Documentation/filesystems/ext2.txt | 16 ++ fs/ext3/Makefile | 2 fs/ext3/inode.c | 3 fs/ext3/iopen.c | 239 +++++++++++++++++++++++++++++++++++++ fs/ext3/iopen.h | 15 ++ fs/ext3/namei.c | 13 ++ fs/ext3/super.c | 11 + include/linux/ext3_fs.h | 2 8 files changed, 300 insertions(+), 1 deletion(-) --- linux-2.6.0-test1/Documentation/filesystems/ext2.txt~iopen-2.6.0 2002-11-11 06:28:06.000000000 +0300 +++ linux-2.6.0-test1-alexey/Documentation/filesystems/ext2.txt 2003-08-24 13:02:02.000000000 +0400 @@ -35,6 +35,22 @@ resgid=n The group ID which may use th sb=n Use alternate superblock at this location. +iopen Makes an invisible pseudo-directory called + __iopen__ available in the root directory + of the filesystem. Allows open-by-inode- + number. i.e., inode 3145 can be accessed + via /mntpt/__iopen__/3145 + +iopen_nopriv This option makes the iopen directory be + world-readable. This may be safer since it + allows daemons to run as an unprivileged user, + however it significantly changes the security + model of a Unix filesystem, since previously + all files under a mode 700 directory were not + generally avilable even if the + permissions on the file itself is + world-readable. + grpquota,noquota,quota,usrquota Quota options are silently ignored by ext2. --- linux-2.6.0-test1/fs/ext3/inode.c~iopen-2.6.0 2003-08-24 13:00:36.000000000 +0400 +++ linux-2.6.0-test1-alexey/fs/ext3/inode.c 2003-08-24 13:02:02.000000000 +0400 @@ -37,6 +37,7 @@ #include #include #include "xattr.h" +#include "iopen.h" #include "acl.h" /* @@ -2477,6 +2478,8 @@ void ext3_read_inode(struct inode * inod ei->i_acl = EXT3_ACL_NOT_CACHED; ei->i_default_acl = EXT3_ACL_NOT_CACHED; #endif + if (ext3_iopen_get_inode(inode)) + return; if (ext3_get_inode_loc(inode, &iloc, 0)) goto bad_inode; bh = iloc.bh; --- /dev/null 2003-01-30 13:24:37.000000000 +0300 +++ linux-2.6.0-test1-alexey/fs/ext3/iopen.c 2003-08-24 13:02:02.000000000 +0400 @@ -0,0 +1,239 @@ + + +/* + * linux/fs/ext3/iopen.c + * + * Special support for open by inode number + * + * Copyright (C) 2001 by Theodore Ts'o (tytso@alum.mit.edu). + * + * This file may be redistributed under the terms of the GNU General + * Public License. + */ + +#include +#include +#include +#include +#include +#include +#include "iopen.h" + +#ifndef assert +#define assert(test) J_ASSERT(test) +#endif + +#define IOPEN_NAME_LEN 32 + +/* + * This implements looking up an inode by number. + */ +static struct dentry *iopen_lookup(struct inode * dir, struct dentry *dentry, struct nameidata *nd) +{ + struct inode * inode; + unsigned long ino; + struct list_head *lp; + struct dentry *alternate; + char buf[IOPEN_NAME_LEN]; + + if (dentry->d_name.len >= IOPEN_NAME_LEN) + return ERR_PTR(-ENAMETOOLONG); + + memcpy(buf, dentry->d_name.name, dentry->d_name.len); + buf[dentry->d_name.len] = 0; + + if (strcmp(buf, ".") == 0) + ino = dir->i_ino; + else if (strcmp(buf, "..") == 0) + ino = EXT3_ROOT_INO; + else + ino = simple_strtoul(buf, 0, 0); + + if ((ino != EXT3_ROOT_INO && + //ino != EXT3_ACL_IDX_INO && + //ino != EXT3_ACL_DATA_INO && + ino < EXT3_FIRST_INO(dir->i_sb)) || + ino > le32_to_cpu(EXT3_SB(dir->i_sb)->s_es->s_inodes_count)) + return ERR_PTR(-ENOENT); + + inode = iget(dir->i_sb, ino); + if (!inode) + return ERR_PTR(-EACCES); + if (is_bad_inode(inode)) { + iput(inode); + return ERR_PTR(-ENOENT); + } + + /* preferrably return a connected dentry */ + spin_lock(&dcache_lock); + list_for_each(lp, &inode->i_dentry) { + alternate = list_entry(lp, struct dentry, d_alias); + assert(!(alternate->d_flags & DCACHE_DISCONNECTED)); + } + + if (!list_empty(&inode->i_dentry)) { + alternate = list_entry(inode->i_dentry.next, + struct dentry, d_alias); + dget_locked(alternate); + alternate->d_vfs_flags |= DCACHE_REFERENCED; + iput(inode); + spin_unlock(&dcache_lock); + return alternate; + } + dentry->d_flags |= DCACHE_DISCONNECTED; + spin_unlock(&dcache_lock); + + d_add(dentry, inode); + return NULL; +} + +#define do_switch(x,y) do { \ + __typeof__ (x) __tmp = x; \ + x = y; y = __tmp; } while (0) + +static inline void switch_names(struct dentry * dentry, struct dentry * target) +{ + const unsigned char *old_name, *new_name; + + memcpy(dentry->d_iname, target->d_iname, DNAME_INLINE_LEN); + old_name = target->d_name.name; + new_name = dentry->d_name.name; + if (old_name == target->d_iname) + old_name = dentry->d_iname; + if (new_name == dentry->d_iname) + new_name = target->d_iname; + target->d_name.name = new_name; + dentry->d_name.name = old_name; +} + + +struct dentry *iopen_connect_dentry(struct dentry *de, struct inode *inode) +{ + struct dentry *tmp, *goal = NULL; + struct list_head *lp; + + /* preferrably return a connected dentry */ + spin_lock(&dcache_lock); + /* verify this dentry is really new */ + assert(!de->d_inode); + assert(list_empty(&de->d_subdirs)); + assert(list_empty(&de->d_alias)); + + + list_for_each(lp, &inode->i_dentry) { + tmp = list_entry(lp, struct dentry, d_alias); + if (tmp->d_flags & DCACHE_DISCONNECTED) { + assert(tmp->d_alias.next == &inode->i_dentry); + assert(tmp->d_alias.prev == &inode->i_dentry); + goal = tmp; + dget_locked(goal); + break; + } + } + + if (!goal) { + spin_unlock(&dcache_lock); + return NULL; + } + + /* Move the goal to the de hash queue */ + goal->d_flags &= ~DCACHE_DISCONNECTED; + hlist_add_before(&goal->d_hash, &de->d_hash); + hlist_del(&goal->d_hash); + + list_del(&goal->d_child); + list_del(&de->d_child); + + /* Switch the parents and the names.. */ + switch_names(goal, de); + do_switch(goal->d_parent, de->d_parent); + do_switch(goal->d_name.len, de->d_name.len); + do_switch(goal->d_name.hash, de->d_name.hash); + + /* And add them back to the (new) parent lists */ + list_add(&goal->d_child, &goal->d_parent->d_subdirs); + list_add(&de->d_child, &de->d_parent->d_subdirs); + + spin_unlock(&dcache_lock); + return goal; +} + +/* + * These are the special structures for the iopen pseudo directory. + */ + +static struct inode_operations iopen_inode_operations = { + lookup: iopen_lookup, /* BKL held */ +}; + +static struct file_operations iopen_file_operations = { + read: generic_read_dir, +}; + +static int match_dentry(struct dentry *dentry, const char *name) +{ + int len; + + len = strlen(name); + if (dentry->d_name.len != len) + return 0; + if (strncmp(dentry->d_name.name, name, len)) + return 0; + return 1; +} + +/* + * This function is spliced into ext3_lookup and returns 1 the file + * name is __iopen__ and dentry has been filled in appropriately. + */ +int ext3_check_for_iopen(struct inode * dir, struct dentry *dentry) +{ + struct inode * inode; + + if (dir->i_ino != EXT3_ROOT_INO || + !test_opt(dir->i_sb, IOPEN) || + !match_dentry(dentry, "__iopen__")) + return 0; + + inode = iget(dir->i_sb, EXT3_BAD_INO); + + if (!inode) + return 0; + d_add(dentry, inode); + return 1; +} + +/* + * This function is spliced into read_inode; it returns 1 if inode + * number is the one for /__iopen__, in which case the inode is filled + * in appropriately. Otherwise, this fuction returns 0. + */ +int ext3_iopen_get_inode(struct inode * inode) +{ + if (inode->i_ino != EXT3_BAD_INO) + return 0; + + inode->i_mode = S_IFDIR | S_IRUSR | S_IXUSR; + if (test_opt(inode->i_sb, IOPEN_NOPRIV)) + inode->i_mode |= 0777; + inode->i_uid = 0; + inode->i_gid = 0; + inode->i_nlink = 1; + inode->i_size = 4096; + inode->i_atime = CURRENT_TIME; + inode->i_ctime = CURRENT_TIME; + inode->i_mtime = CURRENT_TIME; + EXT3_I(inode)->i_dtime = 0; + inode->i_blksize = PAGE_SIZE; /* This is the optimal IO size + * (for stat), not the fs block + * size */ + inode->i_blocks = 0; + inode->i_version = 1; + inode->i_generation = 0; + + inode->i_op = &iopen_inode_operations; + inode->i_fop = &iopen_file_operations; + inode->i_mapping->a_ops = 0; + + return 1; +} --- /dev/null 2003-01-30 13:24:37.000000000 +0300 +++ linux-2.6.0-test1-alexey/fs/ext3/iopen.h 2003-08-24 13:02:02.000000000 +0400 @@ -0,0 +1,15 @@ +/* + * iopen.h + * + * Special support for opening files by inode number. + * + * Copyright (C) 2001 by Theodore Ts'o (tytso@alum.mit.edu). + * + * This file may be redistributed under the terms of the GNU General + * Public License. + */ + +extern int ext3_check_for_iopen(struct inode * dir, struct dentry *dentry); +extern int ext3_iopen_get_inode(struct inode * inode); + + --- linux-2.6.0-test1/fs/ext3/Makefile~iopen-2.6.0 2003-08-24 12:58:32.000000000 +0400 +++ linux-2.6.0-test1-alexey/fs/ext3/Makefile 2003-08-24 13:02:40.000000000 +0400 @@ -5,7 +5,7 @@ obj-$(CONFIG_EXT3_FS) += ext3.o ext3-y := balloc.o bitmap.o dir.o file.o fsync.o ialloc.o inode.o \ - ioctl.o namei.o super.o symlink.o hash.o + iopen.o ioctl.o namei.o super.o symlink.o hash.o ext3-$(CONFIG_EXT3_FS_XATTR) += xattr.o xattr_user.o xattr_trusted.o ext3-$(CONFIG_EXT3_FS_POSIX_ACL) += acl.o --- linux-2.6.0-test1/fs/ext3/namei.c~iopen-2.6.0 2003-07-24 15:52:30.000000000 +0400 +++ linux-2.6.0-test1-alexey/fs/ext3/namei.c 2003-08-24 13:02:02.000000000 +0400 @@ -37,6 +37,7 @@ #include #include #include "xattr.h" +#include "iopen.h" #include "acl.h" /* @@ -970,15 +971,21 @@ errout: } #endif +struct dentry *iopen_connect_dentry(struct dentry *de, struct inode *inode); + static struct dentry *ext3_lookup(struct inode * dir, struct dentry *dentry, struct nameidata *nd) { struct inode * inode; struct ext3_dir_entry_2 * de; struct buffer_head * bh; + struct dentry *alternate = NULL; if (dentry->d_name.len > EXT3_NAME_LEN) return ERR_PTR(-ENAMETOOLONG); + if (ext3_check_for_iopen(dir, dentry)) + return NULL; + bh = ext3_find_entry(dentry, &de); inode = NULL; if (bh) { @@ -991,6 +998,12 @@ static struct dentry *ext3_lookup(struct } if (inode) return d_splice_alias(inode, dentry); + + if (inode && (alternate = iopen_connect_dentry(dentry, inode))) { + iput(inode); + return alternate; + } + d_add(dentry, inode); return NULL; } --- linux-2.6.0-test1/fs/ext3/super.c~iopen-2.6.0 2003-08-24 13:00:36.000000000 +0400 +++ linux-2.6.0-test1-alexey/fs/ext3/super.c 2003-08-24 13:02:02.000000000 +0400 @@ -755,6 +755,17 @@ static int parse_options (char * options || !strcmp (this_char, "quota") || !strcmp (this_char, "usrquota")) /* Don't do anything ;-) */ ; + else if (!strcmp (this_char, "iopen")) { + set_opt (sbi->s_mount_opt, IOPEN); + clear_opt (sbi->s_mount_opt, IOPEN_NOPRIV); + } else if (!strcmp (this_char, "noiopen")) { + clear_opt (sbi->s_mount_opt, IOPEN); + clear_opt (sbi->s_mount_opt, IOPEN_NOPRIV); + } + else if (!strcmp (this_char, "iopen_nopriv")) { + set_opt (sbi->s_mount_opt, IOPEN); + set_opt (sbi->s_mount_opt, IOPEN_NOPRIV); + } else if (!strcmp (this_char, "journal")) { /* @@@ FIXME */ /* Eventually we will want to be able to create --- linux-2.6.0-test1/include/linux/ext3_fs.h~iopen-2.6.0 2003-08-24 12:58:57.000000000 +0400 +++ linux-2.6.0-test1-alexey/include/linux/ext3_fs.h 2003-08-24 13:02:02.000000000 +0400 @@ -324,6 +324,8 @@ struct ext3_inode { #define EXT3_MOUNT_NO_UID32 0x2000 /* Disable 32-bit UIDs */ #define EXT3_MOUNT_XATTR_USER 0x4000 /* Extended user attributes */ #define EXT3_MOUNT_POSIX_ACL 0x8000 /* POSIX Access Control Lists */ +#define EXT3_MOUNT_IOPEN 0x10000 /* Allow access via iopen */ +#define EXT3_MOUNT_IOPEN_NOPRIV 0x20000 /* Make iopen world-readable */ /* Compatibility, for having both ext2_fs.h and ext3_fs.h included at once */ #ifndef _LINUX_EXT2_FS_H _