]>
Commit | Line | Data |
---|---|---|
72de82cf AM |
1 | |
2 | =========================================================================== | |
3 | linux/fs/xfs/xfs_attr.c | |
4 | =========================================================================== | |
5 | ||
6 | --- /usr/tmp/TmpDir.24546-0/linux/fs/xfs/xfs_attr.c_1.112 2003-12-12 15:56:46.000000000 +1100 | |
7 | +++ linux/fs/xfs/xfs_attr.c 2003-12-12 15:44:59.696535760 +1100 | |
8 | @@ -2651,6 +2651,16 @@ | |
9 | .attr_capable = attr_trusted_capable, | |
10 | }; | |
11 | ||
12 | +struct attrnames attr_secure = { | |
13 | + .attr_name = "security.", | |
14 | + .attr_namelen = sizeof("security.") - 1, | |
15 | + .attr_flag = ATTR_SECURE, | |
16 | + .attr_capable = (attrcapable_t)fs_noerr, | |
17 | + .attr_get = attr_generic_get, | |
18 | + .attr_set = attr_generic_set, | |
19 | + .attr_remove = attr_generic_remove, | |
20 | +}; | |
21 | + | |
22 | struct attrnames attr_user = { | |
23 | .attr_name = "user.", | |
24 | .attr_namelen = sizeof("user.") - 1, | |
25 | @@ -2661,4 +2671,4 @@ | |
26 | }; | |
27 | ||
28 | struct attrnames *attr_namespaces[] = | |
29 | - { &attr_system, &attr_trusted, &attr_user }; | |
30 | + { &attr_system, &attr_trusted, &attr_secure, &attr_user }; | |
31 | ||
32 | =========================================================================== | |
33 | linux/fs/xfs/xfs_attr.h | |
34 | =========================================================================== | |
35 | ||
36 | --- /usr/tmp/TmpDir.24546-0/linux/fs/xfs/xfs_attr.h_1.28 2003-12-12 15:56:46.000000000 +1100 | |
37 | +++ linux/fs/xfs/xfs_attr.h 2003-12-12 15:45:04.047874256 +1100 | |
38 | @@ -69,8 +69,9 @@ | |
39 | attrcapable_t attr_capable; | |
40 | } attrnames_t; | |
41 | ||
42 | -#define ATTR_NAMECOUNT 3 | |
43 | +#define ATTR_NAMECOUNT 4 | |
44 | extern struct attrnames attr_user; | |
45 | +extern struct attrnames attr_secure; | |
46 | extern struct attrnames attr_system; | |
47 | extern struct attrnames attr_trusted; | |
48 | extern struct attrnames *attr_namespaces[ATTR_NAMECOUNT]; | |
49 | @@ -86,6 +87,7 @@ | |
50 | #define ATTR_DONTFOLLOW 0x0001 /* -- unused, from IRIX -- */ | |
51 | #define ATTR_ROOT 0x0002 /* use attrs in root (trusted) namespace */ | |
52 | #define ATTR_TRUST 0x0004 /* -- unused, from IRIX -- */ | |
53 | +#define ATTR_SECURE 0x0008 /* use attrs in security namespace */ | |
54 | #define ATTR_CREATE 0x0010 /* pure create: fail if attr already exists */ | |
55 | #define ATTR_REPLACE 0x0020 /* pure set: fail if attr does not exist */ | |
56 | #define ATTR_SYSTEM 0x0100 /* use attrs in system (pseudo) namespace */ | |
57 | ||
58 | =========================================================================== | |
59 | linux/fs/xfs/xfs_attr_leaf.c | |
60 | =========================================================================== | |
61 | ||
62 | --- /usr/tmp/TmpDir.24546-0/linux/fs/xfs/xfs_attr_leaf.c_1.75 2003-12-12 15:56:46.000000000 +1100 | |
63 | +++ linux/fs/xfs/xfs_attr_leaf.c 2003-12-12 15:45:07.675322800 +1100 | |
64 | @@ -159,6 +159,9 @@ | |
65 | continue; | |
66 | if (memcmp(args->name, sfe->nameval, args->namelen) != 0) | |
67 | continue; | |
68 | + if (((args->flags & ATTR_SECURE) != 0) != | |
69 | + ((sfe->flags & XFS_ATTR_SECURE) != 0)) | |
70 | + continue; | |
71 | if (((args->flags & ATTR_ROOT) != 0) != | |
72 | ((sfe->flags & XFS_ATTR_ROOT) != 0)) | |
73 | continue; | |
74 | @@ -173,7 +176,8 @@ | |
75 | ||
76 | sfe->namelen = args->namelen; | |
77 | INT_SET(sfe->valuelen, ARCH_CONVERT, args->valuelen); | |
78 | - sfe->flags = (args->flags & ATTR_ROOT) ? XFS_ATTR_ROOT : 0; | |
79 | + sfe->flags = (args->flags & ATTR_SECURE) ? XFS_ATTR_SECURE : | |
80 | + ((args->flags & ATTR_ROOT) ? XFS_ATTR_ROOT : 0); | |
81 | memcpy(sfe->nameval, args->name, args->namelen); | |
82 | memcpy(&sfe->nameval[args->namelen], args->value, args->valuelen); | |
83 | INT_MOD(sf->hdr.count, ARCH_CONVERT, 1); | |
84 | @@ -209,6 +213,9 @@ | |
85 | continue; | |
86 | if (memcmp(sfe->nameval, args->name, args->namelen) != 0) | |
87 | continue; | |
88 | + if (((args->flags & ATTR_SECURE) != 0) != | |
89 | + ((sfe->flags & XFS_ATTR_SECURE) != 0)) | |
90 | + continue; | |
91 | if (((args->flags & ATTR_ROOT) != 0) != | |
92 | ((sfe->flags & XFS_ATTR_ROOT) != 0)) | |
93 | continue; | |
94 | @@ -253,6 +260,9 @@ | |
95 | continue; | |
96 | if (memcmp(args->name, sfe->nameval, args->namelen) != 0) | |
97 | continue; | |
98 | + if (((args->flags & ATTR_SECURE) != 0) != | |
99 | + ((sfe->flags & XFS_ATTR_SECURE) != 0)) | |
100 | + continue; | |
101 | if (((args->flags & ATTR_ROOT) != 0) != | |
102 | ((sfe->flags & XFS_ATTR_ROOT) != 0)) | |
103 | continue; | |
104 | @@ -281,6 +291,9 @@ | |
105 | continue; | |
106 | if (memcmp(args->name, sfe->nameval, args->namelen) != 0) | |
107 | continue; | |
108 | + if (((args->flags & ATTR_SECURE) != 0) != | |
109 | + ((sfe->flags & XFS_ATTR_SECURE) != 0)) | |
110 | + continue; | |
111 | if (((args->flags & ATTR_ROOT) != 0) != | |
112 | ((sfe->flags & XFS_ATTR_ROOT) != 0)) | |
113 | continue; | |
114 | @@ -369,7 +382,8 @@ | |
115 | nargs.valuelen = INT_GET(sfe->valuelen, ARCH_CONVERT); | |
116 | nargs.hashval = xfs_da_hashname((char *)sfe->nameval, | |
117 | sfe->namelen); | |
118 | - nargs.flags = (sfe->flags & XFS_ATTR_ROOT) ? ATTR_ROOT : 0; | |
119 | + nargs.flags = (sfe->flags & XFS_ATTR_SECURE) ? ATTR_SECURE : | |
120 | + ((sfe->flags & XFS_ATTR_ROOT) ? ATTR_ROOT : 0); | |
121 | error = xfs_attr_leaf_lookup_int(bp, &nargs); /* set a->index */ | |
122 | ASSERT(error == ENOATTR); | |
123 | error = xfs_attr_leaf_add(bp, &nargs); | |
124 | @@ -446,14 +460,15 @@ | |
125 | i < INT_GET(sf->hdr.count, ARCH_CONVERT); i++) { | |
126 | attrnames_t *namesp; | |
127 | ||
128 | - namesp = (sfe->flags & XFS_ATTR_ROOT) ? &attr_trusted : | |
129 | - &attr_user; | |
130 | if (((context->flags & ATTR_ROOT) != 0) != | |
131 | ((sfe->flags & XFS_ATTR_ROOT) != 0) && | |
132 | !(context->flags & ATTR_KERNFULLS)) { | |
133 | sfe = XFS_ATTR_SF_NEXTENTRY(sfe); | |
134 | continue; | |
135 | } | |
136 | + namesp = (sfe->flags & XFS_ATTR_ROOT) ? &attr_trusted : | |
137 | + ((sfe->flags & XFS_ATTR_SECURE) ? &attr_secure : | |
138 | + &attr_user); | |
139 | if (context->flags & ATTR_KERNOVAL) { | |
140 | ASSERT(context->flags & ATTR_KERNAMELS); | |
141 | context->count += namesp->attr_namelen + | |
142 | @@ -549,7 +564,8 @@ | |
143 | attrnames_t *namesp; | |
144 | ||
145 | namesp = (sfe->flags & XFS_ATTR_ROOT) ? &attr_trusted : | |
146 | - &attr_user; | |
147 | + ((sfe->flags & XFS_ATTR_SECURE) ? &attr_secure : | |
148 | + &attr_user); | |
149 | ||
150 | if (cursor->hashval != INT_GET(sbp->hash, ARCH_CONVERT)) { | |
151 | cursor->hashval = INT_GET(sbp->hash, ARCH_CONVERT); | |
152 | @@ -668,7 +684,8 @@ | |
153 | nargs.value = (char *)&name_loc->nameval[nargs.namelen]; | |
154 | nargs.valuelen = INT_GET(name_loc->valuelen, ARCH_CONVERT); | |
155 | nargs.hashval = INT_GET(entry->hashval, ARCH_CONVERT); | |
156 | - nargs.flags = (entry->flags & XFS_ATTR_ROOT) ? ATTR_ROOT : 0; | |
157 | + nargs.flags = (entry->flags & XFS_ATTR_SECURE) ? ATTR_SECURE : | |
158 | + ((entry->flags & XFS_ATTR_ROOT) ? ATTR_ROOT : 0); | |
159 | xfs_attr_shortform_add(&nargs); | |
160 | } | |
161 | error = 0; | |
162 | @@ -963,7 +980,8 @@ | |
163 | + INT_GET(map->size, ARCH_CONVERT)); | |
164 | INT_SET(entry->hashval, ARCH_CONVERT, args->hashval); | |
165 | entry->flags = tmp ? XFS_ATTR_LOCAL : 0; | |
166 | - entry->flags |= (args->flags & ATTR_ROOT) ? XFS_ATTR_ROOT : 0; | |
167 | + entry->flags |= (args->flags & ATTR_SECURE) ? XFS_ATTR_SECURE : | |
168 | + ((args->flags & ATTR_ROOT) ? XFS_ATTR_ROOT : 0); | |
169 | if (args->rename) { | |
170 | entry->flags |= XFS_ATTR_INCOMPLETE; | |
171 | if ((args->blkno2 == args->blkno) && | |
172 | @@ -1881,6 +1899,9 @@ | |
173 | if (memcmp(args->name, (char *)name_loc->nameval, | |
174 | args->namelen) != 0) | |
175 | continue; | |
176 | + if (((args->flags & ATTR_SECURE) != 0) != | |
177 | + ((entry->flags & XFS_ATTR_SECURE) != 0)) | |
178 | + continue; | |
179 | if (((args->flags & ATTR_ROOT) != 0) != | |
180 | ((entry->flags & XFS_ATTR_ROOT) != 0)) | |
181 | continue; | |
182 | @@ -1893,6 +1914,9 @@ | |
183 | if (memcmp(args->name, (char *)name_rmt->name, | |
184 | args->namelen) != 0) | |
185 | continue; | |
186 | + if (((args->flags & ATTR_SECURE) != 0) != | |
187 | + ((entry->flags & XFS_ATTR_SECURE) != 0)) | |
188 | + continue; | |
189 | if (((args->flags & ATTR_ROOT) != 0) != | |
190 | ((entry->flags & XFS_ATTR_ROOT) != 0)) | |
191 | continue; | |
192 | @@ -2291,7 +2315,8 @@ | |
193 | continue; /* skip non-matching entries */ | |
194 | ||
195 | namesp = (entry->flags & XFS_ATTR_ROOT) ? &attr_trusted : | |
196 | - &attr_user; | |
197 | + ((entry->flags & XFS_ATTR_SECURE) ? &attr_secure : | |
198 | + &attr_user); | |
199 | ||
200 | if (entry->flags & XFS_ATTR_LOCAL) { | |
201 | name_loc = XFS_ATTR_LEAF_NAME_LOCAL(leaf, i); | |
202 | ||
203 | =========================================================================== | |
204 | linux/fs/xfs/xfs_attr_leaf.h | |
205 | =========================================================================== | |
206 | ||
207 | --- /usr/tmp/TmpDir.24546-0/linux/fs/xfs/xfs_attr_leaf.h_1.33 2003-12-12 15:56:46.000000000 +1100 | |
208 | +++ linux/fs/xfs/xfs_attr_leaf.h 2003-12-12 15:45:11.415754168 +1100 | |
209 | @@ -73,9 +73,9 @@ | |
210 | * to work "forw"ard. If none matches, continue with the "forw"ard leaf | |
211 | * nodes until the hash key changes or the attribute name is found. | |
212 | * | |
213 | - * We store the fact that an attribute is a ROOT versus USER attribute in | |
214 | + * We store the fact that an attribute is a ROOT/USER/SECURE attribute in | |
215 | * the leaf_entry. The namespaces are independent only because we also look | |
216 | - * at the root/user bit when we are looking for a matching attribute name. | |
217 | + * at the namespace bit when we are looking for a matching attribute name. | |
218 | * | |
219 | * We also store a "incomplete" bit in the leaf_entry. It shows that an | |
220 | * attribute is in the middle of being created and should not be shown to | |
221 | @@ -102,7 +102,7 @@ | |
222 | struct xfs_attr_leaf_entry { /* sorted on key, not name */ | |
223 | xfs_dahash_t hashval; /* hash value of name */ | |
224 | __uint16_t nameidx; /* index into buffer of name/value */ | |
225 | - __uint8_t flags; /* LOCAL, ROOT and INCOMPLETE flags */ | |
226 | + __uint8_t flags; /* LOCAL/ROOT/SECURE/INCOMPLETE flag */ | |
227 | __uint8_t pad2; /* unused pad byte */ | |
228 | } entries[1]; /* variable sized array */ | |
229 | struct xfs_attr_leaf_name_local { | |
230 | @@ -130,9 +130,11 @@ | |
231 | */ | |
232 | #define XFS_ATTR_LOCAL_BIT 0 /* attr is stored locally */ | |
233 | #define XFS_ATTR_ROOT_BIT 1 /* limit access to trusted attrs */ | |
234 | +#define XFS_ATTR_SECURE_BIT 2 /* limit access to secure attrs */ | |
235 | #define XFS_ATTR_INCOMPLETE_BIT 7 /* attr in middle of create/delete */ | |
236 | #define XFS_ATTR_LOCAL (1 << XFS_ATTR_LOCAL_BIT) | |
237 | #define XFS_ATTR_ROOT (1 << XFS_ATTR_ROOT_BIT) | |
238 | +#define XFS_ATTR_SECURE (1 << XFS_ATTR_SECURE_BIT) | |
239 | #define XFS_ATTR_INCOMPLETE (1 << XFS_ATTR_INCOMPLETE_BIT) | |
240 | ||
241 | /* | |
242 | ||
243 | =========================================================================== | |
244 | linux/fs/xfs/xfsidbg.c | |
245 | =========================================================================== | |
246 | ||
247 | --- /usr/tmp/TmpDir.24546-0/linux/fs/xfs/xfsidbg.c_1.250 2003-12-12 15:56:46.000000000 +1100 | |
248 | +++ linux/fs/xfs/xfsidbg.c 2003-12-12 15:45:15.532128384 +1100 | |
249 | @@ -3178,7 +3178,7 @@ | |
250 | "DONTFOLLOW", /* 0x0001 */ | |
251 | "ROOT", /* 0x0002 */ | |
252 | "TRUSTED", /* 0x0004 */ | |
253 | - "?", /* 0x0008 */ | |
254 | + "SECURE", /* 0x0008 */ | |
255 | "CREATE", /* 0x0010 */ | |
256 | "REPLACE", /* 0x0020 */ | |
257 | "?", /* 0x0040 */ | |
258 | @@ -4791,9 +4791,12 @@ | |
259 | kdb_printf("LOCAL "); | |
260 | if (e->flags & XFS_ATTR_ROOT) | |
261 | kdb_printf("ROOT "); | |
262 | + if (e->flags & XFS_ATTR_SECURE) | |
263 | + kdb_printf("SECURE "); | |
264 | if (e->flags & XFS_ATTR_INCOMPLETE) | |
265 | kdb_printf("INCOMPLETE "); | |
266 | - k = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_INCOMPLETE); | |
267 | + k = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | | |
268 | + XFS_ATTR_SECURE | XFS_ATTR_INCOMPLETE); | |
269 | if ((e->flags & k) != 0) | |
270 | kdb_printf("0x%x", e->flags & k); | |
271 | kdb_printf(">\n name \""); | |
272 | @@ -5652,13 +5655,16 @@ | |
273 | (uint_t)n->hashval, n->whichfork); | |
274 | if (n->flags & ATTR_ROOT) | |
275 | kdb_printf("ROOT "); | |
276 | + if (n->flags & ATTR_SECURE) | |
277 | + kdb_printf("SECURE "); | |
278 | if (n->flags & ATTR_CREATE) | |
279 | kdb_printf("CREATE "); | |
280 | if (n->flags & ATTR_REPLACE) | |
281 | kdb_printf("REPLACE "); | |
282 | if (n->flags & XFS_ATTR_INCOMPLETE) | |
283 | kdb_printf("INCOMPLETE "); | |
284 | - i = ~(ATTR_ROOT | ATTR_CREATE | ATTR_REPLACE | XFS_ATTR_INCOMPLETE); | |
285 | + i = ~(ATTR_ROOT | ATTR_SECURE | | |
286 | + ATTR_CREATE | ATTR_REPLACE | XFS_ATTR_INCOMPLETE); | |
287 | if ((n->flags & i) != 0) | |
288 | kdb_printf("0x%x", n->flags & i); | |
289 | kdb_printf(">\n"); |