Root/
1 | /* AFS security handling |
2 | * |
3 | * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * |
6 | * This program is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU General Public License |
8 | * as published by the Free Software Foundation; either version |
9 | * 2 of the License, or (at your option) any later version. |
10 | */ |
11 | |
12 | #include <linux/init.h> |
13 | #include <linux/slab.h> |
14 | #include <linux/fs.h> |
15 | #include <linux/ctype.h> |
16 | #include <linux/sched.h> |
17 | #include <keys/rxrpc-type.h> |
18 | #include "internal.h" |
19 | |
20 | /* |
21 | * get a key |
22 | */ |
23 | struct key *afs_request_key(struct afs_cell *cell) |
24 | { |
25 | struct key *key; |
26 | |
27 | _enter("{%x}", key_serial(cell->anonymous_key)); |
28 | |
29 | _debug("key %s", cell->anonymous_key->description); |
30 | key = request_key(&key_type_rxrpc, cell->anonymous_key->description, |
31 | NULL); |
32 | if (IS_ERR(key)) { |
33 | if (PTR_ERR(key) != -ENOKEY) { |
34 | _leave(" = %ld", PTR_ERR(key)); |
35 | return key; |
36 | } |
37 | |
38 | /* act as anonymous user */ |
39 | _leave(" = {%x} [anon]", key_serial(cell->anonymous_key)); |
40 | return key_get(cell->anonymous_key); |
41 | } else { |
42 | /* act as authorised user */ |
43 | _leave(" = {%x} [auth]", key_serial(key)); |
44 | return key; |
45 | } |
46 | } |
47 | |
48 | /* |
49 | * dispose of a permits list |
50 | */ |
51 | void afs_zap_permits(struct rcu_head *rcu) |
52 | { |
53 | struct afs_permits *permits = |
54 | container_of(rcu, struct afs_permits, rcu); |
55 | int loop; |
56 | |
57 | _enter("{%d}", permits->count); |
58 | |
59 | for (loop = permits->count - 1; loop >= 0; loop--) |
60 | key_put(permits->permits[loop].key); |
61 | kfree(permits); |
62 | } |
63 | |
64 | /* |
65 | * dispose of a permits list in which all the key pointers have been copied |
66 | */ |
67 | static void afs_dispose_of_permits(struct rcu_head *rcu) |
68 | { |
69 | struct afs_permits *permits = |
70 | container_of(rcu, struct afs_permits, rcu); |
71 | |
72 | _enter("{%d}", permits->count); |
73 | |
74 | kfree(permits); |
75 | } |
76 | |
77 | /* |
78 | * get the authorising vnode - this is the specified inode itself if it's a |
79 | * directory or it's the parent directory if the specified inode is a file or |
80 | * symlink |
81 | * - the caller must release the ref on the inode |
82 | */ |
83 | static struct afs_vnode *afs_get_auth_inode(struct afs_vnode *vnode, |
84 | struct key *key) |
85 | { |
86 | struct afs_vnode *auth_vnode; |
87 | struct inode *auth_inode; |
88 | |
89 | _enter(""); |
90 | |
91 | if (S_ISDIR(vnode->vfs_inode.i_mode)) { |
92 | auth_inode = igrab(&vnode->vfs_inode); |
93 | ASSERT(auth_inode != NULL); |
94 | } else { |
95 | auth_inode = afs_iget(vnode->vfs_inode.i_sb, key, |
96 | &vnode->status.parent, NULL, NULL); |
97 | if (IS_ERR(auth_inode)) |
98 | return ERR_CAST(auth_inode); |
99 | } |
100 | |
101 | auth_vnode = AFS_FS_I(auth_inode); |
102 | _leave(" = {%x}", auth_vnode->fid.vnode); |
103 | return auth_vnode; |
104 | } |
105 | |
106 | /* |
107 | * clear the permit cache on a directory vnode |
108 | */ |
109 | void afs_clear_permits(struct afs_vnode *vnode) |
110 | { |
111 | struct afs_permits *permits; |
112 | |
113 | _enter("{%x:%u}", vnode->fid.vid, vnode->fid.vnode); |
114 | |
115 | mutex_lock(&vnode->permits_lock); |
116 | permits = vnode->permits; |
117 | rcu_assign_pointer(vnode->permits, NULL); |
118 | mutex_unlock(&vnode->permits_lock); |
119 | |
120 | if (permits) |
121 | call_rcu(&permits->rcu, afs_zap_permits); |
122 | _leave(""); |
123 | } |
124 | |
125 | /* |
126 | * add the result obtained for a vnode to its or its parent directory's cache |
127 | * for the key used to access it |
128 | */ |
129 | void afs_cache_permit(struct afs_vnode *vnode, struct key *key, long acl_order) |
130 | { |
131 | struct afs_permits *permits, *xpermits; |
132 | struct afs_permit *permit; |
133 | struct afs_vnode *auth_vnode; |
134 | int count, loop; |
135 | |
136 | _enter("{%x:%u},%x,%lx", |
137 | vnode->fid.vid, vnode->fid.vnode, key_serial(key), acl_order); |
138 | |
139 | auth_vnode = afs_get_auth_inode(vnode, key); |
140 | if (IS_ERR(auth_vnode)) { |
141 | _leave(" [get error %ld]", PTR_ERR(auth_vnode)); |
142 | return; |
143 | } |
144 | |
145 | mutex_lock(&auth_vnode->permits_lock); |
146 | |
147 | /* guard against a rename being detected whilst we waited for the |
148 | * lock */ |
149 | if (memcmp(&auth_vnode->fid, &vnode->status.parent, |
150 | sizeof(struct afs_fid)) != 0) { |
151 | _debug("renamed"); |
152 | goto out_unlock; |
153 | } |
154 | |
155 | /* have to be careful as the directory's callback may be broken between |
156 | * us receiving the status we're trying to cache and us getting the |
157 | * lock to update the cache for the status */ |
158 | if (auth_vnode->acl_order - acl_order > 0) { |
159 | _debug("ACL changed?"); |
160 | goto out_unlock; |
161 | } |
162 | |
163 | /* always update the anonymous mask */ |
164 | _debug("anon access %x", vnode->status.anon_access); |
165 | auth_vnode->status.anon_access = vnode->status.anon_access; |
166 | if (key == vnode->volume->cell->anonymous_key) |
167 | goto out_unlock; |
168 | |
169 | xpermits = auth_vnode->permits; |
170 | count = 0; |
171 | if (xpermits) { |
172 | /* see if the permit is already in the list |
173 | * - if it is then we just amend the list |
174 | */ |
175 | count = xpermits->count; |
176 | permit = xpermits->permits; |
177 | for (loop = count; loop > 0; loop--) { |
178 | if (permit->key == key) { |
179 | permit->access_mask = |
180 | vnode->status.caller_access; |
181 | goto out_unlock; |
182 | } |
183 | permit++; |
184 | } |
185 | } |
186 | |
187 | permits = kmalloc(sizeof(*permits) + sizeof(*permit) * (count + 1), |
188 | GFP_NOFS); |
189 | if (!permits) |
190 | goto out_unlock; |
191 | |
192 | if (xpermits) |
193 | memcpy(permits->permits, xpermits->permits, |
194 | count * sizeof(struct afs_permit)); |
195 | |
196 | _debug("key %x access %x", |
197 | key_serial(key), vnode->status.caller_access); |
198 | permits->permits[count].access_mask = vnode->status.caller_access; |
199 | permits->permits[count].key = key_get(key); |
200 | permits->count = count + 1; |
201 | |
202 | rcu_assign_pointer(auth_vnode->permits, permits); |
203 | if (xpermits) |
204 | call_rcu(&xpermits->rcu, afs_dispose_of_permits); |
205 | |
206 | out_unlock: |
207 | mutex_unlock(&auth_vnode->permits_lock); |
208 | iput(&auth_vnode->vfs_inode); |
209 | _leave(""); |
210 | } |
211 | |
212 | /* |
213 | * check with the fileserver to see if the directory or parent directory is |
214 | * permitted to be accessed with this authorisation, and if so, what access it |
215 | * is granted |
216 | */ |
217 | static int afs_check_permit(struct afs_vnode *vnode, struct key *key, |
218 | afs_access_t *_access) |
219 | { |
220 | struct afs_permits *permits; |
221 | struct afs_permit *permit; |
222 | struct afs_vnode *auth_vnode; |
223 | bool valid; |
224 | int loop, ret; |
225 | |
226 | _enter("{%x:%u},%x", |
227 | vnode->fid.vid, vnode->fid.vnode, key_serial(key)); |
228 | |
229 | auth_vnode = afs_get_auth_inode(vnode, key); |
230 | if (IS_ERR(auth_vnode)) { |
231 | *_access = 0; |
232 | _leave(" = %ld", PTR_ERR(auth_vnode)); |
233 | return PTR_ERR(auth_vnode); |
234 | } |
235 | |
236 | ASSERT(S_ISDIR(auth_vnode->vfs_inode.i_mode)); |
237 | |
238 | /* check the permits to see if we've got one yet */ |
239 | if (key == auth_vnode->volume->cell->anonymous_key) { |
240 | _debug("anon"); |
241 | *_access = auth_vnode->status.anon_access; |
242 | valid = true; |
243 | } else { |
244 | valid = false; |
245 | rcu_read_lock(); |
246 | permits = rcu_dereference(auth_vnode->permits); |
247 | if (permits) { |
248 | permit = permits->permits; |
249 | for (loop = permits->count; loop > 0; loop--) { |
250 | if (permit->key == key) { |
251 | _debug("found in cache"); |
252 | *_access = permit->access_mask; |
253 | valid = true; |
254 | break; |
255 | } |
256 | permit++; |
257 | } |
258 | } |
259 | rcu_read_unlock(); |
260 | } |
261 | |
262 | if (!valid) { |
263 | /* check the status on the file we're actually interested in |
264 | * (the post-processing will cache the result on auth_vnode) */ |
265 | _debug("no valid permit"); |
266 | |
267 | set_bit(AFS_VNODE_CB_BROKEN, &vnode->flags); |
268 | ret = afs_vnode_fetch_status(vnode, auth_vnode, key); |
269 | if (ret < 0) { |
270 | iput(&auth_vnode->vfs_inode); |
271 | *_access = 0; |
272 | _leave(" = %d", ret); |
273 | return ret; |
274 | } |
275 | *_access = vnode->status.caller_access; |
276 | } |
277 | |
278 | iput(&auth_vnode->vfs_inode); |
279 | _leave(" = 0 [access %x]", *_access); |
280 | return 0; |
281 | } |
282 | |
283 | /* |
284 | * check the permissions on an AFS file |
285 | * - AFS ACLs are attached to directories only, and a file is controlled by its |
286 | * parent directory's ACL |
287 | */ |
288 | int afs_permission(struct inode *inode, int mask, unsigned int flags) |
289 | { |
290 | struct afs_vnode *vnode = AFS_FS_I(inode); |
291 | afs_access_t uninitialized_var(access); |
292 | struct key *key; |
293 | int ret; |
294 | |
295 | if (flags & IPERM_FLAG_RCU) |
296 | return -ECHILD; |
297 | |
298 | _enter("{{%x:%u},%lx},%x,", |
299 | vnode->fid.vid, vnode->fid.vnode, vnode->flags, mask); |
300 | |
301 | key = afs_request_key(vnode->volume->cell); |
302 | if (IS_ERR(key)) { |
303 | _leave(" = %ld [key]", PTR_ERR(key)); |
304 | return PTR_ERR(key); |
305 | } |
306 | |
307 | /* if the promise has expired, we need to check the server again */ |
308 | if (!vnode->cb_promised) { |
309 | _debug("not promised"); |
310 | ret = afs_vnode_fetch_status(vnode, NULL, key); |
311 | if (ret < 0) |
312 | goto error; |
313 | _debug("new promise [fl=%lx]", vnode->flags); |
314 | } |
315 | |
316 | /* check the permits to see if we've got one yet */ |
317 | ret = afs_check_permit(vnode, key, &access); |
318 | if (ret < 0) |
319 | goto error; |
320 | |
321 | /* interpret the access mask */ |
322 | _debug("REQ %x ACC %x on %s", |
323 | mask, access, S_ISDIR(inode->i_mode) ? "dir" : "file"); |
324 | |
325 | if (S_ISDIR(inode->i_mode)) { |
326 | if (mask & MAY_EXEC) { |
327 | if (!(access & AFS_ACE_LOOKUP)) |
328 | goto permission_denied; |
329 | } else if (mask & MAY_READ) { |
330 | if (!(access & AFS_ACE_READ)) |
331 | goto permission_denied; |
332 | } else if (mask & MAY_WRITE) { |
333 | if (!(access & (AFS_ACE_DELETE | /* rmdir, unlink, rename from */ |
334 | AFS_ACE_INSERT | /* create, mkdir, symlink, rename to */ |
335 | AFS_ACE_WRITE))) /* chmod */ |
336 | goto permission_denied; |
337 | } else { |
338 | BUG(); |
339 | } |
340 | } else { |
341 | if (!(access & AFS_ACE_LOOKUP)) |
342 | goto permission_denied; |
343 | if (mask & (MAY_EXEC | MAY_READ)) { |
344 | if (!(access & AFS_ACE_READ)) |
345 | goto permission_denied; |
346 | } else if (mask & MAY_WRITE) { |
347 | if (!(access & AFS_ACE_WRITE)) |
348 | goto permission_denied; |
349 | } |
350 | } |
351 | |
352 | key_put(key); |
353 | ret = generic_permission(inode, mask, flags, NULL); |
354 | _leave(" = %d", ret); |
355 | return ret; |
356 | |
357 | permission_denied: |
358 | ret = -EACCES; |
359 | error: |
360 | key_put(key); |
361 | _leave(" = %d", ret); |
362 | return ret; |
363 | } |
364 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9