_TYPE_DEFAULT, ATTR_KERNOVAL, &error);
return (error == 0);
}
/*
- * Comparison function called from qsort().
+ * Comparison function called from xfs_sort().
* Primary key is ae_tag, secondary key is ae_id.
*/
STATIC int
return -ERANGE;
/* Need to sort src XFS ACL by <ae_tag,ae_id> */
- qsort(src->acl_entry, src->acl_cnt, sizeof(src->acl_entry[0]),
- xfs_acl_entry_compare);
+ xfs_sort(src->acl_entry, src->acl_cnt, sizeof(src->acl_entry[0]),
+ xfs_acl_entry_compare);
dest->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION);
dest_entry = &dest->a_entries[0];
int
xfs_acl_vget(
- vnode_t *vp,
+ bhv_vnode_t *vp,
void *acl,
size_t size,
int kind)
int flags = 0;
VN_HOLD(vp);
- if ((error = _MAC_VACCESS(vp, NULL, VREAD)))
- goto out;
if(size) {
if (!(_ACL_ALLOC(xfs_acl))) {
error = ENOMEM;
goto out;
}
if (kind == _ACL_TYPE_ACCESS) {
- vattr_t va;
+ bhv_vattr_t va;
va.va_mask = XFS_AT_MODE;
- VOP_GETATTR(vp, &va, 0, sys_cred, error);
+ error = bhv_vop_getattr(vp, &va, 0, sys_cred);
if (error)
goto out;
xfs_acl_sync_mode(va.va_mode, xfs_acl);
int
xfs_acl_vremove(
- vnode_t *vp,
+ bhv_vnode_t *vp,
int kind)
{
int error;
VN_HOLD(vp);
error = xfs_acl_allow_set(vp, kind);
if (!error) {
- VOP_ATTR_REMOVE(vp, kind == _ACL_TYPE_DEFAULT?
- SGI_ACL_DEFAULT: SGI_ACL_FILE,
- ATTR_ROOT, sys_cred, error);
+ error = bhv_vop_attr_remove(vp, kind == _ACL_TYPE_DEFAULT?
+ SGI_ACL_DEFAULT: SGI_ACL_FILE,
+ ATTR_ROOT, sys_cred);
if (error == ENOATTR)
error = 0; /* 'scool */
}
int
xfs_acl_vset(
- vnode_t *vp,
+ bhv_vnode_t *vp,
void *acl,
size_t size,
int kind)
STATIC int
xfs_acl_allow_set(
- vnode_t *vp,
+ bhv_vnode_t *vp,
int kind)
{
- vattr_t va;
+ bhv_vattr_t va;
int error;
if (vp->v_inode.i_flags & (S_IMMUTABLE|S_APPEND))
return EPERM;
- if (kind == _ACL_TYPE_DEFAULT && vp->v_type != VDIR)
+ if (kind == _ACL_TYPE_DEFAULT && !VN_ISDIR(vp))
return ENOTDIR;
if (vp->v_vfsp->vfs_flag & VFS_RDONLY)
return EROFS;
- if ((error = _MAC_VACCESS(vp, NULL, VWRITE)))
- return error;
va.va_mask = XFS_AT_UID;
- VOP_GETATTR(vp, &va, 0, NULL, error);
+ error = bhv_vop_getattr(vp, &va, 0, NULL);
if (error)
return error;
if (va.va_uid != current->fsuid && !capable(CAP_FOWNER))
return error;
}
-/*
- * Look for any effective exec access, to allow CAP_DAC_OVERRIDE for exec.
- * Ignore checking for exec in USER_OBJ when there is no mask, because
- * in this "minimal acl" case we don't have any actual acls, and we
- * won't even be here.
- */
-STATIC int
-xfs_acl_find_any_exec(
- xfs_acl_t *fap)
-{
- int i;
- int masked_aces = 0;
- int mask = 0;
-
- for (i = 0; i < fap->acl_cnt; i++) {
- if (fap->acl_entry[i].ae_perm & ACL_EXECUTE) {
- if (fap->acl_entry[i].ae_tag & (ACL_USER_OBJ|ACL_OTHER))
- return 1;
-
- if (fap->acl_entry[i].ae_tag == ACL_MASK)
- mask = fap->acl_entry[i].ae_perm;
- else
- masked_aces |= fap->acl_entry[i].ae_perm;
-
- if ((mask & masked_aces) & ACL_EXECUTE)
- return 1;
- }
- }
-
- return 0;
-}
-
/*
* The access control process to determine the access permission:
* if uid == file owner id, use the file owner bits.
* if gid == file owner group id, use the file group bits.
- * scan ACL for a maching user or group, and use matched entry
+ * scan ACL for a matching user or group, and use matched entry
* permission. Use total permissions of all matching group entries,
* until all acl entries are exhausted. The final permission produced
* by matching acl entry or entries needs to be & with group permission.
* if not owner, owning group, or matching entry in ACL, use file
- * other bits. Don't allow CAP_DAC_OVERRIDE on exec access unless
- * there is some effective exec access somewhere.
+ * other bits.
*/
STATIC int
xfs_acl_capability_check(
mode_t mode,
- cred_t *cr,
- xfs_acl_t *fap)
+ cred_t *cr)
{
if ((mode & ACL_READ) && !capable_cred(cr, CAP_DAC_READ_SEARCH))
return EACCES;
if ((mode & ACL_WRITE) && !capable_cred(cr, CAP_DAC_OVERRIDE))
return EACCES;
- if ((mode & ACL_EXECUTE) &&
- (!capable_cred(cr, CAP_DAC_OVERRIDE) ||
- !xfs_acl_find_any_exec(fap))) {
+ if ((mode & ACL_EXECUTE) && !capable_cred(cr, CAP_DAC_OVERRIDE))
return EACCES;
- }
return 0;
}
int seen_userobj = 0;
matched.ae_tag = 0; /* Invalid type */
+ matched.ae_perm = 0;
md >>= 6; /* Normalize the bits for comparison */
for (i = 0; i < fap->acl_cnt; i++) {
break;
}
- return xfs_acl_capability_check(md, cr, fap);
+ return xfs_acl_capability_check(md, cr);
}
/*
*/
STATIC void
xfs_acl_get_attr(
- vnode_t *vp,
+ bhv_vnode_t *vp,
xfs_acl_t *aclp,
int kind,
int flags,
ASSERT((flags & ATTR_KERNOVAL) ? (aclp == NULL) : 1);
flags |= ATTR_ROOT;
- VOP_ATTR_GET(vp,
- kind == _ACL_TYPE_ACCESS ? SGI_ACL_FILE : SGI_ACL_DEFAULT,
- (char *)aclp, &len, flags, sys_cred, *error);
+ *error = bhv_vop_attr_get(vp, kind == _ACL_TYPE_ACCESS ?
+ SGI_ACL_FILE : SGI_ACL_DEFAULT,
+ (char *)aclp, &len, flags, sys_cred);
if (*error || (flags & ATTR_KERNOVAL))
return;
xfs_acl_get_endian(aclp);
*/
STATIC void
xfs_acl_set_attr(
- vnode_t *vp,
+ bhv_vnode_t *vp,
xfs_acl_t *aclp,
int kind,
int *error)
INT_SET(newace->ae_perm, ARCH_CONVERT, ace->ae_perm);
}
INT_SET(newacl->acl_cnt, ARCH_CONVERT, aclp->acl_cnt);
- VOP_ATTR_SET(vp,
- kind == _ACL_TYPE_ACCESS ? SGI_ACL_FILE: SGI_ACL_DEFAULT,
- (char *)newacl, len, ATTR_ROOT, sys_cred, *error);
+ *error = bhv_vop_attr_set(vp, kind == _ACL_TYPE_ACCESS ?
+ SGI_ACL_FILE: SGI_ACL_DEFAULT,
+ (char *)newacl, len, ATTR_ROOT, sys_cred);
_ACL_FREE(newacl);
}
int
xfs_acl_vtoacl(
- vnode_t *vp,
+ bhv_vnode_t *vp,
xfs_acl_t *access_acl,
xfs_acl_t *default_acl)
{
- vattr_t va;
+ bhv_vattr_t va;
int error = 0;
if (access_acl) {
if (!error) {
/* Got the ACL, need the mode... */
va.va_mask = XFS_AT_MODE;
- VOP_GETATTR(vp, &va, 0, sys_cred, error);
+ error = bhv_vop_getattr(vp, &va, 0, sys_cred);
}
if (error)
*/
int
xfs_acl_inherit(
- vnode_t *vp,
- vattr_t *vap,
+ bhv_vnode_t *vp,
+ bhv_vattr_t *vap,
xfs_acl_t *pdaclp)
{
xfs_acl_t *cacl;
* If the new file is a directory, its default ACL is a copy of
* the containing directory's default ACL.
*/
- if (vp->v_type == VDIR)
+ if (VN_ISDIR(vp))
xfs_acl_set_attr(vp, pdaclp, _ACL_TYPE_DEFAULT, &error);
if (!error && !basicperms)
xfs_acl_set_attr(vp, cacl, _ACL_TYPE_ACCESS, &error);
*/
STATIC int
xfs_acl_setmode(
- vnode_t *vp,
+ bhv_vnode_t *vp,
xfs_acl_t *acl,
int *basicperms)
{
- vattr_t va;
+ bhv_vattr_t va;
xfs_acl_entry_t *ap;
xfs_acl_entry_t *gap = NULL;
int i, error, nomask = 1;
* mode. The m:: bits take precedence over the g:: bits.
*/
va.va_mask = XFS_AT_MODE;
- VOP_GETATTR(vp, &va, 0, sys_cred, error);
+ error = bhv_vop_getattr(vp, &va, 0, sys_cred);
if (error)
return error;
if (gap && nomask)
va.va_mode |= gap->ae_perm << 3;
- VOP_SETATTR(vp, &va, 0, sys_cred, error);
- return error;
+ return bhv_vop_setattr(vp, &va, 0, sys_cred);
}
/*
git://git.onelab.eu / linux-2.6.git / blobdiff