summaryrefslogtreecommitdiffstats
path: root/fs/nfsd/acl.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* NFSD: add posix ACLs to struct nfsd_attrsNeilBrown2022-08-041-2/+4
| | | | | | | | | | | | | | pacl and dpacl pointers are added to struct nfsd_attrs, which requires that we have an nfsd_attrs_free() function to free them. Those nfsv4 functions that can set ACLs now set up these pointers based on the passed in NFSv4 ACL. nfsd_setattr() sets the acls as appropriate. Errors are handled as with security labels. Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
* nfsd: eliminate an unnecessary acl size limitJ. Bruce Fields2019-08-291-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | We're unnecessarily limiting the size of an ACL to less than what most filesystems will support. Some users do hit the limit and it's confusing and unnecessary. It still seems prudent to impose some limit on the number of ACEs the client gives us before passing it straight to kmalloc(). So, let's just limit it to the maximum number that would be possible given the amount of data left in the argument buffer. That will still leave one limit beyond whatever the filesystem imposes: the client and server negotiate a limit on the size of a request, which we have to respect. But we're no longer imposing any additional arbitrary limit. struct nfs4_ace is 20 bytes on my system and the maximum call size we'll negotiate is about a megabyte, so in practice this is limiting the allocation here to about a megabyte. Reported-by: "de Vandiere, Louis" <louis.devandiere@atos.net> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: remove nfs4_acl_newJ. Bruce Fields2014-07-081-1/+1
| | | | | | | This is a not-that-useful kmalloc wrapper. And I'd like one of the callers to actually use something other than kmalloc. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: use xdr_reserve_space in attribute encodingJ. Bruce Fields2014-05-281-1/+1
| | | | | | | | | | | | | | | | | | | This is a cosmetic change for now; no change in behavior. Note we're just depending on xdr_reserve_space to do the bounds checking for us, we're not really depending on its adjustment of iovec or xdr_buf lengths yet, as those are fixed up by as necessary after the fact by read-link operations and by nfs4svc_encode_compoundres. However we do have to update xdr->iov on read-like operations to prevent xdr_reserve_space from messing with the already-fixed-up length of the the head. When the attribute encoding fails partway through we have to undo the length adjustments made so far. We do it manually for now, but later patches will add an xdr_truncate_encode() helper to handle cases like this. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: use more generous NFS4_ACL_MAXJ. Bruce Fields2014-03-291-3/+7
| | | | Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* Merge branch 'for-3.14' of git://linux-nfs.org/~bfields/linuxLinus Torvalds2014-01-301-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull nfsd updates from Bruce Fields: - Handle some loose ends from the vfs read delegation support. (For example nfsd can stop breaking leases on its own in a fewer places where it can now depend on the vfs to.) - Make life a little easier for NFSv4-only configurations (thanks to Kinglong Mee). - Fix some gss-proxy problems (thanks Jeff Layton). - miscellaneous bug fixes and cleanup * 'for-3.14' of git://linux-nfs.org/~bfields/linux: (38 commits) nfsd: consider CLAIM_FH when handing out delegation nfsd4: fix delegation-unlink/rename race nfsd4: delay setting current_fh in open nfsd4: minor nfs4_setlease cleanup gss_krb5: use lcm from kernel lib nfsd4: decrease nfsd4_encode_fattr stack usage nfsd: fix encode_entryplus_baggage stack usage nfsd4: simplify xdr encoding of nfsv4 names nfsd4: encode_rdattr_error cleanup nfsd4: nfsd4_encode_fattr cleanup minor svcauth_gss.c cleanup nfsd4: better VERIFY comment nfsd4: break only delegations when appropriate NFSD: Fix a memory leak in nfsd4_create_session sunrpc: get rid of use_gssp_lock sunrpc: fix potential race between setting use_gss_proxy and the upcall rpc_clnt sunrpc: don't wait for write before allowing reads from use-gss-proxy file nfsd: get rid of unused function definition Define op_iattr for nfsd4_open instead using macro NFSD: fix compile warning without CONFIG_NFSD_V3 ...
| * nfsd4: simplify xdr encoding of nfsv4 namesJ. Bruce Fields2014-01-081-1/+1
| | | | | | | | | | | | | | We can simplify the idmapping code if it does its own encoding and returns nfs errors. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* | nfsd: use get_acl and ->set_aclChristoph Hellwig2014-01-261-9/+7
|/ | | | | | | | | Remove the boilerplate code to marshall and unmarhall ACL objects into xattrs and operate on the posix_acl objects directly. Also move all the ACL handling code into nfs?acl.c where it belongs. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* nfsd: Remove declaration of nonexistent nfs4_acl_permisisonEric W. Biederman2013-02-131-2/+0
| | | | | | Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* nfsd4: remove outdated pathname-commentsJ. Bruce Fields2011-01-051-2/+0
| | | | Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* nfsd4: move idmap and acl header files into fs/nfsdJ. Bruce Fields2011-01-051-0/+61
These are internal nfsd interfaces. Signed-off-by: J. Bruce Fields <bfields@redhat.com>