Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* |
Nathan Scott | 7b71876 | 2005-11-02 14:58:39 +1100 | [diff] [blame] | 2 | * Copyright (c) 2001-2002,2005 Silicon Graphics, Inc. |
| 3 | * All Rights Reserved. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 4 | * |
Nathan Scott | 7b71876 | 2005-11-02 14:58:39 +1100 | [diff] [blame] | 5 | * This program is free software; you can redistribute it and/or |
| 6 | * modify it under the terms of the GNU General Public License as |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 7 | * published by the Free Software Foundation. |
| 8 | * |
Nathan Scott | 7b71876 | 2005-11-02 14:58:39 +1100 | [diff] [blame] | 9 | * This program is distributed in the hope that it would be useful, |
| 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | * GNU General Public License for more details. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 13 | * |
Nathan Scott | 7b71876 | 2005-11-02 14:58:39 +1100 | [diff] [blame] | 14 | * You should have received a copy of the GNU General Public License |
| 15 | * along with this program; if not, write the Free Software Foundation, |
| 16 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 17 | */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 18 | #include "xfs.h" |
Nathan Scott | a844f45 | 2005-11-02 14:38:42 +1100 | [diff] [blame] | 19 | #include "xfs_fs.h" |
| 20 | #include "xfs_types.h" |
| 21 | #include "xfs_bit.h" |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 22 | #include "xfs_inum.h" |
Nathan Scott | a844f45 | 2005-11-02 14:38:42 +1100 | [diff] [blame] | 23 | #include "xfs_ag.h" |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 24 | #include "xfs_dir2.h" |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 25 | #include "xfs_bmap_btree.h" |
Nathan Scott | a844f45 | 2005-11-02 14:38:42 +1100 | [diff] [blame] | 26 | #include "xfs_alloc_btree.h" |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 27 | #include "xfs_ialloc_btree.h" |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 28 | #include "xfs_dir2_sf.h" |
Nathan Scott | a844f45 | 2005-11-02 14:38:42 +1100 | [diff] [blame] | 29 | #include "xfs_attr_sf.h" |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 30 | #include "xfs_dinode.h" |
| 31 | #include "xfs_inode.h" |
Nathan Scott | a844f45 | 2005-11-02 14:38:42 +1100 | [diff] [blame] | 32 | #include "xfs_btree.h" |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 33 | #include "xfs_acl.h" |
| 34 | #include "xfs_mac.h" |
| 35 | #include "xfs_attr.h" |
| 36 | |
Randy Dunlap | 16f7e0f | 2006-01-11 12:17:46 -0800 | [diff] [blame] | 37 | #include <linux/capability.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 38 | #include <linux/posix_acl_xattr.h> |
| 39 | |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 40 | STATIC int xfs_acl_setmode(bhv_vnode_t *, xfs_acl_t *, int *); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 41 | STATIC void xfs_acl_filter_mode(mode_t, xfs_acl_t *); |
| 42 | STATIC void xfs_acl_get_endian(xfs_acl_t *); |
| 43 | STATIC int xfs_acl_access(uid_t, gid_t, xfs_acl_t *, mode_t, cred_t *); |
| 44 | STATIC int xfs_acl_invalid(xfs_acl_t *); |
| 45 | STATIC void xfs_acl_sync_mode(mode_t, xfs_acl_t *); |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 46 | STATIC void xfs_acl_get_attr(bhv_vnode_t *, xfs_acl_t *, int, int, int *); |
| 47 | STATIC void xfs_acl_set_attr(bhv_vnode_t *, xfs_acl_t *, int, int *); |
| 48 | STATIC int xfs_acl_allow_set(bhv_vnode_t *, int); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 49 | |
| 50 | kmem_zone_t *xfs_acl_zone; |
| 51 | |
| 52 | |
| 53 | /* |
| 54 | * Test for existence of access ACL attribute as efficiently as possible. |
| 55 | */ |
| 56 | int |
| 57 | xfs_acl_vhasacl_access( |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 58 | bhv_vnode_t *vp) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 59 | { |
| 60 | int error; |
| 61 | |
| 62 | xfs_acl_get_attr(vp, NULL, _ACL_TYPE_ACCESS, ATTR_KERNOVAL, &error); |
| 63 | return (error == 0); |
| 64 | } |
| 65 | |
| 66 | /* |
| 67 | * Test for existence of default ACL attribute as efficiently as possible. |
| 68 | */ |
| 69 | int |
| 70 | xfs_acl_vhasacl_default( |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 71 | bhv_vnode_t *vp) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 72 | { |
| 73 | int error; |
| 74 | |
Christoph Hellwig | 0432dab | 2005-09-02 16:46:51 +1000 | [diff] [blame] | 75 | if (!VN_ISDIR(vp)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 76 | return 0; |
| 77 | xfs_acl_get_attr(vp, NULL, _ACL_TYPE_DEFAULT, ATTR_KERNOVAL, &error); |
| 78 | return (error == 0); |
| 79 | } |
| 80 | |
| 81 | /* |
| 82 | * Convert from extended attribute representation to in-memory for XFS. |
| 83 | */ |
| 84 | STATIC int |
| 85 | posix_acl_xattr_to_xfs( |
| 86 | posix_acl_xattr_header *src, |
| 87 | size_t size, |
| 88 | xfs_acl_t *dest) |
| 89 | { |
| 90 | posix_acl_xattr_entry *src_entry; |
| 91 | xfs_acl_entry_t *dest_entry; |
| 92 | int n; |
| 93 | |
| 94 | if (!src || !dest) |
| 95 | return EINVAL; |
| 96 | |
| 97 | if (size < sizeof(posix_acl_xattr_header)) |
| 98 | return EINVAL; |
| 99 | |
| 100 | if (src->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION)) |
| 101 | return EOPNOTSUPP; |
| 102 | |
| 103 | memset(dest, 0, sizeof(xfs_acl_t)); |
| 104 | dest->acl_cnt = posix_acl_xattr_count(size); |
| 105 | if (dest->acl_cnt < 0 || dest->acl_cnt > XFS_ACL_MAX_ENTRIES) |
| 106 | return EINVAL; |
| 107 | |
| 108 | /* |
| 109 | * acl_set_file(3) may request that we set default ACLs with |
| 110 | * zero length -- defend (gracefully) against that here. |
| 111 | */ |
| 112 | if (!dest->acl_cnt) |
| 113 | return 0; |
| 114 | |
| 115 | src_entry = (posix_acl_xattr_entry *)((char *)src + sizeof(*src)); |
| 116 | dest_entry = &dest->acl_entry[0]; |
| 117 | |
| 118 | for (n = 0; n < dest->acl_cnt; n++, src_entry++, dest_entry++) { |
| 119 | dest_entry->ae_perm = le16_to_cpu(src_entry->e_perm); |
| 120 | if (_ACL_PERM_INVALID(dest_entry->ae_perm)) |
| 121 | return EINVAL; |
| 122 | dest_entry->ae_tag = le16_to_cpu(src_entry->e_tag); |
| 123 | switch(dest_entry->ae_tag) { |
| 124 | case ACL_USER: |
| 125 | case ACL_GROUP: |
| 126 | dest_entry->ae_id = le32_to_cpu(src_entry->e_id); |
| 127 | break; |
| 128 | case ACL_USER_OBJ: |
| 129 | case ACL_GROUP_OBJ: |
| 130 | case ACL_MASK: |
| 131 | case ACL_OTHER: |
| 132 | dest_entry->ae_id = ACL_UNDEFINED_ID; |
| 133 | break; |
| 134 | default: |
| 135 | return EINVAL; |
| 136 | } |
| 137 | } |
| 138 | if (xfs_acl_invalid(dest)) |
| 139 | return EINVAL; |
| 140 | |
| 141 | return 0; |
| 142 | } |
| 143 | |
| 144 | /* |
Nathan Scott | 380b5dc | 2005-11-02 11:43:18 +1100 | [diff] [blame] | 145 | * Comparison function called from xfs_sort(). |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 146 | * Primary key is ae_tag, secondary key is ae_id. |
| 147 | */ |
| 148 | STATIC int |
| 149 | xfs_acl_entry_compare( |
| 150 | const void *va, |
| 151 | const void *vb) |
| 152 | { |
| 153 | xfs_acl_entry_t *a = (xfs_acl_entry_t *)va, |
| 154 | *b = (xfs_acl_entry_t *)vb; |
| 155 | |
| 156 | if (a->ae_tag == b->ae_tag) |
| 157 | return (a->ae_id - b->ae_id); |
| 158 | return (a->ae_tag - b->ae_tag); |
| 159 | } |
| 160 | |
| 161 | /* |
| 162 | * Convert from in-memory XFS to extended attribute representation. |
| 163 | */ |
| 164 | STATIC int |
| 165 | posix_acl_xfs_to_xattr( |
| 166 | xfs_acl_t *src, |
| 167 | posix_acl_xattr_header *dest, |
| 168 | size_t size) |
| 169 | { |
| 170 | int n; |
| 171 | size_t new_size = posix_acl_xattr_size(src->acl_cnt); |
| 172 | posix_acl_xattr_entry *dest_entry; |
| 173 | xfs_acl_entry_t *src_entry; |
| 174 | |
| 175 | if (size < new_size) |
| 176 | return -ERANGE; |
| 177 | |
| 178 | /* Need to sort src XFS ACL by <ae_tag,ae_id> */ |
Nathan Scott | 380b5dc | 2005-11-02 11:43:18 +1100 | [diff] [blame] | 179 | xfs_sort(src->acl_entry, src->acl_cnt, sizeof(src->acl_entry[0]), |
| 180 | xfs_acl_entry_compare); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 181 | |
| 182 | dest->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION); |
| 183 | dest_entry = &dest->a_entries[0]; |
| 184 | src_entry = &src->acl_entry[0]; |
| 185 | for (n = 0; n < src->acl_cnt; n++, dest_entry++, src_entry++) { |
| 186 | dest_entry->e_perm = cpu_to_le16(src_entry->ae_perm); |
| 187 | if (_ACL_PERM_INVALID(src_entry->ae_perm)) |
| 188 | return -EINVAL; |
| 189 | dest_entry->e_tag = cpu_to_le16(src_entry->ae_tag); |
| 190 | switch (src_entry->ae_tag) { |
| 191 | case ACL_USER: |
| 192 | case ACL_GROUP: |
| 193 | dest_entry->e_id = cpu_to_le32(src_entry->ae_id); |
| 194 | break; |
| 195 | case ACL_USER_OBJ: |
| 196 | case ACL_GROUP_OBJ: |
| 197 | case ACL_MASK: |
| 198 | case ACL_OTHER: |
| 199 | dest_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID); |
| 200 | break; |
| 201 | default: |
| 202 | return -EINVAL; |
| 203 | } |
| 204 | } |
| 205 | return new_size; |
| 206 | } |
| 207 | |
| 208 | int |
| 209 | xfs_acl_vget( |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 210 | bhv_vnode_t *vp, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 211 | void *acl, |
| 212 | size_t size, |
| 213 | int kind) |
| 214 | { |
| 215 | int error; |
| 216 | xfs_acl_t *xfs_acl = NULL; |
| 217 | posix_acl_xattr_header *ext_acl = acl; |
| 218 | int flags = 0; |
| 219 | |
| 220 | VN_HOLD(vp); |
| 221 | if(size) { |
| 222 | if (!(_ACL_ALLOC(xfs_acl))) { |
| 223 | error = ENOMEM; |
| 224 | goto out; |
| 225 | } |
| 226 | memset(xfs_acl, 0, sizeof(xfs_acl_t)); |
| 227 | } else |
| 228 | flags = ATTR_KERNOVAL; |
| 229 | |
| 230 | xfs_acl_get_attr(vp, xfs_acl, kind, flags, &error); |
| 231 | if (error) |
| 232 | goto out; |
| 233 | |
| 234 | if (!size) { |
| 235 | error = -posix_acl_xattr_size(XFS_ACL_MAX_ENTRIES); |
| 236 | } else { |
| 237 | if (xfs_acl_invalid(xfs_acl)) { |
| 238 | error = EINVAL; |
| 239 | goto out; |
| 240 | } |
| 241 | if (kind == _ACL_TYPE_ACCESS) { |
Nathan Scott | 8285fb5 | 2006-06-09 17:07:12 +1000 | [diff] [blame] | 242 | bhv_vattr_t va; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 243 | |
| 244 | va.va_mask = XFS_AT_MODE; |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 245 | error = bhv_vop_getattr(vp, &va, 0, sys_cred); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 246 | if (error) |
| 247 | goto out; |
| 248 | xfs_acl_sync_mode(va.va_mode, xfs_acl); |
| 249 | } |
| 250 | error = -posix_acl_xfs_to_xattr(xfs_acl, ext_acl, size); |
| 251 | } |
| 252 | out: |
| 253 | VN_RELE(vp); |
| 254 | if(xfs_acl) |
| 255 | _ACL_FREE(xfs_acl); |
| 256 | return -error; |
| 257 | } |
| 258 | |
| 259 | int |
| 260 | xfs_acl_vremove( |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 261 | bhv_vnode_t *vp, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 262 | int kind) |
| 263 | { |
| 264 | int error; |
| 265 | |
| 266 | VN_HOLD(vp); |
| 267 | error = xfs_acl_allow_set(vp, kind); |
| 268 | if (!error) { |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 269 | error = bhv_vop_attr_remove(vp, kind == _ACL_TYPE_DEFAULT? |
| 270 | SGI_ACL_DEFAULT: SGI_ACL_FILE, |
| 271 | ATTR_ROOT, sys_cred); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 272 | if (error == ENOATTR) |
| 273 | error = 0; /* 'scool */ |
| 274 | } |
| 275 | VN_RELE(vp); |
| 276 | return -error; |
| 277 | } |
| 278 | |
| 279 | int |
| 280 | xfs_acl_vset( |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 281 | bhv_vnode_t *vp, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 282 | void *acl, |
| 283 | size_t size, |
| 284 | int kind) |
| 285 | { |
| 286 | posix_acl_xattr_header *ext_acl = acl; |
| 287 | xfs_acl_t *xfs_acl; |
| 288 | int error; |
| 289 | int basicperms = 0; /* more than std unix perms? */ |
| 290 | |
| 291 | if (!acl) |
| 292 | return -EINVAL; |
| 293 | |
| 294 | if (!(_ACL_ALLOC(xfs_acl))) |
| 295 | return -ENOMEM; |
| 296 | |
| 297 | error = posix_acl_xattr_to_xfs(ext_acl, size, xfs_acl); |
| 298 | if (error) { |
| 299 | _ACL_FREE(xfs_acl); |
| 300 | return -error; |
| 301 | } |
| 302 | if (!xfs_acl->acl_cnt) { |
| 303 | _ACL_FREE(xfs_acl); |
| 304 | return 0; |
| 305 | } |
| 306 | |
| 307 | VN_HOLD(vp); |
| 308 | error = xfs_acl_allow_set(vp, kind); |
| 309 | if (error) |
| 310 | goto out; |
| 311 | |
| 312 | /* Incoming ACL exists, set file mode based on its value */ |
| 313 | if (kind == _ACL_TYPE_ACCESS) |
| 314 | xfs_acl_setmode(vp, xfs_acl, &basicperms); |
| 315 | |
| 316 | /* |
| 317 | * If we have more than std unix permissions, set up the actual attr. |
| 318 | * Otherwise, delete any existing attr. This prevents us from |
| 319 | * having actual attrs for permissions that can be stored in the |
| 320 | * standard permission bits. |
| 321 | */ |
| 322 | if (!basicperms) { |
| 323 | xfs_acl_set_attr(vp, xfs_acl, kind, &error); |
| 324 | } else { |
| 325 | xfs_acl_vremove(vp, _ACL_TYPE_ACCESS); |
| 326 | } |
| 327 | |
| 328 | out: |
| 329 | VN_RELE(vp); |
| 330 | _ACL_FREE(xfs_acl); |
| 331 | return -error; |
| 332 | } |
| 333 | |
| 334 | int |
| 335 | xfs_acl_iaccess( |
| 336 | xfs_inode_t *ip, |
| 337 | mode_t mode, |
| 338 | cred_t *cr) |
| 339 | { |
| 340 | xfs_acl_t *acl; |
| 341 | int rval; |
| 342 | |
| 343 | if (!(_ACL_ALLOC(acl))) |
| 344 | return -1; |
| 345 | |
| 346 | /* If the file has no ACL return -1. */ |
| 347 | rval = sizeof(xfs_acl_t); |
| 348 | if (xfs_attr_fetch(ip, SGI_ACL_FILE, SGI_ACL_FILE_SIZE, |
| 349 | (char *)acl, &rval, ATTR_ROOT | ATTR_KERNACCESS, cr)) { |
| 350 | _ACL_FREE(acl); |
| 351 | return -1; |
| 352 | } |
| 353 | xfs_acl_get_endian(acl); |
| 354 | |
| 355 | /* If the file has an empty ACL return -1. */ |
| 356 | if (acl->acl_cnt == XFS_ACL_NOT_PRESENT) { |
| 357 | _ACL_FREE(acl); |
| 358 | return -1; |
| 359 | } |
| 360 | |
| 361 | /* Synchronize ACL with mode bits */ |
| 362 | xfs_acl_sync_mode(ip->i_d.di_mode, acl); |
| 363 | |
| 364 | rval = xfs_acl_access(ip->i_d.di_uid, ip->i_d.di_gid, acl, mode, cr); |
| 365 | _ACL_FREE(acl); |
| 366 | return rval; |
| 367 | } |
| 368 | |
| 369 | STATIC int |
| 370 | xfs_acl_allow_set( |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 371 | bhv_vnode_t *vp, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 372 | int kind) |
| 373 | { |
Nathan Scott | 8285fb5 | 2006-06-09 17:07:12 +1000 | [diff] [blame] | 374 | bhv_vattr_t va; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 375 | int error; |
| 376 | |
| 377 | if (vp->v_inode.i_flags & (S_IMMUTABLE|S_APPEND)) |
| 378 | return EPERM; |
Christoph Hellwig | 0432dab | 2005-09-02 16:46:51 +1000 | [diff] [blame] | 379 | if (kind == _ACL_TYPE_DEFAULT && !VN_ISDIR(vp)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 380 | return ENOTDIR; |
| 381 | if (vp->v_vfsp->vfs_flag & VFS_RDONLY) |
| 382 | return EROFS; |
| 383 | va.va_mask = XFS_AT_UID; |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 384 | error = bhv_vop_getattr(vp, &va, 0, NULL); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 385 | if (error) |
| 386 | return error; |
| 387 | if (va.va_uid != current->fsuid && !capable(CAP_FOWNER)) |
| 388 | return EPERM; |
| 389 | return error; |
| 390 | } |
| 391 | |
| 392 | /* |
| 393 | * The access control process to determine the access permission: |
| 394 | * if uid == file owner id, use the file owner bits. |
| 395 | * if gid == file owner group id, use the file group bits. |
Nathan Scott | c41564b | 2006-03-29 08:55:14 +1000 | [diff] [blame] | 396 | * scan ACL for a matching user or group, and use matched entry |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 397 | * permission. Use total permissions of all matching group entries, |
| 398 | * until all acl entries are exhausted. The final permission produced |
| 399 | * by matching acl entry or entries needs to be & with group permission. |
| 400 | * if not owner, owning group, or matching entry in ACL, use file |
| 401 | * other bits. |
| 402 | */ |
| 403 | STATIC int |
| 404 | xfs_acl_capability_check( |
| 405 | mode_t mode, |
| 406 | cred_t *cr) |
| 407 | { |
| 408 | if ((mode & ACL_READ) && !capable_cred(cr, CAP_DAC_READ_SEARCH)) |
| 409 | return EACCES; |
| 410 | if ((mode & ACL_WRITE) && !capable_cred(cr, CAP_DAC_OVERRIDE)) |
| 411 | return EACCES; |
| 412 | if ((mode & ACL_EXECUTE) && !capable_cred(cr, CAP_DAC_OVERRIDE)) |
| 413 | return EACCES; |
| 414 | |
| 415 | return 0; |
| 416 | } |
| 417 | |
| 418 | /* |
| 419 | * Note: cr is only used here for the capability check if the ACL test fails. |
| 420 | * It is not used to find out the credentials uid or groups etc, as was |
| 421 | * done in IRIX. It is assumed that the uid and groups for the current |
| 422 | * thread are taken from "current" instead of the cr parameter. |
| 423 | */ |
| 424 | STATIC int |
| 425 | xfs_acl_access( |
| 426 | uid_t fuid, |
| 427 | gid_t fgid, |
| 428 | xfs_acl_t *fap, |
| 429 | mode_t md, |
| 430 | cred_t *cr) |
| 431 | { |
| 432 | xfs_acl_entry_t matched; |
| 433 | int i, allows; |
| 434 | int maskallows = -1; /* true, but not 1, either */ |
| 435 | int seen_userobj = 0; |
| 436 | |
| 437 | matched.ae_tag = 0; /* Invalid type */ |
Christoph Hellwig | 5bde1ba | 2005-11-02 15:06:18 +1100 | [diff] [blame] | 438 | matched.ae_perm = 0; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 439 | md >>= 6; /* Normalize the bits for comparison */ |
| 440 | |
| 441 | for (i = 0; i < fap->acl_cnt; i++) { |
| 442 | /* |
| 443 | * Break out if we've got a user_obj entry or |
| 444 | * a user entry and the mask (and have processed USER_OBJ) |
| 445 | */ |
| 446 | if (matched.ae_tag == ACL_USER_OBJ) |
| 447 | break; |
| 448 | if (matched.ae_tag == ACL_USER) { |
| 449 | if (maskallows != -1 && seen_userobj) |
| 450 | break; |
| 451 | if (fap->acl_entry[i].ae_tag != ACL_MASK && |
| 452 | fap->acl_entry[i].ae_tag != ACL_USER_OBJ) |
| 453 | continue; |
| 454 | } |
| 455 | /* True if this entry allows the requested access */ |
| 456 | allows = ((fap->acl_entry[i].ae_perm & md) == md); |
| 457 | |
| 458 | switch (fap->acl_entry[i].ae_tag) { |
| 459 | case ACL_USER_OBJ: |
| 460 | seen_userobj = 1; |
| 461 | if (fuid != current->fsuid) |
| 462 | continue; |
| 463 | matched.ae_tag = ACL_USER_OBJ; |
| 464 | matched.ae_perm = allows; |
| 465 | break; |
| 466 | case ACL_USER: |
| 467 | if (fap->acl_entry[i].ae_id != current->fsuid) |
| 468 | continue; |
| 469 | matched.ae_tag = ACL_USER; |
| 470 | matched.ae_perm = allows; |
| 471 | break; |
| 472 | case ACL_GROUP_OBJ: |
| 473 | if ((matched.ae_tag == ACL_GROUP_OBJ || |
| 474 | matched.ae_tag == ACL_GROUP) && !allows) |
| 475 | continue; |
| 476 | if (!in_group_p(fgid)) |
| 477 | continue; |
| 478 | matched.ae_tag = ACL_GROUP_OBJ; |
| 479 | matched.ae_perm = allows; |
| 480 | break; |
| 481 | case ACL_GROUP: |
| 482 | if ((matched.ae_tag == ACL_GROUP_OBJ || |
| 483 | matched.ae_tag == ACL_GROUP) && !allows) |
| 484 | continue; |
| 485 | if (!in_group_p(fap->acl_entry[i].ae_id)) |
| 486 | continue; |
| 487 | matched.ae_tag = ACL_GROUP; |
| 488 | matched.ae_perm = allows; |
| 489 | break; |
| 490 | case ACL_MASK: |
| 491 | maskallows = allows; |
| 492 | break; |
| 493 | case ACL_OTHER: |
| 494 | if (matched.ae_tag != 0) |
| 495 | continue; |
| 496 | matched.ae_tag = ACL_OTHER; |
| 497 | matched.ae_perm = allows; |
| 498 | break; |
| 499 | } |
| 500 | } |
| 501 | /* |
| 502 | * First possibility is that no matched entry allows access. |
| 503 | * The capability to override DAC may exist, so check for it. |
| 504 | */ |
| 505 | switch (matched.ae_tag) { |
| 506 | case ACL_OTHER: |
| 507 | case ACL_USER_OBJ: |
| 508 | if (matched.ae_perm) |
| 509 | return 0; |
| 510 | break; |
| 511 | case ACL_USER: |
| 512 | case ACL_GROUP_OBJ: |
| 513 | case ACL_GROUP: |
| 514 | if (maskallows && matched.ae_perm) |
| 515 | return 0; |
| 516 | break; |
| 517 | case 0: |
| 518 | break; |
| 519 | } |
| 520 | |
| 521 | return xfs_acl_capability_check(md, cr); |
| 522 | } |
| 523 | |
| 524 | /* |
| 525 | * ACL validity checker. |
| 526 | * This acl validation routine checks each ACL entry read in makes sense. |
| 527 | */ |
| 528 | STATIC int |
| 529 | xfs_acl_invalid( |
| 530 | xfs_acl_t *aclp) |
| 531 | { |
| 532 | xfs_acl_entry_t *entry, *e; |
| 533 | int user = 0, group = 0, other = 0, mask = 0; |
| 534 | int mask_required = 0; |
| 535 | int i, j; |
| 536 | |
| 537 | if (!aclp) |
| 538 | goto acl_invalid; |
| 539 | |
| 540 | if (aclp->acl_cnt > XFS_ACL_MAX_ENTRIES) |
| 541 | goto acl_invalid; |
| 542 | |
| 543 | for (i = 0; i < aclp->acl_cnt; i++) { |
| 544 | entry = &aclp->acl_entry[i]; |
| 545 | switch (entry->ae_tag) { |
| 546 | case ACL_USER_OBJ: |
| 547 | if (user++) |
| 548 | goto acl_invalid; |
| 549 | break; |
| 550 | case ACL_GROUP_OBJ: |
| 551 | if (group++) |
| 552 | goto acl_invalid; |
| 553 | break; |
| 554 | case ACL_OTHER: |
| 555 | if (other++) |
| 556 | goto acl_invalid; |
| 557 | break; |
| 558 | case ACL_USER: |
| 559 | case ACL_GROUP: |
| 560 | for (j = i + 1; j < aclp->acl_cnt; j++) { |
| 561 | e = &aclp->acl_entry[j]; |
| 562 | if (e->ae_id == entry->ae_id && |
| 563 | e->ae_tag == entry->ae_tag) |
| 564 | goto acl_invalid; |
| 565 | } |
| 566 | mask_required++; |
| 567 | break; |
| 568 | case ACL_MASK: |
| 569 | if (mask++) |
| 570 | goto acl_invalid; |
| 571 | break; |
| 572 | default: |
| 573 | goto acl_invalid; |
| 574 | } |
| 575 | } |
| 576 | if (!user || !group || !other || (mask_required && !mask)) |
| 577 | goto acl_invalid; |
| 578 | else |
| 579 | return 0; |
| 580 | acl_invalid: |
| 581 | return EINVAL; |
| 582 | } |
| 583 | |
| 584 | /* |
| 585 | * Do ACL endian conversion. |
| 586 | */ |
| 587 | STATIC void |
| 588 | xfs_acl_get_endian( |
| 589 | xfs_acl_t *aclp) |
| 590 | { |
| 591 | xfs_acl_entry_t *ace, *end; |
| 592 | |
| 593 | INT_SET(aclp->acl_cnt, ARCH_CONVERT, aclp->acl_cnt); |
| 594 | end = &aclp->acl_entry[0]+aclp->acl_cnt; |
| 595 | for (ace = &aclp->acl_entry[0]; ace < end; ace++) { |
| 596 | INT_SET(ace->ae_tag, ARCH_CONVERT, ace->ae_tag); |
| 597 | INT_SET(ace->ae_id, ARCH_CONVERT, ace->ae_id); |
| 598 | INT_SET(ace->ae_perm, ARCH_CONVERT, ace->ae_perm); |
| 599 | } |
| 600 | } |
| 601 | |
| 602 | /* |
| 603 | * Get the ACL from the EA and do endian conversion. |
| 604 | */ |
| 605 | STATIC void |
| 606 | xfs_acl_get_attr( |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 607 | bhv_vnode_t *vp, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 608 | xfs_acl_t *aclp, |
| 609 | int kind, |
| 610 | int flags, |
| 611 | int *error) |
| 612 | { |
| 613 | int len = sizeof(xfs_acl_t); |
| 614 | |
| 615 | ASSERT((flags & ATTR_KERNOVAL) ? (aclp == NULL) : 1); |
| 616 | flags |= ATTR_ROOT; |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 617 | *error = bhv_vop_attr_get(vp, kind == _ACL_TYPE_ACCESS ? |
| 618 | SGI_ACL_FILE : SGI_ACL_DEFAULT, |
| 619 | (char *)aclp, &len, flags, sys_cred); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 620 | if (*error || (flags & ATTR_KERNOVAL)) |
| 621 | return; |
| 622 | xfs_acl_get_endian(aclp); |
| 623 | } |
| 624 | |
| 625 | /* |
| 626 | * Set the EA with the ACL and do endian conversion. |
| 627 | */ |
| 628 | STATIC void |
| 629 | xfs_acl_set_attr( |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 630 | bhv_vnode_t *vp, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 631 | xfs_acl_t *aclp, |
| 632 | int kind, |
| 633 | int *error) |
| 634 | { |
| 635 | xfs_acl_entry_t *ace, *newace, *end; |
| 636 | xfs_acl_t *newacl; |
| 637 | int len; |
| 638 | |
| 639 | if (!(_ACL_ALLOC(newacl))) { |
| 640 | *error = ENOMEM; |
| 641 | return; |
| 642 | } |
| 643 | |
| 644 | len = sizeof(xfs_acl_t) - |
| 645 | (sizeof(xfs_acl_entry_t) * (XFS_ACL_MAX_ENTRIES - aclp->acl_cnt)); |
| 646 | end = &aclp->acl_entry[0]+aclp->acl_cnt; |
| 647 | for (ace = &aclp->acl_entry[0], newace = &newacl->acl_entry[0]; |
| 648 | ace < end; |
| 649 | ace++, newace++) { |
| 650 | INT_SET(newace->ae_tag, ARCH_CONVERT, ace->ae_tag); |
| 651 | INT_SET(newace->ae_id, ARCH_CONVERT, ace->ae_id); |
| 652 | INT_SET(newace->ae_perm, ARCH_CONVERT, ace->ae_perm); |
| 653 | } |
| 654 | INT_SET(newacl->acl_cnt, ARCH_CONVERT, aclp->acl_cnt); |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 655 | *error = bhv_vop_attr_set(vp, kind == _ACL_TYPE_ACCESS ? |
| 656 | SGI_ACL_FILE: SGI_ACL_DEFAULT, |
| 657 | (char *)newacl, len, ATTR_ROOT, sys_cred); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 658 | _ACL_FREE(newacl); |
| 659 | } |
| 660 | |
| 661 | int |
| 662 | xfs_acl_vtoacl( |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 663 | bhv_vnode_t *vp, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 664 | xfs_acl_t *access_acl, |
| 665 | xfs_acl_t *default_acl) |
| 666 | { |
Nathan Scott | 8285fb5 | 2006-06-09 17:07:12 +1000 | [diff] [blame] | 667 | bhv_vattr_t va; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 668 | int error = 0; |
| 669 | |
| 670 | if (access_acl) { |
| 671 | /* |
| 672 | * Get the Access ACL and the mode. If either cannot |
| 673 | * be obtained for some reason, invalidate the access ACL. |
| 674 | */ |
| 675 | xfs_acl_get_attr(vp, access_acl, _ACL_TYPE_ACCESS, 0, &error); |
| 676 | if (!error) { |
| 677 | /* Got the ACL, need the mode... */ |
| 678 | va.va_mask = XFS_AT_MODE; |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 679 | error = bhv_vop_getattr(vp, &va, 0, sys_cred); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 680 | } |
| 681 | |
| 682 | if (error) |
| 683 | access_acl->acl_cnt = XFS_ACL_NOT_PRESENT; |
| 684 | else /* We have a good ACL and the file mode, synchronize. */ |
| 685 | xfs_acl_sync_mode(va.va_mode, access_acl); |
| 686 | } |
| 687 | |
| 688 | if (default_acl) { |
| 689 | xfs_acl_get_attr(vp, default_acl, _ACL_TYPE_DEFAULT, 0, &error); |
| 690 | if (error) |
| 691 | default_acl->acl_cnt = XFS_ACL_NOT_PRESENT; |
| 692 | } |
| 693 | return error; |
| 694 | } |
| 695 | |
| 696 | /* |
| 697 | * This function retrieves the parent directory's acl, processes it |
| 698 | * and lets the child inherit the acl(s) that it should. |
| 699 | */ |
| 700 | int |
| 701 | xfs_acl_inherit( |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 702 | bhv_vnode_t *vp, |
Nathan Scott | 8285fb5 | 2006-06-09 17:07:12 +1000 | [diff] [blame] | 703 | bhv_vattr_t *vap, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 704 | xfs_acl_t *pdaclp) |
| 705 | { |
| 706 | xfs_acl_t *cacl; |
| 707 | int error = 0; |
| 708 | int basicperms = 0; |
| 709 | |
| 710 | /* |
| 711 | * If the parent does not have a default ACL, or it's an |
| 712 | * invalid ACL, we're done. |
| 713 | */ |
| 714 | if (!vp) |
| 715 | return 0; |
| 716 | if (!pdaclp || xfs_acl_invalid(pdaclp)) |
| 717 | return 0; |
| 718 | |
| 719 | /* |
| 720 | * Copy the default ACL of the containing directory to |
| 721 | * the access ACL of the new file and use the mode that |
| 722 | * was passed in to set up the correct initial values for |
| 723 | * the u::,g::[m::], and o:: entries. This is what makes |
| 724 | * umask() "work" with ACL's. |
| 725 | */ |
| 726 | |
| 727 | if (!(_ACL_ALLOC(cacl))) |
| 728 | return ENOMEM; |
| 729 | |
| 730 | memcpy(cacl, pdaclp, sizeof(xfs_acl_t)); |
| 731 | xfs_acl_filter_mode(vap->va_mode, cacl); |
| 732 | xfs_acl_setmode(vp, cacl, &basicperms); |
| 733 | |
| 734 | /* |
| 735 | * Set the Default and Access ACL on the file. The mode is already |
| 736 | * set on the file, so we don't need to worry about that. |
| 737 | * |
| 738 | * If the new file is a directory, its default ACL is a copy of |
| 739 | * the containing directory's default ACL. |
| 740 | */ |
Christoph Hellwig | 0432dab | 2005-09-02 16:46:51 +1000 | [diff] [blame] | 741 | if (VN_ISDIR(vp)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 742 | xfs_acl_set_attr(vp, pdaclp, _ACL_TYPE_DEFAULT, &error); |
| 743 | if (!error && !basicperms) |
| 744 | xfs_acl_set_attr(vp, cacl, _ACL_TYPE_ACCESS, &error); |
| 745 | _ACL_FREE(cacl); |
| 746 | return error; |
| 747 | } |
| 748 | |
| 749 | /* |
| 750 | * Set up the correct mode on the file based on the supplied ACL. This |
| 751 | * makes sure that the mode on the file reflects the state of the |
| 752 | * u::,g::[m::], and o:: entries in the ACL. Since the mode is where |
| 753 | * the ACL is going to get the permissions for these entries, we must |
| 754 | * synchronize the mode whenever we set the ACL on a file. |
| 755 | */ |
| 756 | STATIC int |
| 757 | xfs_acl_setmode( |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 758 | bhv_vnode_t *vp, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 759 | xfs_acl_t *acl, |
| 760 | int *basicperms) |
| 761 | { |
Nathan Scott | 8285fb5 | 2006-06-09 17:07:12 +1000 | [diff] [blame] | 762 | bhv_vattr_t va; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 763 | xfs_acl_entry_t *ap; |
| 764 | xfs_acl_entry_t *gap = NULL; |
| 765 | int i, error, nomask = 1; |
| 766 | |
| 767 | *basicperms = 1; |
| 768 | |
| 769 | if (acl->acl_cnt == XFS_ACL_NOT_PRESENT) |
| 770 | return 0; |
| 771 | |
| 772 | /* |
| 773 | * Copy the u::, g::, o::, and m:: bits from the ACL into the |
| 774 | * mode. The m:: bits take precedence over the g:: bits. |
| 775 | */ |
| 776 | va.va_mask = XFS_AT_MODE; |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 777 | error = bhv_vop_getattr(vp, &va, 0, sys_cred); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 778 | if (error) |
| 779 | return error; |
| 780 | |
| 781 | va.va_mask = XFS_AT_MODE; |
| 782 | va.va_mode &= ~(S_IRWXU|S_IRWXG|S_IRWXO); |
| 783 | ap = acl->acl_entry; |
| 784 | for (i = 0; i < acl->acl_cnt; ++i) { |
| 785 | switch (ap->ae_tag) { |
| 786 | case ACL_USER_OBJ: |
| 787 | va.va_mode |= ap->ae_perm << 6; |
| 788 | break; |
| 789 | case ACL_GROUP_OBJ: |
| 790 | gap = ap; |
| 791 | break; |
| 792 | case ACL_MASK: /* more than just standard modes */ |
| 793 | nomask = 0; |
| 794 | va.va_mode |= ap->ae_perm << 3; |
| 795 | *basicperms = 0; |
| 796 | break; |
| 797 | case ACL_OTHER: |
| 798 | va.va_mode |= ap->ae_perm; |
| 799 | break; |
| 800 | default: /* more than just standard modes */ |
| 801 | *basicperms = 0; |
| 802 | break; |
| 803 | } |
| 804 | ap++; |
| 805 | } |
| 806 | |
| 807 | /* Set the group bits from ACL_GROUP_OBJ if there's no ACL_MASK */ |
| 808 | if (gap && nomask) |
| 809 | va.va_mode |= gap->ae_perm << 3; |
| 810 | |
Nathan Scott | 67fcaa7 | 2006-06-09 17:00:52 +1000 | [diff] [blame] | 811 | return bhv_vop_setattr(vp, &va, 0, sys_cred); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 812 | } |
| 813 | |
| 814 | /* |
| 815 | * The permissions for the special ACL entries (u::, g::[m::], o::) are |
| 816 | * actually stored in the file mode (if there is both a group and a mask, |
| 817 | * the group is stored in the ACL entry and the mask is stored on the file). |
| 818 | * This allows the mode to remain automatically in sync with the ACL without |
| 819 | * the need for a call-back to the ACL system at every point where the mode |
| 820 | * could change. This function takes the permissions from the specified mode |
| 821 | * and places it in the supplied ACL. |
| 822 | * |
| 823 | * This implementation draws its validity from the fact that, when the ACL |
| 824 | * was assigned, the mode was copied from the ACL. |
| 825 | * If the mode did not change, therefore, the mode remains exactly what was |
| 826 | * taken from the special ACL entries at assignment. |
| 827 | * If a subsequent chmod() was done, the POSIX spec says that the change in |
| 828 | * mode must cause an update to the ACL seen at user level and used for |
| 829 | * access checks. Before and after a mode change, therefore, the file mode |
| 830 | * most accurately reflects what the special ACL entries should permit/deny. |
| 831 | * |
| 832 | * CAVEAT: If someone sets the SGI_ACL_FILE attribute directly, |
| 833 | * the existing mode bits will override whatever is in the |
| 834 | * ACL. Similarly, if there is a pre-existing ACL that was |
| 835 | * never in sync with its mode (owing to a bug in 6.5 and |
| 836 | * before), it will now magically (or mystically) be |
| 837 | * synchronized. This could cause slight astonishment, but |
| 838 | * it is better than inconsistent permissions. |
| 839 | * |
| 840 | * The supplied ACL is a template that may contain any combination |
| 841 | * of special entries. These are treated as place holders when we fill |
| 842 | * out the ACL. This routine does not add or remove special entries, it |
| 843 | * simply unites each special entry with its associated set of permissions. |
| 844 | */ |
| 845 | STATIC void |
| 846 | xfs_acl_sync_mode( |
| 847 | mode_t mode, |
| 848 | xfs_acl_t *acl) |
| 849 | { |
| 850 | int i, nomask = 1; |
| 851 | xfs_acl_entry_t *ap; |
| 852 | xfs_acl_entry_t *gap = NULL; |
| 853 | |
| 854 | /* |
| 855 | * Set ACL entries. POSIX1003.1eD16 requires that the MASK |
| 856 | * be set instead of the GROUP entry, if there is a MASK. |
| 857 | */ |
| 858 | for (ap = acl->acl_entry, i = 0; i < acl->acl_cnt; ap++, i++) { |
| 859 | switch (ap->ae_tag) { |
| 860 | case ACL_USER_OBJ: |
| 861 | ap->ae_perm = (mode >> 6) & 0x7; |
| 862 | break; |
| 863 | case ACL_GROUP_OBJ: |
| 864 | gap = ap; |
| 865 | break; |
| 866 | case ACL_MASK: |
| 867 | nomask = 0; |
| 868 | ap->ae_perm = (mode >> 3) & 0x7; |
| 869 | break; |
| 870 | case ACL_OTHER: |
| 871 | ap->ae_perm = mode & 0x7; |
| 872 | break; |
| 873 | default: |
| 874 | break; |
| 875 | } |
| 876 | } |
| 877 | /* Set the ACL_GROUP_OBJ if there's no ACL_MASK */ |
| 878 | if (gap && nomask) |
| 879 | gap->ae_perm = (mode >> 3) & 0x7; |
| 880 | } |
| 881 | |
| 882 | /* |
| 883 | * When inheriting an Access ACL from a directory Default ACL, |
| 884 | * the ACL bits are set to the intersection of the ACL default |
| 885 | * permission bits and the file permission bits in mode. If there |
| 886 | * are no permission bits on the file then we must not give them |
| 887 | * the ACL. This is what what makes umask() work with ACLs. |
| 888 | */ |
| 889 | STATIC void |
| 890 | xfs_acl_filter_mode( |
| 891 | mode_t mode, |
| 892 | xfs_acl_t *acl) |
| 893 | { |
| 894 | int i, nomask = 1; |
| 895 | xfs_acl_entry_t *ap; |
| 896 | xfs_acl_entry_t *gap = NULL; |
| 897 | |
| 898 | /* |
| 899 | * Set ACL entries. POSIX1003.1eD16 requires that the MASK |
| 900 | * be merged with GROUP entry, if there is a MASK. |
| 901 | */ |
| 902 | for (ap = acl->acl_entry, i = 0; i < acl->acl_cnt; ap++, i++) { |
| 903 | switch (ap->ae_tag) { |
| 904 | case ACL_USER_OBJ: |
| 905 | ap->ae_perm &= (mode >> 6) & 0x7; |
| 906 | break; |
| 907 | case ACL_GROUP_OBJ: |
| 908 | gap = ap; |
| 909 | break; |
| 910 | case ACL_MASK: |
| 911 | nomask = 0; |
| 912 | ap->ae_perm &= (mode >> 3) & 0x7; |
| 913 | break; |
| 914 | case ACL_OTHER: |
| 915 | ap->ae_perm &= mode & 0x7; |
| 916 | break; |
| 917 | default: |
| 918 | break; |
| 919 | } |
| 920 | } |
| 921 | /* Set the ACL_GROUP_OBJ if there's no ACL_MASK */ |
| 922 | if (gap && nomask) |
| 923 | gap->ae_perm &= (mode >> 3) & 0x7; |
| 924 | } |