2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afs/param.h>
23 /* called with scp write-locked, check to see if we have the ACL info we need
24 * and can get it w/o blocking for any locks.
26 * Never drops the scp lock, but may fail if the access control info comes from
27 * the parent directory, and the parent's scache entry can't be found, or it
28 * can't be locked. Thus, this must always be called in a while loop to stabilize
29 * things, since we can always lose the race condition getting to the parent vnode.
31 int cm_HaveAccessRights(struct cm_scache *scp, struct cm_user *userp, afs_uint32 rights,
32 afs_uint32 *outRightsp)
41 if (scp->fileType == CM_SCACHETYPE_DIRECTORY) {
45 tfid.cell = scp->fid.cell;
46 tfid.volume = scp->fid.volume;
47 tfid.vnode = scp->parentVnode;
48 tfid.unique = scp->parentUnique;
49 aclScp = cm_FindSCache(&tfid);
53 code = lock_TryMutex(&aclScp->mx);
55 /* can't get lock safely and easily */
56 cm_ReleaseSCache(aclScp);
60 /* check that we have a callback, too */
61 if (!cm_HaveCallback(aclScp)) {
63 lock_ReleaseMutex(&aclScp->mx);
64 cm_ReleaseSCache(aclScp);
71 lock_AssertMutex(&aclScp->mx);
73 /* now if rights is a subset of the public rights, we're done.
74 * Otherwise, if we an explicit acl entry, we're also in good shape,
75 * and can definitively answer.
77 if ((~aclScp->anyAccess & rights) == 0) {
80 /* we have to check the specific rights info */
81 code = cm_FindACLCache(aclScp, userp, &trights);
86 *outRightsp = trights;
90 if (!(scp->unixModeBits & 0400))
91 *outRightsp &= ~PRSFS_READ;
92 if (!(scp->unixModeBits & 0200))
93 *outRightsp &= ~PRSFS_WRITE;
100 lock_ReleaseMutex(&aclScp->mx);
101 cm_ReleaseSCache(aclScp);
105 /* called with locked scp; ensures that we have an ACL cache entry for the
106 * user specified by the parameter "userp."
107 * In pathological race conditions, this function may return success without
108 * having loaded the entry properly (due to a racing callback revoke), so this
109 * function must also be called in a while loop to make sure that we eventually
112 long cm_GetAccessRights(struct cm_scache *scp, struct cm_user *userp,
120 /* pretty easy: just force a pass through the fetch status code */
122 osi_Log2(afsd_logp, "GetAccess scp %x user %x", scp, userp);
124 /* first, start by finding out whether we have a directory or something
125 * else, so we can find what object's ACL we need.
127 if (!cm_HaveCallback(scp)) {
128 code = cm_SyncOp(scp, NULL, userp, reqp, 0,
129 CM_SCACHESYNC_NEEDCALLBACK | CM_SCACHESYNC_GETSTATUS);
136 if (scp->fileType != CM_SCACHETYPE_DIRECTORY) {
137 /* not a dir, use parent dir's acl */
138 tfid.cell = scp->fid.cell;
139 tfid.volume = scp->fid.volume;
140 tfid.vnode = scp->parentVnode;
141 tfid.unique = scp->parentUnique;
142 lock_ReleaseMutex(&scp->mx);
143 code = cm_GetSCache(&tfid, &aclScp, userp, reqp);
145 lock_ObtainMutex(&scp->mx);
149 osi_Log2(afsd_logp, "GetAccess parent scp %x user %x", aclScp, userp);
150 lock_ObtainMutex(&aclScp->mx);
152 code = cm_GetCallback(aclScp, userp, reqp, 1);
153 lock_ReleaseMutex(&aclScp->mx);
154 cm_ReleaseSCache(aclScp);
155 lock_ObtainMutex(&scp->mx);
156 } else if (!got_cb) {
157 code = cm_GetCallback(scp, userp, reqp, 1);