From 91163f69fa88c87830fd6d98a2f13ee474bcda5c Mon Sep 17 00:00:00 2001
From: Li Xi <lixi@ddn.com>
Date: Tue, 4 Mar 2014 16:48:43 +0800
Subject: [PATCH] LU-4704 acl: fix permission problem of setfacl

Setxattr does not check the permission when setting ACL xattrs. This
will cause security problem because any user can walk around
permission checking by changing ACL rules.

Lustre-commit: 42f504ecada81d7a2a8e2244f345e8dbf73fd157
Lustre-change: http://review.whamcloud.com/9473

Signed-off-by: Li Xi <lixi@ddn.com>
Signed-off-by: Bob Glossman <bob.glossman@intel.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Reviewed-by: Emoly Liu <emoly.liu@intel.com>
Change-Id: I5844c5b654afd70fb3b5ee91c024736b377124b0
Reviewed-on: http://review.whamcloud.com/9559
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
---
 lustre/autoconf/lustre-core.m4 | 19 +++++++++++++++++++
 lustre/llite/xattr.c           |  9 +++++++++
 2 files changed, 28 insertions(+)

diff --git a/lustre/autoconf/lustre-core.m4 b/lustre/autoconf/lustre-core.m4
index 8f92859..6aa33f9 100644
--- a/lustre/autoconf/lustre-core.m4
+++ b/lustre/autoconf/lustre-core.m4
@@ -1765,6 +1765,24 @@ LB_LINUX_TRY_COMPILE([
 ])
 
 #
+# 2.6.39 renames is_owner_or_cap to inode_owner_or_capable
+#
+AC_DEFUN([LC_HAVE_INODE_OWNER_OR_CAPABLE],
+[AC_MSG_CHECKING([if inode_owner_or_capable exist])
+LB_LINUX_TRY_COMPILE([
+	#include <linux/fs.h>
+],[
+	inode_owner_or_capable(NULL);
+],[
+	AC_DEFINE(HAVE_INODE_OWNER_OR_CAPABLE, 1,
+		[inode_owner_or_capable exist])
+	AC_MSG_RESULT([yes])
+],[
+	AC_MSG_RESULT([no])
+])
+])
+
+#
 # 3.0 dirty_inode() has a flag parameter
 # see kernel commit aa38572954ade525817fe88c54faebf85e5a61c0
 #
@@ -2376,6 +2394,7 @@ AC_DEFUN([LC_PROG_LINUX],
          # 2.6.39
          LC_REQUEST_QUEUE_UNPLUG_FN
 	 LC_HAVE_FSTYPE_MOUNT
+	 LC_HAVE_INODE_OWNER_OR_CAPABLE
 
 	 # 3.0
 	 LC_DIRTY_INODE_WITH_FLAG
diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c
index 01d54d3..105e534 100644
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -125,6 +125,15 @@ int ll_setxattr_common(struct inode *inode, const char *name,
         if (rc)
                 RETURN(rc);
 
+	if ((xattr_type == XATTR_ACL_ACCESS_T ||
+	     xattr_type == XATTR_ACL_DEFAULT_T) &&
+#ifdef HAVE_INODE_OWNER_OR_CAPABLE
+	    !inode_owner_or_capable(inode))
+#else
+	    !is_owner_or_cap(inode))
+#endif
+		return -EPERM;
+
         /* b10667: ignore lustre special xattr for now */
         if ((xattr_type == XATTR_TRUSTED_T && strcmp(name, "trusted.lov") == 0) ||
             (xattr_type == XATTR_LUSTRE_T && strcmp(name, "lustre.lov") == 0))
-- 
1.8.3.1