Commit | Line | Data |
---|---|---|
b3b94faa DT |
1 | /* |
2 | * Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved. | |
3a8a9a10 | 3 | * Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved. |
b3b94faa DT |
4 | * |
5 | * This copyrighted material is made available to anyone wishing to use, | |
6 | * modify, copy, or redistribute it subject to the terms and conditions | |
e9fc2aa0 | 7 | * of the GNU General Public License version 2. |
b3b94faa DT |
8 | */ |
9 | ||
10 | #include <linux/sched.h> | |
11 | #include <linux/slab.h> | |
12 | #include <linux/spinlock.h> | |
13 | #include <linux/completion.h> | |
14 | #include <linux/buffer_head.h> | |
15 | #include <linux/xattr.h> | |
5c676f6d | 16 | #include <linux/gfs2_ondisk.h> |
b3b94faa DT |
17 | #include <asm/uaccess.h> |
18 | ||
19 | #include "gfs2.h" | |
5c676f6d SW |
20 | #include "lm_interface.h" |
21 | #include "incore.h" | |
b3b94faa DT |
22 | #include "acl.h" |
23 | #include "eaops.h" | |
24 | #include "eattr.h" | |
5c676f6d | 25 | #include "util.h" |
b3b94faa DT |
26 | |
27 | /** | |
28 | * gfs2_ea_name2type - get the type of the ea, and truncate type from the name | |
29 | * @namep: ea name, possibly with type appended | |
30 | * | |
31 | * Returns: GFS2_EATYPE_XXX | |
32 | */ | |
33 | ||
cca195c5 | 34 | unsigned int gfs2_ea_name2type(const char *name, const char **truncated_name) |
b3b94faa DT |
35 | { |
36 | unsigned int type; | |
37 | ||
38 | if (strncmp(name, "system.", 7) == 0) { | |
39 | type = GFS2_EATYPE_SYS; | |
40 | if (truncated_name) | |
cca195c5 | 41 | *truncated_name = name + sizeof("system.") - 1; |
b3b94faa DT |
42 | } else if (strncmp(name, "user.", 5) == 0) { |
43 | type = GFS2_EATYPE_USR; | |
44 | if (truncated_name) | |
cca195c5 | 45 | *truncated_name = name + sizeof("user.") - 1; |
639b6d79 RH |
46 | } else if (strncmp(name, "security.", 9) == 0) { |
47 | type = GFS2_EATYPE_SECURITY; | |
48 | if (truncated_name) | |
cca195c5 | 49 | *truncated_name = name + sizeof("security.") - 1; |
b3b94faa DT |
50 | } else { |
51 | type = GFS2_EATYPE_UNUSED; | |
52 | if (truncated_name) | |
53 | *truncated_name = NULL; | |
54 | } | |
55 | ||
56 | return type; | |
57 | } | |
58 | ||
59 | static int user_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er) | |
60 | { | |
feaa7bba | 61 | struct inode *inode = &ip->i_inode; |
b3b94faa DT |
62 | int error = permission(inode, MAY_READ, NULL); |
63 | if (error) | |
64 | return error; | |
65 | ||
66 | return gfs2_ea_get_i(ip, er); | |
67 | } | |
68 | ||
69 | static int user_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er) | |
70 | { | |
feaa7bba | 71 | struct inode *inode = &ip->i_inode; |
b3b94faa DT |
72 | |
73 | if (S_ISREG(inode->i_mode) || | |
74 | (S_ISDIR(inode->i_mode) && !(inode->i_mode & S_ISVTX))) { | |
75 | int error = permission(inode, MAY_WRITE, NULL); | |
76 | if (error) | |
77 | return error; | |
78 | } else | |
79 | return -EPERM; | |
80 | ||
81 | return gfs2_ea_set_i(ip, er); | |
82 | } | |
83 | ||
84 | static int user_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er) | |
85 | { | |
feaa7bba | 86 | struct inode *inode = &ip->i_inode; |
b3b94faa DT |
87 | |
88 | if (S_ISREG(inode->i_mode) || | |
89 | (S_ISDIR(inode->i_mode) && !(inode->i_mode & S_ISVTX))) { | |
90 | int error = permission(inode, MAY_WRITE, NULL); | |
91 | if (error) | |
92 | return error; | |
93 | } else | |
94 | return -EPERM; | |
95 | ||
96 | return gfs2_ea_remove_i(ip, er); | |
97 | } | |
98 | ||
99 | static int system_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er) | |
100 | { | |
101 | if (!GFS2_ACL_IS_ACCESS(er->er_name, er->er_name_len) && | |
102 | !GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len) && | |
103 | !capable(CAP_SYS_ADMIN)) | |
104 | return -EPERM; | |
105 | ||
feaa7bba | 106 | if (GFS2_SB(&ip->i_inode)->sd_args.ar_posix_acl == 0 && |
b3b94faa DT |
107 | (GFS2_ACL_IS_ACCESS(er->er_name, er->er_name_len) || |
108 | GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len))) | |
109 | return -EOPNOTSUPP; | |
110 | ||
111 | ||
112 | ||
113 | return gfs2_ea_get_i(ip, er); | |
114 | } | |
115 | ||
116 | static int system_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er) | |
117 | { | |
118 | int remove = 0; | |
119 | int error; | |
120 | ||
121 | if (GFS2_ACL_IS_ACCESS(er->er_name, er->er_name_len)) { | |
122 | if (!(er->er_flags & GFS2_ERF_MODE)) { | |
123 | er->er_mode = ip->i_di.di_mode; | |
124 | er->er_flags |= GFS2_ERF_MODE; | |
125 | } | |
126 | error = gfs2_acl_validate_set(ip, 1, er, | |
127 | &remove, &er->er_mode); | |
128 | if (error) | |
129 | return error; | |
130 | error = gfs2_ea_set_i(ip, er); | |
131 | if (error) | |
132 | return error; | |
133 | if (remove) | |
134 | gfs2_ea_remove_i(ip, er); | |
135 | return 0; | |
136 | ||
137 | } else if (GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len)) { | |
138 | error = gfs2_acl_validate_set(ip, 0, er, | |
139 | &remove, NULL); | |
140 | if (error) | |
141 | return error; | |
142 | if (!remove) | |
143 | error = gfs2_ea_set_i(ip, er); | |
144 | else { | |
145 | error = gfs2_ea_remove_i(ip, er); | |
146 | if (error == -ENODATA) | |
147 | error = 0; | |
148 | } | |
149 | return error; | |
150 | } | |
151 | ||
152 | return -EPERM; | |
153 | } | |
154 | ||
155 | static int system_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er) | |
156 | { | |
157 | if (GFS2_ACL_IS_ACCESS(er->er_name, er->er_name_len)) { | |
158 | int error = gfs2_acl_validate_remove(ip, 1); | |
159 | if (error) | |
160 | return error; | |
161 | ||
162 | } else if (GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len)) { | |
163 | int error = gfs2_acl_validate_remove(ip, 0); | |
164 | if (error) | |
165 | return error; | |
166 | ||
167 | } else | |
168 | return -EPERM; | |
169 | ||
170 | return gfs2_ea_remove_i(ip, er); | |
171 | } | |
172 | ||
639b6d79 RH |
173 | static int security_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er) |
174 | { | |
feaa7bba | 175 | struct inode *inode = &ip->i_inode; |
639b6d79 RH |
176 | int error = permission(inode, MAY_READ, NULL); |
177 | if (error) | |
178 | return error; | |
179 | ||
180 | return gfs2_ea_get_i(ip, er); | |
181 | } | |
182 | ||
183 | static int security_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er) | |
184 | { | |
feaa7bba | 185 | struct inode *inode = &ip->i_inode; |
639b6d79 RH |
186 | int error = permission(inode, MAY_WRITE, NULL); |
187 | if (error) | |
188 | return error; | |
189 | ||
190 | return gfs2_ea_set_i(ip, er); | |
191 | } | |
192 | ||
193 | static int security_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er) | |
194 | { | |
feaa7bba | 195 | struct inode *inode = &ip->i_inode; |
639b6d79 RH |
196 | int error = permission(inode, MAY_WRITE, NULL); |
197 | if (error) | |
198 | return error; | |
199 | ||
200 | return gfs2_ea_remove_i(ip, er); | |
201 | } | |
202 | ||
08bc2dbc | 203 | static struct gfs2_eattr_operations gfs2_user_eaops = { |
b3b94faa DT |
204 | .eo_get = user_eo_get, |
205 | .eo_set = user_eo_set, | |
206 | .eo_remove = user_eo_remove, | |
207 | .eo_name = "user", | |
208 | }; | |
209 | ||
210 | struct gfs2_eattr_operations gfs2_system_eaops = { | |
211 | .eo_get = system_eo_get, | |
212 | .eo_set = system_eo_set, | |
213 | .eo_remove = system_eo_remove, | |
214 | .eo_name = "system", | |
215 | }; | |
216 | ||
43f5d210 | 217 | static struct gfs2_eattr_operations gfs2_security_eaops = { |
639b6d79 RH |
218 | .eo_get = security_eo_get, |
219 | .eo_set = security_eo_set, | |
220 | .eo_remove = security_eo_remove, | |
221 | .eo_name = "security", | |
222 | }; | |
223 | ||
b3b94faa DT |
224 | struct gfs2_eattr_operations *gfs2_ea_ops[] = { |
225 | NULL, | |
226 | &gfs2_user_eaops, | |
227 | &gfs2_system_eaops, | |
e70409f5 | 228 | &gfs2_security_eaops, |
b3b94faa DT |
229 | }; |
230 |