diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-02-07 21:52:57 -0500 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-18 04:01:35 -0400 |
| commit | 2f6f0654ab61961fd0f7701fe3be89ea111f0cda (patch) | |
| tree | a96703c892bd374b5ef7b102c52a5ec596970027 /fs/posix_acl.c | |
| parent | d20b92ab668cc44fc84bba0001839c5a8013a5cd (diff) | |
userns: Convert vfs posix_acl support to use kuids and kgids
- In setxattr if we are setting a posix acl convert uids and gids from
the current user namespace into the initial user namespace, before
the xattrs are passed to the underlying filesystem.
Untranslatable uids and gids are represented as -1 which
posix_acl_from_xattr will represent as INVALID_UID or INVALID_GID.
posix_acl_valid will fail if an acl from userspace has any
INVALID_UID or INVALID_GID values. In net this guarantees that
untranslatable posix acls will not be stored by filesystems.
- In getxattr if we are reading a posix acl convert uids and gids from
the initial user namespace into the current user namespace.
Uids and gids that can not be tranlsated into the current user namespace
will be represented as -1.
- Replace e_id in struct posix_acl_entry with an anymouns union of
e_uid and e_gid. For the short term retain the e_id field
until all of the users are converted.
- Don't set struct posix_acl.e_id in the cases where the acl type
does not use e_id. Greatly reducing the use of ACL_UNDEFINED_ID.
- Rework the ordering checks in posix_acl_valid so that I use kuid_t
and kgid_t types throughout the code, and so that I don't need
arithmetic on uid and gid types.
Cc: Theodore Tso <tytso@mit.edu>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andreas Dilger <adilger.kernel@dilger.ca>
Cc: Jan Kara <jack@suse.cz>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'fs/posix_acl.c')
| -rw-r--r-- | fs/posix_acl.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/fs/posix_acl.c b/fs/posix_acl.c index 5e325a42e33d..8bd2135b7f82 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c | |||
| @@ -78,7 +78,8 @@ posix_acl_valid(const struct posix_acl *acl) | |||
| 78 | { | 78 | { |
| 79 | const struct posix_acl_entry *pa, *pe; | 79 | const struct posix_acl_entry *pa, *pe; |
| 80 | int state = ACL_USER_OBJ; | 80 | int state = ACL_USER_OBJ; |
| 81 | unsigned int id = 0; /* keep gcc happy */ | 81 | kuid_t prev_uid = INVALID_UID; |
| 82 | kgid_t prev_gid = INVALID_GID; | ||
| 82 | int needs_mask = 0; | 83 | int needs_mask = 0; |
| 83 | 84 | ||
| 84 | FOREACH_ACL_ENTRY(pa, acl, pe) { | 85 | FOREACH_ACL_ENTRY(pa, acl, pe) { |
| @@ -87,7 +88,6 @@ posix_acl_valid(const struct posix_acl *acl) | |||
| 87 | switch (pa->e_tag) { | 88 | switch (pa->e_tag) { |
| 88 | case ACL_USER_OBJ: | 89 | case ACL_USER_OBJ: |
| 89 | if (state == ACL_USER_OBJ) { | 90 | if (state == ACL_USER_OBJ) { |
| 90 | id = 0; | ||
| 91 | state = ACL_USER; | 91 | state = ACL_USER; |
| 92 | break; | 92 | break; |
| 93 | } | 93 | } |
| @@ -96,16 +96,17 @@ posix_acl_valid(const struct posix_acl *acl) | |||
| 96 | case ACL_USER: | 96 | case ACL_USER: |
| 97 | if (state != ACL_USER) | 97 | if (state != ACL_USER) |
| 98 | return -EINVAL; | 98 | return -EINVAL; |
| 99 | if (pa->e_id == ACL_UNDEFINED_ID || | 99 | if (!uid_valid(pa->e_uid)) |
| 100 | pa->e_id < id) | ||
| 101 | return -EINVAL; | 100 | return -EINVAL; |
| 102 | id = pa->e_id + 1; | 101 | if (uid_valid(prev_uid) && |
| 102 | uid_lte(pa->e_uid, prev_uid)) | ||
| 103 | return -EINVAL; | ||
| 104 | prev_uid = pa->e_uid; | ||
| 103 | needs_mask = 1; | 105 | needs_mask = 1; |
| 104 | break; | 106 | break; |
| 105 | 107 | ||
| 106 | case ACL_GROUP_OBJ: | 108 | case ACL_GROUP_OBJ: |
| 107 | if (state == ACL_USER) { | 109 | if (state == ACL_USER) { |
| 108 | id = 0; | ||
| 109 | state = ACL_GROUP; | 110 | state = ACL_GROUP; |
| 110 | break; | 111 | break; |
| 111 | } | 112 | } |
| @@ -114,10 +115,12 @@ posix_acl_valid(const struct posix_acl *acl) | |||
| 114 | case ACL_GROUP: | 115 | case ACL_GROUP: |
| 115 | if (state != ACL_GROUP) | 116 | if (state != ACL_GROUP) |
| 116 | return -EINVAL; | 117 | return -EINVAL; |
| 117 | if (pa->e_id == ACL_UNDEFINED_ID || | 118 | if (!gid_valid(pa->e_gid)) |
| 118 | pa->e_id < id) | 119 | return -EINVAL; |
| 120 | if (gid_valid(prev_gid) && | ||
| 121 | gid_lte(pa->e_gid, prev_gid)) | ||
| 119 | return -EINVAL; | 122 | return -EINVAL; |
| 120 | id = pa->e_id + 1; | 123 | prev_gid = pa->e_gid; |
| 121 | needs_mask = 1; | 124 | needs_mask = 1; |
| 122 | break; | 125 | break; |
| 123 | 126 | ||
| @@ -195,15 +198,12 @@ posix_acl_from_mode(umode_t mode, gfp_t flags) | |||
| 195 | return ERR_PTR(-ENOMEM); | 198 | return ERR_PTR(-ENOMEM); |
| 196 | 199 | ||
| 197 | acl->a_entries[0].e_tag = ACL_USER_OBJ; | 200 | acl->a_entries[0].e_tag = ACL_USER_OBJ; |
| 198 | acl->a_entries[0].e_id = ACL_UNDEFINED_ID; | ||
| 199 | acl->a_entries[0].e_perm = (mode & S_IRWXU) >> 6; | 201 | acl->a_entries[0].e_perm = (mode & S_IRWXU) >> 6; |
| 200 | 202 | ||
| 201 | acl->a_entries[1].e_tag = ACL_GROUP_OBJ; | 203 | acl->a_entries[1].e_tag = ACL_GROUP_OBJ; |
| 202 | acl->a_entries[1].e_id = ACL_UNDEFINED_ID; | ||
| 203 | acl->a_entries[1].e_perm = (mode & S_IRWXG) >> 3; | 204 | acl->a_entries[1].e_perm = (mode & S_IRWXG) >> 3; |
| 204 | 205 | ||
| 205 | acl->a_entries[2].e_tag = ACL_OTHER; | 206 | acl->a_entries[2].e_tag = ACL_OTHER; |
| 206 | acl->a_entries[2].e_id = ACL_UNDEFINED_ID; | ||
| 207 | acl->a_entries[2].e_perm = (mode & S_IRWXO); | 207 | acl->a_entries[2].e_perm = (mode & S_IRWXO); |
| 208 | return acl; | 208 | return acl; |
| 209 | } | 209 | } |
| @@ -224,11 +224,11 @@ posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want) | |||
| 224 | switch(pa->e_tag) { | 224 | switch(pa->e_tag) { |
| 225 | case ACL_USER_OBJ: | 225 | case ACL_USER_OBJ: |
| 226 | /* (May have been checked already) */ | 226 | /* (May have been checked already) */ |
| 227 | if (inode->i_uid == current_fsuid()) | 227 | if (uid_eq(inode->i_uid, current_fsuid())) |
| 228 | goto check_perm; | 228 | goto check_perm; |
| 229 | break; | 229 | break; |
| 230 | case ACL_USER: | 230 | case ACL_USER: |
| 231 | if (pa->e_id == current_fsuid()) | 231 | if (uid_eq(pa->e_uid, current_fsuid())) |
| 232 | goto mask; | 232 | goto mask; |
| 233 | break; | 233 | break; |
| 234 | case ACL_GROUP_OBJ: | 234 | case ACL_GROUP_OBJ: |
| @@ -239,7 +239,7 @@ posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want) | |||
| 239 | } | 239 | } |
| 240 | break; | 240 | break; |
| 241 | case ACL_GROUP: | 241 | case ACL_GROUP: |
| 242 | if (in_group_p(pa->e_id)) { | 242 | if (in_group_p(pa->e_gid)) { |
| 243 | found = 1; | 243 | found = 1; |
| 244 | if ((pa->e_perm & want) == want) | 244 | if ((pa->e_perm & want) == want) |
| 245 | goto mask; | 245 | goto mask; |