[linux-block.git] / fs / fuse / acl.c

/*
 * FUSE: Filesystem in Userspace
 * Copyright (C) 2016 Canonical Ltd. <seth.forshee@canonical.com>
 *
 * This program can be distributed under the terms of the GNU GPL.
 * See the file COPYING.
 */

#include "fuse_i.h"

#include <linux/posix_acl.h>
#include <linux/posix_acl_xattr.h>

static struct posix_acl *__fuse_get_acl(struct fuse_conn *fc,
					struct inode *inode, int type, bool rcu)
{
	int size;
	const char *name;
	void *value = NULL;
	struct posix_acl *acl;

	if (rcu)
		return ERR_PTR(-ECHILD);

	if (fuse_is_bad(inode))
		return ERR_PTR(-EIO);

	if (fc->no_getxattr)
		return NULL;

	if (type == ACL_TYPE_ACCESS)
		name = XATTR_NAME_POSIX_ACL_ACCESS;
	else if (type == ACL_TYPE_DEFAULT)
		name = XATTR_NAME_POSIX_ACL_DEFAULT;
	else
		return ERR_PTR(-EOPNOTSUPP);

	value = kmalloc(PAGE_SIZE, GFP_KERNEL);
	if (!value)
		return ERR_PTR(-ENOMEM);
	size = fuse_getxattr(inode, name, value, PAGE_SIZE);
	if (size > 0)
		acl = posix_acl_from_xattr(fc->user_ns, value, size);
	else if ((size == 0) || (size == -ENODATA) ||
		 (size == -EOPNOTSUPP && fc->no_getxattr))
		acl = NULL;
	else if (size == -ERANGE)
		acl = ERR_PTR(-E2BIG);
	else
		acl = ERR_PTR(size);

	kfree(value);
	return acl;
}

static inline bool fuse_no_acl(const struct fuse_conn *fc,
			       const struct inode *inode)
{
	/*
	 * Refuse interacting with POSIX ACLs for daemons that
	 * don't support FUSE_POSIX_ACL and are not mounted on
	 * the host to retain backwards compatibility.
	 */
	return !fc->posix_acl && (i_user_ns(inode) != &init_user_ns);
}

struct posix_acl *fuse_get_acl(struct mnt_idmap *idmap,
			       struct dentry *dentry, int type)
{
	struct inode *inode = d_inode(dentry);
	struct fuse_conn *fc = get_fuse_conn(inode);

	if (fuse_no_acl(fc, inode))
		return ERR_PTR(-EOPNOTSUPP);

	return __fuse_get_acl(fc, inode, type, false);
}

struct posix_acl *fuse_get_inode_acl(struct inode *inode, int type, bool rcu)
{
	struct fuse_conn *fc = get_fuse_conn(inode);

	/*
	 * FUSE daemons before FUSE_POSIX_ACL was introduced could get and set
	 * POSIX ACLs without them being used for permission checking by the
	 * vfs. Retain that behavior for backwards compatibility as there are
	 * filesystems that do all permission checking for acls in the daemon
	 * and not in the kernel.
	 */
	if (!fc->posix_acl)
		return NULL;
	return __fuse_get_acl(fc,  inode, type, rcu);
}

int fuse_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
		 struct posix_acl *acl, int type)
{
	struct inode *inode = d_inode(dentry);
	struct fuse_conn *fc = get_fuse_conn(inode);
	const char *name;
	int ret;

	if (fuse_is_bad(inode))
		return -EIO;

	if (fc->no_setxattr || fuse_no_acl(fc, inode))
		return -EOPNOTSUPP;

	if (type == ACL_TYPE_ACCESS)
		name = XATTR_NAME_POSIX_ACL_ACCESS;
	else if (type == ACL_TYPE_DEFAULT)
		name = XATTR_NAME_POSIX_ACL_DEFAULT;
	else
		return -EINVAL;

	if (acl) {
		unsigned int extra_flags = 0;
		/*
		 * Fuse userspace is responsible for updating access
		 * permissions in the inode, if needed. fuse_setxattr
		 * invalidates the inode attributes, which will force
		 * them to be refreshed the next time they are used,
		 * and it also updates i_ctime.
		 */
		size_t size = posix_acl_xattr_size(acl->a_count);
		void *value;

		if (size > PAGE_SIZE)
			return -E2BIG;

		value = kmalloc(size, GFP_KERNEL);
		if (!value)
			return -ENOMEM;

		ret = posix_acl_to_xattr(fc->user_ns, acl, value, size);
		if (ret < 0) {
			kfree(value);
			return ret;
		}

		/*
		 * Fuse daemons without FUSE_POSIX_ACL never changed the passed
		 * through POSIX ACLs. Such daemons don't expect setgid bits to
		 * be stripped.
		 */
		if (fc->posix_acl &&
		    !in_group_or_capable(idmap, inode,
					 i_gid_into_vfsgid(idmap, inode)))
			extra_flags |= FUSE_SETXATTR_ACL_KILL_SGID;

		ret = fuse_setxattr(inode, name, value, size, 0, extra_flags);
		kfree(value);
	} else {
		ret = fuse_removexattr(inode, name);
	}

	if (fc->posix_acl) {
		/*
		 * Fuse daemons without FUSE_POSIX_ACL never cached POSIX ACLs
		 * and didn't invalidate attributes. Retain that behavior.
		 */
		forget_all_cached_acls(inode);
		fuse_invalidate_attr(inode);
	}

	return ret;
}
Commit	Line	Data
60bcc88a SF	1	/*
	2	* FUSE: Filesystem in Userspace
	3	* Copyright (C) 2016 Canonical Ltd. <seth.forshee@canonical.com>
	4	*
	5	* This program can be distributed under the terms of the GNU GPL.
	6	* See the file COPYING.
	7	*/
	8
	9	#include "fuse_i.h"
	10
	11	#include <linux/posix_acl.h>
	12	#include <linux/posix_acl_xattr.h>
	13
facd6105	14	static struct posix_acl __fuse_get_acl(struct fuse_conn fc,
facd6105	15	struct inode *inode, int type, bool rcu)
60bcc88a	16	{
60bcc88a SF	17	int size;
	18	const char *name;
	19	void *value = NULL;
	20	struct posix_acl *acl;
	21
0cad6246 MS	22	if (rcu)
	23	return ERR_PTR(-ECHILD);
	24
5d069dbe MS	25	if (fuse_is_bad(inode))
	26	return ERR_PTR(-EIO);
	27
facd6105	28	if (fc->no_getxattr)
60bcc88a SF	29	return NULL;
	30
	31	if (type == ACL_TYPE_ACCESS)
	32	name = XATTR_NAME_POSIX_ACL_ACCESS;
	33	else if (type == ACL_TYPE_DEFAULT)
	34	name = XATTR_NAME_POSIX_ACL_DEFAULT;
	35	else
	36	return ERR_PTR(-EOPNOTSUPP);
	37
	38	value = kmalloc(PAGE_SIZE, GFP_KERNEL);
	39	if (!value)
	40	return ERR_PTR(-ENOMEM);
	41	size = fuse_getxattr(inode, name, value, PAGE_SIZE);
	42	if (size > 0)
8cb08329	43	acl = posix_acl_from_xattr(fc->user_ns, value, size);
60bcc88a SF	44	else if ((size == 0) \|\| (size == -ENODATA) \|\|
	45	(size == -EOPNOTSUPP && fc->no_getxattr))
	46	acl = NULL;
	47	else if (size == -ERANGE)
	48	acl = ERR_PTR(-E2BIG);
	49	else
	50	acl = ERR_PTR(size);
	51
	52	kfree(value);
	53	return acl;
	54	}
	55
facd6105 CB	56	static inline bool fuse_no_acl(const struct fuse_conn *fc,
	57	const struct inode *inode)
	58	{
	59	/*
	60	* Refuse interacting with POSIX ACLs for daemons that
	61	* don't support FUSE_POSIX_ACL and are not mounted on
	62	* the host to retain backwards compatibility.
	63	*/
	64	return !fc->posix_acl && (i_user_ns(inode) != &init_user_ns);
	65	}
	66
05e6295f	67	struct posix_acl fuse_get_acl(struct mnt_idmap idmap,
facd6105 CB	68	struct dentry *dentry, int type)
	69	{
	70	struct inode *inode = d_inode(dentry);
	71	struct fuse_conn *fc = get_fuse_conn(inode);
	72
	73	if (fuse_no_acl(fc, inode))
	74	return ERR_PTR(-EOPNOTSUPP);
	75
4d833bef	76	return __fuse_get_acl(fc, inode, type, false);
facd6105 CB	77	}
	78
	79	struct posix_acl fuse_get_inode_acl(struct inode inode, int type, bool rcu)
	80	{
	81	struct fuse_conn *fc = get_fuse_conn(inode);
	82
	83	/*
	84	* FUSE daemons before FUSE_POSIX_ACL was introduced could get and set
	85	* POSIX ACLs without them being used for permission checking by the
	86	* vfs. Retain that behavior for backwards compatibility as there are
	87	* filesystems that do all permission checking for acls in the daemon
	88	* and not in the kernel.
	89	*/
	90	if (!fc->posix_acl)
	91	return NULL;
4d833bef	92	return __fuse_get_acl(fc, inode, type, rcu);
facd6105 CB	93	}
facd6105 CB	94
13e83a49	95	int fuse_set_acl(struct mnt_idmap idmap, struct dentry dentry,
549c7297	96	struct posix_acl *acl, int type)
60bcc88a	97	{
138060ba	98	struct inode *inode = d_inode(dentry);
60bcc88a SF	99	struct fuse_conn *fc = get_fuse_conn(inode);
	100	const char *name;
	101	int ret;
	102
5d069dbe MS	103	if (fuse_is_bad(inode))
	104	return -EIO;
	105
facd6105	106	if (fc->no_setxattr \|\| fuse_no_acl(fc, inode))
60bcc88a SF	107	return -EOPNOTSUPP;
	108
	109	if (type == ACL_TYPE_ACCESS)
	110	name = XATTR_NAME_POSIX_ACL_ACCESS;
	111	else if (type == ACL_TYPE_DEFAULT)
	112	name = XATTR_NAME_POSIX_ACL_DEFAULT;
	113	else
	114	return -EINVAL;
	115
	116	if (acl) {
550a7d3b	117	unsigned int extra_flags = 0;
60bcc88a SF	118	/*
	119	* Fuse userspace is responsible for updating access
	120	* permissions in the inode, if needed. fuse_setxattr
	121	* invalidates the inode attributes, which will force
	122	* them to be refreshed the next time they are used,
	123	* and it also updates i_ctime.
	124	*/
	125	size_t size = posix_acl_xattr_size(acl->a_count);
	126	void *value;
	127
	128	if (size > PAGE_SIZE)
	129	return -E2BIG;
	130
	131	value = kmalloc(size, GFP_KERNEL);
	132	if (!value)
	133	return -ENOMEM;
	134
8cb08329	135	ret = posix_acl_to_xattr(fc->user_ns, acl, value, size);
60bcc88a SF	136	if (ret < 0) {
	137	kfree(value);
	138	return ret;
	139	}
	140
facd6105 CB	141	/*
	142	* Fuse daemons without FUSE_POSIX_ACL never changed the passed
	143	* through POSIX ACLs. Such daemons don't expect setgid bits to
	144	* be stripped.
	145	*/
	146	if (fc->posix_acl &&
d395d0a5 AM	147	!in_group_or_capable(idmap, inode,
d395d0a5 AM	148	i_gid_into_vfsgid(idmap, inode)))
550a7d3b VG	149	extra_flags \|= FUSE_SETXATTR_ACL_KILL_SGID;
	150
	151	ret = fuse_setxattr(inode, name, value, size, 0, extra_flags);
60bcc88a SF	152	kfree(value);
	153	} else {
	154	ret = fuse_removexattr(inode, name);
	155	}
facd6105 CB	156
	157	if (fc->posix_acl) {
	158	/*
	159	* Fuse daemons without FUSE_POSIX_ACL never cached POSIX ACLs
	160	* and didn't invalidate attributes. Retain that behavior.
	161	*/
	162	forget_all_cached_acls(inode);
	163	fuse_invalidate_attr(inode);
	164	}
60bcc88a SF	165
	166	return ret;
	167	}