xref: /linux/fs/orangefs/acl.c (revision 09141ec0e4efede4fb5e2aa68cb819fba974325c)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * (C) 2001 Clemson University and The University of Chicago
4  *
5  * See COPYING in top-level directory.
6  */
7 
8 #include "protocol.h"
9 #include "orangefs-kernel.h"
10 #include "orangefs-bufmap.h"
11 #include <linux/posix_acl_xattr.h>
12 
13 struct posix_acl *orangefs_get_acl(struct inode *inode, int type)
14 {
15 	struct posix_acl *acl;
16 	int ret;
17 	char *key = NULL, *value = NULL;
18 
19 	switch (type) {
20 	case ACL_TYPE_ACCESS:
21 		key = XATTR_NAME_POSIX_ACL_ACCESS;
22 		break;
23 	case ACL_TYPE_DEFAULT:
24 		key = XATTR_NAME_POSIX_ACL_DEFAULT;
25 		break;
26 	default:
27 		gossip_err("orangefs_get_acl: bogus value of type %d\n", type);
28 		return ERR_PTR(-EINVAL);
29 	}
30 	/*
31 	 * Rather than incurring a network call just to determine the exact
32 	 * length of the attribute, I just allocate a max length to save on
33 	 * the network call. Conceivably, we could pass NULL to
34 	 * orangefs_inode_getxattr() to probe the length of the value, but
35 	 * I don't do that for now.
36 	 */
37 	value = kmalloc(ORANGEFS_MAX_XATTR_VALUELEN, GFP_KERNEL);
38 	if (!value)
39 		return ERR_PTR(-ENOMEM);
40 
41 	gossip_debug(GOSSIP_ACL_DEBUG,
42 		     "inode %pU, key %s, type %d\n",
43 		     get_khandle_from_ino(inode),
44 		     key,
45 		     type);
46 	ret = orangefs_inode_getxattr(inode, key, value,
47 				      ORANGEFS_MAX_XATTR_VALUELEN);
48 	/* if the key exists, convert it to an in-memory rep */
49 	if (ret > 0) {
50 		acl = posix_acl_from_xattr(&init_user_ns, value, ret);
51 	} else if (ret == -ENODATA || ret == -ENOSYS) {
52 		acl = NULL;
53 	} else {
54 		gossip_err("inode %pU retrieving acl's failed with error %d\n",
55 			   get_khandle_from_ino(inode),
56 			   ret);
57 		acl = ERR_PTR(ret);
58 	}
59 	/* kfree(NULL) is safe, so don't worry if value ever got used */
60 	kfree(value);
61 	return acl;
62 }
63 
64 static int __orangefs_set_acl(struct inode *inode, struct posix_acl *acl,
65 			      int type)
66 {
67 	int error = 0;
68 	void *value = NULL;
69 	size_t size = 0;
70 	const char *name = NULL;
71 
72 	switch (type) {
73 	case ACL_TYPE_ACCESS:
74 		name = XATTR_NAME_POSIX_ACL_ACCESS;
75 		break;
76 	case ACL_TYPE_DEFAULT:
77 		name = XATTR_NAME_POSIX_ACL_DEFAULT;
78 		break;
79 	default:
80 		gossip_err("%s: invalid type %d!\n", __func__, type);
81 		return -EINVAL;
82 	}
83 
84 	gossip_debug(GOSSIP_ACL_DEBUG,
85 		     "%s: inode %pU, key %s type %d\n",
86 		     __func__, get_khandle_from_ino(inode),
87 		     name,
88 		     type);
89 
90 	if (acl) {
91 		size = posix_acl_xattr_size(acl->a_count);
92 		value = kmalloc(size, GFP_KERNEL);
93 		if (!value)
94 			return -ENOMEM;
95 
96 		error = posix_acl_to_xattr(&init_user_ns, acl, value, size);
97 		if (error < 0)
98 			goto out;
99 	}
100 
101 	gossip_debug(GOSSIP_ACL_DEBUG,
102 		     "%s: name %s, value %p, size %zd, acl %p\n",
103 		     __func__, name, value, size, acl);
104 	/*
105 	 * Go ahead and set the extended attribute now. NOTE: Suppose acl
106 	 * was NULL, then value will be NULL and size will be 0 and that
107 	 * will xlate to a removexattr. However, we don't want removexattr
108 	 * complain if attributes does not exist.
109 	 */
110 	error = orangefs_inode_setxattr(inode, name, value, size, 0);
111 
112 out:
113 	kfree(value);
114 	if (!error)
115 		set_cached_acl(inode, type, acl);
116 	return error;
117 }
118 
119 int orangefs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
120 		     struct posix_acl *acl, int type)
121 {
122 	int error;
123 	struct iattr iattr;
124 	int rc;
125 
126 	memset(&iattr, 0, sizeof iattr);
127 
128 	if (type == ACL_TYPE_ACCESS && acl) {
129 		/*
130 		 * posix_acl_update_mode checks to see if the permissions
131 		 * described by the ACL can be encoded into the
132 		 * object's mode. If so, it sets "acl" to NULL
133 		 * and "mode" to the new desired value. It is up to
134 		 * us to propagate the new mode back to the server...
135 		 */
136 		error = posix_acl_update_mode(&init_user_ns, inode,
137 					      &iattr.ia_mode, &acl);
138 		if (error) {
139 			gossip_err("%s: posix_acl_update_mode err: %d\n",
140 				   __func__,
141 				   error);
142 			return error;
143 		}
144 
145 		if (inode->i_mode != iattr.ia_mode)
146 			iattr.ia_valid = ATTR_MODE;
147 
148 	}
149 
150 	rc = __orangefs_set_acl(inode, acl, type);
151 
152 	if (!rc && (iattr.ia_valid == ATTR_MODE))
153 		rc = __orangefs_setattr(inode, &iattr);
154 
155 	return rc;
156 }
157 
158 int orangefs_init_acl(struct inode *inode, struct inode *dir)
159 {
160 	struct posix_acl *default_acl, *acl;
161 	umode_t mode = inode->i_mode;
162 	struct iattr iattr;
163 	int error = 0;
164 
165 	error = posix_acl_create(dir, &mode, &default_acl, &acl);
166 	if (error)
167 		return error;
168 
169 	if (default_acl) {
170 		error = __orangefs_set_acl(inode, default_acl,
171 					   ACL_TYPE_DEFAULT);
172 		posix_acl_release(default_acl);
173 	} else {
174 		inode->i_default_acl = NULL;
175 	}
176 
177 	if (acl) {
178 		if (!error)
179 			error = __orangefs_set_acl(inode, acl, ACL_TYPE_ACCESS);
180 		posix_acl_release(acl);
181 	} else {
182 		inode->i_acl = NULL;
183 	}
184 
185 	/* If mode of the inode was changed, then do a forcible ->setattr */
186 	if (mode != inode->i_mode) {
187 		memset(&iattr, 0, sizeof iattr);
188 		inode->i_mode = mode;
189 		iattr.ia_mode = mode;
190 		iattr.ia_valid |= ATTR_MODE;
191 		__orangefs_setattr(inode, &iattr);
192 	}
193 
194 	return error;
195 }
196