static struct bus1_user *
bus1_user_new(struct bus1_domain_info *domain_info, kuid_t uid)
{
struct bus1_user *u;
if (WARN_ON(!uid_valid(uid)))
return ERR_PTR(-EINVAL);
u = kmalloc(sizeof(*u), GFP_KERNEL);
if (!u)
return ERR_PTR(-ENOMEM);
kref_init(&u->ref);
/*
* User objects must be released *entirely* before the parent domain
* is. As such, the domain pointer here is always valid and can be
* dereferenced without any protection.
*/
u->uid = uid;
u->id = BUS1_INTERNAL_UID_INVALID;
u->domain_info = domain_info;
atomic_set(&u->fds_inflight, 0);
return u;
}
static int chown_common(struct path *path, uid_t user, gid_t group)
{
struct inode *inode = path->dentry->d_inode;
int error;
struct iattr newattrs;
kuid_t uid;
kgid_t gid;
uid = make_kuid(current_user_ns(), user);
gid = make_kgid(current_user_ns(), group);
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
if (!uid_valid(uid))
return -EINVAL;
newattrs.ia_valid |= ATTR_UID;
newattrs.ia_uid = uid;
}
if (group != (gid_t) -1) {
if (!gid_valid(gid))
return -EINVAL;
newattrs.ia_valid |= ATTR_GID;
newattrs.ia_gid = gid;
}
if (!S_ISDIR(inode->i_mode))
newattrs.ia_valid |=
ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
mutex_lock(&inode->i_mutex);
error = security_path_chown(path, uid, gid);
if (!error)
error = notify_change(path->dentry, &newattrs);
mutex_unlock(&inode->i_mutex);
return error;
}
static int ovl_whiteout(struct dentry *upperdir, struct dentry *dentry)
{
int err;
struct dentry *newdentry;
const struct cred *old_cred;
struct cred *override_cred;
/* FIXME: recheck lower dentry to see if whiteout is really needed */
err = -ENOMEM;
override_cred = ovl_prepare_creds(dentry->d_sb);
if (!override_cred)
goto out;
override_cred->fsuid = make_kuid(override_cred->user_ns, 0);
if (!uid_valid(override_cred->fsuid))
override_cred->fsuid = GLOBAL_ROOT_UID;
override_cred->fsgid = make_kgid(override_cred->user_ns, 0);
if (!gid_valid(override_cred->fsgid))
override_cred->fsgid = GLOBAL_ROOT_GID;
old_cred = override_creds(override_cred);
newdentry = lookup_one_len(dentry->d_name.name, upperdir,
dentry->d_name.len);
err = PTR_ERR(newdentry);
if (IS_ERR(newdentry))
goto out_put_cred;
/* Just been removed within the same locked region */
WARN_ON(newdentry->d_inode);
err = vfs_symlink(upperdir->d_inode, newdentry, ovl_whiteout_symlink);
if (err)
goto out_dput;
ovl_dentry_version_inc(dentry->d_parent);
err = ovl_do_setxattr(newdentry, ovl_whiteout_xattr, "y", 1, 0);
if (err)
vfs_unlink(upperdir->d_inode, newdentry, NULL);
out_dput:
dput(newdentry);
out_put_cred:
revert_creds(old_cred);
put_cred(override_cred);
out:
if (err) {
/*
* There's no way to recover from failure to whiteout.
* What should we do? Log a big fat error and... ?
*/
pr_err("overlayfs: ERROR - failed to whiteout '%s'\n",
dentry->d_name.name);
}
return err;
}
static int mknod_ptmx(struct super_block *sb)
{
int mode;
int rc = -ENOMEM;
struct dentry *dentry;
struct inode *inode;
struct dentry *root = sb->s_root;
struct pts_fs_info *fsi = DEVPTS_SB(sb);
struct pts_mount_opts *opts = &fsi->mount_opts;
kuid_t root_uid;
kgid_t root_gid;
root_uid = make_kuid(current_user_ns(), 0);
root_gid = make_kgid(current_user_ns(), 0);
if (!uid_valid(root_uid) || !gid_valid(root_gid))
return -EINVAL;
mutex_lock(&root->d_inode->i_mutex);
/* If we have already created ptmx node, return */
if (fsi->ptmx_dentry) {
rc = 0;
goto out;
}
dentry = d_alloc_name(root, "ptmx");
if (!dentry) {
printk(KERN_NOTICE "Unable to alloc dentry for ptmx node\n");
goto out;
}
/*
* Create a new 'ptmx' node in this mount of devpts.
*/
inode = new_inode(sb);
if (!inode) {
printk(KERN_ERR "Unable to alloc inode for ptmx node\n");
dput(dentry);
goto out;
}
inode->i_ino = 2;
inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
mode = S_IFCHR|opts->ptmxmode;
init_special_inode(inode, mode, MKDEV(TTYAUX_MAJOR, 2));
inode->i_uid = root_uid;
inode->i_gid = root_gid;
d_add(dentry, inode);
fsi->ptmx_dentry = dentry;
rc = 0;
out:
mutex_unlock(&root->d_inode->i_mutex);
return rc;
}
static __be32 *
decode_sattr(__be32 *p, struct iattr *iap)
{
u32 tmp, tmp1;
iap->ia_valid = 0;
/* Sun client bug compatibility check: some sun clients seem to
* put 0xffff in the mode field when they mean 0xffffffff.
* Quoting the 4.4BSD nfs server code: Nah nah nah nah na nah.
*/
if ((tmp = ntohl(*p++)) != (u32)-1 && tmp != 0xffff) {
iap->ia_valid |= ATTR_MODE;
iap->ia_mode = tmp;
}
if ((tmp = ntohl(*p++)) != (u32)-1) {
iap->ia_uid = make_kuid(&init_user_ns, tmp);
if (uid_valid(iap->ia_uid))
iap->ia_valid |= ATTR_UID;
}
if ((tmp = ntohl(*p++)) != (u32)-1) {
iap->ia_gid = make_kgid(&init_user_ns, tmp);
if (gid_valid(iap->ia_gid))
iap->ia_valid |= ATTR_GID;
}
if ((tmp = ntohl(*p++)) != (u32)-1) {
iap->ia_valid |= ATTR_SIZE;
iap->ia_size = tmp;
}
tmp = ntohl(*p++); tmp1 = ntohl(*p++);
if (tmp != (u32)-1 && tmp1 != (u32)-1) {
iap->ia_valid |= ATTR_ATIME | ATTR_ATIME_SET;
iap->ia_atime.tv_sec = tmp;
iap->ia_atime.tv_nsec = tmp1 * 1000;
}
tmp = ntohl(*p++); tmp1 = ntohl(*p++);
if (tmp != (u32)-1 && tmp1 != (u32)-1) {
iap->ia_valid |= ATTR_MTIME | ATTR_MTIME_SET;
iap->ia_mtime.tv_sec = tmp;
iap->ia_mtime.tv_nsec = tmp1 * 1000;
/*
* Passing the invalid value useconds=1000000 for mtime
* is a Sun convention for "set both mtime and atime to
* current server time". It's needed to make permissions
* checks for the "touch" program across v2 mounts to
* Solaris and Irix boxes work correctly. See description of
* sattr in section 6.1 of "NFS Illustrated" by
* Brent Callaghan, Addison-Wesley, ISBN 0-201-32750-5
*/
if (tmp1 == 1000000)
iap->ia_valid &= ~(ATTR_ATIME_SET|ATTR_MTIME_SET);
}
return p;
}
static int parse_options(char *options, struct omfs_sb_info *sbi)
{
char *p;
substring_t args[MAX_OPT_ARGS];
int option;
if (!options)
return 1;
while ((p = strsep(&options, ",")) != NULL) {
int token;
if (!*p)
continue;
token = match_token(p, tokens, args);
switch (token) {
case Opt_uid:
if (match_int(&args[0], &option))
return 0;
sbi->s_uid = make_kuid(current_user_ns(), option);
if (!uid_valid(sbi->s_uid))
return 0;
break;
case Opt_gid:
if (match_int(&args[0], &option))
return 0;
sbi->s_gid = make_kgid(current_user_ns(), option);
if (!gid_valid(sbi->s_gid))
return 0;
break;
case Opt_umask:
if (match_octal(&args[0], &option))
return 0;
sbi->s_fmask = sbi->s_dmask = option;
break;
case Opt_dmask:
if (match_octal(&args[0], &option))
return 0;
sbi->s_dmask = option;
break;
case Opt_fmask:
if (match_octal(&args[0], &option))
return 0;
sbi->s_fmask = option;
break;
default:
return 0;
}
}
return 1;
}
static int parse_id(const char **ep, struct authlist_entry *entry,
enum authlist_kind kind)
{
struct user_namespace *ns = current_user_ns();
/* decimal representation of 32-bit number fits in 10 chars */
char sval[11];
const char *p = *ep;
char *xp = sval;
int error;
uid_t uid;
gid_t gid;
while (isdigit(*p)) {
if (xp - sval >= sizeof(sval) - 1)
return -EINVAL;
*xp++ = *p++;
}
*xp = '\0';
if (!sval[0] || !is_ws_eos(*p))
return -EINVAL;
switch (kind) {
case AUTHLIST_KIND_UID:
case AUTHLIST_KIND_NOUID:
error = kstrtouint(sval, 10, &uid);
if (error)
return error;
entry->kuid = make_kuid(ns, uid);
if (!uid_valid(entry->kuid))
return -EINVAL;
break;
case AUTHLIST_KIND_GID:
case AUTHLIST_KIND_NOGID:
error = kstrtouint(sval, 10, &gid);
if (error)
return error;
entry->kgid = make_kgid(ns, gid);
if (!gid_valid(entry->kgid))
return -EINVAL;
break;
default:
return -EINVAL;
}
entry->kind = kind;
*ep = p;
return 0;
}
static int owner_check(const struct xt_mtchk_param *par)
{
struct xt_owner_match_info *info = par->matchinfo;
struct net *net = par->net;
/* Only allow the common case where the userns of the writer
* matches the userns of the network namespace.
*/
if ((info->match & (XT_OWNER_UID|XT_OWNER_GID)) &&
(current_user_ns() != net->user_ns))
return -EINVAL;
/* Ensure the uids are valid */
if (info->match & XT_OWNER_UID) {
kuid_t uid_min = make_kuid(net->user_ns, info->uid_min);
kuid_t uid_max = make_kuid(net->user_ns, info->uid_max);
if (!uid_valid(uid_min) || !uid_valid(uid_max) ||
(info->uid_max < info->uid_min) ||
uid_lt(uid_max, uid_min)) {
return -EINVAL;
}
}
/* Ensure the gids are valid */
if (info->match & XT_OWNER_GID) {
kgid_t gid_min = make_kgid(net->user_ns, info->gid_min);
kgid_t gid_max = make_kgid(net->user_ns, info->gid_max);
if (!gid_valid(gid_min) || !gid_valid(gid_max) ||
(info->gid_max < info->gid_min) ||
gid_lt(gid_max, gid_min)) {
return -EINVAL;
}
}
return 0;
}
int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, kuid_t *uid)
{
struct idmap *idmap = server->nfs_client->cl_idmap;
__u32 id = -1;
int ret = 0;
if (!nfs_map_string_to_numeric(name, namelen, &id))
ret = nfs_idmap_lookup_id(name, namelen, "uid", &id, idmap);
if (ret == 0) {
*uid = make_kuid(&init_user_ns, id);
if (!uid_valid(*uid))
ret = -ERANGE;
}
trace_nfs4_map_name_to_uid(name, namelen, id, ret);
return ret;
}
static int debugfs_parse_options(char *data, struct debugfs_mount_opts *opts)
{
substring_t args[MAX_OPT_ARGS];
int option;
int token;
kuid_t uid;
kgid_t gid;
char *p;
opts->mode = DEBUGFS_DEFAULT_MODE;
while ((p = strsep(&data, ",")) != NULL) {
if (!*p)
continue;
token = match_token(p, tokens, args);
switch (token) {
case Opt_uid:
if (match_int(&args[0], &option))
return -EINVAL;
uid = make_kuid(current_user_ns(), option);
if (!uid_valid(uid))
return -EINVAL;
opts->uid = uid;
break;
case Opt_gid:
if (match_int(&args[0], &option))
return -EINVAL;
gid = make_kgid(current_user_ns(), option);
if (!gid_valid(gid))
return -EINVAL;
opts->gid = gid;
break;
case Opt_mode:
if (match_octal(&args[0], &option))
return -EINVAL;
opts->mode = option & S_IALLUGO;
break;
/*
* We might like to report bad mount options here;
* but traditionally debugfs has ignored all mount options
*/
}
}
return 0;
}
static __be32 *
decode_sattr3(__be32 *p, struct iattr *iap)
{
u32 tmp;
iap->ia_valid = 0;
if (*p++) {
iap->ia_valid |= ATTR_MODE;
iap->ia_mode = ntohl(*p++);
}
if (*p++) {
iap->ia_uid = make_kuid(&init_user_ns, ntohl(*p++));
if (uid_valid(iap->ia_uid))
iap->ia_valid |= ATTR_UID;
}
if (*p++) {
iap->ia_gid = make_kgid(&init_user_ns, ntohl(*p++));
if (gid_valid(iap->ia_gid))
iap->ia_valid |= ATTR_GID;
}
if (*p++) {
u64 newsize;
iap->ia_valid |= ATTR_SIZE;
p = xdr_decode_hyper(p, &newsize);
if (newsize <= NFS_OFFSET_MAX)
iap->ia_size = newsize;
else
iap->ia_size = NFS_OFFSET_MAX;
}
if ((tmp = ntohl(*p++)) == 1) { /* set to server time */
iap->ia_valid |= ATTR_ATIME;
} else if (tmp == 2) { /* set to client time */
iap->ia_valid |= ATTR_ATIME | ATTR_ATIME_SET;
iap->ia_atime.tv_sec = ntohl(*p++);
iap->ia_atime.tv_nsec = ntohl(*p++);
}
if ((tmp = ntohl(*p++)) == 1) { /* set to server time */
iap->ia_valid |= ATTR_MTIME;
} else if (tmp == 2) { /* set to client time */
iap->ia_valid |= ATTR_MTIME | ATTR_MTIME_SET;
iap->ia_mtime.tv_sec = ntohl(*p++);
iap->ia_mtime.tv_nsec = ntohl(*p++);
}
return p;
}
static void bus1_user_free(struct kref *ref)
{
struct bus1_user *user = container_of(ref, struct bus1_user, ref);
WARN_ON(atomic_read(&user->fds_inflight));
/* drop the id from the ida if it was initialized */
if (user->id != BUS1_INTERNAL_UID_INVALID)
ida_simple_remove(&user->domain_info->user_ida, user->id);
mutex_lock(&user->domain_info->lock);
if (uid_valid(user->uid)) /* if already dropped, it's set to invalid */
idr_remove(&user->domain_info->user_idr,
__kuid_val(user->uid));
mutex_unlock(&user->domain_info->lock);
kfree_rcu(user, rcu);
}
static __inline__ int scm_check_creds(struct ucred *creds)
{
const struct cred *cred = current_cred();
kuid_t uid = make_kuid(cred->user_ns, creds->uid);
kgid_t gid = make_kgid(cred->user_ns, creds->gid);
if (!uid_valid(uid) || !gid_valid(gid))
return -EINVAL;
if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) &&
((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) ||
uid_eq(uid, cred->suid)) || capable(CAP_SETUID)) &&
((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) ||
gid_eq(gid, cred->sgid)) || capable(CAP_SETGID))) {
return 0;
}
return -EPERM;
}
static int chown_common(const struct path *path, uid_t user, gid_t group)
{
struct inode *inode = path->dentry->d_inode;
struct inode *delegated_inode = NULL;
int error;
struct iattr newattrs;
kuid_t uid;
kgid_t gid;
uid = make_kuid(current_user_ns(), user);
gid = make_kgid(current_user_ns(), group);
retry_deleg:
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
if (!uid_valid(uid))
return -EINVAL;
newattrs.ia_valid |= ATTR_UID;
newattrs.ia_uid = uid;
}
if (group != (gid_t) -1) {
if (!gid_valid(gid))
return -EINVAL;
newattrs.ia_valid |= ATTR_GID;
newattrs.ia_gid = gid;
}
if (!S_ISDIR(inode->i_mode))
newattrs.ia_valid |=
ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
inode_lock(inode);
error = security_path_chown(path, uid, gid);
if (!error)
error = notify_change(path->dentry, &newattrs, &delegated_inode);
inode_unlock(inode);
if (delegated_inode) {
error = break_deleg_wait(&delegated_inode);
if (!error)
goto retry_deleg;
}
return error;
}
static int hypfs_parse_options(char *options, struct super_block *sb)
{
char *str;
substring_t args[MAX_OPT_ARGS];
kuid_t uid;
kgid_t gid;
if (!options)
return 0;
while ((str = strsep(&options, ",")) != NULL) {
int token, option;
struct hypfs_sb_info *hypfs_info = sb->s_fs_info;
if (!*str)
continue;
token = match_token(str, hypfs_tokens, args);
switch (token) {
case opt_uid:
if (match_int(&args[0], &option))
return -EINVAL;
uid = make_kuid(current_user_ns(), option);
if (!uid_valid(uid))
return -EINVAL;
hypfs_info->uid = uid;
break;
case opt_gid:
if (match_int(&args[0], &option))
return -EINVAL;
gid = make_kgid(current_user_ns(), option);
if (!gid_valid(gid))
return -EINVAL;
hypfs_info->gid = gid;
break;
case opt_err:
default:
pr_err("%s is not a valid mount option\n", str);
return -EINVAL;
}
}
return 0;
}
/*
* Get the persistent keyring for a specific UID and link it to the nominated
* keyring.
*/
long keyctl_get_persistent(uid_t _uid, key_serial_t destid)
{
struct user_namespace *ns = current_user_ns();
key_ref_t dest_ref;
kuid_t uid;
long ret;
/* -1 indicates the current user */
if (_uid == (uid_t)-1) {
uid = current_uid();
} else {
uid = make_kuid(ns, _uid);
if (!uid_valid(uid))
return -EINVAL;
/* You can only see your own persistent cache if you're not
* sufficiently privileged.
*/
if (!uid_eq(uid, current_uid()) &&
!uid_eq(uid, current_euid()) &&
!ns_capable(ns, CAP_SETUID))
return -EPERM;
}
/* There must be a destination keyring */
dest_ref = lookup_user_key(destid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
if (IS_ERR(dest_ref))
return PTR_ERR(dest_ref);
if (key_ref_to_ptr(dest_ref)->type != &key_type_keyring) {
ret = -ENOTDIR;
goto out_put_dest;
}
ret = key_get_persistent(ns, uid, dest_ref);
out_put_dest:
key_ref_put(dest_ref);
return ret;
}
/*
* parse_mount_options():
* Set @opts to mount options specified in @data. If an option is not
* specified in @data, set it to its default value. The exception is
* 'newinstance' option which can only be set/cleared on a mount (i.e.
* cannot be changed during remount).
*
* Note: @data may be NULL (in which case all options are set to default).
*/
static int parse_mount_options(char *data, int op, struct pts_mount_opts *opts)
{
char *p;
kuid_t uid;
kgid_t gid;
opts->setuid = 0;
opts->setgid = 0;
opts->uid = GLOBAL_ROOT_UID;
opts->gid = GLOBAL_ROOT_GID;
opts->mode = DEVPTS_DEFAULT_MODE;
opts->ptmxmode = DEVPTS_DEFAULT_PTMX_MODE;
opts->max = NR_UNIX98_PTY_MAX;
/* newinstance makes sense only on initial mount */
if (op == PARSE_MOUNT)
opts->newinstance = 0;
while ((p = strsep(&data, ",")) != NULL) {
substring_t args[MAX_OPT_ARGS];
int token;
int option;
if (!*p)
continue;
token = match_token(p, tokens, args);
switch (token) {
case Opt_uid:
if (match_int(&args[0], &option))
return -EINVAL;
uid = make_kuid(current_user_ns(), option);
if (!uid_valid(uid))
return -EINVAL;
opts->uid = uid;
opts->setuid = 1;
break;
case Opt_gid:
if (match_int(&args[0], &option))
return -EINVAL;
gid = make_kgid(current_user_ns(), option);
if (!gid_valid(gid))
return -EINVAL;
opts->gid = gid;
opts->setgid = 1;
break;
case Opt_mode:
if (match_octal(&args[0], &option))
return -EINVAL;
opts->mode = option & S_IALLUGO;
break;
#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
case Opt_ptmxmode:
if (match_octal(&args[0], &option))
return -EINVAL;
opts->ptmxmode = option & S_IALLUGO;
break;
case Opt_newinstance:
/* newinstance makes sense only on initial mount */
if (op == PARSE_MOUNT)
opts->newinstance = 1;
break;
case Opt_max:
if (match_int(&args[0], &option) ||
option < 0 || option > NR_UNIX98_PTY_MAX)
return -EINVAL;
opts->max = option;
break;
#endif
default:
printk(KERN_ERR "devpts: called with bogus options\n");
return -EINVAL;
}
}
return 0;
}
/*
* parse_options()
*
* adapted from linux/fs/msdos/inode.c written 1992,93 by Werner Almesberger
* This function is called by hfs_read_super() to parse the mount options.
*/
static int parse_options(char *options, struct hfs_sb_info *hsb)
{
char *p;
substring_t args[MAX_OPT_ARGS];
int tmp, token;
/* initialize the sb with defaults */
hsb->s_uid = current_uid();
hsb->s_gid = current_gid();
hsb->s_file_umask = 0133;
hsb->s_dir_umask = 0022;
hsb->s_type = hsb->s_creator = cpu_to_be32(0x3f3f3f3f); /* == '????' */
hsb->s_quiet = 0;
hsb->part = -1;
hsb->session = -1;
if (!options)
return 1;
while ((p = strsep(&options, ",")) != NULL) {
if (!*p)
continue;
token = match_token(p, tokens, args);
switch (token) {
case opt_uid:
if (match_int(&args[0], &tmp)) {
pr_err("uid requires an argument\n");
return 0;
}
hsb->s_uid = make_kuid(current_user_ns(), (uid_t)tmp);
if (!uid_valid(hsb->s_uid)) {
pr_err("invalid uid %d\n", tmp);
return 0;
}
break;
case opt_gid:
if (match_int(&args[0], &tmp)) {
pr_err("gid requires an argument\n");
return 0;
}
hsb->s_gid = make_kgid(current_user_ns(), (gid_t)tmp);
if (!gid_valid(hsb->s_gid)) {
pr_err("invalid gid %d\n", tmp);
return 0;
}
break;
case opt_umask:
if (match_octal(&args[0], &tmp)) {
pr_err("umask requires a value\n");
return 0;
}
hsb->s_file_umask = (umode_t)tmp;
hsb->s_dir_umask = (umode_t)tmp;
break;
case opt_file_umask:
if (match_octal(&args[0], &tmp)) {
pr_err("file_umask requires a value\n");
return 0;
}
hsb->s_file_umask = (umode_t)tmp;
break;
case opt_dir_umask:
if (match_octal(&args[0], &tmp)) {
pr_err("dir_umask requires a value\n");
return 0;
}
hsb->s_dir_umask = (umode_t)tmp;
break;
case opt_part:
if (match_int(&args[0], &hsb->part)) {
pr_err("part requires an argument\n");
return 0;
}
break;
case opt_session:
if (match_int(&args[0], &hsb->session)) {
pr_err("session requires an argument\n");
return 0;
}
break;
case opt_type:
if (match_fourchar(&args[0], &hsb->s_type)) {
pr_err("type requires a 4 character value\n");
return 0;
}
break;
case opt_creator:
if (match_fourchar(&args[0], &hsb->s_creator)) {
pr_err("creator requires a 4 character value\n");
return 0;
}
break;
case opt_quiet:
hsb->s_quiet = 1;
break;
case opt_codepage:
if (hsb->nls_disk) {
pr_err("unable to change codepage\n");
return 0;
}
p = match_strdup(&args[0]);
if (p)
hsb->nls_disk = load_nls(p);
if (!hsb->nls_disk) {
pr_err("unable to load codepage \"%s\"\n", p);
kfree(p);
return 0;
}
kfree(p);
break;
case opt_iocharset:
if (hsb->nls_io) {
pr_err("unable to change iocharset\n");
return 0;
}
p = match_strdup(&args[0]);
if (p)
hsb->nls_io = load_nls(p);
if (!hsb->nls_io) {
pr_err("unable to load iocharset \"%s\"\n", p);
kfree(p);
return 0;
}
kfree(p);
break;
default:
return 0;
}
}
if (hsb->nls_disk && !hsb->nls_io) {
hsb->nls_io = load_nls_default();
if (!hsb->nls_io) {
pr_err("unable to load default iocharset\n");
return 0;
}
}
hsb->s_dir_umask &= 0777;
hsb->s_file_umask &= 0577;
return 1;
}
static int
parse_options(char *options, befs_mount_options * opts)
{
char *p;
substring_t args[MAX_OPT_ARGS];
int option;
kuid_t uid;
kgid_t gid;
/* Initialize options */
opts->uid = GLOBAL_ROOT_UID;
opts->gid = GLOBAL_ROOT_GID;
opts->use_uid = 0;
opts->use_gid = 0;
opts->iocharset = NULL;
opts->debug = 0;
if (!options)
return 1;
while ((p = strsep(&options, ",")) != NULL) {
int token;
if (!*p)
continue;
token = match_token(p, befs_tokens, args);
switch (token) {
case Opt_uid:
if (match_int(&args[0], &option))
return 0;
uid = INVALID_UID;
if (option >= 0)
uid = make_kuid(current_user_ns(), option);
if (!uid_valid(uid)) {
printk(KERN_ERR "BeFS: Invalid uid %d, "
"using default\n", option);
break;
}
opts->uid = uid;
opts->use_uid = 1;
break;
case Opt_gid:
if (match_int(&args[0], &option))
return 0;
gid = INVALID_GID;
if (option >= 0)
gid = make_kgid(current_user_ns(), option);
if (!gid_valid(gid)) {
printk(KERN_ERR "BeFS: Invalid gid %d, "
"using default\n", option);
break;
}
opts->gid = gid;
opts->use_gid = 1;
break;
case Opt_charset:
kfree(opts->iocharset);
opts->iocharset = match_strdup(&args[0]);
if (!opts->iocharset) {
printk(KERN_ERR "BeFS: allocation failure for "
"iocharset string\n");
return 0;
}
break;
case Opt_debug:
opts->debug = 1;
break;
default:
printk(KERN_ERR "BeFS: Unrecognized mount option \"%s\" "
"or missing value\n", p);
return 0;
}
}
return 1;
}
static int ncp_parse_options(struct ncp_mount_data_kernel *data, char *options) {
int optval;
char *optarg;
unsigned long optint;
int version = 0;
int ret;
data->flags = 0;
data->int_flags = 0;
data->mounted_uid = GLOBAL_ROOT_UID;
data->wdog_pid = NULL;
data->ncp_fd = ~0;
data->time_out = NCP_DEFAULT_TIME_OUT;
data->retry_count = NCP_DEFAULT_RETRY_COUNT;
data->uid = GLOBAL_ROOT_UID;
data->gid = GLOBAL_ROOT_GID;
data->file_mode = NCP_DEFAULT_FILE_MODE;
data->dir_mode = NCP_DEFAULT_DIR_MODE;
data->info_fd = -1;
data->mounted_vol[0] = 0;
while ((optval = ncp_getopt("ncpfs", &options, ncp_opts, NULL, &optarg, &optint)) != 0) {
ret = optval;
if (ret < 0)
goto err;
switch (optval) {
case 'u':
data->uid = make_kuid(current_user_ns(), optint);
if (!uid_valid(data->uid)) {
ret = -EINVAL;
goto err;
}
break;
case 'g':
data->gid = make_kgid(current_user_ns(), optint);
if (!gid_valid(data->gid)) {
ret = -EINVAL;
goto err;
}
break;
case 'o':
data->mounted_uid = make_kuid(current_user_ns(), optint);
if (!uid_valid(data->mounted_uid)) {
ret = -EINVAL;
goto err;
}
break;
case 'm':
data->file_mode = optint;
break;
case 'd':
data->dir_mode = optint;
break;
case 't':
data->time_out = optint;
break;
case 'r':
data->retry_count = optint;
break;
case 'f':
data->flags = optint;
break;
case 'w':
data->wdog_pid = find_get_pid(optint);
break;
case 'n':
data->ncp_fd = optint;
break;
case 'i':
data->info_fd = optint;
break;
case 'v':
ret = -ECHRNG;
if (optint < NCP_MOUNT_VERSION_V4)
goto err;
if (optint > NCP_MOUNT_VERSION_V5)
goto err;
version = optint;
break;
}
}
return 0;
err:
put_pid(data->wdog_pid);
data->wdog_pid = NULL;
return ret;
}
int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
{
struct cmsghdr *cmsg;
int err;
for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg))
{
err = -EINVAL;
/* Verify that cmsg_len is at least sizeof(struct cmsghdr) */
/* The first check was omitted in <= 2.2.5. The reasoning was
that parser checks cmsg_len in any case, so that
additional check would be work duplication.
But if cmsg_level is not SOL_SOCKET, we do not check
for too short ancillary data object at all! Oops.
OK, let's add it...
*/
if (!CMSG_OK(msg, cmsg))
goto error;
if (cmsg->cmsg_level != SOL_SOCKET)
continue;
switch (cmsg->cmsg_type)
{
case SCM_RIGHTS:
if (!sock->ops || sock->ops->family != PF_UNIX)
goto error;
err=scm_fp_copy(cmsg, &p->fp);
if (err<0)
goto error;
break;
case SCM_CREDENTIALS:
{
struct ucred creds;
kuid_t uid;
kgid_t gid;
if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred)))
goto error;
memcpy(&creds, CMSG_DATA(cmsg), sizeof(struct ucred));
err = scm_check_creds(&creds);
if (err)
goto error;
p->creds.pid = creds.pid;
if (!p->pid || pid_vnr(p->pid) != creds.pid) {
struct pid *pid;
err = -ESRCH;
pid = find_get_pid(creds.pid);
if (!pid)
goto error;
put_pid(p->pid);
p->pid = pid;
}
err = -EINVAL;
uid = make_kuid(current_user_ns(), creds.uid);
gid = make_kgid(current_user_ns(), creds.gid);
if (!uid_valid(uid) || !gid_valid(gid))
goto error;
p->creds.uid = uid;
p->creds.gid = gid;
if (!p->cred ||
!uid_eq(p->cred->euid, uid) ||
!gid_eq(p->cred->egid, gid)) {
struct cred *cred;
err = -ENOMEM;
cred = prepare_creds();
if (!cred)
goto error;
cred->uid = cred->euid = uid;
cred->gid = cred->egid = gid;
if (p->cred)
put_cred(p->cred);
p->cred = cred;
}
break;
}
default:
goto error;
}
}
if (p->fp && !p->fp->count)
{
kfree(p->fp);
p->fp = NULL;
}
return 0;
error:
scm_destroy(p);
return err;
}
/*
* Check if an acl is valid. Returns 0 if it is, or -E... otherwise.
*/
int
posix_acl_valid(const struct posix_acl *acl)
{
const struct posix_acl_entry *pa, *pe;
int state = ACL_USER_OBJ;
kuid_t prev_uid = INVALID_UID;
kgid_t prev_gid = INVALID_GID;
int needs_mask = 0;
FOREACH_ACL_ENTRY(pa, acl, pe) {
if (pa->e_perm & ~(ACL_READ|ACL_WRITE|ACL_EXECUTE))
return -EINVAL;
switch (pa->e_tag) {
case ACL_USER_OBJ:
if (state == ACL_USER_OBJ) {
state = ACL_USER;
break;
}
return -EINVAL;
case ACL_USER:
if (state != ACL_USER)
return -EINVAL;
if (!uid_valid(pa->e_uid))
return -EINVAL;
if (uid_valid(prev_uid) &&
uid_lte(pa->e_uid, prev_uid))
return -EINVAL;
prev_uid = pa->e_uid;
needs_mask = 1;
break;
case ACL_GROUP_OBJ:
if (state == ACL_USER) {
state = ACL_GROUP;
break;
}
return -EINVAL;
case ACL_GROUP:
if (state != ACL_GROUP)
return -EINVAL;
if (!gid_valid(pa->e_gid))
return -EINVAL;
if (gid_valid(prev_gid) &&
gid_lte(pa->e_gid, prev_gid))
return -EINVAL;
prev_gid = pa->e_gid;
needs_mask = 1;
break;
case ACL_MASK:
if (state != ACL_GROUP)
return -EINVAL;
state = ACL_OTHER;
break;
case ACL_OTHER:
if (state == ACL_OTHER ||
(state == ACL_GROUP && !needs_mask)) {
state = 0;
break;
}
return -EINVAL;
default:
return -EINVAL;
}
}
if (state == 0)
return 0;
return -EINVAL;
}
static int
parse_options(char *options, kuid_t *uid, kgid_t *gid, int *mode, int *reserved, s32 *root,
int *blocksize, char **prefix, char *volume, unsigned long *mount_opts)
{
char *p;
substring_t args[MAX_OPT_ARGS];
/* Fill in defaults */
*uid = current_uid();
*gid = current_gid();
*reserved = 2;
*root = -1;
*blocksize = -1;
volume[0] = ':';
volume[1] = 0;
*mount_opts = 0;
if (!options)
return 1;
while ((p = strsep(&options, ",")) != NULL) {
int token, n, option;
if (!*p)
continue;
token = match_token(p, tokens, args);
switch (token) {
case Opt_bs:
if (match_int(&args[0], &n))
return 0;
if (n != 512 && n != 1024 && n != 2048
&& n != 4096) {
printk ("AFFS: Invalid blocksize (512, 1024, 2048, 4096 allowed)\n");
return 0;
}
*blocksize = n;
break;
case Opt_mode:
if (match_octal(&args[0], &option))
return 0;
*mode = option & 0777;
*mount_opts |= SF_SETMODE;
break;
case Opt_mufs:
*mount_opts |= SF_MUFS;
break;
case Opt_notruncate:
*mount_opts |= SF_NO_TRUNCATE;
break;
case Opt_prefix:
*prefix = match_strdup(&args[0]);
if (!*prefix)
return 0;
*mount_opts |= SF_PREFIX;
break;
case Opt_protect:
*mount_opts |= SF_IMMUTABLE;
break;
case Opt_reserved:
if (match_int(&args[0], reserved))
return 0;
break;
case Opt_root:
if (match_int(&args[0], root))
return 0;
break;
case Opt_setgid:
if (match_int(&args[0], &option))
return 0;
*gid = make_kgid(current_user_ns(), option);
if (!gid_valid(*gid))
return 0;
*mount_opts |= SF_SETGID;
break;
case Opt_setuid:
if (match_int(&args[0], &option))
return 0;
*uid = make_kuid(current_user_ns(), option);
if (!uid_valid(*uid))
return 0;
*mount_opts |= SF_SETUID;
break;
case Opt_verbose:
*mount_opts |= SF_VERBOSE;
break;
case Opt_volume: {
char *vol = match_strdup(&args[0]);
if (!vol)
return 0;
strlcpy(volume, vol, 32);
kfree(vol);
break;
}
case Opt_ignore:
/* Silently ignore the quota options */
break;
default:
printk("AFFS: Unrecognized mount option \"%s\" "
"or missing value\n", p);
return 0;
}
}
return 1;
}
static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type,
void *buf)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct mdt_device *mdt = info->mti_mdt;
struct ptlrpc_user_desc *pud = req->rq_user_desc;
struct lu_ucred *ucred = mdt_ucred(info);
lnet_nid_t peernid = req->rq_peer.nid;
__u32 perm = 0;
__u32 remote = exp_connect_rmtclient(info->mti_exp);
int setuid;
int setgid;
int rc = 0;
ENTRY;
LASSERT(req->rq_auth_gss);
LASSERT(!req->rq_auth_usr_mdt);
LASSERT(req->rq_user_desc);
LASSERT(ucred != NULL);
ucred->uc_valid = UCRED_INVALID;
ucred->uc_o_uid = pud->pud_uid;
ucred->uc_o_gid = pud->pud_gid;
ucred->uc_o_fsuid = pud->pud_fsuid;
ucred->uc_o_fsgid = pud->pud_fsgid;
if (type == BODY_INIT) {
struct mdt_body *body = (struct mdt_body *)buf;
ucred->uc_suppgids[0] = body->suppgid;
ucred->uc_suppgids[1] = -1;
}
/* sanity check: we expect the uid which client claimed is true */
if (remote) {
if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_mapped_uid))) {
CDEBUG(D_SEC, "remote user not mapped, deny access!\n");
CDEBUG(D_SEC, "remote user not mapped, deny access!\n");
RETURN(-EACCES);
}
if (ptlrpc_user_desc_do_idmap(req, pud))
RETURN(-EACCES);
if (req->rq_auth_mapped_uid != pud->pud_uid) {
CDEBUG(D_SEC, "remote client %s: auth/mapped uid %u/%u "
"while client claims %u:%u/%u:%u\n",
libcfs_nid2str(peernid), req->rq_auth_uid,
req->rq_auth_mapped_uid,
pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid);
RETURN(-EACCES);
}
} else {
if (req->rq_auth_uid != pud->pud_uid) {
CDEBUG(D_SEC, "local client %s: auth uid %u "
"while client claims %u:%u/%u:%u\n",
libcfs_nid2str(peernid), req->rq_auth_uid,
pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid);
RETURN(-EACCES);
}
}
if (is_identity_get_disabled(mdt->mdt_identity_cache)) {
if (remote) {
CDEBUG(D_SEC, "remote client must run with identity_get "
"enabled!\n");
RETURN(-EACCES);
} else {
ucred->uc_identity = NULL;
perm = CFS_SETUID_PERM | CFS_SETGID_PERM |
CFS_SETGRP_PERM;
}
} else {
struct md_identity *identity;
identity = mdt_identity_get(mdt->mdt_identity_cache,
pud->pud_uid);
if (IS_ERR(identity)) {
if (unlikely(PTR_ERR(identity) == -EREMCHG &&
!remote)) {
ucred->uc_identity = NULL;
perm = CFS_SETUID_PERM | CFS_SETGID_PERM |
CFS_SETGRP_PERM;
} else {
CDEBUG(D_SEC, "Deny access without identity: uid %u\n",
pud->pud_uid);
RETURN(-EACCES);
}
} else {
ucred->uc_identity = identity;
perm = mdt_identity_get_perm(ucred->uc_identity,
remote, peernid);
}
}
/* find out the setuid/setgid attempt */
setuid = (pud->pud_uid != pud->pud_fsuid);
setgid = ((pud->pud_gid != pud->pud_fsgid) ||
(ucred->uc_identity &&
(pud->pud_gid != ucred->uc_identity->mi_gid)));
/* check permission of setuid */
if (setuid && !(perm & CFS_SETUID_PERM)) {
CDEBUG(D_SEC, "mdt blocked setuid attempt (%u -> %u) from %s\n",
pud->pud_uid, pud->pud_fsuid, libcfs_nid2str(peernid));
GOTO(out, rc = -EACCES);
}
/* check permission of setgid */
if (setgid && !(perm & CFS_SETGID_PERM)) {
CDEBUG(D_SEC, "mdt blocked setgid attempt (%u:%u/%u:%u -> %u) "
"from %s\n", pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid,
ucred->uc_identity->mi_gid, libcfs_nid2str(peernid));
GOTO(out, rc = -EACCES);
}
/*
* NB: remote client not allowed to setgroups anyway.
*/
if (!remote && perm & CFS_SETGRP_PERM) {
if (pud->pud_ngroups) {
/* setgroups for local client */
ucred->uc_ginfo = groups_alloc(pud->pud_ngroups);
if (!ucred->uc_ginfo) {
CERROR("failed to alloc %d groups\n",
pud->pud_ngroups);
GOTO(out, rc = -ENOMEM);
}
lustre_groups_from_list(ucred->uc_ginfo,
pud->pud_groups);
lustre_groups_sort(ucred->uc_ginfo);
} else {
ucred->uc_ginfo = NULL;
}
} else {
ucred->uc_suppgids[0] = -1;
ucred->uc_suppgids[1] = -1;
ucred->uc_ginfo = NULL;
}
ucred->uc_uid = pud->pud_uid;
ucred->uc_gid = pud->pud_gid;
ucred->uc_fsuid = pud->pud_fsuid;
ucred->uc_fsgid = pud->pud_fsgid;
/* process root_squash here. */
mdt_root_squash(info, peernid);
/* remove fs privilege for non-root user. */
if (ucred->uc_fsuid)
ucred->uc_cap = pud->pud_cap & ~CFS_CAP_FS_MASK;
else
ucred->uc_cap = pud->pud_cap;
if (remote && !(perm & CFS_RMTOWN_PERM))
ucred->uc_cap &= ~(CFS_CAP_SYS_RESOURCE_MASK |
CFS_CAP_CHOWN_MASK);
ucred->uc_valid = UCRED_NEW;
EXIT;
out:
if (rc) {
if (ucred->uc_ginfo) {
put_group_info(ucred->uc_ginfo);
ucred->uc_ginfo = NULL;
}
if (ucred->uc_identity) {
mdt_identity_put(mdt->mdt_identity_cache,
ucred->uc_identity);
ucred->uc_identity = NULL;
}
}
return rc;
}
int mdt_check_ucred(struct mdt_thread_info *info)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct mdt_device *mdt = info->mti_mdt;
struct ptlrpc_user_desc *pud = req->rq_user_desc;
struct lu_ucred *ucred = mdt_ucred(info);
struct md_identity *identity = NULL;
lnet_nid_t peernid = req->rq_peer.nid;
__u32 perm = 0;
__u32 remote = exp_connect_rmtclient(info->mti_exp);
int setuid;
int setgid;
int rc = 0;
ENTRY;
LASSERT(ucred != NULL);
if ((ucred->uc_valid == UCRED_OLD) || (ucred->uc_valid == UCRED_NEW))
RETURN(0);
if (!req->rq_auth_gss || req->rq_auth_usr_mdt || !req->rq_user_desc)
RETURN(0);
/* sanity check: if we use strong authentication, we expect the
* uid which client claimed is true */
if (remote) {
if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_mapped_uid))) {
CDEBUG(D_SEC, "remote user not mapped, deny access!\n");
RETURN(-EACCES);
}
if (ptlrpc_user_desc_do_idmap(req, pud))
RETURN(-EACCES);
if (req->rq_auth_mapped_uid != pud->pud_uid) {
CDEBUG(D_SEC, "remote client %s: auth/mapped uid %u/%u "
"while client claims %u:%u/%u:%u\n",
libcfs_nid2str(peernid), req->rq_auth_uid,
req->rq_auth_mapped_uid,
pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid);
RETURN(-EACCES);
}
} else {
if (req->rq_auth_uid != pud->pud_uid) {
CDEBUG(D_SEC, "local client %s: auth uid %u "
"while client claims %u:%u/%u:%u\n",
libcfs_nid2str(peernid), req->rq_auth_uid,
pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid);
RETURN(-EACCES);
}
}
if (is_identity_get_disabled(mdt->mdt_identity_cache)) {
if (remote) {
CDEBUG(D_SEC, "remote client must run with identity_get "
"enabled!\n");
RETURN(-EACCES);
}
RETURN(0);
}
identity = mdt_identity_get(mdt->mdt_identity_cache, pud->pud_uid);
if (IS_ERR(identity)) {
if (unlikely(PTR_ERR(identity) == -EREMCHG &&
!remote)) {
RETURN(0);
} else {
CDEBUG(D_SEC, "Deny access without identity: uid %u\n",
pud->pud_uid);
RETURN(-EACCES);
}
}
perm = mdt_identity_get_perm(identity, remote, peernid);
/* find out the setuid/setgid attempt */
setuid = (pud->pud_uid != pud->pud_fsuid);
setgid = (pud->pud_gid != pud->pud_fsgid ||
pud->pud_gid != identity->mi_gid);
/* check permission of setuid */
if (setuid && !(perm & CFS_SETUID_PERM)) {
CDEBUG(D_SEC, "mdt blocked setuid attempt (%u -> %u) from %s\n",
pud->pud_uid, pud->pud_fsuid, libcfs_nid2str(peernid));
GOTO(out, rc = -EACCES);
}
/* check permission of setgid */
if (setgid && !(perm & CFS_SETGID_PERM)) {
CDEBUG(D_SEC, "mdt blocked setgid attempt (%u:%u/%u:%u -> %u) "
"from %s\n", pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid, identity->mi_gid,
libcfs_nid2str(peernid));
GOTO(out, rc = -EACCES);
}
EXIT;
out:
mdt_identity_put(mdt->mdt_identity_cache, identity);
return rc;
}
/**
* notify_change - modify attributes of a filesytem object
* @dentry: object affected
* @iattr: new attributes
* @delegated_inode: returns inode, if the inode is delegated
*
* The caller must hold the i_mutex on the affected object.
*
* If notify_change discovers a delegation in need of breaking,
* it will return -EWOULDBLOCK and return a reference to the inode in
* delegated_inode. The caller should then break the delegation and
* retry. Because breaking a delegation may take a long time, the
* caller should drop the i_mutex before doing so.
*
* Alternatively, a caller may pass NULL for delegated_inode. This may
* be appropriate for callers that expect the underlying filesystem not
* to be NFS exported. Also, passing NULL is fine for callers holding
* the file open for write, as there can be no conflicting delegation in
* that case.
*/
int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **delegated_inode)
{
struct inode *inode = dentry->d_inode;
umode_t mode = inode->i_mode;
int error;
struct timespec now;
unsigned int ia_valid = attr->ia_valid;
WARN_ON_ONCE(!inode_is_locked(inode));
if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) {
if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
return -EPERM;
}
/*
* If utimes(2) and friends are called with times == NULL (or both
* times are UTIME_NOW), then we need to check for write permission
*/
if (ia_valid & ATTR_TOUCH) {
if (IS_IMMUTABLE(inode))
return -EPERM;
if (!inode_owner_or_capable(inode)) {
error = inode_permission(inode, MAY_WRITE);
if (error)
return error;
}
}
if ((ia_valid & ATTR_MODE)) {
umode_t amode = attr->ia_mode;
/* Flag setting protected by i_mutex */
if (is_sxid(amode))
inode->i_flags &= ~S_NOSEC;
}
now = current_fs_time(inode->i_sb);
attr->ia_ctime = now;
if (!(ia_valid & ATTR_ATIME_SET))
attr->ia_atime = now;
if (!(ia_valid & ATTR_MTIME_SET))
attr->ia_mtime = now;
if (ia_valid & ATTR_KILL_PRIV) {
attr->ia_valid &= ~ATTR_KILL_PRIV;
ia_valid &= ~ATTR_KILL_PRIV;
error = security_inode_need_killpriv(dentry);
if (error > 0)
error = security_inode_killpriv(dentry);
if (error)
return error;
}
/*
* We now pass ATTR_KILL_S*ID to the lower level setattr function so
* that the function has the ability to reinterpret a mode change
* that's due to these bits. This adds an implicit restriction that
* no function will ever call notify_change with both ATTR_MODE and
* ATTR_KILL_S*ID set.
*/
if ((ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID)) &&
(ia_valid & ATTR_MODE))
BUG();
if (ia_valid & ATTR_KILL_SUID) {
if (mode & S_ISUID) {
ia_valid = attr->ia_valid |= ATTR_MODE;
attr->ia_mode = (inode->i_mode & ~S_ISUID);
}
}
if (ia_valid & ATTR_KILL_SGID) {
if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
if (!(ia_valid & ATTR_MODE)) {
ia_valid = attr->ia_valid |= ATTR_MODE;
attr->ia_mode = inode->i_mode;
}
attr->ia_mode &= ~S_ISGID;
}
}
if (!(attr->ia_valid & ~(ATTR_KILL_SUID | ATTR_KILL_SGID)))
return 0;
/*
* Verify that uid/gid changes are valid in the target
* namespace of the superblock.
*/
if (ia_valid & ATTR_UID &&
!kuid_has_mapping(inode->i_sb->s_user_ns, attr->ia_uid))
return -EOVERFLOW;
if (ia_valid & ATTR_GID &&
!kgid_has_mapping(inode->i_sb->s_user_ns, attr->ia_gid))
return -EOVERFLOW;
/* Don't allow modifications of files with invalid uids or
* gids unless those uids & gids are being made valid.
*/
if (!(ia_valid & ATTR_UID) && !uid_valid(inode->i_uid))
return -EOVERFLOW;
if (!(ia_valid & ATTR_GID) && !gid_valid(inode->i_gid))
return -EOVERFLOW;
error = security_inode_setattr(dentry, attr);
if (error)
return error;
error = try_break_deleg(inode, delegated_inode);
if (error)
return error;
if (inode->i_op->setattr)
error = inode->i_op->setattr(dentry, attr);
else
error = simple_setattr(dentry, attr);
if (!error) {
fsnotify_change(dentry, ia_valid);
ima_inode_post_setattr(dentry);
evm_inode_post_setattr(dentry, ia_valid);
}
return error;
}
/*
* parse_mount_options():
* Set @opts to mount options specified in @data. If an option is not
* specified in @data, set it to its default value.
*
* Note: @data may be NULL (in which case all options are set to default).
*/
static int parse_mount_options(char *data, int op, struct pts_mount_opts *opts)
{
char *p;
kuid_t uid;
kgid_t gid;
opts->setuid = 0;
opts->setgid = 0;
opts->uid = GLOBAL_ROOT_UID;
opts->gid = GLOBAL_ROOT_GID;
opts->mode = DEVPTS_DEFAULT_MODE;
opts->ptmxmode = DEVPTS_DEFAULT_PTMX_MODE;
opts->max = NR_UNIX98_PTY_MAX;
/* Only allow instances mounted from the initial mount
* namespace to tap the reserve pool of ptys.
*/
if (op == PARSE_MOUNT)
opts->reserve =
(current->nsproxy->mnt_ns == init_task.nsproxy->mnt_ns);
while ((p = strsep(&data, ",")) != NULL) {
substring_t args[MAX_OPT_ARGS];
int token;
int option;
if (!*p)
continue;
token = match_token(p, tokens, args);
switch (token) {
case Opt_uid:
if (match_int(&args[0], &option))
return -EINVAL;
uid = make_kuid(current_user_ns(), option);
if (!uid_valid(uid))
return -EINVAL;
opts->uid = uid;
opts->setuid = 1;
break;
case Opt_gid:
if (match_int(&args[0], &option))
return -EINVAL;
gid = make_kgid(current_user_ns(), option);
if (!gid_valid(gid))
return -EINVAL;
opts->gid = gid;
opts->setgid = 1;
break;
case Opt_mode:
if (match_octal(&args[0], &option))
return -EINVAL;
opts->mode = option & S_IALLUGO;
break;
case Opt_ptmxmode:
if (match_octal(&args[0], &option))
return -EINVAL;
opts->ptmxmode = option & S_IALLUGO;
break;
case Opt_newinstance:
break;
case Opt_max:
if (match_int(&args[0], &option) ||
option < 0 || option > NR_UNIX98_PTY_MAX)
return -EINVAL;
opts->max = option;
break;
default:
pr_err("called with bogus options\n");
return -EINVAL;
}
}
return 0;
}
/*
* Convert from extended attribute to in-memory representation.
*/
struct posix_acl *
posix_acl_from_xattr(struct user_namespace *user_ns,
const void *value, size_t size)
{
posix_acl_xattr_header *header = (posix_acl_xattr_header *)value;
posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end;
int count;
struct posix_acl *acl;
struct posix_acl_entry *acl_e;
if (!value)
return NULL;
if (size < sizeof(posix_acl_xattr_header))
return ERR_PTR(-EINVAL);
if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION))
return ERR_PTR(-EOPNOTSUPP);
count = posix_acl_xattr_count(size);
if (count < 0)
return ERR_PTR(-EINVAL);
if (count == 0)
return NULL;
acl = posix_acl_alloc(count, GFP_NOFS);
if (!acl)
return ERR_PTR(-ENOMEM);
acl_e = acl->a_entries;
for (end = entry + count; entry != end; acl_e++, entry++) {
acl_e->e_tag = le16_to_cpu(entry->e_tag);
acl_e->e_perm = le16_to_cpu(entry->e_perm);
switch(acl_e->e_tag) {
case ACL_USER_OBJ:
case ACL_GROUP_OBJ:
case ACL_MASK:
case ACL_OTHER:
break;
case ACL_USER:
acl_e->e_uid =
make_kuid(user_ns,
le32_to_cpu(entry->e_id));
if (!uid_valid(acl_e->e_uid))
goto fail;
break;
case ACL_GROUP:
acl_e->e_gid =
make_kgid(user_ns,
le32_to_cpu(entry->e_id));
if (!gid_valid(acl_e->e_gid))
goto fail;
break;
default:
goto fail;
}
}
return acl;
fail:
posix_acl_release(acl);
return ERR_PTR(-EINVAL);
}
static int ncp_fill_super(struct super_block *sb, void *raw_data, int silent)
{
struct ncp_mount_data_kernel data;
struct ncp_server *server;
struct inode *root_inode;
struct socket *sock;
int error;
int default_bufsize;
#ifdef CONFIG_NCPFS_PACKET_SIGNING
int options;
#endif
struct ncp_entry_info finfo;
memset(&data, 0, sizeof(data));
server = kzalloc(sizeof(struct ncp_server), GFP_KERNEL);
if (!server)
return -ENOMEM;
sb->s_fs_info = server;
error = -EFAULT;
if (raw_data == NULL)
goto out;
switch (*(int*)raw_data) {
case NCP_MOUNT_VERSION:
{
struct ncp_mount_data* md = (struct ncp_mount_data*)raw_data;
data.flags = md->flags;
data.int_flags = NCP_IMOUNT_LOGGEDIN_POSSIBLE;
data.mounted_uid = make_kuid(current_user_ns(), md->mounted_uid);
data.wdog_pid = find_get_pid(md->wdog_pid);
data.ncp_fd = md->ncp_fd;
data.time_out = md->time_out;
data.retry_count = md->retry_count;
data.uid = make_kuid(current_user_ns(), md->uid);
data.gid = make_kgid(current_user_ns(), md->gid);
data.file_mode = md->file_mode;
data.dir_mode = md->dir_mode;
data.info_fd = -1;
memcpy(data.mounted_vol, md->mounted_vol,
NCP_VOLNAME_LEN+1);
}
break;
case NCP_MOUNT_VERSION_V4:
{
struct ncp_mount_data_v4* md = (struct ncp_mount_data_v4*)raw_data;
data.flags = md->flags;
data.mounted_uid = make_kuid(current_user_ns(), md->mounted_uid);
data.wdog_pid = find_get_pid(md->wdog_pid);
data.ncp_fd = md->ncp_fd;
data.time_out = md->time_out;
data.retry_count = md->retry_count;
data.uid = make_kuid(current_user_ns(), md->uid);
data.gid = make_kgid(current_user_ns(), md->gid);
data.file_mode = md->file_mode;
data.dir_mode = md->dir_mode;
data.info_fd = -1;
}
break;
default:
error = -ECHRNG;
if (memcmp(raw_data, "vers", 4) == 0) {
error = ncp_parse_options(&data, raw_data);
}
if (error)
goto out;
break;
}
error = -EINVAL;
if (!uid_valid(data.mounted_uid) || !uid_valid(data.uid) ||
!gid_valid(data.gid))
goto out;
sock = sockfd_lookup(data.ncp_fd, &error);
if (!sock)
goto out;
if (sock->type == SOCK_STREAM)
default_bufsize = 0xF000;
else
default_bufsize = 1024;
sb->s_flags |= MS_NODIRATIME; /* probably even noatime */
sb->s_maxbytes = 0xFFFFFFFFU;
sb->s_blocksize = 1024; /* Eh... Is this correct? */
sb->s_blocksize_bits = 10;
sb->s_magic = NCP_SUPER_MAGIC;
sb->s_op = &ncp_sops;
sb->s_d_op = &ncp_dentry_operations;
sb->s_bdi = &server->bdi;
server = NCP_SBP(sb);
memset(server, 0, sizeof(*server));
error = bdi_setup_and_register(&server->bdi, "ncpfs");
if (error)
goto out_fput;
server->ncp_sock = sock;
if (data.info_fd != -1) {
struct socket *info_sock = sockfd_lookup(data.info_fd, &error);
if (!info_sock)
goto out_bdi;
server->info_sock = info_sock;
error = -EBADFD;
if (info_sock->type != SOCK_STREAM)
goto out_fput2;
}
/* server->lock = 0; */
mutex_init(&server->mutex);
server->packet = NULL;
/* server->buffer_size = 0; */
/* server->conn_status = 0; */
/* server->root_dentry = NULL; */
/* server->root_setuped = 0; */
mutex_init(&server->root_setup_lock);
#ifdef CONFIG_NCPFS_PACKET_SIGNING
/* server->sign_wanted = 0; */
/* server->sign_active = 0; */
#endif
init_rwsem(&server->auth_rwsem);
server->auth.auth_type = NCP_AUTH_NONE;
/* server->auth.object_name_len = 0; */
/* server->auth.object_name = NULL; */
/* server->auth.object_type = 0; */
/* server->priv.len = 0; */
/* server->priv.data = NULL; */
server->m = data;
/* Although anything producing this is buggy, it happens
now because of PATH_MAX changes.. */
if (server->m.time_out < 1) {
server->m.time_out = 10;
pr_info("You need to recompile your ncpfs utils..\n");
}
server->m.time_out = server->m.time_out * HZ / 100;
server->m.file_mode = (server->m.file_mode & S_IRWXUGO) | S_IFREG;
server->m.dir_mode = (server->m.dir_mode & S_IRWXUGO) | S_IFDIR;
#ifdef CONFIG_NCPFS_NLS
/* load the default NLS charsets */
server->nls_vol = load_nls_default();
server->nls_io = load_nls_default();
#endif /* CONFIG_NCPFS_NLS */
atomic_set(&server->dentry_ttl, 0); /* no caching */
INIT_LIST_HEAD(&server->tx.requests);
mutex_init(&server->rcv.creq_mutex);
server->tx.creq = NULL;
server->rcv.creq = NULL;
init_timer(&server->timeout_tm);
#undef NCP_PACKET_SIZE
#define NCP_PACKET_SIZE 131072
error = -ENOMEM;
server->packet_size = NCP_PACKET_SIZE;
server->packet = vmalloc(NCP_PACKET_SIZE);
if (server->packet == NULL)
goto out_nls;
server->txbuf = vmalloc(NCP_PACKET_SIZE);
if (server->txbuf == NULL)
goto out_packet;
server->rxbuf = vmalloc(NCP_PACKET_SIZE);
if (server->rxbuf == NULL)
goto out_txbuf;
lock_sock(sock->sk);
server->data_ready = sock->sk->sk_data_ready;
server->write_space = sock->sk->sk_write_space;
server->error_report = sock->sk->sk_error_report;
sock->sk->sk_user_data = server;
sock->sk->sk_data_ready = ncp_tcp_data_ready;
sock->sk->sk_error_report = ncp_tcp_error_report;
if (sock->type == SOCK_STREAM) {
server->rcv.ptr = (unsigned char*)&server->rcv.buf;
server->rcv.len = 10;
server->rcv.state = 0;
INIT_WORK(&server->rcv.tq, ncp_tcp_rcv_proc);
INIT_WORK(&server->tx.tq, ncp_tcp_tx_proc);
sock->sk->sk_write_space = ncp_tcp_write_space;
} else {
INIT_WORK(&server->rcv.tq, ncpdgram_rcv_proc);
INIT_WORK(&server->timeout_tq, ncpdgram_timeout_proc);
server->timeout_tm.data = (unsigned long)server;
server->timeout_tm.function = ncpdgram_timeout_call;
}
release_sock(sock->sk);
ncp_lock_server(server);
error = ncp_connect(server);
ncp_unlock_server(server);
if (error < 0)
goto out_rxbuf;
ncp_dbg(1, "NCP_SBP(sb) = %p\n", NCP_SBP(sb));
error = -EMSGSIZE; /* -EREMOTESIDEINCOMPATIBLE */
#ifdef CONFIG_NCPFS_PACKET_SIGNING
if (ncp_negotiate_size_and_options(server, default_bufsize,
NCP_DEFAULT_OPTIONS, &(server->buffer_size), &options) == 0)
{
if (options != NCP_DEFAULT_OPTIONS)
{
if (ncp_negotiate_size_and_options(server,
default_bufsize,
options & 2,
&(server->buffer_size), &options) != 0)
{
goto out_disconnect;
}
}
ncp_lock_server(server);
if (options & 2)
server->sign_wanted = 1;
ncp_unlock_server(server);
}
else
#endif /* CONFIG_NCPFS_PACKET_SIGNING */
if (ncp_negotiate_buffersize(server, default_bufsize,
&(server->buffer_size)) != 0)
goto out_disconnect;
ncp_dbg(1, "bufsize = %d\n", server->buffer_size);
memset(&finfo, 0, sizeof(finfo));
finfo.i.attributes = aDIR;
finfo.i.dataStreamSize = 0; /* ignored */
finfo.i.dirEntNum = 0;
finfo.i.DosDirNum = 0;
#ifdef CONFIG_NCPFS_SMALLDOS
finfo.i.NSCreator = NW_NS_DOS;
#endif
finfo.volume = NCP_NUMBER_OF_VOLUMES;
/* set dates of mountpoint to Jan 1, 1986; 00:00 */
finfo.i.creationTime = finfo.i.modifyTime
= cpu_to_le16(0x0000);
finfo.i.creationDate = finfo.i.modifyDate
= finfo.i.lastAccessDate
= cpu_to_le16(0x0C21);
finfo.i.nameLen = 0;
finfo.i.entryName[0] = '\0';
finfo.opened = 0;
finfo.ino = 2; /* tradition */
server->name_space[finfo.volume] = NW_NS_DOS;
error = -ENOMEM;
root_inode = ncp_iget(sb, &finfo);
if (!root_inode)
goto out_disconnect;
ncp_dbg(1, "root vol=%d\n", NCP_FINFO(root_inode)->volNumber);
sb->s_root = d_make_root(root_inode);
if (!sb->s_root)
goto out_disconnect;
return 0;
out_disconnect:
ncp_lock_server(server);
ncp_disconnect(server);
ncp_unlock_server(server);
out_rxbuf:
ncp_stop_tasks(server);
vfree(server->rxbuf);
out_txbuf:
vfree(server->txbuf);
out_packet:
vfree(server->packet);
out_nls:
#ifdef CONFIG_NCPFS_NLS
unload_nls(server->nls_io);
unload_nls(server->nls_vol);
#endif
mutex_destroy(&server->rcv.creq_mutex);
mutex_destroy(&server->root_setup_lock);
mutex_destroy(&server->mutex);
out_fput2:
if (server->info_sock)
sockfd_put(server->info_sock);
out_bdi:
bdi_destroy(&server->bdi);
out_fput:
sockfd_put(sock);
out:
put_pid(data.wdog_pid);
sb->s_fs_info = NULL;
kfree(server);
return error;
}
static int parse_opts(char *opts, kuid_t *uid, kgid_t *gid, umode_t *umask,
int *lowercase, int *eas, int *chk, int *errs,
int *chkdsk, int *timeshift)
{
char *p;
int option;
if (!opts)
return 1;
/*printk("Parsing opts: '%s'\n",opts);*/
while ((p = strsep(&opts, ",")) != NULL) {
substring_t args[MAX_OPT_ARGS];
int token;
if (!*p)
continue;
token = match_token(p, tokens, args);
switch (token) {
case Opt_help:
return 2;
case Opt_uid:
if (match_int(args, &option))
return 0;
*uid = make_kuid(current_user_ns(), option);
if (!uid_valid(*uid))
return 0;
break;
case Opt_gid:
if (match_int(args, &option))
return 0;
*gid = make_kgid(current_user_ns(), option);
if (!gid_valid(*gid))
return 0;
break;
case Opt_umask:
if (match_octal(args, &option))
return 0;
*umask = option;
break;
case Opt_case_lower:
*lowercase = 1;
break;
case Opt_case_asis:
*lowercase = 0;
break;
case Opt_check_none:
*chk = 0;
break;
case Opt_check_normal:
*chk = 1;
break;
case Opt_check_strict:
*chk = 2;
break;
case Opt_err_cont:
*errs = 0;
break;
case Opt_err_ro:
*errs = 1;
break;
case Opt_err_panic:
*errs = 2;
break;
case Opt_eas_no:
*eas = 0;
break;
case Opt_eas_ro:
*eas = 1;
break;
case Opt_eas_rw:
*eas = 2;
break;
case Opt_chkdsk_no:
*chkdsk = 0;
break;
case Opt_chkdsk_errors:
*chkdsk = 1;
break;
case Opt_chkdsk_always:
*chkdsk = 2;
break;
case Opt_timeshift:
{
int m = 1;
char *rhs = args[0].from;
if (!rhs || !*rhs)
return 0;
if (*rhs == '-') m = -1;
if (*rhs == '+' || *rhs == '-') rhs++;
*timeshift = simple_strtoul(rhs, &rhs, 0) * m;
if (*rhs)
return 0;
break;
}
default:
return 0;
}
}
return 1;
}