ksmbd: remove select FS_POSIX_ACL in Kconfig

ksmbd is forcing to turn on FS_POSIX_ACL in Kconfig to use vfs acl
functions(posix_acl_alloc, get_acl, set_posix_acl). OpenWRT and other
platform doesn't use acl and this config is disable by default in
kernel. This patch use IS_ENABLED() to know acl config is enable and use
acl function if it is enable.

Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/ksmbd/Kconfig b/fs/ksmbd/Kconfig
index e9a5ac0..b83cbd7 100644 (file)
--- a/fs/ksmbd/Kconfig
+++ b/fs/ksmbd/Kconfig
@@ -19,7 +19,6 @@ config SMB_SERVER
        select CRYPTO_GCM
        select ASN1
        select OID_REGISTRY
-       select FS_POSIX_ACL
        default n
        help
          Choose Y here if you want to allow SMB3 compliant clients

diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 8f6ffa4..0131997 100644 (file)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -2386,11 +2386,14 @@ static void ksmbd_acls_fattr(struct smb_fattr *fattr, struct inode *inode)
        fattr->cf_uid = inode->i_uid;
        fattr->cf_gid = inode->i_gid;
        fattr->cf_mode = inode->i_mode;
+       fattr->cf_acls = NULL;
        fattr->cf_dacls = NULL;
 
-       fattr->cf_acls = get_acl(inode, ACL_TYPE_ACCESS);
-       if (S_ISDIR(inode->i_mode))
-               fattr->cf_dacls = get_acl(inode, ACL_TYPE_DEFAULT);
+       if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
+               fattr->cf_acls = get_acl(inode, ACL_TYPE_ACCESS);
+               if (S_ISDIR(inode->i_mode))
+                       fattr->cf_dacls = get_acl(inode, ACL_TYPE_DEFAULT);
+       }
 }
 
 /**

diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c
index fa99d95..2ca3714 100644 (file)
--- a/fs/ksmbd/smbacl.c
+++ b/fs/ksmbd/smbacl.c
@@ -533,22 +533,29 @@ static void parse_dacl(struct user_namespace *user_ns,
 
        if (acl_state.users->n || acl_state.groups->n) {
                acl_state.mask.allow = 0x07;
-               fattr->cf_acls = posix_acl_alloc(acl_state.users->n +
-                       acl_state.groups->n + 4, GFP_KERNEL);
-               if (fattr->cf_acls) {
-                       cf_pace = fattr->cf_acls->a_entries;
-                       posix_state_to_acl(&acl_state, cf_pace);
+
+               if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
+                       fattr->cf_acls =
+                               posix_acl_alloc(acl_state.users->n +
+                                       acl_state.groups->n + 4, GFP_KERNEL);
+                       if (fattr->cf_acls) {
+                               cf_pace = fattr->cf_acls->a_entries;
+                               posix_state_to_acl(&acl_state, cf_pace);
+                       }
                }
        }
 
        if (default_acl_state.users->n || default_acl_state.groups->n) {
                default_acl_state.mask.allow = 0x07;
-               fattr->cf_dacls =
-                       posix_acl_alloc(default_acl_state.users->n +
-                       default_acl_state.groups->n + 4, GFP_KERNEL);
-               if (fattr->cf_dacls) {
-                       cf_pdace = fattr->cf_dacls->a_entries;
-                       posix_state_to_acl(&default_acl_state, cf_pdace);
+
+               if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
+                       fattr->cf_dacls =
+                               posix_acl_alloc(default_acl_state.users->n +
+                               default_acl_state.groups->n + 4, GFP_KERNEL);
+                       if (fattr->cf_dacls) {
+                               cf_pdace = fattr->cf_dacls->a_entries;
+                               posix_state_to_acl(&default_acl_state, cf_pdace);
+                       }
                }
        }
        free_acl_state(&acl_state);
@@ -1221,31 +1228,36 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct path *path,
                        granted = GENERIC_ALL_FLAGS;
        }
 
-       posix_acls = get_acl(d_inode(path->dentry), ACL_TYPE_ACCESS);
-       if (posix_acls && !found) {
-               unsigned int id = -1;
-
-               pa_entry = posix_acls->a_entries;
-               for (i = 0; i < posix_acls->a_count; i++, pa_entry++) {
-                       if (pa_entry->e_tag == ACL_USER)
-                               id = from_kuid(user_ns,
-                                              pa_entry->e_uid);
-                       else if (pa_entry->e_tag == ACL_GROUP)
-                               id = from_kgid(user_ns,
-                                              pa_entry->e_gid);
-                       else
-                               continue;
-
-                       if (id == uid) {
-                               mode_to_access_flags(pa_entry->e_perm, 0777, &access_bits);
-                               if (!access_bits)
-                                       access_bits = SET_MINIMUM_RIGHTS;
-                               goto check_access_bits;
+       if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) {
+               posix_acls = get_acl(d_inode(path->dentry), ACL_TYPE_ACCESS);
+               if (posix_acls && !found) {
+                       unsigned int id = -1;
+
+                       pa_entry = posix_acls->a_entries;
+                       for (i = 0; i < posix_acls->a_count; i++, pa_entry++) {
+                               if (pa_entry->e_tag == ACL_USER)
+                                       id = from_kuid(user_ns,
+                                                      pa_entry->e_uid);
+                               else if (pa_entry->e_tag == ACL_GROUP)
+                                       id = from_kgid(user_ns,
+                                                      pa_entry->e_gid);
+                               else
+                                       continue;
+
+                               if (id == uid) {
+                                       mode_to_access_flags(pa_entry->e_perm,
+                                                            0777,
+                                                            &access_bits);
+                                       if (!access_bits)
+                                               access_bits =
+                                                       SET_MINIMUM_RIGHTS;
+                                       goto check_access_bits;
+                               }
                        }
                }
+               if (posix_acls)
+                       posix_acl_release(posix_acls);
        }
-       if (posix_acls)
-               posix_acl_release(posix_acls);
 
        if (!found) {
                if (others_ace) {
@@ -1308,7 +1320,7 @@ int set_info_sec(struct ksmbd_conn *conn, struct ksmbd_tree_connect *tcon,
 
        ksmbd_vfs_remove_acl_xattrs(user_ns, path->dentry);
        /* Update posix acls */
-       if (fattr.cf_dacls) {
+       if (IS_ENABLED(CONFIG_FS_POSIX_ACL) && fattr.cf_dacls) {
                rc = set_posix_acl(user_ns, inode,
                                   ACL_TYPE_ACCESS, fattr.cf_acls);
                if (S_ISDIR(inode->i_mode) && fattr.cf_dacls)

diff --git a/fs/ksmbd/vfs.c b/fs/ksmbd/vfs.c
index 612c52d..aee28ee 100644 (file)
--- a/fs/ksmbd/vfs.c
+++ b/fs/ksmbd/vfs.c
@@ -1365,6 +1365,9 @@ static struct xattr_smb_acl *ksmbd_vfs_make_xattr_posix_acl(struct user_namespac
        struct xattr_acl_entry *xa_entry;
        int i;
 
+       if (!IS_ENABLED(CONFIG_FS_POSIX_ACL))
+               return NULL;
+
        posix_acls = get_acl(inode, acl_type);
        if (!posix_acls)
                return NULL;
@@ -1811,6 +1814,9 @@ int ksmbd_vfs_set_init_posix_acl(struct user_namespace *user_ns,
        struct posix_acl *acls;
        int rc;
 
+       if (!IS_ENABLED(CONFIG_FS_POSIX_ACL))
+               return -EOPNOTSUPP;
+
        ksmbd_debug(SMB, "Set posix acls\n");
        rc = init_acl_state(&acl_state, 1);
        if (rc)
@@ -1858,6 +1864,9 @@ int ksmbd_vfs_inherit_posix_acl(struct user_namespace *user_ns,
        struct posix_acl_entry *pace;
        int rc, i;
 
+       if (!IS_ENABLED(CONFIG_FS_POSIX_ACL))
+               return -EOPNOTSUPP;
+
        acls = get_acl(parent_inode, ACL_TYPE_DEFAULT);
        if (!acls)
                return -ENOENT;