[PATCH] NFS: Fix handling of the umask when an NFSv3 default acl is present.

 NFSv3 has no concept of a umask on the server side: The client applies
 the umask locally, and sends the effective permissions to the server.
 This behavior is wrong when files are created in a directory that has a
 default ACL.  In this case, the umask is supposed to be ignored, and
 only the default ACL determines the file's effective permissions.

 Usually its the server's task to conditionally apply the umask.  But
 since the server knows nothing about the umask, we have to do it on the
 client side.  This patch tries to fetch the parent directory's default
 ACL before creating a new file, computes the appropriate create mode to
 send to the server, and finally sets the new file's access and default
 acl appropriately.

 Many thanks to Buck Huppmann <buchk@pobox.com> for sending the initial
 version of this patch, as well as for arguing why we need this change.

 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
 Acked-by: Olaf Kirch <okir@suse.de>
 Signed-off-by: Andrew Morton <akpm@osdl.org>
 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index 440b9cbb6f8116e006b0657b1791e9765fd5f5fc..50a03f1504a18d4ce7d0165478b665f1611077cb 100644 (file)
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -490,6 +490,11 @@ nfs_fill_super(struct super_block *sb, struct nfs_mount_data *data, int silent)
 #else
                server->flags &= ~NFS_MOUNT_NOACL;
 #endif /* CONFIG_NFS_V3_ACL */
+               /*
+                * The VFS shouldn't apply the umask to mode bits. We will
+                * do so ourselves when necessary.
+                */
+               sb->s_flags |= MS_POSIXACL;
                if (server->namelen == 0 || server->namelen > NFS3_MAXNAMLEN)
                        server->namelen = NFS3_MAXNAMLEN;
                sb->s_time_gran = 1;

diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c
index 393ba79fc14fbe718fc5a2892b134f82d9a8993b..89b6468700e770215cb063843b6a983bbfece208 100644 (file)
--- a/fs/nfs/nfs3acl.c
+++ b/fs/nfs/nfs3acl.c
@@ -301,3 +301,32 @@ int nfs3_proc_setacl(struct inode *inode, int type, struct posix_acl *acl)
 fail:
        return PTR_ERR(alloc);
 }
+
+int nfs3_proc_set_default_acl(struct inode *dir, struct inode *inode,
+               mode_t mode)
+{
+       struct posix_acl *dfacl, *acl;
+       int error = 0;
+
+       dfacl = nfs3_proc_getacl(dir, ACL_TYPE_DEFAULT);
+       if (IS_ERR(dfacl)) {
+               error = PTR_ERR(dfacl);
+               return (error == -EOPNOTSUPP) ? 0 : error;
+       }
+       if (!dfacl)
+               return 0;
+       acl = posix_acl_clone(dfacl, GFP_KERNEL);
+       error = -ENOMEM;
+       if (!acl)
+               goto out_release_dfacl;
+       error = posix_acl_create_masq(acl, &mode);
+       if (error < 0)
+               goto out_release_acl;
+       error = nfs3_proc_setacls(inode, acl, S_ISDIR(inode->i_mode) ?
+                                                     dfacl : NULL);
+out_release_acl:
+       posix_acl_release(acl);
+out_release_dfacl:
+       posix_acl_release(dfacl);
+       return error;
+}

diff --git a/fs/nfs/nfs3proc.c b/fs/nfs/nfs3proc.c
index d03bac0cc42f23b92f6465776e9a3438074bf725..a9ddc196224d95de237b1119548a0262c9f02755 100644 (file)
--- a/fs/nfs/nfs3proc.c
+++ b/fs/nfs/nfs3proc.c
@@ -314,7 +314,8 @@ nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
                .fh             = &fhandle,
                .fattr          = &fattr
        };
-       int                     status;
+       mode_t mode = sattr->ia_mode;
+       int status;
 
        dprintk("NFS call  create %s\n", dentry->d_name.name);
        arg.createmode = NFS3_CREATE_UNCHECKED;
@@ -324,6 +325,8 @@ nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
                arg.verifier[1] = current->pid;
        }
 
+       sattr->ia_mode &= ~current->fs->umask;
+
 again:
        dir_attr.valid = 0;
        fattr.valid = 0;
@@ -370,6 +373,9 @@ again:
                nfs_refresh_inode(dentry->d_inode, &fattr);
                dprintk("NFS reply setattr (post-create): %d\n", status);
        }
+       if (status != 0)
+               goto out;
+       status = nfs3_proc_set_default_acl(dir, dentry->d_inode, mode);
 out:
        dprintk("NFS reply create: %d\n", status);
        return status;
@@ -539,15 +545,24 @@ nfs3_proc_mkdir(struct inode *dir, struct dentry *dentry, struct iattr *sattr)
                .fh             = &fhandle,
                .fattr          = &fattr
        };
-       int                     status;
+       int mode = sattr->ia_mode;
+       int status;
 
        dprintk("NFS call  mkdir %s\n", dentry->d_name.name);
        dir_attr.valid = 0;
        fattr.valid = 0;
+
+       sattr->ia_mode &= ~current->fs->umask;
+
        status = rpc_call(NFS_CLIENT(dir), NFS3PROC_MKDIR, &arg, &res, 0);
        nfs_refresh_inode(dir, &dir_attr);
-       if (status == 0)
-               status = nfs_instantiate(dentry, &fhandle, &fattr);
+       if (status != 0)
+               goto out;
+       status = nfs_instantiate(dentry, &fhandle, &fattr);
+       if (status != 0)
+               goto out;
+       status = nfs3_proc_set_default_acl(dir, dentry->d_inode, mode);
+out:
        dprintk("NFS reply mkdir: %d\n", status);
        return status;
 }
@@ -642,6 +657,7 @@ nfs3_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
                .fh             = &fh,
                .fattr          = &fattr
        };
+       mode_t mode = sattr->ia_mode;
        int status;
 
        switch (sattr->ia_mode & S_IFMT) {
@@ -654,12 +670,20 @@ nfs3_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
 
        dprintk("NFS call  mknod %s %u:%u\n", dentry->d_name.name,
                        MAJOR(rdev), MINOR(rdev));
+
+       sattr->ia_mode &= ~current->fs->umask;
+
        dir_attr.valid = 0;
        fattr.valid = 0;
        status = rpc_call(NFS_CLIENT(dir), NFS3PROC_MKNOD, &arg, &res, 0);
        nfs_refresh_inode(dir, &dir_attr);
-       if (status == 0)
-               status = nfs_instantiate(dentry, &fh, &fattr);
+       if (status != 0)
+               goto out;
+       status = nfs_instantiate(dentry, &fh, &fattr);
+       if (status != 0)
+               goto out;
+       status = nfs3_proc_set_default_acl(dir, dentry->d_inode, mode);
+out:
        dprintk("NFS reply mknod: %d\n", status);
        return status;
 }

diff --git a/include/linux/nfs_fs.h b/include/linux/nfs_fs.h
index 3a5e442ac7762ccb9ff7936413c607466ddc75ae..7662c5131b47411b95f779fa09094d32f2a26572 100644 (file)
--- a/include/linux/nfs_fs.h
+++ b/include/linux/nfs_fs.h
@@ -478,6 +478,15 @@ extern void  nfs_readdata_release(struct rpc_task *task);
 extern struct posix_acl *nfs3_proc_getacl(struct inode *inode, int type);
 extern int nfs3_proc_setacl(struct inode *inode, int type,
                            struct posix_acl *acl);
+extern int nfs3_proc_set_default_acl(struct inode *dir, struct inode *inode,
+               mode_t mode);
+#else
+static inline int nfs3_proc_set_default_acl(struct inode *dir,
+                                           struct inode *inode,
+                                           mode_t mode)
+{
+       return 0;
+}
 #endif /* CONFIG_NFS_V3_ACL */
 
 /*