| namei.c (a5a64498c194c82ecad3a2d67cff6231cda8d3dd) | namei.c (da9592edebceeba1b9301beafe80ec8b9c2db0ce) |
|---|---|
| 1/* 2 * linux/fs/namei.c 3 * 4 * Copyright (C) 1991, 1992 Linus Torvalds 5 */ 6 7/* 8 * Some corrections by tytso. --- 172 unchanged lines hidden (view full) --- 181 */ 182int generic_permission(struct inode *inode, int mask, 183 int (*check_acl)(struct inode *inode, int mask)) 184{ 185 umode_t mode = inode->i_mode; 186 187 mask &= MAY_READ | MAY_WRITE | MAY_EXEC; 188 | 1/* 2 * linux/fs/namei.c 3 * 4 * Copyright (C) 1991, 1992 Linus Torvalds 5 */ 6 7/* 8 * Some corrections by tytso. --- 172 unchanged lines hidden (view full) --- 181 */ 182int generic_permission(struct inode *inode, int mask, 183 int (*check_acl)(struct inode *inode, int mask)) 184{ 185 umode_t mode = inode->i_mode; 186 187 mask &= MAY_READ | MAY_WRITE | MAY_EXEC; 188 |
| 189 if (current->fsuid == inode->i_uid) | 189 if (current_fsuid() == inode->i_uid) |
| 190 mode >>= 6; 191 else { 192 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) { 193 int error = check_acl(inode, mask); 194 if (error == -EACCES) 195 goto check_capabilities; 196 else if (error != -EAGAIN) 197 return error; --- 238 unchanged lines hidden (view full) --- 436 */ 437static int exec_permission_lite(struct inode *inode) 438{ 439 umode_t mode = inode->i_mode; 440 441 if (inode->i_op && inode->i_op->permission) 442 return -EAGAIN; 443 | 190 mode >>= 6; 191 else { 192 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) { 193 int error = check_acl(inode, mask); 194 if (error == -EACCES) 195 goto check_capabilities; 196 else if (error != -EAGAIN) 197 return error; --- 238 unchanged lines hidden (view full) --- 436 */ 437static int exec_permission_lite(struct inode *inode) 438{ 439 umode_t mode = inode->i_mode; 440 441 if (inode->i_op && inode->i_op->permission) 442 return -EAGAIN; 443 |
| 444 if (current->fsuid == inode->i_uid) | 444 if (current_fsuid() == inode->i_uid) |
| 445 mode >>= 6; 446 else if (in_group_p(inode->i_gid)) 447 mode >>= 3; 448 449 if (mode & MAY_EXEC) 450 goto ok; 451 452 if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE)) --- 876 unchanged lines hidden (view full) --- 1329} 1330 1331/* 1332 * It's inline, so penalty for filesystems that don't use sticky bit is 1333 * minimal. 1334 */ 1335static inline int check_sticky(struct inode *dir, struct inode *inode) 1336{ | 445 mode >>= 6; 446 else if (in_group_p(inode->i_gid)) 447 mode >>= 3; 448 449 if (mode & MAY_EXEC) 450 goto ok; 451 452 if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE)) --- 876 unchanged lines hidden (view full) --- 1329} 1330 1331/* 1332 * It's inline, so penalty for filesystems that don't use sticky bit is 1333 * minimal. 1334 */ 1335static inline int check_sticky(struct inode *dir, struct inode *inode) 1336{ |
| 1337 uid_t fsuid = current_fsuid(); 1338 |
|
| 1337 if (!(dir->i_mode & S_ISVTX)) 1338 return 0; | 1339 if (!(dir->i_mode & S_ISVTX)) 1340 return 0; |
| 1339 if (inode->i_uid == current->fsuid) | 1341 if (inode->i_uid == fsuid) |
| 1340 return 0; | 1342 return 0; |
| 1341 if (dir->i_uid == current->fsuid) | 1343 if (dir->i_uid == fsuid) |
| 1342 return 0; 1343 return !capable(CAP_FOWNER); 1344} 1345 1346/* 1347 * Check whether we can remove a link victim from directory dir, check 1348 * whether the type of victim is right. 1349 * 1. We can't do it if dir is read-only (done in permission()) --- 1516 unchanged lines hidden --- | 1344 return 0; 1345 return !capable(CAP_FOWNER); 1346} 1347 1348/* 1349 * Check whether we can remove a link victim from directory dir, check 1350 * whether the type of victim is right. 1351 * 1. We can't do it if dir is read-only (done in permission()) --- 1516 unchanged lines hidden --- |