4 * Copyright (C) 2001-2003 Andreas Gruenbacher, <agruen@suse.de>
7 #include <linux/init.h>
8 #include <linux/sched.h>
9 #include <linux/slab.h>
11 #include <linux/ext3_jbd.h>
12 #include <linux/ext3_fs.h>
17 * Convert from filesystem to in-memory representation.
19 static struct posix_acl *
20 ext3_acl_from_disk(const void *value, size_t size)
22 const char *end = (char *)value + size;
24 struct posix_acl *acl;
28 if (size < sizeof(ext3_acl_header))
29 return ERR_PTR(-EINVAL);
30 if (((ext3_acl_header *)value)->a_version !=
31 cpu_to_le32(EXT3_ACL_VERSION))
32 return ERR_PTR(-EINVAL);
33 value = (char *)value + sizeof(ext3_acl_header);
34 count = ext3_acl_count(size);
36 return ERR_PTR(-EINVAL);
39 acl = posix_acl_alloc(count, GFP_KERNEL);
41 return ERR_PTR(-ENOMEM);
42 for (n=0; n < count; n++) {
43 ext3_acl_entry *entry =
44 (ext3_acl_entry *)value;
45 if ((char *)value + sizeof(ext3_acl_entry_short) > end)
47 acl->a_entries[n].e_tag = le16_to_cpu(entry->e_tag);
48 acl->a_entries[n].e_perm = le16_to_cpu(entry->e_perm);
49 switch(acl->a_entries[n].e_tag) {
54 value = (char *)value +
55 sizeof(ext3_acl_entry_short);
56 acl->a_entries[n].e_id = ACL_UNDEFINED_ID;
61 value = (char *)value + sizeof(ext3_acl_entry);
62 if ((char *)value > end)
64 acl->a_entries[n].e_id =
65 le32_to_cpu(entry->e_id);
77 posix_acl_release(acl);
78 return ERR_PTR(-EINVAL);
82 * Convert from in-memory to filesystem representation.
85 ext3_acl_to_disk(const struct posix_acl *acl, size_t *size)
87 ext3_acl_header *ext_acl;
91 *size = ext3_acl_size(acl->a_count);
92 ext_acl = (ext3_acl_header *)kmalloc(sizeof(ext3_acl_header) +
93 acl->a_count * sizeof(ext3_acl_entry), GFP_KERNEL);
95 return ERR_PTR(-ENOMEM);
96 ext_acl->a_version = cpu_to_le32(EXT3_ACL_VERSION);
97 e = (char *)ext_acl + sizeof(ext3_acl_header);
98 for (n=0; n < acl->a_count; n++) {
99 ext3_acl_entry *entry = (ext3_acl_entry *)e;
100 entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag);
101 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm);
102 switch(acl->a_entries[n].e_tag) {
106 cpu_to_le32(acl->a_entries[n].e_id);
107 e += sizeof(ext3_acl_entry);
114 e += sizeof(ext3_acl_entry_short);
121 return (char *)ext_acl;
125 return ERR_PTR(-EINVAL);
128 static inline struct posix_acl *
129 ext3_iget_acl(struct inode *inode, struct posix_acl **i_acl)
131 struct posix_acl *acl = EXT3_ACL_NOT_CACHED;
133 spin_lock(&inode->i_lock);
134 if (*i_acl != EXT3_ACL_NOT_CACHED)
135 acl = posix_acl_dup(*i_acl);
136 spin_unlock(&inode->i_lock);
142 ext3_iset_acl(struct inode *inode, struct posix_acl **i_acl,
143 struct posix_acl *acl)
145 spin_lock(&inode->i_lock);
146 if (*i_acl != EXT3_ACL_NOT_CACHED)
147 posix_acl_release(*i_acl);
148 *i_acl = posix_acl_dup(acl);
149 spin_unlock(&inode->i_lock);
153 * Inode operation get_posix_acl().
155 * inode->i_sem: don't care
157 static struct posix_acl *
158 ext3_get_acl(struct inode *inode, int type)
160 struct ext3_inode_info *ei = EXT3_I(inode);
163 struct posix_acl *acl;
166 if (!test_opt(inode->i_sb, POSIX_ACL))
170 case ACL_TYPE_ACCESS:
171 acl = ext3_iget_acl(inode, &ei->i_acl);
172 if (acl != EXT3_ACL_NOT_CACHED)
174 name_index = EXT3_XATTR_INDEX_POSIX_ACL_ACCESS;
177 case ACL_TYPE_DEFAULT:
178 acl = ext3_iget_acl(inode, &ei->i_default_acl);
179 if (acl != EXT3_ACL_NOT_CACHED)
181 name_index = EXT3_XATTR_INDEX_POSIX_ACL_DEFAULT;
185 return ERR_PTR(-EINVAL);
187 retval = ext3_xattr_get(inode, name_index, "", NULL, 0);
189 value = kmalloc(retval, GFP_KERNEL);
191 return ERR_PTR(-ENOMEM);
192 retval = ext3_xattr_get(inode, name_index, "", value, retval);
195 acl = ext3_acl_from_disk(value, retval);
196 else if (retval == -ENODATA || retval == -ENOSYS)
199 acl = ERR_PTR(retval);
205 case ACL_TYPE_ACCESS:
206 ext3_iset_acl(inode, &ei->i_acl, acl);
209 case ACL_TYPE_DEFAULT:
210 ext3_iset_acl(inode, &ei->i_default_acl, acl);
218 * Set the access or default ACL of an inode.
220 * inode->i_sem: down unless called from ext3_new_inode
223 ext3_set_acl(handle_t *handle, struct inode *inode, int type,
224 struct posix_acl *acl)
226 struct ext3_inode_info *ei = EXT3_I(inode);
232 if (S_ISLNK(inode->i_mode))
236 case ACL_TYPE_ACCESS:
237 name_index = EXT3_XATTR_INDEX_POSIX_ACL_ACCESS;
239 mode_t mode = inode->i_mode;
240 error = posix_acl_equiv_mode(acl, &mode);
244 inode->i_mode = mode;
245 ext3_mark_inode_dirty(handle, inode);
252 case ACL_TYPE_DEFAULT:
253 name_index = EXT3_XATTR_INDEX_POSIX_ACL_DEFAULT;
254 if (!S_ISDIR(inode->i_mode))
255 return acl ? -EACCES : 0;
262 if (acl->a_count > EXT3_ACL_MAX_ENTRIES)
264 value = ext3_acl_to_disk(acl, &size);
266 return (int)PTR_ERR(value);
269 error = ext3_xattr_set_handle(handle, inode, name_index, "",
276 case ACL_TYPE_ACCESS:
277 ext3_iset_acl(inode, &ei->i_acl, acl);
280 case ACL_TYPE_DEFAULT:
281 ext3_iset_acl(inode, &ei->i_default_acl, acl);
289 * Inode operation permission().
291 * inode->i_sem: don't care
294 ext3_permission(struct inode *inode, int mask, struct nameidata *nd)
296 int mode = inode->i_mode;
298 /* Nobody gets write access to a read-only fs */
299 if ((mask & MAY_WRITE) && IS_RDONLY(inode) &&
300 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
302 /* Nobody gets write access to an immutable file */
303 if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode))
305 if (current->fsuid == inode->i_uid) {
307 } else if (test_opt(inode->i_sb, POSIX_ACL)) {
308 struct posix_acl *acl;
310 /* The access ACL cannot grant access if the group class
311 permission bits don't contain all requested permissions. */
312 if (((mode >> 3) & mask & S_IRWXO) != mask)
314 acl = ext3_get_acl(inode, ACL_TYPE_ACCESS);
316 int error = posix_acl_permission(inode, acl, mask);
317 posix_acl_release(acl);
318 if (error == -EACCES)
319 goto check_capabilities;
325 if (in_group_p(inode->i_gid))
328 if ((mode & mask & S_IRWXO) == mask)
332 /* Allowed to override Discretionary Access Control? */
333 if (!(mask & MAY_EXEC) ||
334 (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
335 if (capable(CAP_DAC_OVERRIDE))
337 /* Read and search granted if capable(CAP_DAC_READ_SEARCH) */
338 if (capable(CAP_DAC_READ_SEARCH) && ((mask == MAY_READ) ||
339 (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))))
345 * Initialize the ACLs of a new inode. Called from ext3_new_inode.
348 * inode->i_sem: up (access to inode is still exclusive)
351 ext3_init_acl(handle_t *handle, struct inode *inode, struct inode *dir)
353 struct posix_acl *acl = NULL;
356 if (!S_ISLNK(inode->i_mode)) {
357 if (test_opt(dir->i_sb, POSIX_ACL)) {
358 acl = ext3_get_acl(dir, ACL_TYPE_DEFAULT);
363 inode->i_mode &= ~current->fs->umask;
365 if (test_opt(inode->i_sb, POSIX_ACL) && acl) {
366 struct posix_acl *clone;
369 if (S_ISDIR(inode->i_mode)) {
370 error = ext3_set_acl(handle, inode,
371 ACL_TYPE_DEFAULT, acl);
375 clone = posix_acl_clone(acl, GFP_KERNEL);
380 mode = inode->i_mode;
381 error = posix_acl_create_masq(clone, &mode);
383 inode->i_mode = mode;
385 /* This is an extended ACL */
386 error = ext3_set_acl(handle, inode,
387 ACL_TYPE_ACCESS, clone);
390 posix_acl_release(clone);
393 posix_acl_release(acl);
398 * Does chmod for an inode that may have an Access Control List. The
399 * inode->i_mode field must be updated to the desired value by the caller
400 * before calling this function.
401 * Returns 0 on success, or a negative error number.
403 * We change the ACL rather than storing some ACL entries in the file
404 * mode permission bits (which would be more efficient), because that
405 * would break once additional permissions (like ACL_APPEND, ACL_DELETE
406 * for directories) are added. There are no more bits available in the
412 ext3_acl_chmod(struct inode *inode)
414 struct posix_acl *acl, *clone;
417 if (S_ISLNK(inode->i_mode))
419 if (!test_opt(inode->i_sb, POSIX_ACL))
421 acl = ext3_get_acl(inode, ACL_TYPE_ACCESS);
422 if (IS_ERR(acl) || !acl)
424 clone = posix_acl_clone(acl, GFP_KERNEL);
425 posix_acl_release(acl);
428 error = posix_acl_chmod_masq(clone, inode->i_mode);
432 handle = ext3_journal_start(inode, EXT3_DATA_TRANS_BLOCKS);
433 if (IS_ERR(handle)) {
434 error = PTR_ERR(handle);
435 ext3_std_error(inode->i_sb, error);
438 error = ext3_set_acl(handle, inode, ACL_TYPE_ACCESS, clone);
439 ext3_journal_stop(handle);
442 posix_acl_release(clone);
447 * Extended attribute handlers
450 ext3_xattr_list_acl_access(char *list, struct inode *inode,
451 const char *name, int name_len)
453 const size_t size = sizeof(XATTR_NAME_ACL_ACCESS);
455 if (!test_opt(inode->i_sb, POSIX_ACL))
458 memcpy(list, XATTR_NAME_ACL_ACCESS, size);
463 ext3_xattr_list_acl_default(char *list, struct inode *inode,
464 const char *name, int name_len)
466 const size_t size = sizeof(XATTR_NAME_ACL_DEFAULT);
468 if (!test_opt(inode->i_sb, POSIX_ACL))
471 memcpy(list, XATTR_NAME_ACL_DEFAULT, size);
476 ext3_xattr_get_acl(struct inode *inode, int type, void *buffer, size_t size)
478 struct posix_acl *acl;
481 if (!test_opt(inode->i_sb, POSIX_ACL))
484 acl = ext3_get_acl(inode, type);
489 error = posix_acl_to_xattr(acl, buffer, size);
490 posix_acl_release(acl);
496 ext3_xattr_get_acl_access(struct inode *inode, const char *name,
497 void *buffer, size_t size)
499 if (strcmp(name, "") != 0)
501 return ext3_xattr_get_acl(inode, ACL_TYPE_ACCESS, buffer, size);
505 ext3_xattr_get_acl_default(struct inode *inode, const char *name,
506 void *buffer, size_t size)
508 if (strcmp(name, "") != 0)
510 return ext3_xattr_get_acl(inode, ACL_TYPE_DEFAULT, buffer, size);
514 ext3_xattr_set_acl(struct inode *inode, int type, const void *value,
518 struct posix_acl *acl;
521 if (!test_opt(inode->i_sb, POSIX_ACL))
523 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
527 acl = posix_acl_from_xattr(value, size);
531 error = posix_acl_valid(acl);
533 goto release_and_out;
538 handle = ext3_journal_start(inode, EXT3_DATA_TRANS_BLOCKS);
540 return PTR_ERR(handle);
541 error = ext3_set_acl(handle, inode, type, acl);
542 ext3_journal_stop(handle);
545 posix_acl_release(acl);
550 ext3_xattr_set_acl_access(struct inode *inode, const char *name,
551 const void *value, size_t size, int flags)
553 if (strcmp(name, "") != 0)
555 return ext3_xattr_set_acl(inode, ACL_TYPE_ACCESS, value, size);
559 ext3_xattr_set_acl_default(struct inode *inode, const char *name,
560 const void *value, size_t size, int flags)
562 if (strcmp(name, "") != 0)
564 return ext3_xattr_set_acl(inode, ACL_TYPE_DEFAULT, value, size);
567 struct ext3_xattr_handler ext3_xattr_acl_access_handler = {
568 .prefix = XATTR_NAME_ACL_ACCESS,
569 .list = ext3_xattr_list_acl_access,
570 .get = ext3_xattr_get_acl_access,
571 .set = ext3_xattr_set_acl_access,
574 struct ext3_xattr_handler ext3_xattr_acl_default_handler = {
575 .prefix = XATTR_NAME_ACL_DEFAULT,
576 .list = ext3_xattr_list_acl_default,
577 .get = ext3_xattr_get_acl_default,
578 .set = ext3_xattr_set_acl_default,
584 ext3_xattr_unregister(EXT3_XATTR_INDEX_POSIX_ACL_ACCESS,
585 &ext3_xattr_acl_access_handler);
586 ext3_xattr_unregister(EXT3_XATTR_INDEX_POSIX_ACL_DEFAULT,
587 &ext3_xattr_acl_default_handler);
595 error = ext3_xattr_register(EXT3_XATTR_INDEX_POSIX_ACL_ACCESS,
596 &ext3_xattr_acl_access_handler);
599 error = ext3_xattr_register(EXT3_XATTR_INDEX_POSIX_ACL_DEFAULT,
600 &ext3_xattr_acl_default_handler);
git://git.onelab.eu / linux-2.6.git / blob