[linux-block.git] / fs / orangefs / acl.c

// SPDX-License-Identifier: GPL-2.0
/*
 * (C) 2001 Clemson University and The University of Chicago
 *
 * See COPYING in top-level directory.
 */

#include "protocol.h"
#include "orangefs-kernel.h"
#include "orangefs-bufmap.h"
#include <linux/posix_acl_xattr.h>

struct posix_acl *orangefs_get_acl(struct inode *inode, int type, bool rcu)
{
	struct posix_acl *acl;
	int ret;
	char *key = NULL, *value = NULL;

	if (rcu)
		return ERR_PTR(-ECHILD);

	switch (type) {
	case ACL_TYPE_ACCESS:
		key = XATTR_NAME_POSIX_ACL_ACCESS;
		break;
	case ACL_TYPE_DEFAULT:
		key = XATTR_NAME_POSIX_ACL_DEFAULT;
		break;
	default:
		gossip_err("orangefs_get_acl: bogus value of type %d\n", type);
		return ERR_PTR(-EINVAL);
	}
	/*
	 * Rather than incurring a network call just to determine the exact
	 * length of the attribute, I just allocate a max length to save on
	 * the network call. Conceivably, we could pass NULL to
	 * orangefs_inode_getxattr() to probe the length of the value, but
	 * I don't do that for now.
	 */
	value = kmalloc(ORANGEFS_MAX_XATTR_VALUELEN, GFP_KERNEL);
	if (!value)
		return ERR_PTR(-ENOMEM);

	gossip_debug(GOSSIP_ACL_DEBUG,
		     "inode %pU, key %s, type %d\n",
		     get_khandle_from_ino(inode),
		     key,
		     type);
	ret = orangefs_inode_getxattr(inode, key, value,
				      ORANGEFS_MAX_XATTR_VALUELEN);
	/* if the key exists, convert it to an in-memory rep */
	if (ret > 0) {
		acl = posix_acl_from_xattr(&init_user_ns, value, ret);
	} else if (ret == -ENODATA || ret == -ENOSYS) {
		acl = NULL;
	} else {
		gossip_err("inode %pU retrieving acl's failed with error %d\n",
			   get_khandle_from_ino(inode),
			   ret);
		acl = ERR_PTR(ret);
	}
	/* kfree(NULL) is safe, so don't worry if value ever got used */
	kfree(value);
	return acl;
}

static int __orangefs_set_acl(struct inode *inode, struct posix_acl *acl,
			      int type)
{
	int error = 0;
	void *value = NULL;
	size_t size = 0;
	const char *name = NULL;

	switch (type) {
	case ACL_TYPE_ACCESS:
		name = XATTR_NAME_POSIX_ACL_ACCESS;
		break;
	case ACL_TYPE_DEFAULT:
		name = XATTR_NAME_POSIX_ACL_DEFAULT;
		break;
	default:
		gossip_err("%s: invalid type %d!\n", __func__, type);
		return -EINVAL;
	}

	gossip_debug(GOSSIP_ACL_DEBUG,
		     "%s: inode %pU, key %s type %d\n",
		     __func__, get_khandle_from_ino(inode),
		     name,
		     type);

	if (acl) {
		size = posix_acl_xattr_size(acl->a_count);
		value = kmalloc(size, GFP_KERNEL);
		if (!value)
			return -ENOMEM;

		error = posix_acl_to_xattr(&init_user_ns, acl, value, size);
		if (error < 0)
			goto out;
	}

	gossip_debug(GOSSIP_ACL_DEBUG,
		     "%s: name %s, value %p, size %zd, acl %p\n",
		     __func__, name, value, size, acl);
	/*
	 * Go ahead and set the extended attribute now. NOTE: Suppose acl
	 * was NULL, then value will be NULL and size will be 0 and that
	 * will xlate to a removexattr. However, we don't want removexattr
	 * complain if attributes does not exist.
	 */
	error = orangefs_inode_setxattr(inode, name, value, size, 0);

out:
	kfree(value);
	if (!error)
		set_cached_acl(inode, type, acl);
	return error;
}

int orangefs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
		     struct posix_acl *acl, int type)
{
	int error;
	struct iattr iattr;
	int rc;

	memset(&iattr, 0, sizeof iattr);

	if (type == ACL_TYPE_ACCESS && acl) {
		/*
		 * posix_acl_update_mode checks to see if the permissions
		 * described by the ACL can be encoded into the
		 * object's mode. If so, it sets "acl" to NULL
		 * and "mode" to the new desired value. It is up to
		 * us to propagate the new mode back to the server...
		 */
		error = posix_acl_update_mode(&init_user_ns, inode,
					      &iattr.ia_mode, &acl);
		if (error) {
			gossip_err("%s: posix_acl_update_mode err: %d\n",
				   __func__,
				   error);
			return error;
		}

		if (inode->i_mode != iattr.ia_mode)
			iattr.ia_valid = ATTR_MODE;

	}

	rc = __orangefs_set_acl(inode, acl, type);

	if (!rc && (iattr.ia_valid == ATTR_MODE))
		rc = __orangefs_setattr(inode, &iattr);

	return rc;
}

int orangefs_init_acl(struct inode *inode, struct inode *dir)
{
	struct posix_acl *default_acl, *acl;
	umode_t mode = inode->i_mode;
	struct iattr iattr;
	int error = 0;

	error = posix_acl_create(dir, &mode, &default_acl, &acl);
	if (error)
		return error;

	if (default_acl) {
		error = __orangefs_set_acl(inode, default_acl,
					   ACL_TYPE_DEFAULT);
		posix_acl_release(default_acl);
	} else {
		inode->i_default_acl = NULL;
	}

	if (acl) {
		if (!error)
			error = __orangefs_set_acl(inode, acl, ACL_TYPE_ACCESS);
		posix_acl_release(acl);
	} else {
		inode->i_acl = NULL;
	}

	/* If mode of the inode was changed, then do a forcible ->setattr */
	if (mode != inode->i_mode) {
		memset(&iattr, 0, sizeof iattr);
		inode->i_mode = mode;
		iattr.ia_mode = mode;
		iattr.ia_valid |= ATTR_MODE;
		__orangefs_setattr(inode, &iattr);
	}

	return error;
}
Commit	Line	Data
b2441318	1	// SPDX-License-Identifier: GPL-2.0
5db11c21 MM	2	/*
	3	* (C) 2001 Clemson University and The University of Chicago
	4	*
	5	* See COPYING in top-level directory.
	6	*/
	7
	8	#include "protocol.h"
575e9461 MM	9	#include "orangefs-kernel.h"
575e9461 MM	10	#include "orangefs-bufmap.h"
5db11c21	11	#include <linux/posix_acl_xattr.h>
5db11c21	12
0cad6246	13	struct posix_acl orangefs_get_acl(struct inode inode, int type, bool rcu)
5db11c21 MM	14	{
	15	struct posix_acl *acl;
	16	int ret;
	17	char key = NULL, value = NULL;
	18
0cad6246 MS	19	if (rcu)
	20	return ERR_PTR(-ECHILD);
	21
5db11c21 MM	22	switch (type) {
5db11c21 MM	23	case ACL_TYPE_ACCESS:
972a7344	24	key = XATTR_NAME_POSIX_ACL_ACCESS;
5db11c21 MM	25	break;
5db11c21 MM	26	case ACL_TYPE_DEFAULT:
972a7344	27	key = XATTR_NAME_POSIX_ACL_DEFAULT;
5db11c21 MM	28	break;
5db11c21 MM	29	default:
8bb8aefd	30	gossip_err("orangefs_get_acl: bogus value of type %d\n", type);
5db11c21 MM	31	return ERR_PTR(-EINVAL);
	32	}
	33	/*
	34	* Rather than incurring a network call just to determine the exact
	35	* length of the attribute, I just allocate a max length to save on
	36	* the network call. Conceivably, we could pass NULL to
8bb8aefd	37	* orangefs_inode_getxattr() to probe the length of the value, but
5db11c21 MM	38	* I don't do that for now.
5db11c21 MM	39	*/
8bb8aefd	40	value = kmalloc(ORANGEFS_MAX_XATTR_VALUELEN, GFP_KERNEL);
0b08273c	41	if (!value)
5db11c21 MM	42	return ERR_PTR(-ENOMEM);
	43
	44	gossip_debug(GOSSIP_ACL_DEBUG,
	45	"inode %pU, key %s, type %d\n",
	46	get_khandle_from_ino(inode),
	47	key,
	48	type);
d373a712 AG	49	ret = orangefs_inode_getxattr(inode, key, value,
d373a712 AG	50	ORANGEFS_MAX_XATTR_VALUELEN);
5db11c21 MM	51	/* if the key exists, convert it to an in-memory rep */
	52	if (ret > 0) {
	53	acl = posix_acl_from_xattr(&init_user_ns, value, ret);
	54	} else if (ret == -ENODATA \|\| ret == -ENOSYS) {
	55	acl = NULL;
	56	} else {
	57	gossip_err("inode %pU retrieving acl's failed with error %d\n",
	58	get_khandle_from_ino(inode),
	59	ret);
	60	acl = ERR_PTR(ret);
	61	}
	62	/* kfree(NULL) is safe, so don't worry if value ever got used */
	63	kfree(value);
	64	return acl;
	65	}
	66
b5accbb0 JK	67	static int __orangefs_set_acl(struct inode inode, struct posix_acl acl,
b5accbb0 JK	68	int type)
5db11c21	69	{
5db11c21 MM	70	int error = 0;
	71	void *value = NULL;
	72	size_t size = 0;
	73	const char *name = NULL;
	74
	75	switch (type) {
	76	case ACL_TYPE_ACCESS:
972a7344	77	name = XATTR_NAME_POSIX_ACL_ACCESS;
5db11c21 MM	78	break;
5db11c21 MM	79	case ACL_TYPE_DEFAULT:
972a7344	80	name = XATTR_NAME_POSIX_ACL_DEFAULT;
5db11c21 MM	81	break;
	82	default:
	83	gossip_err("%s: invalid type %d!\n", __func__, type);
	84	return -EINVAL;
	85	}
	86
	87	gossip_debug(GOSSIP_ACL_DEBUG,
	88	"%s: inode %pU, key %s type %d\n",
	89	__func__, get_khandle_from_ino(inode),
	90	name,
	91	type);
	92
	93	if (acl) {
	94	size = posix_acl_xattr_size(acl->a_count);
	95	value = kmalloc(size, GFP_KERNEL);
	96	if (!value)
	97	return -ENOMEM;
	98
	99	error = posix_acl_to_xattr(&init_user_ns, acl, value, size);
	100	if (error < 0)
	101	goto out;
	102	}
	103
	104	gossip_debug(GOSSIP_ACL_DEBUG,
	105	"%s: name %s, value %p, size %zd, acl %p\n",
	106	__func__, name, value, size, acl);
	107	/*
	108	* Go ahead and set the extended attribute now. NOTE: Suppose acl
	109	* was NULL, then value will be NULL and size will be 0 and that
	110	* will xlate to a removexattr. However, we don't want removexattr
	111	* complain if attributes does not exist.
	112	*/
d373a712	113	error = orangefs_inode_setxattr(inode, name, value, size, 0);
5db11c21 MM	114
	115	out:
	116	kfree(value);
	117	if (!error)
	118	set_cached_acl(inode, type, acl);
	119	return error;
	120	}
	121
549c7297 CB	122	int orangefs_set_acl(struct user_namespace mnt_userns, struct inode inode,
549c7297 CB	123	struct posix_acl *acl, int type)
b5accbb0 JK	124	{
b5accbb0 JK	125	int error;
4bef6900 MM	126	struct iattr iattr;
4bef6900 MM	127	int rc;
b5accbb0	128
476af919 MM	129	memset(&iattr, 0, sizeof iattr);
476af919 MM	130
b5accbb0	131	if (type == ACL_TYPE_ACCESS && acl) {
4bef6900 MM	132	/*
	133	* posix_acl_update_mode checks to see if the permissions
	134	* described by the ACL can be encoded into the
	135	* object's mode. If so, it sets "acl" to NULL
	136	* and "mode" to the new desired value. It is up to
	137	* us to propagate the new mode back to the server...
	138	*/
e65ce2a5 CB	139	error = posix_acl_update_mode(&init_user_ns, inode,
e65ce2a5 CB	140	&iattr.ia_mode, &acl);
b5accbb0 JK	141	if (error) {
	142	gossip_err("%s: posix_acl_update_mode err: %d\n",
	143	__func__,
	144	error);
	145	return error;
	146	}
	147
476af919	148	if (inode->i_mode != iattr.ia_mode)
4bef6900	149	iattr.ia_valid = ATTR_MODE;
4bef6900	150
b5accbb0	151	}
476af919 MM	152
	153	rc = __orangefs_set_acl(inode, acl, type);
	154
	155	if (!rc && (iattr.ia_valid == ATTR_MODE))
	156	rc = __orangefs_setattr(inode, &iattr);
	157
	158	return rc;
b5accbb0 JK	159	}
b5accbb0 JK	160
8bb8aefd	161	int orangefs_init_acl(struct inode inode, struct inode dir)
5db11c21	162	{
5db11c21 MM	163	struct posix_acl default_acl, acl;
5db11c21 MM	164	umode_t mode = inode->i_mode;
a55f2d86	165	struct iattr iattr;
5db11c21 MM	166	int error = 0;
5db11c21 MM	167
5db11c21 MM	168	error = posix_acl_create(dir, &mode, &default_acl, &acl);
	169	if (error)
	170	return error;
	171
	172	if (default_acl) {
b5accbb0 JK	173	error = __orangefs_set_acl(inode, default_acl,
b5accbb0 JK	174	ACL_TYPE_DEFAULT);
5db11c21	175	posix_acl_release(default_acl);
052d1276 CX	176	} else {
052d1276 CX	177	inode->i_default_acl = NULL;
5db11c21 MM	178	}
	179
	180	if (acl) {
	181	if (!error)
b5accbb0	182	error = __orangefs_set_acl(inode, acl, ACL_TYPE_ACCESS);
5db11c21	183	posix_acl_release(acl);
052d1276 CX	184	} else {
052d1276 CX	185	inode->i_acl = NULL;
5db11c21 MM	186	}
	187
	188	/* If mode of the inode was changed, then do a forcible ->setattr */
	189	if (mode != inode->i_mode) {
a55f2d86	190	memset(&iattr, 0, sizeof iattr);
5db11c21	191	inode->i_mode = mode;
a55f2d86 MB	192	iattr.ia_mode = mode;
a55f2d86 MB	193	iattr.ia_valid \|= ATTR_MODE;
afd9fb2a	194	__orangefs_setattr(inode, &iattr);
5db11c21 MM	195	}
	196
	197	return error;
	198	}