Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
5db11c21 MM |
2 | /* |
3 | * (C) 2001 Clemson University and The University of Chicago | |
4 | * | |
5 | * See COPYING in top-level directory. | |
6 | */ | |
7 | ||
8 | #include "protocol.h" | |
575e9461 MM |
9 | #include "orangefs-kernel.h" |
10 | #include "orangefs-bufmap.h" | |
5db11c21 | 11 | #include <linux/posix_acl_xattr.h> |
5db11c21 | 12 | |
0cad6246 | 13 | struct posix_acl *orangefs_get_acl(struct inode *inode, int type, bool rcu) |
5db11c21 MM |
14 | { |
15 | struct posix_acl *acl; | |
16 | int ret; | |
17 | char *key = NULL, *value = NULL; | |
18 | ||
0cad6246 MS |
19 | if (rcu) |
20 | return ERR_PTR(-ECHILD); | |
21 | ||
5db11c21 MM |
22 | switch (type) { |
23 | case ACL_TYPE_ACCESS: | |
972a7344 | 24 | key = XATTR_NAME_POSIX_ACL_ACCESS; |
5db11c21 MM |
25 | break; |
26 | case ACL_TYPE_DEFAULT: | |
972a7344 | 27 | key = XATTR_NAME_POSIX_ACL_DEFAULT; |
5db11c21 MM |
28 | break; |
29 | default: | |
8bb8aefd | 30 | gossip_err("orangefs_get_acl: bogus value of type %d\n", type); |
5db11c21 MM |
31 | return ERR_PTR(-EINVAL); |
32 | } | |
33 | /* | |
34 | * Rather than incurring a network call just to determine the exact | |
35 | * length of the attribute, I just allocate a max length to save on | |
36 | * the network call. Conceivably, we could pass NULL to | |
8bb8aefd | 37 | * orangefs_inode_getxattr() to probe the length of the value, but |
5db11c21 MM |
38 | * I don't do that for now. |
39 | */ | |
8bb8aefd | 40 | value = kmalloc(ORANGEFS_MAX_XATTR_VALUELEN, GFP_KERNEL); |
0b08273c | 41 | if (!value) |
5db11c21 MM |
42 | return ERR_PTR(-ENOMEM); |
43 | ||
44 | gossip_debug(GOSSIP_ACL_DEBUG, | |
45 | "inode %pU, key %s, type %d\n", | |
46 | get_khandle_from_ino(inode), | |
47 | key, | |
48 | type); | |
d373a712 AG |
49 | ret = orangefs_inode_getxattr(inode, key, value, |
50 | ORANGEFS_MAX_XATTR_VALUELEN); | |
5db11c21 MM |
51 | /* if the key exists, convert it to an in-memory rep */ |
52 | if (ret > 0) { | |
53 | acl = posix_acl_from_xattr(&init_user_ns, value, ret); | |
54 | } else if (ret == -ENODATA || ret == -ENOSYS) { | |
55 | acl = NULL; | |
56 | } else { | |
57 | gossip_err("inode %pU retrieving acl's failed with error %d\n", | |
58 | get_khandle_from_ino(inode), | |
59 | ret); | |
60 | acl = ERR_PTR(ret); | |
61 | } | |
62 | /* kfree(NULL) is safe, so don't worry if value ever got used */ | |
63 | kfree(value); | |
64 | return acl; | |
65 | } | |
66 | ||
4053d250 | 67 | int __orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type) |
5db11c21 | 68 | { |
5db11c21 MM |
69 | int error = 0; |
70 | void *value = NULL; | |
71 | size_t size = 0; | |
72 | const char *name = NULL; | |
73 | ||
74 | switch (type) { | |
75 | case ACL_TYPE_ACCESS: | |
972a7344 | 76 | name = XATTR_NAME_POSIX_ACL_ACCESS; |
5db11c21 MM |
77 | break; |
78 | case ACL_TYPE_DEFAULT: | |
972a7344 | 79 | name = XATTR_NAME_POSIX_ACL_DEFAULT; |
5db11c21 MM |
80 | break; |
81 | default: | |
82 | gossip_err("%s: invalid type %d!\n", __func__, type); | |
83 | return -EINVAL; | |
84 | } | |
85 | ||
86 | gossip_debug(GOSSIP_ACL_DEBUG, | |
87 | "%s: inode %pU, key %s type %d\n", | |
88 | __func__, get_khandle_from_ino(inode), | |
89 | name, | |
90 | type); | |
91 | ||
92 | if (acl) { | |
93 | size = posix_acl_xattr_size(acl->a_count); | |
94 | value = kmalloc(size, GFP_KERNEL); | |
95 | if (!value) | |
96 | return -ENOMEM; | |
97 | ||
98 | error = posix_acl_to_xattr(&init_user_ns, acl, value, size); | |
99 | if (error < 0) | |
100 | goto out; | |
101 | } | |
102 | ||
103 | gossip_debug(GOSSIP_ACL_DEBUG, | |
104 | "%s: name %s, value %p, size %zd, acl %p\n", | |
105 | __func__, name, value, size, acl); | |
106 | /* | |
107 | * Go ahead and set the extended attribute now. NOTE: Suppose acl | |
108 | * was NULL, then value will be NULL and size will be 0 and that | |
109 | * will xlate to a removexattr. However, we don't want removexattr | |
110 | * complain if attributes does not exist. | |
111 | */ | |
d373a712 | 112 | error = orangefs_inode_setxattr(inode, name, value, size, 0); |
5db11c21 MM |
113 | |
114 | out: | |
115 | kfree(value); | |
116 | if (!error) | |
117 | set_cached_acl(inode, type, acl); | |
118 | return error; | |
119 | } | |
120 | ||
13e83a49 | 121 | int orangefs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, |
549c7297 | 122 | struct posix_acl *acl, int type) |
b5accbb0 JK |
123 | { |
124 | int error; | |
4bef6900 MM |
125 | struct iattr iattr; |
126 | int rc; | |
138060ba | 127 | struct inode *inode = d_inode(dentry); |
b5accbb0 | 128 | |
476af919 MM |
129 | memset(&iattr, 0, sizeof iattr); |
130 | ||
b5accbb0 | 131 | if (type == ACL_TYPE_ACCESS && acl) { |
4bef6900 MM |
132 | /* |
133 | * posix_acl_update_mode checks to see if the permissions | |
134 | * described by the ACL can be encoded into the | |
135 | * object's mode. If so, it sets "acl" to NULL | |
136 | * and "mode" to the new desired value. It is up to | |
137 | * us to propagate the new mode back to the server... | |
138 | */ | |
700b7940 | 139 | error = posix_acl_update_mode(&nop_mnt_idmap, inode, |
e65ce2a5 | 140 | &iattr.ia_mode, &acl); |
b5accbb0 JK |
141 | if (error) { |
142 | gossip_err("%s: posix_acl_update_mode err: %d\n", | |
143 | __func__, | |
144 | error); | |
145 | return error; | |
146 | } | |
147 | ||
476af919 | 148 | if (inode->i_mode != iattr.ia_mode) |
4bef6900 | 149 | iattr.ia_valid = ATTR_MODE; |
4bef6900 | 150 | |
b5accbb0 | 151 | } |
476af919 MM |
152 | |
153 | rc = __orangefs_set_acl(inode, acl, type); | |
154 | ||
155 | if (!rc && (iattr.ia_valid == ATTR_MODE)) | |
138060ba | 156 | rc = __orangefs_setattr_mode(dentry, &iattr); |
476af919 MM |
157 | |
158 | return rc; | |
b5accbb0 | 159 | } |