[PATCH] NFS: Fix handling of the umask when an NFSv3 default acl is present.
NFSv3 has no concept of a umask on the server side: The client applies the umask locally, and sends the effective permissions to the server. This behavior is wrong when files are created in a directory that has a default ACL. In this case, the umask is supposed to be ignored, and only the default ACL determines the file's effective permissions. Usually its the server's task to conditionally apply the umask. But since the server knows nothing about the umask, we have to do it on the client side. This patch tries to fetch the parent directory's default ACL before creating a new file, computes the appropriate create mode to send to the server, and finally sets the new file's access and default acl appropriately. Many thanks to Buck Huppmann <buchk@pobox.com> for sending the initial version of this patch, as well as for arguing why we need this change. Signed-off-by: Andreas Gruenbacher <agruen@suse.de> Acked-by: Olaf Kirch <okir@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
Родитель
b7fa0554cf
Коммит
055ffbea05
|
@ -490,6 +490,11 @@ nfs_fill_super(struct super_block *sb, struct nfs_mount_data *data, int silent)
|
|||
#else
|
||||
server->flags &= ~NFS_MOUNT_NOACL;
|
||||
#endif /* CONFIG_NFS_V3_ACL */
|
||||
/*
|
||||
* The VFS shouldn't apply the umask to mode bits. We will
|
||||
* do so ourselves when necessary.
|
||||
*/
|
||||
sb->s_flags |= MS_POSIXACL;
|
||||
if (server->namelen == 0 || server->namelen > NFS3_MAXNAMLEN)
|
||||
server->namelen = NFS3_MAXNAMLEN;
|
||||
sb->s_time_gran = 1;
|
||||
|
|
|
@ -301,3 +301,32 @@ int nfs3_proc_setacl(struct inode *inode, int type, struct posix_acl *acl)
|
|||
fail:
|
||||
return PTR_ERR(alloc);
|
||||
}
|
||||
|
||||
int nfs3_proc_set_default_acl(struct inode *dir, struct inode *inode,
|
||||
mode_t mode)
|
||||
{
|
||||
struct posix_acl *dfacl, *acl;
|
||||
int error = 0;
|
||||
|
||||
dfacl = nfs3_proc_getacl(dir, ACL_TYPE_DEFAULT);
|
||||
if (IS_ERR(dfacl)) {
|
||||
error = PTR_ERR(dfacl);
|
||||
return (error == -EOPNOTSUPP) ? 0 : error;
|
||||
}
|
||||
if (!dfacl)
|
||||
return 0;
|
||||
acl = posix_acl_clone(dfacl, GFP_KERNEL);
|
||||
error = -ENOMEM;
|
||||
if (!acl)
|
||||
goto out_release_dfacl;
|
||||
error = posix_acl_create_masq(acl, &mode);
|
||||
if (error < 0)
|
||||
goto out_release_acl;
|
||||
error = nfs3_proc_setacls(inode, acl, S_ISDIR(inode->i_mode) ?
|
||||
dfacl : NULL);
|
||||
out_release_acl:
|
||||
posix_acl_release(acl);
|
||||
out_release_dfacl:
|
||||
posix_acl_release(dfacl);
|
||||
return error;
|
||||
}
|
||||
|
|
|
@ -314,7 +314,8 @@ nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
|
|||
.fh = &fhandle,
|
||||
.fattr = &fattr
|
||||
};
|
||||
int status;
|
||||
mode_t mode = sattr->ia_mode;
|
||||
int status;
|
||||
|
||||
dprintk("NFS call create %s\n", dentry->d_name.name);
|
||||
arg.createmode = NFS3_CREATE_UNCHECKED;
|
||||
|
@ -324,6 +325,8 @@ nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
|
|||
arg.verifier[1] = current->pid;
|
||||
}
|
||||
|
||||
sattr->ia_mode &= ~current->fs->umask;
|
||||
|
||||
again:
|
||||
dir_attr.valid = 0;
|
||||
fattr.valid = 0;
|
||||
|
@ -370,6 +373,9 @@ again:
|
|||
nfs_refresh_inode(dentry->d_inode, &fattr);
|
||||
dprintk("NFS reply setattr (post-create): %d\n", status);
|
||||
}
|
||||
if (status != 0)
|
||||
goto out;
|
||||
status = nfs3_proc_set_default_acl(dir, dentry->d_inode, mode);
|
||||
out:
|
||||
dprintk("NFS reply create: %d\n", status);
|
||||
return status;
|
||||
|
@ -539,15 +545,24 @@ nfs3_proc_mkdir(struct inode *dir, struct dentry *dentry, struct iattr *sattr)
|
|||
.fh = &fhandle,
|
||||
.fattr = &fattr
|
||||
};
|
||||
int status;
|
||||
int mode = sattr->ia_mode;
|
||||
int status;
|
||||
|
||||
dprintk("NFS call mkdir %s\n", dentry->d_name.name);
|
||||
dir_attr.valid = 0;
|
||||
fattr.valid = 0;
|
||||
|
||||
sattr->ia_mode &= ~current->fs->umask;
|
||||
|
||||
status = rpc_call(NFS_CLIENT(dir), NFS3PROC_MKDIR, &arg, &res, 0);
|
||||
nfs_refresh_inode(dir, &dir_attr);
|
||||
if (status == 0)
|
||||
status = nfs_instantiate(dentry, &fhandle, &fattr);
|
||||
if (status != 0)
|
||||
goto out;
|
||||
status = nfs_instantiate(dentry, &fhandle, &fattr);
|
||||
if (status != 0)
|
||||
goto out;
|
||||
status = nfs3_proc_set_default_acl(dir, dentry->d_inode, mode);
|
||||
out:
|
||||
dprintk("NFS reply mkdir: %d\n", status);
|
||||
return status;
|
||||
}
|
||||
|
@ -642,6 +657,7 @@ nfs3_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
|
|||
.fh = &fh,
|
||||
.fattr = &fattr
|
||||
};
|
||||
mode_t mode = sattr->ia_mode;
|
||||
int status;
|
||||
|
||||
switch (sattr->ia_mode & S_IFMT) {
|
||||
|
@ -654,12 +670,20 @@ nfs3_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
|
|||
|
||||
dprintk("NFS call mknod %s %u:%u\n", dentry->d_name.name,
|
||||
MAJOR(rdev), MINOR(rdev));
|
||||
|
||||
sattr->ia_mode &= ~current->fs->umask;
|
||||
|
||||
dir_attr.valid = 0;
|
||||
fattr.valid = 0;
|
||||
status = rpc_call(NFS_CLIENT(dir), NFS3PROC_MKNOD, &arg, &res, 0);
|
||||
nfs_refresh_inode(dir, &dir_attr);
|
||||
if (status == 0)
|
||||
status = nfs_instantiate(dentry, &fh, &fattr);
|
||||
if (status != 0)
|
||||
goto out;
|
||||
status = nfs_instantiate(dentry, &fh, &fattr);
|
||||
if (status != 0)
|
||||
goto out;
|
||||
status = nfs3_proc_set_default_acl(dir, dentry->d_inode, mode);
|
||||
out:
|
||||
dprintk("NFS reply mknod: %d\n", status);
|
||||
return status;
|
||||
}
|
||||
|
|
|
@ -478,6 +478,15 @@ extern void nfs_readdata_release(struct rpc_task *task);
|
|||
extern struct posix_acl *nfs3_proc_getacl(struct inode *inode, int type);
|
||||
extern int nfs3_proc_setacl(struct inode *inode, int type,
|
||||
struct posix_acl *acl);
|
||||
extern int nfs3_proc_set_default_acl(struct inode *dir, struct inode *inode,
|
||||
mode_t mode);
|
||||
#else
|
||||
static inline int nfs3_proc_set_default_acl(struct inode *dir,
|
||||
struct inode *inode,
|
||||
mode_t mode)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
#endif /* CONFIG_NFS_V3_ACL */
|
||||
|
||||
/*
|
||||
|
|
Загрузка…
Ссылка в новой задаче