Commit 055ffbea authored by Andreas Gruenbacher's avatar Andreas Gruenbacher Committed by Trond Myklebust
Browse files

[PATCH] NFS: Fix handling of the umask when an NFSv3 default acl is present. 



 NFSv3 has no concept of a umask on the server side: The client applies
 the umask locally, and sends the effective permissions to the server.
 This behavior is wrong when files are created in a directory that has a
 default ACL.  In this case, the umask is supposed to be ignored, and
 only the default ACL determines the file's effective permissions.

 Usually its the server's task to conditionally apply the umask.  But
 since the server knows nothing about the umask, we have to do it on the
 client side.  This patch tries to fetch the parent directory's default
 ACL before creating a new file, computes the appropriate create mode to
 send to the server, and finally sets the new file's access and default
 acl appropriately.

 Many thanks to Buck Huppmann <buchk@pobox.com> for sending the initial
 version of this patch, as well as for arguing why we need this change.

 Signed-off-by: default avatarAndreas Gruenbacher <agruen@suse.de>
 Acked-by: default avatarOlaf Kirch <okir@suse.de>
 Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
 Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent b7fa0554

fs/nfs/inode.c

+5 −0
Original line number Diff line number Diff line
@@ -490,6 +490,11 @@ nfs_fill_super(struct super_block *sb, struct nfs_mount_data *data, int silent) 
#else

		server->flags &= ~NFS_MOUNT_NOACL;

#endif /* CONFIG_NFS_V3_ACL */

		/*

		 * The VFS shouldn't apply the umask to mode bits. We will

		 * do so ourselves when necessary.

		 */

		sb->s_flags |= MS_POSIXACL;

		if (server->namelen == 0 || server->namelen > NFS3_MAXNAMLEN)

			server->namelen = NFS3_MAXNAMLEN;

		sb->s_time_gran = 1;

fs/nfs/nfs3acl.c

+29 −0
Original line number Diff line number Diff line
@@ -301,3 +301,32 @@ int nfs3_proc_setacl(struct inode *inode, int type, struct posix_acl *acl) 
fail:

	return PTR_ERR(alloc);

}



int nfs3_proc_set_default_acl(struct inode *dir, struct inode *inode,

		mode_t mode)

{

	struct posix_acl *dfacl, *acl;

	int error = 0;



	dfacl = nfs3_proc_getacl(dir, ACL_TYPE_DEFAULT);

	if (IS_ERR(dfacl)) {

		error = PTR_ERR(dfacl);

		return (error == -EOPNOTSUPP) ? 0 : error;

	}

	if (!dfacl)

		return 0;

	acl = posix_acl_clone(dfacl, GFP_KERNEL);

	error = -ENOMEM;

	if (!acl)

		goto out_release_dfacl;

	error = posix_acl_create_masq(acl, &mode);

	if (error < 0)

		goto out_release_acl;

	error = nfs3_proc_setacls(inode, acl, S_ISDIR(inode->i_mode) ?

						      dfacl : NULL);

out_release_acl:

	posix_acl_release(acl);

out_release_dfacl:

	posix_acl_release(dfacl);

	return error;

}

fs/nfs/nfs3proc.c

+30 −6
Original line number Diff line number Diff line
@@ -314,6 +314,7 @@ nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr, 
		.fh		= &fhandle,

		.fattr		= &fattr

	};

	mode_t mode = sattr->ia_mode;

	int status;



	dprintk("NFS call  create %s\n", dentry->d_name.name);
@@ -324,6 +325,8 @@ nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr, 
		arg.verifier[1] = current->pid;

	}



	sattr->ia_mode &= ~current->fs->umask;



again:

	dir_attr.valid = 0;

	fattr.valid = 0;
@@ -370,6 +373,9 @@ again: 
		nfs_refresh_inode(dentry->d_inode, &fattr);

		dprintk("NFS reply setattr (post-create): %d\n", status);

	}

	if (status != 0)

		goto out;

	status = nfs3_proc_set_default_acl(dir, dentry->d_inode, mode);

out:

	dprintk("NFS reply create: %d\n", status);

	return status;
@@ -539,15 +545,24 @@ nfs3_proc_mkdir(struct inode *dir, struct dentry *dentry, struct iattr *sattr) 
		.fh		= &fhandle,

		.fattr		= &fattr

	};

	int mode = sattr->ia_mode;

	int status;



	dprintk("NFS call  mkdir %s\n", dentry->d_name.name);

	dir_attr.valid = 0;

	fattr.valid = 0;



	sattr->ia_mode &= ~current->fs->umask;



	status = rpc_call(NFS_CLIENT(dir), NFS3PROC_MKDIR, &arg, &res, 0);

	nfs_refresh_inode(dir, &dir_attr);

	if (status == 0)

	if (status != 0)

		goto out;

	status = nfs_instantiate(dentry, &fhandle, &fattr);

	if (status != 0)

		goto out;

	status = nfs3_proc_set_default_acl(dir, dentry->d_inode, mode);

out:

	dprintk("NFS reply mkdir: %d\n", status);

	return status;

}
@@ -642,6 +657,7 @@ nfs3_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr, 
		.fh		= &fh,

		.fattr		= &fattr

	};

	mode_t mode = sattr->ia_mode;

	int status;



	switch (sattr->ia_mode & S_IFMT) {
@@ -654,12 +670,20 @@ nfs3_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr, 


	dprintk("NFS call  mknod %s %u:%u\n", dentry->d_name.name,

			MAJOR(rdev), MINOR(rdev));



	sattr->ia_mode &= ~current->fs->umask;



	dir_attr.valid = 0;

	fattr.valid = 0;

	status = rpc_call(NFS_CLIENT(dir), NFS3PROC_MKNOD, &arg, &res, 0);

	nfs_refresh_inode(dir, &dir_attr);

	if (status == 0)

	if (status != 0)

		goto out;

	status = nfs_instantiate(dentry, &fh, &fattr);

	if (status != 0)

		goto out;

	status = nfs3_proc_set_default_acl(dir, dentry->d_inode, mode);

out:

	dprintk("NFS reply mknod: %d\n", status);

	return status;

}

include/linux/nfs_fs.h

+9 −0
Original line number Diff line number Diff line
@@ -478,6 +478,15 @@ extern void nfs_readdata_release(struct rpc_task *task); 
extern struct posix_acl *nfs3_proc_getacl(struct inode *inode, int type);

extern int nfs3_proc_setacl(struct inode *inode, int type,

			    struct posix_acl *acl);

extern int nfs3_proc_set_default_acl(struct inode *dir, struct inode *inode,

		mode_t mode);

#else

static inline int nfs3_proc_set_default_acl(struct inode *dir,

					    struct inode *inode,

					    mode_t mode)

{

	return 0;

}

#endif /* CONFIG_NFS_V3_ACL */



/*

CRA Git | Maintained and supported by SUSTech CRA and CCSE