lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5368ACC7.4040605@gmail.com>
Date:	Tue, 06 May 2014 17:35:03 +0800
From:	Kinglong Mee <kinglongmee@...il.com>
To:	"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>,
	agruen@...nel.org, bfields@...ldses.org, akpm@...ux-foundation.org,
	viro@...iv.linux.org.uk, dhowells@...hat.com
CC:	linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH -V1 10/22] richacl: In-memory representation and helper
 functions


于 4/28/2014 00:14, Aneesh Kumar K.V 写道:
> From: Andreas Gruenbacher <agruen@...nel.org>
> 
> A richacl consists of an NFSv4 acl and an owner, group, and other mask.
> These three masks correspond to the owner, group, and other file
> permission bits, but they contain NFSv4 permissions instead of POSIX
> permissions.
> 
> Each entry in the NFSv4 acl applies to the file owner (OWNER@), the
> owning group (GROUP@), literally everyone (EVERYONE@), or to a specific
> uid or gid.
> 
> As in the standard POSIX file permission model, each process is the
> owner, group, or other file class.  A richacl grants a requested access
> only if the NFSv4 acl in the richacl grants the access (according to the
> NFSv4 permission check algorithm), and the file mask that applies to the
> process includes the requested permissions.
> 
> Signed-off-by: Andreas Gruenbacher <agruen@...nel.org>
> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@...ux.vnet.ibm.com>
> ---
>  fs/Makefile             |   2 +
>  fs/richacl_base.c       |  69 ++++++++++++++
>  include/linux/richacl.h | 237 ++++++++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 308 insertions(+)
>  create mode 100644 fs/richacl_base.c
>  create mode 100644 include/linux/richacl.h
> 
> diff --git a/fs/Makefile b/fs/Makefile
> index f9cb9876e466..5b7ed5d022ec 100644
> --- a/fs/Makefile
> +++ b/fs/Makefile
> @@ -48,6 +48,8 @@ obj-$(CONFIG_COREDUMP)		+= coredump.o
>  obj-$(CONFIG_SYSCTL)		+= drop_caches.o
>  
>  obj-$(CONFIG_FHANDLE)		+= fhandle.o
> +obj-$(CONFIG_FS_RICHACL)	+= richacl.o
> +richacl-y			:= richacl_base.o
>  
>  obj-y				+= quota/
>  
> diff --git a/fs/richacl_base.c b/fs/richacl_base.c
> new file mode 100644
> index 000000000000..689e1a6dace7
> --- /dev/null
> +++ b/fs/richacl_base.c
> @@ -0,0 +1,69 @@
> +/*
> + * Copyright (C) 2006, 2010  Novell, Inc.
> + * Written by Andreas Gruenbacher <agruen@...nel.org>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the
> + * Free Software Foundation; either version 2, or (at your option) any
> + * later version.
> + *
> + * This program is distributed in the hope that it will be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * General Public License for more details.
> + */
> +
> +#include <linux/sched.h>
> +#include <linux/module.h>
> +#include <linux/fs.h>
> +#include <linux/richacl.h>
> +
> +MODULE_LICENSE("GPL");
> +
> +/**
> + * richacl_alloc  -  allocate a richacl
> + * @count:	number of entries
> + */
> +struct richacl *
> +richacl_alloc(int count)
> +{
> +	size_t size = sizeof(struct richacl) + count * sizeof(struct richace);
> +	struct richacl *acl = kzalloc(size, GFP_KERNEL);
> +
> +	if (acl) {
> +		atomic_set(&acl->a_refcount, 1);
> +		acl->a_count = count;
> +	}
> +	return acl;
> +}
> +EXPORT_SYMBOL_GPL(richacl_alloc);
> +
> +/**
> + * richacl_clone  -  create a copy of a richacl
> + */
> +static struct richacl *
> +richacl_clone(const struct richacl *acl)
> +{
> +	int count = acl->a_count;
> +	size_t size = sizeof(struct richacl) + count * sizeof(struct richace);
> +	struct richacl *dup = kmalloc(size, GFP_KERNEL);
> +
> +	if (dup) {
> +		memcpy(dup, acl, size);
> +		atomic_set(&dup->a_refcount, 1);
> +	}

I'd like kmemdup as posix_acl_clone.

> +	return dup;
> +}
> +
> +/**
> + * richace_is_same_identifier  -  are both identifiers the same?
> + */
> +int
> +richace_is_same_identifier(const struct richace *a, const struct richace *b)
> +{
> +#define WHO_FLAGS (ACE4_SPECIAL_WHO | ACE4_IDENTIFIER_GROUP)
> +	if ((a->e_flags & WHO_FLAGS) != (b->e_flags & WHO_FLAGS))
> +		return 0;
> +	return a->e_id == b->e_id;
> +#undef WHO_FLAGS
> +}
> diff --git a/include/linux/richacl.h b/include/linux/richacl.h
> new file mode 100644
> index 000000000000..51d6937651f1
> --- /dev/null
> +++ b/include/linux/richacl.h
> @@ -0,0 +1,237 @@
> +/*
> + * Copyright (C) 2006, 2010  Novell, Inc.
> + * Written by Andreas Gruenbacher <agruen@...nel.org>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the
> + * Free Software Foundation; either version 2, or (at your option) any
> + * later version.
> + *
> + * This program is distributed in the hope that it will be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * General Public License for more details.
> + */
> +
> +#ifndef __RICHACL_H
> +#define __RICHACL_H
> +#include <linux/slab.h>
> +
> +#define ACE_OWNER_ID		130

why start from 130 ?

> +#define ACE_GROUP_ID		131
> +#define ACE_EVERYONE_ID		110

why not 132 for ACE_EVERYONE_ID?

> +
> +struct richace {
> +	unsigned short	e_type;
> +	unsigned short	e_flags;
> +	unsigned int	e_mask;
> +	unsigned int	e_id;
> +};
> +
> +struct richacl {
> +	atomic_t	a_refcount;
> +	unsigned int	a_owner_mask;
> +	unsigned int	a_group_mask;
> +	unsigned int	a_other_mask;
> +	unsigned short	a_count;
> +	unsigned short	a_flags;
> +	struct richace	a_entries[0];
> +};
> +
> +#define richacl_for_each_entry(_ace, _acl) \
> +	for (_ace = _acl->a_entries; \
> +	     _ace != _acl->a_entries + _acl->a_count; \
> +	     _ace++)
> +
> +#define richacl_for_each_entry_reverse(_ace, _acl) \
> +	for (_ace = _acl->a_entries + _acl->a_count - 1; \
> +	     _ace != _acl->a_entries - 1; \
> +	     _ace--)
> +
> +/* Flag values defined by rich-acl */
> +#define ACL4_MASKED			0x80

For rich-acl, should not using ACL4_*** or ACE4_***.

thanks,
Kinglong Mee

> +
> +#define ACL4_VALID_FLAGS (			\
> +		ACL4_MASKED)
> +
> +/* e_type values */
> +#define ACE4_ACCESS_ALLOWED_ACE_TYPE	0x0000
> +#define ACE4_ACCESS_DENIED_ACE_TYPE	0x0001
> +/*#define ACE4_SYSTEM_AUDIT_ACE_TYPE	0x0002*/
> +/*#define ACE4_SYSTEM_ALARM_ACE_TYPE	0x0003*/
> +
> +/* e_flags bitflags */
> +#define ACE4_FILE_INHERIT_ACE		0x0001
> +#define ACE4_DIRECTORY_INHERIT_ACE	0x0002
> +#define ACE4_NO_PROPAGATE_INHERIT_ACE	0x0004
> +#define ACE4_INHERIT_ONLY_ACE		0x0008
> +/*#define ACE4_SUCCESSFUL_ACCESS_ACE_FLAG	0x0010*/
> +/*#define ACE4_FAILED_ACCESS_ACE_FLAG	0x0020*/
> +#define ACE4_IDENTIFIER_GROUP		0x0040
> +/* richacl specific flag values */
> +#define ACE4_SPECIAL_WHO		0x4000
> +
> +#define ACE4_VALID_FLAGS (			\
> +	ACE4_FILE_INHERIT_ACE |			\
> +	ACE4_DIRECTORY_INHERIT_ACE |		\
> +	ACE4_NO_PROPAGATE_INHERIT_ACE |		\
> +	ACE4_INHERIT_ONLY_ACE |			\
> +	ACE4_IDENTIFIER_GROUP |			\
> +	ACE4_SPECIAL_WHO)
> +
> +/* e_mask bitflags */
> +#define ACE4_READ_DATA			0x00000001
> +#define ACE4_LIST_DIRECTORY		0x00000001
> +#define ACE4_WRITE_DATA			0x00000002
> +#define ACE4_ADD_FILE			0x00000002
> +#define ACE4_APPEND_DATA		0x00000004
> +#define ACE4_ADD_SUBDIRECTORY		0x00000004
> +#define ACE4_READ_NAMED_ATTRS		0x00000008
> +#define ACE4_WRITE_NAMED_ATTRS		0x00000010
> +#define ACE4_EXECUTE			0x00000020
> +#define ACE4_DELETE_CHILD		0x00000040
> +#define ACE4_READ_ATTRIBUTES		0x00000080
> +#define ACE4_WRITE_ATTRIBUTES		0x00000100
> +#define ACE4_WRITE_RETENTION		0x00000200
> +#define ACE4_WRITE_RETENTION_HOLD	0x00000400
> +#define ACE4_DELETE			0x00010000
> +#define ACE4_READ_ACL			0x00020000
> +#define ACE4_WRITE_ACL			0x00040000
> +#define ACE4_WRITE_OWNER		0x00080000
> +#define ACE4_SYNCHRONIZE		0x00100000
> +
> +/* Valid ACE4_* flags for directories and non-directories */
> +#define ACE4_VALID_MASK (				\
> +	ACE4_READ_DATA | ACE4_LIST_DIRECTORY |		\
> +	ACE4_WRITE_DATA | ACE4_ADD_FILE |		\
> +	ACE4_APPEND_DATA | ACE4_ADD_SUBDIRECTORY |	\
> +	ACE4_READ_NAMED_ATTRS |				\
> +	ACE4_WRITE_NAMED_ATTRS |			\
> +	ACE4_EXECUTE |					\
> +	ACE4_DELETE_CHILD |				\
> +	ACE4_READ_ATTRIBUTES |				\
> +	ACE4_WRITE_ATTRIBUTES |				\
> +	ACE4_WRITE_RETENTION |				\
> +	ACE4_WRITE_RETENTION_HOLD |			\
> +	ACE4_DELETE |					\
> +	ACE4_READ_ACL |					\
> +	ACE4_WRITE_ACL |				\
> +	ACE4_WRITE_OWNER |				\
> +	ACE4_SYNCHRONIZE)
> +
> +/**
> + * richacl_get  -  grab another reference to a richacl handle
> + */
> +static inline struct richacl *
> +richacl_get(struct richacl *acl)
> +{
> +	if (acl)
> +		atomic_inc(&acl->a_refcount);
> +	return acl;
> +}
> +
> +/**
> + * richacl_put  -  free a richacl handle
> + */
> +static inline void
> +richacl_put(struct richacl *acl)
> +{
> +	if (acl && atomic_dec_and_test(&acl->a_refcount))
> +		kfree(acl);
> +}
> +
> +/**
> + * richace_is_owner  -  check if @ace is an OWNER@ entry
> + */
> +static inline int
> +richace_is_owner(const struct richace *ace)
> +{
> +	return (ace->e_flags & ACE4_SPECIAL_WHO) &&
> +	       ace->e_id == ACE_OWNER_ID;
> +}
> +
> +/**
> + * richace_is_group  -  check if @ace is a GROUP@ entry
> + */
> +static inline int
> +richace_is_group(const struct richace *ace)
> +{
> +	return (ace->e_flags & ACE4_SPECIAL_WHO) &&
> +	       ace->e_id == ACE_GROUP_ID;
> +}
> +
> +/**
> + * richace_is_everyone  -  check if @ace is an EVERYONE@ entry
> + */
> +static inline int
> +richace_is_everyone(const struct richace *ace)
> +{
> +	return (ace->e_flags & ACE4_SPECIAL_WHO) &&
> +	       ace->e_id == ACE_EVERYONE_ID;
> +}
> +
> +/**
> + * richace_is_unix_id  -  check if @ace applies to a specific uid or gid
> + */
> +static inline int
> +richace_is_unix_id(const struct richace *ace)
> +{
> +	return !(ace->e_flags & ACE4_SPECIAL_WHO);
> +}
> +
> +/**
> + * richace_is_inherit_only  -  check if @ace is for inheritance only
> + *
> + * ACEs with the %ACE4_INHERIT_ONLY_ACE flag set have no effect during
> + * permission checking.
> + */
> +static inline int
> +richace_is_inherit_only(const struct richace *ace)
> +{
> +	return ace->e_flags & ACE4_INHERIT_ONLY_ACE;
> +}
> +
> +/**
> + * richace_is_inheritable  -  check if @ace is inheritable
> + */
> +static inline int
> +richace_is_inheritable(const struct richace *ace)
> +{
> +	return ace->e_flags & (ACE4_FILE_INHERIT_ACE |
> +			       ACE4_DIRECTORY_INHERIT_ACE);
> +}
> +
> +/**
> + * richace_clear_inheritance_flags  - clear all inheritance flags in @ace
> + */
> +static inline void
> +richace_clear_inheritance_flags(struct richace *ace)
> +{
> +	ace->e_flags &= ~(ACE4_FILE_INHERIT_ACE |
> +			  ACE4_DIRECTORY_INHERIT_ACE |
> +			  ACE4_NO_PROPAGATE_INHERIT_ACE |
> +			  ACE4_INHERIT_ONLY_ACE);
> +}
> +
> +/**
> + * richace_is_allow  -  check if @ace is an %ALLOW type entry
> + */
> +static inline int
> +richace_is_allow(const struct richace *ace)
> +{
> +	return ace->e_type == ACE4_ACCESS_ALLOWED_ACE_TYPE;
> +}
> +
> +/**
> + * richace_is_deny  -  check if @ace is a %DENY type entry
> + */
> +static inline int
> +richace_is_deny(const struct richace *ace)
> +{
> +	return ace->e_type == ACE4_ACCESS_DENIED_ACE_TYPE;
> +}
> +
> +extern struct richacl *richacl_alloc(int);
> +extern int richace_is_same_identifier(const struct richace *,
> +				      const struct richace *);
> +#endif /* __RICHACL_H */
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ