root/fs/orangefs/acl.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. orangefs_get_acl
  2. __orangefs_set_acl
  3. orangefs_set_acl
  4. orangefs_init_acl
   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * (C) 2001 Clemson University and The University of Chicago
   4  *
   5  * See COPYING in top-level directory.
   6  */
   7 
   8 #include "protocol.h"
   9 #include "orangefs-kernel.h"
  10 #include "orangefs-bufmap.h"
  11 #include <linux/posix_acl_xattr.h>
  12 
  13 struct posix_acl *orangefs_get_acl(struct inode *inode, int type)
  14 {
  15         struct posix_acl *acl;
  16         int ret;
  17         char *key = NULL, *value = NULL;
  18 
  19         switch (type) {
  20         case ACL_TYPE_ACCESS:
  21                 key = XATTR_NAME_POSIX_ACL_ACCESS;
  22                 break;
  23         case ACL_TYPE_DEFAULT:
  24                 key = XATTR_NAME_POSIX_ACL_DEFAULT;
  25                 break;
  26         default:
  27                 gossip_err("orangefs_get_acl: bogus value of type %d\n", type);
  28                 return ERR_PTR(-EINVAL);
  29         }
  30         /*
  31          * Rather than incurring a network call just to determine the exact
  32          * length of the attribute, I just allocate a max length to save on
  33          * the network call. Conceivably, we could pass NULL to
  34          * orangefs_inode_getxattr() to probe the length of the value, but
  35          * I don't do that for now.
  36          */
  37         value = kmalloc(ORANGEFS_MAX_XATTR_VALUELEN, GFP_KERNEL);
  38         if (!value)
  39                 return ERR_PTR(-ENOMEM);
  40 
  41         gossip_debug(GOSSIP_ACL_DEBUG,
  42                      "inode %pU, key %s, type %d\n",
  43                      get_khandle_from_ino(inode),
  44                      key,
  45                      type);
  46         ret = orangefs_inode_getxattr(inode, key, value,
  47                                       ORANGEFS_MAX_XATTR_VALUELEN);
  48         /* if the key exists, convert it to an in-memory rep */
  49         if (ret > 0) {
  50                 acl = posix_acl_from_xattr(&init_user_ns, value, ret);
  51         } else if (ret == -ENODATA || ret == -ENOSYS) {
  52                 acl = NULL;
  53         } else {
  54                 gossip_err("inode %pU retrieving acl's failed with error %d\n",
  55                            get_khandle_from_ino(inode),
  56                            ret);
  57                 acl = ERR_PTR(ret);
  58         }
  59         /* kfree(NULL) is safe, so don't worry if value ever got used */
  60         kfree(value);
  61         return acl;
  62 }
  63 
  64 static int __orangefs_set_acl(struct inode *inode, struct posix_acl *acl,
  65                               int type)
  66 {
  67         int error = 0;
  68         void *value = NULL;
  69         size_t size = 0;
  70         const char *name = NULL;
  71 
  72         switch (type) {
  73         case ACL_TYPE_ACCESS:
  74                 name = XATTR_NAME_POSIX_ACL_ACCESS;
  75                 break;
  76         case ACL_TYPE_DEFAULT:
  77                 name = XATTR_NAME_POSIX_ACL_DEFAULT;
  78                 break;
  79         default:
  80                 gossip_err("%s: invalid type %d!\n", __func__, type);
  81                 return -EINVAL;
  82         }
  83 
  84         gossip_debug(GOSSIP_ACL_DEBUG,
  85                      "%s: inode %pU, key %s type %d\n",
  86                      __func__, get_khandle_from_ino(inode),
  87                      name,
  88                      type);
  89 
  90         if (acl) {
  91                 size = posix_acl_xattr_size(acl->a_count);
  92                 value = kmalloc(size, GFP_KERNEL);
  93                 if (!value)
  94                         return -ENOMEM;
  95 
  96                 error = posix_acl_to_xattr(&init_user_ns, acl, value, size);
  97                 if (error < 0)
  98                         goto out;
  99         }
 100 
 101         gossip_debug(GOSSIP_ACL_DEBUG,
 102                      "%s: name %s, value %p, size %zd, acl %p\n",
 103                      __func__, name, value, size, acl);
 104         /*
 105          * Go ahead and set the extended attribute now. NOTE: Suppose acl
 106          * was NULL, then value will be NULL and size will be 0 and that
 107          * will xlate to a removexattr. However, we don't want removexattr
 108          * complain if attributes does not exist.
 109          */
 110         error = orangefs_inode_setxattr(inode, name, value, size, 0);
 111 
 112 out:
 113         kfree(value);
 114         if (!error)
 115                 set_cached_acl(inode, type, acl);
 116         return error;
 117 }
 118 
 119 int orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
 120 {
 121         int error;
 122         struct iattr iattr;
 123         int rc;
 124 
 125         if (type == ACL_TYPE_ACCESS && acl) {
 126                 /*
 127                  * posix_acl_update_mode checks to see if the permissions
 128                  * described by the ACL can be encoded into the
 129                  * object's mode. If so, it sets "acl" to NULL
 130                  * and "mode" to the new desired value. It is up to
 131                  * us to propagate the new mode back to the server...
 132                  */
 133                 error = posix_acl_update_mode(inode, &iattr.ia_mode, &acl);
 134                 if (error) {
 135                         gossip_err("%s: posix_acl_update_mode err: %d\n",
 136                                    __func__,
 137                                    error);
 138                         return error;
 139                 }
 140 
 141                 if (acl) {
 142                         rc = __orangefs_set_acl(inode, acl, type);
 143                 } else {
 144                         iattr.ia_valid = ATTR_MODE;
 145                         rc = __orangefs_setattr(inode, &iattr);
 146                 }
 147 
 148                 return rc;
 149 
 150         } else {
 151                 return -EINVAL;
 152         }
 153 }
 154 
 155 int orangefs_init_acl(struct inode *inode, struct inode *dir)
 156 {
 157         struct posix_acl *default_acl, *acl;
 158         umode_t mode = inode->i_mode;
 159         struct iattr iattr;
 160         int error = 0;
 161 
 162         error = posix_acl_create(dir, &mode, &default_acl, &acl);
 163         if (error)
 164                 return error;
 165 
 166         if (default_acl) {
 167                 error = __orangefs_set_acl(inode, default_acl,
 168                                            ACL_TYPE_DEFAULT);
 169                 posix_acl_release(default_acl);
 170         } else {
 171                 inode->i_default_acl = NULL;
 172         }
 173 
 174         if (acl) {
 175                 if (!error)
 176                         error = __orangefs_set_acl(inode, acl, ACL_TYPE_ACCESS);
 177                 posix_acl_release(acl);
 178         } else {
 179                 inode->i_acl = NULL;
 180         }
 181 
 182         /* If mode of the inode was changed, then do a forcible ->setattr */
 183         if (mode != inode->i_mode) {
 184                 memset(&iattr, 0, sizeof iattr);
 185                 inode->i_mode = mode;
 186                 iattr.ia_mode = mode;
 187                 iattr.ia_valid |= ATTR_MODE;
 188                 __orangefs_setattr(inode, &iattr);
 189         }
 190 
 191         return error;
 192 }
/* [<][>][^][v][top][bottom][index][help] */