Hi,
As part of the Linux move to NFSv3, I'd like very much to be able
to implement the NFSPROC3_ACCESS method of permissions checking as a
VFS callback. As usual, in NFS, this means that we'd like to use the
file handle that is cached in the dentry.
The advantages of implementing this in the case of NFSv3 is that
we get increased POSIX-compatibility (proper permission-checking at
file open()) as well as support for ACLs on those servers which
implement that sort of thing.
'Downside':
This would involve work, as a proper implementation requires 2
changes to the VFS API:
- fs/namei.c:permission() is changed to take a dentry argument
instead of an inode.
and
- ditto for the permission callback in the inode_operations
The appended patch illustrates what I'd like to do. It should patch
cleanly against 2.3.99-pre8, and preliminary tests indicate it tests
out well.
Comments/objections/suggestions?
Cheers,
Trond
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/coda/dir.c linux-2.3.99-pre8-perm/fs/coda/dir.c
--- linux-2.3.99-pre8-cred/fs/coda/dir.c Thu Mar 23 07:15:57 2000
+++ linux-2.3.99-pre8-perm/fs/coda/dir.c Sun May 14 00:09:12 2000
@@ -156,8 +156,9 @@
}
-int coda_permission(struct inode *inode, int mask)
+int coda_permission(struct dentry *dentry, int mask)
{
+ struct inode *inode = dentry->d_inode;
struct coda_inode_info *cp = ITOC(inode);
int error;
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/coda/pioctl.c linux-2.3.99-pre8-perm/fs/coda/pioctl.c
--- linux-2.3.99-pre8-cred/fs/coda/pioctl.c Mon May 8 20:17:47 2000
+++ linux-2.3.99-pre8-perm/fs/coda/pioctl.c Sun May 14 00:08:08 2000
@@ -25,7 +25,7 @@
#include <linux/coda_psdev.h>
/* pioctl ops */
-static int coda_ioctl_permission(struct inode *inode, int mask);
+static int coda_ioctl_permission(struct dentry *dentry, int mask);
static int coda_ioctl_open(struct inode *i, struct file *f);
static int coda_ioctl_release(struct inode *i, struct file *f);
static int coda_pioctl(struct inode * inode, struct file * filp,
@@ -45,7 +45,7 @@
};
/* the coda pioctl inode ops */
-static int coda_ioctl_permission(struct inode *inode, int mask)
+static int coda_ioctl_permission(struct dentry *dentry, int mask)
{
ENTRY;
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/exec.c linux-2.3.99-pre8-perm/fs/exec.c
--- linux-2.3.99-pre8-cred/fs/exec.c Wed May 10 01:18:27 2000
+++ linux-2.3.99-pre8-perm/fs/exec.c Sun May 14 00:24:09 2000
@@ -329,7 +329,7 @@
if (!err) {
file = ERR_PTR(-EACCES);
if (S_ISREG(nd.dentry->d_inode->i_mode)) {
- int err = permission(nd.dentry->d_inode, MAY_EXEC);
+ int err = permission(nd.dentry, MAY_EXEC);
file = ERR_PTR(err);
if (!err) {
lock_kernel();
@@ -498,7 +498,7 @@
flush_thread();
if (bprm->e_uid != current->euid || bprm->e_gid != current->egid ||
- permission(bprm->file->f_dentry->d_inode,MAY_READ))
+ permission(bprm->file->f_dentry,MAY_READ))
current->dumpable = 0;
/* An exec changes our domain. We are no longer part of the thread
@@ -538,7 +538,8 @@
{
int mode;
int retval,id_change,cap_raised;
- struct inode * inode = bprm->file->f_dentry->d_inode;
+ struct dentry * dentry = bprm->file->f_dentry;
+ struct inode * inode = dentry->d_inode;
mode = inode->i_mode;
if (!S_ISREG(mode)) /* must be regular file */
@@ -549,7 +550,7 @@
return -EACCES;
if (!inode->i_sb)
return -EACCES;
- if ((retval = permission(inode, MAY_EXEC)) != 0)
+ if ((retval = permission(dentry, MAY_EXEC)) != 0)
return retval;
/* better not execute files which are being written to */
if (atomic_read(&inode->i_writecount) > 0)
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/hpfs/namei.c linux-2.3.99-pre8-perm/fs/hpfs/namei.c
--- linux-2.3.99-pre8-cred/fs/hpfs/namei.c Mon May 8 23:24:10 2000
+++ linux-2.3.99-pre8-perm/fs/hpfs/namei.c Sun May 14 00:34:25 2000
@@ -331,7 +331,7 @@
struct iattr newattrs;
int err;
hpfs_unlock_2inodes(dir, inode);
- if (rep || dentry->d_count > 1 || permission(inode, MAY_WRITE) || get_write_access(inode)) goto ret;
+ if (rep || dentry->d_count > 1 || vfs_permission(inode, MAY_WRITE) || get_write_access(inode)) goto ret;
/*printk("HPFS: truncating file before delete.\n");*/
down(&inode->i_sem);
newattrs.ia_size = 0;
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/namei.c linux-2.3.99-pre8-perm/fs/namei.c
--- linux-2.3.99-pre8-cred/fs/namei.c Tue May 9 00:27:12 2000
+++ linux-2.3.99-pre8-perm/fs/namei.c Sun May 14 01:11:48 2000
@@ -144,17 +144,23 @@
* for filesystem access without changing the "normal" uids which
* are used for other things..
*/
-int permission(struct inode * inode,int mask)
+int permission(struct dentry *dentry, int mask)
{
- int mode = inode->i_mode;
+ struct inode *inode = dentry->d_inode;
if (inode->i_op && inode->i_op->permission) {
int retval;
lock_kernel();
- retval = inode->i_op->permission(inode, mask);
+ retval = inode->i_op->permission(dentry, mask);
unlock_kernel();
return retval;
}
+ return vfs_permission(inode, mask);
+}
+
+int vfs_permission(struct inode *inode, int mask)
+{
+ int mode = inode->i_mode;
if ((mask & S_IWOTH) && IS_RDONLY(inode) &&
(S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
@@ -348,7 +354,7 @@
*/
int path_walk(const char * name, struct nameidata *nd)
{
- struct dentry *dentry;
+ struct dentry *dentry, *dbase;
struct inode *inode;
int err;
unsigned int lookup_flags = nd->flags;
@@ -358,7 +364,8 @@
if (!*name)
goto return_base;
- inode = nd->dentry->d_inode;
+ dbase = nd->dentry;
+ inode = dbase->d_inode;
if (current->link_count)
lookup_flags = LOOKUP_FOLLOW;
@@ -368,7 +375,7 @@
struct qstr this;
unsigned int c;
- err = permission(inode, MAY_EXEC);
+ err = permission(dbase, MAY_EXEC);
dentry = ERR_PTR(err);
if (err)
break;
@@ -416,7 +423,8 @@
if (!__follow_up(&nd->mnt, &nd->dentry))
break;
}
- inode = nd->dentry->d_inode;
+ dbase = nd->dentry;
+ inode = dbase->d_inode;
/* fallthrough */
case 1:
continue;
@@ -443,7 +451,8 @@
;
err = -ENOENT;
- inode = dentry->d_inode;
+ dbase = dentry;
+ inode = dbase->d_inode;
if (!inode)
goto out_dput;
err = -ENOTDIR;
@@ -456,7 +465,8 @@
if (err)
goto return_err;
err = -ENOENT;
- inode = nd->dentry->d_inode;
+ dbase = nd->dentry;
+ inode = dbase->d_inode;
if (!inode)
break;
err = -ENOTDIR;
@@ -496,7 +506,8 @@
if (!__follow_up(&nd->mnt, &nd->dentry))
break;
}
- inode = nd->dentry->d_inode;
+ dbase = nd->dentry;
+ inode = dbase->d_inode;
/* fallthrough */
case 1:
goto return_base;
@@ -515,14 +526,16 @@
}
while (d_mountpoint(dentry) && __follow_down(&nd->mnt, &dentry))
;
- inode = dentry->d_inode;
+ dbase = dentry;
+ inode = dbase->d_inode;
if ((lookup_flags & LOOKUP_FOLLOW)
&& inode && inode->i_op && inode->i_op->follow_link) {
err = do_follow_link(dentry, nd);
dput(dentry);
if (err)
goto return_err;
- inode = nd->dentry->d_inode;
+ dbase = nd->dentry;
+ inode = dbase->d_inode;
} else {
dput(nd->dentry);
nd->dentry = dentry;
@@ -647,7 +660,7 @@
int err;
inode = base->d_inode;
- err = permission(inode, MAY_EXEC);
+ err = permission(base, MAY_EXEC);
dentry = ERR_PTR(err);
if (err)
goto out;
@@ -773,7 +786,7 @@
return -ENOENT;
if (IS_DEADDIR(dir))
return -ENOENT;
- error = permission(dir,MAY_WRITE | MAY_EXEC);
+ error = permission(victim->d_parent,MAY_WRITE | MAY_EXEC);
if (error)
return error;
if (IS_APPEND(dir))
@@ -806,7 +819,7 @@
return -EEXIST;
if (IS_DEADDIR(dir))
return -ENOENT;
- return permission(dir,MAY_WRITE | MAY_EXEC);
+ return permission(child->d_parent,MAY_WRITE | MAY_EXEC);
}
/*
@@ -964,7 +977,7 @@
if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE))
goto exit;
- error = permission(inode,acc_mode);
+ error = permission(dentry,acc_mode);
if (error)
goto exit;
@@ -1533,7 +1546,7 @@
* we'll need to flip '..'.
*/
if (new_dir != old_dir) {
- error = permission(old_dentry->d_inode, MAY_WRITE);
+ error = permission(old_dentry, MAY_WRITE);
}
if (error)
return error;
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/ncpfs/ioctl.c linux-2.3.99-pre8-perm/fs/ncpfs/ioctl.c
--- linux-2.3.99-pre8-cred/fs/ncpfs/ioctl.c Tue Jan 25 23:09:29 2000
+++ linux-2.3.99-pre8-perm/fs/ncpfs/ioctl.c Sun May 14 00:30:48 2000
@@ -37,7 +37,7 @@
switch (cmd) {
case NCP_IOC_NCPREQUEST:
- if ((permission(inode, MAY_WRITE) != 0)
+ if ((vfs_permission(inode, MAY_WRITE) != 0)
&& (current->uid != server->m.mounted_uid)) {
return -EACCES;
}
@@ -83,7 +83,7 @@
case NCP_IOC_CONN_LOGGED_IN:
- if ((permission(inode, MAY_WRITE) != 0)
+ if ((vfs_permission(inode, MAY_WRITE) != 0)
&& (current->uid != server->m.mounted_uid)) {
return -EACCES;
}
@@ -98,7 +98,7 @@
{
struct ncp_fs_info info;
- if ((permission(inode, MAY_WRITE) != 0)
+ if ((vfs_permission(inode, MAY_WRITE) != 0)
&& (current->uid != server->m.mounted_uid)) {
return -EACCES;
}
@@ -126,7 +126,7 @@
{
struct ncp_fs_info_v2 info2;
- if ((permission(inode, MAY_WRITE) != 0)
+ if ((vfs_permission(inode, MAY_WRITE) != 0)
&& (current->uid != server->m.mounted_uid)) {
return -EACCES;
}
@@ -154,7 +154,7 @@
{
unsigned long tmp = server->m.mounted_uid;
- if ( (permission(inode, MAY_READ) != 0)
+ if ( (vfs_permission(inode, MAY_READ) != 0)
&& (current->uid != server->m.mounted_uid))
{
return -EACCES;
@@ -169,7 +169,7 @@
{
struct ncp_setroot_ioctl sr;
- if ( (permission(inode, MAY_READ) != 0)
+ if ( (vfs_permission(inode, MAY_READ) != 0)
&& (current->uid != server->m.mounted_uid))
{
return -EACCES;
@@ -204,7 +204,7 @@
struct nw_info_struct i;
struct dentry* dentry;
- if ( (permission(inode, MAY_WRITE) != 0)
+ if ( (vfs_permission(inode, MAY_WRITE) != 0)
&& (current->uid != server->m.mounted_uid))
{
return -EACCES;
@@ -245,7 +245,7 @@
#ifdef CONFIG_NCPFS_PACKET_SIGNING
case NCP_IOC_SIGN_INIT:
- if ((permission(inode, MAY_WRITE) != 0)
+ if ((vfs_permission(inode, MAY_WRITE) != 0)
&& (current->uid != server->m.mounted_uid))
{
return -EACCES;
@@ -268,7 +268,7 @@
return 0;
case NCP_IOC_SIGN_WANTED:
- if ( (permission(inode, MAY_READ) != 0)
+ if ( (vfs_permission(inode, MAY_READ) != 0)
&& (current->uid != server->m.mounted_uid))
{
return -EACCES;
@@ -281,7 +281,7 @@
{
int newstate;
- if ( (permission(inode, MAY_WRITE) != 0)
+ if ( (vfs_permission(inode, MAY_WRITE) != 0)
&& (current->uid != server->m.mounted_uid))
{
return -EACCES;
@@ -301,7 +301,7 @@
#ifdef CONFIG_NCPFS_IOCTL_LOCKING
case NCP_IOC_LOCKUNLOCK:
- if ( (permission(inode, MAY_WRITE) != 0)
+ if ( (vfs_permission(inode, MAY_WRITE) != 0)
&& (current->uid != server->m.mounted_uid))
{
return -EACCES;
@@ -513,7 +513,7 @@
* Thanks Petr Vandrovec for idea and many hints.
*/
case NCP_IOC_SETCHARSETS:
- if ((permission(inode, MAY_WRITE) != 0) &&
+ if ((vfs_permission(inode, MAY_WRITE) != 0) &&
(current->uid != server->m.mounted_uid))
return -EACCES;
if (server->root_setuped)
@@ -610,7 +610,7 @@
}
#endif /* CONFIG_NCPFS_NLS */
case NCP_IOC_SETDENTRYTTL:
- if ((permission(inode, MAY_WRITE) != 0) &&
+ if ((vfs_permission(inode, MAY_WRITE) != 0) &&
(current->uid != server->m.mounted_uid))
return -EACCES;
{
@@ -639,7 +639,7 @@
/* NCP_IOC_GETMOUNTUID may be same as NCP_IOC_GETMOUNTUID2,
so we have this out of switch */
if (cmd == NCP_IOC_GETMOUNTUID) {
- if ((permission(inode, MAY_READ) != 0)
+ if ((vfs_permission(inode, MAY_READ) != 0)
&& (current->uid != server->m.mounted_uid)) {
return -EACCES;
}
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/nfs/dir.c linux-2.3.99-pre8-perm/fs/nfs/dir.c
--- linux-2.3.99-pre8-cred/fs/nfs/dir.c Fri Apr 21 22:36:39 2000
+++ linux-2.3.99-pre8-perm/fs/nfs/dir.c Sun May 14 00:17:19 2000
@@ -66,6 +66,7 @@
rmdir: nfs_rmdir,
mknod: nfs_mknod,
rename: nfs_rename,
+ permission: nfs_permission,
revalidate: nfs_revalidate,
setattr: nfs_notify_change,
};
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/nfs/file.c linux-2.3.99-pre8-perm/fs/nfs/file.c
--- linux-2.3.99-pre8-cred/fs/nfs/file.c Wed Apr 26 02:28:55 2000
+++ linux-2.3.99-pre8-perm/fs/nfs/file.c Sun May 14 00:18:16 2000
@@ -53,6 +53,7 @@
};
struct inode_operations nfs_file_inode_operations = {
+ permission: nfs_permission,
revalidate: nfs_revalidate,
setattr: nfs_notify_change,
};
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/nfs/inode.c linux-2.3.99-pre8-perm/fs/nfs/inode.c
--- linux-2.3.99-pre8-cred/fs/nfs/inode.c Sat May 13 14:29:52 2000
+++ linux-2.3.99-pre8-perm/fs/nfs/inode.c Sun May 14 01:02:24 2000
@@ -912,6 +912,21 @@
return 0;
}
+int nfs_permission(struct dentry *dentry, int mask)
+{
+ struct inode *inode = dentry->d_inode;
+ int status;
+
+ if (!NFS_PROTO(inode)->access)
+ return vfs_permission(inode, mask);
+
+ status = NFS_PROTO(inode)->access(dentry, mask, 0);
+ if (status == -EACCES && (current->fsuid != current->uid ||
+ current->fsgid != current->gid))
+ status = NFS_PROTO(inode)->access(dentry, mask, 1);
+ return status;
+}
+
/*
* This function is called whenever some part of NFS notices that
* the cached attributes have to be refreshed.
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/nfs/symlink.c linux-2.3.99-pre8-perm/fs/nfs/symlink.c
--- linux-2.3.99-pre8-cred/fs/nfs/symlink.c Fri Apr 7 22:38:00 2000
+++ linux-2.3.99-pre8-perm/fs/nfs/symlink.c Sun May 14 01:01:40 2000
@@ -104,6 +104,7 @@
struct inode_operations nfs_symlink_inode_operations = {
readlink: nfs_readlink,
follow_link: nfs_follow_link,
+ permission: nfs_permission,
revalidate: nfs_revalidate,
setattr: nfs_notify_change,
};
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/nfsd/vfs.c linux-2.3.99-pre8-perm/fs/nfsd/vfs.c
--- linux-2.3.99-pre8-cred/fs/nfsd/vfs.c Tue May 9 00:54:17 2000
+++ linux-2.3.99-pre8-perm/fs/nfsd/vfs.c Sun May 14 00:35:55 2000
@@ -1517,11 +1517,11 @@
cap_clear(current->cap_effective);
}
- err = permission(inode, acc & (MAY_READ|MAY_WRITE|MAY_EXEC));
+ err = permission(dentry, acc & (MAY_READ|MAY_WRITE|MAY_EXEC));
/* Allow read access to binaries even when mode 111 */
if (err == -EACCES && S_ISREG(inode->i_mode) && acc == MAY_READ)
- err = permission(inode, MAY_EXEC);
+ err = permission(dentry, MAY_EXEC);
if (current->fsuid != 0)
current->cap_effective = saved_cap;
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/open.c linux-2.3.99-pre8-perm/fs/open.c
--- linux-2.3.99-pre8-cred/fs/open.c Mon May 8 22:31:40 2000
+++ linux-2.3.99-pre8-perm/fs/open.c Sun May 14 00:26:12 2000
@@ -101,7 +101,7 @@
if (S_ISDIR(inode->i_mode))
goto dput_and_out;
- error = permission(inode,MAY_WRITE);
+ error = permission(nd.dentry,MAY_WRITE);
if (error)
goto dput_and_out;
@@ -230,7 +230,7 @@
newattrs.ia_valid |= ATTR_ATIME_SET | ATTR_MTIME_SET;
} else {
if (current->fsuid != inode->i_uid &&
- (error = permission(inode,MAY_WRITE)) != 0)
+ (error = permission(nd.dentry,MAY_WRITE)) != 0)
goto dput_and_out;
}
error = notify_change(nd.dentry, &newattrs);
@@ -274,7 +274,7 @@
newattrs.ia_mtime = times[1].tv_sec;
newattrs.ia_valid |= ATTR_ATIME_SET | ATTR_MTIME_SET;
} else {
- if ((error = permission(inode,MAY_WRITE)) != 0)
+ if ((error = permission(nd.dentry,MAY_WRITE)) != 0)
goto dput_and_out;
}
error = notify_change(nd.dentry, &newattrs);
@@ -314,7 +314,7 @@
res = user_path_walk(filename, &nd);
if (!res) {
- res = permission(nd.dentry->d_inode, mode);
+ res = permission(nd.dentry, mode);
/* SuS v2 requires we report a read only fs too */
if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode))
res = -EROFS;
@@ -348,7 +348,7 @@
if (error)
goto out;
- error = permission(nd.dentry->d_inode,MAY_EXEC);
+ error = permission(nd.dentry,MAY_EXEC);
if (error)
goto dput_and_out;
@@ -383,7 +383,7 @@
goto out_putf;
lock_kernel();
- error = permission(inode, MAY_EXEC);
+ error = permission(dentry, MAY_EXEC);
if (!error)
set_fs_pwd(current->fs, mnt, dentry);
unlock_kernel();
@@ -413,7 +413,7 @@
if (error)
goto out;
- error = permission(nd.dentry->d_inode,MAY_EXEC);
+ error = permission(nd.dentry,MAY_EXEC);
if (error)
goto dput_and_out;
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/proc/base.c linux-2.3.99-pre8-perm/fs/proc/base.c
--- linux-2.3.99-pre8-cred/fs/proc/base.c Wed May 10 01:19:04 2000
+++ linux-2.3.99-pre8-perm/fs/proc/base.c Sun May 14 01:00:59 2000
@@ -193,8 +193,9 @@
return -EACCES;
}
-static int proc_permission(struct inode *inode, int mask)
+static int proc_permission(struct dentry *dentry, int mask)
{
+ struct inode *inode = dentry->d_inode;
struct dentry *de, *base, *root;
struct vfsmount *our_vfsmnt, *vfsmnt, *mnt;
@@ -384,7 +385,7 @@
/* We don't need a base pointer in the /proc filesystem */
path_release(nd);
- error = proc_permission(inode, MAY_EXEC);
+ error = proc_permission(dentry, MAY_EXEC);
if (error)
goto out;
@@ -438,7 +439,7 @@
struct dentry *de;
struct vfsmount *mnt = NULL;
- error = proc_permission(inode, MAY_EXEC);
+ error = proc_permission(dentry, MAY_EXEC);
if (error)
goto out;
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/smbfs/file.c linux-2.3.99-pre8-perm/fs/smbfs/file.c
--- linux-2.3.99-pre8-cred/fs/smbfs/file.c Mon May 8 22:51:01 2000
+++ linux-2.3.99-pre8-perm/fs/smbfs/file.c Sun May 14 00:11:30 2000
@@ -371,8 +371,9 @@
* privileges, so we need our own check for this.
*/
static int
-smb_file_permission(struct inode *inode, int mask)
+smb_file_permission(struct dentry *dentry, int mask)
{
+ struct inode *inode = dentry->d_inode;
int mode = inode->i_mode;
int error = 0;
diff -u --recursive --new-file linux-2.3.99-pre8-cred/fs/udf/file.c linux-2.3.99-pre8-perm/fs/udf/file.c
--- linux-2.3.99-pre8-cred/fs/udf/file.c Mon May 8 22:51:01 2000
+++ linux-2.3.99-pre8-perm/fs/udf/file.c Sun May 14 00:29:24 2000
@@ -209,7 +209,7 @@
long_ad eaicb;
Uint8 *ea = NULL;
- if ( permission(inode, MAY_READ) != 0 )
+ if ( vfs_permission(inode, MAY_READ) != 0 )
{
udf_debug("no permission to access inode %lu\n",
inode->i_ino);
diff -u --recursive --new-file linux-2.3.99-pre8-cred/include/linux/coda_linux.h linux-2.3.99-pre8-perm/include/linux/coda_linux.h
--- linux-2.3.99-pre8-cred/include/linux/coda_linux.h Sat Apr 29 18:59:53 2000
+++ linux-2.3.99-pre8-perm/include/linux/coda_linux.h Sun May 14 01:25:01 2000
@@ -37,7 +37,7 @@
/* operations shared over more than one file */
int coda_open(struct inode *i, struct file *f);
int coda_release(struct inode *i, struct file *f);
-int coda_permission(struct inode *inode, int mask);
+int coda_permission(struct dentry *dentry, int mask);
int coda_revalidate_inode(struct dentry *);
int coda_notify_change(struct dentry *, struct iattr *);
diff -u --recursive --new-file linux-2.3.99-pre8-cred/include/linux/fs.h linux-2.3.99-pre8-perm/include/linux/fs.h
--- linux-2.3.99-pre8-cred/include/linux/fs.h Sat May 13 14:17:31 2000
+++ linux-2.3.99-pre8-perm/include/linux/fs.h Sun May 14 01:10:33 2000
@@ -682,6 +682,7 @@
extern int vfs_rmdir(struct inode *, struct dentry *);
extern int vfs_unlink(struct inode *, struct dentry *);
extern int vfs_rename(struct inode *, struct dentry *, struct inode *, struct dentry *);
+extern int vfs_permission(struct inode *, int);
/*
* This is the "filldir" function type, used by readdir() to let
@@ -736,7 +737,7 @@
int (*readlink) (struct dentry *, char *,int);
int (*follow_link) (struct dentry *, struct nameidata *);
void (*truncate) (struct inode *);
- int (*permission) (struct inode *, int);
+ int (*permission) (struct dentry *, int);
int (*revalidate) (struct dentry *);
int (*setattr) (struct dentry *, struct iattr *);
int (*getattr) (struct dentry *, struct iattr *);
@@ -965,7 +966,7 @@
extern void sync_supers(kdev_t);
extern int bmap(struct inode *, int);
extern int notify_change(struct dentry *, struct iattr *);
-extern int permission(struct inode *, int);
+extern int permission(struct dentry *, int);
extern int get_write_access(struct inode *);
extern void put_write_access(struct inode *);
extern int do_pipe(int *);
diff -u --recursive --new-file linux-2.3.99-pre8-cred/include/linux/nfs_fs.h linux-2.3.99-pre8-perm/include/linux/nfs_fs.h
--- linux-2.3.99-pre8-cred/include/linux/nfs_fs.h Sat May 13 14:25:35 2000
+++ linux-2.3.99-pre8-perm/include/linux/nfs_fs.h Sun May 14 01:12:31 2000
@@ -143,6 +143,7 @@
extern struct inode *nfs_fhget(struct dentry *, struct nfs_fh *,
struct nfs_fattr *);
extern int nfs_refresh_inode(struct inode *, struct nfs_fattr *);
+extern int nfs_permission(struct dentry *, int);
extern int nfs_revalidate(struct dentry *);
extern int nfs_open(struct inode *, struct file *);
extern int nfs_release(struct inode *, struct file *);
diff -u --recursive --new-file linux-2.3.99-pre8-cred/ipc/shm.c linux-2.3.99-pre8-perm/ipc/shm.c
--- linux-2.3.99-pre8-cred/ipc/shm.c Fri May 12 20:21:20 2000
+++ linux-2.3.99-pre8-perm/ipc/shm.c Sun May 14 01:44:04 2000
@@ -1190,7 +1190,7 @@
err = -ENOENT;
if (!dentry->d_inode)
goto bad_file;
- err = permission(dentry->d_inode, acc_mode);
+ err = permission(dentry, acc_mode);
if (err)
goto bad_file1;
file = dentry_open(dentry, shm_fs_type.kern_mnt, o_flags);
diff -u --recursive --new-file linux-2.3.99-pre8-cred/kernel/ksyms.c linux-2.3.99-pre8-perm/kernel/ksyms.c
--- linux-2.3.99-pre8-cred/kernel/ksyms.c Tue May 9 07:21:57 2000
+++ linux-2.3.99-pre8-perm/kernel/ksyms.c Sun May 14 00:22:07 2000
@@ -233,6 +233,7 @@
EXPORT_SYMBOL(vfs_unlink);
EXPORT_SYMBOL(vfs_rename);
EXPORT_SYMBOL(vfs_statfs);
+EXPORT_SYMBOL(vfs_permission);
EXPORT_SYMBOL(generic_read_dir);
EXPORT_SYMBOL(__pollwait);
EXPORT_SYMBOL(ROOT_DEV);
diff -u --recursive --new-file linux-2.3.99-pre8-cred/kernel/sysctl.c linux-2.3.99-pre8-perm/kernel/sysctl.c
--- linux-2.3.99-pre8-cred/kernel/sysctl.c Fri May 12 20:21:20 2000
+++ linux-2.3.99-pre8-perm/kernel/sysctl.c Sun May 14 01:41:28 2000
@@ -107,7 +107,7 @@
static ssize_t proc_readsys(struct file *, char *, size_t, loff_t *);
static ssize_t proc_writesys(struct file *, const char *, size_t, loff_t *);
-static int proc_sys_permission(struct inode *, int);
+static int proc_sys_permission(struct dentry *, int);
struct file_operations proc_sys_file_operations = {
read: proc_readsys,
@@ -608,9 +608,9 @@
return do_rw_proc(1, file, (char *) buf, count, ppos);
}
-static int proc_sys_permission(struct inode *inode, int op)
+static int proc_sys_permission(struct dentry *dentry, int op)
{
- return test_perm(inode->i_mode, op);
+ return test_perm(dentry->d_inode->i_mode, op);
}
int proc_dostring(ctl_table *table, int write, struct file *filp,
diff -u --recursive --new-file linux-2.3.99-pre8-cred/net/unix/af_unix.c linux-2.3.99-pre8-perm/net/unix/af_unix.c
--- linux-2.3.99-pre8-cred/net/unix/af_unix.c Fri May 12 20:37:39 2000
+++ linux-2.3.99-pre8-perm/net/unix/af_unix.c Sun May 14 01:43:01 2000
@@ -582,7 +582,7 @@
unlock_kernel();
goto fail;
}
- err = permission(nd.dentry->d_inode,MAY_WRITE);
+ err = permission(nd.dentry,MAY_WRITE);
if (err)
goto put_fail;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:23 EST