- if (valid & OBD_MD_FLRMTRSETFACL) {
- __u32 perm = mdt_identity_get_perm(uc->mu_identity,
- med->med_rmtclient,
- req->rq_peer.nid);
-
- LASSERT(med->med_rmtclient);
- if (!(perm & CFS_RMTACL_PERM))
- GOTO(out, rc = err_serious(-EPERM));
- }
-
- /* various sanity check for xattr name */
- xattr_name = req_capsule_client_get(pill, &RMF_NAME);
- if (!xattr_name)
- GOTO(out, rc = err_serious(-EFAULT));
-
- if (strncmp(xattr_name, trust_string, sizeof(trust_string) - 1) == 0) {
- if (strcmp(xattr_name + 8, XATTR_NAME_LOV) == 0)
- GOTO(out, rc = -EACCES);
- }
-
- if (!(req->rq_export->exp_connect_flags & OBD_CONNECT_XATTR) &&
- (strncmp(xattr_name, user_string, sizeof(user_string) - 1) == 0)) {
- GOTO(out, rc = -EOPNOTSUPP);
- }
+ if (strncmp(xattr_name, XATTR_USER_PREFIX,
+ sizeof(XATTR_USER_PREFIX) - 1) == 0) {
+ if (!(exp_connect_flags(req->rq_export) & OBD_CONNECT_XATTR))
+ GOTO(out, rc = -EOPNOTSUPP);
+ } else if (strncmp(xattr_name, XATTR_TRUSTED_PREFIX,
+ sizeof(XATTR_TRUSTED_PREFIX) - 1) == 0) {
+
+ if (!md_capable(mdt_ucred(info), CFS_CAP_SYS_ADMIN))
+ GOTO(out, rc = -EPERM);
+
+ if (strcmp(xattr_name, XATTR_NAME_LOV) == 0 ||
+ strcmp(xattr_name, XATTR_NAME_LMA) == 0 ||
+ strcmp(xattr_name, XATTR_NAME_LMV) == 0 ||
+ strcmp(xattr_name, XATTR_NAME_LINK) == 0 ||
+ strcmp(xattr_name, XATTR_NAME_FID) == 0 ||
+ strcmp(xattr_name, XATTR_NAME_VERSION) == 0 ||
+ strcmp(xattr_name, XATTR_NAME_SOM) == 0 ||
+ strcmp(xattr_name, XATTR_NAME_HSM) == 0 ||
+ strcmp(xattr_name, XATTR_NAME_LFSCK_NAMESPACE) == 0)
+ GOTO(out, rc = 0);
+ } else if ((valid & OBD_MD_FLXATTR) &&
+ (strcmp(xattr_name, XATTR_NAME_ACL_ACCESS) == 0 ||
+ strcmp(xattr_name, XATTR_NAME_ACL_DEFAULT) == 0)) {
+ struct lu_nodemap *nodemap;
+
+ /* currently lustre limit acl access size */
+ if (xattr_len > LUSTRE_POSIX_ACL_MAX_SIZE)
+ GOTO(out, rc = -ERANGE);
+
+ nodemap = nodemap_get_from_exp(exp);
+ if (IS_ERR(nodemap))
+ GOTO(out, rc = PTR_ERR(nodemap));
+
+ rc = nodemap_map_acl(nodemap, rr->rr_eadata, xattr_len,
+ NODEMAP_CLIENT_TO_FS);
+ nodemap_putref(nodemap);
+ if (rc < 0)
+ GOTO(out, rc);
+
+ /* ACLs were mapped out, return an error so the user knows */
+ if (rc != xattr_len)
+ GOTO(out, rc = -EPERM);
+ }