162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * (C) 2001 Clemson University and The University of Chicago 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * See COPYING in top-level directory. 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#include "protocol.h" 962306a36Sopenharmony_ci#include "orangefs-kernel.h" 1062306a36Sopenharmony_ci#include "orangefs-bufmap.h" 1162306a36Sopenharmony_ci#include <linux/posix_acl_xattr.h> 1262306a36Sopenharmony_ci 1362306a36Sopenharmony_cistruct posix_acl *orangefs_get_acl(struct inode *inode, int type, bool rcu) 1462306a36Sopenharmony_ci{ 1562306a36Sopenharmony_ci struct posix_acl *acl; 1662306a36Sopenharmony_ci int ret; 1762306a36Sopenharmony_ci char *key = NULL, *value = NULL; 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_ci if (rcu) 2062306a36Sopenharmony_ci return ERR_PTR(-ECHILD); 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ci switch (type) { 2362306a36Sopenharmony_ci case ACL_TYPE_ACCESS: 2462306a36Sopenharmony_ci key = XATTR_NAME_POSIX_ACL_ACCESS; 2562306a36Sopenharmony_ci break; 2662306a36Sopenharmony_ci case ACL_TYPE_DEFAULT: 2762306a36Sopenharmony_ci key = XATTR_NAME_POSIX_ACL_DEFAULT; 2862306a36Sopenharmony_ci break; 2962306a36Sopenharmony_ci default: 3062306a36Sopenharmony_ci gossip_err("orangefs_get_acl: bogus value of type %d\n", type); 3162306a36Sopenharmony_ci return ERR_PTR(-EINVAL); 3262306a36Sopenharmony_ci } 3362306a36Sopenharmony_ci /* 3462306a36Sopenharmony_ci * Rather than incurring a network call just to determine the exact 3562306a36Sopenharmony_ci * length of the attribute, I just allocate a max length to save on 3662306a36Sopenharmony_ci * the network call. Conceivably, we could pass NULL to 3762306a36Sopenharmony_ci * orangefs_inode_getxattr() to probe the length of the value, but 3862306a36Sopenharmony_ci * I don't do that for now. 3962306a36Sopenharmony_ci */ 4062306a36Sopenharmony_ci value = kmalloc(ORANGEFS_MAX_XATTR_VALUELEN, GFP_KERNEL); 4162306a36Sopenharmony_ci if (!value) 4262306a36Sopenharmony_ci return ERR_PTR(-ENOMEM); 4362306a36Sopenharmony_ci 4462306a36Sopenharmony_ci gossip_debug(GOSSIP_ACL_DEBUG, 4562306a36Sopenharmony_ci "inode %pU, key %s, type %d\n", 4662306a36Sopenharmony_ci get_khandle_from_ino(inode), 4762306a36Sopenharmony_ci key, 4862306a36Sopenharmony_ci type); 4962306a36Sopenharmony_ci ret = orangefs_inode_getxattr(inode, key, value, 5062306a36Sopenharmony_ci ORANGEFS_MAX_XATTR_VALUELEN); 5162306a36Sopenharmony_ci /* if the key exists, convert it to an in-memory rep */ 5262306a36Sopenharmony_ci if (ret > 0) { 5362306a36Sopenharmony_ci acl = posix_acl_from_xattr(&init_user_ns, value, ret); 5462306a36Sopenharmony_ci } else if (ret == -ENODATA || ret == -ENOSYS) { 5562306a36Sopenharmony_ci acl = NULL; 5662306a36Sopenharmony_ci } else { 5762306a36Sopenharmony_ci gossip_err("inode %pU retrieving acl's failed with error %d\n", 5862306a36Sopenharmony_ci get_khandle_from_ino(inode), 5962306a36Sopenharmony_ci ret); 6062306a36Sopenharmony_ci acl = ERR_PTR(ret); 6162306a36Sopenharmony_ci } 6262306a36Sopenharmony_ci /* kfree(NULL) is safe, so don't worry if value ever got used */ 6362306a36Sopenharmony_ci kfree(value); 6462306a36Sopenharmony_ci return acl; 6562306a36Sopenharmony_ci} 6662306a36Sopenharmony_ci 6762306a36Sopenharmony_ciint __orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type) 6862306a36Sopenharmony_ci{ 6962306a36Sopenharmony_ci int error = 0; 7062306a36Sopenharmony_ci void *value = NULL; 7162306a36Sopenharmony_ci size_t size = 0; 7262306a36Sopenharmony_ci const char *name = NULL; 7362306a36Sopenharmony_ci 7462306a36Sopenharmony_ci switch (type) { 7562306a36Sopenharmony_ci case ACL_TYPE_ACCESS: 7662306a36Sopenharmony_ci name = XATTR_NAME_POSIX_ACL_ACCESS; 7762306a36Sopenharmony_ci break; 7862306a36Sopenharmony_ci case ACL_TYPE_DEFAULT: 7962306a36Sopenharmony_ci name = XATTR_NAME_POSIX_ACL_DEFAULT; 8062306a36Sopenharmony_ci break; 8162306a36Sopenharmony_ci default: 8262306a36Sopenharmony_ci gossip_err("%s: invalid type %d!\n", __func__, type); 8362306a36Sopenharmony_ci return -EINVAL; 8462306a36Sopenharmony_ci } 8562306a36Sopenharmony_ci 8662306a36Sopenharmony_ci gossip_debug(GOSSIP_ACL_DEBUG, 8762306a36Sopenharmony_ci "%s: inode %pU, key %s type %d\n", 8862306a36Sopenharmony_ci __func__, get_khandle_from_ino(inode), 8962306a36Sopenharmony_ci name, 9062306a36Sopenharmony_ci type); 9162306a36Sopenharmony_ci 9262306a36Sopenharmony_ci if (acl) { 9362306a36Sopenharmony_ci size = posix_acl_xattr_size(acl->a_count); 9462306a36Sopenharmony_ci value = kmalloc(size, GFP_KERNEL); 9562306a36Sopenharmony_ci if (!value) 9662306a36Sopenharmony_ci return -ENOMEM; 9762306a36Sopenharmony_ci 9862306a36Sopenharmony_ci error = posix_acl_to_xattr(&init_user_ns, acl, value, size); 9962306a36Sopenharmony_ci if (error < 0) 10062306a36Sopenharmony_ci goto out; 10162306a36Sopenharmony_ci } 10262306a36Sopenharmony_ci 10362306a36Sopenharmony_ci gossip_debug(GOSSIP_ACL_DEBUG, 10462306a36Sopenharmony_ci "%s: name %s, value %p, size %zd, acl %p\n", 10562306a36Sopenharmony_ci __func__, name, value, size, acl); 10662306a36Sopenharmony_ci /* 10762306a36Sopenharmony_ci * Go ahead and set the extended attribute now. NOTE: Suppose acl 10862306a36Sopenharmony_ci * was NULL, then value will be NULL and size will be 0 and that 10962306a36Sopenharmony_ci * will xlate to a removexattr. However, we don't want removexattr 11062306a36Sopenharmony_ci * complain if attributes does not exist. 11162306a36Sopenharmony_ci */ 11262306a36Sopenharmony_ci error = orangefs_inode_setxattr(inode, name, value, size, 0); 11362306a36Sopenharmony_ci 11462306a36Sopenharmony_ciout: 11562306a36Sopenharmony_ci kfree(value); 11662306a36Sopenharmony_ci if (!error) 11762306a36Sopenharmony_ci set_cached_acl(inode, type, acl); 11862306a36Sopenharmony_ci return error; 11962306a36Sopenharmony_ci} 12062306a36Sopenharmony_ci 12162306a36Sopenharmony_ciint orangefs_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, 12262306a36Sopenharmony_ci struct posix_acl *acl, int type) 12362306a36Sopenharmony_ci{ 12462306a36Sopenharmony_ci int error; 12562306a36Sopenharmony_ci struct iattr iattr; 12662306a36Sopenharmony_ci int rc; 12762306a36Sopenharmony_ci struct inode *inode = d_inode(dentry); 12862306a36Sopenharmony_ci 12962306a36Sopenharmony_ci memset(&iattr, 0, sizeof iattr); 13062306a36Sopenharmony_ci 13162306a36Sopenharmony_ci if (type == ACL_TYPE_ACCESS && acl) { 13262306a36Sopenharmony_ci /* 13362306a36Sopenharmony_ci * posix_acl_update_mode checks to see if the permissions 13462306a36Sopenharmony_ci * described by the ACL can be encoded into the 13562306a36Sopenharmony_ci * object's mode. If so, it sets "acl" to NULL 13662306a36Sopenharmony_ci * and "mode" to the new desired value. It is up to 13762306a36Sopenharmony_ci * us to propagate the new mode back to the server... 13862306a36Sopenharmony_ci */ 13962306a36Sopenharmony_ci error = posix_acl_update_mode(&nop_mnt_idmap, inode, 14062306a36Sopenharmony_ci &iattr.ia_mode, &acl); 14162306a36Sopenharmony_ci if (error) { 14262306a36Sopenharmony_ci gossip_err("%s: posix_acl_update_mode err: %d\n", 14362306a36Sopenharmony_ci __func__, 14462306a36Sopenharmony_ci error); 14562306a36Sopenharmony_ci return error; 14662306a36Sopenharmony_ci } 14762306a36Sopenharmony_ci 14862306a36Sopenharmony_ci if (inode->i_mode != iattr.ia_mode) 14962306a36Sopenharmony_ci iattr.ia_valid = ATTR_MODE; 15062306a36Sopenharmony_ci 15162306a36Sopenharmony_ci } 15262306a36Sopenharmony_ci 15362306a36Sopenharmony_ci rc = __orangefs_set_acl(inode, acl, type); 15462306a36Sopenharmony_ci 15562306a36Sopenharmony_ci if (!rc && (iattr.ia_valid == ATTR_MODE)) 15662306a36Sopenharmony_ci rc = __orangefs_setattr_mode(dentry, &iattr); 15762306a36Sopenharmony_ci 15862306a36Sopenharmony_ci return rc; 15962306a36Sopenharmony_ci} 160