X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=fs%2Fposix_acl.c;h=6c8dcf7613fd89bf903a95b311af8a1eee2bf8ce;hb=43bc926fffd92024b46cafaf7350d669ba9ca884;hp=c802d5a2f16abcdcdcf04cbe6272e59bc604cb5a;hpb=5273a3df6485dc2ad6aa7ddd441b9a21970f003b;p=linux-2.6.git diff --git a/fs/posix_acl.c b/fs/posix_acl.c index c802d5a2f..6c8dcf761 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -29,14 +29,13 @@ EXPORT_SYMBOL(posix_acl_equiv_mode); EXPORT_SYMBOL(posix_acl_from_mode); EXPORT_SYMBOL(posix_acl_create_masq); EXPORT_SYMBOL(posix_acl_chmod_masq); -EXPORT_SYMBOL(posix_acl_masq_nfs_mode); EXPORT_SYMBOL(posix_acl_permission); /* * Allocate a new ACL with the specified number of entries. */ struct posix_acl * -posix_acl_alloc(int count, int flags) +posix_acl_alloc(int count, gfp_t flags) { const size_t size = sizeof(struct posix_acl) + count * sizeof(struct posix_acl_entry); @@ -52,7 +51,7 @@ posix_acl_alloc(int count, int flags) * Clone an ACL. */ struct posix_acl * -posix_acl_clone(const struct posix_acl *acl, int flags) +posix_acl_clone(const struct posix_acl *acl, gfp_t flags) { struct posix_acl *clone = NULL; @@ -186,7 +185,7 @@ posix_acl_equiv_mode(const struct posix_acl *acl, mode_t *mode_p) * Create an ACL representing the file mode permission bits of an inode. */ struct posix_acl * -posix_acl_from_mode(mode_t mode, int flags) +posix_acl_from_mode(mode_t mode, gfp_t flags) { struct posix_acl *acl = posix_acl_alloc(3, flags); if (!acl) @@ -380,44 +379,3 @@ posix_acl_chmod_masq(struct posix_acl *acl, mode_t mode) return 0; } - -/* - * Adjust the mode parameter so that NFSv2 grants nobody permissions - * that may not be granted by the ACL. This is necessary because NFSv2 - * may compute access permissions on the client side, and may serve cached - * data whenever it assumes access would be granted. Since ACLs may also - * be used to deny access to specific users, the minimal permissions - * for secure operation over NFSv2 are very restrictive. Permissions - * granted to users via Access Control Lists will not be effective over - * NFSv2. - * - * Privilege escalation can only happen for read operations, as writes are - * always carried out on the NFS server, where the proper access checks are - * implemented. - */ -int -posix_acl_masq_nfs_mode(struct posix_acl *acl, mode_t *mode_p) -{ - struct posix_acl_entry *pa, *pe; int min_perm = S_IRWXO; - - FOREACH_ACL_ENTRY(pa, acl, pe) { - switch(pa->e_tag) { - case ACL_USER_OBJ: - break; - - case ACL_USER: - case ACL_GROUP_OBJ: - case ACL_GROUP: - case ACL_MASK: - case ACL_OTHER: - min_perm &= pa->e_perm; - break; - - default: - return -EIO; - } - } - *mode_p = (*mode_p & ~(S_IRWXG|S_IRWXO)) | (min_perm << 3) | min_perm; - - return 0; -}