1 #include <linux/fs.h> 2 #include <linux/nfs.h> 3 #include <linux/nfs3.h> 4 #include <linux/nfs_fs.h> 5 #include <linux/posix_acl_xattr.h> 6 #include <linux/nfsacl.h> 7 8 #include "internal.h" 9 10 #define NFSDBG_FACILITY NFSDBG_PROC 11 12 ssize_t nfs3_listxattr(struct dentry *dentry, char *buffer, size_t size) 13 { 14 struct inode *inode = dentry->d_inode; 15 struct posix_acl *acl; 16 int pos=0, len=0; 17 18 # define output(s) do { \ 19 if (pos + sizeof(s) <= size) { \ 20 memcpy(buffer + pos, s, sizeof(s)); \ 21 pos += sizeof(s); \ 22 } \ 23 len += sizeof(s); \ 24 } while(0) 25 26 acl = nfs3_proc_getacl(inode, ACL_TYPE_ACCESS); 27 if (IS_ERR(acl)) 28 return PTR_ERR(acl); 29 if (acl) { 30 output("system.posix_acl_access"); 31 posix_acl_release(acl); 32 } 33 34 if (S_ISDIR(inode->i_mode)) { 35 acl = nfs3_proc_getacl(inode, ACL_TYPE_DEFAULT); 36 if (IS_ERR(acl)) 37 return PTR_ERR(acl); 38 if (acl) { 39 output("system.posix_acl_default"); 40 posix_acl_release(acl); 41 } 42 } 43 44 # undef output 45 46 if (!buffer || len <= size) 47 return len; 48 return -ERANGE; 49 } 50 51 ssize_t nfs3_getxattr(struct dentry *dentry, const char *name, 52 void *buffer, size_t size) 53 { 54 struct inode *inode = dentry->d_inode; 55 struct posix_acl *acl; 56 int type, error = 0; 57 58 if (strcmp(name, POSIX_ACL_XATTR_ACCESS) == 0) 59 type = ACL_TYPE_ACCESS; 60 else if (strcmp(name, POSIX_ACL_XATTR_DEFAULT) == 0) 61 type = ACL_TYPE_DEFAULT; 62 else 63 return -EOPNOTSUPP; 64 65 acl = nfs3_proc_getacl(inode, type); 66 if (IS_ERR(acl)) 67 return PTR_ERR(acl); 68 else if (acl) { 69 if (type == ACL_TYPE_ACCESS && acl->a_count == 0) 70 error = -ENODATA; 71 else 72 error = posix_acl_to_xattr(acl, buffer, size); 73 posix_acl_release(acl); 74 } else 75 error = -ENODATA; 76 77 return error; 78 } 79 80 int nfs3_setxattr(struct dentry *dentry, const char *name, 81 const void *value, size_t size, int flags) 82 { 83 struct inode *inode = dentry->d_inode; 84 struct posix_acl *acl; 85 int type, error; 86 87 if (strcmp(name, POSIX_ACL_XATTR_ACCESS) == 0) 88 type = ACL_TYPE_ACCESS; 89 else if (strcmp(name, POSIX_ACL_XATTR_DEFAULT) == 0) 90 type = ACL_TYPE_DEFAULT; 91 else 92 return -EOPNOTSUPP; 93 94 acl = posix_acl_from_xattr(value, size); 95 if (IS_ERR(acl)) 96 return PTR_ERR(acl); 97 error = nfs3_proc_setacl(inode, type, acl); 98 posix_acl_release(acl); 99 100 return error; 101 } 102 103 int nfs3_removexattr(struct dentry *dentry, const char *name) 104 { 105 struct inode *inode = dentry->d_inode; 106 int type; 107 108 if (strcmp(name, POSIX_ACL_XATTR_ACCESS) == 0) 109 type = ACL_TYPE_ACCESS; 110 else if (strcmp(name, POSIX_ACL_XATTR_DEFAULT) == 0) 111 type = ACL_TYPE_DEFAULT; 112 else 113 return -EOPNOTSUPP; 114 115 return nfs3_proc_setacl(inode, type, NULL); 116 } 117 118 static void __nfs3_forget_cached_acls(struct nfs_inode *nfsi) 119 { 120 if (!IS_ERR(nfsi->acl_access)) { 121 posix_acl_release(nfsi->acl_access); 122 nfsi->acl_access = ERR_PTR(-EAGAIN); 123 } 124 if (!IS_ERR(nfsi->acl_default)) { 125 posix_acl_release(nfsi->acl_default); 126 nfsi->acl_default = ERR_PTR(-EAGAIN); 127 } 128 } 129 130 void nfs3_forget_cached_acls(struct inode *inode) 131 { 132 dprintk("NFS: nfs3_forget_cached_acls(%s/%ld)\n", inode->i_sb->s_id, 133 inode->i_ino); 134 spin_lock(&inode->i_lock); 135 __nfs3_forget_cached_acls(NFS_I(inode)); 136 spin_unlock(&inode->i_lock); 137 } 138 139 static struct posix_acl *nfs3_get_cached_acl(struct inode *inode, int type) 140 { 141 struct nfs_inode *nfsi = NFS_I(inode); 142 struct posix_acl *acl = ERR_PTR(-EINVAL); 143 144 spin_lock(&inode->i_lock); 145 switch(type) { 146 case ACL_TYPE_ACCESS: 147 acl = nfsi->acl_access; 148 break; 149 150 case ACL_TYPE_DEFAULT: 151 acl = nfsi->acl_default; 152 break; 153 154 default: 155 goto out; 156 } 157 if (IS_ERR(acl)) 158 acl = ERR_PTR(-EAGAIN); 159 else 160 acl = posix_acl_dup(acl); 161 out: 162 spin_unlock(&inode->i_lock); 163 dprintk("NFS: nfs3_get_cached_acl(%s/%ld, %d) = %p\n", inode->i_sb->s_id, 164 inode->i_ino, type, acl); 165 return acl; 166 } 167 168 static void nfs3_cache_acls(struct inode *inode, struct posix_acl *acl, 169 struct posix_acl *dfacl) 170 { 171 struct nfs_inode *nfsi = NFS_I(inode); 172 173 dprintk("nfs3_cache_acls(%s/%ld, %p, %p)\n", inode->i_sb->s_id, 174 inode->i_ino, acl, dfacl); 175 spin_lock(&inode->i_lock); 176 __nfs3_forget_cached_acls(NFS_I(inode)); 177 if (!IS_ERR(acl)) 178 nfsi->acl_access = posix_acl_dup(acl); 179 if (!IS_ERR(dfacl)) 180 nfsi->acl_default = posix_acl_dup(dfacl); 181 spin_unlock(&inode->i_lock); 182 } 183 184 struct posix_acl *nfs3_proc_getacl(struct inode *inode, int type) 185 { 186 struct nfs_server *server = NFS_SERVER(inode); 187 struct nfs_fattr fattr; 188 struct page *pages[NFSACL_MAXPAGES] = { }; 189 struct nfs3_getaclargs args = { 190 .fh = NFS_FH(inode), 191 /* The xdr layer may allocate pages here. */ 192 .pages = pages, 193 }; 194 struct nfs3_getaclres res = { 195 .fattr = &fattr, 196 }; 197 struct rpc_message msg = { 198 .rpc_argp = &args, 199 .rpc_resp = &res, 200 }; 201 struct posix_acl *acl; 202 int status, count; 203 204 if (!nfs_server_capable(inode, NFS_CAP_ACLS)) 205 return ERR_PTR(-EOPNOTSUPP); 206 207 status = nfs_revalidate_inode(server, inode); 208 if (status < 0) 209 return ERR_PTR(status); 210 if (NFS_I(inode)->cache_validity & NFS_INO_INVALID_ACL) 211 nfs_zap_acl_cache(inode); 212 acl = nfs3_get_cached_acl(inode, type); 213 if (acl != ERR_PTR(-EAGAIN)) 214 return acl; 215 acl = NULL; 216 217 /* 218 * Only get the access acl when explicitly requested: We don't 219 * need it for access decisions, and only some applications use 220 * it. Applications which request the access acl first are not 221 * penalized from this optimization. 222 */ 223 if (type == ACL_TYPE_ACCESS) 224 args.mask |= NFS_ACLCNT|NFS_ACL; 225 if (S_ISDIR(inode->i_mode)) 226 args.mask |= NFS_DFACLCNT|NFS_DFACL; 227 if (args.mask == 0) 228 return NULL; 229 230 dprintk("NFS call getacl\n"); 231 msg.rpc_proc = &server->client_acl->cl_procinfo[ACLPROC3_GETACL]; 232 nfs_fattr_init(&fattr); 233 status = rpc_call_sync(server->client_acl, &msg, 0); 234 dprintk("NFS reply getacl: %d\n", status); 235 236 /* pages may have been allocated at the xdr layer. */ 237 for (count = 0; count < NFSACL_MAXPAGES && args.pages[count]; count++) 238 __free_page(args.pages[count]); 239 240 switch (status) { 241 case 0: 242 status = nfs_refresh_inode(inode, &fattr); 243 break; 244 case -EPFNOSUPPORT: 245 case -EPROTONOSUPPORT: 246 dprintk("NFS_V3_ACL extension not supported; disabling\n"); 247 server->caps &= ~NFS_CAP_ACLS; 248 case -ENOTSUPP: 249 status = -EOPNOTSUPP; 250 default: 251 goto getout; 252 } 253 if ((args.mask & res.mask) != args.mask) { 254 status = -EIO; 255 goto getout; 256 } 257 258 if (res.acl_access != NULL) { 259 if (posix_acl_equiv_mode(res.acl_access, NULL) == 0) { 260 posix_acl_release(res.acl_access); 261 res.acl_access = NULL; 262 } 263 } 264 nfs3_cache_acls(inode, 265 (res.mask & NFS_ACL) ? res.acl_access : ERR_PTR(-EINVAL), 266 (res.mask & NFS_DFACL) ? res.acl_default : ERR_PTR(-EINVAL)); 267 268 switch(type) { 269 case ACL_TYPE_ACCESS: 270 acl = res.acl_access; 271 res.acl_access = NULL; 272 break; 273 274 case ACL_TYPE_DEFAULT: 275 acl = res.acl_default; 276 res.acl_default = NULL; 277 } 278 279 getout: 280 posix_acl_release(res.acl_access); 281 posix_acl_release(res.acl_default); 282 283 if (status != 0) { 284 posix_acl_release(acl); 285 acl = ERR_PTR(status); 286 } 287 return acl; 288 } 289 290 static int nfs3_proc_setacls(struct inode *inode, struct posix_acl *acl, 291 struct posix_acl *dfacl) 292 { 293 struct nfs_server *server = NFS_SERVER(inode); 294 struct nfs_fattr fattr; 295 struct page *pages[NFSACL_MAXPAGES] = { }; 296 struct nfs3_setaclargs args = { 297 .inode = inode, 298 .mask = NFS_ACL, 299 .acl_access = acl, 300 .pages = pages, 301 }; 302 struct rpc_message msg = { 303 .rpc_argp = &args, 304 .rpc_resp = &fattr, 305 }; 306 int status, count; 307 308 status = -EOPNOTSUPP; 309 if (!nfs_server_capable(inode, NFS_CAP_ACLS)) 310 goto out; 311 312 /* We are doing this here, because XDR marshalling can only 313 return -ENOMEM. */ 314 status = -ENOSPC; 315 if (acl != NULL && acl->a_count > NFS_ACL_MAX_ENTRIES) 316 goto out; 317 if (dfacl != NULL && dfacl->a_count > NFS_ACL_MAX_ENTRIES) 318 goto out; 319 if (S_ISDIR(inode->i_mode)) { 320 args.mask |= NFS_DFACL; 321 args.acl_default = dfacl; 322 } 323 324 dprintk("NFS call setacl\n"); 325 msg.rpc_proc = &server->client_acl->cl_procinfo[ACLPROC3_SETACL]; 326 nfs_fattr_init(&fattr); 327 status = rpc_call_sync(server->client_acl, &msg, 0); 328 nfs_access_zap_cache(inode); 329 nfs_zap_acl_cache(inode); 330 dprintk("NFS reply setacl: %d\n", status); 331 332 /* pages may have been allocated at the xdr layer. */ 333 for (count = 0; count < NFSACL_MAXPAGES && args.pages[count]; count++) 334 __free_page(args.pages[count]); 335 336 switch (status) { 337 case 0: 338 status = nfs_refresh_inode(inode, &fattr); 339 nfs3_cache_acls(inode, acl, dfacl); 340 break; 341 case -EPFNOSUPPORT: 342 case -EPROTONOSUPPORT: 343 dprintk("NFS_V3_ACL SETACL RPC not supported" 344 "(will not retry)\n"); 345 server->caps &= ~NFS_CAP_ACLS; 346 case -ENOTSUPP: 347 status = -EOPNOTSUPP; 348 } 349 out: 350 return status; 351 } 352 353 int nfs3_proc_setacl(struct inode *inode, int type, struct posix_acl *acl) 354 { 355 struct posix_acl *alloc = NULL, *dfacl = NULL; 356 int status; 357 358 if (S_ISDIR(inode->i_mode)) { 359 switch(type) { 360 case ACL_TYPE_ACCESS: 361 alloc = dfacl = nfs3_proc_getacl(inode, 362 ACL_TYPE_DEFAULT); 363 if (IS_ERR(alloc)) 364 goto fail; 365 break; 366 367 case ACL_TYPE_DEFAULT: 368 dfacl = acl; 369 alloc = acl = nfs3_proc_getacl(inode, 370 ACL_TYPE_ACCESS); 371 if (IS_ERR(alloc)) 372 goto fail; 373 break; 374 375 default: 376 return -EINVAL; 377 } 378 } else if (type != ACL_TYPE_ACCESS) 379 return -EINVAL; 380 381 if (acl == NULL) { 382 alloc = acl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL); 383 if (IS_ERR(alloc)) 384 goto fail; 385 } 386 status = nfs3_proc_setacls(inode, acl, dfacl); 387 posix_acl_release(alloc); 388 return status; 389 390 fail: 391 return PTR_ERR(alloc); 392 } 393 394 int nfs3_proc_set_default_acl(struct inode *dir, struct inode *inode, 395 mode_t mode) 396 { 397 struct posix_acl *dfacl, *acl; 398 int error = 0; 399 400 dfacl = nfs3_proc_getacl(dir, ACL_TYPE_DEFAULT); 401 if (IS_ERR(dfacl)) { 402 error = PTR_ERR(dfacl); 403 return (error == -EOPNOTSUPP) ? 0 : error; 404 } 405 if (!dfacl) 406 return 0; 407 acl = posix_acl_clone(dfacl, GFP_KERNEL); 408 error = -ENOMEM; 409 if (!acl) 410 goto out_release_dfacl; 411 error = posix_acl_create_masq(acl, &mode); 412 if (error < 0) 413 goto out_release_acl; 414 error = nfs3_proc_setacls(inode, acl, S_ISDIR(inode->i_mode) ? 415 dfacl : NULL); 416 out_release_acl: 417 posix_acl_release(acl); 418 out_release_dfacl: 419 posix_acl_release(dfacl); 420 return error; 421 } 422