int jffs2_acl_chmod(struct inode *inode) { struct posix_acl *acl, *clone; int rc; if (S_ISLNK(inode->i_mode)) return -EOPNOTSUPP; acl = jffs2_get_acl(inode, ACL_TYPE_ACCESS); if (IS_ERR(acl) || !acl) return PTR_ERR(acl); clone = posix_acl_clone(acl, GFP_KERNEL); posix_acl_release(acl); if (!clone) return -ENOMEM; rc = posix_acl_chmod_masq(clone, inode->i_mode); if (!rc) rc = jffs2_set_acl(inode, ACL_TYPE_ACCESS, clone); posix_acl_release(clone); return rc; }
/* * No need for i_mutex because the inode is not yet exposed to the VFS. */ int xfs_inherit_acl(struct inode *inode, struct posix_acl *default_acl) { struct posix_acl *clone; mode_t mode; int error = 0, inherit = 0; if (S_ISDIR(inode->i_mode)) { error = xfs_set_acl(inode, ACL_TYPE_DEFAULT, default_acl); if (error) return error; } clone = posix_acl_clone(default_acl, GFP_KERNEL); if (!clone) return -ENOMEM; mode = inode->i_mode; error = posix_acl_create_masq(clone, &mode); if (error < 0) goto out_release_clone; /* * If posix_acl_create_masq returns a positive value we need to * inherit a permission that can't be represented using the Unix * mode bits and we actually need to set an ACL. */ if (error > 0) inherit = 1; error = xfs_set_mode(inode, mode); if (error) goto out_release_clone; if (inherit) error = xfs_set_acl(inode, ACL_TYPE_ACCESS, clone); out_release_clone: posix_acl_release(clone); return error; }
int f2fs_init_acl(struct inode *inode, struct inode *dir) { struct posix_acl *acl = NULL; mode_t mode; struct posix_acl *clone; struct f2fs_sb_info *sbi = F2FS_SB(dir->i_sb); int error = 0; if (!S_ISLNK(inode->i_mode)) { if (test_opt(sbi, POSIX_ACL)) { acl = f2fs_get_acl(dir, ACL_TYPE_DEFAULT); if (IS_ERR(acl)) return PTR_ERR(acl); } if (!acl) inode->i_mode &= ~current_umask(); } if (test_opt(sbi, POSIX_ACL) && acl) { if (S_ISDIR(inode->i_mode)) { error = f2fs_set_acl(inode, ACL_TYPE_DEFAULT, acl); if (error) goto cleanup; } //error = posix_acl_create(&acl, GFP_KERNEL, &inode->i_mode); clone = posix_acl_clone(acl, GFP_KERNEL); error = -ENOMEM; if (!clone) goto cleanup; mode = inode->i_mode; error = posix_acl_create_masq(clone, &mode); if (error < 0) return error; if (error > 0) error = f2fs_set_acl(inode, ACL_TYPE_ACCESS, acl); } cleanup: posix_acl_release(acl); return error; }
int jfs_init_acl(tid_t tid, struct inode *inode, struct inode *dir) { struct posix_acl *acl = NULL; struct posix_acl *clone; mode_t mode; int rc = 0; if (S_ISLNK(inode->i_mode)) return 0; acl = jfs_get_acl(dir, ACL_TYPE_DEFAULT); if (IS_ERR(acl)) return PTR_ERR(acl); if (acl) { if (S_ISDIR(inode->i_mode)) { rc = jfs_set_acl(tid, inode, ACL_TYPE_DEFAULT, acl); if (rc) goto cleanup; } clone = posix_acl_clone(acl, GFP_KERNEL); if (!clone) { rc = -ENOMEM; goto cleanup; } mode = inode->i_mode; rc = posix_acl_create_masq(clone, &mode); if (rc >= 0) { inode->i_mode = mode; if (rc > 0) rc = jfs_set_acl(tid, inode, ACL_TYPE_ACCESS, clone); } posix_acl_release(clone); cleanup: posix_acl_release(acl); } else inode->i_mode &= ~current->fs->umask; return rc; }
/** * generic_acl_chmod - change the access acl of @inode upon chmod() * @ops: FIlesystem specific getacl and setacl callbacks * * A chmod also changes the permissions of the owner, group/mask, and * other ACL entries. */ int generic_acl_chmod(struct inode *inode, struct generic_acl_operations *ops) { struct posix_acl *acl, *clone; int error = 0; if (S_ISLNK(inode->i_mode)) return -EOPNOTSUPP; acl = ops->getacl(inode, ACL_TYPE_ACCESS); if (acl) { clone = posix_acl_clone(acl, GFP_KERNEL); posix_acl_release(acl); if (!clone) return -ENOMEM; error = posix_acl_chmod_masq(clone, inode->i_mode); if (!error) ops->setacl(inode, ACL_TYPE_ACCESS, clone); posix_acl_release(clone); } return error; }
/* * Does chmod for an inode that may have an Access Control List. The * inode->i_mode field must be updated to the desired value by the caller * before calling this function. * Returns 0 on success, or a negative error number. * * We change the ACL rather than storing some ACL entries in the file * mode permission bits (which would be more efficient), because that * would break once additional permissions (like ACL_APPEND, ACL_DELETE * for directories) are added. There are no more bits available in the * file mode. * * inode->i_mutex: down */ int ext3_acl_chmod(struct inode *inode) { struct posix_acl *acl, *clone; int error; if (S_ISLNK(inode->i_mode)) return -EOPNOTSUPP; if (!test_opt(inode->i_sb, POSIX_ACL)) return 0; acl = ext3_get_acl(inode, ACL_TYPE_ACCESS); if (IS_ERR(acl) || !acl) return PTR_ERR(acl); clone = posix_acl_clone(acl, GFP_KERNEL); posix_acl_release(acl); if (!clone) return -ENOMEM; error = posix_acl_chmod_masq(clone, inode->i_mode); if (!error) { handle_t *handle; int retries = 0; retry: handle = ext3_journal_start(inode, EXT3_DATA_TRANS_BLOCKS(inode->i_sb)); if (IS_ERR(handle)) { error = PTR_ERR(handle); ext3_std_error(inode->i_sb, error); goto out; } error = ext3_set_acl(handle, inode, ACL_TYPE_ACCESS, clone); ext3_journal_stop(handle); if (error == -ENOSPC && ext3_should_retry_alloc(inode->i_sb, &retries)) goto retry; } out: posix_acl_release(clone); return error; }
int v9fs_acl_mode(struct inode *dir, mode_t *modep, struct posix_acl **dpacl, struct posix_acl **pacl) { int retval = 0; mode_t mode = *modep; struct posix_acl *acl = NULL; if (!S_ISLNK(mode)) { acl = v9fs_get_cached_acl(dir, ACL_TYPE_DEFAULT); if (IS_ERR(acl)) return PTR_ERR(acl); if (!acl) mode &= ~current_umask(); } if (acl) { struct posix_acl *clone; if (S_ISDIR(mode)) *dpacl = posix_acl_dup(acl); clone = posix_acl_clone(acl, GFP_NOFS); posix_acl_release(acl); if (!clone) return -ENOMEM; retval = posix_acl_create_masq(clone, &mode); if (retval < 0) { posix_acl_release(clone); goto cleanup; } if (retval > 0) *pacl = clone; else posix_acl_release(clone); } *modep = mode; return 0; cleanup: return retval; }
int jffs2_init_acl(struct inode *inode, struct inode *dir) { struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode); struct posix_acl *acl = NULL, *clone; mode_t mode; int rc = 0; f->i_acl_access = JFFS2_ACL_NOT_CACHED; f->i_acl_default = JFFS2_ACL_NOT_CACHED; if (!S_ISLNK(inode->i_mode)) { acl = jffs2_get_acl(dir, ACL_TYPE_DEFAULT); if (IS_ERR(acl)) return PTR_ERR(acl); if (!acl) inode->i_mode &= ~current->fs->umask; } if (acl) { if (S_ISDIR(inode->i_mode)) { rc = jffs2_set_acl(inode, ACL_TYPE_DEFAULT, acl); if (rc) goto cleanup; } clone = posix_acl_clone(acl, GFP_KERNEL); rc = -ENOMEM; if (!clone) goto cleanup; mode = inode->i_mode; rc = posix_acl_create_masq(clone, &mode); if (rc >= 0) { inode->i_mode = mode; if (rc > 0) rc = jffs2_set_acl(inode, ACL_TYPE_ACCESS, clone); } posix_acl_release(clone); } cleanup: posix_acl_release(acl); return rc; }
/* * Does chmod for an inode that may have an Access Control List. The * inode->i_mode field must be updated to the desired value by the caller * before calling this function. * Returns 0 on success, or a negative error number. * * We change the ACL rather than storing some ACL entries in the file * mode permission bits (which would be more efficient), because that * would break once additional permissions (like ACL_APPEND, ACL_DELETE * for directories) are added. There are no more bits available in the * file mode. * * inode->i_mutex: down */ int ext2_acl_chmod(struct inode *inode) { struct posix_acl *acl, *clone; int error; if (!test_opt(inode->i_sb, POSIX_ACL)) return 0; if (S_ISLNK(inode->i_mode)) return -EOPNOTSUPP; acl = ext2_get_acl(inode, ACL_TYPE_ACCESS); if (IS_ERR(acl) || !acl) return PTR_ERR(acl); clone = posix_acl_clone(acl, GFP_KERNEL); posix_acl_release(acl); if (!clone) return -ENOMEM; error = posix_acl_chmod_masq(clone, inode->i_mode); if (!error) error = ext2_set_acl(inode, ACL_TYPE_ACCESS, clone); posix_acl_release(clone); return error; }
int gfs2_acl_chmod(struct gfs2_inode *ip, struct iattr *attr) { struct posix_acl *acl, *clone; char *data; unsigned int len; int error; acl = gfs2_acl_get(ip, ACL_TYPE_ACCESS); if (IS_ERR(acl)) return PTR_ERR(acl); if (!acl) return gfs2_setattr_simple(ip, attr); clone = posix_acl_clone(acl, GFP_NOFS); error = -ENOMEM; if (!clone) goto out; posix_acl_release(acl); acl = clone; error = posix_acl_chmod_masq(acl, attr->ia_mode); if (!error) { len = posix_acl_to_xattr(acl, NULL, 0); data = kmalloc(len, GFP_NOFS); error = -ENOMEM; if (data == NULL) goto out; posix_acl_to_xattr(acl, data, len); error = gfs2_xattr_acl_chmod(ip, attr, data); kfree(data); set_cached_acl(&ip->i_inode, ACL_TYPE_ACCESS, acl); } out: posix_acl_release(acl); return error; }
int jffs2_init_acl_pre(struct inode *dir_i, struct inode *inode, int *i_mode) { struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode); struct posix_acl *acl, *clone; int rc; f->i_acl_default = NULL; f->i_acl_access = NULL; if (S_ISLNK(*i_mode)) return 0; /* Symlink always has no-ACL */ acl = jffs2_get_acl(dir_i, ACL_TYPE_DEFAULT); if (IS_ERR(acl)) return PTR_ERR(acl); if (!acl) { *i_mode &= ~current->fs->umask; } else { if (S_ISDIR(*i_mode)) jffs2_iset_acl(inode, &f->i_acl_default, acl); clone = posix_acl_clone(acl, GFP_KERNEL); if (!clone) return -ENOMEM; rc = posix_acl_create_masq(clone, (mode_t *)i_mode); if (rc < 0) { posix_acl_release(clone); return rc; } if (rc > 0) jffs2_iset_acl(inode, &f->i_acl_access, clone); posix_acl_release(clone); } return 0; }
/* dir->i_sem: down, * inode is new and not released into the wild yet */ int reiserfs_inherit_default_acl (struct inode *dir, struct dentry *dentry, struct inode *inode) { struct posix_acl *acl; int err = 0; /* ACLs only get applied to files and directories */ if (S_ISLNK (inode->i_mode)) return 0; /* ACLs can only be used on "new" objects, so if it's an old object * there is nothing to inherit from */ if (get_inode_sd_version (dir) == STAT_DATA_V1) goto apply_umask; /* Don't apply ACLs to objects in the .reiserfs_priv tree.. This * would be useless since permissions are ignored, and a pain because * it introduces locking cycles */ if (is_reiserfs_priv_object (dir)) { reiserfs_mark_inode_private (inode); goto apply_umask; } acl = reiserfs_get_acl (dir, ACL_TYPE_DEFAULT); if (IS_ERR (acl)) { if (PTR_ERR (acl) == -ENODATA) goto apply_umask; return PTR_ERR (acl); } if (acl) { struct posix_acl *acl_copy; mode_t mode = inode->i_mode; int need_acl; /* Copy the default ACL to the default ACL of a new directory */ if (S_ISDIR (inode->i_mode)) { err = reiserfs_set_acl (inode, ACL_TYPE_DEFAULT, acl); if (err) goto cleanup; } /* Now we reconcile the new ACL and the mode, potentially modifying both */ acl_copy = posix_acl_clone (acl, GFP_NOFS); if (!acl_copy) { err = -ENOMEM; goto cleanup; } need_acl = posix_acl_create_masq (acl_copy, &mode); if (need_acl >= 0) { if (mode != inode->i_mode) { inode->i_mode = mode; } /* If we need an ACL.. */ if (need_acl > 0) { err = reiserfs_set_acl (inode, ACL_TYPE_ACCESS, acl_copy); if (err) goto cleanup_copy; } } cleanup_copy: posix_acl_release (acl_copy); cleanup: posix_acl_release (acl); } else { apply_umask: /* no ACL, apply umask */ inode->i_mode &= ~current->fs->umask; } return err; }
/* * initialize the ACLs of a new inode. * This needs to be called from pvfs2_get_custom_inode. * Note that for the root of the PVFS2 file system, * dir will be NULL! For all others dir will be non-NULL * However, inode cannot be NULL! * Returns 0 on success and -ve number on failure. */ int pvfs2_init_acl(struct inode *inode, struct inode *dir) { struct posix_acl *acl = NULL; int error = 0; pvfs2_inode_t *pvfs2_inode = PVFS2_I(inode); if (dir == NULL) dir = inode; ClearModeFlag(pvfs2_inode); if (!S_ISLNK(inode->i_mode)) { if (get_acl_flag(inode) == 1) { acl = pvfs2_get_acl(dir, ACL_TYPE_DEFAULT); if (IS_ERR(acl)) { error = PTR_ERR(acl); gossip_err("pvfs2_get_acl (default) failed with error %d\n", error); return error; } } if (!acl && dir != inode) { int old_mode = inode->i_mode; inode->i_mode &= ~current->fs->umask; gossip_debug(GOSSIP_ACL_DEBUG, "inode->i_mode before %o and " "after %o\n", old_mode, inode->i_mode); if (old_mode != inode->i_mode) SetModeFlag(pvfs2_inode); } } if (get_acl_flag(inode) == 1 && acl) { struct posix_acl *clone; mode_t mode; if (S_ISDIR(inode->i_mode)) { error = pvfs2_set_acl(inode, ACL_TYPE_DEFAULT, acl); if (error) { gossip_err("pvfs2_set_acl (default) directory failed with " "error %d\n", error); ClearModeFlag(pvfs2_inode); goto cleanup; } } clone = posix_acl_clone(acl, GFP_KERNEL); error = -ENOMEM; if (!clone) { gossip_err("posix_acl_clone failed with ENOMEM\n"); ClearModeFlag(pvfs2_inode); goto cleanup; } mode = inode->i_mode; error = posix_acl_create_masq(clone, &mode); if (error >= 0) { gossip_debug(GOSSIP_ACL_DEBUG, "posix_acl_create_masq changed mode " "from %o to %o\n", inode->i_mode, mode); /* * Dont do a needless ->setattr() if mode has not changed */ if (inode->i_mode != mode) SetModeFlag(pvfs2_inode); inode->i_mode = mode; /* * if this is an ACL that cannot be captured by * the mode bits, go for the server! */ if (error > 0) { error = pvfs2_set_acl(inode, ACL_TYPE_ACCESS, clone); gossip_debug(GOSSIP_ACL_DEBUG, "pvfs2_set_acl (access) returned %d\n", error); } } posix_acl_release(clone); } /* If mode of the inode was changed, then do a forcible ->setattr */ if (ModeFlag(pvfs2_inode)) pvfs2_flush_inode(inode); cleanup: posix_acl_release(acl); return error; }
/* * Initialize the ACLs of a new inode. If parent directory has default ACL, * then clone to new inode. Called from ocfs2_mknod. */ int ocfs2_init_acl(handle_t *handle, struct inode *inode, struct inode *dir, struct buffer_head *di_bh, struct buffer_head *dir_bh, struct ocfs2_alloc_context *meta_ac, struct ocfs2_alloc_context *data_ac) { struct ocfs2_super *osb = OCFS2_SB(inode->i_sb); struct posix_acl *acl = NULL; int ret = 0, ret2; mode_t mode; if (!S_ISLNK(inode->i_mode)) { if (osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL) { acl = ocfs2_get_acl_nolock(dir, ACL_TYPE_DEFAULT, dir_bh); if (IS_ERR(acl)) return PTR_ERR(acl); } if (!acl) { mode = inode->i_mode & ~current_umask(); ret = ocfs2_acl_set_mode(inode, di_bh, handle, mode); if (ret) { mlog_errno(ret); goto cleanup; } } } if ((osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL) && acl) { struct posix_acl *clone; if (S_ISDIR(inode->i_mode)) { ret = ocfs2_set_acl(handle, inode, di_bh, ACL_TYPE_DEFAULT, acl, meta_ac, data_ac); if (ret) goto cleanup; } clone = posix_acl_clone(acl, GFP_NOFS); ret = -ENOMEM; if (!clone) goto cleanup; mode = inode->i_mode; ret = posix_acl_create_masq(clone, &mode); if (ret >= 0) { ret2 = ocfs2_acl_set_mode(inode, di_bh, handle, mode); if (ret2) { mlog_errno(ret2); ret = ret2; goto cleanup; } if (ret > 0) { ret = ocfs2_set_acl(handle, inode, di_bh, ACL_TYPE_ACCESS, clone, meta_ac, data_ac); } } posix_acl_release(clone); } cleanup: posix_acl_release(acl); return ret; }