nfs4acl.c 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884
  1. /*
  2. * Common NFSv4 ACL handling code.
  3. *
  4. * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
  5. * All rights reserved.
  6. *
  7. * Marius Aamodt Eriksen <marius@umich.edu>
  8. * Jeff Sedlak <jsedlak@umich.edu>
  9. * J. Bruce Fields <bfields@umich.edu>
  10. *
  11. * Redistribution and use in source and binary forms, with or without
  12. * modification, are permitted provided that the following conditions
  13. * are met:
  14. *
  15. * 1. Redistributions of source code must retain the above copyright
  16. * notice, this list of conditions and the following disclaimer.
  17. * 2. Redistributions in binary form must reproduce the above copyright
  18. * notice, this list of conditions and the following disclaimer in the
  19. * documentation and/or other materials provided with the distribution.
  20. * 3. Neither the name of the University nor the names of its
  21. * contributors may be used to endorse or promote products derived
  22. * from this software without specific prior written permission.
  23. *
  24. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  25. * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  26. * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  27. * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  28. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  29. * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  30. * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  31. * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  32. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  33. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  34. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  35. */
  36. #include <linux/fs.h>
  37. #include <linux/slab.h>
  38. #include <linux/posix_acl.h>
  39. #include "nfsfh.h"
  40. #include "nfsd.h"
  41. #include "acl.h"
  42. #include "vfs.h"
  43. #define NFS4_ACL_TYPE_DEFAULT 0x01
  44. #define NFS4_ACL_DIR 0x02
  45. #define NFS4_ACL_OWNER 0x04
  46. /* mode bit translations: */
  47. #define NFS4_READ_MODE (NFS4_ACE_READ_DATA)
  48. #define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA | NFS4_ACE_APPEND_DATA)
  49. #define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE
  50. #define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | NFS4_ACE_SYNCHRONIZE)
  51. #define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL)
  52. /* flags used to simulate posix default ACLs */
  53. #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \
  54. | NFS4_ACE_DIRECTORY_INHERIT_ACE)
  55. #define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS \
  56. | NFS4_ACE_INHERIT_ONLY_ACE \
  57. | NFS4_ACE_IDENTIFIER_GROUP)
  58. static u32
  59. mask_from_posix(unsigned short perm, unsigned int flags)
  60. {
  61. int mask = NFS4_ANYONE_MODE;
  62. if (flags & NFS4_ACL_OWNER)
  63. mask |= NFS4_OWNER_MODE;
  64. if (perm & ACL_READ)
  65. mask |= NFS4_READ_MODE;
  66. if (perm & ACL_WRITE)
  67. mask |= NFS4_WRITE_MODE;
  68. if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR))
  69. mask |= NFS4_ACE_DELETE_CHILD;
  70. if (perm & ACL_EXECUTE)
  71. mask |= NFS4_EXECUTE_MODE;
  72. return mask;
  73. }
  74. static u32
  75. deny_mask_from_posix(unsigned short perm, u32 flags)
  76. {
  77. u32 mask = 0;
  78. if (perm & ACL_READ)
  79. mask |= NFS4_READ_MODE;
  80. if (perm & ACL_WRITE)
  81. mask |= NFS4_WRITE_MODE;
  82. if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR))
  83. mask |= NFS4_ACE_DELETE_CHILD;
  84. if (perm & ACL_EXECUTE)
  85. mask |= NFS4_EXECUTE_MODE;
  86. return mask;
  87. }
  88. /* XXX: modify functions to return NFS errors; they're only ever
  89. * used by nfs code, after all.... */
  90. /* We only map from NFSv4 to POSIX ACLs when setting ACLs, when we err on the
  91. * side of being more restrictive, so the mode bit mapping below is
  92. * pessimistic. An optimistic version would be needed to handle DENY's,
  93. * but we expect to coalesce all ALLOWs and DENYs before mapping to mode
  94. * bits. */
  95. static void
  96. low_mode_from_nfs4(u32 perm, unsigned short *mode, unsigned int flags)
  97. {
  98. u32 write_mode = NFS4_WRITE_MODE;
  99. if (flags & NFS4_ACL_DIR)
  100. write_mode |= NFS4_ACE_DELETE_CHILD;
  101. *mode = 0;
  102. if ((perm & NFS4_READ_MODE) == NFS4_READ_MODE)
  103. *mode |= ACL_READ;
  104. if ((perm & write_mode) == write_mode)
  105. *mode |= ACL_WRITE;
  106. if ((perm & NFS4_EXECUTE_MODE) == NFS4_EXECUTE_MODE)
  107. *mode |= ACL_EXECUTE;
  108. }
  109. static short ace2type(struct nfs4_ace *);
  110. static void _posix_to_nfsv4_one(struct posix_acl *, struct nfs4_acl *,
  111. unsigned int);
  112. int
  113. nfsd4_get_nfs4_acl(struct svc_rqst *rqstp, struct dentry *dentry,
  114. struct nfs4_acl **acl)
  115. {
  116. struct inode *inode = d_inode(dentry);
  117. int error = 0;
  118. struct posix_acl *pacl = NULL, *dpacl = NULL;
  119. unsigned int flags = 0;
  120. int size = 0;
  121. pacl = get_inode_acl(inode, ACL_TYPE_ACCESS);
  122. if (!pacl)
  123. pacl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL);
  124. if (IS_ERR(pacl))
  125. return PTR_ERR(pacl);
  126. /* allocate for worst case: one (deny, allow) pair each: */
  127. size += 2 * pacl->a_count;
  128. if (S_ISDIR(inode->i_mode)) {
  129. flags = NFS4_ACL_DIR;
  130. dpacl = get_inode_acl(inode, ACL_TYPE_DEFAULT);
  131. if (IS_ERR(dpacl)) {
  132. error = PTR_ERR(dpacl);
  133. goto rel_pacl;
  134. }
  135. if (dpacl)
  136. size += 2 * dpacl->a_count;
  137. }
  138. *acl = kmalloc(nfs4_acl_bytes(size), GFP_KERNEL);
  139. if (*acl == NULL) {
  140. error = -ENOMEM;
  141. goto out;
  142. }
  143. (*acl)->naces = 0;
  144. _posix_to_nfsv4_one(pacl, *acl, flags & ~NFS4_ACL_TYPE_DEFAULT);
  145. if (dpacl)
  146. _posix_to_nfsv4_one(dpacl, *acl, flags | NFS4_ACL_TYPE_DEFAULT);
  147. out:
  148. posix_acl_release(dpacl);
  149. rel_pacl:
  150. posix_acl_release(pacl);
  151. return error;
  152. }
  153. struct posix_acl_summary {
  154. unsigned short owner;
  155. unsigned short users;
  156. unsigned short group;
  157. unsigned short groups;
  158. unsigned short other;
  159. unsigned short mask;
  160. };
  161. static void
  162. summarize_posix_acl(struct posix_acl *acl, struct posix_acl_summary *pas)
  163. {
  164. struct posix_acl_entry *pa, *pe;
  165. /*
  166. * Only pas.users and pas.groups need initialization; previous
  167. * posix_acl_valid() calls ensure that the other fields will be
  168. * initialized in the following loop. But, just to placate gcc:
  169. */
  170. memset(pas, 0, sizeof(*pas));
  171. pas->mask = 07;
  172. FOREACH_ACL_ENTRY(pa, acl, pe) {
  173. switch (pa->e_tag) {
  174. case ACL_USER_OBJ:
  175. pas->owner = pa->e_perm;
  176. break;
  177. case ACL_GROUP_OBJ:
  178. pas->group = pa->e_perm;
  179. break;
  180. case ACL_USER:
  181. pas->users |= pa->e_perm;
  182. break;
  183. case ACL_GROUP:
  184. pas->groups |= pa->e_perm;
  185. break;
  186. case ACL_OTHER:
  187. pas->other = pa->e_perm;
  188. break;
  189. case ACL_MASK:
  190. pas->mask = pa->e_perm;
  191. break;
  192. }
  193. }
  194. /* We'll only care about effective permissions: */
  195. pas->users &= pas->mask;
  196. pas->group &= pas->mask;
  197. pas->groups &= pas->mask;
  198. }
  199. /* We assume the acl has been verified with posix_acl_valid. */
  200. static void
  201. _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl,
  202. unsigned int flags)
  203. {
  204. struct posix_acl_entry *pa, *group_owner_entry;
  205. struct nfs4_ace *ace;
  206. struct posix_acl_summary pas;
  207. unsigned short deny;
  208. int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ?
  209. NFS4_INHERITANCE_FLAGS | NFS4_ACE_INHERIT_ONLY_ACE : 0);
  210. BUG_ON(pacl->a_count < 3);
  211. summarize_posix_acl(pacl, &pas);
  212. pa = pacl->a_entries;
  213. ace = acl->aces + acl->naces;
  214. /* We could deny everything not granted by the owner: */
  215. deny = ~pas.owner;
  216. /*
  217. * but it is equivalent (and simpler) to deny only what is not
  218. * granted by later entries:
  219. */
  220. deny &= pas.users | pas.group | pas.groups | pas.other;
  221. if (deny) {
  222. ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE;
  223. ace->flag = eflag;
  224. ace->access_mask = deny_mask_from_posix(deny, flags);
  225. ace->whotype = NFS4_ACL_WHO_OWNER;
  226. ace++;
  227. acl->naces++;
  228. }
  229. ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE;
  230. ace->flag = eflag;
  231. ace->access_mask = mask_from_posix(pa->e_perm, flags | NFS4_ACL_OWNER);
  232. ace->whotype = NFS4_ACL_WHO_OWNER;
  233. ace++;
  234. acl->naces++;
  235. pa++;
  236. while (pa->e_tag == ACL_USER) {
  237. deny = ~(pa->e_perm & pas.mask);
  238. deny &= pas.groups | pas.group | pas.other;
  239. if (deny) {
  240. ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE;
  241. ace->flag = eflag;
  242. ace->access_mask = deny_mask_from_posix(deny, flags);
  243. ace->whotype = NFS4_ACL_WHO_NAMED;
  244. ace->who_uid = pa->e_uid;
  245. ace++;
  246. acl->naces++;
  247. }
  248. ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE;
  249. ace->flag = eflag;
  250. ace->access_mask = mask_from_posix(pa->e_perm & pas.mask,
  251. flags);
  252. ace->whotype = NFS4_ACL_WHO_NAMED;
  253. ace->who_uid = pa->e_uid;
  254. ace++;
  255. acl->naces++;
  256. pa++;
  257. }
  258. /* In the case of groups, we apply allow ACEs first, then deny ACEs,
  259. * since a user can be in more than one group. */
  260. /* allow ACEs */
  261. group_owner_entry = pa;
  262. ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE;
  263. ace->flag = eflag;
  264. ace->access_mask = mask_from_posix(pas.group, flags);
  265. ace->whotype = NFS4_ACL_WHO_GROUP;
  266. ace++;
  267. acl->naces++;
  268. pa++;
  269. while (pa->e_tag == ACL_GROUP) {
  270. ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE;
  271. ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP;
  272. ace->access_mask = mask_from_posix(pa->e_perm & pas.mask,
  273. flags);
  274. ace->whotype = NFS4_ACL_WHO_NAMED;
  275. ace->who_gid = pa->e_gid;
  276. ace++;
  277. acl->naces++;
  278. pa++;
  279. }
  280. /* deny ACEs */
  281. pa = group_owner_entry;
  282. deny = ~pas.group & pas.other;
  283. if (deny) {
  284. ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE;
  285. ace->flag = eflag;
  286. ace->access_mask = deny_mask_from_posix(deny, flags);
  287. ace->whotype = NFS4_ACL_WHO_GROUP;
  288. ace++;
  289. acl->naces++;
  290. }
  291. pa++;
  292. while (pa->e_tag == ACL_GROUP) {
  293. deny = ~(pa->e_perm & pas.mask);
  294. deny &= pas.other;
  295. if (deny) {
  296. ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE;
  297. ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP;
  298. ace->access_mask = deny_mask_from_posix(deny, flags);
  299. ace->whotype = NFS4_ACL_WHO_NAMED;
  300. ace->who_gid = pa->e_gid;
  301. ace++;
  302. acl->naces++;
  303. }
  304. pa++;
  305. }
  306. if (pa->e_tag == ACL_MASK)
  307. pa++;
  308. ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE;
  309. ace->flag = eflag;
  310. ace->access_mask = mask_from_posix(pa->e_perm, flags);
  311. ace->whotype = NFS4_ACL_WHO_EVERYONE;
  312. acl->naces++;
  313. }
  314. static bool
  315. pace_gt(struct posix_acl_entry *pace1, struct posix_acl_entry *pace2)
  316. {
  317. if (pace1->e_tag != pace2->e_tag)
  318. return pace1->e_tag > pace2->e_tag;
  319. if (pace1->e_tag == ACL_USER)
  320. return uid_gt(pace1->e_uid, pace2->e_uid);
  321. if (pace1->e_tag == ACL_GROUP)
  322. return gid_gt(pace1->e_gid, pace2->e_gid);
  323. return false;
  324. }
  325. /**
  326. * sort_pacl_range - sort a range of POSIX ACL entries by tag and id
  327. * @pacl: POSIX ACL containing entries to sort
  328. * @start: starting index of range to sort
  329. * @end: ending index of range to sort (inclusive)
  330. *
  331. * Sorts ACL entries in place so that USER entries are ordered by UID
  332. * and GROUP entries are ordered by GID. Required before calling
  333. * posix_acl_valid().
  334. */
  335. void sort_pacl_range(struct posix_acl *pacl, int start, int end)
  336. {
  337. int sorted = 0, i;
  338. /* Bubble sort: acceptable here because ACLs are typically short. */
  339. while (!sorted) {
  340. sorted = 1;
  341. for (i = start; i < end; i++) {
  342. if (pace_gt(&pacl->a_entries[i],
  343. &pacl->a_entries[i+1])) {
  344. sorted = 0;
  345. swap(pacl->a_entries[i],
  346. pacl->a_entries[i + 1]);
  347. }
  348. }
  349. }
  350. }
  351. static void
  352. sort_pacl(struct posix_acl *pacl)
  353. {
  354. /* posix_acl_valid requires that users and groups be in order
  355. * by uid/gid. */
  356. int i, j;
  357. /* no users or groups */
  358. if (!pacl || pacl->a_count <= 4)
  359. return;
  360. i = 1;
  361. while (pacl->a_entries[i].e_tag == ACL_USER)
  362. i++;
  363. sort_pacl_range(pacl, 1, i-1);
  364. BUG_ON(pacl->a_entries[i].e_tag != ACL_GROUP_OBJ);
  365. j = ++i;
  366. while (pacl->a_entries[j].e_tag == ACL_GROUP)
  367. j++;
  368. sort_pacl_range(pacl, i, j-1);
  369. return;
  370. }
  371. /*
  372. * While processing the NFSv4 ACE, this maintains bitmasks representing
  373. * which permission bits have been allowed and which denied to a given
  374. * entity: */
  375. struct posix_ace_state {
  376. u32 allow;
  377. u32 deny;
  378. };
  379. struct posix_user_ace_state {
  380. union {
  381. kuid_t uid;
  382. kgid_t gid;
  383. };
  384. struct posix_ace_state perms;
  385. };
  386. struct posix_ace_state_array {
  387. int n;
  388. struct posix_user_ace_state aces[];
  389. };
  390. /*
  391. * While processing the NFSv4 ACE, this maintains the partial permissions
  392. * calculated so far: */
  393. struct posix_acl_state {
  394. unsigned char valid;
  395. struct posix_ace_state owner;
  396. struct posix_ace_state group;
  397. struct posix_ace_state other;
  398. struct posix_ace_state everyone;
  399. struct posix_ace_state mask; /* Deny unused in this case */
  400. struct posix_ace_state_array *users;
  401. struct posix_ace_state_array *groups;
  402. };
  403. static int
  404. init_state(struct posix_acl_state *state, int cnt)
  405. {
  406. int alloc;
  407. memset(state, 0, sizeof(struct posix_acl_state));
  408. /*
  409. * In the worst case, each individual acl could be for a distinct
  410. * named user or group, but we don't know which, so we allocate
  411. * enough space for either:
  412. */
  413. alloc = sizeof(struct posix_ace_state_array)
  414. + cnt*sizeof(struct posix_user_ace_state);
  415. state->users = kzalloc(alloc, GFP_KERNEL);
  416. if (!state->users)
  417. return -ENOMEM;
  418. state->groups = kzalloc(alloc, GFP_KERNEL);
  419. if (!state->groups) {
  420. kfree(state->users);
  421. return -ENOMEM;
  422. }
  423. return 0;
  424. }
  425. static void
  426. free_state(struct posix_acl_state *state) {
  427. kfree(state->users);
  428. kfree(state->groups);
  429. }
  430. static inline void add_to_mask(struct posix_acl_state *state, struct posix_ace_state *astate)
  431. {
  432. state->mask.allow |= astate->allow;
  433. }
  434. static struct posix_acl *
  435. posix_state_to_acl(struct posix_acl_state *state, unsigned int flags)
  436. {
  437. struct posix_acl_entry *pace;
  438. struct posix_acl *pacl;
  439. int nace;
  440. int i;
  441. /*
  442. * ACLs with no ACEs are treated differently in the inheritable
  443. * and effective cases: when there are no inheritable ACEs,
  444. * calls ->set_acl with a NULL ACL structure.
  445. */
  446. if (!state->valid && (flags & NFS4_ACL_TYPE_DEFAULT))
  447. return NULL;
  448. /*
  449. * When there are no effective ACEs, the following will end
  450. * up setting a 3-element effective posix ACL with all
  451. * permissions zero.
  452. */
  453. if (!state->users->n && !state->groups->n)
  454. nace = 3;
  455. else /* Note we also include a MASK ACE in this case: */
  456. nace = 4 + state->users->n + state->groups->n;
  457. pacl = posix_acl_alloc(nace, GFP_KERNEL);
  458. if (!pacl)
  459. return ERR_PTR(-ENOMEM);
  460. pace = pacl->a_entries;
  461. pace->e_tag = ACL_USER_OBJ;
  462. low_mode_from_nfs4(state->owner.allow, &pace->e_perm, flags);
  463. for (i=0; i < state->users->n; i++) {
  464. pace++;
  465. pace->e_tag = ACL_USER;
  466. low_mode_from_nfs4(state->users->aces[i].perms.allow,
  467. &pace->e_perm, flags);
  468. pace->e_uid = state->users->aces[i].uid;
  469. add_to_mask(state, &state->users->aces[i].perms);
  470. }
  471. pace++;
  472. pace->e_tag = ACL_GROUP_OBJ;
  473. low_mode_from_nfs4(state->group.allow, &pace->e_perm, flags);
  474. add_to_mask(state, &state->group);
  475. for (i=0; i < state->groups->n; i++) {
  476. pace++;
  477. pace->e_tag = ACL_GROUP;
  478. low_mode_from_nfs4(state->groups->aces[i].perms.allow,
  479. &pace->e_perm, flags);
  480. pace->e_gid = state->groups->aces[i].gid;
  481. add_to_mask(state, &state->groups->aces[i].perms);
  482. }
  483. if (state->users->n || state->groups->n) {
  484. pace++;
  485. pace->e_tag = ACL_MASK;
  486. low_mode_from_nfs4(state->mask.allow, &pace->e_perm, flags);
  487. }
  488. pace++;
  489. pace->e_tag = ACL_OTHER;
  490. low_mode_from_nfs4(state->other.allow, &pace->e_perm, flags);
  491. return pacl;
  492. }
  493. static inline void allow_bits(struct posix_ace_state *astate, u32 mask)
  494. {
  495. /* Allow all bits in the mask not already denied: */
  496. astate->allow |= mask & ~astate->deny;
  497. }
  498. static inline void deny_bits(struct posix_ace_state *astate, u32 mask)
  499. {
  500. /* Deny all bits in the mask not already allowed: */
  501. astate->deny |= mask & ~astate->allow;
  502. }
  503. static int find_uid(struct posix_acl_state *state, kuid_t uid)
  504. {
  505. struct posix_ace_state_array *a = state->users;
  506. int i;
  507. for (i = 0; i < a->n; i++)
  508. if (uid_eq(a->aces[i].uid, uid))
  509. return i;
  510. /* Not found: */
  511. a->n++;
  512. a->aces[i].uid = uid;
  513. a->aces[i].perms.allow = state->everyone.allow;
  514. a->aces[i].perms.deny = state->everyone.deny;
  515. return i;
  516. }
  517. static int find_gid(struct posix_acl_state *state, kgid_t gid)
  518. {
  519. struct posix_ace_state_array *a = state->groups;
  520. int i;
  521. for (i = 0; i < a->n; i++)
  522. if (gid_eq(a->aces[i].gid, gid))
  523. return i;
  524. /* Not found: */
  525. a->n++;
  526. a->aces[i].gid = gid;
  527. a->aces[i].perms.allow = state->everyone.allow;
  528. a->aces[i].perms.deny = state->everyone.deny;
  529. return i;
  530. }
  531. static void deny_bits_array(struct posix_ace_state_array *a, u32 mask)
  532. {
  533. int i;
  534. for (i=0; i < a->n; i++)
  535. deny_bits(&a->aces[i].perms, mask);
  536. }
  537. static void allow_bits_array(struct posix_ace_state_array *a, u32 mask)
  538. {
  539. int i;
  540. for (i=0; i < a->n; i++)
  541. allow_bits(&a->aces[i].perms, mask);
  542. }
  543. static void process_one_v4_ace(struct posix_acl_state *state,
  544. struct nfs4_ace *ace)
  545. {
  546. u32 mask = ace->access_mask;
  547. short type = ace2type(ace);
  548. int i;
  549. state->valid |= type;
  550. switch (type) {
  551. case ACL_USER_OBJ:
  552. if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
  553. allow_bits(&state->owner, mask);
  554. } else {
  555. deny_bits(&state->owner, mask);
  556. }
  557. break;
  558. case ACL_USER:
  559. i = find_uid(state, ace->who_uid);
  560. if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
  561. allow_bits(&state->users->aces[i].perms, mask);
  562. } else {
  563. deny_bits(&state->users->aces[i].perms, mask);
  564. mask = state->users->aces[i].perms.deny;
  565. deny_bits(&state->owner, mask);
  566. }
  567. break;
  568. case ACL_GROUP_OBJ:
  569. if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
  570. allow_bits(&state->group, mask);
  571. } else {
  572. deny_bits(&state->group, mask);
  573. mask = state->group.deny;
  574. deny_bits(&state->owner, mask);
  575. deny_bits(&state->everyone, mask);
  576. deny_bits_array(state->users, mask);
  577. deny_bits_array(state->groups, mask);
  578. }
  579. break;
  580. case ACL_GROUP:
  581. i = find_gid(state, ace->who_gid);
  582. if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
  583. allow_bits(&state->groups->aces[i].perms, mask);
  584. } else {
  585. deny_bits(&state->groups->aces[i].perms, mask);
  586. mask = state->groups->aces[i].perms.deny;
  587. deny_bits(&state->owner, mask);
  588. deny_bits(&state->group, mask);
  589. deny_bits(&state->everyone, mask);
  590. deny_bits_array(state->users, mask);
  591. deny_bits_array(state->groups, mask);
  592. }
  593. break;
  594. case ACL_OTHER:
  595. if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
  596. allow_bits(&state->owner, mask);
  597. allow_bits(&state->group, mask);
  598. allow_bits(&state->other, mask);
  599. allow_bits(&state->everyone, mask);
  600. allow_bits_array(state->users, mask);
  601. allow_bits_array(state->groups, mask);
  602. } else {
  603. deny_bits(&state->owner, mask);
  604. deny_bits(&state->group, mask);
  605. deny_bits(&state->other, mask);
  606. deny_bits(&state->everyone, mask);
  607. deny_bits_array(state->users, mask);
  608. deny_bits_array(state->groups, mask);
  609. }
  610. }
  611. }
  612. static int nfs4_acl_nfsv4_to_posix(struct nfs4_acl *acl,
  613. struct posix_acl **pacl, struct posix_acl **dpacl,
  614. unsigned int flags)
  615. {
  616. struct posix_acl_state effective_acl_state, default_acl_state;
  617. struct nfs4_ace *ace;
  618. int ret;
  619. ret = init_state(&effective_acl_state, acl->naces);
  620. if (ret)
  621. return ret;
  622. ret = init_state(&default_acl_state, acl->naces);
  623. if (ret)
  624. goto out_estate;
  625. ret = -EINVAL;
  626. for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) {
  627. if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE &&
  628. ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE)
  629. goto out_dstate;
  630. if (ace->flag & ~NFS4_SUPPORTED_FLAGS)
  631. goto out_dstate;
  632. if ((ace->flag & NFS4_INHERITANCE_FLAGS) == 0) {
  633. process_one_v4_ace(&effective_acl_state, ace);
  634. continue;
  635. }
  636. if (!(flags & NFS4_ACL_DIR))
  637. goto out_dstate;
  638. /*
  639. * Note that when only one of FILE_INHERIT or DIRECTORY_INHERIT
  640. * is set, we're effectively turning on the other. That's OK,
  641. * according to rfc 3530.
  642. */
  643. process_one_v4_ace(&default_acl_state, ace);
  644. if (!(ace->flag & NFS4_ACE_INHERIT_ONLY_ACE))
  645. process_one_v4_ace(&effective_acl_state, ace);
  646. }
  647. /*
  648. * At this point, the default ACL may have zeroed-out entries for owner,
  649. * group and other. That usually results in a non-sensical resulting ACL
  650. * that denies all access except to any ACE that was explicitly added.
  651. *
  652. * The setfacl command solves a similar problem with this logic:
  653. *
  654. * "If a Default ACL entry is created, and the Default ACL contains
  655. * no owner, owning group, or others entry, a copy of the ACL
  656. * owner, owning group, or others entry is added to the Default ACL."
  657. *
  658. * Copy any missing ACEs from the effective set, if any ACEs were
  659. * explicitly set.
  660. */
  661. if (default_acl_state.valid) {
  662. if (!(default_acl_state.valid & ACL_USER_OBJ))
  663. default_acl_state.owner = effective_acl_state.owner;
  664. if (!(default_acl_state.valid & ACL_GROUP_OBJ))
  665. default_acl_state.group = effective_acl_state.group;
  666. if (!(default_acl_state.valid & ACL_OTHER))
  667. default_acl_state.other = effective_acl_state.other;
  668. }
  669. *pacl = posix_state_to_acl(&effective_acl_state, flags);
  670. if (IS_ERR(*pacl)) {
  671. ret = PTR_ERR(*pacl);
  672. *pacl = NULL;
  673. goto out_dstate;
  674. }
  675. *dpacl = posix_state_to_acl(&default_acl_state,
  676. flags | NFS4_ACL_TYPE_DEFAULT);
  677. if (IS_ERR(*dpacl)) {
  678. ret = PTR_ERR(*dpacl);
  679. *dpacl = NULL;
  680. posix_acl_release(*pacl);
  681. *pacl = NULL;
  682. goto out_dstate;
  683. }
  684. sort_pacl(*pacl);
  685. sort_pacl(*dpacl);
  686. ret = 0;
  687. out_dstate:
  688. free_state(&default_acl_state);
  689. out_estate:
  690. free_state(&effective_acl_state);
  691. return ret;
  692. }
  693. __be32 nfsd4_acl_to_attr(enum nfs_ftype4 type, struct nfs4_acl *acl,
  694. struct nfsd_attrs *attr)
  695. {
  696. int host_error;
  697. unsigned int flags = 0;
  698. if (!acl)
  699. return nfs_ok;
  700. if (type == NF4DIR)
  701. flags = NFS4_ACL_DIR;
  702. host_error = nfs4_acl_nfsv4_to_posix(acl, &attr->na_pacl,
  703. &attr->na_dpacl, flags);
  704. if (host_error == -EINVAL)
  705. return nfserr_attrnotsupp;
  706. else
  707. return nfserrno(host_error);
  708. }
  709. static short
  710. ace2type(struct nfs4_ace *ace)
  711. {
  712. switch (ace->whotype) {
  713. case NFS4_ACL_WHO_NAMED:
  714. return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ?
  715. ACL_GROUP : ACL_USER);
  716. case NFS4_ACL_WHO_OWNER:
  717. return ACL_USER_OBJ;
  718. case NFS4_ACL_WHO_GROUP:
  719. return ACL_GROUP_OBJ;
  720. case NFS4_ACL_WHO_EVERYONE:
  721. return ACL_OTHER;
  722. }
  723. BUG();
  724. return -1;
  725. }
  726. /*
  727. * return the size of the struct nfs4_acl required to represent an acl
  728. * with @entries entries.
  729. */
  730. int nfs4_acl_bytes(int entries)
  731. {
  732. return sizeof(struct nfs4_acl) + entries * sizeof(struct nfs4_ace);
  733. }
  734. static struct {
  735. char *string;
  736. int stringlen;
  737. int type;
  738. } s2t_map[] = {
  739. {
  740. .string = "OWNER@",
  741. .stringlen = sizeof("OWNER@") - 1,
  742. .type = NFS4_ACL_WHO_OWNER,
  743. },
  744. {
  745. .string = "GROUP@",
  746. .stringlen = sizeof("GROUP@") - 1,
  747. .type = NFS4_ACL_WHO_GROUP,
  748. },
  749. {
  750. .string = "EVERYONE@",
  751. .stringlen = sizeof("EVERYONE@") - 1,
  752. .type = NFS4_ACL_WHO_EVERYONE,
  753. },
  754. };
  755. int
  756. nfs4_acl_get_whotype(char *p, u32 len)
  757. {
  758. int i;
  759. for (i = 0; i < ARRAY_SIZE(s2t_map); i++) {
  760. if (s2t_map[i].stringlen == len &&
  761. 0 == memcmp(s2t_map[i].string, p, len))
  762. return s2t_map[i].type;
  763. }
  764. return NFS4_ACL_WHO_NAMED;
  765. }
  766. __be32 nfs4_acl_write_who(struct xdr_stream *xdr, int who)
  767. {
  768. __be32 *p;
  769. int i;
  770. for (i = 0; i < ARRAY_SIZE(s2t_map); i++) {
  771. if (s2t_map[i].type != who)
  772. continue;
  773. p = xdr_reserve_space(xdr, s2t_map[i].stringlen + 4);
  774. if (!p)
  775. return nfserr_resource;
  776. p = xdr_encode_opaque(p, s2t_map[i].string,
  777. s2t_map[i].stringlen);
  778. return 0;
  779. }
  780. WARN_ON_ONCE(1);
  781. return nfserr_serverfault;
  782. }