projects / deliverable / linux.git / blame
| Commit | Line | Data |
|---|---|---|
| 1da177e4 LT |
1 | /* |
| 2 | * fs/nfs4acl/acl.c | |
| 3 | * | |
| 4 | * Common NFSv4 ACL handling code. | |
| 5 | * | |
| 6 | * Copyright (c) 2002, 2003 The Regents of the University of Michigan. | |
| 7 | * All rights reserved. | |
| 8 | * | |
| 9 | * Marius Aamodt Eriksen <marius@umich.edu> | |
| 10 | * Jeff Sedlak <jsedlak@umich.edu> | |
| 11 | * J. Bruce Fields <bfields@umich.edu> | |
| 12 | * | |
| 13 | * Redistribution and use in source and binary forms, with or without | |
| 14 | * modification, are permitted provided that the following conditions | |
| 15 | * are met: | |
| 16 | * | |
| 17 | * 1. Redistributions of source code must retain the above copyright | |
| 18 | * notice, this list of conditions and the following disclaimer. | |
| 19 | * 2. Redistributions in binary form must reproduce the above copyright | |
| 20 | * notice, this list of conditions and the following disclaimer in the | |
| 21 | * documentation and/or other materials provided with the distribution. | |
| 22 | * 3. Neither the name of the University nor the names of its | |
| 23 | * contributors may be used to endorse or promote products derived | |
| 24 | * from this software without specific prior written permission. | |
| 25 | * | |
| 26 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED | |
| 27 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | |
| 28 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| 29 | * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
| 30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
| 31 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
| 32 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR | |
| 33 | * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
| 34 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 35 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| 36 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 37 | */ | |
| 38 | ||
| 39 | #include <linux/string.h> | |
| 40 | #include <linux/slab.h> | |
| 41 | #include <linux/list.h> | |
| 42 | #include <linux/types.h> | |
| 43 | #include <linux/fs.h> | |
| 44 | #include <linux/module.h> | |
| 45 | #include <linux/nfs_fs.h> | |
| 46 | #include <linux/posix_acl.h> | |
| 47 | #include <linux/nfs4.h> | |
| 48 | #include <linux/nfs4_acl.h> | |
| 49 | ||
| 50 | ||
| 51 | /* mode bit translations: */ | |
| 52 | #define NFS4_READ_MODE (NFS4_ACE_READ_DATA) | |
| 53 | #define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA | NFS4_ACE_APPEND_DATA) | |
| 54 | #define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE | |
| 55 | #define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | NFS4_ACE_SYNCHRONIZE) | |
| 56 | #define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL) | |
| 57 | ||
| 58 | /* We don't support these bits; insist they be neither allowed nor denied */ | |
| 59 | #define NFS4_MASK_UNSUPP (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \ | |
| 60 | | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS) | |
| 61 | ||
| 62 | /* flags used to simulate posix default ACLs */ | |
| 63 | #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ | |
| 7bdfa68c | 64 | | NFS4_ACE_DIRECTORY_INHERIT_ACE) |
| 1da177e4 | 65 | |
| 7bdfa68c BF |
66 | #define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS \ |
| 67 | | NFS4_ACE_INHERIT_ONLY_ACE \ | |
| 68 | | NFS4_ACE_IDENTIFIER_GROUP) | |
| b548edc2 | 69 | |
| 1da177e4 LT |
70 | #define MASK_EQUAL(mask1, mask2) \ |
| 71 | ( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) ) | |
| 72 | ||
| 73 | static u32 | |
| 74 | mask_from_posix(unsigned short perm, unsigned int flags) | |
| 75 | { | |
| 76 | int mask = NFS4_ANYONE_MODE; | |
| 77 | ||
| 78 | if (flags & NFS4_ACL_OWNER) | |
| 79 | mask |= NFS4_OWNER_MODE; | |
| 80 | if (perm & ACL_READ) | |
| 81 | mask |= NFS4_READ_MODE; | |
| 82 | if (perm & ACL_WRITE) | |
| 83 | mask |= NFS4_WRITE_MODE; | |
| 84 | if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) | |
| 85 | mask |= NFS4_ACE_DELETE_CHILD; | |
| 86 | if (perm & ACL_EXECUTE) | |
| 87 | mask |= NFS4_EXECUTE_MODE; | |
| 88 | return mask; | |
| 89 | } | |
| 90 | ||
| 91 | static u32 | |
| 92 | deny_mask(u32 allow_mask, unsigned int flags) | |
| 93 | { | |
| 94 | u32 ret = ~allow_mask & ~NFS4_MASK_UNSUPP; | |
| 95 | if (!(flags & NFS4_ACL_DIR)) | |
| 96 | ret &= ~NFS4_ACE_DELETE_CHILD; | |
| 97 | return ret; | |
| 98 | } | |
| 99 | ||
| 100 | /* XXX: modify functions to return NFS errors; they're only ever | |
| 101 | * used by nfs code, after all.... */ | |
| 102 | ||
| 09229edb BF |
103 | /* We only map from NFSv4 to POSIX ACLs when setting ACLs, when we err on the |
| 104 | * side of being more restrictive, so the mode bit mapping below is | |
| 105 | * pessimistic. An optimistic version would be needed to handle DENY's, | |
| 106 | * but we espect to coalesce all ALLOWs and DENYs before mapping to mode | |
| 107 | * bits. */ | |
| 108 | ||
| 109 | static void | |
| 110 | low_mode_from_nfs4(u32 perm, unsigned short *mode, unsigned int flags) | |
| 1da177e4 | 111 | { |
| 09229edb | 112 | u32 write_mode = NFS4_WRITE_MODE; |
| 1da177e4 | 113 | |
| 09229edb BF |
114 | if (flags & NFS4_ACL_DIR) |
| 115 | write_mode |= NFS4_ACE_DELETE_CHILD; | |
| 1da177e4 LT |
116 | *mode = 0; |
| 117 | if ((perm & NFS4_READ_MODE) == NFS4_READ_MODE) | |
| 118 | *mode |= ACL_READ; | |
| 09229edb | 119 | if ((perm & write_mode) == write_mode) |
| 1da177e4 LT |
120 | *mode |= ACL_WRITE; |
| 121 | if ((perm & NFS4_EXECUTE_MODE) == NFS4_EXECUTE_MODE) | |
| 122 | *mode |= ACL_EXECUTE; | |
| 1da177e4 LT |
123 | } |
| 124 | ||
| 125 | struct ace_container { | |
| 126 | struct nfs4_ace *ace; | |
| 127 | struct list_head ace_l; | |
| 128 | }; | |
| 129 | ||
| 130 | static short ace2type(struct nfs4_ace *); | |
| 28e05dd8 BF |
131 | static void _posix_to_nfsv4_one(struct posix_acl *, struct nfs4_acl *, |
| 132 | unsigned int); | |
| 133 | void nfs4_acl_add_ace(struct nfs4_acl *, u32, u32, u32, int, uid_t); | |
| 1da177e4 LT |
134 | |
| 135 | struct nfs4_acl * | |
| 136 | nfs4_acl_posix_to_nfsv4(struct posix_acl *pacl, struct posix_acl *dpacl, | |
| 137 | unsigned int flags) | |
| 138 | { | |
| 139 | struct nfs4_acl *acl; | |
| 28e05dd8 | 140 | int size = 0; |
| 1da177e4 | 141 | |
| 28e05dd8 BF |
142 | if (pacl) { |
| 143 | if (posix_acl_valid(pacl) < 0) | |
| 144 | return ERR_PTR(-EINVAL); | |
| 145 | size += 2*pacl->a_count; | |
| 1da177e4 | 146 | } |
| 28e05dd8 BF |
147 | if (dpacl) { |
| 148 | if (posix_acl_valid(dpacl) < 0) | |
| 149 | return ERR_PTR(-EINVAL); | |
| 150 | size += 2*dpacl->a_count; | |
| 1da177e4 LT |
151 | } |
| 152 | ||
| 28e05dd8 BF |
153 | /* Allocate for worst case: one (deny, allow) pair each: */ |
| 154 | acl = nfs4_acl_new(size); | |
| 155 | if (acl == NULL) | |
| 156 | return ERR_PTR(-ENOMEM); | |
| 1da177e4 | 157 | |
| 28e05dd8 BF |
158 | if (pacl) |
| 159 | _posix_to_nfsv4_one(pacl, acl, flags & ~NFS4_ACL_TYPE_DEFAULT); | |
| 1da177e4 | 160 | |
| 28e05dd8 BF |
161 | if (dpacl) |
| 162 | _posix_to_nfsv4_one(dpacl, acl, flags | NFS4_ACL_TYPE_DEFAULT); | |
| 1da177e4 LT |
163 | |
| 164 | return acl; | |
| 165 | } | |
| 166 | ||
| 28e05dd8 | 167 | static void |
| 1da177e4 LT |
168 | nfs4_acl_add_pair(struct nfs4_acl *acl, int eflag, u32 mask, int whotype, |
| 169 | uid_t owner, unsigned int flags) | |
| 170 | { | |
| 28e05dd8 | 171 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, |
| 1da177e4 | 172 | eflag, mask, whotype, owner); |
| 28e05dd8 | 173 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, |
| 1da177e4 | 174 | eflag, deny_mask(mask, flags), whotype, owner); |
| 1da177e4 LT |
175 | } |
| 176 | ||
| 177 | /* We assume the acl has been verified with posix_acl_valid. */ | |
| 28e05dd8 | 178 | static void |
| 1da177e4 LT |
179 | _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, |
| 180 | unsigned int flags) | |
| 181 | { | |
| 182 | struct posix_acl_entry *pa, *pe, *group_owner_entry; | |
| f43daf67 BF |
183 | u32 mask; |
| 184 | unsigned short mask_mask; | |
| 1da177e4 LT |
185 | int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ? |
| 186 | NFS4_INHERITANCE_FLAGS : 0); | |
| 187 | ||
| 188 | BUG_ON(pacl->a_count < 3); | |
| 189 | pe = pacl->a_entries + pacl->a_count; | |
| 190 | pa = pe - 2; /* if mask entry exists, it's second from the last. */ | |
| 191 | if (pa->e_tag == ACL_MASK) | |
| f43daf67 | 192 | mask_mask = pa->e_perm; |
| 1da177e4 | 193 | else |
| f43daf67 | 194 | mask_mask = S_IRWXO; |
| 1da177e4 LT |
195 | |
| 196 | pa = pacl->a_entries; | |
| 197 | BUG_ON(pa->e_tag != ACL_USER_OBJ); | |
| 198 | mask = mask_from_posix(pa->e_perm, flags | NFS4_ACL_OWNER); | |
| 28e05dd8 | 199 | nfs4_acl_add_pair(acl, eflag, mask, NFS4_ACL_WHO_OWNER, 0, flags); |
| 1da177e4 LT |
200 | pa++; |
| 201 | ||
| 202 | while (pa->e_tag == ACL_USER) { | |
| f43daf67 | 203 | mask = mask_from_posix(pa->e_perm & mask_mask, flags); |
| 28e05dd8 | 204 | nfs4_acl_add_pair(acl, eflag, mask, |
| 1da177e4 | 205 | NFS4_ACL_WHO_NAMED, pa->e_id, flags); |
| 1da177e4 LT |
206 | pa++; |
| 207 | } | |
| 208 | ||
| 209 | /* In the case of groups, we apply allow ACEs first, then deny ACEs, | |
| 210 | * since a user can be in more than one group. */ | |
| 211 | ||
| 212 | /* allow ACEs */ | |
| 213 | ||
| 1da177e4 | 214 | group_owner_entry = pa; |
| f43daf67 | 215 | mask = mask_from_posix(pa->e_perm & mask_mask, flags); |
| 28e05dd8 | 216 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, |
| 1da177e4 LT |
217 | NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, |
| 218 | NFS4_ACL_WHO_GROUP, 0); | |
| 1da177e4 LT |
219 | pa++; |
| 220 | ||
| 221 | while (pa->e_tag == ACL_GROUP) { | |
| f43daf67 | 222 | mask = mask_from_posix(pa->e_perm & mask_mask, flags); |
| 28e05dd8 | 223 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, |
| 1da177e4 LT |
224 | NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, |
| 225 | NFS4_ACL_WHO_NAMED, pa->e_id); | |
| 1da177e4 LT |
226 | pa++; |
| 227 | } | |
| 228 | ||
| 229 | /* deny ACEs */ | |
| 230 | ||
| 231 | pa = group_owner_entry; | |
| 232 | mask = mask_from_posix(pa->e_perm, flags); | |
| 28e05dd8 | 233 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, |
| 1da177e4 LT |
234 | NFS4_ACE_IDENTIFIER_GROUP | eflag, |
| 235 | deny_mask(mask, flags), NFS4_ACL_WHO_GROUP, 0); | |
| 1da177e4 LT |
236 | pa++; |
| 237 | while (pa->e_tag == ACL_GROUP) { | |
| 238 | mask = mask_from_posix(pa->e_perm, flags); | |
| 28e05dd8 | 239 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, |
| 1da177e4 LT |
240 | NFS4_ACE_IDENTIFIER_GROUP | eflag, |
| 241 | deny_mask(mask, flags), NFS4_ACL_WHO_NAMED, pa->e_id); | |
| 1da177e4 LT |
242 | pa++; |
| 243 | } | |
| 244 | ||
| 245 | if (pa->e_tag == ACL_MASK) | |
| 246 | pa++; | |
| 247 | BUG_ON(pa->e_tag != ACL_OTHER); | |
| 248 | mask = mask_from_posix(pa->e_perm, flags); | |
| 28e05dd8 | 249 | nfs4_acl_add_pair(acl, eflag, mask, NFS4_ACL_WHO_EVERYONE, 0, flags); |
| 1da177e4 LT |
250 | } |
| 251 | ||
| 252 | static void | |
| 253 | sort_pacl_range(struct posix_acl *pacl, int start, int end) { | |
| 254 | int sorted = 0, i; | |
| 255 | struct posix_acl_entry tmp; | |
| 256 | ||
| 257 | /* We just do a bubble sort; easy to do in place, and we're not | |
| 258 | * expecting acl's to be long enough to justify anything more. */ | |
| 259 | while (!sorted) { | |
| 260 | sorted = 1; | |
| 261 | for (i = start; i < end; i++) { | |
| 262 | if (pacl->a_entries[i].e_id | |
| 263 | > pacl->a_entries[i+1].e_id) { | |
| 264 | sorted = 0; | |
| 265 | tmp = pacl->a_entries[i]; | |
| 266 | pacl->a_entries[i] = pacl->a_entries[i+1]; | |
| 267 | pacl->a_entries[i+1] = tmp; | |
| 268 | } | |
| 269 | } | |
| 270 | } | |
| 271 | } | |
| 272 | ||
| 273 | static void | |
| 274 | sort_pacl(struct posix_acl *pacl) | |
| 275 | { | |
| 276 | /* posix_acl_valid requires that users and groups be in order | |
| 277 | * by uid/gid. */ | |
| 278 | int i, j; | |
| 279 | ||
| 280 | if (pacl->a_count <= 4) | |
| 281 | return; /* no users or groups */ | |
| 282 | i = 1; | |
| 283 | while (pacl->a_entries[i].e_tag == ACL_USER) | |
| 284 | i++; | |
| 285 | sort_pacl_range(pacl, 1, i-1); | |
| 286 | ||
| 287 | BUG_ON(pacl->a_entries[i].e_tag != ACL_GROUP_OBJ); | |
| 288 | j = i++; | |
| 289 | while (pacl->a_entries[j].e_tag == ACL_GROUP) | |
| 290 | j++; | |
| 291 | sort_pacl_range(pacl, i, j-1); | |
| 292 | return; | |
| 293 | } | |
| 294 | ||
| 09229edb BF |
295 | /* |
| 296 | * While processing the NFSv4 ACE, this maintains bitmasks representing | |
| 297 | * which permission bits have been allowed and which denied to a given | |
| 298 | * entity: */ | |
| 299 | struct posix_ace_state { | |
| 300 | u32 allow; | |
| 301 | u32 deny; | |
| 302 | }; | |
| 303 | ||
| 304 | struct posix_user_ace_state { | |
| 305 | uid_t uid; | |
| 306 | struct posix_ace_state perms; | |
| 307 | }; | |
| 308 | ||
| 309 | struct posix_ace_state_array { | |
| 310 | int n; | |
| 311 | struct posix_user_ace_state aces[]; | |
| 312 | }; | |
| 313 | ||
| 314 | /* | |
| 315 | * While processing the NFSv4 ACE, this maintains the partial permissions | |
| 316 | * calculated so far: */ | |
| 317 | ||
| 318 | struct posix_acl_state { | |
| 319 | struct posix_ace_state owner; | |
| 320 | struct posix_ace_state group; | |
| 321 | struct posix_ace_state other; | |
| 322 | struct posix_ace_state everyone; | |
| 323 | struct posix_ace_state mask; /* Deny unused in this case */ | |
| 324 | struct posix_ace_state_array *users; | |
| 325 | struct posix_ace_state_array *groups; | |
| 326 | }; | |
| 327 | ||
| 1da177e4 | 328 | static int |
| 09229edb | 329 | init_state(struct posix_acl_state *state, int cnt) |
| 1da177e4 | 330 | { |
| 09229edb BF |
331 | int alloc; |
| 332 | ||
| 333 | memset(state, 0, sizeof(struct posix_acl_state)); | |
| 334 | /* | |
| 335 | * In the worst case, each individual acl could be for a distinct | |
| 336 | * named user or group, but we don't no which, so we allocate | |
| 337 | * enough space for either: | |
| 338 | */ | |
| 339 | alloc = sizeof(struct posix_ace_state_array) | |
| 340 | + cnt*sizeof(struct posix_ace_state); | |
| 341 | state->users = kzalloc(alloc, GFP_KERNEL); | |
| 342 | if (!state->users) | |
| 343 | return -ENOMEM; | |
| 344 | state->groups = kzalloc(alloc, GFP_KERNEL); | |
| 345 | if (!state->groups) { | |
| 346 | kfree(state->users); | |
| 347 | return -ENOMEM; | |
| 348 | } | |
| 349 | return 0; | |
| 1da177e4 LT |
350 | } |
| 351 | ||
| 09229edb BF |
352 | static void |
| 353 | free_state(struct posix_acl_state *state) { | |
| 354 | kfree(state->users); | |
| 355 | kfree(state->groups); | |
| 1da177e4 LT |
356 | } |
| 357 | ||
| 09229edb | 358 | static inline void add_to_mask(struct posix_acl_state *state, struct posix_ace_state *astate) |
| 1da177e4 | 359 | { |
| 09229edb | 360 | state->mask.allow |= astate->allow; |
| 1da177e4 LT |
361 | } |
| 362 | ||
| 09229edb BF |
363 | /* |
| 364 | * Certain bits (SYNCHRONIZE, DELETE, WRITE_OWNER, READ/WRITE_NAMED_ATTRS, | |
| 365 | * READ_ATTRIBUTES, READ_ACL) are currently unenforceable and don't translate | |
| 366 | * to traditional read/write/execute permissions. | |
| 367 | * | |
| 368 | * It's problematic to reject acls that use certain mode bits, because it | |
| 369 | * places the burden on users to learn the rules about which bits one | |
| 370 | * particular server sets, without giving the user a lot of help--we return an | |
| 371 | * error that could mean any number of different things. To make matters | |
| 372 | * worse, the problematic bits might be introduced by some application that's | |
| 373 | * automatically mapping from some other acl model. | |
| 374 | * | |
| 375 | * So wherever possible we accept anything, possibly erring on the side of | |
| 376 | * denying more permissions than necessary. | |
| 377 | * | |
| 378 | * However we do reject *explicit* DENY's of a few bits representing | |
| 379 | * permissions we could never deny: | |
| 380 | */ | |
| 1da177e4 | 381 | |
| 09229edb BF |
382 | static inline int check_deny(u32 mask, int isowner) |
| 383 | { | |
| 384 | if (mask & (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL)) | |
| 385 | return -EINVAL; | |
| 386 | if (!isowner) | |
| 387 | return 0; | |
| 388 | if (mask & (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL)) | |
| 389 | return -EINVAL; | |
| 390 | return 0; | |
| 1da177e4 LT |
391 | } |
| 392 | ||
| 09229edb BF |
393 | static struct posix_acl * |
| 394 | posix_state_to_acl(struct posix_acl_state *state, unsigned int flags) | |
| 1da177e4 | 395 | { |
| 09229edb BF |
396 | struct posix_acl_entry *pace; |
| 397 | struct posix_acl *pacl; | |
| 398 | int nace; | |
| 399 | int i, error = 0; | |
| 1da177e4 | 400 | |
| 09229edb BF |
401 | nace = 4 + state->users->n + state->groups->n; |
| 402 | pacl = posix_acl_alloc(nace, GFP_KERNEL); | |
| 403 | if (!pacl) | |
| 404 | return ERR_PTR(-ENOMEM); | |
| 1da177e4 | 405 | |
| 09229edb BF |
406 | pace = pacl->a_entries; |
| 407 | pace->e_tag = ACL_USER_OBJ; | |
| 408 | error = check_deny(state->owner.deny, 1); | |
| 409 | if (error) | |
| 410 | goto out_err; | |
| 411 | low_mode_from_nfs4(state->owner.allow, &pace->e_perm, flags); | |
| 412 | pace->e_id = ACL_UNDEFINED_ID; | |
| 413 | ||
| 414 | for (i=0; i < state->users->n; i++) { | |
| 415 | pace++; | |
| 416 | pace->e_tag = ACL_USER; | |
| 417 | error = check_deny(state->users->aces[i].perms.deny, 0); | |
| 418 | if (error) | |
| 419 | goto out_err; | |
| 420 | low_mode_from_nfs4(state->users->aces[i].perms.allow, | |
| 421 | &pace->e_perm, flags); | |
| 422 | pace->e_id = state->users->aces[i].uid; | |
| 423 | add_to_mask(state, &state->users->aces[i].perms); | |
| 1da177e4 LT |
424 | } |
| 425 | ||
| 09229edb BF |
426 | pace++; |
| 427 | pace->e_tag = ACL_GROUP_OBJ; | |
| 428 | error = check_deny(state->group.deny, 0); | |
| 429 | if (error) | |
| 430 | goto out_err; | |
| 431 | low_mode_from_nfs4(state->group.allow, &pace->e_perm, flags); | |
| 432 | pace->e_id = ACL_UNDEFINED_ID; | |
| 433 | add_to_mask(state, &state->group); | |
| 434 | ||
| 435 | for (i=0; i < state->groups->n; i++) { | |
| 436 | pace++; | |
| 437 | pace->e_tag = ACL_GROUP; | |
| 438 | error = check_deny(state->groups->aces[i].perms.deny, 0); | |
| 439 | if (error) | |
| 440 | goto out_err; | |
| 441 | low_mode_from_nfs4(state->groups->aces[i].perms.allow, | |
| 442 | &pace->e_perm, flags); | |
| 443 | pace->e_id = state->groups->aces[i].uid; | |
| 444 | add_to_mask(state, &state->groups->aces[i].perms); | |
| 445 | } | |
| 1da177e4 | 446 | |
| 09229edb BF |
447 | pace++; |
| 448 | pace->e_tag = ACL_MASK; | |
| 449 | low_mode_from_nfs4(state->mask.allow, &pace->e_perm, flags); | |
| 450 | pace->e_id = ACL_UNDEFINED_ID; | |
| 1da177e4 | 451 | |
| 09229edb BF |
452 | pace++; |
| 453 | pace->e_tag = ACL_OTHER; | |
| 454 | error = check_deny(state->other.deny, 0); | |
| 455 | if (error) | |
| 456 | goto out_err; | |
| 457 | low_mode_from_nfs4(state->other.allow, &pace->e_perm, flags); | |
| 458 | pace->e_id = ACL_UNDEFINED_ID; | |
| 1da177e4 | 459 | |
| 09229edb BF |
460 | return pacl; |
| 461 | out_err: | |
| 462 | posix_acl_release(pacl); | |
| 463 | return ERR_PTR(error); | |
| 464 | } | |
| 1da177e4 | 465 | |
| 09229edb BF |
466 | static inline void allow_bits(struct posix_ace_state *astate, u32 mask) |
| 467 | { | |
| 468 | /* Allow all bits in the mask not already denied: */ | |
| 469 | astate->allow |= mask & ~astate->deny; | |
| 470 | } | |
| 1da177e4 | 471 | |
| 09229edb BF |
472 | static inline void deny_bits(struct posix_ace_state *astate, u32 mask) |
| 473 | { | |
| 474 | /* Deny all bits in the mask not already allowed: */ | |
| 475 | astate->deny |= mask & ~astate->allow; | |
| 476 | } | |
| 1da177e4 | 477 | |
| 09229edb BF |
478 | static int find_uid(struct posix_acl_state *state, struct posix_ace_state_array *a, uid_t uid) |
| 479 | { | |
| 480 | int i; | |
| 1da177e4 | 481 | |
| 09229edb BF |
482 | for (i = 0; i < a->n; i++) |
| 483 | if (a->aces[i].uid == uid) | |
| 484 | return i; | |
| 485 | /* Not found: */ | |
| 486 | a->n++; | |
| 487 | a->aces[i].uid = uid; | |
| 488 | a->aces[i].perms.allow = state->everyone.allow; | |
| 489 | a->aces[i].perms.deny = state->everyone.deny; | |
| 1da177e4 | 490 | |
| 09229edb | 491 | return i; |
| 1da177e4 LT |
492 | } |
| 493 | ||
| 09229edb | 494 | static void deny_bits_array(struct posix_ace_state_array *a, u32 mask) |
| 1da177e4 | 495 | { |
| 09229edb | 496 | int i; |
| 1da177e4 | 497 | |
| 09229edb BF |
498 | for (i=0; i < a->n; i++) |
| 499 | deny_bits(&a->aces[i].perms, mask); | |
| 1da177e4 LT |
500 | } |
| 501 | ||
| 09229edb | 502 | static void allow_bits_array(struct posix_ace_state_array *a, u32 mask) |
| 1da177e4 | 503 | { |
| 09229edb | 504 | int i; |
| 1da177e4 | 505 | |
| 09229edb BF |
506 | for (i=0; i < a->n; i++) |
| 507 | allow_bits(&a->aces[i].perms, mask); | |
| 1da177e4 LT |
508 | } |
| 509 | ||
| 09229edb BF |
510 | static void process_one_v4_ace(struct posix_acl_state *state, |
| 511 | struct nfs4_ace *ace) | |
| 1da177e4 | 512 | { |
| 09229edb BF |
513 | u32 mask = ace->access_mask; |
| 514 | int i; | |
| 515 | ||
| 516 | switch (ace2type(ace)) { | |
| 517 | case ACL_USER_OBJ: | |
| 518 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
| 519 | allow_bits(&state->owner, mask); | |
| 520 | } else { | |
| 521 | deny_bits(&state->owner, mask); | |
| 522 | } | |
| 523 | break; | |
| 524 | case ACL_USER: | |
| 525 | i = find_uid(state, state->users, ace->who); | |
| 526 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
| 527 | allow_bits(&state->users->aces[i].perms, mask); | |
| 528 | } else { | |
| 529 | deny_bits(&state->users->aces[i].perms, mask); | |
| 530 | mask = state->users->aces[i].perms.deny; | |
| 531 | deny_bits(&state->owner, mask); | |
| 532 | } | |
| 533 | break; | |
| 534 | case ACL_GROUP_OBJ: | |
| 535 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
| 536 | allow_bits(&state->group, mask); | |
| 537 | } else { | |
| 538 | deny_bits(&state->group, mask); | |
| 539 | mask = state->group.deny; | |
| 540 | deny_bits(&state->owner, mask); | |
| 541 | deny_bits(&state->everyone, mask); | |
| 542 | deny_bits_array(state->users, mask); | |
| 543 | deny_bits_array(state->groups, mask); | |
| 544 | } | |
| 545 | break; | |
| 546 | case ACL_GROUP: | |
| 547 | i = find_uid(state, state->groups, ace->who); | |
| 548 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
| 549 | allow_bits(&state->groups->aces[i].perms, mask); | |
| 550 | } else { | |
| 551 | deny_bits(&state->groups->aces[i].perms, mask); | |
| 552 | mask = state->groups->aces[i].perms.deny; | |
| 553 | deny_bits(&state->owner, mask); | |
| 554 | deny_bits(&state->group, mask); | |
| 555 | deny_bits(&state->everyone, mask); | |
| 556 | deny_bits_array(state->users, mask); | |
| 557 | deny_bits_array(state->groups, mask); | |
| 558 | } | |
| 559 | break; | |
| 560 | case ACL_OTHER: | |
| 561 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
| 562 | allow_bits(&state->owner, mask); | |
| 563 | allow_bits(&state->group, mask); | |
| 564 | allow_bits(&state->other, mask); | |
| 565 | allow_bits(&state->everyone, mask); | |
| 566 | allow_bits_array(state->users, mask); | |
| 567 | allow_bits_array(state->groups, mask); | |
| 568 | } else { | |
| 569 | deny_bits(&state->owner, mask); | |
| 570 | deny_bits(&state->group, mask); | |
| 571 | deny_bits(&state->other, mask); | |
| 572 | deny_bits(&state->everyone, mask); | |
| 573 | deny_bits_array(state->users, mask); | |
| 574 | deny_bits_array(state->groups, mask); | |
| 575 | } | |
| 1da177e4 LT |
576 | } |
| 577 | } | |
| 578 | ||
| 575a6290 BF |
579 | int nfs4_acl_nfsv4_to_posix(struct nfs4_acl *acl, struct posix_acl **pacl, |
| 580 | struct posix_acl **dpacl, unsigned int flags) | |
| 1da177e4 | 581 | { |
| 575a6290 | 582 | struct posix_acl_state effective_acl_state, default_acl_state; |
| 09229edb BF |
583 | struct nfs4_ace *ace; |
| 584 | int ret; | |
| 1da177e4 | 585 | |
| 575a6290 | 586 | ret = init_state(&effective_acl_state, acl->naces); |
| 09229edb | 587 | if (ret) |
| 575a6290 BF |
588 | return ret; |
| 589 | ret = init_state(&default_acl_state, acl->naces); | |
| 590 | if (ret) | |
| 591 | goto out_estate; | |
| 592 | ret = -EINVAL; | |
| 28e05dd8 | 593 | for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) { |
| 09229edb BF |
594 | if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE && |
| 595 | ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) | |
| 575a6290 | 596 | goto out_dstate; |
| b548edc2 | 597 | if (ace->flag & ~NFS4_SUPPORTED_FLAGS) |
| 575a6290 | 598 | goto out_dstate; |
| 7bdfa68c | 599 | if ((ace->flag & NFS4_INHERITANCE_FLAGS) == 0) { |
| 575a6290 | 600 | process_one_v4_ace(&effective_acl_state, ace); |
| b548edc2 | 601 | continue; |
| 7bdfa68c | 602 | } |
| 575a6290 BF |
603 | if (!(flags & NFS4_ACL_DIR)) |
| 604 | goto out_dstate; | |
| 7bdfa68c BF |
605 | /* |
| 606 | * Note that when only one of FILE_INHERIT or DIRECTORY_INHERIT | |
| 607 | * is set, we're effectively turning on the other. That's OK, | |
| 608 | * according to rfc 3530. | |
| 609 | */ | |
| 575a6290 BF |
610 | process_one_v4_ace(&default_acl_state, ace); |
| 611 | ||
| 612 | if (!(ace->flag & NFS4_ACE_INHERIT_ONLY_ACE)) | |
| 613 | process_one_v4_ace(&effective_acl_state, ace); | |
| 1da177e4 | 614 | } |
| 575a6290 BF |
615 | *pacl = posix_state_to_acl(&effective_acl_state, flags); |
| 616 | if (IS_ERR(*pacl)) { | |
| 617 | ret = PTR_ERR(*pacl); | |
| 618 | goto out_dstate; | |
| 619 | } | |
| 620 | *dpacl = posix_state_to_acl(&default_acl_state, flags); | |
| 621 | if (IS_ERR(*dpacl)) { | |
| 622 | ret = PTR_ERR(*dpacl); | |
| 623 | posix_acl_release(*pacl); | |
| 624 | goto out_dstate; | |
| 625 | } | |
| 626 | sort_pacl(*pacl); | |
| 627 | sort_pacl(*dpacl); | |
| 628 | ret = 0; | |
| 629 | out_dstate: | |
| 630 | free_state(&default_acl_state); | |
| 631 | out_estate: | |
| 632 | free_state(&effective_acl_state); | |
| 633 | return ret; | |
| 1da177e4 LT |
634 | } |
| 635 | ||
| 636 | static short | |
| 637 | ace2type(struct nfs4_ace *ace) | |
| 638 | { | |
| 639 | switch (ace->whotype) { | |
| 640 | case NFS4_ACL_WHO_NAMED: | |
| 641 | return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? | |
| 642 | ACL_GROUP : ACL_USER); | |
| 643 | case NFS4_ACL_WHO_OWNER: | |
| 644 | return ACL_USER_OBJ; | |
| 645 | case NFS4_ACL_WHO_GROUP: | |
| 646 | return ACL_GROUP_OBJ; | |
| 647 | case NFS4_ACL_WHO_EVERYONE: | |
| 648 | return ACL_OTHER; | |
| 649 | } | |
| 650 | BUG(); | |
| 651 | return -1; | |
| 652 | } | |
| 653 | ||
| 654 | EXPORT_SYMBOL(nfs4_acl_posix_to_nfsv4); | |
| 655 | EXPORT_SYMBOL(nfs4_acl_nfsv4_to_posix); | |
| 656 | ||
| 657 | struct nfs4_acl * | |
| 28e05dd8 | 658 | nfs4_acl_new(int n) |
| 1da177e4 LT |
659 | { |
| 660 | struct nfs4_acl *acl; | |
| 661 | ||
| 28e05dd8 BF |
662 | acl = kmalloc(sizeof(*acl) + n*sizeof(struct nfs4_ace), GFP_KERNEL); |
| 663 | if (acl == NULL) | |
| 1da177e4 | 664 | return NULL; |
| 1da177e4 | 665 | acl->naces = 0; |
| 1da177e4 LT |
666 | return acl; |
| 667 | } | |
| 668 | ||
| 669 | void | |
| 1da177e4 LT |
670 | nfs4_acl_add_ace(struct nfs4_acl *acl, u32 type, u32 flag, u32 access_mask, |
| 671 | int whotype, uid_t who) | |
| 672 | { | |
| 28e05dd8 | 673 | struct nfs4_ace *ace = acl->aces + acl->naces; |
| 1da177e4 LT |
674 | |
| 675 | ace->type = type; | |
| 676 | ace->flag = flag; | |
| 677 | ace->access_mask = access_mask; | |
| 678 | ace->whotype = whotype; | |
| 679 | ace->who = who; | |
| 680 | ||
| 1da177e4 | 681 | acl->naces++; |
| 1da177e4 LT |
682 | } |
| 683 | ||
| 684 | static struct { | |
| 685 | char *string; | |
| 686 | int stringlen; | |
| 687 | int type; | |
| 688 | } s2t_map[] = { | |
| 689 | { | |
| 690 | .string = "OWNER@", | |
| 691 | .stringlen = sizeof("OWNER@") - 1, | |
| 692 | .type = NFS4_ACL_WHO_OWNER, | |
| 693 | }, | |
| 694 | { | |
| 695 | .string = "GROUP@", | |
| 696 | .stringlen = sizeof("GROUP@") - 1, | |
| 697 | .type = NFS4_ACL_WHO_GROUP, | |
| 698 | }, | |
| 699 | { | |
| 700 | .string = "EVERYONE@", | |
| 701 | .stringlen = sizeof("EVERYONE@") - 1, | |
| 702 | .type = NFS4_ACL_WHO_EVERYONE, | |
| 703 | }, | |
| 704 | }; | |
| 705 | ||
| 706 | int | |
| 707 | nfs4_acl_get_whotype(char *p, u32 len) | |
| 708 | { | |
| 709 | int i; | |
| 710 | ||
| e8c96f8c | 711 | for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { |
| 1da177e4 LT |
712 | if (s2t_map[i].stringlen == len && |
| 713 | 0 == memcmp(s2t_map[i].string, p, len)) | |
| 714 | return s2t_map[i].type; | |
| 715 | } | |
| 716 | return NFS4_ACL_WHO_NAMED; | |
| 717 | } | |
| 718 | ||
| 719 | int | |
| 720 | nfs4_acl_write_who(int who, char *p) | |
| 721 | { | |
| 722 | int i; | |
| 723 | ||
| e8c96f8c | 724 | for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { |
| 1da177e4 LT |
725 | if (s2t_map[i].type == who) { |
| 726 | memcpy(p, s2t_map[i].string, s2t_map[i].stringlen); | |
| 727 | return s2t_map[i].stringlen; | |
| 728 | } | |
| 729 | } | |
| 730 | BUG(); | |
| 731 | return -1; | |
| 732 | } | |
| 733 | ||
| 1da177e4 | 734 | EXPORT_SYMBOL(nfs4_acl_new); |
| 1da177e4 LT |
735 | EXPORT_SYMBOL(nfs4_acl_add_ace); |
| 736 | EXPORT_SYMBOL(nfs4_acl_get_whotype); | |
| 737 | EXPORT_SYMBOL(nfs4_acl_write_who); |