From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
To: sfrench@us.ibm.com, ffilz@us.ibm.com, agruen@suse.de,
adilger@sun.com, sandeen@redhat.com, tytso@mit.edu,
staubach@redhat.com, bfields@citi.umich.edu, jlayton@redhat.com
Cc: aneesh.kumar@linux.vnet.ibm.com, linux-fsdevel@vger.kernel.org,
nfsv4@linux-nfs.org, linux-ext4@vger.kernel.org
Subject: [PATCH 13/23] richacl: Follow nfs4 acl delete definition
Date: Mon, 1 Feb 2010 11:04:55 +0530 [thread overview]
Message-ID: <1265002505-8387-14-git-send-email-aneesh.kumar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1265002505-8387-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com>
We SHOULD allow unlink if either ACE4_DELETE is permitted on the target,
or ACE4_DELETE_CHILD is permitted on the parent. (Note that this is true
even if the parent or target explicitly denies one of these permissions.)
If the ACLs in question neither explicitly ALLOW nor DENY either of the above,
and if MODE4_SVTX is not set on the parent, then the we SHOULD allow the
removal if and only if ACE4_ADD_FILE is permitted. In the case where MODE4_SVTX
is set, the we may also require the remover to own either the parent or the
target, or may require the target to be writable.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
---
fs/ext4/richacl.c | 41 ++++++++++++++++++++++++++++++++++++-
fs/richacl_base.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++
include/linux/richacl.h | 2 +
3 files changed, 91 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/richacl.c b/fs/ext4/richacl.c
index a8702c7..73c14dd 100644
--- a/fs/ext4/richacl.c
+++ b/fs/ext4/richacl.c
@@ -190,6 +190,28 @@ ext4_richacl_permission(struct inode *inode, unsigned int mask)
return retval;
}
+int ext4_richacl_mask_present(struct inode *inode, unsigned int mask)
+{
+ struct richacl *acl;
+ int retval;
+
+ if (!richacl_enabled(inode->i_sb))
+ BUG();
+
+ acl = ext4_get_richacl(inode);
+ if (!acl)
+ return 0;
+ else if (IS_ERR(acl))
+ return 0;
+ else {
+ retval = richacl_mask_present(inode, acl, mask);
+ richacl_put(acl);
+ }
+
+ return retval;
+
+
+}
int ext4_may_create(struct inode *dir, int isdir)
{
int error;
@@ -223,10 +245,25 @@ int ext4_may_delete(struct inode *dir, struct inode *inode)
if (richacl_enabled(inode->i_sb)) {
error = ext4_richacl_permission(dir,
ACE4_DELETE_CHILD|ACE4_EXECUTE);
- if (!error && check_sticky(dir, inode))
- error = -EPERM;
if (error && !ext4_richacl_permission(inode, ACE4_DELETE))
error = 0;
+
+ if (!error)
+ return error;
+
+ /*
+ * if we neither explicity allow nor deny both the above
+ * then are depend on stick and add file flag
+ */
+ if (!ext4_richacl_mask_present(dir, ACE4_DELETE_CHILD) &&
+ !ext4_richacl_mask_present(inode, ACE4_DELETE)) {
+
+ error = ext4_richacl_permission(dir,
+ ACE4_ADD_FILE | ACE4_EXECUTE);
+ if (!error && check_sticky(dir, inode))
+ error = -EPERM;
+ }
+
} else {
error = ext4_permission(dir, MAY_WRITE | MAY_EXEC);
if (!error && check_sticky(dir, inode))
diff --git a/fs/richacl_base.c b/fs/richacl_base.c
index b5c28cf..4a340d7 100644
--- a/fs/richacl_base.c
+++ b/fs/richacl_base.c
@@ -350,6 +350,56 @@ is_everyone:
EXPORT_SYMBOL_GPL(richacl_permission);
/**
+ * richacl_mask_present - check whether the specified masks are present in the acl
+ * @inode: inode to check
+ * @acl: rich acl of the inode
+ * @mask: requested access (ACE4_* bitmask)
+ *
+ * Check wether the specified mask are explicity specified in the allow or
+ * deny aces. If not return 0. If yes return 1;
+ */
+int richacl_mask_present(struct inode *inode, const struct richacl *acl,
+ unsigned int mask)
+{
+ const struct richace *ace;
+
+ richacl_for_each_entry(ace, acl) {
+ unsigned int ace_mask = ace->e_mask;
+
+ if (richace_is_inherit_only(ace))
+ continue;
+ if (richace_is_owner(ace)) {
+ if (current_fsuid() != inode->i_uid)
+ continue;
+ } else if (richace_is_group(ace)) {
+ if (!in_group_p(inode->i_gid))
+ continue;
+ } else if (richace_is_unix_id(ace)) {
+ if (ace->e_flags & ACE4_IDENTIFIER_GROUP) {
+ if (!in_group_p(ace->u.e_id))
+ continue;
+ } else {
+ if (current_fsuid() != ace->u.e_id)
+ continue;
+ }
+ }
+ if (mask & ace_mask)
+ /* ace contain some of the mask */
+ mask &= ~ace_mask;
+
+ if (!mask)
+ break;
+ }
+
+ if (mask)
+ /* some of the mask specified are not present */
+ return 0;
+
+ return 1;
+}
+EXPORT_SYMBOL_GPL(richacl_mask_present);
+
+/**
* richacl_generic_permission - permission check algorithm without explicit acl
* @inode: inode to check permissions for
* @mask: requested access (ACE4_* bitmask)
diff --git a/include/linux/richacl.h b/include/linux/richacl.h
index de71ca5..705e061 100644
--- a/include/linux/richacl.h
+++ b/include/linux/richacl.h
@@ -225,6 +225,8 @@ extern struct richacl *richacl_clone(const struct richacl *acl);
extern unsigned int richacl_want_to_mask(int want, int is_dir);
extern int richacl_permission(struct inode *,
const struct richacl *, unsigned int);
+extern int richacl_mask_present(struct inode *,
+ const struct richacl *, unsigned int);
extern int richacl_generic_permission(struct inode *, unsigned int);
extern int richace_is_same_who(const struct richace *, const struct richace *);
extern int richace_set_who(struct richace *ace, const char *who);
--
1.7.0.rc0.48.gdace5
next prev parent reply other threads:[~2010-02-01 5:34 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-01 5:34 [RFC PATCH] New ACL format for better NFSv4 acl interoperability Aneesh Kumar K.V
2010-02-01 5:34 ` [PATCH 01/23] vfs: VFS hooks for per-filesystem permission models Aneesh Kumar K.V
2010-02-01 5:34 ` [PATCH 02/23] vfs: Check for create permission during rename Aneesh Kumar K.V
2010-02-01 5:34 ` [PATCH 03/23] vfs: rich ACL in-memory representation and manipulation Aneesh Kumar K.V
2010-02-01 7:28 ` Brad Boyer
2010-02-01 18:02 ` Aneesh Kumar K. V
2010-02-01 23:06 ` J. Bruce Fields
2010-02-01 23:21 ` J. Bruce Fields
2010-02-01 5:34 ` [PATCH 04/23] richacl: Add write retention and retention hold access mask Aneesh Kumar K.V
2010-02-01 5:34 ` [PATCH 05/23] ext4: Implement rich acl for ext4 Aneesh Kumar K.V
2010-02-01 5:34 ` [PATCH 06/23] vfs: Implement those parts of Automatic Inheritance (AI) which are safe under POSIX Aneesh Kumar K.V
2010-02-01 5:34 ` [PATCH 07/23] vfs: Add Posix acl to rich acl mapping helpers Aneesh Kumar K.V
2010-02-01 23:18 ` J. Bruce Fields
2010-02-02 5:22 ` Aneesh Kumar K. V
2010-02-01 5:34 ` [PATCH 08/23] vfs: Add a flag to denote posix mapped richacl Aneesh Kumar K.V
2010-02-01 23:18 ` J. Bruce Fields
2010-02-02 5:33 ` Aneesh Kumar K. V
2010-02-02 15:18 ` J. Bruce Fields
2010-02-01 5:34 ` [PATCH 09/23] ext4: Add posix acl to rich acl mapping Aneesh Kumar K.V
2010-02-01 5:34 ` [PATCH 10/23] richacl: Add separate file and dir acl masks Aneesh Kumar K.V
2010-02-01 5:34 ` [PATCH 11/23] richacl: Move the xattr representation to little-endian format Aneesh Kumar K.V
2010-02-01 23:34 ` J. Bruce Fields
2010-02-02 5:35 ` Aneesh Kumar K. V
2010-02-01 5:34 ` [PATCH 12/23] richacl: Use directory specific mask values for operation on directories Aneesh Kumar K.V
2010-02-01 5:34 ` Aneesh Kumar K.V [this message]
2010-02-01 5:34 ` [PATCH 14/23] richacl: Disable automatic inheritance with posix mapped acls Aneesh Kumar K.V
2010-02-01 5:34 ` [PATCH 15/23] richacl: Delete posix acl if present on richacl set Aneesh Kumar K.V
2010-02-01 5:34 ` [PATCH 16/23] ext4: Update richacl incompat flag value Aneesh Kumar K.V
2010-02-01 23:41 ` J. Bruce Fields
2010-02-01 5:34 ` [PATCH 17/23] vfs: Add new MS_ACL and MS_RICHACL flag Aneesh Kumar K.V
2010-02-01 5:35 ` [PATCH 18/23] richacl: Add helper function for creating richacl from mode values Aneesh Kumar K.V
2010-02-01 5:35 ` [PATCH 19/23] fs: Use the correct MS_*ACL flags in file system code Aneesh Kumar K.V
2010-02-01 5:35 ` [PATCH 20/23] nfsd: Apply NFSv4acl to posix acl mapping only if MS_POSIXACL is set Aneesh Kumar K.V
2010-02-01 5:35 ` [PATCH 21/23] richacl: Add helpers for NFSv4 acl to richacl conversion Aneesh Kumar K.V
2010-02-01 5:35 ` [PATCH 22/23] nfsd: Add support for reading rich acl from file system Aneesh Kumar K.V
2010-02-01 5:35 ` [PATCH 23/23] nfsd: Add support for saving richacl Aneesh Kumar K.V
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1265002505-8387-14-git-send-email-aneesh.kumar@linux.vnet.ibm.com \
--to=aneesh.kumar@linux.vnet.ibm.com \
--cc=adilger@sun.com \
--cc=agruen@suse.de \
--cc=bfields@citi.umich.edu \
--cc=ffilz@us.ibm.com \
--cc=jlayton@redhat.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=nfsv4@linux-nfs.org \
--cc=sandeen@redhat.com \
--cc=sfrench@us.ibm.com \
--cc=staubach@redhat.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).