xref: /linux/fs/orangefs/acl.c (revision 0883c2c06fb5bcf5b9e008270827e63c09a88c1e) 
1 /*
2  * (C) 2001 Clemson University and The University of Chicago
3  *
4  * See COPYING in top-level directory.
5  */
6 
7 #include "protocol.h"
8 #include "orangefs-kernel.h"
9 #include "orangefs-bufmap.h"
10 #include <linux/posix_acl_xattr.h>
11 #include <linux/fs_struct.h>
12 
13 struct posix_acl *orangefs_get_acl(struct inode *inode, int type)
14 {
15 	struct posix_acl *acl;
16 	int ret;
17 	char *key = NULL, *value = NULL;
18 
19 	switch (type) {
20 	case ACL_TYPE_ACCESS:
21 		key = ORANGEFS_XATTR_NAME_ACL_ACCESS;
22 		break;
23 	case ACL_TYPE_DEFAULT:
24 		key = ORANGEFS_XATTR_NAME_ACL_DEFAULT;
25 		break;
26 	default:
27 		gossip_err("orangefs_get_acl: bogus value of type %d\n", type);
28 		return ERR_PTR(-EINVAL);
29 	}
30 	/*
31 	 * Rather than incurring a network call just to determine the exact
32 	 * length of the attribute, I just allocate a max length to save on
33 	 * the network call. Conceivably, we could pass NULL to
34 	 * orangefs_inode_getxattr() to probe the length of the value, but
35 	 * I don't do that for now.
36 	 */
37 	value = kmalloc(ORANGEFS_MAX_XATTR_VALUELEN, GFP_KERNEL);
38 	if (value == NULL)
39 		return ERR_PTR(-ENOMEM);
40 
41 	gossip_debug(GOSSIP_ACL_DEBUG,
42 		     "inode %pU, key %s, type %d\n",
43 		     get_khandle_from_ino(inode),
44 		     key,
45 		     type);
46 	ret = orangefs_inode_getxattr(inode,
47 				   "",
48 				   key,
49 				   value,
50 				   ORANGEFS_MAX_XATTR_VALUELEN);
51 	/* if the key exists, convert it to an in-memory rep */
52 	if (ret > 0) {
53 		acl = posix_acl_from_xattr(&init_user_ns, value, ret);
54 	} else if (ret == -ENODATA || ret == -ENOSYS) {
55 		acl = NULL;
56 	} else {
57 		gossip_err("inode %pU retrieving acl's failed with error %d\n",
58 			   get_khandle_from_ino(inode),
59 			   ret);
60 		acl = ERR_PTR(ret);
61 	}
62 	/* kfree(NULL) is safe, so don't worry if value ever got used */
63 	kfree(value);
64 	return acl;
65 }
66 
67 int orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
68 {
69 	struct orangefs_inode_s *orangefs_inode = ORANGEFS_I(inode);
70 	int error = 0;
71 	void *value = NULL;
72 	size_t size = 0;
73 	const char *name = NULL;
74 
75 	switch (type) {
76 	case ACL_TYPE_ACCESS:
77 		name = ORANGEFS_XATTR_NAME_ACL_ACCESS;
78 		if (acl) {
79 			umode_t mode = inode->i_mode;
80 			/*
81 			 * can we represent this with the traditional file
82 			 * mode permission bits?
83 			 */
84 			error = posix_acl_equiv_mode(acl, &mode);
85 			if (error < 0) {
86 				gossip_err("%s: posix_acl_equiv_mode err: %d\n",
87 					   __func__,
88 					   error);
89 				return error;
90 			}
91 
92 			if (inode->i_mode != mode)
93 				SetModeFlag(orangefs_inode);
94 			inode->i_mode = mode;
95 			mark_inode_dirty_sync(inode);
96 			if (error == 0)
97 				acl = NULL;
98 		}
99 		break;
100 	case ACL_TYPE_DEFAULT:
101 		name = ORANGEFS_XATTR_NAME_ACL_DEFAULT;
102 		break;
103 	default:
104 		gossip_err("%s: invalid type %d!\n", __func__, type);
105 		return -EINVAL;
106 	}
107 
108 	gossip_debug(GOSSIP_ACL_DEBUG,
109 		     "%s: inode %pU, key %s type %d\n",
110 		     __func__, get_khandle_from_ino(inode),
111 		     name,
112 		     type);
113 
114 	if (acl) {
115 		size = posix_acl_xattr_size(acl->a_count);
116 		value = kmalloc(size, GFP_KERNEL);
117 		if (!value)
118 			return -ENOMEM;
119 
120 		error = posix_acl_to_xattr(&init_user_ns, acl, value, size);
121 		if (error < 0)
122 			goto out;
123 	}
124 
125 	gossip_debug(GOSSIP_ACL_DEBUG,
126 		     "%s: name %s, value %p, size %zd, acl %p\n",
127 		     __func__, name, value, size, acl);
128 	/*
129 	 * Go ahead and set the extended attribute now. NOTE: Suppose acl
130 	 * was NULL, then value will be NULL and size will be 0 and that
131 	 * will xlate to a removexattr. However, we don't want removexattr
132 	 * complain if attributes does not exist.
133 	 */
134 	error = orangefs_inode_setxattr(inode, "", name, value, size, 0);
135 
136 out:
137 	kfree(value);
138 	if (!error)
139 		set_cached_acl(inode, type, acl);
140 	return error;
141 }
142 
143 int orangefs_init_acl(struct inode *inode, struct inode *dir)
144 {
145 	struct orangefs_inode_s *orangefs_inode = ORANGEFS_I(inode);
146 	struct posix_acl *default_acl, *acl;
147 	umode_t mode = inode->i_mode;
148 	int error = 0;
149 
150 	ClearModeFlag(orangefs_inode);
151 
152 	error = posix_acl_create(dir, &mode, &default_acl, &acl);
153 	if (error)
154 		return error;
155 
156 	if (default_acl) {
157 		error = orangefs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
158 		posix_acl_release(default_acl);
159 	}
160 
161 	if (acl) {
162 		if (!error)
163 			error = orangefs_set_acl(inode, acl, ACL_TYPE_ACCESS);
164 		posix_acl_release(acl);
165 	}
166 
167 	/* If mode of the inode was changed, then do a forcible ->setattr */
168 	if (mode != inode->i_mode) {
169 		SetModeFlag(orangefs_inode);
170 		inode->i_mode = mode;
171 		orangefs_flush_inode(inode);
172 	}
173 
174 	return error;
175 }
176