diff options
author | David Howells <dhowells@redhat.com> | 2007-04-26 18:57:07 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-04-26 18:57:07 -0400 |
commit | 00d3b7a4533e367b0dc2812a706db8f9f071c27f (patch) | |
tree | f0b1ae0266267cb2c54cb11aa61ad0758ce9c0f5 /fs/afs/file.c | |
parent | 436058a49e0fb91c74454dbee9cfee6fb53b4336 (diff) |
[AFS]: Add security support.
Add security support to the AFS filesystem. Kerberos IV tickets are added as
RxRPC keys are added to the session keyring with the klog program. open() and
other VFS operations then find this ticket with request_key() and either use
it immediately (eg: mkdir, unlink) or attach it to a file descriptor (open).
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'fs/afs/file.c')
-rw-r--r-- | fs/afs/file.c | 60 |
1 files changed, 53 insertions, 7 deletions
diff --git a/fs/afs/file.c b/fs/afs/file.c index 6990327e75dd..101bbb8c0d8b 100644 --- a/fs/afs/file.c +++ b/fs/afs/file.c | |||
@@ -17,17 +17,23 @@ | |||
17 | #include <linux/pagemap.h> | 17 | #include <linux/pagemap.h> |
18 | #include "internal.h" | 18 | #include "internal.h" |
19 | 19 | ||
20 | #if 0 | ||
21 | static int afs_file_open(struct inode *inode, struct file *file); | ||
22 | static int afs_file_release(struct inode *inode, struct file *file); | ||
23 | #endif | ||
24 | |||
25 | static int afs_file_readpage(struct file *file, struct page *page); | 20 | static int afs_file_readpage(struct file *file, struct page *page); |
26 | static void afs_file_invalidatepage(struct page *page, unsigned long offset); | 21 | static void afs_file_invalidatepage(struct page *page, unsigned long offset); |
27 | static int afs_file_releasepage(struct page *page, gfp_t gfp_flags); | 22 | static int afs_file_releasepage(struct page *page, gfp_t gfp_flags); |
28 | 23 | ||
24 | const struct file_operations afs_file_operations = { | ||
25 | .open = afs_open, | ||
26 | .release = afs_release, | ||
27 | .llseek = generic_file_llseek, | ||
28 | .read = do_sync_read, | ||
29 | .aio_read = generic_file_aio_read, | ||
30 | .mmap = generic_file_readonly_mmap, | ||
31 | .sendfile = generic_file_sendfile, | ||
32 | }; | ||
33 | |||
29 | const struct inode_operations afs_file_inode_operations = { | 34 | const struct inode_operations afs_file_inode_operations = { |
30 | .getattr = afs_inode_getattr, | 35 | .getattr = afs_inode_getattr, |
36 | .permission = afs_permission, | ||
31 | }; | 37 | }; |
32 | 38 | ||
33 | const struct address_space_operations afs_fs_aops = { | 39 | const struct address_space_operations afs_fs_aops = { |
@@ -38,6 +44,41 @@ const struct address_space_operations afs_fs_aops = { | |||
38 | }; | 44 | }; |
39 | 45 | ||
40 | /* | 46 | /* |
47 | * open an AFS file or directory and attach a key to it | ||
48 | */ | ||
49 | int afs_open(struct inode *inode, struct file *file) | ||
50 | { | ||
51 | struct afs_vnode *vnode = AFS_FS_I(inode); | ||
52 | struct key *key; | ||
53 | |||
54 | _enter("{%x:%x},", vnode->fid.vid, vnode->fid.vnode); | ||
55 | |||
56 | key = afs_request_key(vnode->volume->cell); | ||
57 | if (IS_ERR(key)) { | ||
58 | _leave(" = %ld [key]", PTR_ERR(key)); | ||
59 | return PTR_ERR(key); | ||
60 | } | ||
61 | |||
62 | file->private_data = key; | ||
63 | _leave(" = 0"); | ||
64 | return 0; | ||
65 | } | ||
66 | |||
67 | /* | ||
68 | * release an AFS file or directory and discard its key | ||
69 | */ | ||
70 | int afs_release(struct inode *inode, struct file *file) | ||
71 | { | ||
72 | struct afs_vnode *vnode = AFS_FS_I(inode); | ||
73 | |||
74 | _enter("{%x:%x},", vnode->fid.vid, vnode->fid.vnode); | ||
75 | |||
76 | key_put(file->private_data); | ||
77 | _leave(" = 0"); | ||
78 | return 0; | ||
79 | } | ||
80 | |||
81 | /* | ||
41 | * deal with notification that a page was read from the cache | 82 | * deal with notification that a page was read from the cache |
42 | */ | 83 | */ |
43 | #ifdef AFS_CACHING_SUPPORT | 84 | #ifdef AFS_CACHING_SUPPORT |
@@ -79,13 +120,18 @@ static int afs_file_readpage(struct file *file, struct page *page) | |||
79 | { | 120 | { |
80 | struct afs_vnode *vnode; | 121 | struct afs_vnode *vnode; |
81 | struct inode *inode; | 122 | struct inode *inode; |
123 | struct key *key; | ||
82 | size_t len; | 124 | size_t len; |
83 | off_t offset; | 125 | off_t offset; |
84 | int ret; | 126 | int ret; |
85 | 127 | ||
86 | inode = page->mapping->host; | 128 | inode = page->mapping->host; |
87 | 129 | ||
88 | _enter("{%lu},{%lu}", inode->i_ino, page->index); | 130 | ASSERT(file != NULL); |
131 | key = file->private_data; | ||
132 | ASSERT(key != NULL); | ||
133 | |||
134 | _enter("{%x},{%lu},{%lu}", key_serial(key), inode->i_ino, page->index); | ||
89 | 135 | ||
90 | vnode = AFS_FS_I(inode); | 136 | vnode = AFS_FS_I(inode); |
91 | 137 | ||
@@ -124,7 +170,7 @@ static int afs_file_readpage(struct file *file, struct page *page) | |||
124 | 170 | ||
125 | /* read the contents of the file from the server into the | 171 | /* read the contents of the file from the server into the |
126 | * page */ | 172 | * page */ |
127 | ret = afs_vnode_fetch_data(vnode, offset, len, page); | 173 | ret = afs_vnode_fetch_data(vnode, key, offset, len, page); |
128 | if (ret < 0) { | 174 | if (ret < 0) { |
129 | if (ret == -ENOENT) { | 175 | if (ret == -ENOENT) { |
130 | _debug("got NOENT from server" | 176 | _debug("got NOENT from server" |