]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * fs/nfs4acl/acl.c | |
3 | * | |
4 | * Common NFSv4 ACL handling code. | |
5 | * | |
6 | * Copyright (c) 2002, 2003 The Regents of the University of Michigan. | |
7 | * All rights reserved. | |
8 | * | |
9 | * Marius Aamodt Eriksen <marius@umich.edu> | |
10 | * Jeff Sedlak <jsedlak@umich.edu> | |
11 | * J. Bruce Fields <bfields@umich.edu> | |
12 | * | |
13 | * Redistribution and use in source and binary forms, with or without | |
14 | * modification, are permitted provided that the following conditions | |
15 | * are met: | |
16 | * | |
17 | * 1. Redistributions of source code must retain the above copyright | |
18 | * notice, this list of conditions and the following disclaimer. | |
19 | * 2. Redistributions in binary form must reproduce the above copyright | |
20 | * notice, this list of conditions and the following disclaimer in the | |
21 | * documentation and/or other materials provided with the distribution. | |
22 | * 3. Neither the name of the University nor the names of its | |
23 | * contributors may be used to endorse or promote products derived | |
24 | * from this software without specific prior written permission. | |
25 | * | |
26 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED | |
27 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | |
28 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
29 | * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
31 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
32 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR | |
33 | * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
34 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
35 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
36 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
37 | */ | |
38 | ||
39 | #include <linux/string.h> | |
40 | #include <linux/slab.h> | |
41 | #include <linux/list.h> | |
42 | #include <linux/types.h> | |
43 | #include <linux/fs.h> | |
44 | #include <linux/module.h> | |
45 | #include <linux/nfs_fs.h> | |
46 | #include <linux/posix_acl.h> | |
47 | #include <linux/nfs4.h> | |
48 | #include <linux/nfs4_acl.h> | |
49 | ||
50 | ||
51 | /* mode bit translations: */ | |
52 | #define NFS4_READ_MODE (NFS4_ACE_READ_DATA) | |
53 | #define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA | NFS4_ACE_APPEND_DATA) | |
54 | #define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE | |
55 | #define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | NFS4_ACE_SYNCHRONIZE) | |
56 | #define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL) | |
57 | ||
58 | /* We don't support these bits; insist they be neither allowed nor denied */ | |
59 | #define NFS4_MASK_UNSUPP (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \ | |
60 | | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS) | |
61 | ||
62 | /* flags used to simulate posix default ACLs */ | |
63 | #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ | |
7bdfa68c | 64 | | NFS4_ACE_DIRECTORY_INHERIT_ACE) |
1da177e4 | 65 | |
7bdfa68c BF |
66 | #define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS \ |
67 | | NFS4_ACE_INHERIT_ONLY_ACE \ | |
68 | | NFS4_ACE_IDENTIFIER_GROUP) | |
b548edc2 | 69 | |
1da177e4 LT |
70 | #define MASK_EQUAL(mask1, mask2) \ |
71 | ( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) ) | |
72 | ||
73 | static u32 | |
74 | mask_from_posix(unsigned short perm, unsigned int flags) | |
75 | { | |
76 | int mask = NFS4_ANYONE_MODE; | |
77 | ||
78 | if (flags & NFS4_ACL_OWNER) | |
79 | mask |= NFS4_OWNER_MODE; | |
80 | if (perm & ACL_READ) | |
81 | mask |= NFS4_READ_MODE; | |
82 | if (perm & ACL_WRITE) | |
83 | mask |= NFS4_WRITE_MODE; | |
84 | if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) | |
85 | mask |= NFS4_ACE_DELETE_CHILD; | |
86 | if (perm & ACL_EXECUTE) | |
87 | mask |= NFS4_EXECUTE_MODE; | |
88 | return mask; | |
89 | } | |
90 | ||
91 | static u32 | |
bec50c47 | 92 | deny_mask_from_posix(unsigned short perm, u32 flags) |
1da177e4 | 93 | { |
bec50c47 BF |
94 | u32 mask = 0; |
95 | ||
96 | if (perm & ACL_READ) | |
97 | mask |= NFS4_READ_MODE; | |
98 | if (perm & ACL_WRITE) | |
99 | mask |= NFS4_WRITE_MODE; | |
100 | if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) | |
101 | mask |= NFS4_ACE_DELETE_CHILD; | |
102 | if (perm & ACL_EXECUTE) | |
103 | mask |= NFS4_EXECUTE_MODE; | |
104 | return mask; | |
1da177e4 LT |
105 | } |
106 | ||
107 | /* XXX: modify functions to return NFS errors; they're only ever | |
108 | * used by nfs code, after all.... */ | |
109 | ||
09229edb BF |
110 | /* We only map from NFSv4 to POSIX ACLs when setting ACLs, when we err on the |
111 | * side of being more restrictive, so the mode bit mapping below is | |
112 | * pessimistic. An optimistic version would be needed to handle DENY's, | |
113 | * but we espect to coalesce all ALLOWs and DENYs before mapping to mode | |
114 | * bits. */ | |
115 | ||
116 | static void | |
117 | low_mode_from_nfs4(u32 perm, unsigned short *mode, unsigned int flags) | |
1da177e4 | 118 | { |
09229edb | 119 | u32 write_mode = NFS4_WRITE_MODE; |
1da177e4 | 120 | |
09229edb BF |
121 | if (flags & NFS4_ACL_DIR) |
122 | write_mode |= NFS4_ACE_DELETE_CHILD; | |
1da177e4 LT |
123 | *mode = 0; |
124 | if ((perm & NFS4_READ_MODE) == NFS4_READ_MODE) | |
125 | *mode |= ACL_READ; | |
09229edb | 126 | if ((perm & write_mode) == write_mode) |
1da177e4 LT |
127 | *mode |= ACL_WRITE; |
128 | if ((perm & NFS4_EXECUTE_MODE) == NFS4_EXECUTE_MODE) | |
129 | *mode |= ACL_EXECUTE; | |
1da177e4 LT |
130 | } |
131 | ||
132 | struct ace_container { | |
133 | struct nfs4_ace *ace; | |
134 | struct list_head ace_l; | |
135 | }; | |
136 | ||
137 | static short ace2type(struct nfs4_ace *); | |
28e05dd8 BF |
138 | static void _posix_to_nfsv4_one(struct posix_acl *, struct nfs4_acl *, |
139 | unsigned int); | |
1da177e4 LT |
140 | |
141 | struct nfs4_acl * | |
142 | nfs4_acl_posix_to_nfsv4(struct posix_acl *pacl, struct posix_acl *dpacl, | |
143 | unsigned int flags) | |
144 | { | |
145 | struct nfs4_acl *acl; | |
28e05dd8 | 146 | int size = 0; |
1da177e4 | 147 | |
28e05dd8 BF |
148 | if (pacl) { |
149 | if (posix_acl_valid(pacl) < 0) | |
150 | return ERR_PTR(-EINVAL); | |
151 | size += 2*pacl->a_count; | |
1da177e4 | 152 | } |
28e05dd8 BF |
153 | if (dpacl) { |
154 | if (posix_acl_valid(dpacl) < 0) | |
155 | return ERR_PTR(-EINVAL); | |
156 | size += 2*dpacl->a_count; | |
1da177e4 LT |
157 | } |
158 | ||
28e05dd8 BF |
159 | /* Allocate for worst case: one (deny, allow) pair each: */ |
160 | acl = nfs4_acl_new(size); | |
161 | if (acl == NULL) | |
162 | return ERR_PTR(-ENOMEM); | |
1da177e4 | 163 | |
28e05dd8 BF |
164 | if (pacl) |
165 | _posix_to_nfsv4_one(pacl, acl, flags & ~NFS4_ACL_TYPE_DEFAULT); | |
1da177e4 | 166 | |
28e05dd8 BF |
167 | if (dpacl) |
168 | _posix_to_nfsv4_one(dpacl, acl, flags | NFS4_ACL_TYPE_DEFAULT); | |
1da177e4 LT |
169 | |
170 | return acl; | |
171 | } | |
172 | ||
bec50c47 BF |
173 | struct posix_acl_summary { |
174 | unsigned short owner; | |
175 | unsigned short users; | |
176 | unsigned short group; | |
177 | unsigned short groups; | |
178 | unsigned short other; | |
179 | unsigned short mask; | |
180 | }; | |
181 | ||
28e05dd8 | 182 | static void |
bec50c47 | 183 | summarize_posix_acl(struct posix_acl *acl, struct posix_acl_summary *pas) |
1da177e4 | 184 | { |
bec50c47 BF |
185 | struct posix_acl_entry *pa, *pe; |
186 | pas->users = 0; | |
187 | pas->groups = 0; | |
188 | pas->mask = 07; | |
189 | ||
190 | pe = acl->a_entries + acl->a_count; | |
191 | ||
192 | FOREACH_ACL_ENTRY(pa, acl, pe) { | |
193 | switch (pa->e_tag) { | |
194 | case ACL_USER_OBJ: | |
195 | pas->owner = pa->e_perm; | |
196 | break; | |
197 | case ACL_GROUP_OBJ: | |
198 | pas->group = pa->e_perm; | |
199 | break; | |
200 | case ACL_USER: | |
201 | pas->users |= pa->e_perm; | |
202 | break; | |
203 | case ACL_GROUP: | |
204 | pas->groups |= pa->e_perm; | |
205 | break; | |
206 | case ACL_OTHER: | |
207 | pas->other = pa->e_perm; | |
208 | break; | |
209 | case ACL_MASK: | |
210 | pas->mask = pa->e_perm; | |
211 | break; | |
212 | } | |
213 | } | |
214 | /* We'll only care about effective permissions: */ | |
215 | pas->users &= pas->mask; | |
216 | pas->group &= pas->mask; | |
217 | pas->groups &= pas->mask; | |
1da177e4 LT |
218 | } |
219 | ||
220 | /* We assume the acl has been verified with posix_acl_valid. */ | |
28e05dd8 | 221 | static void |
1da177e4 LT |
222 | _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, |
223 | unsigned int flags) | |
224 | { | |
bec50c47 BF |
225 | struct posix_acl_entry *pa, *group_owner_entry; |
226 | struct nfs4_ace *ace; | |
227 | struct posix_acl_summary pas; | |
228 | unsigned short deny; | |
1da177e4 | 229 | int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ? |
54c04409 | 230 | NFS4_INHERITANCE_FLAGS | NFS4_ACE_INHERIT_ONLY_ACE : 0); |
1da177e4 LT |
231 | |
232 | BUG_ON(pacl->a_count < 3); | |
bec50c47 | 233 | summarize_posix_acl(pacl, &pas); |
1da177e4 LT |
234 | |
235 | pa = pacl->a_entries; | |
bec50c47 BF |
236 | ace = acl->aces + acl->naces; |
237 | ||
238 | /* We could deny everything not granted by the owner: */ | |
239 | deny = ~pas.owner; | |
240 | /* | |
241 | * but it is equivalent (and simpler) to deny only what is not | |
242 | * granted by later entries: | |
243 | */ | |
244 | deny &= pas.users | pas.group | pas.groups | pas.other; | |
245 | if (deny) { | |
246 | ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; | |
247 | ace->flag = eflag; | |
248 | ace->access_mask = deny_mask_from_posix(deny, flags); | |
249 | ace->whotype = NFS4_ACL_WHO_OWNER; | |
250 | ace++; | |
251 | acl->naces++; | |
252 | } | |
253 | ||
254 | ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; | |
255 | ace->flag = eflag; | |
256 | ace->access_mask = mask_from_posix(pa->e_perm, flags | NFS4_ACL_OWNER); | |
257 | ace->whotype = NFS4_ACL_WHO_OWNER; | |
258 | ace++; | |
259 | acl->naces++; | |
1da177e4 LT |
260 | pa++; |
261 | ||
262 | while (pa->e_tag == ACL_USER) { | |
bec50c47 BF |
263 | deny = ~(pa->e_perm & pas.mask); |
264 | deny &= pas.groups | pas.group | pas.other; | |
265 | if (deny) { | |
266 | ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; | |
267 | ace->flag = eflag; | |
268 | ace->access_mask = deny_mask_from_posix(deny, flags); | |
269 | ace->whotype = NFS4_ACL_WHO_NAMED; | |
270 | ace->who = pa->e_id; | |
271 | ace++; | |
272 | acl->naces++; | |
273 | } | |
274 | ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; | |
275 | ace->flag = eflag; | |
276 | ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, | |
277 | flags); | |
278 | ace->whotype = NFS4_ACL_WHO_NAMED; | |
279 | ace->who = pa->e_id; | |
280 | ace++; | |
281 | acl->naces++; | |
1da177e4 LT |
282 | pa++; |
283 | } | |
284 | ||
285 | /* In the case of groups, we apply allow ACEs first, then deny ACEs, | |
286 | * since a user can be in more than one group. */ | |
287 | ||
288 | /* allow ACEs */ | |
289 | ||
1da177e4 | 290 | group_owner_entry = pa; |
bec50c47 BF |
291 | |
292 | ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; | |
293 | ace->flag = eflag; | |
294 | ace->access_mask = mask_from_posix(pas.group, flags); | |
295 | ace->whotype = NFS4_ACL_WHO_GROUP; | |
296 | ace++; | |
297 | acl->naces++; | |
1da177e4 LT |
298 | pa++; |
299 | ||
300 | while (pa->e_tag == ACL_GROUP) { | |
bec50c47 BF |
301 | ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; |
302 | ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; | |
303 | ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, | |
304 | flags); | |
305 | ace->whotype = NFS4_ACL_WHO_NAMED; | |
306 | ace->who = pa->e_id; | |
307 | ace++; | |
308 | acl->naces++; | |
1da177e4 LT |
309 | pa++; |
310 | } | |
311 | ||
312 | /* deny ACEs */ | |
313 | ||
314 | pa = group_owner_entry; | |
bec50c47 BF |
315 | |
316 | deny = ~pas.group & pas.other; | |
317 | if (deny) { | |
318 | ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; | |
319 | ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; | |
320 | ace->access_mask = deny_mask_from_posix(deny, flags); | |
321 | ace->whotype = NFS4_ACL_WHO_GROUP; | |
322 | ace++; | |
323 | acl->naces++; | |
324 | } | |
1da177e4 | 325 | pa++; |
bec50c47 | 326 | |
1da177e4 | 327 | while (pa->e_tag == ACL_GROUP) { |
bec50c47 BF |
328 | deny = ~(pa->e_perm & pas.mask); |
329 | deny &= pas.other; | |
330 | if (deny) { | |
331 | ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; | |
332 | ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; | |
333 | ace->access_mask = mask_from_posix(deny, flags); | |
334 | ace->whotype = NFS4_ACL_WHO_NAMED; | |
335 | ace->who = pa->e_id; | |
336 | ace++; | |
337 | acl->naces++; | |
338 | } | |
1da177e4 LT |
339 | pa++; |
340 | } | |
341 | ||
342 | if (pa->e_tag == ACL_MASK) | |
343 | pa++; | |
bec50c47 BF |
344 | ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; |
345 | ace->flag = eflag; | |
346 | ace->access_mask = mask_from_posix(pa->e_perm, flags); | |
347 | ace->whotype = NFS4_ACL_WHO_EVERYONE; | |
348 | acl->naces++; | |
1da177e4 LT |
349 | } |
350 | ||
351 | static void | |
352 | sort_pacl_range(struct posix_acl *pacl, int start, int end) { | |
353 | int sorted = 0, i; | |
354 | struct posix_acl_entry tmp; | |
355 | ||
356 | /* We just do a bubble sort; easy to do in place, and we're not | |
357 | * expecting acl's to be long enough to justify anything more. */ | |
358 | while (!sorted) { | |
359 | sorted = 1; | |
360 | for (i = start; i < end; i++) { | |
361 | if (pacl->a_entries[i].e_id | |
362 | > pacl->a_entries[i+1].e_id) { | |
363 | sorted = 0; | |
364 | tmp = pacl->a_entries[i]; | |
365 | pacl->a_entries[i] = pacl->a_entries[i+1]; | |
366 | pacl->a_entries[i+1] = tmp; | |
367 | } | |
368 | } | |
369 | } | |
370 | } | |
371 | ||
372 | static void | |
373 | sort_pacl(struct posix_acl *pacl) | |
374 | { | |
375 | /* posix_acl_valid requires that users and groups be in order | |
376 | * by uid/gid. */ | |
377 | int i, j; | |
378 | ||
379 | if (pacl->a_count <= 4) | |
380 | return; /* no users or groups */ | |
381 | i = 1; | |
382 | while (pacl->a_entries[i].e_tag == ACL_USER) | |
383 | i++; | |
384 | sort_pacl_range(pacl, 1, i-1); | |
385 | ||
386 | BUG_ON(pacl->a_entries[i].e_tag != ACL_GROUP_OBJ); | |
387 | j = i++; | |
388 | while (pacl->a_entries[j].e_tag == ACL_GROUP) | |
389 | j++; | |
390 | sort_pacl_range(pacl, i, j-1); | |
391 | return; | |
392 | } | |
393 | ||
09229edb BF |
394 | /* |
395 | * While processing the NFSv4 ACE, this maintains bitmasks representing | |
396 | * which permission bits have been allowed and which denied to a given | |
397 | * entity: */ | |
398 | struct posix_ace_state { | |
399 | u32 allow; | |
400 | u32 deny; | |
401 | }; | |
402 | ||
403 | struct posix_user_ace_state { | |
404 | uid_t uid; | |
405 | struct posix_ace_state perms; | |
406 | }; | |
407 | ||
408 | struct posix_ace_state_array { | |
409 | int n; | |
410 | struct posix_user_ace_state aces[]; | |
411 | }; | |
412 | ||
413 | /* | |
414 | * While processing the NFSv4 ACE, this maintains the partial permissions | |
415 | * calculated so far: */ | |
416 | ||
417 | struct posix_acl_state { | |
3160a711 | 418 | int empty; |
09229edb BF |
419 | struct posix_ace_state owner; |
420 | struct posix_ace_state group; | |
421 | struct posix_ace_state other; | |
422 | struct posix_ace_state everyone; | |
423 | struct posix_ace_state mask; /* Deny unused in this case */ | |
424 | struct posix_ace_state_array *users; | |
425 | struct posix_ace_state_array *groups; | |
426 | }; | |
427 | ||
1da177e4 | 428 | static int |
09229edb | 429 | init_state(struct posix_acl_state *state, int cnt) |
1da177e4 | 430 | { |
09229edb BF |
431 | int alloc; |
432 | ||
433 | memset(state, 0, sizeof(struct posix_acl_state)); | |
3160a711 | 434 | state->empty = 1; |
09229edb BF |
435 | /* |
436 | * In the worst case, each individual acl could be for a distinct | |
437 | * named user or group, but we don't no which, so we allocate | |
438 | * enough space for either: | |
439 | */ | |
440 | alloc = sizeof(struct posix_ace_state_array) | |
441 | + cnt*sizeof(struct posix_ace_state); | |
442 | state->users = kzalloc(alloc, GFP_KERNEL); | |
443 | if (!state->users) | |
444 | return -ENOMEM; | |
445 | state->groups = kzalloc(alloc, GFP_KERNEL); | |
446 | if (!state->groups) { | |
447 | kfree(state->users); | |
448 | return -ENOMEM; | |
449 | } | |
450 | return 0; | |
1da177e4 LT |
451 | } |
452 | ||
09229edb BF |
453 | static void |
454 | free_state(struct posix_acl_state *state) { | |
455 | kfree(state->users); | |
456 | kfree(state->groups); | |
1da177e4 LT |
457 | } |
458 | ||
09229edb | 459 | static inline void add_to_mask(struct posix_acl_state *state, struct posix_ace_state *astate) |
1da177e4 | 460 | { |
09229edb | 461 | state->mask.allow |= astate->allow; |
1da177e4 LT |
462 | } |
463 | ||
09229edb BF |
464 | /* |
465 | * Certain bits (SYNCHRONIZE, DELETE, WRITE_OWNER, READ/WRITE_NAMED_ATTRS, | |
466 | * READ_ATTRIBUTES, READ_ACL) are currently unenforceable and don't translate | |
467 | * to traditional read/write/execute permissions. | |
468 | * | |
469 | * It's problematic to reject acls that use certain mode bits, because it | |
470 | * places the burden on users to learn the rules about which bits one | |
471 | * particular server sets, without giving the user a lot of help--we return an | |
472 | * error that could mean any number of different things. To make matters | |
473 | * worse, the problematic bits might be introduced by some application that's | |
474 | * automatically mapping from some other acl model. | |
475 | * | |
476 | * So wherever possible we accept anything, possibly erring on the side of | |
477 | * denying more permissions than necessary. | |
478 | * | |
479 | * However we do reject *explicit* DENY's of a few bits representing | |
480 | * permissions we could never deny: | |
481 | */ | |
1da177e4 | 482 | |
09229edb BF |
483 | static inline int check_deny(u32 mask, int isowner) |
484 | { | |
485 | if (mask & (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL)) | |
486 | return -EINVAL; | |
487 | if (!isowner) | |
488 | return 0; | |
489 | if (mask & (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL)) | |
490 | return -EINVAL; | |
491 | return 0; | |
1da177e4 LT |
492 | } |
493 | ||
09229edb BF |
494 | static struct posix_acl * |
495 | posix_state_to_acl(struct posix_acl_state *state, unsigned int flags) | |
1da177e4 | 496 | { |
09229edb BF |
497 | struct posix_acl_entry *pace; |
498 | struct posix_acl *pacl; | |
499 | int nace; | |
500 | int i, error = 0; | |
1da177e4 | 501 | |
3160a711 BF |
502 | /* |
503 | * ACLs with no ACEs are treated differently in the inheritable | |
504 | * and effective cases: when there are no inheritable ACEs, we | |
505 | * set a zero-length default posix acl: | |
506 | */ | |
507 | if (state->empty && (flags & NFS4_ACL_TYPE_DEFAULT)) { | |
508 | pacl = posix_acl_alloc(0, GFP_KERNEL); | |
509 | return pacl ? pacl : ERR_PTR(-ENOMEM); | |
510 | } | |
511 | /* | |
512 | * When there are no effective ACEs, the following will end | |
513 | * up setting a 3-element effective posix ACL with all | |
514 | * permissions zero. | |
515 | */ | |
09229edb BF |
516 | nace = 4 + state->users->n + state->groups->n; |
517 | pacl = posix_acl_alloc(nace, GFP_KERNEL); | |
518 | if (!pacl) | |
519 | return ERR_PTR(-ENOMEM); | |
1da177e4 | 520 | |
09229edb BF |
521 | pace = pacl->a_entries; |
522 | pace->e_tag = ACL_USER_OBJ; | |
523 | error = check_deny(state->owner.deny, 1); | |
524 | if (error) | |
525 | goto out_err; | |
526 | low_mode_from_nfs4(state->owner.allow, &pace->e_perm, flags); | |
527 | pace->e_id = ACL_UNDEFINED_ID; | |
528 | ||
529 | for (i=0; i < state->users->n; i++) { | |
530 | pace++; | |
531 | pace->e_tag = ACL_USER; | |
532 | error = check_deny(state->users->aces[i].perms.deny, 0); | |
533 | if (error) | |
534 | goto out_err; | |
535 | low_mode_from_nfs4(state->users->aces[i].perms.allow, | |
536 | &pace->e_perm, flags); | |
537 | pace->e_id = state->users->aces[i].uid; | |
538 | add_to_mask(state, &state->users->aces[i].perms); | |
1da177e4 LT |
539 | } |
540 | ||
09229edb BF |
541 | pace++; |
542 | pace->e_tag = ACL_GROUP_OBJ; | |
543 | error = check_deny(state->group.deny, 0); | |
544 | if (error) | |
545 | goto out_err; | |
546 | low_mode_from_nfs4(state->group.allow, &pace->e_perm, flags); | |
547 | pace->e_id = ACL_UNDEFINED_ID; | |
548 | add_to_mask(state, &state->group); | |
549 | ||
550 | for (i=0; i < state->groups->n; i++) { | |
551 | pace++; | |
552 | pace->e_tag = ACL_GROUP; | |
553 | error = check_deny(state->groups->aces[i].perms.deny, 0); | |
554 | if (error) | |
555 | goto out_err; | |
556 | low_mode_from_nfs4(state->groups->aces[i].perms.allow, | |
557 | &pace->e_perm, flags); | |
558 | pace->e_id = state->groups->aces[i].uid; | |
559 | add_to_mask(state, &state->groups->aces[i].perms); | |
560 | } | |
1da177e4 | 561 | |
09229edb BF |
562 | pace++; |
563 | pace->e_tag = ACL_MASK; | |
564 | low_mode_from_nfs4(state->mask.allow, &pace->e_perm, flags); | |
565 | pace->e_id = ACL_UNDEFINED_ID; | |
1da177e4 | 566 | |
09229edb BF |
567 | pace++; |
568 | pace->e_tag = ACL_OTHER; | |
569 | error = check_deny(state->other.deny, 0); | |
570 | if (error) | |
571 | goto out_err; | |
572 | low_mode_from_nfs4(state->other.allow, &pace->e_perm, flags); | |
573 | pace->e_id = ACL_UNDEFINED_ID; | |
1da177e4 | 574 | |
09229edb BF |
575 | return pacl; |
576 | out_err: | |
577 | posix_acl_release(pacl); | |
578 | return ERR_PTR(error); | |
579 | } | |
1da177e4 | 580 | |
09229edb BF |
581 | static inline void allow_bits(struct posix_ace_state *astate, u32 mask) |
582 | { | |
583 | /* Allow all bits in the mask not already denied: */ | |
584 | astate->allow |= mask & ~astate->deny; | |
585 | } | |
1da177e4 | 586 | |
09229edb BF |
587 | static inline void deny_bits(struct posix_ace_state *astate, u32 mask) |
588 | { | |
589 | /* Deny all bits in the mask not already allowed: */ | |
590 | astate->deny |= mask & ~astate->allow; | |
591 | } | |
1da177e4 | 592 | |
09229edb BF |
593 | static int find_uid(struct posix_acl_state *state, struct posix_ace_state_array *a, uid_t uid) |
594 | { | |
595 | int i; | |
1da177e4 | 596 | |
09229edb BF |
597 | for (i = 0; i < a->n; i++) |
598 | if (a->aces[i].uid == uid) | |
599 | return i; | |
600 | /* Not found: */ | |
601 | a->n++; | |
602 | a->aces[i].uid = uid; | |
603 | a->aces[i].perms.allow = state->everyone.allow; | |
604 | a->aces[i].perms.deny = state->everyone.deny; | |
1da177e4 | 605 | |
09229edb | 606 | return i; |
1da177e4 LT |
607 | } |
608 | ||
09229edb | 609 | static void deny_bits_array(struct posix_ace_state_array *a, u32 mask) |
1da177e4 | 610 | { |
09229edb | 611 | int i; |
1da177e4 | 612 | |
09229edb BF |
613 | for (i=0; i < a->n; i++) |
614 | deny_bits(&a->aces[i].perms, mask); | |
1da177e4 LT |
615 | } |
616 | ||
09229edb | 617 | static void allow_bits_array(struct posix_ace_state_array *a, u32 mask) |
1da177e4 | 618 | { |
09229edb | 619 | int i; |
1da177e4 | 620 | |
09229edb BF |
621 | for (i=0; i < a->n; i++) |
622 | allow_bits(&a->aces[i].perms, mask); | |
1da177e4 LT |
623 | } |
624 | ||
09229edb BF |
625 | static void process_one_v4_ace(struct posix_acl_state *state, |
626 | struct nfs4_ace *ace) | |
1da177e4 | 627 | { |
09229edb BF |
628 | u32 mask = ace->access_mask; |
629 | int i; | |
630 | ||
3160a711 BF |
631 | state->empty = 0; |
632 | ||
09229edb BF |
633 | switch (ace2type(ace)) { |
634 | case ACL_USER_OBJ: | |
635 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
636 | allow_bits(&state->owner, mask); | |
637 | } else { | |
638 | deny_bits(&state->owner, mask); | |
639 | } | |
640 | break; | |
641 | case ACL_USER: | |
642 | i = find_uid(state, state->users, ace->who); | |
643 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
644 | allow_bits(&state->users->aces[i].perms, mask); | |
645 | } else { | |
646 | deny_bits(&state->users->aces[i].perms, mask); | |
647 | mask = state->users->aces[i].perms.deny; | |
648 | deny_bits(&state->owner, mask); | |
649 | } | |
650 | break; | |
651 | case ACL_GROUP_OBJ: | |
652 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
653 | allow_bits(&state->group, mask); | |
654 | } else { | |
655 | deny_bits(&state->group, mask); | |
656 | mask = state->group.deny; | |
657 | deny_bits(&state->owner, mask); | |
658 | deny_bits(&state->everyone, mask); | |
659 | deny_bits_array(state->users, mask); | |
660 | deny_bits_array(state->groups, mask); | |
661 | } | |
662 | break; | |
663 | case ACL_GROUP: | |
664 | i = find_uid(state, state->groups, ace->who); | |
665 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
666 | allow_bits(&state->groups->aces[i].perms, mask); | |
667 | } else { | |
668 | deny_bits(&state->groups->aces[i].perms, mask); | |
669 | mask = state->groups->aces[i].perms.deny; | |
670 | deny_bits(&state->owner, mask); | |
671 | deny_bits(&state->group, mask); | |
672 | deny_bits(&state->everyone, mask); | |
673 | deny_bits_array(state->users, mask); | |
674 | deny_bits_array(state->groups, mask); | |
675 | } | |
676 | break; | |
677 | case ACL_OTHER: | |
678 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
679 | allow_bits(&state->owner, mask); | |
680 | allow_bits(&state->group, mask); | |
681 | allow_bits(&state->other, mask); | |
682 | allow_bits(&state->everyone, mask); | |
683 | allow_bits_array(state->users, mask); | |
684 | allow_bits_array(state->groups, mask); | |
685 | } else { | |
686 | deny_bits(&state->owner, mask); | |
687 | deny_bits(&state->group, mask); | |
688 | deny_bits(&state->other, mask); | |
689 | deny_bits(&state->everyone, mask); | |
690 | deny_bits_array(state->users, mask); | |
691 | deny_bits_array(state->groups, mask); | |
692 | } | |
1da177e4 LT |
693 | } |
694 | } | |
695 | ||
575a6290 BF |
696 | int nfs4_acl_nfsv4_to_posix(struct nfs4_acl *acl, struct posix_acl **pacl, |
697 | struct posix_acl **dpacl, unsigned int flags) | |
1da177e4 | 698 | { |
575a6290 | 699 | struct posix_acl_state effective_acl_state, default_acl_state; |
09229edb BF |
700 | struct nfs4_ace *ace; |
701 | int ret; | |
1da177e4 | 702 | |
575a6290 | 703 | ret = init_state(&effective_acl_state, acl->naces); |
09229edb | 704 | if (ret) |
575a6290 BF |
705 | return ret; |
706 | ret = init_state(&default_acl_state, acl->naces); | |
707 | if (ret) | |
708 | goto out_estate; | |
709 | ret = -EINVAL; | |
28e05dd8 | 710 | for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) { |
09229edb BF |
711 | if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE && |
712 | ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) | |
575a6290 | 713 | goto out_dstate; |
b548edc2 | 714 | if (ace->flag & ~NFS4_SUPPORTED_FLAGS) |
575a6290 | 715 | goto out_dstate; |
7bdfa68c | 716 | if ((ace->flag & NFS4_INHERITANCE_FLAGS) == 0) { |
575a6290 | 717 | process_one_v4_ace(&effective_acl_state, ace); |
b548edc2 | 718 | continue; |
7bdfa68c | 719 | } |
575a6290 BF |
720 | if (!(flags & NFS4_ACL_DIR)) |
721 | goto out_dstate; | |
7bdfa68c BF |
722 | /* |
723 | * Note that when only one of FILE_INHERIT or DIRECTORY_INHERIT | |
724 | * is set, we're effectively turning on the other. That's OK, | |
725 | * according to rfc 3530. | |
726 | */ | |
575a6290 BF |
727 | process_one_v4_ace(&default_acl_state, ace); |
728 | ||
729 | if (!(ace->flag & NFS4_ACE_INHERIT_ONLY_ACE)) | |
730 | process_one_v4_ace(&effective_acl_state, ace); | |
1da177e4 | 731 | } |
575a6290 BF |
732 | *pacl = posix_state_to_acl(&effective_acl_state, flags); |
733 | if (IS_ERR(*pacl)) { | |
734 | ret = PTR_ERR(*pacl); | |
735 | goto out_dstate; | |
736 | } | |
3160a711 BF |
737 | *dpacl = posix_state_to_acl(&default_acl_state, |
738 | flags | NFS4_ACL_TYPE_DEFAULT); | |
575a6290 BF |
739 | if (IS_ERR(*dpacl)) { |
740 | ret = PTR_ERR(*dpacl); | |
741 | posix_acl_release(*pacl); | |
742 | goto out_dstate; | |
743 | } | |
744 | sort_pacl(*pacl); | |
745 | sort_pacl(*dpacl); | |
746 | ret = 0; | |
747 | out_dstate: | |
748 | free_state(&default_acl_state); | |
749 | out_estate: | |
750 | free_state(&effective_acl_state); | |
751 | return ret; | |
1da177e4 LT |
752 | } |
753 | ||
754 | static short | |
755 | ace2type(struct nfs4_ace *ace) | |
756 | { | |
757 | switch (ace->whotype) { | |
758 | case NFS4_ACL_WHO_NAMED: | |
759 | return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? | |
760 | ACL_GROUP : ACL_USER); | |
761 | case NFS4_ACL_WHO_OWNER: | |
762 | return ACL_USER_OBJ; | |
763 | case NFS4_ACL_WHO_GROUP: | |
764 | return ACL_GROUP_OBJ; | |
765 | case NFS4_ACL_WHO_EVERYONE: | |
766 | return ACL_OTHER; | |
767 | } | |
768 | BUG(); | |
769 | return -1; | |
770 | } | |
771 | ||
772 | EXPORT_SYMBOL(nfs4_acl_posix_to_nfsv4); | |
773 | EXPORT_SYMBOL(nfs4_acl_nfsv4_to_posix); | |
774 | ||
775 | struct nfs4_acl * | |
28e05dd8 | 776 | nfs4_acl_new(int n) |
1da177e4 LT |
777 | { |
778 | struct nfs4_acl *acl; | |
779 | ||
28e05dd8 BF |
780 | acl = kmalloc(sizeof(*acl) + n*sizeof(struct nfs4_ace), GFP_KERNEL); |
781 | if (acl == NULL) | |
1da177e4 | 782 | return NULL; |
1da177e4 | 783 | acl->naces = 0; |
1da177e4 LT |
784 | return acl; |
785 | } | |
786 | ||
1da177e4 LT |
787 | static struct { |
788 | char *string; | |
789 | int stringlen; | |
790 | int type; | |
791 | } s2t_map[] = { | |
792 | { | |
793 | .string = "OWNER@", | |
794 | .stringlen = sizeof("OWNER@") - 1, | |
795 | .type = NFS4_ACL_WHO_OWNER, | |
796 | }, | |
797 | { | |
798 | .string = "GROUP@", | |
799 | .stringlen = sizeof("GROUP@") - 1, | |
800 | .type = NFS4_ACL_WHO_GROUP, | |
801 | }, | |
802 | { | |
803 | .string = "EVERYONE@", | |
804 | .stringlen = sizeof("EVERYONE@") - 1, | |
805 | .type = NFS4_ACL_WHO_EVERYONE, | |
806 | }, | |
807 | }; | |
808 | ||
809 | int | |
810 | nfs4_acl_get_whotype(char *p, u32 len) | |
811 | { | |
812 | int i; | |
813 | ||
e8c96f8c | 814 | for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { |
1da177e4 LT |
815 | if (s2t_map[i].stringlen == len && |
816 | 0 == memcmp(s2t_map[i].string, p, len)) | |
817 | return s2t_map[i].type; | |
818 | } | |
819 | return NFS4_ACL_WHO_NAMED; | |
820 | } | |
821 | ||
822 | int | |
823 | nfs4_acl_write_who(int who, char *p) | |
824 | { | |
825 | int i; | |
826 | ||
e8c96f8c | 827 | for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { |
1da177e4 LT |
828 | if (s2t_map[i].type == who) { |
829 | memcpy(p, s2t_map[i].string, s2t_map[i].stringlen); | |
830 | return s2t_map[i].stringlen; | |
831 | } | |
832 | } | |
833 | BUG(); | |
834 | return -1; | |
835 | } | |
836 | ||
1da177e4 | 837 | EXPORT_SYMBOL(nfs4_acl_new); |
1da177e4 LT |
838 | EXPORT_SYMBOL(nfs4_acl_get_whotype); |
839 | EXPORT_SYMBOL(nfs4_acl_write_who); |