*
* cfs_kernel_cap_t
*/
-cfs_kernel_cap_t cfs_curproc_cap_get(void);
-void cfs_curproc_cap_set(cfs_kernel_cap_t cap);
#endif
+typedef __u32 cfs_cap_t;
+
+#define CFS_CAP_CHOWN 0
+#define CFS_CAP_DAC_OVERRIDE 1
+#define CFS_CAP_DAC_READ_SEARCH 2
+#define CFS_CAP_FOWNER 3
+#define CFS_CAP_FSETID 4
+#define CFS_CAP_LINUX_IMMUTABLE 9
+#define CFS_CAP_SYS_ADMIN 21
+#define CFS_CAP_SYS_BOOT 23
+#define CFS_CAP_SYS_RESOURCE 24
+
+#define CFS_CAP_FS_MASK ((1 << CFS_CAP_CHOWN) | \
+ (1 << CFS_CAP_DAC_OVERRIDE) | \
+ (1 << CFS_CAP_DAC_READ_SEARCH) | \
+ (1 << CFS_CAP_FOWNER) | \
+ (1 << CFS_CAP_FSETID ) | \
+ (1 << CFS_CAP_LINUX_IMMUTABLE) | \
+ (1 << CFS_CAP_SYS_ADMIN) | \
+ (1 << CFS_CAP_SYS_BOOT) | \
+ (1 << CFS_CAP_SYS_RESOURCE))
+
+void cfs_cap_raise(cfs_cap_t cap);
+void cfs_cap_lower(cfs_cap_t cap);
+int cfs_cap_raised(cfs_cap_t cap);
+cfs_cap_t cfs_curproc_cap_pack(void);
+void cfs_curproc_cap_unpack(cfs_cap_t cap);
+int cfs_capable(cfs_cap_t cap);
+
/* __LIBCFS_CURPROC_H__ */
#endif
/*
#define lock_kernel() do {} while(0)
#define unlock_kernel() do {} while(0)
-#define CAP_SYS_BOOT 0
-#define CAP_SYS_ADMIN 1
-#define capable(a) ((a) == CAP_SYS_BOOT ? is_suser(): is_suser1())
-
#define USERMODEHELPER(path, argv, envp) (0)
#define cfs_module(name, version, init, fini) \
/*
* XNU has no capabilities
*/
-typedef int cfs_kernel_cap_t;
+typedef __u32 cfs_kernel_cap_t;
#ifdef __KERNEL__
enum {
#define lock_kernel() do {} while(0)
#define unlock_kernel() do {} while(0)
-#define CAP_SYS_ADMIN 0
-#define CAP_SYS_ROOT 1
-
-#define capable(a) (TRUE)
-
#define USERMODEHELPER(path, argv, envp) (0)
#endif
}
-cfs_kernel_cap_t cfs_curproc_cap_get(void)
+void cfs_cap_raise(cfs_cap_t cap) {}
+void cfs_cap_lower(cfs_cap_t cap) {}
+
+int cfs_cap_raised(cfs_cap_t cap)
{
+ return 1;
+}
+
+cfs_cap_t cfs_curproc_cap_pack(void) {
return -1;
}
-void cfs_curproc_cap_set(cfs_kernel_cap_t cap)
-{
- return;
+void cfs_curproc_cap_unpack(cfs_cap_t cap) {
}
+int cfs_capable(cfs_cap_t cap)
+{
+ return cap == CFS_CAP_SYS_BOOT ? is_suser(): is_suser1();
+}
/*
* Local variables:
return current->comm;
}
-cfs_kernel_cap_t cfs_curproc_cap_get(void)
+/* Currently all the CFS_CAP_* defines match CAP_* ones. */
+#define cfs_cap_pack(cap) (cap)
+#define cfs_cap_unpack(cap) (cap)
+
+void cfs_cap_raise(cfs_cap_t cap)
+{
+ cap_raise(cfs_current()->cap_effective, cfs_cap_unpack(cap));
+}
+
+void cfs_cap_lower(cfs_cap_t cap)
{
- return current->cap_effective;
+ cap_lower(cfs_current()->cap_effective, cfs_cap_unpack(cap));
+}
+
+int cfs_cap_raised(cfs_cap_t cap)
+{
+ return cap_raised(cfs_current()->cap_effective, cfs_cap_unpack(cap));
+}
+
+cfs_cap_t cfs_curproc_cap_pack(void) {
+#if _LINUX_CAPABILITY_VERSION == 0x19980330
+ return cfs_cap_pack(current->cap_effective);
+#elif _LINUX_CAPABILITY_VERSION == 0x20071026
+ return cfs_cap_pack(current->cap_effective[0]);
+#else
+ #error "need correct _LINUX_CAPABILITY_VERSION "
+#endif
+}
+
+void cfs_curproc_cap_unpack(cfs_cap_t cap) {
+#if _LINUX_CAPABILITY_VERSION == 0x19980330
+ current->cap_effective = cfs_cap_unpack(cap);
+#elif _LINUX_CAPABILITY_VERSION == 0x20071026
+ current->cap_effective[0] = cfs_cap_unpack(cap);
+#else
+ #error "need correct _LINUX_CAPABILITY_VERSION "
+#endif
}
-void cfs_curproc_cap_set(cfs_kernel_cap_t cap)
+int cfs_capable(cfs_cap_t cap)
{
- current->cap_effective = cap;
+ return capable(cfs_cap_unpack(cap));
}
EXPORT_SYMBOL(cfs_curproc_uid);
EXPORT_SYMBOL(cfs_curproc_groups_nr);
EXPORT_SYMBOL(cfs_curproc_groups_dump);
EXPORT_SYMBOL(cfs_curproc_is_in_groups);
-EXPORT_SYMBOL(cfs_curproc_cap_get);
-EXPORT_SYMBOL(cfs_curproc_cap_set);
+EXPORT_SYMBOL(cfs_cap_raise);
+EXPORT_SYMBOL(cfs_cap_lower);
+EXPORT_SYMBOL(cfs_cap_raised);
+EXPORT_SYMBOL(cfs_curproc_cap_pack);
+EXPORT_SYMBOL(cfs_curproc_cap_unpack);
+EXPORT_SYMBOL(cfs_capable);
/*
* Local variables:
/* Handle platform-dependent IOC requests */
switch (cmd) {
case IOC_LIBCFS_PANIC:
- if (!capable (CAP_SYS_BOOT))
+ if (!cfs_capable(CFS_CAP_SYS_BOOT))
return (-EPERM);
panic("debugctl-invoked panic");
return (0);
case IOC_LIBCFS_MEMHOG:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
return -EPERM;
/* go thought */
}
* trying to determine the string length, so we're trusting our
* caller... */
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
return (-EPERM);
if (user_size > 0 &&
int i;
int j;
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
return (-EPERM);
if (!enable) {
int i;
int j;
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
return (-EPERM);
*ncpu = num_online_cpus();
return this_task.comm;
}
-cfs_kernel_cap_t cfs_curproc_cap_get(void)
+void cfs_cap_raise(cfs_cap_t cap)
{
- return this_task.cap_effective;
+ this_task.cap_effective |= (1 << cap);
}
-void cfs_curproc_cap_set(cfs_kernel_cap_t cap)
+void cfs_cap_lower(cfs_cap_t cap)
{
- this_task.cap_effective = cap;
+ this_task.cap_effective &= ~(1 << cap);
}
+int cfs_cap_raised(cfs_cap_t cap)
+{
+ return this_task.cap_effective & (1 << cap);
+}
+
+cfs_cap_t cfs_curproc_cap_pack(void) {
+ return this_task.cap_effective;
+}
+
+void cfs_curproc_cap_unpack(cfs_cap_t cap) {
+ this_task.cap_effective = cap;
+}
+
+int cfs_capable(cfs_cap_t cap)
+{
+ return TRUE;
+}
/*
* Implementation of linux task management routines
EXPORT_SYMBOL(cfs_curproc_groups_nr);
EXPORT_SYMBOL(cfs_curproc_groups_dump);
EXPORT_SYMBOL(cfs_curproc_is_in_groups);
-EXPORT_SYMBOL(cfs_curproc_cap_get);
-EXPORT_SYMBOL(cfs_curproc_cap_set);
+EXPORT_SYMBOL(cfs_cap_raise);
+EXPORT_SYMBOL(cfs_cap_lower);
+EXPORT_SYMBOL(cfs_cap_raised);
+EXPORT_SYMBOL(cfs_curproc_cap_pack);
+EXPORT_SYMBOL(cfs_curproc_cap_unpack);
+EXPORT_SYMBOL(cfs_capable);
/* Handle platform-dependent IOC requests */
switch (cmd) {
case IOC_LIBCFS_PANIC:
- if (!capable (CAP_SYS_BOOT))
+ if (!cfs_capable(CFS_CAP_SYS_BOOT))
return (-EPERM);
CERROR(("debugctl-invoked panic"));
KeBugCheckEx('LUFS', (ULONG_PTR)libcfs_ioctl, (ULONG_PTR)NULL, (ULONG_PTR)NULL, (ULONG_PTR)NULL);
return (0);
case IOC_LIBCFS_MEMHOG:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
return -EPERM;
break;
}
} else {
mci->mci_opdata.op_fsuid = la->la_uid;
mci->mci_opdata.op_fsgid = la->la_gid;
- mci->mci_opdata.op_cap = current->cap_effective;
+ mci->mci_opdata.op_cap = cfs_curproc_cap_pack();
mci->mci_opdata.op_suppgids[0] =
mci->mci_opdata.op_suppgids[1] = -1;
}
int rc, symlen;
uid_t uid;
gid_t gid;
- __u32 cap;
+ cfs_cap_t cap;
ENTRY;
LASSERT(S_ISDIR(la->la_mode));
} else {
mci->mci_opdata.op_fsuid = la->la_uid;
mci->mci_opdata.op_fsgid = la->la_gid;
- mci->mci_opdata.op_cap = current->cap_effective;
+ mci->mci_opdata.op_cap = cfs_curproc_cap_pack();
mci->mci_opdata.op_suppgids[0] =
mci->mci_opdata.op_suppgids[1] = -1;
}
} else {
mci->mci_opdata.op_fsuid = la->la_uid;
mci->mci_opdata.op_fsgid = la->la_gid;
- mci->mci_opdata.op_cap = current->cap_effective;
+ mci->mci_opdata.op_cap = cfs_curproc_cap_pack();
mci->mci_opdata.op_suppgids[0] = -1;
}
} else {
mci->mci_opdata.op_fsuid = la->la_uid;
mci->mci_opdata.op_fsgid = la->la_gid;
- mci->mci_opdata.op_cap = current->cap_effective;
+ mci->mci_opdata.op_cap = cfs_curproc_cap_pack();
mci->mci_opdata.op_suppgids[0] =
mci->mci_opdata.op_suppgids[1] = -1;
}
struct lvfs_ucred {
__u32 luc_fsuid;
__u32 luc_fsgid;
- __u32 luc_cap;
+ cfs_kernel_cap_t luc_cap;
__u32 luc_uid;
__u32 luc_umask;
};
extern struct task_struct *current;
int in_group_p(gid_t gid);
-static inline int capable(int cap)
-{
- if (current->cap_effective & (1 << cap))
- return 1;
- else
- return 0;
-}
#define set_current_state(foo) do { current->state = foo; } while (0)
CAP_SET=1
} cap_flag_value_t;
-#define CAP_DAC_OVERRIDE 1
-#define CAP_DAC_READ_SEARCH 2
-#define CAP_FOWNER 3
-#define CAP_FSETID 4
-#define CAP_SYS_ADMIN 21
-
cap_t cap_get_proc(void);
int cap_get_flag(cap_t, cap_value_t, cap_flag_t, cap_flag_value_t *);
__u32 luc_gid;
__u32 luc_fsuid;
__u32 luc_fsgid;
- __u32 luc_cap;
+ cfs_kernel_cap_t luc_cap;
__u32 luc_umask;
struct group_info *luc_ginfo;
struct md_identity *luc_identity;
extern void llog_recov_thread_stop(struct llog_commit_master *lcm,
int force);
-#ifndef __KERNEL__
-
-#define cap_raise(c, flag) do {} while(0)
-
-#define CAP_SYS_RESOURCE 24
-
-#endif /* !__KERNEL__ */
-
static inline void llog_gen_init(struct llog_ctxt *ctxt)
{
struct obd_device *obd = ctxt->loc_exp->exp_obd;
int numcookies, void *buf, int idx)
{
struct llog_operations *lop;
- __u32 cap;
- int rc, buflen;
+ int raised, rc, buflen;
ENTRY;
rc = llog_handle2ops(handle, &lop);
buflen = rec->lrh_len;
LASSERT(size_round(buflen) == buflen);
- cap = current->cap_effective;
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ raised = cfs_cap_raised(CFS_CAP_SYS_RESOURCE);
+ if (!raised)
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
rc = lop->lop_write_rec(handle, rec, logcookies, numcookies, buf, idx);
- current->cap_effective = cap;
+ if (!raised)
+ cfs_cap_lower(CFS_CAP_SYS_RESOURCE);
RETURN(rc);
}
struct llog_logid *logid, char *name)
{
struct llog_operations *lop;
- __u32 cap;
- int rc;
+ int raised, rc;
ENTRY;
rc = llog_obd2ops(ctxt, &lop);
if (lop->lop_create == NULL)
RETURN(-EOPNOTSUPP);
- cap = current->cap_effective;
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ raised = cfs_cap_raised(CFS_CAP_SYS_RESOURCE);
+ if (!raised)
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
rc = lop->lop_create(ctxt, res, logid, name);
- current->cap_effective = cap;
+ if (!raised)
+ cfs_cap_lower(CFS_CAP_SYS_RESOURCE);
RETURN(rc);
}
__u32 mu_fsuid;
__u32 mu_fsgid;
__u32 mu_suppgids[2];
- __u32 mu_cap;
+ cfs_cap_t mu_cap;
__u32 mu_umask;
struct group_info *mu_ginfo;
struct md_identity *mu_identity;
__u32 op_suppgids[2];
__u32 op_fsuid;
__u32 op_fsgid;
- __u32 op_cap;
+ cfs_cap_t op_cap;
void *op_data;
/* iattr fields and blocks. */
int (*m_close)(struct obd_export *, struct md_op_data *,
struct md_open_data *, struct ptlrpc_request **);
int (*m_create)(struct obd_export *, struct md_op_data *,
- const void *, int, int, __u32, __u32, __u32,
+ const void *, int, int, __u32, __u32, cfs_cap_t,
__u64, struct ptlrpc_request **);
int (*m_done_writing)(struct obd_export *, struct md_op_data *,
struct md_open_data *);
static inline int md_create(struct obd_export *exp, struct md_op_data *op_data,
const void *data, int datalen, int mode, __u32 uid,
- __u32 gid, __u32 cap_effective, __u64 rdev,
+ __u32 gid, cfs_cap_t cap_effective, __u64 rdev,
struct ptlrpc_request **request)
{
int rc;
return 0;
}
+void cfs_cap_raise(cfs_cap_t cap)
+{
+ current->cap_effective |= (1 << cap);
+}
+
+void cfs_cap_lower(cfs_cap_t cap)
+{
+ current->cap_effective &= ~(1 << cap);
+}
+
+int cfs_cap_raised(cfs_cap_t cap)
+{
+ return current->cap_effective & (1 << cap);
+}
+
+cfs_cap_t cfs_curproc_cap_pack(void) {
+ return cfs_current()->cap_effective;
+}
+
+void cfs_curproc_cap_unpack(cfs_cap_t cap) {
+ cfs_current()->cap_effective = cap;
+}
+
+int cfs_capable(cfs_cap_t cap)
+{
+ return cfs_cap_raised(cap);
+}
+
int init_lib_portals()
{
int rc;
if ((mask & (MAY_READ|MAY_WRITE)) ||
(st->st_mode & S_IXUGO))
- if (capable(CAP_DAC_OVERRIDE))
+ if (cfs_capable(CFS_CAP_DAC_OVERRIDE))
return 0;
if (mask == MAY_READ ||
(S_ISDIR(st->st_mode) && !(mask & MAY_WRITE))) {
- if (capable(CAP_DAC_READ_SEARCH))
+ if (cfs_capable(CFS_CAP_DAC_READ_SEARCH))
return 0;
}
st->st_ctime = attr->ia_ctime;
if (ia_valid & ATTR_MODE) {
st->st_mode = attr->ia_mode;
- if (!in_group_p(st->st_gid) && !capable(CAP_FSETID))
+ if (!in_group_p(st->st_gid) && !cfs_capable(CFS_CAP_FSETID))
st->st_mode &= ~S_ISGID;
}
/* mark_inode_dirty(inode); */
} else {
/* from inode_change_ok() */
if (current->fsuid != st->st_uid &&
- !capable(CAP_FOWNER))
+ !cfs_capable(CFS_CAP_FOWNER))
RETURN(-EPERM);
}
}
llu_prep_md_op_data(&op_data, dir, NULL, name, len, 0,
LUSTRE_OPC_SYMLINK);
- err = md_create(sbi->ll_md_exp, &op_data,
- tgt, strlen(tgt) + 1, S_IFLNK | S_IRWXUGO,
- current->fsuid, current->fsgid, current->cap_effective,
- 0, &request);
+ err = md_create(sbi->ll_md_exp, &op_data, tgt, strlen(tgt) + 1,
+ S_IFLNK | S_IRWXUGO, current->fsuid, current->fsgid,
+ cfs_curproc_cap_pack(), 0, &request);
ptlrpc_req_finished(request);
liblustre_wait_event(0);
RETURN(err);
err = md_create(sbi->ll_md_exp, &op_data, NULL, 0, mode,
current->fsuid, current->fsgid,
- current->cap_effective, dev, &request);
+ cfs_curproc_cap_pack(), dev, &request);
ptlrpc_req_finished(request);
break;
case S_IFDIR:
err = md_create(llu_i2sbi(dir)->ll_md_exp, &op_data, NULL, 0,
mode | S_IFDIR, current->fsuid, current->fsgid,
- current->cap_effective, 0, &request);
+ cfs_curproc_cap_pack(), 0, &request);
ptlrpc_req_finished(request);
liblustre_wait_event(0);
RETURN(err);
struct obd_quotactl *oqctl;
int rc, error = 0;
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
OBD_ALLOC_PTR(oqctl);
struct if_quotacheck *check;
int rc;
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
OBD_ALLOC_PTR(check);
case Q_QUOTAOFF:
case Q_SETQUOTA:
case Q_SETINFO:
- if (!capable(CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO(out_quotactl, rc = -EPERM);
break;
case Q_GETQUOTA:
if (((type == USRQUOTA && current->euid != id) ||
(type == GRPQUOTA && !in_egroup_p(id))) &&
- !capable(CAP_SYS_ADMIN))
+ !cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO(out_quotactl, rc = -EPERM);
/* XXX: dqb_valid is borrowed as a flag to mark that
struct lov_stripe_md *lsm, *lsm2;
ENTRY;
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
rc = copy_from_user(&ucreatp, (struct ll_recreate_obj *)arg,
int rc;
ENTRY;
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
RETURN(-EPERM);
OBD_ALLOC(lump, lum_size);
check_capabilities:
if (!(mask & MAY_EXEC) ||
(inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
- if (capable(CAP_DAC_OVERRIDE))
+ if (cfs_capable(CFS_CAP_DAC_OVERRIDE))
return 0;
- if (capable(CAP_DAC_READ_SEARCH) && ((mask == MAY_READ) ||
+ if (cfs_capable(CFS_CAP_DAC_READ_SEARCH) && ((mask == MAY_READ) ||
(S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))))
return 0;
/* POSIX: check before ATTR_*TIME_SET set (from inode_change_ok) */
if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET)) {
- if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
+ if (current->fsuid != inode->i_uid &&
+ !cfs_capable(CFS_CAP_FOWNER))
RETURN(-EPERM);
}
op_data->op_mod_time = cfs_time_current_sec();
op_data->op_fsuid = current->fsuid;
op_data->op_fsgid = current->fsgid;
- op_data->op_cap = current->cap_effective;
+ op_data->op_cap = cfs_curproc_cap_pack();
op_data->op_bias = MDS_CHECK_SPLIT;
op_data->op_opc = opc;
op_data->op_mds = 0;
err = md_create(sbi->ll_md_exp, op_data, tgt, tgt_len, mode,
current->fsuid, current->fsgid,
- current->cap_effective, rdev, &request);
+ cfs_curproc_cap_pack(), rdev, &request);
ll_finish_md_op_data(op_data);
if (err)
GOTO(err_exit, err);
if (exp == NULL)
RETURN(-EINVAL);
- llap->llap_ignore_quota = capable(CAP_SYS_RESOURCE);
+ llap->llap_ignore_quota = cfs_capable(CFS_CAP_SYS_RESOURCE);
/*
* queue a write for some time in the future the first time we
if (rc)
RETURN(rc);
brw_flags = OBD_BRW_SRVLOCK;
- if (capable(CAP_SYS_RESOURCE))
+ if (cfs_capable(CFS_CAP_SYS_RESOURCE))
brw_flags |= OBD_BRW_NOQUOTA;
for (i = 0; i < numpages; i++) {
if (xattr_type == XATTR_USER_T && !(sbi->ll_flags & LL_SBI_USER_XATTR))
return -EOPNOTSUPP;
- if (xattr_type == XATTR_TRUSTED_T && !capable(CAP_SYS_ADMIN))
+ if (xattr_type == XATTR_TRUSTED_T && !cfs_capable(CFS_CAP_SYS_ADMIN))
return -EPERM;
if (xattr_type == XATTR_OTHER_T)
return -EOPNOTSUPP;
int lmv_create(struct obd_export *exp, struct md_op_data *op_data,
const void *data, int datalen, int mode, __u32 uid,
- __u32 gid, __u32 cap_effective, __u64 rdev,
+ __u32 gid, cfs_cap_t cap_effective, __u64 rdev,
struct ptlrpc_request **request)
{
struct obd_device *obd = exp->exp_obd;
op_data->op_fsuid = current->fsuid;
op_data->op_fsgid = current->fsgid;
- op_data->op_cap = current->cap_effective;
+ op_data->op_cap = cfs_curproc_cap_pack();
tgt_exp = lmv->tgts[mds].ltd_exp;
if (op_data->op_namelen) {
request:
op_data->op_fsuid = current->fsuid;
op_data->op_fsgid = current->fsgid;
- op_data->op_cap = current->cap_effective;
+ op_data->op_cap = cfs_curproc_cap_pack();
src_exp = lmv_get_export(lmv, mds1);
tgt_exp = lmv_get_export(lmv, mds2);
op_data->op_fsuid = current->fsuid;
op_data->op_fsgid = current->fsgid;
- op_data->op_cap = current->cap_effective;
+ op_data->op_cap = cfs_curproc_cap_pack();
/* If child's fid is given, cancel unused locks for it if it is from
* another export than parent. */
if (iattr->ia_valid & ATTR_MODE) {
inode->i_mode = iattr->ia_mode;
- if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))
+ if (!in_group_p(inode->i_gid) &&
+ !cfs_capable(CFS_CAP_FSETID))
inode->i_mode &= ~S_ISGID;
}
void *ea, int ealen, void *ea2, int ea2len);
void mdc_create_pack(struct ptlrpc_request *req, struct md_op_data *op_data,
const void *data, int datalen, __u32 mode, __u32 uid,
- __u32 gid, __u32 cap_effective, __u64 rdev);
+ __u32 gid, cfs_cap_t capability, __u64 rdev);
void mdc_open_pack(struct ptlrpc_request *req, struct md_op_data *op_data,
__u32 mode, __u64 rdev, __u32 flags, const void *data,
int datalen);
int mdc_create(struct obd_export *exp, struct md_op_data *op_data,
const void *data, int datalen, int mode, __u32 uid, __u32 gid,
- __u32 cap_effective, __u64 rdev, struct ptlrpc_request **request);
+ cfs_cap_t capability, __u64 rdev,
+ struct ptlrpc_request **request);
int mdc_link(struct obd_export *exp, struct md_op_data *op_data,
struct ptlrpc_request **request);
int mdc_rename(struct obd_export *exp, struct md_op_data *op_data,
b->gid = current->gid;
b->fsuid = current->fsuid;
b->fsgid = current->fsgid;
- b->capability = current->cap_effective;
+ b->capability = cfs_curproc_cap_pack();
}
void mdc_pack_capa(struct ptlrpc_request *req, const struct req_msg_field *field,
/* packing of MDS records */
void mdc_create_pack(struct ptlrpc_request *req, struct md_op_data *op_data,
const void *data, int datalen, __u32 mode,
- __u32 uid, __u32 gid, __u32 cap_effective, __u64 rdev)
+ __u32 uid, __u32 gid, cfs_cap_t cap_effective, __u64 rdev)
{
struct mdt_rec_create *rec;
char *tmp;
rec->cr_opcode = REINT_OPEN;
rec->cr_fsuid = current->fsuid;
rec->cr_fsgid = current->fsgid;
- rec->cr_cap = current->cap_effective;
+ rec->cr_cap = cfs_curproc_cap_pack();
if (op_data != NULL) {
rec->cr_fid1 = op_data->op_fid1;
rec->cr_fid2 = op_data->op_fid2;
rec->sa_opcode = REINT_SETATTR;
rec->sa_fsuid = current->fsuid;
rec->sa_fsgid = current->fsgid;
- rec->sa_cap = current->cap_effective;
+ rec->sa_cap = cfs_curproc_cap_pack();
rec->sa_suppgid = -1;
rec->sa_fid = op_data->op_fid1;
b->fsuid = current->fsuid;
b->fsgid = current->fsgid;
- b->capability = current->cap_effective;
+ b->capability = cfs_curproc_cap_pack();
b->valid = valid;
if (op_data->op_bias & MDS_CHECK_SPLIT)
b->valid |= OBD_MD_FLCKSPLIT;
int mdc_create(struct obd_export *exp, struct md_op_data *op_data,
const void *data, int datalen, int mode, __u32 uid, __u32 gid,
- __u32 cap_effective, __u64 rdev, struct ptlrpc_request **request)
+ cfs_cap_t cap_effective, __u64 rdev,
+ struct ptlrpc_request **request)
{
struct ptlrpc_request *req;
int level, rc;
*/
rec->sx_fsuid = current->fsuid;
rec->sx_fsgid = current->fsgid;
- rec->sx_cap = current->cap_effective;
+ rec->sx_cap = cfs_curproc_cap_pack();
rec->sx_suppgid1 = suppgid;
rec->sx_suppgid2 = -1;
rec->sx_fid = *fid;
if (tmp_la->la_uid == uc->mu_fsuid)
return 0;
- return !mdd_capable(uc, CAP_FOWNER);
+ return !mdd_capable(uc, CFS_CAP_FOWNER);
}
/*
#define mdd_cap_raised(c, flag) (mdd_cap_t(c) & MDD_CAP_TO_MASK(flag))
/* capable() is copied from linux kernel! */
-static inline int mdd_capable(struct md_ucred *uc, int cap)
+static inline int mdd_capable(struct md_ucred *uc, cfs_cap_t cap)
{
if (mdd_cap_raised(uc->mu_cap, cap))
return 1;
if (rc)
RETURN(rc);
- if ((uc->mu_fsuid != tmp_la->la_uid) && !mdd_capable(uc, CAP_FOWNER))
+ if ((uc->mu_fsuid != tmp_la->la_uid) &&
+ !mdd_capable(uc, CFS_CAP_FOWNER))
rc = mdd_permission_internal_locked(env, obj, tmp_la,
MAY_WRITE);
(LUSTRE_IMMUTABLE_FL | LUSTRE_APPEND_FL);
if ((uc->mu_fsuid != tmp_la->la_uid) &&
- !mdd_capable(uc, CAP_FOWNER))
+ !mdd_capable(uc, CFS_CAP_FOWNER))
RETURN(-EPERM);
/* XXX: the IMMUTABLE and APPEND_ONLY flags can
if (mdd_is_append(obj))
oldflags |= LUSTRE_APPEND_FL;
if ((oldflags ^ newflags) &&
- !mdd_capable(uc, CAP_LINUX_IMMUTABLE))
+ !mdd_capable(uc, CFS_CAP_LINUX_IMMUTABLE))
RETURN(-EPERM);
if (!S_ISDIR(tmp_la->la_mode))
if ((la->la_valid & (LA_MTIME | LA_ATIME | LA_CTIME)) &&
!(la->la_valid & ~(LA_MTIME | LA_ATIME | LA_CTIME))) {
if ((uc->mu_fsuid != tmp_la->la_uid) &&
- !mdd_capable(uc, CAP_FOWNER)) {
+ !mdd_capable(uc, CFS_CAP_FOWNER)) {
rc = mdd_permission_internal_locked(env, obj, tmp_la,
MAY_WRITE);
if (rc)
if ((la->la_valid & ~LA_MODE) &&
!(ma->ma_attr_flags & MDS_PERM_BYPASS) &&
(uc->mu_fsuid != tmp_la->la_uid) &&
- !mdd_capable(uc, CAP_FOWNER))
+ !mdd_capable(uc, CFS_CAP_FOWNER))
RETURN(-EPERM);
if (la->la_mode == (umode_t) -1)
(tmp_la->la_mode & ~S_IALLUGO);
/* Also check the setgid bit! */
- if (!lustre_in_group_p(uc, (la->la_valid & LA_GID) ? la->la_gid :
- tmp_la->la_gid) && !mdd_capable(uc, CAP_FSETID))
+ if (!lustre_in_group_p(uc, (la->la_valid & LA_GID) ?
+ la->la_gid : tmp_la->la_gid) &&
+ !mdd_capable(uc, CFS_CAP_FSETID))
la->la_mode &= ~S_ISGID;
} else {
la->la_mode = tmp_la->la_mode;
la->la_uid = tmp_la->la_uid;
if (((uc->mu_fsuid != tmp_la->la_uid) ||
(la->la_uid != tmp_la->la_uid)) &&
- !mdd_capable(uc, CAP_CHOWN))
+ !mdd_capable(uc, CFS_CAP_CHOWN))
RETURN(-EPERM);
/* If the user or group of a non-directory has been
if (((uc->mu_fsuid != tmp_la->la_uid) ||
((la->la_gid != tmp_la->la_gid) &&
!lustre_in_group_p(uc, la->la_gid))) &&
- !mdd_capable(uc, CAP_CHOWN))
+ !mdd_capable(uc, CFS_CAP_CHOWN))
RETURN(-EPERM);
/* Likewise, if the user or group of a non-directory
if (rc)
RETURN(rc);
- if ((uc->mu_fsuid != tmp_la->la_uid) && !mdd_capable(uc, CAP_FOWNER))
+ if ((uc->mu_fsuid != tmp_la->la_uid) &&
+ !mdd_capable(uc, CFS_CAP_FOWNER))
RETURN(-EPERM);
RETURN(rc);
if (uc && ((uc->mu_valid == UCRED_OLD) ||
(uc->mu_valid == UCRED_NEW)) &&
(uc->mu_fsuid != tmp_la->la_uid) &&
- !mdd_capable(uc, CAP_FOWNER))
+ !mdd_capable(uc, CFS_CAP_FOWNER))
RETURN(-EPERM);
}
#endif
check_capabilities:
if (!(mask & MAY_EXEC) ||
(la->la_mode & S_IXUGO) || S_ISDIR(la->la_mode))
- if (mdd_capable(uc, CAP_DAC_OVERRIDE))
+ if (mdd_capable(uc, CFS_CAP_DAC_OVERRIDE))
RETURN(0);
if ((mask == MAY_READ) ||
(S_ISDIR(la->la_mode) && !(mask & MAY_WRITE)))
- if (mdd_capable(uc, CAP_DAC_READ_SEARCH))
+ if (mdd_capable(uc, CFS_CAP_DAC_READ_SEARCH))
RETURN(0);
RETURN(-EACCES);
RETURN(rc);
}
- if (la->la_uid != uc->mu_fsuid && !mdd_capable(uc, CAP_FOWNER))
+ if (la->la_uid != uc->mu_fsuid &&
+ !mdd_capable(uc, CFS_CAP_FOWNER))
rc = -EPERM;
}
/* remove fs privilege for non-root user */
if (ucred->mu_fsuid)
- ucred->mu_cap = pud->pud_cap & ~CAP_FS_MASK;
+ ucred->mu_cap = pud->pud_cap & ~CFS_CAP_FS_MASK;
else
ucred->mu_cap = pud->pud_cap;
ucred->mu_valid = UCRED_NEW;
/* remove fs privilege for non-root user */
if (uc->mu_fsuid)
- uc->mu_cap = body->capability & ~CAP_FS_MASK;
+ uc->mu_cap = body->capability & ~CFS_CAP_FS_MASK;
else
uc->mu_cap = body->capability;
uc->mu_valid = UCRED_OLD;
/* remove fs privilege for non-root user */
if (uc->mu_fsuid)
- uc->mu_cap &= ~CAP_FS_MASK;
+ uc->mu_cap &= ~CFS_CAP_FS_MASK;
uc->mu_valid = UCRED_OLD;
RETURN(0);
struct lov_stripe_md *lsm, struct llog_cookie *logcookies,
int numcookies)
{
- __u32 cap;
- int rc;
+ int raised, rc;
ENTRY;
if (!ctxt) {
}
CTXT_CHECK_OP(ctxt, add, -EOPNOTSUPP);
- cap = current->cap_effective;
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ raised = cfs_cap_raised(CFS_CAP_SYS_RESOURCE);
+ if (!raised)
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
rc = CTXTP(ctxt, add)(ctxt, rec, lsm, logcookies, numcookies);
- current->cap_effective = cap;
+ if (!raised)
+ cfs_cap_lower(CFS_CAP_SYS_RESOURCE);
RETURN(rc);
}
EXPORT_SYMBOL(llog_add);
if (ia_valid & ATTR_MODE) {
oa->o_mode = attr->ia_mode;
oa->o_valid |= OBD_MD_FLTYPE | OBD_MD_FLMODE;
- if (!in_group_p(oa->o_gid) && !capable(CAP_FSETID))
+ if (!in_group_p(oa->o_gid) && !cfs_capable(CFS_CAP_FSETID))
oa->o_mode &= ~S_ISGID;
}
if (ia_valid & ATTR_UID) {
if (valid & OBD_MD_FLMODE) {
attr->ia_mode = (attr->ia_mode & S_IFMT)|(oa->o_mode & ~S_IFMT);
attr->ia_valid |= ATTR_MODE;
- if (!in_group_p(oa->o_gid) && !capable(CAP_FSETID))
+ if (!in_group_p(oa->o_gid) && !cfs_capable(CFS_CAP_FSETID))
attr->ia_mode &= ~S_ISGID;
}
if (valid & OBD_MD_FLUID) {
switch (cmd) {
case OBD_IOC_CREATE: /* may create echo object */
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rc = echo_create_object (obd, 1, &data->ioc_obdo1,
GOTO(out, rc);
case OBD_IOC_DESTROY:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rc = echo_get_object (&eco, obd, &data->ioc_obdo1);
GOTO(out, rc);
case OBD_IOC_SETATTR:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rc = echo_get_object (&eco, obd, &data->ioc_obdo1);
GOTO(out, rc);
case OBD_IOC_BRW_WRITE:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rw = OBD_BRW_WRITE;
GOTO(out, rc);
case ECHO_IOC_SET_STRIPE:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
if (data->ioc_pbuf1 == NULL) { /* unset */
GOTO (out, rc);
case ECHO_IOC_ENQUEUE:
- if (!capable (CAP_SYS_ADMIN))
+ if (!cfs_capable(CFS_CAP_SYS_ADMIN))
GOTO (out, rc = -EPERM);
rc = echo_client_enqueue(exp, &data->ioc_obdo1,
GOTO(out, rc = -EPERM);
/* check_sticky() */
- if ((dentry->d_inode->i_uid != current->fsuid && !capable(CAP_FOWNER))||
- IS_APPEND(dentry->d_inode) || IS_IMMUTABLE(dentry->d_inode))
+ if ((dentry->d_inode->i_uid != current->fsuid &&
+ !cfs_capable(CFS_CAP_FOWNER)) || IS_APPEND(dentry->d_inode) ||
+ IS_IMMUTABLE(dentry->d_inode))
GOTO(out, rc = -EPERM);
/* NOTE: This might need to go outside i_mutex, though it isn't clear if
CDEBUG(D_INODE, "update UID/GID to %lu/%lu\n",
(unsigned long)oa->o_uid, (unsigned long)oa->o_gid);
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
iattr.ia_valid |= ATTR_MODE;
iattr.ia_mode = inode->i_mode;
pud->pud_gid = cfs_current()->gid;
pud->pud_fsuid = cfs_current()->fsuid;
pud->pud_fsgid = cfs_current()->fsgid;
- pud->pud_cap = cfs_current()->cap_effective;
+ pud->pud_cap = cfs_curproc_cap_pack();
pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4;
#ifdef __KERNEL__
RETURN(0);
if (ignore)
- cap_raise(current->cap_effective, CAP_SYS_RESOURCE);
+ cfs_cap_raise(CFS_CAP_SYS_RESOURCE);
else
- cap_lower(current->cap_effective, CAP_SYS_RESOURCE);
+ cfs_cap_lower(CFS_CAP_SYS_RESOURCE);
RETURN(0);
}
}
if (!has) {
- int count = 1;
+ int count;
err:
+ count = 1;
dprintf("node"__S":%llu Child list:\n",
node->in_extent.start,
node->in_extent.end,
{
struct kid_t *kid;
char oname[10], ename[10];
- int thread = (long)threadvp, dev;
+ int thread = (long)threadvp, dev = 0;
int rc = 0, err;
if (o_verbose > 2)