inode_maybe_inc_iversion(dir, false);
}
-/**
+/*
* Mark the attributes as stale due to an atime change. Avoid the invalidate if
* atime is not used.
*/
}
static int get_security_context(struct dentry *entry, umode_t mode,
- void **security_ctx, u32 *security_ctxlen)
+ struct fuse_in_arg *ext)
{
struct fuse_secctx *fctx;
struct fuse_secctx_header *header;
memcpy(ptr, ctx, ctxlen);
}
- *security_ctxlen = total_len;
- *security_ctx = header;
+ ext->size = total_len;
+ ext->value = header;
err = 0;
out_err:
kfree(ctx);
return err;
}
+static void *extend_arg(struct fuse_in_arg *buf, u32 bytes)
+{
+ void *p;
+ u32 newlen = buf->size + bytes;
+
+ p = krealloc(buf->value, newlen, GFP_KERNEL);
+ if (!p) {
+ kfree(buf->value);
+ buf->size = 0;
+ buf->value = NULL;
+ return NULL;
+ }
+
+ memset(p + buf->size, 0, bytes);
+ buf->value = p;
+ buf->size = newlen;
+
+ return p + newlen - bytes;
+}
+
+static u32 fuse_ext_size(size_t size)
+{
+ return FUSE_REC_ALIGN(sizeof(struct fuse_ext_header) + size);
+}
+
+/*
+ * This adds just a single supplementary group that matches the parent's group.
+ */
+static int get_create_supp_group(struct inode *dir, struct fuse_in_arg *ext)
+{
+ struct fuse_conn *fc = get_fuse_conn(dir);
+ struct fuse_ext_header *xh;
+ struct fuse_supp_groups *sg;
+ kgid_t kgid = dir->i_gid;
+ gid_t parent_gid = from_kgid(fc->user_ns, kgid);
+ u32 sg_len = fuse_ext_size(sizeof(*sg) + sizeof(sg->groups[0]));
+
+ if (parent_gid == (gid_t) -1 || gid_eq(kgid, current_fsgid()) ||
+ !in_group_p(kgid))
+ return 0;
+
+ xh = extend_arg(ext, sg_len);
+ if (!xh)
+ return -ENOMEM;
+
+ xh->size = sg_len;
+ xh->type = FUSE_EXT_GROUPS;
+
+ sg = (struct fuse_supp_groups *) &xh[1];
+ sg->nr_groups = 1;
+ sg->groups[0] = parent_gid;
+
+ return 0;
+}
+
+static int get_create_ext(struct fuse_args *args,
+ struct inode *dir, struct dentry *dentry,
+ umode_t mode)
+{
+ struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
+ struct fuse_in_arg ext = { .size = 0, .value = NULL };
+ int err = 0;
+
+ if (fc->init_security)
+ err = get_security_context(dentry, mode, &ext);
+ if (!err && fc->create_supp_group)
+ err = get_create_supp_group(dir, &ext);
+
+ if (!err && ext.size) {
+ WARN_ON(args->in_numargs >= ARRAY_SIZE(args->in_args));
+ args->is_ext = true;
+ args->ext_idx = args->in_numargs++;
+ args->in_args[args->ext_idx] = ext;
+ } else {
+ kfree(ext.value);
+ }
+
+ return err;
+}
+
+static void free_ext_value(struct fuse_args *args)
+{
+ if (args->is_ext)
+ kfree(args->in_args[args->ext_idx].value);
+}
+
/*
* Atomic create+open operation
*
struct fuse_entry_out outentry;
struct fuse_inode *fi;
struct fuse_file *ff;
- void *security_ctx = NULL;
- u32 security_ctxlen;
bool trunc = flags & O_TRUNC;
/* Userspace expects S_IFREG in create mode */
args.out_args[1].size = sizeof(outopen);
args.out_args[1].value = &outopen;
- if (fm->fc->init_security) {
- err = get_security_context(entry, mode, &security_ctx,
- &security_ctxlen);
- if (err)
- goto out_put_forget_req;
-
- args.in_numargs = 3;
- args.in_args[2].size = security_ctxlen;
- args.in_args[2].value = security_ctx;
- }
+ err = get_create_ext(&args, dir, entry, mode);
+ if (err)
+ goto out_put_forget_req;
err = fuse_simple_request(fm, &args);
- kfree(security_ctx);
+ free_ext_value(&args);
if (err)
goto out_free_ff;
struct dentry *d;
int err;
struct fuse_forget_link *forget;
- void *security_ctx = NULL;
- u32 security_ctxlen;
if (fuse_is_bad(dir))
return -EIO;
args->out_args[0].size = sizeof(outarg);
args->out_args[0].value = &outarg;
- if (fm->fc->init_security && args->opcode != FUSE_LINK) {
- err = get_security_context(entry, mode, &security_ctx,
- &security_ctxlen);
+ if (args->opcode != FUSE_LINK) {
+ err = get_create_ext(args, dir, entry, mode);
if (err)
goto out_put_forget_req;
-
- BUG_ON(args->in_numargs != 2);
-
- args->in_numargs = 3;
- args->in_args[2].size = security_ctxlen;
- args->in_args[2].value = security_ctx;
}
err = fuse_simple_request(fm, args);
- kfree(security_ctx);
+ free_ext_value(args);
if (err)
goto out_put_forget_req;
projects / linux-2.6-block.git / blobdiff