X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=fs%2Freiserfs%2Fxattr_security.c;h=7271a477c041de88251e0a9faa0286ce539eb392;hb=292ec4cf3536a5ed8809e8823341b203e497bbaf;hp=5e90a95ad60b5208d22cac6c0722fd1494af3e8a;hpb=bd4c625c061c2a38568d0add3478f59172455159;p=safe%2Fjmp%2Flinux-2.6 diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c index 5e90a95..7271a47 100644 --- a/fs/reiserfs/xattr_security.c +++ b/fs/reiserfs/xattr_security.c @@ -3,65 +3,117 @@ #include #include #include +#include #include +#include #include -#define XATTR_SECURITY_PREFIX "security." - static int -security_get(struct inode *inode, const char *name, void *buffer, size_t size) +security_get(struct dentry *dentry, const char *name, void *buffer, size_t size, + int handler_flags) { if (strlen(name) < sizeof(XATTR_SECURITY_PREFIX)) return -EINVAL; - if (is_reiserfs_priv_object(inode)) + if (IS_PRIVATE(dentry->d_inode)) return -EPERM; - return reiserfs_xattr_get(inode, name, buffer, size); + return reiserfs_xattr_get(dentry->d_inode, name, buffer, size); } static int -security_set(struct inode *inode, const char *name, const void *buffer, - size_t size, int flags) +security_set(struct dentry *dentry, const char *name, const void *buffer, + size_t size, int flags, int handler_flags) { if (strlen(name) < sizeof(XATTR_SECURITY_PREFIX)) return -EINVAL; - if (is_reiserfs_priv_object(inode)) + if (IS_PRIVATE(dentry->d_inode)) return -EPERM; - return reiserfs_xattr_set(inode, name, buffer, size, flags); + return reiserfs_xattr_set(dentry->d_inode, name, buffer, size, flags); } -static int security_del(struct inode *inode, const char *name) +static size_t security_list(struct dentry *dentry, char *list, size_t list_len, + const char *name, size_t namelen, int handler_flags) { - if (strlen(name) < sizeof(XATTR_SECURITY_PREFIX)) - return -EINVAL; + const size_t len = namelen + 1; - if (is_reiserfs_priv_object(inode)) - return -EPERM; + if (IS_PRIVATE(dentry->d_inode)) + return 0; - return 0; + if (list && len <= list_len) { + memcpy(list, name, namelen); + list[namelen] = '\0'; + } + + return len; } -static int -security_list(struct inode *inode, const char *name, int namelen, char *out) +/* Initializes the security context for a new inode and returns the number + * of blocks needed for the transaction. If successful, reiserfs_security + * must be released using reiserfs_security_free when the caller is done. */ +int reiserfs_security_init(struct inode *dir, struct inode *inode, + struct reiserfs_security_handle *sec) { - int len = namelen; + int blocks = 0; + int error; - if (is_reiserfs_priv_object(inode)) + sec->name = NULL; + + /* Don't add selinux attributes on xattrs - they'll never get used */ + if (IS_PRIVATE(dir)) return 0; - if (out) - memcpy(out, name, len); + error = security_inode_init_security(inode, dir, &sec->name, + &sec->value, &sec->length); + if (error) { + if (error == -EOPNOTSUPP) + error = 0; - return len; + sec->name = NULL; + sec->value = NULL; + sec->length = 0; + return error; + } + + if (sec->length && reiserfs_xattrs_initialized(inode->i_sb)) { + blocks = reiserfs_xattr_jcreate_nblocks(inode) + + reiserfs_xattr_nblocks(inode, sec->length); + /* We don't want to count the directories twice if we have + * a default ACL. */ + REISERFS_I(inode)->i_flags |= i_has_xattr_dir; + } + return blocks; +} + +int reiserfs_security_write(struct reiserfs_transaction_handle *th, + struct inode *inode, + struct reiserfs_security_handle *sec) +{ + int error; + if (strlen(sec->name) < sizeof(XATTR_SECURITY_PREFIX)) + return -EINVAL; + + error = reiserfs_xattr_set_handle(th, inode, sec->name, sec->value, + sec->length, XATTR_CREATE); + if (error == -ENODATA || error == -EOPNOTSUPP) + error = 0; + + return error; +} + +void reiserfs_security_free(struct reiserfs_security_handle *sec) +{ + kfree(sec->name); + kfree(sec->value); + sec->name = NULL; + sec->value = NULL; } -struct reiserfs_xattr_handler security_handler = { +struct xattr_handler reiserfs_xattr_security_handler = { .prefix = XATTR_SECURITY_PREFIX, .get = security_get, .set = security_set, - .del = security_del, .list = security_list, };