[PATCH] NFSD: Add server support for NFSv3 ACLs.

This adds functions for encoding and decoding POSIX ACLs for the NFSACL protocol extension, and the GETACL and SETACL RPCs. The implementation is compatible with NFSACL in Solaris. Signed-off-by: Andreas Gruenbacher <agruen@suse.de> Acked-by: Olaf Kirch <okir@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: Andreas Gruenbacher <agruen@suse.de> 2005-06-22 13:16:26 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2005-06-22 16:07:23 -0400
commit: a257cdd0e2179630d3201c32ba14d7fcb3c3a055 (patch)
tree: accf4139050690a65f3f2600355cbcd1a602663b /fs/nfsd/nfs3acl.c
parent: 9ba02638e4be28dd4ff724202a640264427c62d1 (diff)
1 files changed, 267 insertions, 0 deletions
diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c
new file mode 100644
index 000000000000..64ba40572fea
--- /dev/null
+++ b/fs/nfsd/nfs3acl.c
@@ -0,0 +1,267 @@
+/*
+ * linux/fs/nfsd/nfs3acl.c
+ *
+ * Process version 3 NFSACL requests.
+ *
+ * Copyright (C) 2002-2003 Andreas Gruenbacher <agruen@suse.de>
+ */
+#include <linux/sunrpc/svc.h>
+#include <linux/nfs3.h>
+#include <linux/nfsd/nfsd.h>
+#include <linux/nfsd/cache.h>
+#include <linux/nfsd/xdr3.h>
+#include <linux/posix_acl.h>
+#include <linux/nfsacl.h>
+#define RETURN_STATUS(st)       { resp->status = (st); return (st); }
+/*
+ * NULL call.
+ */
+static int
+nfsd3_proc_null(struct svc_rqst *rqstp, void *argp, void *resp)
+{
+        return nfs_ok;
+}
+/*
+ * Get the Access and/or Default ACL of a file.
+ */
+static int nfsd3_proc_getacl(struct svc_rqst * rqstp,
+                struct nfsd3_getaclargs *argp, struct nfsd3_getaclres *resp)
+{
+        svc_fh *fh;
+        struct posix_acl *acl;
+        int nfserr = 0;
+        fh = fh_copy(&resp->fh, &argp->fh);
+        if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP)))
+                RETURN_STATUS(nfserr_inval);
+        if (argp->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT))
+                RETURN_STATUS(nfserr_inval);
+        resp->mask = argp->mask;
+        if (resp->mask & (NFS_ACL|NFS_ACLCNT)) {
+                acl = nfsd_get_posix_acl(fh, ACL_TYPE_ACCESS);
+                if (IS_ERR(acl)) {
+                        int err = PTR_ERR(acl);
+                        if (err == -ENODATA || err == -EOPNOTSUPP)
+                                acl = NULL;
+                        else {
+                                nfserr = nfserrno(err);
+                                goto fail;
+                        }
+                }
+                if (acl == NULL) {
+                        /* Solaris returns the inode's minimum ACL. */
+                        struct inode *inode = fh->fh_dentry->d_inode;
+                        acl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL);
+                }
+                resp->acl_access = acl;
+        }
+        if (resp->mask & (NFS_DFACL|NFS_DFACLCNT)) {
+                /* Check how Solaris handles requests for the Default ACL
+                   of a non-directory! */
+                acl = nfsd_get_posix_acl(fh, ACL_TYPE_DEFAULT);
+                if (IS_ERR(acl)) {
+                        int err = PTR_ERR(acl);
+                        if (err == -ENODATA || err == -EOPNOTSUPP)
+                                acl = NULL;
+                        else {
+                                nfserr = nfserrno(err);
+                                goto fail;
+                        }
+                }
+                resp->acl_default = acl;
+        }
+        /* resp->acl_{access,default} are released in nfs3svc_release_getacl. */
+        RETURN_STATUS(0);
+fail:
+        posix_acl_release(resp->acl_access);
+        posix_acl_release(resp->acl_default);
+        RETURN_STATUS(nfserr);
+}
+/*
+ * Set the Access and/or Default ACL of a file.
+ */
+static int nfsd3_proc_setacl(struct svc_rqst * rqstp,
+                struct nfsd3_setaclargs *argp,
+                struct nfsd3_attrstat *resp)
+{
+        svc_fh *fh;
+        int nfserr = 0;
+        fh = fh_copy(&resp->fh, &argp->fh);
+        nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP);
+        if (!nfserr) {
+                nfserr = nfserrno( nfsd_set_posix_acl(
+                        fh, ACL_TYPE_ACCESS, argp->acl_access) );
+        }
+        if (!nfserr) {
+                nfserr = nfserrno( nfsd_set_posix_acl(
+                        fh, ACL_TYPE_DEFAULT, argp->acl_default) );
+        }
+        /* argp->acl_{access,default} may have been allocated in
+           nfs3svc_decode_setaclargs. */
+        posix_acl_release(argp->acl_access);
+        posix_acl_release(argp->acl_default);
+        RETURN_STATUS(nfserr);
+}
+/*
+ * XDR decode functions
+ */
+static int nfs3svc_decode_getaclargs(struct svc_rqst *rqstp, u32 *p,
+                struct nfsd3_getaclargs *args)
+{
+        if (!(p = nfs3svc_decode_fh(p, &args->fh)))
+                return 0;
+        args->mask = ntohl(*p); p++;
+        return xdr_argsize_check(rqstp, p);
+}
+static int nfs3svc_decode_setaclargs(struct svc_rqst *rqstp, u32 *p,
+                struct nfsd3_setaclargs *args)
+{
+        struct kvec *head = rqstp->rq_arg.head;
+        unsigned int base;
+        int n;
+        if (!(p = nfs3svc_decode_fh(p, &args->fh)))
+                return 0;
+        args->mask = ntohl(*p++);
+        if (args->mask & ~(NFS_ACL|NFS_ACLCNT|NFS_DFACL|NFS_DFACLCNT) ||
+            !xdr_argsize_check(rqstp, p))
+                return 0;
+        base = (char *)p - (char *)head->iov_base;
+        n = nfsacl_decode(&rqstp->rq_arg, base, NULL,
+                          (args->mask & NFS_ACL) ?
+                          &args->acl_access : NULL);
+        if (n > 0)
+                n = nfsacl_decode(&rqstp->rq_arg, base + n, NULL,
+                                  (args->mask & NFS_DFACL) ?
+                                  &args->acl_default : NULL);
+        return (n > 0);
+}
+/*
+ * XDR encode functions
+ */
+/* GETACL */
+static int nfs3svc_encode_getaclres(struct svc_rqst *rqstp, u32 *p,
+                struct nfsd3_getaclres *resp)
+{
+        struct dentry *dentry = resp->fh.fh_dentry;
+        p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh);
+        if (resp->status == 0 && dentry && dentry->d_inode) {
+                struct inode *inode = dentry->d_inode;
+                int w = nfsacl_size(
+                        (resp->mask & NFS_ACL)   ? resp->acl_access  : NULL,
+                        (resp->mask & NFS_DFACL) ? resp->acl_default : NULL);
+                struct kvec *head = rqstp->rq_res.head;
+                unsigned int base;
+                int n;
+                *p++ = htonl(resp->mask);
+                if (!xdr_ressize_check(rqstp, p))
+                        return 0;
+                base = (char *)p - (char *)head->iov_base;
+                rqstp->rq_res.page_len = w;
+                while (w > 0) {
+                        if (!svc_take_res_page(rqstp))
+                                return 0;
+                        w -= PAGE_SIZE;
+                }
+                n = nfsacl_encode(&rqstp->rq_res, base, inode,
+                                  resp->acl_access,
+                                  resp->mask & NFS_ACL, 0);
+                if (n > 0)
+                        n = nfsacl_encode(&rqstp->rq_res, base + n, inode,
+                                          resp->acl_default,
+                                          resp->mask & NFS_DFACL,
+                                          NFS_ACL_DEFAULT);
+                if (n <= 0)
+                        return 0;
+        } else
+                if (!xdr_ressize_check(rqstp, p))
+                        return 0;
+        return 1;
+}
+/* SETACL */
+static int nfs3svc_encode_setaclres(struct svc_rqst *rqstp, u32 *p,
+                struct nfsd3_attrstat *resp)
+{
+        p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh);
+        return xdr_ressize_check(rqstp, p);
+}
+/*
+ * XDR release functions
+ */
+static int nfs3svc_release_getacl(struct svc_rqst *rqstp, u32 *p,
+                struct nfsd3_getaclres *resp)
+{
+        fh_put(&resp->fh);
+        posix_acl_release(resp->acl_access);
+        posix_acl_release(resp->acl_default);
+        return 1;
+}
+#define nfs3svc_decode_voidargs         NULL
+#define nfs3svc_release_void            NULL
+#define nfsd3_setaclres                 nfsd3_attrstat
+#define nfsd3_voidres                   nfsd3_voidargs
+struct nfsd3_voidargs { int dummy; };
+#define PROC(name, argt, rest, relt, cache, respsize)   \
+ { (svc_procfunc) nfsd3_proc_##name,            \
+   (kxdrproc_t) nfs3svc_decode_##argt##args,    \
+   (kxdrproc_t) nfs3svc_encode_##rest##res,     \
+   (kxdrproc_t) nfs3svc_release_##relt,         \
+   sizeof(struct nfsd3_##argt##args),           \
+   sizeof(struct nfsd3_##rest##res),            \
+   0,                                           \
+   cache,                                       \
+   respsize,                                    \
+ }
+#define ST 1            /* status*/
+#define AT 21           /* attributes */
+#define pAT (1+AT)      /* post attributes - conditional */
+#define ACL (1+NFS_ACL_MAX_ENTRIES*3)  /* Access Control List */
+static struct svc_procedure             nfsd_acl_procedures3[] = {
+  PROC(null,    void,           void,           void,     RC_NOCACHE, ST),
+  PROC(getacl,  getacl,         getacl,         getacl,   RC_NOCACHE, ST+1+2*(1+ACL)),
+  PROC(setacl,  setacl,         setacl,         fhandle,  RC_NOCACHE, ST+pAT),
+};
+struct svc_version      nfsd_acl_version3 = {
+                .vs_vers        = 3,
+                .vs_nproc       = 3,
+                .vs_proc        = nfsd_acl_procedures3,
+                .vs_dispatch    = nfsd_dispatch,
+                .vs_xdrsize     = NFS3_SVC_XDRSIZE,
+};
author	Andreas Gruenbacher <agruen@suse.de>	2005-06-22 13:16:26 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2005-06-22 16:07:23 -0400
commit	a257cdd0e2179630d3201c32ba14d7fcb3c3a055 (patch)
tree	accf4139050690a65f3f2600355cbcd1a602663b /fs/nfsd/nfs3acl.c
parent	9ba02638e4be28dd4ff724202a640264427c62d1 (diff)

diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c new file mode 100644 index 000000000000..64ba40572fea --- /dev/null +++ b/fs/nfsd/nfs3acl.c
@@ -0,0 +1,267 @@
	1	/*
	2	* linux/fs/nfsd/nfs3acl.c
	3	*
	4	* Process version 3 NFSACL requests.
	5	*
	6	* Copyright (C) 2002-2003 Andreas Gruenbacher <agruen@suse.de>
	7	*/
	8
	9	#include <linux/sunrpc/svc.h>
	10	#include <linux/nfs3.h>
	11	#include <linux/nfsd/nfsd.h>
	12	#include <linux/nfsd/cache.h>
	13	#include <linux/nfsd/xdr3.h>
	14	#include <linux/posix_acl.h>
	15	#include <linux/nfsacl.h>
	16
	17	#define RETURN_STATUS(st) { resp->status = (st); return (st); }
	18
	19	/*
	20	* NULL call.
	21	*/
	22	static int
	23	nfsd3_proc_null(struct svc_rqst rqstp, void argp, void *resp)
	24	{
	25	return nfs_ok;
	26	}
	27
	28	/*
	29	* Get the Access and/or Default ACL of a file.
	30	*/
	31	static int nfsd3_proc_getacl(struct svc_rqst * rqstp,
	32	struct nfsd3_getaclargs argp, struct nfsd3_getaclres resp)
	33	{
	34	svc_fh *fh;
	35	struct posix_acl *acl;
	36	int nfserr = 0;
	37
	38	fh = fh_copy(&resp->fh, &argp->fh);
	39	if ((nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP)))
	40	RETURN_STATUS(nfserr_inval);
	41
	42	if (argp->mask & ~(NFS_ACL\|NFS_ACLCNT\|NFS_DFACL\|NFS_DFACLCNT))
	43	RETURN_STATUS(nfserr_inval);
	44	resp->mask = argp->mask;
	45
	46	if (resp->mask & (NFS_ACL\|NFS_ACLCNT)) {
	47	acl = nfsd_get_posix_acl(fh, ACL_TYPE_ACCESS);
	48	if (IS_ERR(acl)) {
	49	int err = PTR_ERR(acl);
	50
	51	if (err == -ENODATA \|\| err == -EOPNOTSUPP)
	52	acl = NULL;
	53	else {
	54	nfserr = nfserrno(err);
	55	goto fail;
	56	}
	57	}
	58	if (acl == NULL) {
	59	/* Solaris returns the inode's minimum ACL. */
	60
	61	struct inode *inode = fh->fh_dentry->d_inode;
	62	acl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL);
	63	}
	64	resp->acl_access = acl;
	65	}
	66	if (resp->mask & (NFS_DFACL\|NFS_DFACLCNT)) {
	67	/* Check how Solaris handles requests for the Default ACL
	68	of a non-directory! */
	69
	70	acl = nfsd_get_posix_acl(fh, ACL_TYPE_DEFAULT);
	71	if (IS_ERR(acl)) {
	72	int err = PTR_ERR(acl);
	73
	74	if (err == -ENODATA \|\| err == -EOPNOTSUPP)
	75	acl = NULL;
	76	else {
	77	nfserr = nfserrno(err);
	78	goto fail;
	79	}
	80	}
	81	resp->acl_default = acl;
	82	}
	83
	84	/* resp->acl_{access,default} are released in nfs3svc_release_getacl. */
	85	RETURN_STATUS(0);
	86
	87	fail:
	88	posix_acl_release(resp->acl_access);
	89	posix_acl_release(resp->acl_default);
	90	RETURN_STATUS(nfserr);
	91	}
	92
	93	/*
	94	* Set the Access and/or Default ACL of a file.
	95	*/
	96	static int nfsd3_proc_setacl(struct svc_rqst * rqstp,
	97	struct nfsd3_setaclargs *argp,
	98	struct nfsd3_attrstat *resp)
	99	{
	100	svc_fh *fh;
	101	int nfserr = 0;
	102
	103	fh = fh_copy(&resp->fh, &argp->fh);
	104	nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP);
	105
	106	if (!nfserr) {
	107	nfserr = nfserrno( nfsd_set_posix_acl(
	108	fh, ACL_TYPE_ACCESS, argp->acl_access) );
	109	}
	110	if (!nfserr) {
	111	nfserr = nfserrno( nfsd_set_posix_acl(
	112	fh, ACL_TYPE_DEFAULT, argp->acl_default) );
	113	}
	114
	115	/* argp->acl_{access,default} may have been allocated in
	116	nfs3svc_decode_setaclargs. */
	117	posix_acl_release(argp->acl_access);
	118	posix_acl_release(argp->acl_default);
	119	RETURN_STATUS(nfserr);
	120	}
	121
	122	/*
	123	* XDR decode functions
	124	*/
	125	static int nfs3svc_decode_getaclargs(struct svc_rqst rqstp, u32 p,
	126	struct nfsd3_getaclargs *args)
	127	{
	128	if (!(p = nfs3svc_decode_fh(p, &args->fh)))
	129	return 0;
	130	args->mask = ntohl(*p); p++;
	131
	132	return xdr_argsize_check(rqstp, p);
	133	}
	134
	135
	136	static int nfs3svc_decode_setaclargs(struct svc_rqst rqstp, u32 p,
	137	struct nfsd3_setaclargs *args)
	138	{
	139	struct kvec *head = rqstp->rq_arg.head;
	140	unsigned int base;
	141	int n;
	142
	143	if (!(p = nfs3svc_decode_fh(p, &args->fh)))
	144	return 0;
	145	args->mask = ntohl(*p++);
	146	if (args->mask & ~(NFS_ACL\|NFS_ACLCNT\|NFS_DFACL\|NFS_DFACLCNT) \|\|
	147	!xdr_argsize_check(rqstp, p))
	148	return 0;
	149
	150	base = (char )p - (char )head->iov_base;
	151	n = nfsacl_decode(&rqstp->rq_arg, base, NULL,
	152	(args->mask & NFS_ACL) ?
	153	&args->acl_access : NULL);
	154	if (n > 0)
	155	n = nfsacl_decode(&rqstp->rq_arg, base + n, NULL,
	156	(args->mask & NFS_DFACL) ?
	157	&args->acl_default : NULL);
	158	return (n > 0);
	159	}
	160
	161	/*
	162	* XDR encode functions
	163	*/
	164
	165	/* GETACL */
	166	static int nfs3svc_encode_getaclres(struct svc_rqst rqstp, u32 p,
	167	struct nfsd3_getaclres *resp)
	168	{
	169	struct dentry *dentry = resp->fh.fh_dentry;
	170
	171	p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh);
	172	if (resp->status == 0 && dentry && dentry->d_inode) {
	173	struct inode *inode = dentry->d_inode;
	174	int w = nfsacl_size(
	175	(resp->mask & NFS_ACL) ? resp->acl_access : NULL,
	176	(resp->mask & NFS_DFACL) ? resp->acl_default : NULL);
	177	struct kvec *head = rqstp->rq_res.head;
	178	unsigned int base;
	179	int n;
	180
	181	*p++ = htonl(resp->mask);
	182	if (!xdr_ressize_check(rqstp, p))
	183	return 0;
	184	base = (char )p - (char )head->iov_base;
	185
	186	rqstp->rq_res.page_len = w;
	187	while (w > 0) {
	188	if (!svc_take_res_page(rqstp))
	189	return 0;
	190	w -= PAGE_SIZE;
	191	}
	192
	193	n = nfsacl_encode(&rqstp->rq_res, base, inode,
	194	resp->acl_access,
	195	resp->mask & NFS_ACL, 0);
	196	if (n > 0)
	197	n = nfsacl_encode(&rqstp->rq_res, base + n, inode,
	198	resp->acl_default,
	199	resp->mask & NFS_DFACL,
	200	NFS_ACL_DEFAULT);
	201	if (n <= 0)
	202	return 0;
	203	} else
	204	if (!xdr_ressize_check(rqstp, p))
	205	return 0;
	206
	207	return 1;
	208	}
	209
	210	/* SETACL */
	211	static int nfs3svc_encode_setaclres(struct svc_rqst rqstp, u32 p,
	212	struct nfsd3_attrstat *resp)
	213	{
	214	p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh);
	215
	216	return xdr_ressize_check(rqstp, p);
	217	}
	218
	219	/*
	220	* XDR release functions
	221	*/
	222	static int nfs3svc_release_getacl(struct svc_rqst rqstp, u32 p,
	223	struct nfsd3_getaclres *resp)
	224	{
	225	fh_put(&resp->fh);
	226	posix_acl_release(resp->acl_access);
	227	posix_acl_release(resp->acl_default);
	228	return 1;
	229	}
	230
	231	#define nfs3svc_decode_voidargs NULL
	232	#define nfs3svc_release_void NULL
	233	#define nfsd3_setaclres nfsd3_attrstat
	234	#define nfsd3_voidres nfsd3_voidargs
	235	struct nfsd3_voidargs { int dummy; };
	236
	237	#define PROC(name, argt, rest, relt, cache, respsize) \
	238	{ (svc_procfunc) nfsd3_proc_##name, \
	239	(kxdrproc_t) nfs3svc_decode_##argt##args, \
	240	(kxdrproc_t) nfs3svc_encode_##rest##res, \
	241	(kxdrproc_t) nfs3svc_release_##relt, \
	242	sizeof(struct nfsd3_##argt##args), \
	243	sizeof(struct nfsd3_##rest##res), \
	244	0, \
	245	cache, \
	246	respsize, \
	247	}
	248
	249	#define ST 1 /* status*/
	250	#define AT 21 /* attributes */
	251	#define pAT (1+AT) /* post attributes - conditional */
	252	#define ACL (1+NFS_ACL_MAX_ENTRIES3) / Access Control List */
	253
	254	static struct svc_procedure nfsd_acl_procedures3[] = {
	255	PROC(null, void, void, void, RC_NOCACHE, ST),
	256	PROC(getacl, getacl, getacl, getacl, RC_NOCACHE, ST+1+2*(1+ACL)),
	257	PROC(setacl, setacl, setacl, fhandle, RC_NOCACHE, ST+pAT),
	258	};
	259
	260	struct svc_version nfsd_acl_version3 = {
	261	.vs_vers = 3,
	262	.vs_nproc = 3,
	263	.vs_proc = nfsd_acl_procedures3,
	264	.vs_dispatch = nfsd_dispatch,
	265	.vs_xdrsize = NFS3_SVC_XDRSIZE,
	266	};
	267