Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check
[linux-2.6.git] / fs / utimes.c
1 #include <linux/compiler.h>
2 #include <linux/file.h>
3 #include <linux/fs.h>
4 #include <linux/linkage.h>
5 #include <linux/namei.h>
6 #include <linux/sched.h>
7 #include <linux/stat.h>
8 #include <linux/utime.h>
9 #include <asm/uaccess.h>
10 #include <asm/unistd.h>
11
12 #ifdef __ARCH_WANT_SYS_UTIME
13
14 /*
15  * sys_utime() can be implemented in user-level using sys_utimes().
16  * Is this for backwards compatibility?  If so, why not move it
17  * into the appropriate arch directory (for those architectures that
18  * need it).
19  */
20
21 /* If times==NULL, set access and modification to current time,
22  * must be owner or have write permission.
23  * Else, update from *times, must be owner or super user.
24  */
25 asmlinkage long sys_utime(char __user *filename, struct utimbuf __user *times)
26 {
27         struct timespec tv[2];
28
29         if (times) {
30                 if (get_user(tv[0].tv_sec, &times->actime) ||
31                     get_user(tv[1].tv_sec, &times->modtime))
32                         return -EFAULT;
33                 tv[0].tv_nsec = 0;
34                 tv[1].tv_nsec = 0;
35         }
36         return do_utimes(AT_FDCWD, filename, times ? tv : NULL, 0);
37 }
38
39 #endif
40
41 /* If times==NULL, set access and modification to current time,
42  * must be owner or have write permission.
43  * Else, update from *times, must be owner or super user.
44  */
45 long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags)
46 {
47         int error;
48         struct nameidata nd;
49         struct dentry *dentry;
50         struct inode *inode;
51         struct iattr newattrs;
52         struct file *f = NULL;
53
54         error = -EINVAL;
55         if (flags & ~AT_SYMLINK_NOFOLLOW)
56                 goto out;
57
58         if (filename == NULL && dfd != AT_FDCWD) {
59                 error = -EINVAL;
60                 if (flags & AT_SYMLINK_NOFOLLOW)
61                         goto out;
62
63                 error = -EBADF;
64                 f = fget(dfd);
65                 if (!f)
66                         goto out;
67                 dentry = f->f_path.dentry;
68         } else {
69                 error = __user_walk_fd(dfd, filename, (flags & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW, &nd);
70                 if (error)
71                         goto out;
72
73                 dentry = nd.dentry;
74         }
75
76         inode = dentry->d_inode;
77
78         error = -EROFS;
79         if (IS_RDONLY(inode))
80                 goto dput_and_out;
81
82         /* Don't worry, the checks are done in inode_change_ok() */
83         newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;
84         if (times) {
85                 error = -EPERM;
86                 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
87                         goto dput_and_out;
88
89                 if (times[0].tv_nsec == UTIME_OMIT)
90                         newattrs.ia_valid &= ~ATTR_ATIME;
91                 else if (times[0].tv_nsec != UTIME_NOW) {
92                         newattrs.ia_atime.tv_sec = times[0].tv_sec;
93                         newattrs.ia_atime.tv_nsec = times[0].tv_nsec;
94                         newattrs.ia_valid |= ATTR_ATIME_SET;
95                 }
96
97                 if (times[1].tv_nsec == UTIME_OMIT)
98                         newattrs.ia_valid &= ~ATTR_MTIME;
99                 else if (times[1].tv_nsec != UTIME_NOW) {
100                         newattrs.ia_mtime.tv_sec = times[1].tv_sec;
101                         newattrs.ia_mtime.tv_nsec = times[1].tv_nsec;
102                         newattrs.ia_valid |= ATTR_MTIME_SET;
103                 }
104         } else {
105                 error = -EACCES;
106                 if (IS_IMMUTABLE(inode))
107                         goto dput_and_out;
108
109                 if (!is_owner_or_cap(inode)) {
110                         if (f) {
111                                 if (!(f->f_mode & FMODE_WRITE))
112                                         goto dput_and_out;
113                         } else {
114                                 error = vfs_permission(&nd, MAY_WRITE);
115                                 if (error)
116                                         goto dput_and_out;
117                         }
118                 }
119         }
120         mutex_lock(&inode->i_mutex);
121         error = notify_change(dentry, &newattrs);
122         mutex_unlock(&inode->i_mutex);
123 dput_and_out:
124         if (f)
125                 fput(f);
126         else
127                 path_release(&nd);
128 out:
129         return error;
130 }
131
132 asmlinkage long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags)
133 {
134         struct timespec tstimes[2];
135
136         if (utimes) {
137                 if (copy_from_user(&tstimes, utimes, sizeof(tstimes)))
138                         return -EFAULT;
139                 if ((tstimes[0].tv_nsec == UTIME_OMIT ||
140                      tstimes[0].tv_nsec == UTIME_NOW) &&
141                     tstimes[0].tv_sec != 0)
142                         return -EINVAL;
143                 if ((tstimes[1].tv_nsec == UTIME_OMIT ||
144                      tstimes[1].tv_nsec == UTIME_NOW) &&
145                     tstimes[1].tv_sec != 0)
146                         return -EINVAL;
147
148                 /* Nothing to do, we must not even check the path.  */
149                 if (tstimes[0].tv_nsec == UTIME_OMIT &&
150                     tstimes[1].tv_nsec == UTIME_OMIT)
151                         return 0;
152         }
153
154         return do_utimes(dfd, filename, utimes ? tstimes : NULL, flags);
155 }
156
157 asmlinkage long sys_futimesat(int dfd, char __user *filename, struct timeval __user *utimes)
158 {
159         struct timeval times[2];
160         struct timespec tstimes[2];
161
162         if (utimes) {
163                 if (copy_from_user(&times, utimes, sizeof(times)))
164                         return -EFAULT;
165
166                 /* This test is needed to catch all invalid values.  If we
167                    would test only in do_utimes we would miss those invalid
168                    values truncated by the multiplication with 1000.  Note
169                    that we also catch UTIME_{NOW,OMIT} here which are only
170                    valid for utimensat.  */
171                 if (times[0].tv_usec >= 1000000 || times[0].tv_usec < 0 ||
172                     times[1].tv_usec >= 1000000 || times[1].tv_usec < 0)
173                         return -EINVAL;
174
175                 tstimes[0].tv_sec = times[0].tv_sec;
176                 tstimes[0].tv_nsec = 1000 * times[0].tv_usec;
177                 tstimes[1].tv_sec = times[1].tv_sec;
178                 tstimes[1].tv_nsec = 1000 * times[1].tv_usec;
179         }
180
181         return do_utimes(dfd, filename, utimes ? tstimes : NULL, 0);
182 }
183
184 asmlinkage long sys_utimes(char __user *filename, struct timeval __user *utimes)
185 {
186         return sys_futimesat(AT_FDCWD, filename, utimes);
187 }