Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / c435ee34551e1f5a02a253ca8e235287efd2727c / . / fs / afs / security.c
blob: 7cc61c8b748bb4cf921da41208d926509ae0defb [file] [log] [blame]
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]1/* AFS security handling
2 *
3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/init.h>
13#include <linux/slab.h>
14#include <linux/fs.h>
15#include <linux/ctype.h>
Alexey Dobriyane8edc6e2007-05-21 01:22:52 +0400[diff] [blame]16#include <linux/sched.h>
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]17#include <keys/rxrpc-type.h>
18#include "internal.h"
19
20/*
21 * get a key
22 */
23struct key *afs_request_key(struct afs_cell *cell)
24{
25 struct key *key;
26
27 _enter("{%x}", key_serial(cell->anonymous_key));
28
29 _debug("key %s", cell->anonymous_key->description);
30 key = request_key(&key_type_rxrpc, cell->anonymous_key->description,
31 NULL);
32 if (IS_ERR(key)) {
33 if (PTR_ERR(key) != -ENOKEY) {
34 _leave(" = %ld", PTR_ERR(key));
35 return key;
36 }
37
38 /* act as anonymous user */
39 _leave(" = {%x} [anon]", key_serial(cell->anonymous_key));
40 return key_get(cell->anonymous_key);
41 } else {
42 /* act as authorised user */
43 _leave(" = {%x} [auth]", key_serial(key));
44 return key;
45 }
46}
47
48/*
49 * dispose of a permits list
50 */
51void afs_zap_permits(struct rcu_head *rcu)
52{
53 struct afs_permits *permits =
54 container_of(rcu, struct afs_permits, rcu);
55 int loop;
56
57 _enter("{%d}", permits->count);
58
59 for (loop = permits->count - 1; loop >= 0; loop--)
60 key_put(permits->permits[loop].key);
61 kfree(permits);
62}
63
64/*
65 * dispose of a permits list in which all the key pointers have been copied
66 */
67static void afs_dispose_of_permits(struct rcu_head *rcu)
68{
69 struct afs_permits *permits =
70 container_of(rcu, struct afs_permits, rcu);
71
72 _enter("{%d}", permits->count);
73
74 kfree(permits);
75}
76
77/*
78 * get the authorising vnode - this is the specified inode itself if it's a
79 * directory or it's the parent directory if the specified inode is a file or
80 * symlink
81 * - the caller must release the ref on the inode
82 */
83static struct afs_vnode *afs_get_auth_inode(struct afs_vnode *vnode,
84 struct key *key)
85{
86 struct afs_vnode *auth_vnode;
87 struct inode *auth_inode;
88
89 _enter("");
90
91 if (S_ISDIR(vnode->vfs_inode.i_mode)) {
92 auth_inode = igrab(&vnode->vfs_inode);
93 ASSERT(auth_inode != NULL);
94 } else {
95 auth_inode = afs_iget(vnode->vfs_inode.i_sb, key,
David Howells260a9802007-04-26 15:59:35 -0700[diff] [blame]96 &vnode->status.parent, NULL, NULL);
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]97 if (IS_ERR(auth_inode))
David Howellse231c2e2008-02-07 00:15:26 -0800[diff] [blame]98 return ERR_CAST(auth_inode);
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]99 }
100
101 auth_vnode = AFS_FS_I(auth_inode);
102 _leave(" = {%x}", auth_vnode->fid.vnode);
103 return auth_vnode;
104}
105
106/*
107 * clear the permit cache on a directory vnode
108 */
109void afs_clear_permits(struct afs_vnode *vnode)
110{
111 struct afs_permits *permits;
112
David Howells416351f2007-05-09 02:33:45 -0700[diff] [blame]113 _enter("{%x:%u}", vnode->fid.vid, vnode->fid.vnode);
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]114
115 mutex_lock(&vnode->permits_lock);
116 permits = vnode->permits;
Andreea-Cristina Bernatdf8a09d2017-03-16 16:27:45 +0000[diff] [blame]117 RCU_INIT_POINTER(vnode->permits, NULL);
David Howellsc435ee32017-11-02 15:27:49 +0000[diff] [blame^]118 vnode->cb_break++;
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]119 mutex_unlock(&vnode->permits_lock);
120
121 if (permits)
122 call_rcu(&permits->rcu, afs_zap_permits);
123 _leave("");
124}
125
126/*
127 * add the result obtained for a vnode to its or its parent directory's cache
128 * for the key used to access it
129 */
130void afs_cache_permit(struct afs_vnode *vnode, struct key *key, long acl_order)
131{
132 struct afs_permits *permits, *xpermits;
133 struct afs_permit *permit;
134 struct afs_vnode *auth_vnode;
135 int count, loop;
136
David Howells416351f2007-05-09 02:33:45 -0700[diff] [blame]137 _enter("{%x:%u},%x,%lx",
138 vnode->fid.vid, vnode->fid.vnode, key_serial(key), acl_order);
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]139
140 auth_vnode = afs_get_auth_inode(vnode, key);
141 if (IS_ERR(auth_vnode)) {
142 _leave(" [get error %ld]", PTR_ERR(auth_vnode));
143 return;
144 }
145
146 mutex_lock(&auth_vnode->permits_lock);
147
148 /* guard against a rename being detected whilst we waited for the
149 * lock */
150 if (memcmp(&auth_vnode->fid, &vnode->status.parent,
151 sizeof(struct afs_fid)) != 0) {
152 _debug("renamed");
153 goto out_unlock;
154 }
155
156 /* have to be careful as the directory's callback may be broken between
157 * us receiving the status we're trying to cache and us getting the
158 * lock to update the cache for the status */
159 if (auth_vnode->acl_order - acl_order > 0) {
160 _debug("ACL changed?");
161 goto out_unlock;
162 }
163
164 /* always update the anonymous mask */
165 _debug("anon access %x", vnode->status.anon_access);
166 auth_vnode->status.anon_access = vnode->status.anon_access;
167 if (key == vnode->volume->cell->anonymous_key)
168 goto out_unlock;
169
170 xpermits = auth_vnode->permits;
171 count = 0;
172 if (xpermits) {
173 /* see if the permit is already in the list
174 * - if it is then we just amend the list
175 */
176 count = xpermits->count;
177 permit = xpermits->permits;
178 for (loop = count; loop > 0; loop--) {
179 if (permit->key == key) {
180 permit->access_mask =
181 vnode->status.caller_access;
182 goto out_unlock;
183 }
184 permit++;
185 }
186 }
187
188 permits = kmalloc(sizeof(*permits) + sizeof(*permit) * (count + 1),
189 GFP_NOFS);
190 if (!permits)
191 goto out_unlock;
192
Dan Carpenter99b437a2010-03-22 13:07:14 +0000[diff] [blame]193 if (xpermits)
194 memcpy(permits->permits, xpermits->permits,
195 count * sizeof(struct afs_permit));
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]196
197 _debug("key %x access %x",
198 key_serial(key), vnode->status.caller_access);
199 permits->permits[count].access_mask = vnode->status.caller_access;
200 permits->permits[count].key = key_get(key);
201 permits->count = count + 1;
202
203 rcu_assign_pointer(auth_vnode->permits, permits);
204 if (xpermits)
205 call_rcu(&xpermits->rcu, afs_dispose_of_permits);
206
207out_unlock:
208 mutex_unlock(&auth_vnode->permits_lock);
209 iput(&auth_vnode->vfs_inode);
210 _leave("");
211}
212
213/*
214 * check with the fileserver to see if the directory or parent directory is
215 * permitted to be accessed with this authorisation, and if so, what access it
216 * is granted
217 */
218static int afs_check_permit(struct afs_vnode *vnode, struct key *key,
219 afs_access_t *_access)
220{
221 struct afs_permits *permits;
222 struct afs_permit *permit;
223 struct afs_vnode *auth_vnode;
224 bool valid;
225 int loop, ret;
226
David Howells416351f2007-05-09 02:33:45 -0700[diff] [blame]227 _enter("{%x:%u},%x",
228 vnode->fid.vid, vnode->fid.vnode, key_serial(key));
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]229
230 auth_vnode = afs_get_auth_inode(vnode, key);
231 if (IS_ERR(auth_vnode)) {
232 *_access = 0;
233 _leave(" = %ld", PTR_ERR(auth_vnode));
234 return PTR_ERR(auth_vnode);
235 }
236
237 ASSERT(S_ISDIR(auth_vnode->vfs_inode.i_mode));
238
239 /* check the permits to see if we've got one yet */
240 if (key == auth_vnode->volume->cell->anonymous_key) {
241 _debug("anon");
242 *_access = auth_vnode->status.anon_access;
243 valid = true;
244 } else {
245 valid = false;
246 rcu_read_lock();
247 permits = rcu_dereference(auth_vnode->permits);
248 if (permits) {
249 permit = permits->permits;
250 for (loop = permits->count; loop > 0; loop--) {
251 if (permit->key == key) {
252 _debug("found in cache");
253 *_access = permit->access_mask;
254 valid = true;
255 break;
256 }
257 permit++;
258 }
259 }
260 rcu_read_unlock();
261 }
262
263 if (!valid) {
264 /* check the status on the file we're actually interested in
265 * (the post-processing will cache the result on auth_vnode) */
266 _debug("no valid permit");
267
David Howellsc435ee32017-11-02 15:27:49 +0000[diff] [blame^]268 ret = afs_vnode_fetch_status(vnode, auth_vnode, key, true);
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]269 if (ret < 0) {
270 iput(&auth_vnode->vfs_inode);
271 *_access = 0;
272 _leave(" = %d", ret);
273 return ret;
274 }
David Howells416351f2007-05-09 02:33:45 -0700[diff] [blame]275 *_access = vnode->status.caller_access;
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]276 }
277
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]278 iput(&auth_vnode->vfs_inode);
279 _leave(" = 0 [access %x]", *_access);
280 return 0;
281}
282
283/*
284 * check the permissions on an AFS file
285 * - AFS ACLs are attached to directories only, and a file is controlled by its
286 * parent directory's ACL
287 */
Al Viro10556cb2011-06-20 19:28:19 -0400[diff] [blame]288int afs_permission(struct inode *inode, int mask)
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]289{
290 struct afs_vnode *vnode = AFS_FS_I(inode);
Andrew Morton69759452008-02-08 04:20:53 -0800[diff] [blame]291 afs_access_t uninitialized_var(access);
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]292 struct key *key;
293 int ret;
294
Al Viro10556cb2011-06-20 19:28:19 -0400[diff] [blame]295 if (mask & MAY_NOT_BLOCK)
Nick Pigginb74c79e2011-01-07 17:49:58 +1100[diff] [blame]296 return -ECHILD;
297
David Howells416351f2007-05-09 02:33:45 -0700[diff] [blame]298 _enter("{{%x:%u},%lx},%x,",
David Howells260a9802007-04-26 15:59:35 -0700[diff] [blame]299 vnode->fid.vid, vnode->fid.vnode, vnode->flags, mask);
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]300
301 key = afs_request_key(vnode->volume->cell);
302 if (IS_ERR(key)) {
303 _leave(" = %ld [key]", PTR_ERR(key));
304 return PTR_ERR(key);
305 }
306
David Howellsc435ee32017-11-02 15:27:49 +0000[diff] [blame^]307 ret = afs_validate(vnode, key);
308 if (ret < 0)
309 goto error;
David Howells260a9802007-04-26 15:59:35 -0700[diff] [blame]310
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]311 /* check the permits to see if we've got one yet */
312 ret = afs_check_permit(vnode, key, &access);
David Howells260a9802007-04-26 15:59:35 -0700[diff] [blame]313 if (ret < 0)
314 goto error;
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]315
316 /* interpret the access mask */
317 _debug("REQ %x ACC %x on %s",
318 mask, access, S_ISDIR(inode->i_mode) ? "dir" : "file");
319
320 if (S_ISDIR(inode->i_mode)) {
321 if (mask & MAY_EXEC) {
322 if (!(access & AFS_ACE_LOOKUP))
323 goto permission_denied;
324 } else if (mask & MAY_READ) {
Marc Dionnefd249822017-07-06 15:50:18 +0100[diff] [blame]325 if (!(access & AFS_ACE_LOOKUP))
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]326 goto permission_denied;
327 } else if (mask & MAY_WRITE) {
328 if (!(access & (AFS_ACE_DELETE | /* rmdir, unlink, rename from */
Marc Dionnefd249822017-07-06 15:50:18 +0100[diff] [blame]329 AFS_ACE_INSERT))) /* create, mkdir, symlink, rename to */
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]330 goto permission_denied;
331 } else {
332 BUG();
333 }
334 } else {
335 if (!(access & AFS_ACE_LOOKUP))
336 goto permission_denied;
Marc Dionne627f4692017-03-16 16:27:44 +0000[diff] [blame]337 if ((mask & MAY_EXEC) && !(inode->i_mode & S_IXUSR))
338 goto permission_denied;
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]339 if (mask & (MAY_EXEC | MAY_READ)) {
340 if (!(access & AFS_ACE_READ))
341 goto permission_denied;
Marc Dionne627f4692017-03-16 16:27:44 +0000[diff] [blame]342 if (!(inode->i_mode & S_IRUSR))
343 goto permission_denied;
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]344 } else if (mask & MAY_WRITE) {
345 if (!(access & AFS_ACE_WRITE))
346 goto permission_denied;
Marc Dionne627f4692017-03-16 16:27:44 +0000[diff] [blame]347 if (!(inode->i_mode & S_IWUSR))
348 goto permission_denied;
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]349 }
350 }
351
352 key_put(key);
David Howells260a9802007-04-26 15:59:35 -0700[diff] [blame]353 _leave(" = %d", ret);
354 return ret;
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]355
356permission_denied:
David Howells260a9802007-04-26 15:59:35 -0700[diff] [blame]357 ret = -EACCES;
358error:
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]359 key_put(key);
David Howells260a9802007-04-26 15:59:35 -0700[diff] [blame]360 _leave(" = %d", ret);
361 return ret;
David Howells00d3b7a2007-04-26 15:57:07 -0700[diff] [blame]362}