*/
/*
* This file is part of Lustre, http://www.lustre.org/
- * Lustre is a trademark of Sun Microsystems, Inc.
*
* lustre/mdd/mdd_permission.c
*
#include <lustre_idmap.h>
#include "mdd_internal.h"
-#ifdef CONFIG_FS_POSIX_ACL
+#ifdef CONFIG_LUSTRE_FS_POSIX_ACL
/*
* Hold write_lock for o.
ENTRY;
- lu_buf_check_and_alloc(&mdd_env_info(env)->mti_xattr_buf,
- MIN(mdd_obj2mdd_dev(o)->mdd_dt_conf.ddp_max_ea_size,
- XATTR_SIZE_MAX));
- buf = mdd_env_info(env)->mti_xattr_buf;
+ lu_buf_check_and_alloc(&mdd_env_info(env)->mdi_xattr_buf,
+ min_t(unsigned int,
+ mdd_obj2mdd_dev(o)->mdd_dt_conf.ddp_max_ea_size,
+ XATTR_SIZE_MAX));
+ buf = mdd_env_info(env)->mdi_xattr_buf;
if (buf.lb_buf == NULL)
RETURN(-ENOMEM);
if (rc)
GOTO(stop, rc);
- mdd_write_lock(env, obj, MOR_TGT_CHILD);
+ mdd_write_lock(env, obj, DT_TGT_CHILD);
/* whether ACL can be represented by i_mode only */
if (not_equiv)
rc = mdo_xattr_set(env, obj, buf, XATTR_NAME_ACL_ACCESS, fl,
* Hold read_lock for obj.
*/
static int mdd_check_acl(const struct lu_env *env, struct mdd_object *obj,
- const struct lu_attr *la, int mask)
+ const struct lu_attr *la, unsigned int may_mask)
{
-#ifdef CONFIG_FS_POSIX_ACL
+#ifdef CONFIG_LUSTRE_FS_POSIX_ACL
struct lu_ucred *uc = lu_ucred_assert(env);
posix_acl_xattr_header *head;
posix_acl_xattr_entry *entry;
int rc;
ENTRY;
- lu_buf_check_and_alloc(&mdd_env_info(env)->mti_xattr_buf,
- MIN(mdd_obj2mdd_dev(obj)->mdd_dt_conf.ddp_max_ea_size,
- XATTR_SIZE_MAX));
- buf = mdd_env_info(env)->mti_xattr_buf;
+ lu_buf_check_and_alloc(&mdd_env_info(env)->mdi_xattr_buf,
+ min_t(unsigned int,
+ mdd_obj2mdd_dev(obj)->mdd_dt_conf.ddp_max_ea_size,
+ XATTR_SIZE_MAX));
+ buf = mdd_env_info(env)->mdi_xattr_buf;
if (buf.lb_buf == NULL)
RETURN(-ENOMEM);
if (entry_count <= 0)
RETURN(-EAGAIN);
- rc = lustre_posix_acl_permission(uc, la, mask, entry, entry_count);
+ rc = lustre_posix_acl_permission(uc, la, may_mask, entry, entry_count);
RETURN(rc);
#else
ENTRY;
}
int __mdd_permission_internal(const struct lu_env *env, struct mdd_object *obj,
- const struct lu_attr *la, int mask, int role)
+ const struct lu_attr *la, unsigned int may_mask,
+ int role)
{
struct lu_ucred *uc = lu_ucred(env);
__u32 mode;
int rc;
ENTRY;
- if (mask == 0)
+ if (may_mask == 0)
RETURN(0);
/* These means unnecessary for permission check */
/*
* Nobody gets write access to an immutable file.
*/
- if (mask & MAY_WRITE && la->la_flags & LUSTRE_IMMUTABLE_FL)
+ if ((may_mask & MAY_WRITE) && (la->la_valid & LA_FLAGS) &&
+ (la->la_flags & LUSTRE_IMMUTABLE_FL))
RETURN(-EACCES);
LASSERT(la != NULL);
mode = la->la_mode;
if (uc->uc_fsuid == la->la_uid) {
mode >>= 6;
- } else {
- if (mode & S_IRWXG) {
- if (role != -1)
- mdd_read_lock(env, obj, role);
- rc = mdd_check_acl(env, obj, la, mask);
- if (role != -1)
- mdd_read_unlock(env, obj);
- if (rc == -EACCES)
- goto check_capabilities;
- else if ((rc != -EAGAIN) && (rc != -EOPNOTSUPP) &&
- (rc != -ENODATA))
- RETURN(rc);
- }
- if (lustre_in_group_p(uc, la->la_gid))
- mode >>= 3;
- }
-
- if (((mode & mask & S_IRWXO) == mask))
- RETURN(0);
+ } else {
+ if (mode & S_IRWXG) {
+ if (role != -1)
+ mdd_read_lock(env, obj, role);
+ rc = mdd_check_acl(env, obj, la, may_mask);
+ if (role != -1)
+ mdd_read_unlock(env, obj);
+ if (rc == -EACCES)
+ goto check_capabilities;
+ else if ((rc != -EAGAIN) && (rc != -EOPNOTSUPP) &&
+ (rc != -ENODATA))
+ RETURN(rc);
+ }
+ if (lustre_in_group_p(uc, la->la_gid))
+ mode >>= 3;
+ }
+
+ if (((mode & may_mask & S_IRWXO) == may_mask))
+ RETURN(0);
check_capabilities:
- if (!(mask & MAY_EXEC) ||
+ if (!(may_mask & MAY_EXEC) ||
(la->la_mode & S_IXUGO) || S_ISDIR(la->la_mode))
- if (md_capable(uc, CFS_CAP_DAC_OVERRIDE))
+ if (md_capable(uc, CAP_DAC_OVERRIDE))
RETURN(0);
- if ((mask == MAY_READ) ||
- (S_ISDIR(la->la_mode) && !(mask & MAY_WRITE)))
- if (md_capable(uc, CFS_CAP_DAC_READ_SEARCH))
+ if ((may_mask == MAY_READ) ||
+ (S_ISDIR(la->la_mode) && !(may_mask & MAY_WRITE)))
+ if (md_capable(uc, CAP_DAC_READ_SEARCH))
RETURN(0);
CDEBUG(D_SEC, "permission denied, mode %x, fsuid %u, uid %u\n",
}
int mdd_permission(const struct lu_env *env, struct md_object *pobj,
- struct md_object *cobj, struct md_attr *ma, int mask)
+ struct md_object *cobj, struct md_attr *ma,
+ unsigned int may_mask)
{
struct mdd_object *mdd_pobj = NULL;
struct mdd_object *mdd_cobj;
RETURN(rc);
rc = mdd_permission_internal_locked(env, mdd_cobj, cattr,
- mask & ~MAY_RGETFACL,
- MOR_TGT_CHILD);
+ may_mask & ~MAY_RGETFACL,
+ DT_TGT_CHILD);
- if (unlikely(rc == 0 && (mask & MAY_RGETFACL))) {
+ if (unlikely(rc == 0 && (may_mask & MAY_RGETFACL))) {
if (likely(!uc))
uc = lu_ucred_assert(env);
if (cattr->la_uid != uc->uc_fsuid &&
- !md_capable(uc, CFS_CAP_FOWNER))
+ !md_capable(uc, CAP_FOWNER))
rc = -EPERM;
}