1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * (C) 2001 Clemson University and The University of Chicago |
4 | * |
5 | * See COPYING in top-level directory. |
6 | */ |
7 | |
8 | #include "protocol.h" |
9 | #include "orangefs-kernel.h" |
10 | #include "orangefs-bufmap.h" |
11 | #include <linux/posix_acl_xattr.h> |
12 | |
13 | struct posix_acl *orangefs_get_acl(struct inode *inode, int type, bool rcu) |
14 | { |
15 | struct posix_acl *acl; |
16 | int ret; |
17 | char *key = NULL, *value = NULL; |
18 | |
19 | if (rcu) |
20 | return ERR_PTR(error: -ECHILD); |
21 | |
22 | switch (type) { |
23 | case ACL_TYPE_ACCESS: |
24 | key = XATTR_NAME_POSIX_ACL_ACCESS; |
25 | break; |
26 | case ACL_TYPE_DEFAULT: |
27 | key = XATTR_NAME_POSIX_ACL_DEFAULT; |
28 | break; |
29 | default: |
30 | gossip_err("orangefs_get_acl: bogus value of type %d\n" , type); |
31 | return ERR_PTR(error: -EINVAL); |
32 | } |
33 | /* |
34 | * Rather than incurring a network call just to determine the exact |
35 | * length of the attribute, I just allocate a max length to save on |
36 | * the network call. Conceivably, we could pass NULL to |
37 | * orangefs_inode_getxattr() to probe the length of the value, but |
38 | * I don't do that for now. |
39 | */ |
40 | value = kmalloc(ORANGEFS_MAX_XATTR_VALUELEN, GFP_KERNEL); |
41 | if (!value) |
42 | return ERR_PTR(error: -ENOMEM); |
43 | |
44 | gossip_debug(GOSSIP_ACL_DEBUG, |
45 | "inode %pU, key %s, type %d\n" , |
46 | get_khandle_from_ino(inode), |
47 | key, |
48 | type); |
49 | ret = orangefs_inode_getxattr(inode, name: key, buffer: value, |
50 | ORANGEFS_MAX_XATTR_VALUELEN); |
51 | /* if the key exists, convert it to an in-memory rep */ |
52 | if (ret > 0) { |
53 | acl = posix_acl_from_xattr(user_ns: &init_user_ns, value, size: ret); |
54 | } else if (ret == -ENODATA || ret == -ENOSYS) { |
55 | acl = NULL; |
56 | } else { |
57 | gossip_err("inode %pU retrieving acl's failed with error %d\n" , |
58 | get_khandle_from_ino(inode), |
59 | ret); |
60 | acl = ERR_PTR(error: ret); |
61 | } |
62 | /* kfree(NULL) is safe, so don't worry if value ever got used */ |
63 | kfree(objp: value); |
64 | return acl; |
65 | } |
66 | |
67 | int __orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type) |
68 | { |
69 | int error = 0; |
70 | void *value = NULL; |
71 | size_t size = 0; |
72 | const char *name = NULL; |
73 | |
74 | switch (type) { |
75 | case ACL_TYPE_ACCESS: |
76 | name = XATTR_NAME_POSIX_ACL_ACCESS; |
77 | break; |
78 | case ACL_TYPE_DEFAULT: |
79 | name = XATTR_NAME_POSIX_ACL_DEFAULT; |
80 | break; |
81 | default: |
82 | gossip_err("%s: invalid type %d!\n" , __func__, type); |
83 | return -EINVAL; |
84 | } |
85 | |
86 | gossip_debug(GOSSIP_ACL_DEBUG, |
87 | "%s: inode %pU, key %s type %d\n" , |
88 | __func__, get_khandle_from_ino(inode), |
89 | name, |
90 | type); |
91 | |
92 | if (acl) { |
93 | size = posix_acl_xattr_size(count: acl->a_count); |
94 | value = kmalloc(size, GFP_KERNEL); |
95 | if (!value) |
96 | return -ENOMEM; |
97 | |
98 | error = posix_acl_to_xattr(user_ns: &init_user_ns, acl, buffer: value, size); |
99 | if (error < 0) |
100 | goto out; |
101 | } |
102 | |
103 | gossip_debug(GOSSIP_ACL_DEBUG, |
104 | "%s: name %s, value %p, size %zd, acl %p\n" , |
105 | __func__, name, value, size, acl); |
106 | /* |
107 | * Go ahead and set the extended attribute now. NOTE: Suppose acl |
108 | * was NULL, then value will be NULL and size will be 0 and that |
109 | * will xlate to a removexattr. However, we don't want removexattr |
110 | * complain if attributes does not exist. |
111 | */ |
112 | error = orangefs_inode_setxattr(inode, name, value, size, flags: 0); |
113 | |
114 | out: |
115 | kfree(objp: value); |
116 | if (!error) |
117 | set_cached_acl(inode, type, acl); |
118 | return error; |
119 | } |
120 | |
121 | int orangefs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
122 | struct posix_acl *acl, int type) |
123 | { |
124 | int error; |
125 | struct iattr iattr; |
126 | int rc; |
127 | struct inode *inode = d_inode(dentry); |
128 | |
129 | memset(&iattr, 0, sizeof iattr); |
130 | |
131 | if (type == ACL_TYPE_ACCESS && acl) { |
132 | /* |
133 | * posix_acl_update_mode checks to see if the permissions |
134 | * described by the ACL can be encoded into the |
135 | * object's mode. If so, it sets "acl" to NULL |
136 | * and "mode" to the new desired value. It is up to |
137 | * us to propagate the new mode back to the server... |
138 | */ |
139 | error = posix_acl_update_mode(&nop_mnt_idmap, inode, |
140 | &iattr.ia_mode, &acl); |
141 | if (error) { |
142 | gossip_err("%s: posix_acl_update_mode err: %d\n" , |
143 | __func__, |
144 | error); |
145 | return error; |
146 | } |
147 | |
148 | if (inode->i_mode != iattr.ia_mode) |
149 | iattr.ia_valid = ATTR_MODE; |
150 | |
151 | } |
152 | |
153 | rc = __orangefs_set_acl(inode, acl, type); |
154 | |
155 | if (!rc && (iattr.ia_valid == ATTR_MODE)) |
156 | rc = __orangefs_setattr_mode(dentry, iattr: &iattr); |
157 | |
158 | return rc; |
159 | } |
160 | |