xref: /openbmc/linux/fs/orangefs/acl.c (revision 700b7940) 
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * (C) 2001 Clemson University and The University of Chicago
4  *
5  * See COPYING in top-level directory.
6  */
7 
8 #include "protocol.h"
9 #include "orangefs-kernel.h"
10 #include "orangefs-bufmap.h"
11 #include <linux/posix_acl_xattr.h>
12 
orangefs_get_acl(struct inode * inode,int type,bool rcu)13 struct posix_acl *orangefs_get_acl(struct inode *inode, int type, bool rcu)
14 {
15 	struct posix_acl *acl;
16 	int ret;
17 	char *key = NULL, *value = NULL;
18 
19 	if (rcu)
20 		return ERR_PTR(-ECHILD);
21 
22 	switch (type) {
23 	case ACL_TYPE_ACCESS:
24 		key = XATTR_NAME_POSIX_ACL_ACCESS;
25 		break;
26 	case ACL_TYPE_DEFAULT:
27 		key = XATTR_NAME_POSIX_ACL_DEFAULT;
28 		break;
29 	default:
30 		gossip_err("orangefs_get_acl: bogus value of type %d\n", type);
31 		return ERR_PTR(-EINVAL);
32 	}
33 	/*
34 	 * Rather than incurring a network call just to determine the exact
35 	 * length of the attribute, I just allocate a max length to save on
36 	 * the network call. Conceivably, we could pass NULL to
37 	 * orangefs_inode_getxattr() to probe the length of the value, but
38 	 * I don't do that for now.
39 	 */
40 	value = kmalloc(ORANGEFS_MAX_XATTR_VALUELEN, GFP_KERNEL);
41 	if (!value)
42 		return ERR_PTR(-ENOMEM);
43 
44 	gossip_debug(GOSSIP_ACL_DEBUG,
45 		     "inode %pU, key %s, type %d\n",
46 		     get_khandle_from_ino(inode),
47 		     key,
48 		     type);
49 	ret = orangefs_inode_getxattr(inode, key, value,
50 				      ORANGEFS_MAX_XATTR_VALUELEN);
51 	/* if the key exists, convert it to an in-memory rep */
52 	if (ret > 0) {
53 		acl = posix_acl_from_xattr(&init_user_ns, value, ret);
54 	} else if (ret == -ENODATA || ret == -ENOSYS) {
55 		acl = NULL;
56 	} else {
57 		gossip_err("inode %pU retrieving acl's failed with error %d\n",
58 			   get_khandle_from_ino(inode),
59 			   ret);
60 		acl = ERR_PTR(ret);
61 	}
62 	/* kfree(NULL) is safe, so don't worry if value ever got used */
63 	kfree(value);
64 	return acl;
65 }
66 
__orangefs_set_acl(struct inode * inode,struct posix_acl * acl,int type)67 int __orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
68 {
69 	int error = 0;
70 	void *value = NULL;
71 	size_t size = 0;
72 	const char *name = NULL;
73 
74 	switch (type) {
75 	case ACL_TYPE_ACCESS:
76 		name = XATTR_NAME_POSIX_ACL_ACCESS;
77 		break;
78 	case ACL_TYPE_DEFAULT:
79 		name = XATTR_NAME_POSIX_ACL_DEFAULT;
80 		break;
81 	default:
82 		gossip_err("%s: invalid type %d!\n", __func__, type);
83 		return -EINVAL;
84 	}
85 
86 	gossip_debug(GOSSIP_ACL_DEBUG,
87 		     "%s: inode %pU, key %s type %d\n",
88 		     __func__, get_khandle_from_ino(inode),
89 		     name,
90 		     type);
91 
92 	if (acl) {
93 		size = posix_acl_xattr_size(acl->a_count);
94 		value = kmalloc(size, GFP_KERNEL);
95 		if (!value)
96 			return -ENOMEM;
97 
98 		error = posix_acl_to_xattr(&init_user_ns, acl, value, size);
99 		if (error < 0)
100 			goto out;
101 	}
102 
103 	gossip_debug(GOSSIP_ACL_DEBUG,
104 		     "%s: name %s, value %p, size %zd, acl %p\n",
105 		     __func__, name, value, size, acl);
106 	/*
107 	 * Go ahead and set the extended attribute now. NOTE: Suppose acl
108 	 * was NULL, then value will be NULL and size will be 0 and that
109 	 * will xlate to a removexattr. However, we don't want removexattr
110 	 * complain if attributes does not exist.
111 	 */
112 	error = orangefs_inode_setxattr(inode, name, value, size, 0);
113 
114 out:
115 	kfree(value);
116 	if (!error)
117 		set_cached_acl(inode, type, acl);
118 	return error;
119 }
120 
orangefs_set_acl(struct mnt_idmap * idmap,struct dentry * dentry,struct posix_acl * acl,int type)121 int orangefs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
122 		     struct posix_acl *acl, int type)
123 {
124 	int error;
125 	struct iattr iattr;
126 	int rc;
127 	struct inode *inode = d_inode(dentry);
128 
129 	memset(&iattr, 0, sizeof iattr);
130 
131 	if (type == ACL_TYPE_ACCESS && acl) {
132 		/*
133 		 * posix_acl_update_mode checks to see if the permissions
134 		 * described by the ACL can be encoded into the
135 		 * object's mode. If so, it sets "acl" to NULL
136 		 * and "mode" to the new desired value. It is up to
137 		 * us to propagate the new mode back to the server...
138 		 */
139 		error = posix_acl_update_mode(&nop_mnt_idmap, inode,
140 					      &iattr.ia_mode, &acl);
141 		if (error) {
142 			gossip_err("%s: posix_acl_update_mode err: %d\n",
143 				   __func__,
144 				   error);
145 			return error;
146 		}
147 
148 		if (inode->i_mode != iattr.ia_mode)
149 			iattr.ia_valid = ATTR_MODE;
150 
151 	}
152 
153 	rc = __orangefs_set_acl(inode, acl, type);
154 
155 	if (!rc && (iattr.ia_valid == ATTR_MODE))
156 		rc = __orangefs_setattr_mode(dentry, &iattr);
157 
158 	return rc;
159 }
160