1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * (C) 2001 Clemson University and The University of Chicago 4 * 5 * See COPYING in top-level directory. 6 */ 7 8 #include "protocol.h" 9 #include "orangefs-kernel.h" 10 #include "orangefs-bufmap.h" 11 #include <linux/posix_acl_xattr.h> 12 13 struct posix_acl *orangefs_get_acl(struct inode *inode, int type) 14 { 15 struct posix_acl *acl; 16 int ret; 17 char *key = NULL, *value = NULL; 18 19 switch (type) { 20 case ACL_TYPE_ACCESS: 21 key = XATTR_NAME_POSIX_ACL_ACCESS; 22 break; 23 case ACL_TYPE_DEFAULT: 24 key = XATTR_NAME_POSIX_ACL_DEFAULT; 25 break; 26 default: 27 gossip_err("orangefs_get_acl: bogus value of type %d\n", type); 28 return ERR_PTR(-EINVAL); 29 } 30 /* 31 * Rather than incurring a network call just to determine the exact 32 * length of the attribute, I just allocate a max length to save on 33 * the network call. Conceivably, we could pass NULL to 34 * orangefs_inode_getxattr() to probe the length of the value, but 35 * I don't do that for now. 36 */ 37 value = kmalloc(ORANGEFS_MAX_XATTR_VALUELEN, GFP_KERNEL); 38 if (!value) 39 return ERR_PTR(-ENOMEM); 40 41 gossip_debug(GOSSIP_ACL_DEBUG, 42 "inode %pU, key %s, type %d\n", 43 get_khandle_from_ino(inode), 44 key, 45 type); 46 ret = orangefs_inode_getxattr(inode, key, value, 47 ORANGEFS_MAX_XATTR_VALUELEN); 48 /* if the key exists, convert it to an in-memory rep */ 49 if (ret > 0) { 50 acl = posix_acl_from_xattr(&init_user_ns, value, ret); 51 } else if (ret == -ENODATA || ret == -ENOSYS) { 52 acl = NULL; 53 } else { 54 gossip_err("inode %pU retrieving acl's failed with error %d\n", 55 get_khandle_from_ino(inode), 56 ret); 57 acl = ERR_PTR(ret); 58 } 59 /* kfree(NULL) is safe, so don't worry if value ever got used */ 60 kfree(value); 61 return acl; 62 } 63 64 static int __orangefs_set_acl(struct inode *inode, struct posix_acl *acl, 65 int type) 66 { 67 int error = 0; 68 void *value = NULL; 69 size_t size = 0; 70 const char *name = NULL; 71 72 switch (type) { 73 case ACL_TYPE_ACCESS: 74 name = XATTR_NAME_POSIX_ACL_ACCESS; 75 break; 76 case ACL_TYPE_DEFAULT: 77 name = XATTR_NAME_POSIX_ACL_DEFAULT; 78 break; 79 default: 80 gossip_err("%s: invalid type %d!\n", __func__, type); 81 return -EINVAL; 82 } 83 84 gossip_debug(GOSSIP_ACL_DEBUG, 85 "%s: inode %pU, key %s type %d\n", 86 __func__, get_khandle_from_ino(inode), 87 name, 88 type); 89 90 if (acl) { 91 size = posix_acl_xattr_size(acl->a_count); 92 value = kmalloc(size, GFP_KERNEL); 93 if (!value) 94 return -ENOMEM; 95 96 error = posix_acl_to_xattr(&init_user_ns, acl, value, size); 97 if (error < 0) 98 goto out; 99 } 100 101 gossip_debug(GOSSIP_ACL_DEBUG, 102 "%s: name %s, value %p, size %zd, acl %p\n", 103 __func__, name, value, size, acl); 104 /* 105 * Go ahead and set the extended attribute now. NOTE: Suppose acl 106 * was NULL, then value will be NULL and size will be 0 and that 107 * will xlate to a removexattr. However, we don't want removexattr 108 * complain if attributes does not exist. 109 */ 110 error = orangefs_inode_setxattr(inode, name, value, size, 0); 111 112 out: 113 kfree(value); 114 if (!error) 115 set_cached_acl(inode, type, acl); 116 return error; 117 } 118 119 int orangefs_set_acl(struct user_namespace *mnt_userns, struct inode *inode, 120 struct posix_acl *acl, int type) 121 { 122 int error; 123 struct iattr iattr; 124 int rc; 125 126 memset(&iattr, 0, sizeof iattr); 127 128 if (type == ACL_TYPE_ACCESS && acl) { 129 /* 130 * posix_acl_update_mode checks to see if the permissions 131 * described by the ACL can be encoded into the 132 * object's mode. If so, it sets "acl" to NULL 133 * and "mode" to the new desired value. It is up to 134 * us to propagate the new mode back to the server... 135 */ 136 error = posix_acl_update_mode(&init_user_ns, inode, 137 &iattr.ia_mode, &acl); 138 if (error) { 139 gossip_err("%s: posix_acl_update_mode err: %d\n", 140 __func__, 141 error); 142 return error; 143 } 144 145 if (inode->i_mode != iattr.ia_mode) 146 iattr.ia_valid = ATTR_MODE; 147 148 } 149 150 rc = __orangefs_set_acl(inode, acl, type); 151 152 if (!rc && (iattr.ia_valid == ATTR_MODE)) 153 rc = __orangefs_setattr(inode, &iattr); 154 155 return rc; 156 } 157 158 int orangefs_init_acl(struct inode *inode, struct inode *dir) 159 { 160 struct posix_acl *default_acl, *acl; 161 umode_t mode = inode->i_mode; 162 struct iattr iattr; 163 int error = 0; 164 165 error = posix_acl_create(dir, &mode, &default_acl, &acl); 166 if (error) 167 return error; 168 169 if (default_acl) { 170 error = __orangefs_set_acl(inode, default_acl, 171 ACL_TYPE_DEFAULT); 172 posix_acl_release(default_acl); 173 } else { 174 inode->i_default_acl = NULL; 175 } 176 177 if (acl) { 178 if (!error) 179 error = __orangefs_set_acl(inode, acl, ACL_TYPE_ACCESS); 180 posix_acl_release(acl); 181 } else { 182 inode->i_acl = NULL; 183 } 184 185 /* If mode of the inode was changed, then do a forcible ->setattr */ 186 if (mode != inode->i_mode) { 187 memset(&iattr, 0, sizeof iattr); 188 inode->i_mode = mode; 189 iattr.ia_mode = mode; 190 iattr.ia_valid |= ATTR_MODE; 191 __orangefs_setattr(inode, &iattr); 192 } 193 194 return error; 195 } 196