[PATCH] merge open_namei() and do_filp_open()

[linux-2.6] / fs / xfs / xfs_acl.c

diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c
index 1b440f37371c858d7007fadfc668e24b554dd360..8e130b9720ae8513d24a2307c5aba0a034718dac 100644 (file)
--- a/fs/xfs/xfs_acl.c
+++ b/fs/xfs/xfs_acl.c
@@ -307,12 +307,13 @@ xfs_acl_vset(
 
        VN_HOLD(vp);
        error = xfs_acl_allow_set(vp, kind);
-       if (error)
-               goto out;
 
        /* Incoming ACL exists, set file mode based on its value */
-       if (kind == _ACL_TYPE_ACCESS)
-               xfs_acl_setmode(vp, xfs_acl, &basicperms);
+       if (!error && kind == _ACL_TYPE_ACCESS)
+               error = xfs_acl_setmode(vp, xfs_acl, &basicperms);
+
+       if (error)
+               goto out;
 
        /*
         * If we have more than std unix permissions, set up the actual attr.
@@ -323,7 +324,7 @@ xfs_acl_vset(
        if (!basicperms) {
                xfs_acl_set_attr(vp, xfs_acl, kind, &error);
        } else {
-               xfs_acl_vremove(vp, _ACL_TYPE_ACCESS);
+               error = -xfs_acl_vremove(vp, _ACL_TYPE_ACCESS);
        }
 
 out:
@@ -391,32 +392,6 @@ xfs_acl_allow_set(
        return error;
 }
 
-/*
- * The access control process to determine the access permission:
- *     if uid == file owner id, use the file owner bits.
- *     if gid == file owner group id, use the file group bits.
- *     scan ACL for a matching user or group, and use matched entry
- *     permission. Use total permissions of all matching group entries,
- *     until all acl entries are exhausted. The final permission produced
- *     by matching acl entry or entries needs to be & with group permission.
- *     if not owner, owning group, or matching entry in ACL, use file
- *     other bits.  
- */
-STATIC int
-xfs_acl_capability_check(
-       mode_t          mode,
-       cred_t          *cr)
-{
-       if ((mode & ACL_READ) && !capable_cred(cr, CAP_DAC_READ_SEARCH))
-               return EACCES;
-       if ((mode & ACL_WRITE) && !capable_cred(cr, CAP_DAC_OVERRIDE))
-               return EACCES;
-       if ((mode & ACL_EXECUTE) && !capable_cred(cr, CAP_DAC_OVERRIDE))
-               return EACCES;
-
-       return 0;
-}
-
 /*
  * Note: cr is only used here for the capability check if the ACL test fails.
  *       It is not used to find out the credentials uid or groups etc, as was
@@ -438,7 +413,6 @@ xfs_acl_access(
 
        matched.ae_tag = 0;     /* Invalid type */
        matched.ae_perm = 0;
-       md >>= 6;       /* Normalize the bits for comparison */
 
        for (i = 0; i < fap->acl_cnt; i++) {
                /*
@@ -520,7 +494,8 @@ xfs_acl_access(
                break;
        }
 
-       return xfs_acl_capability_check(md, cr);
+       /* EACCES tells generic_permission to check for capability overrides */
+       return EACCES;
 }
 
 /*
@@ -704,7 +679,7 @@ xfs_acl_vtoacl(
 int
 xfs_acl_inherit(
        bhv_vnode_t     *vp,
-       bhv_vattr_t     *vap,
+       mode_t          mode,
        xfs_acl_t       *pdaclp)
 {
        xfs_acl_t       *cacl;
@@ -732,8 +707,10 @@ xfs_acl_inherit(
                return ENOMEM;
 
        memcpy(cacl, pdaclp, sizeof(xfs_acl_t));
-       xfs_acl_filter_mode(vap->va_mode, cacl);
-       xfs_acl_setmode(vp, cacl, &basicperms);
+       xfs_acl_filter_mode(mode, cacl);
+       error = xfs_acl_setmode(vp, cacl, &basicperms);
+       if (error)
+               goto out_error;
 
        /*
         * Set the Default and Access ACL on the file.  The mode is already
@@ -746,6 +723,7 @@ xfs_acl_inherit(
                xfs_acl_set_attr(vp, pdaclp, _ACL_TYPE_DEFAULT, &error);
        if (!error && !basicperms)
                xfs_acl_set_attr(vp, cacl, _ACL_TYPE_ACCESS, &error);
+out_error:
        _ACL_FREE(cacl);
        return error;
 }