From patchwork Fri Mar 27 16:50:11 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Andreas_Gr=C3=BCnbacher?= X-Patchwork-Id: 6110511 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id CD147BF910 for ; Fri, 27 Mar 2015 17:02:44 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id DC31D2035E for ; Fri, 27 Mar 2015 17:02:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C2799203DA for ; Fri, 27 Mar 2015 17:02:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753079AbbC0RCX (ORCPT ); Fri, 27 Mar 2015 13:02:23 -0400 Received: from mail-wg0-f47.google.com ([74.125.82.47]:35997 "EHLO mail-wg0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753453AbbC0Qv5 (ORCPT ); Fri, 27 Mar 2015 12:51:57 -0400 Received: by wgra20 with SMTP id a20so105274553wgr.3; Fri, 27 Mar 2015 09:51:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:in-reply-to:references:in-reply-to :references; bh=QBWp6PTV/axWctudXZhMW/yH4SG7Hs4rX2pTvBH0cP4=; b=p3PlGgxZCblOtspMm3DXKdHMqB8E7jvt76UKdtl2TuFHWcx5kVN9756G3qmq9HmU3B RL3pDaOQmsS3XIAhZZ8GKqnlm2wq9B7QOU3wdyuTMuUmehIljKNnH4dOQQeOAJWpN64e O/UCZxrXp65c5HWt4JEg4+xOt9d/J1cfP/z8ovOzcx3zlloNdPzXv+J3crAHB1MIdTz2 Xgaex2uSUDji+oGzer/Ztn6hpz2fxCMnNIAnELDPXtfsule30C9ISLXXC03evdgwXlr2 vern4yfWBY1SSWSj0hh1svhsx/g0cc91anOdyrLnxs+5o95K8vflLkyJlx+Y3THBIBb/ PsDw== X-Received: by 10.180.104.7 with SMTP id ga7mr13999314wib.37.1427475115809; Fri, 27 Mar 2015 09:51:55 -0700 (PDT) Received: from nuc.home.com (80-110-94-70.cgn.dynamic.surfer.at. [80.110.94.70]) by mx.google.com with ESMTPSA id j7sm3592306wix.4.2015.03.27.09.51.54 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Mar 2015 09:51:55 -0700 (PDT) From: Andreas Gruenbacher X-Google-Original-From: Andreas Gruenbacher To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [RFC 13/39] richacl: Permission check algorithm Date: Fri, 27 Mar 2015 17:50:11 +0100 Message-Id: X-Mailer: git-send-email 2.1.0 In-Reply-To: References: In-Reply-To: References: Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP A richacl grants a requested access if the NFSv4 acl in the richacl grants the requested permissions (according to the NFSv4 permission check algorithm) and the file mask that applies to the process includes the requested permissions. Signed-off-by: Andreas Gruenbacher --- fs/Makefile | 2 +- fs/richacl_inode.c | 130 ++++++++++++++++++++++++++++++++++++++++++++++++ include/linux/richacl.h | 3 ++ 3 files changed, 134 insertions(+), 1 deletion(-) create mode 100644 fs/richacl_inode.c diff --git a/fs/Makefile b/fs/Makefile index 8f0a59c..bb96ad7 100644 --- a/fs/Makefile +++ b/fs/Makefile @@ -48,7 +48,7 @@ obj-$(CONFIG_SYSCTL) += drop_caches.o obj-$(CONFIG_FHANDLE) += fhandle.o obj-$(CONFIG_FS_RICHACL) += richacl.o -richacl-y := richacl_base.o +richacl-y := richacl_base.o richacl_inode.o obj-y += quota/ diff --git a/fs/richacl_inode.c b/fs/richacl_inode.c new file mode 100644 index 0000000..33e591a --- /dev/null +++ b/fs/richacl_inode.c @@ -0,0 +1,130 @@ +/* + * Copyright (C) 2010 Novell, Inc. + * Copyright (C) 2015 Red Hat, Inc. + * Written by Andreas Gruenbacher + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2, or (at your option) any + * later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + */ + +#include +#include +#include +#include +#include + +/** + * richacl_permission - richacl permission check algorithm + * @inode: inode to check + * @acl: rich acl of the inode + * @want: requested access (MAY_* flags) + * + * Checks if the current process is granted @mask flags in @acl. + */ +int +richacl_permission(struct inode *inode, const struct richacl *acl, + int want) +{ + const struct richace *ace; + unsigned int mask = richacl_want_to_mask(want); + unsigned int requested = mask, denied = 0; + int in_owning_group = in_group_p(inode->i_gid); + int in_owner_or_group_class = in_owning_group; + + /* + * We don't need to know which class the process is in when the acl is + * not masked. + */ + if (!(acl->a_flags & RICHACL_MASKED)) + in_owner_or_group_class = 1; + + /* + * A process is + * - in the owner file class if it owns the file, + * - in the group file class if it is in the file's owning group or + * it matches any of the user or group entries, and + * - in the other file class otherwise. + */ + + /* + * Check if the acl grants the requested access and determine which + * file class the process is in. + */ + richacl_for_each_entry(ace, acl) { + unsigned int ace_mask = ace->e_mask; + + if (richace_is_inherit_only(ace)) + continue; + if (richace_is_owner(ace)) { + if (!uid_eq(current_fsuid(), inode->i_uid)) + continue; + goto is_owner; + } else if (richace_is_group(ace)) { + if (!in_owning_group) + continue; + } else if (richace_is_unix_id(ace)) { + if (ace->e_flags & RICHACE_IDENTIFIER_GROUP) { + if (!in_group_p(ace->e_id.gid)) + continue; + } else { + if (!uid_eq(current_fsuid(), ace->e_id.uid)) + continue; + } + } else + goto is_everyone; + + /* + * Apply the group file mask to entries other than OWNER@ and + * EVERYONE@. This is not required for correct access checking + * but ensures that we grant the same permissions as the acl + * computed by richacl_apply_masks() would grant. + */ + if ((acl->a_flags & RICHACL_MASKED) && richace_is_allow(ace)) + ace_mask &= acl->a_group_mask; + +is_owner: + /* The process is in the owner or group file class. */ + in_owner_or_group_class = 1; + +is_everyone: + /* Check which mask flags the ACE allows or denies. */ + if (richace_is_deny(ace)) + denied |= ace_mask & mask; + mask &= ~ace_mask; + + /* + * Keep going until we know which file class + * the process is in. + */ + if (!mask && in_owner_or_group_class) + break; + } + denied |= mask; + + if (acl->a_flags & RICHACL_MASKED) { + unsigned int file_mask; + + /* + * The file class a process is in determines which file mask + * applies. Check if that file mask also grants the requested + * access. + */ + if (uid_eq(current_fsuid(), inode->i_uid)) + file_mask = acl->a_owner_mask; + else if (in_owner_or_group_class) + file_mask = acl->a_group_mask; + else + file_mask = acl->a_other_mask; + denied |= requested & ~file_mask; + } + + return denied ? -EACCES : 0; +} +EXPORT_SYMBOL_GPL(richacl_permission); diff --git a/include/linux/richacl.h b/include/linux/richacl.h index 5f5ac81..997b885 100644 --- a/include/linux/richacl.h +++ b/include/linux/richacl.h @@ -291,4 +291,7 @@ extern unsigned int richacl_want_to_mask(unsigned int); extern void richacl_compute_max_masks(struct richacl *); extern struct richacl *richacl_chmod(struct richacl *, mode_t); +/* richacl_inode.c */ +extern int richacl_permission(struct inode *, const struct richacl *, int); + #endif /* __RICHACL_H */