[Ocfs2-devel] [PATCH 2/3] ocfs2: Add security xattr support in ocfs2

Tiger Yang tiger.yang at oracle.com
Fri Sep 19 02:42:33 PDT 2008 

This patch add security extended attribute support in ocfs2.

Signed-off-by: Tiger Yang <tiger.yang at oracle.com>
---
 fs/ocfs2/Makefile         |    3 +-
 fs/ocfs2/xattr.c          |    4 --
 fs/ocfs2/xattr.h          |    2 -
 fs/ocfs2/xattr_security.c |   81 +++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 83 insertions(+), 7 deletions(-)
 create mode 100644 fs/ocfs2/xattr_security.c

diff --git a/fs/ocfs2/Makefile b/fs/ocfs2/Makefile
index 21323da..73c1c82 100644
--- a/fs/ocfs2/Makefile
+++ b/fs/ocfs2/Makefile
@@ -37,7 +37,8 @@ ocfs2-objs := \
 	ver.o			\
 	xattr.o			\
 	xattr_user.o		\
-	xattr_trusted.o
+	xattr_trusted.o		\
+	xattr_security.o
 
 ocfs2_stackglue-objs := stackglue.o
 ocfs2_stack_o2cb-objs := stack_o2cb.o
diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c
index 505fb40..d57cfae 100644
--- a/fs/ocfs2/xattr.c
+++ b/fs/ocfs2/xattr.c
@@ -81,9 +81,7 @@ struct xattr_handler *ocfs2_xattr_handlers[] = {
 	&ocfs2_xattr_acl_default_handler,
 #endif
 	&ocfs2_xattr_trusted_handler,
-#ifdef CONFIG_OCFS2_FS_SECURITY
 	&ocfs2_xattr_security_handler,
-#endif
 	NULL
 };
 
@@ -96,9 +94,7 @@ static struct xattr_handler *ocfs2_xattr_handler_map[] = {
 					= &ocfs2_xattr_acl_default_handler,
 #endif
 	[OCFS2_XATTR_INDEX_TRUSTED]	= &ocfs2_xattr_trusted_handler,
-#ifdef CONFIG_OCFS2_FS_SECURITY
 	[OCFS2_XATTR_INDEX_SECURITY]	= &ocfs2_xattr_security_handler,
-#endif
 };
 
 struct ocfs2_xattr_info {
diff --git a/fs/ocfs2/xattr.h b/fs/ocfs2/xattr.h
index af2ba32..f3ec79a 100644
--- a/fs/ocfs2/xattr.h
+++ b/fs/ocfs2/xattr.h
@@ -44,9 +44,7 @@ extern struct xattr_handler ocfs2_xattr_trusted_handler;
 extern struct xattr_handler ocfs2_xattr_acl_access_handler;
 extern struct xattr_handler ocfs2_xattr_acl_default_handler;
 #endif
-#ifdef CONFIG_OCFS2_FS_SECURITY
 extern struct xattr_handler ocfs2_xattr_security_handler;
-#endif
 extern struct xattr_handler *ocfs2_xattr_handlers[];
 
 ssize_t ocfs2_listxattr(struct dentry *, char *, size_t);
diff --git a/fs/ocfs2/xattr_security.c b/fs/ocfs2/xattr_security.c
new file mode 100644
index 0000000..428c102
--- /dev/null
+++ b/fs/ocfs2/xattr_security.c
@@ -0,0 +1,81 @@
+/* -*- mode: c; c-basic-offset: 8; -*-
+ * vim: noexpandtab sw=8 ts=8 sts=0:
+ *
+ * xattr_security.c
+ *
+ * Copyright (C) 2008 Oracle.  All rights reserved.
+ *
+ * CREDITS:
+ * Lots of code in this file is taken from ext3.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public
+ * License along with this program; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 021110-1307, USA.
+ */
+
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/string.h>
+#include <linux/security.h>
+
+#define MLOG_MASK_PREFIX ML_INODE
+#include <cluster/masklog.h>
+
+#include "ocfs2.h"
+#include "alloc.h"
+#include "dlmglue.h"
+#include "file.h"
+#include "ocfs2_fs.h"
+#include "xattr.h"
+
+static size_t ocfs2_xattr_security_list(struct inode *inode, char *list,
+					size_t list_size, const char *name,
+					size_t name_len)
+{
+	const size_t prefix_len = XATTR_SECURITY_PREFIX_LEN;
+	const size_t total_len = prefix_len + name_len + 1;
+
+	if (list && total_len <= list_size) {
+		memcpy(list, XATTR_SECURITY_PREFIX, prefix_len);
+		memcpy(list + prefix_len, name, name_len);
+		list[prefix_len + name_len] = '\0';
+	}
+	return total_len;
+}
+
+static int ocfs2_xattr_security_get(struct inode *inode, const char *name,
+				    void *buffer, size_t size)
+{
+	if (strcmp(name, "") == 0)
+		return -EINVAL;
+	return ocfs2_xattr_get(inode, OCFS2_XATTR_INDEX_SECURITY, name,
+			       buffer, size);
+}
+
+static int ocfs2_xattr_security_set(struct inode *inode, const char *name,
+				    const void *value, size_t size, int flags)
+{
+	if (strcmp(name, "") == 0)
+		return -EINVAL;
+
+	return ocfs2_xattr_set(inode, OCFS2_XATTR_INDEX_SECURITY, name, value,
+			       size, flags);
+}
+
+struct xattr_handler ocfs2_xattr_security_handler = {
+	.prefix	= XATTR_SECURITY_PREFIX,
+	.list	= ocfs2_xattr_security_list,
+	.get	= ocfs2_xattr_security_get,
+	.set	= ocfs2_xattr_security_set,
+};
-- 
1.5.4.1

More information about the Ocfs2-devel mailing list