ksmbd: remove select FS_POSIX_ACL in Kconfig

ksmbd is forcing to turn on FS_POSIX_ACL in Kconfig to use vfs acl functions(posix_acl_alloc, get_acl, set_posix_acl). OpenWRT and other platform doesn't use acl and this config is disable by default in kernel. This patch use IS_ENABLED() to know acl config is enable and use acl function if it is enable. Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
2021-08-13 08:15:33 +09:00 · 2021-08-13 08:15:33 +09:00 · 777cad1604
commit 777cad1604
parent c6ce2b5716
4 changed files with 59 additions and 36 deletions
--- a/fs/ksmbd/Kconfig
+++ b/fs/ksmbd/Kconfig
@ -19,7 +19,6 @@ config SMB_SERVER
 	select CRYPTO_GCM
 	select ASN1
 	select OID_REGISTRY
-	select FS_POSIX_ACL
 	default n
 	help
 	  Choose Y here if you want to allow SMB3 compliant clients
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@ -2386,11 +2386,14 @@ static void ksmbd_acls_fattr(struct smb_fattr *fattr, struct inode *inode)
 	fattr->cf_uid = inode->i_uid;
 	fattr->cf_gid = inode->i_gid;
 	fattr->cf_mode = inode->i_mode;
+	fattr->cf_acls = NULL;
 	fattr->cf_dacls = NULL;

-	fattr->cf_acls = get_acl(inode, ACL_TYPE_ACCESS);
-	if (S_ISDIR(inode->i_mode))
-		fattr->cf_dacls = get_acl(inode, ACL_TYPE_DEFAULT);
+	if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
+		fattr->cf_acls = get_acl(inode, ACL_TYPE_ACCESS);
+		if (S_ISDIR(inode->i_mode))
+			fattr->cf_dacls = get_acl(inode, ACL_TYPE_DEFAULT);
+	}
 }

 /**
--- a/fs/ksmbd/smbacl.c
+++ b/fs/ksmbd/smbacl.c
@ -533,22 +533,29 @@ static void parse_dacl(struct user_namespace *user_ns,

 	if (acl_state.users->n || acl_state.groups->n) {
 		acl_state.mask.allow = 0x07;
-		fattr->cf_acls = posix_acl_alloc(acl_state.users->n +
-			acl_state.groups->n + 4, GFP_KERNEL);
-		if (fattr->cf_acls) {
-			cf_pace = fattr->cf_acls->a_entries;
-			posix_state_to_acl(&acl_state, cf_pace);
+
+		if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
+			fattr->cf_acls =
+				posix_acl_alloc(acl_state.users->n +
+					acl_state.groups->n + 4, GFP_KERNEL);
+			if (fattr->cf_acls) {
+				cf_pace = fattr->cf_acls->a_entries;
+				posix_state_to_acl(&acl_state, cf_pace);
+			}
 		}
 	}

 	if (default_acl_state.users->n || default_acl_state.groups->n) {
 		default_acl_state.mask.allow = 0x07;
-		fattr->cf_dacls =
-			posix_acl_alloc(default_acl_state.users->n +
-			default_acl_state.groups->n + 4, GFP_KERNEL);
-		if (fattr->cf_dacls) {
-			cf_pdace = fattr->cf_dacls->a_entries;
-			posix_state_to_acl(&default_acl_state, cf_pdace);
+
+		if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
+			fattr->cf_dacls =
+				posix_acl_alloc(default_acl_state.users->n +
+				default_acl_state.groups->n + 4, GFP_KERNEL);
+			if (fattr->cf_dacls) {
+				cf_pdace = fattr->cf_dacls->a_entries;
+				posix_state_to_acl(&default_acl_state, cf_pdace);
+			}
 		}
 	}
 	free_acl_state(&acl_state);
@ -1221,31 +1228,36 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct path *path,
 			granted = GENERIC_ALL_FLAGS;
 	}

-	posix_acls = get_acl(d_inode(path->dentry), ACL_TYPE_ACCESS);
-	if (posix_acls && !found) {
-		unsigned int id = -1;
+	if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
+		posix_acls = get_acl(d_inode(path->dentry), ACL_TYPE_ACCESS);
+		if (posix_acls && !found) {
+			unsigned int id = -1;

-		pa_entry = posix_acls->a_entries;
-		for (i = 0; i < posix_acls->a_count; i++, pa_entry++) {
-			if (pa_entry->e_tag == ACL_USER)
-				id = from_kuid(user_ns,
-					       pa_entry->e_uid);
-			else if (pa_entry->e_tag == ACL_GROUP)
-				id = from_kgid(user_ns,
-					       pa_entry->e_gid);
-			else
-				continue;
+			pa_entry = posix_acls->a_entries;
+			for (i = 0; i < posix_acls->a_count; i++, pa_entry++) {
+				if (pa_entry->e_tag == ACL_USER)
+					id = from_kuid(user_ns,
+						       pa_entry->e_uid);
+				else if (pa_entry->e_tag == ACL_GROUP)
+					id = from_kgid(user_ns,
+						       pa_entry->e_gid);
+				else
+					continue;

-			if (id == uid) {
-				mode_to_access_flags(pa_entry->e_perm, 0777, &access_bits);
-				if (!access_bits)
-					access_bits = SET_MINIMUM_RIGHTS;
-				goto check_access_bits;
+				if (id == uid) {
+					mode_to_access_flags(pa_entry->e_perm,
+							     0777,
+							     &access_bits);
+					if (!access_bits)
+						access_bits =
+							SET_MINIMUM_RIGHTS;
+					goto check_access_bits;
+				}
 			}
 		}
+		if (posix_acls)
+			posix_acl_release(posix_acls);
 	}
-	if (posix_acls)
-		posix_acl_release(posix_acls);

 	if (!found) {
 		if (others_ace) {
@ -1308,7 +1320,7 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon,

 	ksmbd_vfs_remove_acl_xattrs(user_ns, path->dentry);
 	/* Update posix acls */
-	if (fattr.cf_dacls) {
+	if (IS_ENABLED(CONFIG_FS_POSIX_ACL) && fattr.cf_dacls) {
 		rc = set_posix_acl(user_ns, inode,
 				   ACL_TYPE_ACCESS, fattr.cf_acls);
 		if (S_ISDIR(inode->i_mode) && fattr.cf_dacls)
--- a/fs/ksmbd/vfs.c
+++ b/fs/ksmbd/vfs.c
@ -1365,6 +1365,9 @@ static struct xattr_smb_acl *ksmbd_vfs_make_xattr_posix_acl(struct user_namespac
 	struct xattr_acl_entry *xa_entry;
 	int i;

+	if (!IS_ENABLED(CONFIG_FS_POSIX_ACL))
+		return NULL;
+
 	posix_acls = get_acl(inode, acl_type);
 	if (!posix_acls)
 		return NULL;
@ -1811,6 +1814,9 @@ int ksmbd_vfs_set_init_posix_acl(struct user_namespace *user_ns,
 	struct posix_acl *acls;
 	int rc;

+	if (!IS_ENABLED(CONFIG_FS_POSIX_ACL))
+		return -EOPNOTSUPP;
+
 	ksmbd_debug(SMB, "Set posix acls\n");
 	rc = init_acl_state(&acl_state, 1);
 	if (rc)
@ -1858,6 +1864,9 @@ int ksmbd_vfs_inherit_posix_acl(struct user_namespace *user_ns,
 	struct posix_acl_entry *pace;
 	int rc, i;

+	if (!IS_ENABLED(CONFIG_FS_POSIX_ACL))
+		return -EOPNOTSUPP;
+
 	acls = get_acl(parent_inode, ACL_TYPE_DEFAULT);
 	if (!acls)
 		return -ENOENT;