Commit 2401dc29 authored by Christoph Hellwig's avatar Christoph Hellwig Committed by Al Viro

xfs: use generic posix ACL infrastructure

Also don't bother to set up a .get_acl method for symlinks as we do not
support access control (ACLs or even mode bits) for symlinks in Linux,
and create inodes with the proper mode instead of fixing it up later.
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 47f70d08
...@@ -124,16 +124,12 @@ struct posix_acl * ...@@ -124,16 +124,12 @@ struct posix_acl *
xfs_get_acl(struct inode *inode, int type) xfs_get_acl(struct inode *inode, int type)
{ {
struct xfs_inode *ip = XFS_I(inode); struct xfs_inode *ip = XFS_I(inode);
struct posix_acl *acl; struct posix_acl *acl = NULL;
struct xfs_acl *xfs_acl; struct xfs_acl *xfs_acl;
unsigned char *ea_name; unsigned char *ea_name;
int error; int error;
int len; int len;
acl = get_cached_acl(inode, type);
if (acl != ACL_NOT_CACHED)
return acl;
trace_xfs_get_acl(ip); trace_xfs_get_acl(ip);
switch (type) { switch (type) {
...@@ -164,10 +160,8 @@ xfs_get_acl(struct inode *inode, int type) ...@@ -164,10 +160,8 @@ xfs_get_acl(struct inode *inode, int type)
* cache entry, for any other error assume it is transient and * cache entry, for any other error assume it is transient and
* leave the cache entry as ACL_NOT_CACHED. * leave the cache entry as ACL_NOT_CACHED.
*/ */
if (error == -ENOATTR) { if (error == -ENOATTR)
acl = NULL;
goto out_update_cache; goto out_update_cache;
}
goto out; goto out;
} }
...@@ -183,15 +177,12 @@ xfs_get_acl(struct inode *inode, int type) ...@@ -183,15 +177,12 @@ xfs_get_acl(struct inode *inode, int type)
} }
STATIC int STATIC int
xfs_set_acl(struct inode *inode, int type, struct posix_acl *acl) __xfs_set_acl(struct inode *inode, int type, struct posix_acl *acl)
{ {
struct xfs_inode *ip = XFS_I(inode); struct xfs_inode *ip = XFS_I(inode);
unsigned char *ea_name; unsigned char *ea_name;
int error; int error;
if (S_ISLNK(inode->i_mode))
return -EOPNOTSUPP;
switch (type) { switch (type) {
case ACL_TYPE_ACCESS: case ACL_TYPE_ACCESS:
ea_name = SGI_ACL_FILE; ea_name = SGI_ACL_FILE;
...@@ -282,131 +273,23 @@ posix_acl_default_exists(struct inode *inode) ...@@ -282,131 +273,23 @@ posix_acl_default_exists(struct inode *inode)
return xfs_acl_exists(inode, SGI_ACL_DEFAULT); return xfs_acl_exists(inode, SGI_ACL_DEFAULT);
} }
/*
* No need for i_mutex because the inode is not yet exposed to the VFS.
*/
int
xfs_inherit_acl(struct inode *inode, struct posix_acl *acl)
{
umode_t mode = inode->i_mode;
int error = 0, inherit = 0;
if (S_ISDIR(inode->i_mode)) {
error = xfs_set_acl(inode, ACL_TYPE_DEFAULT, acl);
if (error)
goto out;
}
error = __posix_acl_create(&acl, GFP_KERNEL, &mode);
if (error < 0)
return error;
/*
* If __posix_acl_create returns a positive value we need to
* inherit a permission that can't be represented using the Unix
* mode bits and we actually need to set an ACL.
*/
if (error > 0)
inherit = 1;
error = xfs_set_mode(inode, mode);
if (error)
goto out;
if (inherit)
error = xfs_set_acl(inode, ACL_TYPE_ACCESS, acl);
out:
posix_acl_release(acl);
return error;
}
int int
xfs_acl_chmod(struct inode *inode) xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
{ {
struct posix_acl *acl;
int error;
if (S_ISLNK(inode->i_mode))
return -EOPNOTSUPP;
acl = xfs_get_acl(inode, ACL_TYPE_ACCESS);
if (IS_ERR(acl) || !acl)
return PTR_ERR(acl);
error = __posix_acl_chmod(&acl, GFP_KERNEL, inode->i_mode);
if (error)
return error;
error = xfs_set_acl(inode, ACL_TYPE_ACCESS, acl);
posix_acl_release(acl);
return error;
}
static int
xfs_xattr_acl_get(struct dentry *dentry, const char *name,
void *value, size_t size, int type)
{
struct posix_acl *acl;
int error;
acl = xfs_get_acl(dentry->d_inode, type);
if (IS_ERR(acl))
return PTR_ERR(acl);
if (acl == NULL)
return -ENODATA;
error = posix_acl_to_xattr(&init_user_ns, acl, value, size);
posix_acl_release(acl);
return error;
}
static int
xfs_xattr_acl_set(struct dentry *dentry, const char *name,
const void *value, size_t size, int flags, int type)
{
struct inode *inode = dentry->d_inode;
struct posix_acl *acl = NULL;
int error = 0; int error = 0;
if (flags & XATTR_CREATE) if (!acl)
return -EINVAL;
if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
return value ? -EACCES : 0;
if (!inode_owner_or_capable(inode))
return -EPERM;
if (!value)
goto set_acl; goto set_acl;
acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (!acl) {
/*
* acl_set_file(3) may request that we set default ACLs with
* zero length -- defend (gracefully) against that here.
*/
goto out;
}
if (IS_ERR(acl)) {
error = PTR_ERR(acl);
goto out;
}
error = posix_acl_valid(acl);
if (error)
goto out_release;
error = -EINVAL; error = -EINVAL;
if (acl->a_count > XFS_ACL_MAX_ENTRIES(XFS_M(inode->i_sb))) if (acl->a_count > XFS_ACL_MAX_ENTRIES(XFS_M(inode->i_sb)))
goto out_release; return error;
if (type == ACL_TYPE_ACCESS) { if (type == ACL_TYPE_ACCESS) {
umode_t mode = inode->i_mode; umode_t mode = inode->i_mode;
error = posix_acl_equiv_mode(acl, &mode); error = posix_acl_equiv_mode(acl, &mode);
if (error <= 0) { if (error <= 0) {
posix_acl_release(acl);
acl = NULL; acl = NULL;
if (error < 0) if (error < 0)
...@@ -415,27 +298,9 @@ xfs_xattr_acl_set(struct dentry *dentry, const char *name, ...@@ -415,27 +298,9 @@ xfs_xattr_acl_set(struct dentry *dentry, const char *name,
error = xfs_set_mode(inode, mode); error = xfs_set_mode(inode, mode);
if (error) if (error)
goto out_release; return error;
} }
set_acl: set_acl:
error = xfs_set_acl(inode, type, acl); return __xfs_set_acl(inode, type, acl);
out_release:
posix_acl_release(acl);
out:
return error;
} }
const struct xattr_handler xfs_xattr_acl_access_handler = {
.prefix = POSIX_ACL_XATTR_ACCESS,
.flags = ACL_TYPE_ACCESS,
.get = xfs_xattr_acl_get,
.set = xfs_xattr_acl_set,
};
const struct xattr_handler xfs_xattr_acl_default_handler = {
.prefix = POSIX_ACL_XATTR_DEFAULT,
.flags = ACL_TYPE_DEFAULT,
.get = xfs_xattr_acl_get,
.set = xfs_xattr_acl_set,
};
...@@ -60,20 +60,15 @@ struct xfs_acl { ...@@ -60,20 +60,15 @@ struct xfs_acl {
#ifdef CONFIG_XFS_POSIX_ACL #ifdef CONFIG_XFS_POSIX_ACL
extern struct posix_acl *xfs_get_acl(struct inode *inode, int type); extern struct posix_acl *xfs_get_acl(struct inode *inode, int type);
extern int xfs_inherit_acl(struct inode *inode, struct posix_acl *default_acl); extern int xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
extern int xfs_acl_chmod(struct inode *inode);
extern int posix_acl_access_exists(struct inode *inode); extern int posix_acl_access_exists(struct inode *inode);
extern int posix_acl_default_exists(struct inode *inode); extern int posix_acl_default_exists(struct inode *inode);
extern const struct xattr_handler xfs_xattr_acl_access_handler;
extern const struct xattr_handler xfs_xattr_acl_default_handler;
#else #else
static inline struct posix_acl *xfs_get_acl(struct inode *inode, int type) static inline struct posix_acl *xfs_get_acl(struct inode *inode, int type)
{ {
return NULL; return NULL;
} }
# define xfs_inherit_acl(inode, default_acl) 0 # define xfs_set_acl NULL
# define xfs_acl_chmod(inode) 0
# define posix_acl_access_exists(inode) 0 # define posix_acl_access_exists(inode) 0
# define posix_acl_default_exists(inode) 0 # define posix_acl_default_exists(inode) 0
#endif /* CONFIG_XFS_POSIX_ACL */ #endif /* CONFIG_XFS_POSIX_ACL */
......
...@@ -123,7 +123,7 @@ xfs_vn_mknod( ...@@ -123,7 +123,7 @@ xfs_vn_mknod(
{ {
struct inode *inode; struct inode *inode;
struct xfs_inode *ip = NULL; struct xfs_inode *ip = NULL;
struct posix_acl *default_acl = NULL; struct posix_acl *default_acl, *acl;
struct xfs_name name; struct xfs_name name;
int error; int error;
...@@ -139,14 +139,9 @@ xfs_vn_mknod( ...@@ -139,14 +139,9 @@ xfs_vn_mknod(
rdev = 0; rdev = 0;
} }
if (IS_POSIXACL(dir)) { error = posix_acl_create(dir, &mode, &default_acl, &acl);
default_acl = xfs_get_acl(dir, ACL_TYPE_DEFAULT); if (error)
if (IS_ERR(default_acl)) return error;
return PTR_ERR(default_acl);
if (!default_acl)
mode &= ~current_umask();
}
xfs_dentry_to_name(&name, dentry, mode); xfs_dentry_to_name(&name, dentry, mode);
error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip); error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip);
...@@ -159,22 +154,30 @@ xfs_vn_mknod( ...@@ -159,22 +154,30 @@ xfs_vn_mknod(
if (unlikely(error)) if (unlikely(error))
goto out_cleanup_inode; goto out_cleanup_inode;
#ifdef CONFIG_XFS_POSIX_ACL
if (default_acl) { if (default_acl) {
error = -xfs_inherit_acl(inode, default_acl); error = xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
default_acl = NULL; if (error)
if (unlikely(error))
goto out_cleanup_inode; goto out_cleanup_inode;
} }
if (acl) {
error = xfs_set_acl(inode, acl, ACL_TYPE_ACCESS);
if (error)
goto out_cleanup_inode;
}
#endif
d_instantiate(dentry, inode); d_instantiate(dentry, inode);
out_free_acl:
if (default_acl)
posix_acl_release(default_acl);
if (acl)
posix_acl_release(acl);
return -error; return -error;
out_cleanup_inode: out_cleanup_inode:
xfs_cleanup_inode(dir, inode, dentry); xfs_cleanup_inode(dir, inode, dentry);
out_free_acl: goto out_free_acl;
posix_acl_release(default_acl);
return -error;
} }
STATIC int STATIC int
...@@ -672,7 +675,7 @@ xfs_setattr_nonsize( ...@@ -672,7 +675,7 @@ xfs_setattr_nonsize(
* Posix ACL code seems to care about this issue either. * Posix ACL code seems to care about this issue either.
*/ */
if ((mask & ATTR_MODE) && !(flags & XFS_ATTR_NOACL)) { if ((mask & ATTR_MODE) && !(flags & XFS_ATTR_NOACL)) {
error = -xfs_acl_chmod(inode); error = -posix_acl_chmod(inode, inode->i_mode);
if (error) if (error)
return XFS_ERROR(error); return XFS_ERROR(error);
} }
...@@ -1041,6 +1044,7 @@ xfs_vn_fiemap( ...@@ -1041,6 +1044,7 @@ xfs_vn_fiemap(
static const struct inode_operations xfs_inode_operations = { static const struct inode_operations xfs_inode_operations = {
.get_acl = xfs_get_acl, .get_acl = xfs_get_acl,
.set_acl = xfs_set_acl,
.getattr = xfs_vn_getattr, .getattr = xfs_vn_getattr,
.setattr = xfs_vn_setattr, .setattr = xfs_vn_setattr,
.setxattr = generic_setxattr, .setxattr = generic_setxattr,
...@@ -1068,6 +1072,7 @@ static const struct inode_operations xfs_dir_inode_operations = { ...@@ -1068,6 +1072,7 @@ static const struct inode_operations xfs_dir_inode_operations = {
.mknod = xfs_vn_mknod, .mknod = xfs_vn_mknod,
.rename = xfs_vn_rename, .rename = xfs_vn_rename,
.get_acl = xfs_get_acl, .get_acl = xfs_get_acl,
.set_acl = xfs_set_acl,
.getattr = xfs_vn_getattr, .getattr = xfs_vn_getattr,
.setattr = xfs_vn_setattr, .setattr = xfs_vn_setattr,
.setxattr = generic_setxattr, .setxattr = generic_setxattr,
...@@ -1094,6 +1099,7 @@ static const struct inode_operations xfs_dir_ci_inode_operations = { ...@@ -1094,6 +1099,7 @@ static const struct inode_operations xfs_dir_ci_inode_operations = {
.mknod = xfs_vn_mknod, .mknod = xfs_vn_mknod,
.rename = xfs_vn_rename, .rename = xfs_vn_rename,
.get_acl = xfs_get_acl, .get_acl = xfs_get_acl,
.set_acl = xfs_set_acl,
.getattr = xfs_vn_getattr, .getattr = xfs_vn_getattr,
.setattr = xfs_vn_setattr, .setattr = xfs_vn_setattr,
.setxattr = generic_setxattr, .setxattr = generic_setxattr,
...@@ -1107,7 +1113,6 @@ static const struct inode_operations xfs_symlink_inode_operations = { ...@@ -1107,7 +1113,6 @@ static const struct inode_operations xfs_symlink_inode_operations = {
.readlink = generic_readlink, .readlink = generic_readlink,
.follow_link = xfs_vn_follow_link, .follow_link = xfs_vn_follow_link,
.put_link = kfree_put_link, .put_link = kfree_put_link,
.get_acl = xfs_get_acl,
.getattr = xfs_vn_getattr, .getattr = xfs_vn_getattr,
.setattr = xfs_vn_setattr, .setattr = xfs_vn_setattr,
.setxattr = generic_setxattr, .setxattr = generic_setxattr,
......
...@@ -30,7 +30,7 @@ extern void xfs_setup_inode(struct xfs_inode *); ...@@ -30,7 +30,7 @@ extern void xfs_setup_inode(struct xfs_inode *);
/* /*
* Internal setattr interfaces. * Internal setattr interfaces.
*/ */
#define XFS_ATTR_NOACL 0x01 /* Don't call xfs_acl_chmod */ #define XFS_ATTR_NOACL 0x01 /* Don't call posix_acl_chmod */
extern int xfs_setattr_nonsize(struct xfs_inode *ip, struct iattr *vap, extern int xfs_setattr_nonsize(struct xfs_inode *ip, struct iattr *vap,
int flags); int flags);
......
...@@ -102,8 +102,8 @@ const struct xattr_handler *xfs_xattr_handlers[] = { ...@@ -102,8 +102,8 @@ const struct xattr_handler *xfs_xattr_handlers[] = {
&xfs_xattr_trusted_handler, &xfs_xattr_trusted_handler,
&xfs_xattr_security_handler, &xfs_xattr_security_handler,
#ifdef CONFIG_XFS_POSIX_ACL #ifdef CONFIG_XFS_POSIX_ACL
&xfs_xattr_acl_access_handler, &posix_acl_access_xattr_handler,
&xfs_xattr_acl_default_handler, &posix_acl_default_xattr_handler,
#endif #endif
NULL NULL
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment