diff options
author | David Howells <dhowells@redhat.com> | 2007-04-26 18:57:07 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-04-26 18:57:07 -0400 |
commit | 00d3b7a4533e367b0dc2812a706db8f9f071c27f (patch) | |
tree | f0b1ae0266267cb2c54cb11aa61ad0758ce9c0f5 /fs/afs/vnode.c | |
parent | 436058a49e0fb91c74454dbee9cfee6fb53b4336 (diff) |
[AFS]: Add security support.
Add security support to the AFS filesystem. Kerberos IV tickets are added as
RxRPC keys are added to the session keyring with the klog program. open() and
other VFS operations then find this ticket with request_key() and either use
it immediately (eg: mkdir, unlink) or attach it to a file descriptor (open).
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'fs/afs/vnode.c')
-rw-r--r-- | fs/afs/vnode.c | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/fs/afs/vnode.c b/fs/afs/vnode.c index d2ca1398474f..160097619ec7 100644 --- a/fs/afs/vnode.c +++ b/fs/afs/vnode.c | |||
@@ -238,9 +238,11 @@ static void afs_vnode_finalise_status_update(struct afs_vnode *vnode, | |||
238 | * - there are any outstanding ops that will fetch the status | 238 | * - there are any outstanding ops that will fetch the status |
239 | * - TODO implement local caching | 239 | * - TODO implement local caching |
240 | */ | 240 | */ |
241 | int afs_vnode_fetch_status(struct afs_vnode *vnode) | 241 | int afs_vnode_fetch_status(struct afs_vnode *vnode, |
242 | struct afs_vnode *auth_vnode, struct key *key) | ||
242 | { | 243 | { |
243 | struct afs_server *server; | 244 | struct afs_server *server; |
245 | unsigned long acl_order; | ||
244 | int ret; | 246 | int ret; |
245 | 247 | ||
246 | DECLARE_WAITQUEUE(myself, current); | 248 | DECLARE_WAITQUEUE(myself, current); |
@@ -260,6 +262,10 @@ int afs_vnode_fetch_status(struct afs_vnode *vnode) | |||
260 | return -ENOENT; | 262 | return -ENOENT; |
261 | } | 263 | } |
262 | 264 | ||
265 | acl_order = 0; | ||
266 | if (auth_vnode) | ||
267 | acl_order = auth_vnode->acl_order; | ||
268 | |||
263 | spin_lock(&vnode->lock); | 269 | spin_lock(&vnode->lock); |
264 | 270 | ||
265 | if (!test_bit(AFS_VNODE_CB_BROKEN, &vnode->flags) && | 271 | if (!test_bit(AFS_VNODE_CB_BROKEN, &vnode->flags) && |
@@ -324,12 +330,14 @@ get_anyway: | |||
324 | _debug("USING SERVER: %p{%08x}", | 330 | _debug("USING SERVER: %p{%08x}", |
325 | server, ntohl(server->addr.s_addr)); | 331 | server, ntohl(server->addr.s_addr)); |
326 | 332 | ||
327 | ret = afs_fs_fetch_file_status(server, vnode, NULL, | 333 | ret = afs_fs_fetch_file_status(server, key, vnode, NULL, |
328 | &afs_sync_call); | 334 | &afs_sync_call); |
329 | 335 | ||
330 | } while (!afs_volume_release_fileserver(vnode, server, ret)); | 336 | } while (!afs_volume_release_fileserver(vnode, server, ret)); |
331 | 337 | ||
332 | /* adjust the flags */ | 338 | /* adjust the flags */ |
339 | if (ret == 0 && auth_vnode) | ||
340 | afs_cache_permit(vnode, key, acl_order); | ||
333 | afs_vnode_finalise_status_update(vnode, server, ret); | 341 | afs_vnode_finalise_status_update(vnode, server, ret); |
334 | 342 | ||
335 | _leave(" = %d", ret); | 343 | _leave(" = %d", ret); |
@@ -340,17 +348,18 @@ get_anyway: | |||
340 | * fetch file data from the volume | 348 | * fetch file data from the volume |
341 | * - TODO implement caching and server failover | 349 | * - TODO implement caching and server failover |
342 | */ | 350 | */ |
343 | int afs_vnode_fetch_data(struct afs_vnode *vnode, off_t offset, size_t length, | 351 | int afs_vnode_fetch_data(struct afs_vnode *vnode, struct key *key, |
344 | struct page *page) | 352 | off_t offset, size_t length, struct page *page) |
345 | { | 353 | { |
346 | struct afs_server *server; | 354 | struct afs_server *server; |
347 | int ret; | 355 | int ret; |
348 | 356 | ||
349 | _enter("%s,{%u,%u,%u}", | 357 | _enter("%s{%u,%u,%u},%x,,,", |
350 | vnode->volume->vlocation->vldb.name, | 358 | vnode->volume->vlocation->vldb.name, |
351 | vnode->fid.vid, | 359 | vnode->fid.vid, |
352 | vnode->fid.vnode, | 360 | vnode->fid.vnode, |
353 | vnode->fid.unique); | 361 | vnode->fid.unique, |
362 | key_serial(key)); | ||
354 | 363 | ||
355 | /* this op will fetch the status */ | 364 | /* this op will fetch the status */ |
356 | spin_lock(&vnode->lock); | 365 | spin_lock(&vnode->lock); |
@@ -367,8 +376,8 @@ int afs_vnode_fetch_data(struct afs_vnode *vnode, off_t offset, size_t length, | |||
367 | 376 | ||
368 | _debug("USING SERVER: %08x\n", ntohl(server->addr.s_addr)); | 377 | _debug("USING SERVER: %08x\n", ntohl(server->addr.s_addr)); |
369 | 378 | ||
370 | ret = afs_fs_fetch_data(server, vnode, offset, length, page, | 379 | ret = afs_fs_fetch_data(server, key, vnode, offset, length, |
371 | NULL, &afs_sync_call); | 380 | page, NULL, &afs_sync_call); |
372 | 381 | ||
373 | } while (!afs_volume_release_fileserver(vnode, server, ret)); | 382 | } while (!afs_volume_release_fileserver(vnode, server, ret)); |
374 | 383 | ||