From: Andreas Gruenbacher <agruenba@redhat.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andreas Gruenbacher <agruenba@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
"Theodore Ts'o" <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
"J. Bruce Fields" <bfields@fieldses.org>,
Jeff Layton <jlayton@poochiereds.net>,
Trond Myklebust <trond.myklebust@primarydata.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
Dave Chinner <david@fromorbit.com>,
linux-ext4@vger.kernel.org, xfs@oss.sgi.com,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org,
linux-api@vger.kernel.org
Subject: [PATCH v21 20/22] vfs: Add richacl permission checking
Date: Tue, 10 May 2016 00:02:53 +0200 [thread overview]
Message-ID: <1462831375-23017-21-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1462831375-23017-1-git-send-email-agruenba@redhat.com>
Hook the richacl permission checking function into the vfs.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
---
fs/namei.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 52 insertions(+), 2 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 2b1bf71..5fbe60a 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -35,6 +35,7 @@
#include <linux/fs_struct.h>
#include <linux/posix_acl.h>
#include <linux/hash.h>
+#include <linux/richacl.h>
#include <asm/uaccess.h>
#include "internal.h"
@@ -255,7 +256,43 @@ void putname(struct filename *name)
__putname(name);
}
-static int check_acl(struct inode *inode, int mask)
+static int check_richacl(struct inode *inode, int mask)
+{
+#ifdef CONFIG_FS_RICHACL
+ if (mask & MAY_NOT_BLOCK) {
+ struct base_acl *base_acl;
+
+ base_acl = rcu_dereference(inode->i_acl);
+ if (!base_acl)
+ goto no_acl;
+ /* no ->get_richacl() calls in RCU mode... */
+ if (is_uncached_acl(base_acl))
+ return -ECHILD;
+ return richacl_permission(inode, richacl(base_acl),
+ mask & ~MAY_NOT_BLOCK);
+ } else {
+ struct richacl *acl;
+
+ acl = get_richacl(inode);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int error = richacl_permission(inode, acl, mask);
+ richacl_put(acl);
+ return error;
+ }
+ }
+no_acl:
+#endif
+ if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
+ MAY_CHMOD | MAY_SET_TIMES)) {
+ /* File permission bits cannot grant this. */
+ return -EACCES;
+ }
+ return -EAGAIN;
+}
+
+static int check_posix_acl(struct inode *inode, int mask)
{
#ifdef CONFIG_FS_POSIX_ACL
if (mask & MAY_NOT_BLOCK) {
@@ -293,11 +330,24 @@ static int acl_permission_check(struct inode *inode, int mask)
{
unsigned int mode = inode->i_mode;
+ /*
+ * With POSIX ACLs, the (mode & S_IRWXU) bits exactly match the owner
+ * permissions, and we can skip checking posix acls for the owner.
+ * With richacls, the owner may be granted fewer permissions than the
+ * mode bits seem to suggest (for example, append but not write), and
+ * we always need to check the richacl.
+ */
+
+ if (IS_RICHACL(inode)) {
+ int error = check_richacl(inode, mask);
+ if (error != -EAGAIN)
+ return error;
+ }
if (likely(uid_eq(current_fsuid(), inode->i_uid)))
mode >>= 6;
else {
if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
- int error = check_acl(inode, mask);
+ int error = check_posix_acl(inode, mask);
if (error != -EAGAIN)
return error;
}
--
2.5.5
WARNING: multiple messages have this Message-ID (diff)
From: Andreas Gruenbacher <agruenba@redhat.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: "J. Bruce Fields" <bfields@fieldses.org>,
linux-nfs@vger.kernel.org, Theodore Ts'o <tytso@mit.edu>,
Andreas Gruenbacher <agruenba@redhat.com>,
linux-cifs@vger.kernel.org, linux-api@vger.kernel.org,
Trond Myklebust <trond.myklebust@primarydata.com>,
linux-kernel@vger.kernel.org, xfs@oss.sgi.com,
Christoph Hellwig <hch@infradead.org>,
Andreas Dilger <adilger.kernel@dilger.ca>,
linux-fsdevel@vger.kernel.org,
Jeff Layton <jlayton@poochiereds.net>,
linux-ext4@vger.kernel.org,
Anna Schumaker <anna.schumaker@netapp.com>
Subject: [PATCH v21 20/22] vfs: Add richacl permission checking
Date: Tue, 10 May 2016 00:02:53 +0200 [thread overview]
Message-ID: <1462831375-23017-21-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1462831375-23017-1-git-send-email-agruenba@redhat.com>
Hook the richacl permission checking function into the vfs.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
---
fs/namei.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 52 insertions(+), 2 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 2b1bf71..5fbe60a 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -35,6 +35,7 @@
#include <linux/fs_struct.h>
#include <linux/posix_acl.h>
#include <linux/hash.h>
+#include <linux/richacl.h>
#include <asm/uaccess.h>
#include "internal.h"
@@ -255,7 +256,43 @@ void putname(struct filename *name)
__putname(name);
}
-static int check_acl(struct inode *inode, int mask)
+static int check_richacl(struct inode *inode, int mask)
+{
+#ifdef CONFIG_FS_RICHACL
+ if (mask & MAY_NOT_BLOCK) {
+ struct base_acl *base_acl;
+
+ base_acl = rcu_dereference(inode->i_acl);
+ if (!base_acl)
+ goto no_acl;
+ /* no ->get_richacl() calls in RCU mode... */
+ if (is_uncached_acl(base_acl))
+ return -ECHILD;
+ return richacl_permission(inode, richacl(base_acl),
+ mask & ~MAY_NOT_BLOCK);
+ } else {
+ struct richacl *acl;
+
+ acl = get_richacl(inode);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int error = richacl_permission(inode, acl, mask);
+ richacl_put(acl);
+ return error;
+ }
+ }
+no_acl:
+#endif
+ if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
+ MAY_CHMOD | MAY_SET_TIMES)) {
+ /* File permission bits cannot grant this. */
+ return -EACCES;
+ }
+ return -EAGAIN;
+}
+
+static int check_posix_acl(struct inode *inode, int mask)
{
#ifdef CONFIG_FS_POSIX_ACL
if (mask & MAY_NOT_BLOCK) {
@@ -293,11 +330,24 @@ static int acl_permission_check(struct inode *inode, int mask)
{
unsigned int mode = inode->i_mode;
+ /*
+ * With POSIX ACLs, the (mode & S_IRWXU) bits exactly match the owner
+ * permissions, and we can skip checking posix acls for the owner.
+ * With richacls, the owner may be granted fewer permissions than the
+ * mode bits seem to suggest (for example, append but not write), and
+ * we always need to check the richacl.
+ */
+
+ if (IS_RICHACL(inode)) {
+ int error = check_richacl(inode, mask);
+ if (error != -EAGAIN)
+ return error;
+ }
if (likely(uid_eq(current_fsuid(), inode->i_uid)))
mode >>= 6;
else {
if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
- int error = check_acl(inode, mask);
+ int error = check_posix_acl(inode, mask);
if (error != -EAGAIN)
return error;
}
--
2.5.5
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2016-05-09 22:02 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-09 22:02 [PATCH v21 00/22] Richacls Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 04/22] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 05/22] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 06/22] richacl: In-memory representation and helper functions Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 07/22] richacl: Permission mapping functions Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 08/22] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 09/22] richacl: Permission check algorithm Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 10/22] posix_acl: Improve xattr fixup code Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 11/22] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 12/22] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 13/22] vfs: Cache richacl in struct inode Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 14/22] richacl: Update the file masks in chmod() Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 15/22] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 16/22] richacl: Create-time inheritance Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 17/22] richacl: Automatic Inheritance Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 18/22] richacl: xattr mapping functions Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 19/22] richacl: Add richacl xattr handler Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher [this message]
2016-05-09 22:02 ` [PATCH v21 20/22] vfs: Add richacl permission checking Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 21/22] ext4: Add richacl support Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-09 22:02 ` [PATCH v21 22/22] ext4: Add richacl feature flag Andreas Gruenbacher
2016-05-09 22:02 ` Andreas Gruenbacher
2016-05-10 4:18 ` [PATCH v21 00/22] Richacls Volker Lendecke
2016-05-10 4:18 ` Volker Lendecke
[not found] ` <20160510041809.GB1079-3ekOc4rQMZmzQB+pC5nmwQ@public.gmane.org>
2016-05-10 8:11 ` Jeremy Allison
2016-05-10 8:11 ` Jeremy Allison
2016-05-10 8:11 ` Jeremy Allison
2016-05-10 8:20 ` Volker Lendecke
2016-05-10 8:20 ` Volker Lendecke
2016-05-10 8:20 ` Volker Lendecke
2016-05-10 8:20 ` Volker Lendecke
2016-05-10 15:55 ` Frank Filz
2016-05-10 15:55 ` Frank Filz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1462831375-23017-21-git-send-email-agruenba@redhat.com \
--to=agruenba@redhat.com \
--cc=adilger.kernel@dilger.ca \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=david@fromorbit.com \
--cc=hch@infradead.org \
--cc=jlayton@poochiereds.net \
--cc=linux-api@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.