int
xfs_acl_iaccess(
xfs_inode_t *ip,
mode_t mode,
cred_t *cr)
{
xfs_acl_t *acl;
int rval;
if (!(_ACL_ALLOC(acl)))
return -1;
/* If the file has no ACL return -1. */
rval = sizeof(xfs_acl_t);
if (xfs_attr_fetch(ip, SGI_ACL_FILE, SGI_ACL_FILE_SIZE,
(char *)acl, &rval, ATTR_ROOT | ATTR_KERNACCESS, cr)) {
_ACL_FREE(acl);
return -1;
}
xfs_acl_get_endian(acl);
/* If the file has an empty ACL return -1. */
if (acl->acl_cnt == XFS_ACL_NOT_PRESENT) {
_ACL_FREE(acl);
return -1;
}
/* Synchronize ACL with mode bits */
xfs_acl_sync_mode(ip->i_d.di_mode, acl);
rval = xfs_acl_access(ip->i_d.di_uid, ip->i_d.di_gid, acl, mode, cr);
_ACL_FREE(acl);
return rval;
}
int
xfs_acl_vset(
xfs_vnode_t *vp,
void *acl,
size_t size,
int kind)
{
posix_acl_xattr_header *ext_acl = acl;
xfs_acl_t *xfs_acl;
int error;
int basicperms = 0; /* more than std unix perms? */
if (!acl)
return -EINVAL;
if (!(_ACL_ALLOC(xfs_acl)))
return -ENOMEM;
error = posix_acl_xattr_to_xfs(ext_acl, size, xfs_acl);
if (error) {
_ACL_FREE(xfs_acl);
return -error;
}
if (!xfs_acl->acl_cnt) {
_ACL_FREE(xfs_acl);
return 0;
}
VN_HOLD(vp);
error = xfs_acl_allow_set(vp, kind);
if (error)
goto out;
/* Incoming ACL exists, set file mode based on its value */
if (kind == _ACL_TYPE_ACCESS)
xfs_acl_setmode(vp, xfs_acl, &basicperms);
/*
* If we have more than std unix permissions, set up the actual attr.
* Otherwise, delete any existing attr. This prevents us from
* having actual attrs for permissions that can be stored in the
* standard permission bits.
*/
if (!basicperms) {
xfs_acl_set_attr(vp, xfs_acl, kind, &error);
} else {
xfs_acl_vremove(vp, _ACL_TYPE_ACCESS);
}
out:
VN_RELE(vp);
_ACL_FREE(xfs_acl);
return -error;
}
/*
* Set the EA with the ACL and do endian conversion.
*/
STATIC void
xfs_acl_set_attr(
xfs_vnode_t *vp,
xfs_acl_t *aclp,
int kind,
int *error)
{
xfs_acl_entry_t *ace, *newace, *end;
xfs_acl_t *newacl;
int len;
if (!(_ACL_ALLOC(newacl))) {
*error = ENOMEM;
return;
}
len = sizeof(xfs_acl_t) -
(sizeof(xfs_acl_entry_t) * (XFS_ACL_MAX_ENTRIES - aclp->acl_cnt));
end = &aclp->acl_entry[0]+aclp->acl_cnt;
for (ace = &aclp->acl_entry[0], newace = &newacl->acl_entry[0];
ace < end;
ace++, newace++) {
INT_SET(newace->ae_tag, ARCH_CONVERT, ace->ae_tag);
INT_SET(newace->ae_id, ARCH_CONVERT, ace->ae_id);
INT_SET(newace->ae_perm, ARCH_CONVERT, ace->ae_perm);
}
INT_SET(newacl->acl_cnt, ARCH_CONVERT, aclp->acl_cnt);
XVOP_ATTR_SET(vp,
kind == _ACL_TYPE_ACCESS ? SGI_ACL_FILE: SGI_ACL_DEFAULT,
(char *)newacl, len, ATTR_ROOT, sys_cred, *error);
_ACL_FREE(newacl);
}
int
xfs_acl_vget(
xfs_vnode_t *vp,
void *acl,
size_t size,
int kind)
{
int error;
xfs_acl_t *xfs_acl = NULL;
posix_acl_xattr_header *ext_acl = acl;
int flags = 0;
VN_HOLD(vp);
if(size) {
if (!(_ACL_ALLOC(xfs_acl))) {
error = ENOMEM;
goto out;
}
memset(xfs_acl, 0, sizeof(xfs_acl_t));
} else
flags = ATTR_KERNOVAL;
xfs_acl_get_attr(vp, xfs_acl, kind, flags, &error);
if (error)
goto out;
if (!size) {
error = -posix_acl_xattr_size(XFS_ACL_MAX_ENTRIES);
} else {
if (xfs_acl_invalid(xfs_acl)) {
error = EINVAL;
goto out;
}
if (kind == _ACL_TYPE_ACCESS) {
xfs_vattr_t va;
va.va_mask = XFS_AT_MODE;
XVOP_GETATTR(vp, &va, 0, sys_cred, error);
if (error)
goto out;
xfs_acl_sync_mode(va.va_mode, xfs_acl);
}
error = -posix_acl_xfs_to_xattr(xfs_acl, ext_acl, size);
}
out:
VN_RELE(vp);
if(xfs_acl)
_ACL_FREE(xfs_acl);
return -error;
}
/*
* This function retrieves the parent directory's acl, processes it
* and lets the child inherit the acl(s) that it should.
*/
int
xfs_acl_inherit(
xfs_vnode_t *vp,
xfs_vattr_t *vap,
xfs_acl_t *pdaclp)
{
xfs_acl_t *cacl;
int error = 0;
int basicperms = 0;
/*
* If the parent does not have a default ACL, or it's an
* invalid ACL, we're done.
*/
if (!vp)
return 0;
if (!pdaclp || xfs_acl_invalid(pdaclp))
return 0;
/*
* Copy the default ACL of the containing directory to
* the access ACL of the new file and use the mode that
* was passed in to set up the correct initial values for
* the u::,g::[m::], and o:: entries. This is what makes
* umask() "work" with ACL's.
*/
if (!(_ACL_ALLOC(cacl)))
return ENOMEM;
memcpy(cacl, pdaclp, sizeof(xfs_acl_t));
xfs_acl_filter_mode(vap->va_mode, cacl);
xfs_acl_setmode(vp, cacl, &basicperms);
/*
* Set the Default and Access ACL on the file. The mode is already
* set on the file, so we don't need to worry about that.
*
* If the new file is a directory, its default ACL is a copy of
* the containing directory's default ACL.
*/
if (VN_ISDIR(vp))
xfs_acl_set_attr(vp, pdaclp, _ACL_TYPE_DEFAULT, &error);
if (!error && !basicperms)
xfs_acl_set_attr(vp, cacl, _ACL_TYPE_ACCESS, &error);
_ACL_FREE(cacl);
return error;
}
STATIC int
linvfs_mknod(
struct inode *dir,
struct dentry *dentry,
int mode,
int rdev)
{
struct inode *ip;
vattr_t va;
vnode_t *vp = NULL, *dvp = LINVFS_GET_VP(dir);
xfs_acl_t *default_acl = NULL;
attrexists_t test_default_acl = _ACL_DEFAULT_EXISTS;
int error;
if (test_default_acl && test_default_acl(dvp)) {
if (!_ACL_ALLOC(default_acl))
return -ENOMEM;
if (!_ACL_GET_DEFAULT(dvp, default_acl)) {
_ACL_FREE(default_acl);
default_acl = NULL;
}
}
#ifdef CONFIG_XFS_POSIX_ACL
/*
* Conditionally compiled so that the ACL base kernel changes can be
* split out into separate patches - remove this once MS_POSIXACL is
* accepted, or some other way to implement this exists.
*/
if (IS_POSIXACL(dir) && !default_acl && has_fs_struct(current))
mode &= ~current->fs->umask;
#endif
memset(&va, 0, sizeof(va));
va.va_mask = XFS_AT_TYPE|XFS_AT_MODE;
va.va_type = IFTOVT(mode);
va.va_mode = mode;
switch (mode & S_IFMT) {
case S_IFCHR: case S_IFBLK: case S_IFIFO: case S_IFSOCK:
va.va_rdev = XFS_MKDEV(MAJOR(rdev), MINOR(rdev));
va.va_mask |= XFS_AT_RDEV;
/*FALLTHROUGH*/
case S_IFREG:
VOP_CREATE(dvp, dentry, &va, &vp, NULL, error);
break;
case S_IFDIR:
VOP_MKDIR(dvp, dentry, &va, &vp, NULL, error);
break;
default:
error = EINVAL;
break;
}
if (default_acl) {
if (!error) {
error = _ACL_INHERIT(vp, &va, default_acl);
if (!error) {
VMODIFY(vp);
} else {
struct dentry teardown = {};
int err2;
/* Oh, the horror.
* If we can't add the ACL we must back out.
* ENOSPC can hit here, among other things.
*/
teardown.d_inode = ip = LINVFS_GET_IP(vp);
teardown.d_name = dentry->d_name;
vn_mark_bad(vp);
if (S_ISDIR(mode))
VOP_RMDIR(dvp, &teardown, NULL, err2);
else
VOP_REMOVE(dvp, &teardown, NULL, err2);
VN_RELE(vp);
}
}
_ACL_FREE(default_acl);
}
if (!error) {
ASSERT(vp);
ip = LINVFS_GET_IP(vp);
if (S_ISCHR(mode) || S_ISBLK(mode))
ip->i_rdev = to_kdev_t(rdev);
else if (S_ISDIR(mode))
validate_fields(ip);
d_instantiate(dentry, ip);
validate_fields(dir);
}
return -error;
}
STATIC int
xfs_vn_mknod(
struct inode *dir,
struct dentry *dentry,
int mode,
dev_t rdev)
{
struct inode *ip;
bhv_vnode_t *vp = NULL, *dvp = vn_from_inode(dir);
xfs_acl_t *default_acl = NULL;
attrexists_t test_default_acl = _ACL_DEFAULT_EXISTS;
int error;
/*
* Irix uses Missed'em'V split, but doesn't want to see
* the upper 5 bits of (14bit) major.
*/
if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff))
return -EINVAL;
if (unlikely(test_default_acl && test_default_acl(dvp))) {
if (!_ACL_ALLOC(default_acl)) {
return -ENOMEM;
}
if (!_ACL_GET_DEFAULT(dvp, default_acl)) {
_ACL_FREE(default_acl);
default_acl = NULL;
}
}
if (IS_POSIXACL(dir) && !default_acl && xfs_has_fs_struct(current))
mode &= ~current->fs->umask;
switch (mode & S_IFMT) {
case S_IFCHR: case S_IFBLK: case S_IFIFO: case S_IFSOCK:
rdev = sysv_encode_dev(rdev);
case S_IFREG:
error = xfs_create(XFS_I(dir), dentry, mode, rdev, &vp, NULL);
break;
case S_IFDIR:
error = xfs_mkdir(XFS_I(dir), dentry, mode, &vp, NULL);
break;
default:
error = EINVAL;
break;
}
if (unlikely(!error)) {
error = xfs_init_security(vp, dir);
if (error)
xfs_cleanup_inode(dir, vp, dentry, mode);
}
if (unlikely(default_acl)) {
if (!error) {
error = _ACL_INHERIT(vp, mode, default_acl);
if (!error)
xfs_iflags_set(XFS_I(vp), XFS_IMODIFIED);
else
xfs_cleanup_inode(dir, vp, dentry, mode);
}
_ACL_FREE(default_acl);
}
if (likely(!error)) {
ASSERT(vp);
ip = vn_to_inode(vp);
if (S_ISDIR(mode))
xfs_validate_fields(ip);
d_instantiate(dentry, ip);
xfs_validate_fields(dir);
}
return -error;
}
STATIC int
xfs_vn_mknod(
struct inode *dir,
struct dentry *dentry,
int mode,
dev_t rdev)
{
struct inode *inode;
struct xfs_inode *ip = NULL;
xfs_acl_t *default_acl = NULL;
struct xfs_name name;
int (*test_default_acl)(struct inode *) = _ACL_DEFAULT_EXISTS;
int error;
/*
* Irix uses Missed'em'V split, but doesn't want to see
* the upper 5 bits of (14bit) major.
*/
if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff))
return -EINVAL;
if (test_default_acl && test_default_acl(dir)) {
if (!_ACL_ALLOC(default_acl)) {
return -ENOMEM;
}
if (!_ACL_GET_DEFAULT(dir, default_acl)) {
_ACL_FREE(default_acl);
default_acl = NULL;
}
}
xfs_dentry_to_name(&name, dentry);
if (IS_POSIXACL(dir) && !default_acl)
mode &= ~current->fs->umask;
switch (mode & S_IFMT) {
case S_IFCHR:
case S_IFBLK:
case S_IFIFO:
case S_IFSOCK:
rdev = sysv_encode_dev(rdev);
case S_IFREG:
error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip, NULL);
break;
case S_IFDIR:
error = xfs_mkdir(XFS_I(dir), &name, mode, &ip, NULL);
break;
default:
error = EINVAL;
break;
}
if (unlikely(error))
goto out_free_acl;
inode = VFS_I(ip);
error = xfs_init_security(inode, dir);
if (unlikely(error))
goto out_cleanup_inode;
if (default_acl) {
error = _ACL_INHERIT(inode, mode, default_acl);
if (unlikely(error))
goto out_cleanup_inode;
_ACL_FREE(default_acl);
}
d_instantiate(dentry, inode);
return -error;
out_cleanup_inode:
xfs_cleanup_inode(dir, inode, dentry);
out_free_acl:
if (default_acl)
_ACL_FREE(default_acl);
return -error;
}
STATIC int
linvfs_mknod(
struct inode *dir,
struct dentry *dentry,
int mode,
int rdev)
{
struct inode *ip;
vattr_t va;
vnode_t *vp = NULL, *dvp = LINVFS_GET_VP(dir);
xattr_exists_t test_default_acl = _ACL_DEFAULT_EXISTS;
int have_default_acl = 0;
int error = EINVAL;
if (test_default_acl)
have_default_acl = test_default_acl(dvp);
#ifdef CONFIG_FS_POSIX_ACL
/*
* Conditionally compiled so that the ACL base kernel changes can be
* split out into separate patches - remove this once MS_POSIXACL is
* accepted, or some other way to implement this exists.
*/
if (IS_POSIXACL(dir) && !have_default_acl && has_fs_struct(current))
mode &= ~current->fs->umask;
#endif
bzero(&va, sizeof(va));
va.va_mask = AT_TYPE|AT_MODE;
va.va_type = IFTOVT(mode);
va.va_mode = mode;
switch (mode & S_IFMT) {
case S_IFCHR: case S_IFBLK: case S_IFIFO: case S_IFSOCK:
va.va_rdev = rdev;
va.va_mask |= AT_RDEV;
/*FALLTHROUGH*/
case S_IFREG:
VOP_CREATE(dvp, dentry, &va, &vp, NULL, error);
break;
case S_IFDIR:
VOP_MKDIR(dvp, dentry, &va, &vp, NULL, error);
break;
default:
error = EINVAL;
break;
}
if (!error) {
ASSERT(vp);
ip = LINVFS_GET_IP(vp);
if (!ip) {
VN_RELE(vp);
return -ENOMEM;
}
if (S_ISCHR(mode) || S_ISBLK(mode))
ip->i_rdev = to_kdev_t(rdev);
/* linvfs_revalidate_core returns (-) errors */
error = -linvfs_revalidate_core(ip, ATTR_COMM);
validate_fields(dir);
d_instantiate(dentry, ip);
mark_inode_dirty_sync(ip);
mark_inode_dirty_sync(dir);
}
if (!error && have_default_acl) {
_ACL_DECL (pdacl);
if (!_ACL_ALLOC(pdacl)) {
error = -ENOMEM;
} else {
if (_ACL_GET_DEFAULT(dvp, pdacl))
error = _ACL_INHERIT(vp, &va, pdacl);
VMODIFY(vp);
_ACL_FREE(pdacl);
}
}
return -error;
}
STATIC int
linvfs_mknod(
struct inode *dir,
struct dentry *dentry,
int mode,
dev_t rdev)
{
struct inode *ip;
vattr_t va;
vnode_t *vp = NULL, *dvp = LINVFS_GET_VP(dir);
xfs_acl_t *default_acl = NULL;
attrexists_t test_default_acl = _ACL_DEFAULT_EXISTS;
int error;
/*
* Irix uses Missed'em'V split, but doesn't want to see
* the upper 5 bits of (14bit) major.
*/
if (!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)
return -EINVAL;
if (test_default_acl && test_default_acl(dvp)) {
if (!_ACL_ALLOC(default_acl))
return -ENOMEM;
if (!_ACL_GET_DEFAULT(dvp, default_acl)) {
_ACL_FREE(default_acl);
default_acl = NULL;
}
}
if (IS_POSIXACL(dir) && !default_acl && has_fs_struct(current))
mode &= ~current->fs->umask;
memset(&va, 0, sizeof(va));
va.va_mask = XFS_AT_TYPE|XFS_AT_MODE;
va.va_mode = mode;
switch (mode & S_IFMT) {
case S_IFCHR: case S_IFBLK: case S_IFIFO: case S_IFSOCK:
va.va_rdev = sysv_encode_dev(rdev);
va.va_mask |= XFS_AT_RDEV;
/*FALLTHROUGH*/
case S_IFREG:
VOP_CREATE(dvp, dentry, &va, &vp, NULL, error);
break;
case S_IFDIR:
VOP_MKDIR(dvp, dentry, &va, &vp, NULL, error);
break;
default:
error = EINVAL;
break;
}
if (!error)
{
error = linvfs_init_security(vp, dir);
if (error)
cleanup_inode(dvp, vp, dentry, mode);
}
if (default_acl) {
if (!error) {
error = _ACL_INHERIT(vp, &va, default_acl);
if (!error)
VMODIFY(vp);
else
cleanup_inode(dvp, vp, dentry, mode);
}
_ACL_FREE(default_acl);
}
if (!error) {
ASSERT(vp);
ip = LINVFS_GET_IP(vp);
if (S_ISCHR(mode) || S_ISBLK(mode))
ip->i_rdev = rdev;
else if (S_ISDIR(mode))
validate_fields(ip);
d_instantiate(dentry, ip);
validate_fields(dir);
}
return -error;
}