1 /* 2 * fs/nfs4acl/acl.c 3 * 4 * Common NFSv4 ACL handling code. 5 * 6 * Copyright (c) 2002, 2003 The Regents of the University of Michigan. 7 * All rights reserved. 8 * 9 * Marius Aamodt Eriksen <marius@umich.edu> 10 * Jeff Sedlak <jsedlak@umich.edu> 11 * J. Bruce Fields <bfields@umich.edu> 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its 23 * contributors may be used to endorse or promote products derived 24 * from this software without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 28 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 29 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 33 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 34 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 35 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 36 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 37 */ 38 39 #include <linux/string.h> 40 #include <linux/slab.h> 41 #include <linux/list.h> 42 #include <linux/types.h> 43 #include <linux/fs.h> 44 #include <linux/module.h> 45 #include <linux/nfs_fs.h> 46 #include <linux/posix_acl.h> 47 #include <linux/nfs4.h> 48 #include <linux/nfs4_acl.h> 49 50 51 /* mode bit translations: */ 52 #define NFS4_READ_MODE (NFS4_ACE_READ_DATA) 53 #define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA | NFS4_ACE_APPEND_DATA) 54 #define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE 55 #define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | NFS4_ACE_SYNCHRONIZE) 56 #define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL) 57 58 /* We don't support these bits; insist they be neither allowed nor denied */ 59 #define NFS4_MASK_UNSUPP (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \ 60 | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS) 61 62 /* flags used to simulate posix default ACLs */ 63 #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ 64 | NFS4_ACE_DIRECTORY_INHERIT_ACE) 65 66 #define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS \ 67 | NFS4_ACE_INHERIT_ONLY_ACE \ 68 | NFS4_ACE_IDENTIFIER_GROUP) 69 70 #define MASK_EQUAL(mask1, mask2) \ 71 ( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) ) 72 73 static u32 74 mask_from_posix(unsigned short perm, unsigned int flags) 75 { 76 int mask = NFS4_ANYONE_MODE; 77 78 if (flags & NFS4_ACL_OWNER) 79 mask |= NFS4_OWNER_MODE; 80 if (perm & ACL_READ) 81 mask |= NFS4_READ_MODE; 82 if (perm & ACL_WRITE) 83 mask |= NFS4_WRITE_MODE; 84 if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) 85 mask |= NFS4_ACE_DELETE_CHILD; 86 if (perm & ACL_EXECUTE) 87 mask |= NFS4_EXECUTE_MODE; 88 return mask; 89 } 90 91 static u32 92 deny_mask_from_posix(unsigned short perm, u32 flags) 93 { 94 u32 mask = 0; 95 96 if (perm & ACL_READ) 97 mask |= NFS4_READ_MODE; 98 if (perm & ACL_WRITE) 99 mask |= NFS4_WRITE_MODE; 100 if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) 101 mask |= NFS4_ACE_DELETE_CHILD; 102 if (perm & ACL_EXECUTE) 103 mask |= NFS4_EXECUTE_MODE; 104 return mask; 105 } 106 107 /* XXX: modify functions to return NFS errors; they're only ever 108 * used by nfs code, after all.... */ 109 110 /* We only map from NFSv4 to POSIX ACLs when setting ACLs, when we err on the 111 * side of being more restrictive, so the mode bit mapping below is 112 * pessimistic. An optimistic version would be needed to handle DENY's, 113 * but we espect to coalesce all ALLOWs and DENYs before mapping to mode 114 * bits. */ 115 116 static void 117 low_mode_from_nfs4(u32 perm, unsigned short *mode, unsigned int flags) 118 { 119 u32 write_mode = NFS4_WRITE_MODE; 120 121 if (flags & NFS4_ACL_DIR) 122 write_mode |= NFS4_ACE_DELETE_CHILD; 123 *mode = 0; 124 if ((perm & NFS4_READ_MODE) == NFS4_READ_MODE) 125 *mode |= ACL_READ; 126 if ((perm & write_mode) == write_mode) 127 *mode |= ACL_WRITE; 128 if ((perm & NFS4_EXECUTE_MODE) == NFS4_EXECUTE_MODE) 129 *mode |= ACL_EXECUTE; 130 } 131 132 struct ace_container { 133 struct nfs4_ace *ace; 134 struct list_head ace_l; 135 }; 136 137 static short ace2type(struct nfs4_ace *); 138 static void _posix_to_nfsv4_one(struct posix_acl *, struct nfs4_acl *, 139 unsigned int); 140 141 struct nfs4_acl * 142 nfs4_acl_posix_to_nfsv4(struct posix_acl *pacl, struct posix_acl *dpacl, 143 unsigned int flags) 144 { 145 struct nfs4_acl *acl; 146 int size = 0; 147 148 if (pacl) { 149 if (posix_acl_valid(pacl) < 0) 150 return ERR_PTR(-EINVAL); 151 size += 2*pacl->a_count; 152 } 153 if (dpacl) { 154 if (posix_acl_valid(dpacl) < 0) 155 return ERR_PTR(-EINVAL); 156 size += 2*dpacl->a_count; 157 } 158 159 /* Allocate for worst case: one (deny, allow) pair each: */ 160 acl = nfs4_acl_new(size); 161 if (acl == NULL) 162 return ERR_PTR(-ENOMEM); 163 164 if (pacl) 165 _posix_to_nfsv4_one(pacl, acl, flags & ~NFS4_ACL_TYPE_DEFAULT); 166 167 if (dpacl) 168 _posix_to_nfsv4_one(dpacl, acl, flags | NFS4_ACL_TYPE_DEFAULT); 169 170 return acl; 171 } 172 173 struct posix_acl_summary { 174 unsigned short owner; 175 unsigned short users; 176 unsigned short group; 177 unsigned short groups; 178 unsigned short other; 179 unsigned short mask; 180 }; 181 182 static void 183 summarize_posix_acl(struct posix_acl *acl, struct posix_acl_summary *pas) 184 { 185 struct posix_acl_entry *pa, *pe; 186 pas->users = 0; 187 pas->groups = 0; 188 pas->mask = 07; 189 190 pe = acl->a_entries + acl->a_count; 191 192 FOREACH_ACL_ENTRY(pa, acl, pe) { 193 switch (pa->e_tag) { 194 case ACL_USER_OBJ: 195 pas->owner = pa->e_perm; 196 break; 197 case ACL_GROUP_OBJ: 198 pas->group = pa->e_perm; 199 break; 200 case ACL_USER: 201 pas->users |= pa->e_perm; 202 break; 203 case ACL_GROUP: 204 pas->groups |= pa->e_perm; 205 break; 206 case ACL_OTHER: 207 pas->other = pa->e_perm; 208 break; 209 case ACL_MASK: 210 pas->mask = pa->e_perm; 211 break; 212 } 213 } 214 /* We'll only care about effective permissions: */ 215 pas->users &= pas->mask; 216 pas->group &= pas->mask; 217 pas->groups &= pas->mask; 218 } 219 220 /* We assume the acl has been verified with posix_acl_valid. */ 221 static void 222 _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, 223 unsigned int flags) 224 { 225 struct posix_acl_entry *pa, *group_owner_entry; 226 struct nfs4_ace *ace; 227 struct posix_acl_summary pas; 228 unsigned short deny; 229 int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ? 230 NFS4_INHERITANCE_FLAGS | NFS4_ACE_INHERIT_ONLY_ACE : 0); 231 232 BUG_ON(pacl->a_count < 3); 233 summarize_posix_acl(pacl, &pas); 234 235 pa = pacl->a_entries; 236 ace = acl->aces + acl->naces; 237 238 /* We could deny everything not granted by the owner: */ 239 deny = ~pas.owner; 240 /* 241 * but it is equivalent (and simpler) to deny only what is not 242 * granted by later entries: 243 */ 244 deny &= pas.users | pas.group | pas.groups | pas.other; 245 if (deny) { 246 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; 247 ace->flag = eflag; 248 ace->access_mask = deny_mask_from_posix(deny, flags); 249 ace->whotype = NFS4_ACL_WHO_OWNER; 250 ace++; 251 acl->naces++; 252 } 253 254 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; 255 ace->flag = eflag; 256 ace->access_mask = mask_from_posix(pa->e_perm, flags | NFS4_ACL_OWNER); 257 ace->whotype = NFS4_ACL_WHO_OWNER; 258 ace++; 259 acl->naces++; 260 pa++; 261 262 while (pa->e_tag == ACL_USER) { 263 deny = ~(pa->e_perm & pas.mask); 264 deny &= pas.groups | pas.group | pas.other; 265 if (deny) { 266 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; 267 ace->flag = eflag; 268 ace->access_mask = deny_mask_from_posix(deny, flags); 269 ace->whotype = NFS4_ACL_WHO_NAMED; 270 ace->who = pa->e_id; 271 ace++; 272 acl->naces++; 273 } 274 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; 275 ace->flag = eflag; 276 ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, 277 flags); 278 ace->whotype = NFS4_ACL_WHO_NAMED; 279 ace->who = pa->e_id; 280 ace++; 281 acl->naces++; 282 pa++; 283 } 284 285 /* In the case of groups, we apply allow ACEs first, then deny ACEs, 286 * since a user can be in more than one group. */ 287 288 /* allow ACEs */ 289 290 group_owner_entry = pa; 291 292 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; 293 ace->flag = eflag; 294 ace->access_mask = mask_from_posix(pas.group, flags); 295 ace->whotype = NFS4_ACL_WHO_GROUP; 296 ace++; 297 acl->naces++; 298 pa++; 299 300 while (pa->e_tag == ACL_GROUP) { 301 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; 302 ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; 303 ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, 304 flags); 305 ace->whotype = NFS4_ACL_WHO_NAMED; 306 ace->who = pa->e_id; 307 ace++; 308 acl->naces++; 309 pa++; 310 } 311 312 /* deny ACEs */ 313 314 pa = group_owner_entry; 315 316 deny = ~pas.group & pas.other; 317 if (deny) { 318 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; 319 ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; 320 ace->access_mask = deny_mask_from_posix(deny, flags); 321 ace->whotype = NFS4_ACL_WHO_GROUP; 322 ace++; 323 acl->naces++; 324 } 325 pa++; 326 327 while (pa->e_tag == ACL_GROUP) { 328 deny = ~(pa->e_perm & pas.mask); 329 deny &= pas.other; 330 if (deny) { 331 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; 332 ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; 333 ace->access_mask = mask_from_posix(deny, flags); 334 ace->whotype = NFS4_ACL_WHO_NAMED; 335 ace->who = pa->e_id; 336 ace++; 337 acl->naces++; 338 } 339 pa++; 340 } 341 342 if (pa->e_tag == ACL_MASK) 343 pa++; 344 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; 345 ace->flag = eflag; 346 ace->access_mask = mask_from_posix(pa->e_perm, flags); 347 ace->whotype = NFS4_ACL_WHO_EVERYONE; 348 acl->naces++; 349 } 350 351 static void 352 sort_pacl_range(struct posix_acl *pacl, int start, int end) { 353 int sorted = 0, i; 354 struct posix_acl_entry tmp; 355 356 /* We just do a bubble sort; easy to do in place, and we're not 357 * expecting acl's to be long enough to justify anything more. */ 358 while (!sorted) { 359 sorted = 1; 360 for (i = start; i < end; i++) { 361 if (pacl->a_entries[i].e_id 362 > pacl->a_entries[i+1].e_id) { 363 sorted = 0; 364 tmp = pacl->a_entries[i]; 365 pacl->a_entries[i] = pacl->a_entries[i+1]; 366 pacl->a_entries[i+1] = tmp; 367 } 368 } 369 } 370 } 371 372 static void 373 sort_pacl(struct posix_acl *pacl) 374 { 375 /* posix_acl_valid requires that users and groups be in order 376 * by uid/gid. */ 377 int i, j; 378 379 if (pacl->a_count <= 4) 380 return; /* no users or groups */ 381 i = 1; 382 while (pacl->a_entries[i].e_tag == ACL_USER) 383 i++; 384 sort_pacl_range(pacl, 1, i-1); 385 386 BUG_ON(pacl->a_entries[i].e_tag != ACL_GROUP_OBJ); 387 j = i++; 388 while (pacl->a_entries[j].e_tag == ACL_GROUP) 389 j++; 390 sort_pacl_range(pacl, i, j-1); 391 return; 392 } 393 394 /* 395 * While processing the NFSv4 ACE, this maintains bitmasks representing 396 * which permission bits have been allowed and which denied to a given 397 * entity: */ 398 struct posix_ace_state { 399 u32 allow; 400 u32 deny; 401 }; 402 403 struct posix_user_ace_state { 404 uid_t uid; 405 struct posix_ace_state perms; 406 }; 407 408 struct posix_ace_state_array { 409 int n; 410 struct posix_user_ace_state aces[]; 411 }; 412 413 /* 414 * While processing the NFSv4 ACE, this maintains the partial permissions 415 * calculated so far: */ 416 417 struct posix_acl_state { 418 int empty; 419 struct posix_ace_state owner; 420 struct posix_ace_state group; 421 struct posix_ace_state other; 422 struct posix_ace_state everyone; 423 struct posix_ace_state mask; /* Deny unused in this case */ 424 struct posix_ace_state_array *users; 425 struct posix_ace_state_array *groups; 426 }; 427 428 static int 429 init_state(struct posix_acl_state *state, int cnt) 430 { 431 int alloc; 432 433 memset(state, 0, sizeof(struct posix_acl_state)); 434 state->empty = 1; 435 /* 436 * In the worst case, each individual acl could be for a distinct 437 * named user or group, but we don't no which, so we allocate 438 * enough space for either: 439 */ 440 alloc = sizeof(struct posix_ace_state_array) 441 + cnt*sizeof(struct posix_ace_state); 442 state->users = kzalloc(alloc, GFP_KERNEL); 443 if (!state->users) 444 return -ENOMEM; 445 state->groups = kzalloc(alloc, GFP_KERNEL); 446 if (!state->groups) { 447 kfree(state->users); 448 return -ENOMEM; 449 } 450 return 0; 451 } 452 453 static void 454 free_state(struct posix_acl_state *state) { 455 kfree(state->users); 456 kfree(state->groups); 457 } 458 459 static inline void add_to_mask(struct posix_acl_state *state, struct posix_ace_state *astate) 460 { 461 state->mask.allow |= astate->allow; 462 } 463 464 /* 465 * Certain bits (SYNCHRONIZE, DELETE, WRITE_OWNER, READ/WRITE_NAMED_ATTRS, 466 * READ_ATTRIBUTES, READ_ACL) are currently unenforceable and don't translate 467 * to traditional read/write/execute permissions. 468 * 469 * It's problematic to reject acls that use certain mode bits, because it 470 * places the burden on users to learn the rules about which bits one 471 * particular server sets, without giving the user a lot of help--we return an 472 * error that could mean any number of different things. To make matters 473 * worse, the problematic bits might be introduced by some application that's 474 * automatically mapping from some other acl model. 475 * 476 * So wherever possible we accept anything, possibly erring on the side of 477 * denying more permissions than necessary. 478 * 479 * However we do reject *explicit* DENY's of a few bits representing 480 * permissions we could never deny: 481 */ 482 483 static inline int check_deny(u32 mask, int isowner) 484 { 485 if (mask & (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL)) 486 return -EINVAL; 487 if (!isowner) 488 return 0; 489 if (mask & (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL)) 490 return -EINVAL; 491 return 0; 492 } 493 494 static struct posix_acl * 495 posix_state_to_acl(struct posix_acl_state *state, unsigned int flags) 496 { 497 struct posix_acl_entry *pace; 498 struct posix_acl *pacl; 499 int nace; 500 int i, error = 0; 501 502 /* 503 * ACLs with no ACEs are treated differently in the inheritable 504 * and effective cases: when there are no inheritable ACEs, we 505 * set a zero-length default posix acl: 506 */ 507 if (state->empty && (flags & NFS4_ACL_TYPE_DEFAULT)) { 508 pacl = posix_acl_alloc(0, GFP_KERNEL); 509 return pacl ? pacl : ERR_PTR(-ENOMEM); 510 } 511 /* 512 * When there are no effective ACEs, the following will end 513 * up setting a 3-element effective posix ACL with all 514 * permissions zero. 515 */ 516 nace = 4 + state->users->n + state->groups->n; 517 pacl = posix_acl_alloc(nace, GFP_KERNEL); 518 if (!pacl) 519 return ERR_PTR(-ENOMEM); 520 521 pace = pacl->a_entries; 522 pace->e_tag = ACL_USER_OBJ; 523 error = check_deny(state->owner.deny, 1); 524 if (error) 525 goto out_err; 526 low_mode_from_nfs4(state->owner.allow, &pace->e_perm, flags); 527 pace->e_id = ACL_UNDEFINED_ID; 528 529 for (i=0; i < state->users->n; i++) { 530 pace++; 531 pace->e_tag = ACL_USER; 532 error = check_deny(state->users->aces[i].perms.deny, 0); 533 if (error) 534 goto out_err; 535 low_mode_from_nfs4(state->users->aces[i].perms.allow, 536 &pace->e_perm, flags); 537 pace->e_id = state->users->aces[i].uid; 538 add_to_mask(state, &state->users->aces[i].perms); 539 } 540 541 pace++; 542 pace->e_tag = ACL_GROUP_OBJ; 543 error = check_deny(state->group.deny, 0); 544 if (error) 545 goto out_err; 546 low_mode_from_nfs4(state->group.allow, &pace->e_perm, flags); 547 pace->e_id = ACL_UNDEFINED_ID; 548 add_to_mask(state, &state->group); 549 550 for (i=0; i < state->groups->n; i++) { 551 pace++; 552 pace->e_tag = ACL_GROUP; 553 error = check_deny(state->groups->aces[i].perms.deny, 0); 554 if (error) 555 goto out_err; 556 low_mode_from_nfs4(state->groups->aces[i].perms.allow, 557 &pace->e_perm, flags); 558 pace->e_id = state->groups->aces[i].uid; 559 add_to_mask(state, &state->groups->aces[i].perms); 560 } 561 562 pace++; 563 pace->e_tag = ACL_MASK; 564 low_mode_from_nfs4(state->mask.allow, &pace->e_perm, flags); 565 pace->e_id = ACL_UNDEFINED_ID; 566 567 pace++; 568 pace->e_tag = ACL_OTHER; 569 error = check_deny(state->other.deny, 0); 570 if (error) 571 goto out_err; 572 low_mode_from_nfs4(state->other.allow, &pace->e_perm, flags); 573 pace->e_id = ACL_UNDEFINED_ID; 574 575 return pacl; 576 out_err: 577 posix_acl_release(pacl); 578 return ERR_PTR(error); 579 } 580 581 static inline void allow_bits(struct posix_ace_state *astate, u32 mask) 582 { 583 /* Allow all bits in the mask not already denied: */ 584 astate->allow |= mask & ~astate->deny; 585 } 586 587 static inline void deny_bits(struct posix_ace_state *astate, u32 mask) 588 { 589 /* Deny all bits in the mask not already allowed: */ 590 astate->deny |= mask & ~astate->allow; 591 } 592 593 static int find_uid(struct posix_acl_state *state, struct posix_ace_state_array *a, uid_t uid) 594 { 595 int i; 596 597 for (i = 0; i < a->n; i++) 598 if (a->aces[i].uid == uid) 599 return i; 600 /* Not found: */ 601 a->n++; 602 a->aces[i].uid = uid; 603 a->aces[i].perms.allow = state->everyone.allow; 604 a->aces[i].perms.deny = state->everyone.deny; 605 606 return i; 607 } 608 609 static void deny_bits_array(struct posix_ace_state_array *a, u32 mask) 610 { 611 int i; 612 613 for (i=0; i < a->n; i++) 614 deny_bits(&a->aces[i].perms, mask); 615 } 616 617 static void allow_bits_array(struct posix_ace_state_array *a, u32 mask) 618 { 619 int i; 620 621 for (i=0; i < a->n; i++) 622 allow_bits(&a->aces[i].perms, mask); 623 } 624 625 static void process_one_v4_ace(struct posix_acl_state *state, 626 struct nfs4_ace *ace) 627 { 628 u32 mask = ace->access_mask; 629 int i; 630 631 state->empty = 0; 632 633 switch (ace2type(ace)) { 634 case ACL_USER_OBJ: 635 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { 636 allow_bits(&state->owner, mask); 637 } else { 638 deny_bits(&state->owner, mask); 639 } 640 break; 641 case ACL_USER: 642 i = find_uid(state, state->users, ace->who); 643 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { 644 allow_bits(&state->users->aces[i].perms, mask); 645 } else { 646 deny_bits(&state->users->aces[i].perms, mask); 647 mask = state->users->aces[i].perms.deny; 648 deny_bits(&state->owner, mask); 649 } 650 break; 651 case ACL_GROUP_OBJ: 652 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { 653 allow_bits(&state->group, mask); 654 } else { 655 deny_bits(&state->group, mask); 656 mask = state->group.deny; 657 deny_bits(&state->owner, mask); 658 deny_bits(&state->everyone, mask); 659 deny_bits_array(state->users, mask); 660 deny_bits_array(state->groups, mask); 661 } 662 break; 663 case ACL_GROUP: 664 i = find_uid(state, state->groups, ace->who); 665 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { 666 allow_bits(&state->groups->aces[i].perms, mask); 667 } else { 668 deny_bits(&state->groups->aces[i].perms, mask); 669 mask = state->groups->aces[i].perms.deny; 670 deny_bits(&state->owner, mask); 671 deny_bits(&state->group, mask); 672 deny_bits(&state->everyone, mask); 673 deny_bits_array(state->users, mask); 674 deny_bits_array(state->groups, mask); 675 } 676 break; 677 case ACL_OTHER: 678 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { 679 allow_bits(&state->owner, mask); 680 allow_bits(&state->group, mask); 681 allow_bits(&state->other, mask); 682 allow_bits(&state->everyone, mask); 683 allow_bits_array(state->users, mask); 684 allow_bits_array(state->groups, mask); 685 } else { 686 deny_bits(&state->owner, mask); 687 deny_bits(&state->group, mask); 688 deny_bits(&state->other, mask); 689 deny_bits(&state->everyone, mask); 690 deny_bits_array(state->users, mask); 691 deny_bits_array(state->groups, mask); 692 } 693 } 694 } 695 696 int nfs4_acl_nfsv4_to_posix(struct nfs4_acl *acl, struct posix_acl **pacl, 697 struct posix_acl **dpacl, unsigned int flags) 698 { 699 struct posix_acl_state effective_acl_state, default_acl_state; 700 struct nfs4_ace *ace; 701 int ret; 702 703 ret = init_state(&effective_acl_state, acl->naces); 704 if (ret) 705 return ret; 706 ret = init_state(&default_acl_state, acl->naces); 707 if (ret) 708 goto out_estate; 709 ret = -EINVAL; 710 for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) { 711 if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE && 712 ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) 713 goto out_dstate; 714 if (ace->flag & ~NFS4_SUPPORTED_FLAGS) 715 goto out_dstate; 716 if ((ace->flag & NFS4_INHERITANCE_FLAGS) == 0) { 717 process_one_v4_ace(&effective_acl_state, ace); 718 continue; 719 } 720 if (!(flags & NFS4_ACL_DIR)) 721 goto out_dstate; 722 /* 723 * Note that when only one of FILE_INHERIT or DIRECTORY_INHERIT 724 * is set, we're effectively turning on the other. That's OK, 725 * according to rfc 3530. 726 */ 727 process_one_v4_ace(&default_acl_state, ace); 728 729 if (!(ace->flag & NFS4_ACE_INHERIT_ONLY_ACE)) 730 process_one_v4_ace(&effective_acl_state, ace); 731 } 732 *pacl = posix_state_to_acl(&effective_acl_state, flags); 733 if (IS_ERR(*pacl)) { 734 ret = PTR_ERR(*pacl); 735 goto out_dstate; 736 } 737 *dpacl = posix_state_to_acl(&default_acl_state, 738 flags | NFS4_ACL_TYPE_DEFAULT); 739 if (IS_ERR(*dpacl)) { 740 ret = PTR_ERR(*dpacl); 741 posix_acl_release(*pacl); 742 goto out_dstate; 743 } 744 sort_pacl(*pacl); 745 sort_pacl(*dpacl); 746 ret = 0; 747 out_dstate: 748 free_state(&default_acl_state); 749 out_estate: 750 free_state(&effective_acl_state); 751 return ret; 752 } 753 754 static short 755 ace2type(struct nfs4_ace *ace) 756 { 757 switch (ace->whotype) { 758 case NFS4_ACL_WHO_NAMED: 759 return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? 760 ACL_GROUP : ACL_USER); 761 case NFS4_ACL_WHO_OWNER: 762 return ACL_USER_OBJ; 763 case NFS4_ACL_WHO_GROUP: 764 return ACL_GROUP_OBJ; 765 case NFS4_ACL_WHO_EVERYONE: 766 return ACL_OTHER; 767 } 768 BUG(); 769 return -1; 770 } 771 772 EXPORT_SYMBOL(nfs4_acl_posix_to_nfsv4); 773 EXPORT_SYMBOL(nfs4_acl_nfsv4_to_posix); 774 775 struct nfs4_acl * 776 nfs4_acl_new(int n) 777 { 778 struct nfs4_acl *acl; 779 780 acl = kmalloc(sizeof(*acl) + n*sizeof(struct nfs4_ace), GFP_KERNEL); 781 if (acl == NULL) 782 return NULL; 783 acl->naces = 0; 784 return acl; 785 } 786 787 static struct { 788 char *string; 789 int stringlen; 790 int type; 791 } s2t_map[] = { 792 { 793 .string = "OWNER@", 794 .stringlen = sizeof("OWNER@") - 1, 795 .type = NFS4_ACL_WHO_OWNER, 796 }, 797 { 798 .string = "GROUP@", 799 .stringlen = sizeof("GROUP@") - 1, 800 .type = NFS4_ACL_WHO_GROUP, 801 }, 802 { 803 .string = "EVERYONE@", 804 .stringlen = sizeof("EVERYONE@") - 1, 805 .type = NFS4_ACL_WHO_EVERYONE, 806 }, 807 }; 808 809 int 810 nfs4_acl_get_whotype(char *p, u32 len) 811 { 812 int i; 813 814 for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { 815 if (s2t_map[i].stringlen == len && 816 0 == memcmp(s2t_map[i].string, p, len)) 817 return s2t_map[i].type; 818 } 819 return NFS4_ACL_WHO_NAMED; 820 } 821 822 int 823 nfs4_acl_write_who(int who, char *p) 824 { 825 int i; 826 827 for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { 828 if (s2t_map[i].type == who) { 829 memcpy(p, s2t_map[i].string, s2t_map[i].stringlen); 830 return s2t_map[i].stringlen; 831 } 832 } 833 BUG(); 834 return -1; 835 } 836 837 EXPORT_SYMBOL(nfs4_acl_new); 838 EXPORT_SYMBOL(nfs4_acl_get_whotype); 839 EXPORT_SYMBOL(nfs4_acl_write_who); 840