Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * fs/nfs4acl/acl.c | |
3 | * | |
4 | * Common NFSv4 ACL handling code. | |
5 | * | |
6 | * Copyright (c) 2002, 2003 The Regents of the University of Michigan. | |
7 | * All rights reserved. | |
8 | * | |
9 | * Marius Aamodt Eriksen <marius@umich.edu> | |
10 | * Jeff Sedlak <jsedlak@umich.edu> | |
11 | * J. Bruce Fields <bfields@umich.edu> | |
12 | * | |
13 | * Redistribution and use in source and binary forms, with or without | |
14 | * modification, are permitted provided that the following conditions | |
15 | * are met: | |
16 | * | |
17 | * 1. Redistributions of source code must retain the above copyright | |
18 | * notice, this list of conditions and the following disclaimer. | |
19 | * 2. Redistributions in binary form must reproduce the above copyright | |
20 | * notice, this list of conditions and the following disclaimer in the | |
21 | * documentation and/or other materials provided with the distribution. | |
22 | * 3. Neither the name of the University nor the names of its | |
23 | * contributors may be used to endorse or promote products derived | |
24 | * from this software without specific prior written permission. | |
25 | * | |
26 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED | |
27 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | |
28 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
29 | * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
31 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
32 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR | |
33 | * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
34 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
35 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
36 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
37 | */ | |
38 | ||
39 | #include <linux/string.h> | |
40 | #include <linux/slab.h> | |
41 | #include <linux/list.h> | |
42 | #include <linux/types.h> | |
43 | #include <linux/fs.h> | |
44 | #include <linux/module.h> | |
45 | #include <linux/nfs_fs.h> | |
46 | #include <linux/posix_acl.h> | |
47 | #include <linux/nfs4.h> | |
48 | #include <linux/nfs4_acl.h> | |
49 | ||
50 | ||
51 | /* mode bit translations: */ | |
52 | #define NFS4_READ_MODE (NFS4_ACE_READ_DATA) | |
53 | #define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA | NFS4_ACE_APPEND_DATA) | |
54 | #define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE | |
55 | #define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | NFS4_ACE_SYNCHRONIZE) | |
56 | #define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL) | |
57 | ||
58 | /* We don't support these bits; insist they be neither allowed nor denied */ | |
59 | #define NFS4_MASK_UNSUPP (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \ | |
60 | | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS) | |
61 | ||
62 | /* flags used to simulate posix default ACLs */ | |
63 | #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ | |
7bdfa68c | 64 | | NFS4_ACE_DIRECTORY_INHERIT_ACE) |
1da177e4 | 65 | |
7bdfa68c BF |
66 | #define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS \ |
67 | | NFS4_ACE_INHERIT_ONLY_ACE \ | |
68 | | NFS4_ACE_IDENTIFIER_GROUP) | |
b548edc2 | 69 | |
1da177e4 LT |
70 | #define MASK_EQUAL(mask1, mask2) \ |
71 | ( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) ) | |
72 | ||
73 | static u32 | |
74 | mask_from_posix(unsigned short perm, unsigned int flags) | |
75 | { | |
76 | int mask = NFS4_ANYONE_MODE; | |
77 | ||
78 | if (flags & NFS4_ACL_OWNER) | |
79 | mask |= NFS4_OWNER_MODE; | |
80 | if (perm & ACL_READ) | |
81 | mask |= NFS4_READ_MODE; | |
82 | if (perm & ACL_WRITE) | |
83 | mask |= NFS4_WRITE_MODE; | |
84 | if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) | |
85 | mask |= NFS4_ACE_DELETE_CHILD; | |
86 | if (perm & ACL_EXECUTE) | |
87 | mask |= NFS4_EXECUTE_MODE; | |
88 | return mask; | |
89 | } | |
90 | ||
91 | static u32 | |
92 | deny_mask(u32 allow_mask, unsigned int flags) | |
93 | { | |
94 | u32 ret = ~allow_mask & ~NFS4_MASK_UNSUPP; | |
95 | if (!(flags & NFS4_ACL_DIR)) | |
96 | ret &= ~NFS4_ACE_DELETE_CHILD; | |
97 | return ret; | |
98 | } | |
99 | ||
100 | /* XXX: modify functions to return NFS errors; they're only ever | |
101 | * used by nfs code, after all.... */ | |
102 | ||
09229edb BF |
103 | /* We only map from NFSv4 to POSIX ACLs when setting ACLs, when we err on the |
104 | * side of being more restrictive, so the mode bit mapping below is | |
105 | * pessimistic. An optimistic version would be needed to handle DENY's, | |
106 | * but we espect to coalesce all ALLOWs and DENYs before mapping to mode | |
107 | * bits. */ | |
108 | ||
109 | static void | |
110 | low_mode_from_nfs4(u32 perm, unsigned short *mode, unsigned int flags) | |
1da177e4 | 111 | { |
09229edb | 112 | u32 write_mode = NFS4_WRITE_MODE; |
1da177e4 | 113 | |
09229edb BF |
114 | if (flags & NFS4_ACL_DIR) |
115 | write_mode |= NFS4_ACE_DELETE_CHILD; | |
1da177e4 LT |
116 | *mode = 0; |
117 | if ((perm & NFS4_READ_MODE) == NFS4_READ_MODE) | |
118 | *mode |= ACL_READ; | |
09229edb | 119 | if ((perm & write_mode) == write_mode) |
1da177e4 LT |
120 | *mode |= ACL_WRITE; |
121 | if ((perm & NFS4_EXECUTE_MODE) == NFS4_EXECUTE_MODE) | |
122 | *mode |= ACL_EXECUTE; | |
1da177e4 LT |
123 | } |
124 | ||
125 | struct ace_container { | |
126 | struct nfs4_ace *ace; | |
127 | struct list_head ace_l; | |
128 | }; | |
129 | ||
130 | static short ace2type(struct nfs4_ace *); | |
28e05dd8 BF |
131 | static void _posix_to_nfsv4_one(struct posix_acl *, struct nfs4_acl *, |
132 | unsigned int); | |
133 | void nfs4_acl_add_ace(struct nfs4_acl *, u32, u32, u32, int, uid_t); | |
1da177e4 LT |
134 | |
135 | struct nfs4_acl * | |
136 | nfs4_acl_posix_to_nfsv4(struct posix_acl *pacl, struct posix_acl *dpacl, | |
137 | unsigned int flags) | |
138 | { | |
139 | struct nfs4_acl *acl; | |
28e05dd8 | 140 | int size = 0; |
1da177e4 | 141 | |
28e05dd8 BF |
142 | if (pacl) { |
143 | if (posix_acl_valid(pacl) < 0) | |
144 | return ERR_PTR(-EINVAL); | |
145 | size += 2*pacl->a_count; | |
1da177e4 | 146 | } |
28e05dd8 BF |
147 | if (dpacl) { |
148 | if (posix_acl_valid(dpacl) < 0) | |
149 | return ERR_PTR(-EINVAL); | |
150 | size += 2*dpacl->a_count; | |
1da177e4 LT |
151 | } |
152 | ||
28e05dd8 BF |
153 | /* Allocate for worst case: one (deny, allow) pair each: */ |
154 | acl = nfs4_acl_new(size); | |
155 | if (acl == NULL) | |
156 | return ERR_PTR(-ENOMEM); | |
1da177e4 | 157 | |
28e05dd8 BF |
158 | if (pacl) |
159 | _posix_to_nfsv4_one(pacl, acl, flags & ~NFS4_ACL_TYPE_DEFAULT); | |
1da177e4 | 160 | |
28e05dd8 BF |
161 | if (dpacl) |
162 | _posix_to_nfsv4_one(dpacl, acl, flags | NFS4_ACL_TYPE_DEFAULT); | |
1da177e4 LT |
163 | |
164 | return acl; | |
165 | } | |
166 | ||
28e05dd8 | 167 | static void |
1da177e4 LT |
168 | nfs4_acl_add_pair(struct nfs4_acl *acl, int eflag, u32 mask, int whotype, |
169 | uid_t owner, unsigned int flags) | |
170 | { | |
28e05dd8 | 171 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, |
1da177e4 | 172 | eflag, mask, whotype, owner); |
28e05dd8 | 173 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, |
1da177e4 | 174 | eflag, deny_mask(mask, flags), whotype, owner); |
1da177e4 LT |
175 | } |
176 | ||
177 | /* We assume the acl has been verified with posix_acl_valid. */ | |
28e05dd8 | 178 | static void |
1da177e4 LT |
179 | _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, |
180 | unsigned int flags) | |
181 | { | |
182 | struct posix_acl_entry *pa, *pe, *group_owner_entry; | |
f43daf67 BF |
183 | u32 mask; |
184 | unsigned short mask_mask; | |
1da177e4 LT |
185 | int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ? |
186 | NFS4_INHERITANCE_FLAGS : 0); | |
187 | ||
188 | BUG_ON(pacl->a_count < 3); | |
189 | pe = pacl->a_entries + pacl->a_count; | |
190 | pa = pe - 2; /* if mask entry exists, it's second from the last. */ | |
191 | if (pa->e_tag == ACL_MASK) | |
f43daf67 | 192 | mask_mask = pa->e_perm; |
1da177e4 | 193 | else |
f43daf67 | 194 | mask_mask = S_IRWXO; |
1da177e4 LT |
195 | |
196 | pa = pacl->a_entries; | |
197 | BUG_ON(pa->e_tag != ACL_USER_OBJ); | |
198 | mask = mask_from_posix(pa->e_perm, flags | NFS4_ACL_OWNER); | |
28e05dd8 | 199 | nfs4_acl_add_pair(acl, eflag, mask, NFS4_ACL_WHO_OWNER, 0, flags); |
1da177e4 LT |
200 | pa++; |
201 | ||
202 | while (pa->e_tag == ACL_USER) { | |
f43daf67 | 203 | mask = mask_from_posix(pa->e_perm & mask_mask, flags); |
28e05dd8 | 204 | nfs4_acl_add_pair(acl, eflag, mask, |
1da177e4 | 205 | NFS4_ACL_WHO_NAMED, pa->e_id, flags); |
1da177e4 LT |
206 | pa++; |
207 | } | |
208 | ||
209 | /* In the case of groups, we apply allow ACEs first, then deny ACEs, | |
210 | * since a user can be in more than one group. */ | |
211 | ||
212 | /* allow ACEs */ | |
213 | ||
1da177e4 | 214 | group_owner_entry = pa; |
f43daf67 | 215 | mask = mask_from_posix(pa->e_perm & mask_mask, flags); |
28e05dd8 | 216 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, |
1da177e4 LT |
217 | NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, |
218 | NFS4_ACL_WHO_GROUP, 0); | |
1da177e4 LT |
219 | pa++; |
220 | ||
221 | while (pa->e_tag == ACL_GROUP) { | |
f43daf67 | 222 | mask = mask_from_posix(pa->e_perm & mask_mask, flags); |
28e05dd8 | 223 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, |
1da177e4 LT |
224 | NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, |
225 | NFS4_ACL_WHO_NAMED, pa->e_id); | |
1da177e4 LT |
226 | pa++; |
227 | } | |
228 | ||
229 | /* deny ACEs */ | |
230 | ||
231 | pa = group_owner_entry; | |
232 | mask = mask_from_posix(pa->e_perm, flags); | |
28e05dd8 | 233 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, |
1da177e4 LT |
234 | NFS4_ACE_IDENTIFIER_GROUP | eflag, |
235 | deny_mask(mask, flags), NFS4_ACL_WHO_GROUP, 0); | |
1da177e4 LT |
236 | pa++; |
237 | while (pa->e_tag == ACL_GROUP) { | |
238 | mask = mask_from_posix(pa->e_perm, flags); | |
28e05dd8 | 239 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, |
1da177e4 LT |
240 | NFS4_ACE_IDENTIFIER_GROUP | eflag, |
241 | deny_mask(mask, flags), NFS4_ACL_WHO_NAMED, pa->e_id); | |
1da177e4 LT |
242 | pa++; |
243 | } | |
244 | ||
245 | if (pa->e_tag == ACL_MASK) | |
246 | pa++; | |
247 | BUG_ON(pa->e_tag != ACL_OTHER); | |
248 | mask = mask_from_posix(pa->e_perm, flags); | |
28e05dd8 | 249 | nfs4_acl_add_pair(acl, eflag, mask, NFS4_ACL_WHO_EVERYONE, 0, flags); |
1da177e4 LT |
250 | } |
251 | ||
252 | static void | |
253 | sort_pacl_range(struct posix_acl *pacl, int start, int end) { | |
254 | int sorted = 0, i; | |
255 | struct posix_acl_entry tmp; | |
256 | ||
257 | /* We just do a bubble sort; easy to do in place, and we're not | |
258 | * expecting acl's to be long enough to justify anything more. */ | |
259 | while (!sorted) { | |
260 | sorted = 1; | |
261 | for (i = start; i < end; i++) { | |
262 | if (pacl->a_entries[i].e_id | |
263 | > pacl->a_entries[i+1].e_id) { | |
264 | sorted = 0; | |
265 | tmp = pacl->a_entries[i]; | |
266 | pacl->a_entries[i] = pacl->a_entries[i+1]; | |
267 | pacl->a_entries[i+1] = tmp; | |
268 | } | |
269 | } | |
270 | } | |
271 | } | |
272 | ||
273 | static void | |
274 | sort_pacl(struct posix_acl *pacl) | |
275 | { | |
276 | /* posix_acl_valid requires that users and groups be in order | |
277 | * by uid/gid. */ | |
278 | int i, j; | |
279 | ||
280 | if (pacl->a_count <= 4) | |
281 | return; /* no users or groups */ | |
282 | i = 1; | |
283 | while (pacl->a_entries[i].e_tag == ACL_USER) | |
284 | i++; | |
285 | sort_pacl_range(pacl, 1, i-1); | |
286 | ||
287 | BUG_ON(pacl->a_entries[i].e_tag != ACL_GROUP_OBJ); | |
288 | j = i++; | |
289 | while (pacl->a_entries[j].e_tag == ACL_GROUP) | |
290 | j++; | |
291 | sort_pacl_range(pacl, i, j-1); | |
292 | return; | |
293 | } | |
294 | ||
09229edb BF |
295 | /* |
296 | * While processing the NFSv4 ACE, this maintains bitmasks representing | |
297 | * which permission bits have been allowed and which denied to a given | |
298 | * entity: */ | |
299 | struct posix_ace_state { | |
300 | u32 allow; | |
301 | u32 deny; | |
302 | }; | |
303 | ||
304 | struct posix_user_ace_state { | |
305 | uid_t uid; | |
306 | struct posix_ace_state perms; | |
307 | }; | |
308 | ||
309 | struct posix_ace_state_array { | |
310 | int n; | |
311 | struct posix_user_ace_state aces[]; | |
312 | }; | |
313 | ||
314 | /* | |
315 | * While processing the NFSv4 ACE, this maintains the partial permissions | |
316 | * calculated so far: */ | |
317 | ||
318 | struct posix_acl_state { | |
319 | struct posix_ace_state owner; | |
320 | struct posix_ace_state group; | |
321 | struct posix_ace_state other; | |
322 | struct posix_ace_state everyone; | |
323 | struct posix_ace_state mask; /* Deny unused in this case */ | |
324 | struct posix_ace_state_array *users; | |
325 | struct posix_ace_state_array *groups; | |
326 | }; | |
327 | ||
1da177e4 | 328 | static int |
09229edb | 329 | init_state(struct posix_acl_state *state, int cnt) |
1da177e4 | 330 | { |
09229edb BF |
331 | int alloc; |
332 | ||
333 | memset(state, 0, sizeof(struct posix_acl_state)); | |
334 | /* | |
335 | * In the worst case, each individual acl could be for a distinct | |
336 | * named user or group, but we don't no which, so we allocate | |
337 | * enough space for either: | |
338 | */ | |
339 | alloc = sizeof(struct posix_ace_state_array) | |
340 | + cnt*sizeof(struct posix_ace_state); | |
341 | state->users = kzalloc(alloc, GFP_KERNEL); | |
342 | if (!state->users) | |
343 | return -ENOMEM; | |
344 | state->groups = kzalloc(alloc, GFP_KERNEL); | |
345 | if (!state->groups) { | |
346 | kfree(state->users); | |
347 | return -ENOMEM; | |
348 | } | |
349 | return 0; | |
1da177e4 LT |
350 | } |
351 | ||
09229edb BF |
352 | static void |
353 | free_state(struct posix_acl_state *state) { | |
354 | kfree(state->users); | |
355 | kfree(state->groups); | |
1da177e4 LT |
356 | } |
357 | ||
09229edb | 358 | static inline void add_to_mask(struct posix_acl_state *state, struct posix_ace_state *astate) |
1da177e4 | 359 | { |
09229edb | 360 | state->mask.allow |= astate->allow; |
1da177e4 LT |
361 | } |
362 | ||
09229edb BF |
363 | /* |
364 | * Certain bits (SYNCHRONIZE, DELETE, WRITE_OWNER, READ/WRITE_NAMED_ATTRS, | |
365 | * READ_ATTRIBUTES, READ_ACL) are currently unenforceable and don't translate | |
366 | * to traditional read/write/execute permissions. | |
367 | * | |
368 | * It's problematic to reject acls that use certain mode bits, because it | |
369 | * places the burden on users to learn the rules about which bits one | |
370 | * particular server sets, without giving the user a lot of help--we return an | |
371 | * error that could mean any number of different things. To make matters | |
372 | * worse, the problematic bits might be introduced by some application that's | |
373 | * automatically mapping from some other acl model. | |
374 | * | |
375 | * So wherever possible we accept anything, possibly erring on the side of | |
376 | * denying more permissions than necessary. | |
377 | * | |
378 | * However we do reject *explicit* DENY's of a few bits representing | |
379 | * permissions we could never deny: | |
380 | */ | |
1da177e4 | 381 | |
09229edb BF |
382 | static inline int check_deny(u32 mask, int isowner) |
383 | { | |
384 | if (mask & (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL)) | |
385 | return -EINVAL; | |
386 | if (!isowner) | |
387 | return 0; | |
388 | if (mask & (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL)) | |
389 | return -EINVAL; | |
390 | return 0; | |
1da177e4 LT |
391 | } |
392 | ||
09229edb BF |
393 | static struct posix_acl * |
394 | posix_state_to_acl(struct posix_acl_state *state, unsigned int flags) | |
1da177e4 | 395 | { |
09229edb BF |
396 | struct posix_acl_entry *pace; |
397 | struct posix_acl *pacl; | |
398 | int nace; | |
399 | int i, error = 0; | |
1da177e4 | 400 | |
09229edb BF |
401 | nace = 4 + state->users->n + state->groups->n; |
402 | pacl = posix_acl_alloc(nace, GFP_KERNEL); | |
403 | if (!pacl) | |
404 | return ERR_PTR(-ENOMEM); | |
1da177e4 | 405 | |
09229edb BF |
406 | pace = pacl->a_entries; |
407 | pace->e_tag = ACL_USER_OBJ; | |
408 | error = check_deny(state->owner.deny, 1); | |
409 | if (error) | |
410 | goto out_err; | |
411 | low_mode_from_nfs4(state->owner.allow, &pace->e_perm, flags); | |
412 | pace->e_id = ACL_UNDEFINED_ID; | |
413 | ||
414 | for (i=0; i < state->users->n; i++) { | |
415 | pace++; | |
416 | pace->e_tag = ACL_USER; | |
417 | error = check_deny(state->users->aces[i].perms.deny, 0); | |
418 | if (error) | |
419 | goto out_err; | |
420 | low_mode_from_nfs4(state->users->aces[i].perms.allow, | |
421 | &pace->e_perm, flags); | |
422 | pace->e_id = state->users->aces[i].uid; | |
423 | add_to_mask(state, &state->users->aces[i].perms); | |
1da177e4 LT |
424 | } |
425 | ||
09229edb BF |
426 | pace++; |
427 | pace->e_tag = ACL_GROUP_OBJ; | |
428 | error = check_deny(state->group.deny, 0); | |
429 | if (error) | |
430 | goto out_err; | |
431 | low_mode_from_nfs4(state->group.allow, &pace->e_perm, flags); | |
432 | pace->e_id = ACL_UNDEFINED_ID; | |
433 | add_to_mask(state, &state->group); | |
434 | ||
435 | for (i=0; i < state->groups->n; i++) { | |
436 | pace++; | |
437 | pace->e_tag = ACL_GROUP; | |
438 | error = check_deny(state->groups->aces[i].perms.deny, 0); | |
439 | if (error) | |
440 | goto out_err; | |
441 | low_mode_from_nfs4(state->groups->aces[i].perms.allow, | |
442 | &pace->e_perm, flags); | |
443 | pace->e_id = state->groups->aces[i].uid; | |
444 | add_to_mask(state, &state->groups->aces[i].perms); | |
445 | } | |
1da177e4 | 446 | |
09229edb BF |
447 | pace++; |
448 | pace->e_tag = ACL_MASK; | |
449 | low_mode_from_nfs4(state->mask.allow, &pace->e_perm, flags); | |
450 | pace->e_id = ACL_UNDEFINED_ID; | |
1da177e4 | 451 | |
09229edb BF |
452 | pace++; |
453 | pace->e_tag = ACL_OTHER; | |
454 | error = check_deny(state->other.deny, 0); | |
455 | if (error) | |
456 | goto out_err; | |
457 | low_mode_from_nfs4(state->other.allow, &pace->e_perm, flags); | |
458 | pace->e_id = ACL_UNDEFINED_ID; | |
1da177e4 | 459 | |
09229edb BF |
460 | return pacl; |
461 | out_err: | |
462 | posix_acl_release(pacl); | |
463 | return ERR_PTR(error); | |
464 | } | |
1da177e4 | 465 | |
09229edb BF |
466 | static inline void allow_bits(struct posix_ace_state *astate, u32 mask) |
467 | { | |
468 | /* Allow all bits in the mask not already denied: */ | |
469 | astate->allow |= mask & ~astate->deny; | |
470 | } | |
1da177e4 | 471 | |
09229edb BF |
472 | static inline void deny_bits(struct posix_ace_state *astate, u32 mask) |
473 | { | |
474 | /* Deny all bits in the mask not already allowed: */ | |
475 | astate->deny |= mask & ~astate->allow; | |
476 | } | |
1da177e4 | 477 | |
09229edb BF |
478 | static int find_uid(struct posix_acl_state *state, struct posix_ace_state_array *a, uid_t uid) |
479 | { | |
480 | int i; | |
1da177e4 | 481 | |
09229edb BF |
482 | for (i = 0; i < a->n; i++) |
483 | if (a->aces[i].uid == uid) | |
484 | return i; | |
485 | /* Not found: */ | |
486 | a->n++; | |
487 | a->aces[i].uid = uid; | |
488 | a->aces[i].perms.allow = state->everyone.allow; | |
489 | a->aces[i].perms.deny = state->everyone.deny; | |
1da177e4 | 490 | |
09229edb | 491 | return i; |
1da177e4 LT |
492 | } |
493 | ||
09229edb | 494 | static void deny_bits_array(struct posix_ace_state_array *a, u32 mask) |
1da177e4 | 495 | { |
09229edb | 496 | int i; |
1da177e4 | 497 | |
09229edb BF |
498 | for (i=0; i < a->n; i++) |
499 | deny_bits(&a->aces[i].perms, mask); | |
1da177e4 LT |
500 | } |
501 | ||
09229edb | 502 | static void allow_bits_array(struct posix_ace_state_array *a, u32 mask) |
1da177e4 | 503 | { |
09229edb | 504 | int i; |
1da177e4 | 505 | |
09229edb BF |
506 | for (i=0; i < a->n; i++) |
507 | allow_bits(&a->aces[i].perms, mask); | |
1da177e4 LT |
508 | } |
509 | ||
09229edb BF |
510 | static void process_one_v4_ace(struct posix_acl_state *state, |
511 | struct nfs4_ace *ace) | |
1da177e4 | 512 | { |
09229edb BF |
513 | u32 mask = ace->access_mask; |
514 | int i; | |
515 | ||
516 | switch (ace2type(ace)) { | |
517 | case ACL_USER_OBJ: | |
518 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
519 | allow_bits(&state->owner, mask); | |
520 | } else { | |
521 | deny_bits(&state->owner, mask); | |
522 | } | |
523 | break; | |
524 | case ACL_USER: | |
525 | i = find_uid(state, state->users, ace->who); | |
526 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
527 | allow_bits(&state->users->aces[i].perms, mask); | |
528 | } else { | |
529 | deny_bits(&state->users->aces[i].perms, mask); | |
530 | mask = state->users->aces[i].perms.deny; | |
531 | deny_bits(&state->owner, mask); | |
532 | } | |
533 | break; | |
534 | case ACL_GROUP_OBJ: | |
535 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
536 | allow_bits(&state->group, mask); | |
537 | } else { | |
538 | deny_bits(&state->group, mask); | |
539 | mask = state->group.deny; | |
540 | deny_bits(&state->owner, mask); | |
541 | deny_bits(&state->everyone, mask); | |
542 | deny_bits_array(state->users, mask); | |
543 | deny_bits_array(state->groups, mask); | |
544 | } | |
545 | break; | |
546 | case ACL_GROUP: | |
547 | i = find_uid(state, state->groups, ace->who); | |
548 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
549 | allow_bits(&state->groups->aces[i].perms, mask); | |
550 | } else { | |
551 | deny_bits(&state->groups->aces[i].perms, mask); | |
552 | mask = state->groups->aces[i].perms.deny; | |
553 | deny_bits(&state->owner, mask); | |
554 | deny_bits(&state->group, mask); | |
555 | deny_bits(&state->everyone, mask); | |
556 | deny_bits_array(state->users, mask); | |
557 | deny_bits_array(state->groups, mask); | |
558 | } | |
559 | break; | |
560 | case ACL_OTHER: | |
561 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
562 | allow_bits(&state->owner, mask); | |
563 | allow_bits(&state->group, mask); | |
564 | allow_bits(&state->other, mask); | |
565 | allow_bits(&state->everyone, mask); | |
566 | allow_bits_array(state->users, mask); | |
567 | allow_bits_array(state->groups, mask); | |
568 | } else { | |
569 | deny_bits(&state->owner, mask); | |
570 | deny_bits(&state->group, mask); | |
571 | deny_bits(&state->other, mask); | |
572 | deny_bits(&state->everyone, mask); | |
573 | deny_bits_array(state->users, mask); | |
574 | deny_bits_array(state->groups, mask); | |
575 | } | |
1da177e4 LT |
576 | } |
577 | } | |
578 | ||
575a6290 BF |
579 | int nfs4_acl_nfsv4_to_posix(struct nfs4_acl *acl, struct posix_acl **pacl, |
580 | struct posix_acl **dpacl, unsigned int flags) | |
1da177e4 | 581 | { |
575a6290 | 582 | struct posix_acl_state effective_acl_state, default_acl_state; |
09229edb BF |
583 | struct nfs4_ace *ace; |
584 | int ret; | |
1da177e4 | 585 | |
575a6290 | 586 | ret = init_state(&effective_acl_state, acl->naces); |
09229edb | 587 | if (ret) |
575a6290 BF |
588 | return ret; |
589 | ret = init_state(&default_acl_state, acl->naces); | |
590 | if (ret) | |
591 | goto out_estate; | |
592 | ret = -EINVAL; | |
28e05dd8 | 593 | for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) { |
09229edb BF |
594 | if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE && |
595 | ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) | |
575a6290 | 596 | goto out_dstate; |
b548edc2 | 597 | if (ace->flag & ~NFS4_SUPPORTED_FLAGS) |
575a6290 | 598 | goto out_dstate; |
7bdfa68c | 599 | if ((ace->flag & NFS4_INHERITANCE_FLAGS) == 0) { |
575a6290 | 600 | process_one_v4_ace(&effective_acl_state, ace); |
b548edc2 | 601 | continue; |
7bdfa68c | 602 | } |
575a6290 BF |
603 | if (!(flags & NFS4_ACL_DIR)) |
604 | goto out_dstate; | |
7bdfa68c BF |
605 | /* |
606 | * Note that when only one of FILE_INHERIT or DIRECTORY_INHERIT | |
607 | * is set, we're effectively turning on the other. That's OK, | |
608 | * according to rfc 3530. | |
609 | */ | |
575a6290 BF |
610 | process_one_v4_ace(&default_acl_state, ace); |
611 | ||
612 | if (!(ace->flag & NFS4_ACE_INHERIT_ONLY_ACE)) | |
613 | process_one_v4_ace(&effective_acl_state, ace); | |
1da177e4 | 614 | } |
575a6290 BF |
615 | *pacl = posix_state_to_acl(&effective_acl_state, flags); |
616 | if (IS_ERR(*pacl)) { | |
617 | ret = PTR_ERR(*pacl); | |
618 | goto out_dstate; | |
619 | } | |
620 | *dpacl = posix_state_to_acl(&default_acl_state, flags); | |
621 | if (IS_ERR(*dpacl)) { | |
622 | ret = PTR_ERR(*dpacl); | |
623 | posix_acl_release(*pacl); | |
624 | goto out_dstate; | |
625 | } | |
626 | sort_pacl(*pacl); | |
627 | sort_pacl(*dpacl); | |
628 | ret = 0; | |
629 | out_dstate: | |
630 | free_state(&default_acl_state); | |
631 | out_estate: | |
632 | free_state(&effective_acl_state); | |
633 | return ret; | |
1da177e4 LT |
634 | } |
635 | ||
636 | static short | |
637 | ace2type(struct nfs4_ace *ace) | |
638 | { | |
639 | switch (ace->whotype) { | |
640 | case NFS4_ACL_WHO_NAMED: | |
641 | return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? | |
642 | ACL_GROUP : ACL_USER); | |
643 | case NFS4_ACL_WHO_OWNER: | |
644 | return ACL_USER_OBJ; | |
645 | case NFS4_ACL_WHO_GROUP: | |
646 | return ACL_GROUP_OBJ; | |
647 | case NFS4_ACL_WHO_EVERYONE: | |
648 | return ACL_OTHER; | |
649 | } | |
650 | BUG(); | |
651 | return -1; | |
652 | } | |
653 | ||
654 | EXPORT_SYMBOL(nfs4_acl_posix_to_nfsv4); | |
655 | EXPORT_SYMBOL(nfs4_acl_nfsv4_to_posix); | |
656 | ||
657 | struct nfs4_acl * | |
28e05dd8 | 658 | nfs4_acl_new(int n) |
1da177e4 LT |
659 | { |
660 | struct nfs4_acl *acl; | |
661 | ||
28e05dd8 BF |
662 | acl = kmalloc(sizeof(*acl) + n*sizeof(struct nfs4_ace), GFP_KERNEL); |
663 | if (acl == NULL) | |
1da177e4 | 664 | return NULL; |
1da177e4 | 665 | acl->naces = 0; |
1da177e4 LT |
666 | return acl; |
667 | } | |
668 | ||
669 | void | |
1da177e4 LT |
670 | nfs4_acl_add_ace(struct nfs4_acl *acl, u32 type, u32 flag, u32 access_mask, |
671 | int whotype, uid_t who) | |
672 | { | |
28e05dd8 | 673 | struct nfs4_ace *ace = acl->aces + acl->naces; |
1da177e4 LT |
674 | |
675 | ace->type = type; | |
676 | ace->flag = flag; | |
677 | ace->access_mask = access_mask; | |
678 | ace->whotype = whotype; | |
679 | ace->who = who; | |
680 | ||
1da177e4 | 681 | acl->naces++; |
1da177e4 LT |
682 | } |
683 | ||
684 | static struct { | |
685 | char *string; | |
686 | int stringlen; | |
687 | int type; | |
688 | } s2t_map[] = { | |
689 | { | |
690 | .string = "OWNER@", | |
691 | .stringlen = sizeof("OWNER@") - 1, | |
692 | .type = NFS4_ACL_WHO_OWNER, | |
693 | }, | |
694 | { | |
695 | .string = "GROUP@", | |
696 | .stringlen = sizeof("GROUP@") - 1, | |
697 | .type = NFS4_ACL_WHO_GROUP, | |
698 | }, | |
699 | { | |
700 | .string = "EVERYONE@", | |
701 | .stringlen = sizeof("EVERYONE@") - 1, | |
702 | .type = NFS4_ACL_WHO_EVERYONE, | |
703 | }, | |
704 | }; | |
705 | ||
706 | int | |
707 | nfs4_acl_get_whotype(char *p, u32 len) | |
708 | { | |
709 | int i; | |
710 | ||
e8c96f8c | 711 | for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { |
1da177e4 LT |
712 | if (s2t_map[i].stringlen == len && |
713 | 0 == memcmp(s2t_map[i].string, p, len)) | |
714 | return s2t_map[i].type; | |
715 | } | |
716 | return NFS4_ACL_WHO_NAMED; | |
717 | } | |
718 | ||
719 | int | |
720 | nfs4_acl_write_who(int who, char *p) | |
721 | { | |
722 | int i; | |
723 | ||
e8c96f8c | 724 | for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { |
1da177e4 LT |
725 | if (s2t_map[i].type == who) { |
726 | memcpy(p, s2t_map[i].string, s2t_map[i].stringlen); | |
727 | return s2t_map[i].stringlen; | |
728 | } | |
729 | } | |
730 | BUG(); | |
731 | return -1; | |
732 | } | |
733 | ||
1da177e4 | 734 | EXPORT_SYMBOL(nfs4_acl_new); |
1da177e4 LT |
735 | EXPORT_SYMBOL(nfs4_acl_add_ace); |
736 | EXPORT_SYMBOL(nfs4_acl_get_whotype); | |
737 | EXPORT_SYMBOL(nfs4_acl_write_who); |