4  * Copyright (C) 2001-2003 Andreas Gruenbacher, <agruen@suse.de>
 
   7 #include <linux/capability.h>
 
   8 #include <linux/init.h>
 
   9 #include <linux/sched.h>
 
  10 #include <linux/slab.h>
 
  17  * Convert from filesystem to in-memory representation.
 
  19 static struct posix_acl *
 
  20 ext2_acl_from_disk(const void *value, size_t size)
 
  22         const char *end = (char *)value + size;
 
  24         struct posix_acl *acl;
 
  28         if (size < sizeof(ext2_acl_header))
 
  29                  return ERR_PTR(-EINVAL);
 
  30         if (((ext2_acl_header *)value)->a_version !=
 
  31             cpu_to_le32(EXT2_ACL_VERSION))
 
  32                 return ERR_PTR(-EINVAL);
 
  33         value = (char *)value + sizeof(ext2_acl_header);
 
  34         count = ext2_acl_count(size);
 
  36                 return ERR_PTR(-EINVAL);
 
  39         acl = posix_acl_alloc(count, GFP_KERNEL);
 
  41                 return ERR_PTR(-ENOMEM);
 
  42         for (n=0; n < count; n++) {
 
  43                 ext2_acl_entry *entry =
 
  44                         (ext2_acl_entry *)value;
 
  45                 if ((char *)value + sizeof(ext2_acl_entry_short) > end)
 
  47                 acl->a_entries[n].e_tag  = le16_to_cpu(entry->e_tag);
 
  48                 acl->a_entries[n].e_perm = le16_to_cpu(entry->e_perm);
 
  49                 switch(acl->a_entries[n].e_tag) {
 
  54                                 value = (char *)value +
 
  55                                         sizeof(ext2_acl_entry_short);
 
  56                                 acl->a_entries[n].e_id = ACL_UNDEFINED_ID;
 
  61                                 value = (char *)value + sizeof(ext2_acl_entry);
 
  62                                 if ((char *)value > end)
 
  64                                 acl->a_entries[n].e_id =
 
  65                                         le32_to_cpu(entry->e_id);
 
  77         posix_acl_release(acl);
 
  78         return ERR_PTR(-EINVAL);
 
  82  * Convert from in-memory to filesystem representation.
 
  85 ext2_acl_to_disk(const struct posix_acl *acl, size_t *size)
 
  87         ext2_acl_header *ext_acl;
 
  91         *size = ext2_acl_size(acl->a_count);
 
  92         ext_acl = (ext2_acl_header *)kmalloc(sizeof(ext2_acl_header) +
 
  93                 acl->a_count * sizeof(ext2_acl_entry), GFP_KERNEL);
 
  95                 return ERR_PTR(-ENOMEM);
 
  96         ext_acl->a_version = cpu_to_le32(EXT2_ACL_VERSION);
 
  97         e = (char *)ext_acl + sizeof(ext2_acl_header);
 
  98         for (n=0; n < acl->a_count; n++) {
 
  99                 ext2_acl_entry *entry = (ext2_acl_entry *)e;
 
 100                 entry->e_tag  = cpu_to_le16(acl->a_entries[n].e_tag);
 
 101                 entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm);
 
 102                 switch(acl->a_entries[n].e_tag) {
 
 106                                         cpu_to_le32(acl->a_entries[n].e_id);
 
 107                                 e += sizeof(ext2_acl_entry);
 
 114                                 e += sizeof(ext2_acl_entry_short);
 
 121         return (char *)ext_acl;
 
 125         return ERR_PTR(-EINVAL);
 
 128 static inline struct posix_acl *
 
 129 ext2_iget_acl(struct inode *inode, struct posix_acl **i_acl)
 
 131         struct posix_acl *acl = EXT2_ACL_NOT_CACHED;
 
 133         spin_lock(&inode->i_lock);
 
 134         if (*i_acl != EXT2_ACL_NOT_CACHED)
 
 135                 acl = posix_acl_dup(*i_acl);
 
 136         spin_unlock(&inode->i_lock);
 
 142 ext2_iset_acl(struct inode *inode, struct posix_acl **i_acl,
 
 143                    struct posix_acl *acl)
 
 145         spin_lock(&inode->i_lock);
 
 146         if (*i_acl != EXT2_ACL_NOT_CACHED)
 
 147                 posix_acl_release(*i_acl);
 
 148         *i_acl = posix_acl_dup(acl);
 
 149         spin_unlock(&inode->i_lock);
 
 153  * inode->i_mutex: don't care
 
 155 static struct posix_acl *
 
 156 ext2_get_acl(struct inode *inode, int type)
 
 158         struct ext2_inode_info *ei = EXT2_I(inode);
 
 161         struct posix_acl *acl;
 
 164         if (!test_opt(inode->i_sb, POSIX_ACL))
 
 168                 case ACL_TYPE_ACCESS:
 
 169                         acl = ext2_iget_acl(inode, &ei->i_acl);
 
 170                         if (acl != EXT2_ACL_NOT_CACHED)
 
 172                         name_index = EXT2_XATTR_INDEX_POSIX_ACL_ACCESS;
 
 175                 case ACL_TYPE_DEFAULT:
 
 176                         acl = ext2_iget_acl(inode, &ei->i_default_acl);
 
 177                         if (acl != EXT2_ACL_NOT_CACHED)
 
 179                         name_index = EXT2_XATTR_INDEX_POSIX_ACL_DEFAULT;
 
 183                         return ERR_PTR(-EINVAL);
 
 185         retval = ext2_xattr_get(inode, name_index, "", NULL, 0);
 
 187                 value = kmalloc(retval, GFP_KERNEL);
 
 189                         return ERR_PTR(-ENOMEM);
 
 190                 retval = ext2_xattr_get(inode, name_index, "", value, retval);
 
 193                 acl = ext2_acl_from_disk(value, retval);
 
 194         else if (retval == -ENODATA || retval == -ENOSYS)
 
 197                 acl = ERR_PTR(retval);
 
 202                         case ACL_TYPE_ACCESS:
 
 203                                 ext2_iset_acl(inode, &ei->i_acl, acl);
 
 206                         case ACL_TYPE_DEFAULT:
 
 207                                 ext2_iset_acl(inode, &ei->i_default_acl, acl);
 
 215  * inode->i_mutex: down
 
 218 ext2_set_acl(struct inode *inode, int type, struct posix_acl *acl)
 
 220         struct ext2_inode_info *ei = EXT2_I(inode);
 
 226         if (S_ISLNK(inode->i_mode))
 
 228         if (!test_opt(inode->i_sb, POSIX_ACL))
 
 232                 case ACL_TYPE_ACCESS:
 
 233                         name_index = EXT2_XATTR_INDEX_POSIX_ACL_ACCESS;
 
 235                                 mode_t mode = inode->i_mode;
 
 236                                 error = posix_acl_equiv_mode(acl, &mode);
 
 240                                         inode->i_mode = mode;
 
 241                                         mark_inode_dirty(inode);
 
 248                 case ACL_TYPE_DEFAULT:
 
 249                         name_index = EXT2_XATTR_INDEX_POSIX_ACL_DEFAULT;
 
 250                         if (!S_ISDIR(inode->i_mode))
 
 251                                 return acl ? -EACCES : 0;
 
 258                 value = ext2_acl_to_disk(acl, &size);
 
 260                         return (int)PTR_ERR(value);
 
 263         error = ext2_xattr_set(inode, name_index, "", value, size, 0);
 
 268                         case ACL_TYPE_ACCESS:
 
 269                                 ext2_iset_acl(inode, &ei->i_acl, acl);
 
 272                         case ACL_TYPE_DEFAULT:
 
 273                                 ext2_iset_acl(inode, &ei->i_default_acl, acl);
 
 281 ext2_check_acl(struct inode *inode, int mask)
 
 283         struct posix_acl *acl = ext2_get_acl(inode, ACL_TYPE_ACCESS);
 
 288                 int error = posix_acl_permission(inode, acl, mask);
 
 289                 posix_acl_release(acl);
 
 297 ext2_permission(struct inode *inode, int mask, struct nameidata *nd)
 
 299         return generic_permission(inode, mask, ext2_check_acl);
 
 303  * Initialize the ACLs of a new inode. Called from ext2_new_inode.
 
 306  * inode->i_mutex: up (access to inode is still exclusive)
 
 309 ext2_init_acl(struct inode *inode, struct inode *dir)
 
 311         struct posix_acl *acl = NULL;
 
 314         if (!S_ISLNK(inode->i_mode)) {
 
 315                 if (test_opt(dir->i_sb, POSIX_ACL)) {
 
 316                         acl = ext2_get_acl(dir, ACL_TYPE_DEFAULT);
 
 321                         inode->i_mode &= ~current->fs->umask;
 
 323         if (test_opt(inode->i_sb, POSIX_ACL) && acl) {
 
 324                struct posix_acl *clone;
 
 327                 if (S_ISDIR(inode->i_mode)) {
 
 328                         error = ext2_set_acl(inode, ACL_TYPE_DEFAULT, acl);
 
 332                 clone = posix_acl_clone(acl, GFP_KERNEL);
 
 336                 mode = inode->i_mode;
 
 337                 error = posix_acl_create_masq(clone, &mode);
 
 339                         inode->i_mode = mode;
 
 341                                 /* This is an extended ACL */
 
 342                                 error = ext2_set_acl(inode,
 
 343                                                      ACL_TYPE_ACCESS, clone);
 
 346                 posix_acl_release(clone);
 
 349        posix_acl_release(acl);
 
 354  * Does chmod for an inode that may have an Access Control List. The
 
 355  * inode->i_mode field must be updated to the desired value by the caller
 
 356  * before calling this function.
 
 357  * Returns 0 on success, or a negative error number.
 
 359  * We change the ACL rather than storing some ACL entries in the file
 
 360  * mode permission bits (which would be more efficient), because that
 
 361  * would break once additional permissions (like  ACL_APPEND, ACL_DELETE
 
 362  * for directories) are added. There are no more bits available in the
 
 365  * inode->i_mutex: down
 
 368 ext2_acl_chmod(struct inode *inode)
 
 370         struct posix_acl *acl, *clone;
 
 373         if (!test_opt(inode->i_sb, POSIX_ACL))
 
 375         if (S_ISLNK(inode->i_mode))
 
 377         acl = ext2_get_acl(inode, ACL_TYPE_ACCESS);
 
 378         if (IS_ERR(acl) || !acl)
 
 380         clone = posix_acl_clone(acl, GFP_KERNEL);
 
 381         posix_acl_release(acl);
 
 384         error = posix_acl_chmod_masq(clone, inode->i_mode);
 
 386                 error = ext2_set_acl(inode, ACL_TYPE_ACCESS, clone);
 
 387         posix_acl_release(clone);
 
 392  * Extended attribut handlers
 
 395 ext2_xattr_list_acl_access(struct inode *inode, char *list, size_t list_size,
 
 396                            const char *name, size_t name_len)
 
 398         const size_t size = sizeof(POSIX_ACL_XATTR_ACCESS);
 
 400         if (!test_opt(inode->i_sb, POSIX_ACL))
 
 402         if (list && size <= list_size)
 
 403                 memcpy(list, POSIX_ACL_XATTR_ACCESS, size);
 
 408 ext2_xattr_list_acl_default(struct inode *inode, char *list, size_t list_size,
 
 409                             const char *name, size_t name_len)
 
 411         const size_t size = sizeof(POSIX_ACL_XATTR_DEFAULT);
 
 413         if (!test_opt(inode->i_sb, POSIX_ACL))
 
 415         if (list && size <= list_size)
 
 416                 memcpy(list, POSIX_ACL_XATTR_DEFAULT, size);
 
 421 ext2_xattr_get_acl(struct inode *inode, int type, void *buffer, size_t size)
 
 423         struct posix_acl *acl;
 
 426         if (!test_opt(inode->i_sb, POSIX_ACL))
 
 429         acl = ext2_get_acl(inode, type);
 
 434         error = posix_acl_to_xattr(acl, buffer, size);
 
 435         posix_acl_release(acl);
 
 441 ext2_xattr_get_acl_access(struct inode *inode, const char *name,
 
 442                           void *buffer, size_t size)
 
 444         if (strcmp(name, "") != 0)
 
 446         return ext2_xattr_get_acl(inode, ACL_TYPE_ACCESS, buffer, size);
 
 450 ext2_xattr_get_acl_default(struct inode *inode, const char *name,
 
 451                            void *buffer, size_t size)
 
 453         if (strcmp(name, "") != 0)
 
 455         return ext2_xattr_get_acl(inode, ACL_TYPE_DEFAULT, buffer, size);
 
 459 ext2_xattr_set_acl(struct inode *inode, int type, const void *value,
 
 462         struct posix_acl *acl;
 
 465         if (!test_opt(inode->i_sb, POSIX_ACL))
 
 467         if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
 
 471                 acl = posix_acl_from_xattr(value, size);
 
 475                         error = posix_acl_valid(acl);
 
 477                                 goto release_and_out;
 
 482         error = ext2_set_acl(inode, type, acl);
 
 485         posix_acl_release(acl);
 
 490 ext2_xattr_set_acl_access(struct inode *inode, const char *name,
 
 491                           const void *value, size_t size, int flags)
 
 493         if (strcmp(name, "") != 0)
 
 495         return ext2_xattr_set_acl(inode, ACL_TYPE_ACCESS, value, size);
 
 499 ext2_xattr_set_acl_default(struct inode *inode, const char *name,
 
 500                            const void *value, size_t size, int flags)
 
 502         if (strcmp(name, "") != 0)
 
 504         return ext2_xattr_set_acl(inode, ACL_TYPE_DEFAULT, value, size);
 
 507 struct xattr_handler ext2_xattr_acl_access_handler = {
 
 508         .prefix = POSIX_ACL_XATTR_ACCESS,
 
 509         .list   = ext2_xattr_list_acl_access,
 
 510         .get    = ext2_xattr_get_acl_access,
 
 511         .set    = ext2_xattr_set_acl_access,
 
 514 struct xattr_handler ext2_xattr_acl_default_handler = {
 
 515         .prefix = POSIX_ACL_XATTR_DEFAULT,
 
 516         .list   = ext2_xattr_list_acl_default,
 
 517         .get    = ext2_xattr_get_acl_default,
 
 518         .set    = ext2_xattr_set_acl_default,