1/* 2 * fs/nfs4acl/acl.c 3 * 4 * Common NFSv4 ACL handling code. 5 * 6 * Copyright (c) 2002, 2003 The Regents of the University of Michigan. 7 * All rights reserved. 8 * 9 * Marius Aamodt Eriksen <marius@umich.edu> 10 * Jeff Sedlak <jsedlak@umich.edu> 11 * J. Bruce Fields <bfields@umich.edu> 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its 23 * contributors may be used to endorse or promote products derived 24 * from this software without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 28 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 29 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 33 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 34 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 35 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 36 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 37 */ 38 39#include <linux/string.h> 40#include <linux/slab.h> 41#include <linux/list.h> 42#include <linux/types.h> 43#include <linux/fs.h> 44#include <linux/module.h> 45#include <linux/nfs_fs.h> 46#include <linux/posix_acl.h> 47#include <linux/nfs4.h> 48#include <linux/nfs4_acl.h> 49 50 51/* mode bit translations: */ 52#define NFS4_READ_MODE (NFS4_ACE_READ_DATA) 53#define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA | NFS4_ACE_APPEND_DATA) 54#define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE 55#define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | NFS4_ACE_SYNCHRONIZE) 56#define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL) 57 58/* We don't support these bits; insist they be neither allowed nor denied */ 59#define NFS4_MASK_UNSUPP (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \ 60 | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS) 61 62/* flags used to simulate posix default ACLs */ 63#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ 64 | NFS4_ACE_DIRECTORY_INHERIT_ACE) 65 66#define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS \ 67 | NFS4_ACE_INHERIT_ONLY_ACE \ 68 | NFS4_ACE_IDENTIFIER_GROUP) 69 70#define MASK_EQUAL(mask1, mask2) \ 71 ( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) ) 72 73static u32 74mask_from_posix(unsigned short perm, unsigned int flags) 75{ 76 int mask = NFS4_ANYONE_MODE; 77 78 if (flags & NFS4_ACL_OWNER) 79 mask |= NFS4_OWNER_MODE; 80 if (perm & ACL_READ) 81 mask |= NFS4_READ_MODE; 82 if (perm & ACL_WRITE) 83 mask |= NFS4_WRITE_MODE; 84 if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) 85 mask |= NFS4_ACE_DELETE_CHILD; 86 if (perm & ACL_EXECUTE) 87 mask |= NFS4_EXECUTE_MODE; 88 return mask; 89} 90 91static u32 92deny_mask_from_posix(unsigned short perm, u32 flags) 93{ 94 u32 mask = 0; 95 96 if (perm & ACL_READ) 97 mask |= NFS4_READ_MODE; 98 if (perm & ACL_WRITE) 99 mask |= NFS4_WRITE_MODE; 100 if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) 101 mask |= NFS4_ACE_DELETE_CHILD; 102 if (perm & ACL_EXECUTE) 103 mask |= NFS4_EXECUTE_MODE; 104 return mask; 105} 106 107 108/* We only map from NFSv4 to POSIX ACLs when setting ACLs, when we err on the 109 * side of being more restrictive, so the mode bit mapping below is 110 * pessimistic. An optimistic version would be needed to handle DENY's, 111 * but we espect to coalesce all ALLOWs and DENYs before mapping to mode 112 * bits. */ 113 114static void 115low_mode_from_nfs4(u32 perm, unsigned short *mode, unsigned int flags) 116{ 117 u32 write_mode = NFS4_WRITE_MODE; 118 119 if (flags & NFS4_ACL_DIR) 120 write_mode |= NFS4_ACE_DELETE_CHILD; 121 *mode = 0; 122 if ((perm & NFS4_READ_MODE) == NFS4_READ_MODE) 123 *mode |= ACL_READ; 124 if ((perm & write_mode) == write_mode) 125 *mode |= ACL_WRITE; 126 if ((perm & NFS4_EXECUTE_MODE) == NFS4_EXECUTE_MODE) 127 *mode |= ACL_EXECUTE; 128} 129 130struct ace_container { 131 struct nfs4_ace *ace; 132 struct list_head ace_l; 133}; 134 135static short ace2type(struct nfs4_ace *); 136static void _posix_to_nfsv4_one(struct posix_acl *, struct nfs4_acl *, 137 unsigned int); 138 139struct nfs4_acl * 140nfs4_acl_posix_to_nfsv4(struct posix_acl *pacl, struct posix_acl *dpacl, 141 unsigned int flags) 142{ 143 struct nfs4_acl *acl; 144 int size = 0; 145 146 if (pacl) { 147 if (posix_acl_valid(pacl) < 0) 148 return ERR_PTR(-EINVAL); 149 size += 2*pacl->a_count; 150 } 151 if (dpacl) { 152 if (posix_acl_valid(dpacl) < 0) 153 return ERR_PTR(-EINVAL); 154 size += 2*dpacl->a_count; 155 } 156 157 /* Allocate for worst case: one (deny, allow) pair each: */ 158 acl = nfs4_acl_new(size); 159 if (acl == NULL) 160 return ERR_PTR(-ENOMEM); 161 162 if (pacl) 163 _posix_to_nfsv4_one(pacl, acl, flags & ~NFS4_ACL_TYPE_DEFAULT); 164 165 if (dpacl) 166 _posix_to_nfsv4_one(dpacl, acl, flags | NFS4_ACL_TYPE_DEFAULT); 167 168 return acl; 169} 170 171struct posix_acl_summary { 172 unsigned short owner; 173 unsigned short users; 174 unsigned short group; 175 unsigned short groups; 176 unsigned short other; 177 unsigned short mask; 178}; 179 180static void 181summarize_posix_acl(struct posix_acl *acl, struct posix_acl_summary *pas) 182{ 183 struct posix_acl_entry *pa, *pe; 184 pas->users = 0; 185 pas->groups = 0; 186 pas->mask = 07; 187 188 pe = acl->a_entries + acl->a_count; 189 190 FOREACH_ACL_ENTRY(pa, acl, pe) { 191 switch (pa->e_tag) { 192 case ACL_USER_OBJ: 193 pas->owner = pa->e_perm; 194 break; 195 case ACL_GROUP_OBJ: 196 pas->group = pa->e_perm; 197 break; 198 case ACL_USER: 199 pas->users |= pa->e_perm; 200 break; 201 case ACL_GROUP: 202 pas->groups |= pa->e_perm; 203 break; 204 case ACL_OTHER: 205 pas->other = pa->e_perm; 206 break; 207 case ACL_MASK: 208 pas->mask = pa->e_perm; 209 break; 210 } 211 } 212 /* We'll only care about effective permissions: */ 213 pas->users &= pas->mask; 214 pas->group &= pas->mask; 215 pas->groups &= pas->mask; 216} 217 218/* We assume the acl has been verified with posix_acl_valid. */ 219static void 220_posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, 221 unsigned int flags) 222{ 223 struct posix_acl_entry *pa, *group_owner_entry; 224 struct nfs4_ace *ace; 225 struct posix_acl_summary pas; 226 unsigned short deny; 227 int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ? 228 NFS4_INHERITANCE_FLAGS | NFS4_ACE_INHERIT_ONLY_ACE : 0); 229 230 BUG_ON(pacl->a_count < 3); 231 summarize_posix_acl(pacl, &pas); 232 233 pa = pacl->a_entries; 234 ace = acl->aces + acl->naces; 235 236 /* We could deny everything not granted by the owner: */ 237 deny = ~pas.owner; 238 /* 239 * but it is equivalent (and simpler) to deny only what is not 240 * granted by later entries: 241 */ 242 deny &= pas.users | pas.group | pas.groups | pas.other; 243 if (deny) { 244 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; 245 ace->flag = eflag; 246 ace->access_mask = deny_mask_from_posix(deny, flags); 247 ace->whotype = NFS4_ACL_WHO_OWNER; 248 ace++; 249 acl->naces++; 250 } 251 252 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; 253 ace->flag = eflag; 254 ace->access_mask = mask_from_posix(pa->e_perm, flags | NFS4_ACL_OWNER); 255 ace->whotype = NFS4_ACL_WHO_OWNER; 256 ace++; 257 acl->naces++; 258 pa++; 259 260 while (pa->e_tag == ACL_USER) { 261 deny = ~(pa->e_perm & pas.mask); 262 deny &= pas.groups | pas.group | pas.other; 263 if (deny) { 264 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; 265 ace->flag = eflag; 266 ace->access_mask = deny_mask_from_posix(deny, flags); 267 ace->whotype = NFS4_ACL_WHO_NAMED; 268 ace->who = pa->e_id; 269 ace++; 270 acl->naces++; 271 } 272 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; 273 ace->flag = eflag; 274 ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, 275 flags); 276 ace->whotype = NFS4_ACL_WHO_NAMED; 277 ace->who = pa->e_id; 278 ace++; 279 acl->naces++; 280 pa++; 281 } 282 283 /* In the case of groups, we apply allow ACEs first, then deny ACEs, 284 * since a user can be in more than one group. */ 285 286 /* allow ACEs */ 287 288 group_owner_entry = pa; 289 290 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; 291 ace->flag = eflag; 292 ace->access_mask = mask_from_posix(pas.group, flags); 293 ace->whotype = NFS4_ACL_WHO_GROUP; 294 ace++; 295 acl->naces++; 296 pa++; 297 298 while (pa->e_tag == ACL_GROUP) { 299 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; 300 ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; 301 ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, 302 flags); 303 ace->whotype = NFS4_ACL_WHO_NAMED; 304 ace->who = pa->e_id; 305 ace++; 306 acl->naces++; 307 pa++; 308 } 309 310 /* deny ACEs */ 311 312 pa = group_owner_entry; 313 314 deny = ~pas.group & pas.other; 315 if (deny) { 316 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; 317 ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; 318 ace->access_mask = deny_mask_from_posix(deny, flags); 319 ace->whotype = NFS4_ACL_WHO_GROUP; 320 ace++; 321 acl->naces++; 322 } 323 pa++; 324 325 while (pa->e_tag == ACL_GROUP) { 326 deny = ~(pa->e_perm & pas.mask); 327 deny &= pas.other; 328 if (deny) { 329 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; 330 ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; 331 ace->access_mask = mask_from_posix(deny, flags); 332 ace->whotype = NFS4_ACL_WHO_NAMED; 333 ace->who = pa->e_id; 334 ace++; 335 acl->naces++; 336 } 337 pa++; 338 } 339 340 if (pa->e_tag == ACL_MASK) 341 pa++; 342 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; 343 ace->flag = eflag; 344 ace->access_mask = mask_from_posix(pa->e_perm, flags); 345 ace->whotype = NFS4_ACL_WHO_EVERYONE; 346 acl->naces++; 347} 348 349static void 350sort_pacl_range(struct posix_acl *pacl, int start, int end) { 351 int sorted = 0, i; 352 struct posix_acl_entry tmp; 353 354 /* We just do a bubble sort; easy to do in place, and we're not 355 * expecting acl's to be long enough to justify anything more. */ 356 while (!sorted) { 357 sorted = 1; 358 for (i = start; i < end; i++) { 359 if (pacl->a_entries[i].e_id 360 > pacl->a_entries[i+1].e_id) { 361 sorted = 0; 362 tmp = pacl->a_entries[i]; 363 pacl->a_entries[i] = pacl->a_entries[i+1]; 364 pacl->a_entries[i+1] = tmp; 365 } 366 } 367 } 368} 369 370static void 371sort_pacl(struct posix_acl *pacl) 372{ 373 /* posix_acl_valid requires that users and groups be in order 374 * by uid/gid. */ 375 int i, j; 376 377 if (pacl->a_count <= 4) 378 return; /* no users or groups */ 379 i = 1; 380 while (pacl->a_entries[i].e_tag == ACL_USER) 381 i++; 382 sort_pacl_range(pacl, 1, i-1); 383 384 BUG_ON(pacl->a_entries[i].e_tag != ACL_GROUP_OBJ); 385 j = i++; 386 while (pacl->a_entries[j].e_tag == ACL_GROUP) 387 j++; 388 sort_pacl_range(pacl, i, j-1); 389 return; 390} 391 392/* 393 * While processing the NFSv4 ACE, this maintains bitmasks representing 394 * which permission bits have been allowed and which denied to a given 395 * entity: */ 396struct posix_ace_state { 397 u32 allow; 398 u32 deny; 399}; 400 401struct posix_user_ace_state { 402 uid_t uid; 403 struct posix_ace_state perms; 404}; 405 406struct posix_ace_state_array { 407 int n; 408 struct posix_user_ace_state aces[]; 409}; 410 411/* 412 * While processing the NFSv4 ACE, this maintains the partial permissions 413 * calculated so far: */ 414 415struct posix_acl_state { 416 int empty; 417 struct posix_ace_state owner; 418 struct posix_ace_state group; 419 struct posix_ace_state other; 420 struct posix_ace_state everyone; 421 struct posix_ace_state mask; /* Deny unused in this case */ 422 struct posix_ace_state_array *users; 423 struct posix_ace_state_array *groups; 424}; 425 426static int 427init_state(struct posix_acl_state *state, int cnt) 428{ 429 int alloc; 430 431 memset(state, 0, sizeof(struct posix_acl_state)); 432 state->empty = 1; 433 /* 434 * In the worst case, each individual acl could be for a distinct 435 * named user or group, but we don't no which, so we allocate 436 * enough space for either: 437 */ 438 alloc = sizeof(struct posix_ace_state_array) 439 + cnt*sizeof(struct posix_ace_state); 440 state->users = kzalloc(alloc, GFP_KERNEL); 441 if (!state->users) 442 return -ENOMEM; 443 state->groups = kzalloc(alloc, GFP_KERNEL); 444 if (!state->groups) { 445 kfree(state->users); 446 return -ENOMEM; 447 } 448 return 0; 449} 450 451static void 452free_state(struct posix_acl_state *state) { 453 kfree(state->users); 454 kfree(state->groups); 455} 456 457static inline void add_to_mask(struct posix_acl_state *state, struct posix_ace_state *astate) 458{ 459 state->mask.allow |= astate->allow; 460} 461 462/* 463 * Certain bits (SYNCHRONIZE, DELETE, WRITE_OWNER, READ/WRITE_NAMED_ATTRS, 464 * READ_ATTRIBUTES, READ_ACL) are currently unenforceable and don't translate 465 * to traditional read/write/execute permissions. 466 * 467 * It's problematic to reject acls that use certain mode bits, because it 468 * places the burden on users to learn the rules about which bits one 469 * particular server sets, without giving the user a lot of help--we return an 470 * error that could mean any number of different things. To make matters 471 * worse, the problematic bits might be introduced by some application that's 472 * automatically mapping from some other acl model. 473 * 474 * So wherever possible we accept anything, possibly erring on the side of 475 * denying more permissions than necessary. 476 * 477 * However we do reject *explicit* DENY's of a few bits representing 478 * permissions we could never deny: 479 */ 480 481static inline int check_deny(u32 mask, int isowner) 482{ 483 if (mask & (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL)) 484 return -EINVAL; 485 if (!isowner) 486 return 0; 487 if (mask & (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL)) 488 return -EINVAL; 489 return 0; 490} 491 492static struct posix_acl * 493posix_state_to_acl(struct posix_acl_state *state, unsigned int flags) 494{ 495 struct posix_acl_entry *pace; 496 struct posix_acl *pacl; 497 int nace; 498 int i, error = 0; 499 500 /* 501 * ACLs with no ACEs are treated differently in the inheritable 502 * and effective cases: when there are no inheritable ACEs, we 503 * set a zero-length default posix acl: 504 */ 505 if (state->empty && (flags & NFS4_ACL_TYPE_DEFAULT)) { 506 pacl = posix_acl_alloc(0, GFP_KERNEL); 507 return pacl ? pacl : ERR_PTR(-ENOMEM); 508 } 509 /* 510 * When there are no effective ACEs, the following will end 511 * up setting a 3-element effective posix ACL with all 512 * permissions zero. 513 */ 514 nace = 4 + state->users->n + state->groups->n; 515 pacl = posix_acl_alloc(nace, GFP_KERNEL); 516 if (!pacl) 517 return ERR_PTR(-ENOMEM); 518 519 pace = pacl->a_entries; 520 pace->e_tag = ACL_USER_OBJ; 521 error = check_deny(state->owner.deny, 1); 522 if (error) 523 goto out_err; 524 low_mode_from_nfs4(state->owner.allow, &pace->e_perm, flags); 525 pace->e_id = ACL_UNDEFINED_ID; 526 527 for (i=0; i < state->users->n; i++) { 528 pace++; 529 pace->e_tag = ACL_USER; 530 error = check_deny(state->users->aces[i].perms.deny, 0); 531 if (error) 532 goto out_err; 533 low_mode_from_nfs4(state->users->aces[i].perms.allow, 534 &pace->e_perm, flags); 535 pace->e_id = state->users->aces[i].uid; 536 add_to_mask(state, &state->users->aces[i].perms); 537 } 538 539 pace++; 540 pace->e_tag = ACL_GROUP_OBJ; 541 error = check_deny(state->group.deny, 0); 542 if (error) 543 goto out_err; 544 low_mode_from_nfs4(state->group.allow, &pace->e_perm, flags); 545 pace->e_id = ACL_UNDEFINED_ID; 546 add_to_mask(state, &state->group); 547 548 for (i=0; i < state->groups->n; i++) { 549 pace++; 550 pace->e_tag = ACL_GROUP; 551 error = check_deny(state->groups->aces[i].perms.deny, 0); 552 if (error) 553 goto out_err; 554 low_mode_from_nfs4(state->groups->aces[i].perms.allow, 555 &pace->e_perm, flags); 556 pace->e_id = state->groups->aces[i].uid; 557 add_to_mask(state, &state->groups->aces[i].perms); 558 } 559 560 pace++; 561 pace->e_tag = ACL_MASK; 562 low_mode_from_nfs4(state->mask.allow, &pace->e_perm, flags); 563 pace->e_id = ACL_UNDEFINED_ID; 564 565 pace++; 566 pace->e_tag = ACL_OTHER; 567 error = check_deny(state->other.deny, 0); 568 if (error) 569 goto out_err; 570 low_mode_from_nfs4(state->other.allow, &pace->e_perm, flags); 571 pace->e_id = ACL_UNDEFINED_ID; 572 573 return pacl; 574out_err: 575 posix_acl_release(pacl); 576 return ERR_PTR(error); 577} 578 579static inline void allow_bits(struct posix_ace_state *astate, u32 mask) 580{ 581 /* Allow all bits in the mask not already denied: */ 582 astate->allow |= mask & ~astate->deny; 583} 584 585static inline void deny_bits(struct posix_ace_state *astate, u32 mask) 586{ 587 /* Deny all bits in the mask not already allowed: */ 588 astate->deny |= mask & ~astate->allow; 589} 590 591static int find_uid(struct posix_acl_state *state, struct posix_ace_state_array *a, uid_t uid) 592{ 593 int i; 594 595 for (i = 0; i < a->n; i++) 596 if (a->aces[i].uid == uid) 597 return i; 598 /* Not found: */ 599 a->n++; 600 a->aces[i].uid = uid; 601 a->aces[i].perms.allow = state->everyone.allow; 602 a->aces[i].perms.deny = state->everyone.deny; 603 604 return i; 605} 606 607static void deny_bits_array(struct posix_ace_state_array *a, u32 mask) 608{ 609 int i; 610 611 for (i=0; i < a->n; i++) 612 deny_bits(&a->aces[i].perms, mask); 613} 614 615static void allow_bits_array(struct posix_ace_state_array *a, u32 mask) 616{ 617 int i; 618 619 for (i=0; i < a->n; i++) 620 allow_bits(&a->aces[i].perms, mask); 621} 622 623static void process_one_v4_ace(struct posix_acl_state *state, 624 struct nfs4_ace *ace) 625{ 626 u32 mask = ace->access_mask; 627 int i; 628 629 state->empty = 0; 630 631 switch (ace2type(ace)) { 632 case ACL_USER_OBJ: 633 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { 634 allow_bits(&state->owner, mask); 635 } else { 636 deny_bits(&state->owner, mask); 637 } 638 break; 639 case ACL_USER: 640 i = find_uid(state, state->users, ace->who); 641 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { 642 allow_bits(&state->users->aces[i].perms, mask); 643 } else { 644 deny_bits(&state->users->aces[i].perms, mask); 645 mask = state->users->aces[i].perms.deny; 646 deny_bits(&state->owner, mask); 647 } 648 break; 649 case ACL_GROUP_OBJ: 650 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { 651 allow_bits(&state->group, mask); 652 } else { 653 deny_bits(&state->group, mask); 654 mask = state->group.deny; 655 deny_bits(&state->owner, mask); 656 deny_bits(&state->everyone, mask); 657 deny_bits_array(state->users, mask); 658 deny_bits_array(state->groups, mask); 659 } 660 break; 661 case ACL_GROUP: 662 i = find_uid(state, state->groups, ace->who); 663 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { 664 allow_bits(&state->groups->aces[i].perms, mask); 665 } else { 666 deny_bits(&state->groups->aces[i].perms, mask); 667 mask = state->groups->aces[i].perms.deny; 668 deny_bits(&state->owner, mask); 669 deny_bits(&state->group, mask); 670 deny_bits(&state->everyone, mask); 671 deny_bits_array(state->users, mask); 672 deny_bits_array(state->groups, mask); 673 } 674 break; 675 case ACL_OTHER: 676 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { 677 allow_bits(&state->owner, mask); 678 allow_bits(&state->group, mask); 679 allow_bits(&state->other, mask); 680 allow_bits(&state->everyone, mask); 681 allow_bits_array(state->users, mask); 682 allow_bits_array(state->groups, mask); 683 } else { 684 deny_bits(&state->owner, mask); 685 deny_bits(&state->group, mask); 686 deny_bits(&state->other, mask); 687 deny_bits(&state->everyone, mask); 688 deny_bits_array(state->users, mask); 689 deny_bits_array(state->groups, mask); 690 } 691 } 692} 693 694int nfs4_acl_nfsv4_to_posix(struct nfs4_acl *acl, struct posix_acl **pacl, 695 struct posix_acl **dpacl, unsigned int flags) 696{ 697 struct posix_acl_state effective_acl_state, default_acl_state; 698 struct nfs4_ace *ace; 699 int ret; 700 701 ret = init_state(&effective_acl_state, acl->naces); 702 if (ret) 703 return ret; 704 ret = init_state(&default_acl_state, acl->naces); 705 if (ret) 706 goto out_estate; 707 ret = -EINVAL; 708 for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) { 709 if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE && 710 ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) 711 goto out_dstate; 712 if (ace->flag & ~NFS4_SUPPORTED_FLAGS) 713 goto out_dstate; 714 if ((ace->flag & NFS4_INHERITANCE_FLAGS) == 0) { 715 process_one_v4_ace(&effective_acl_state, ace); 716 continue; 717 } 718 if (!(flags & NFS4_ACL_DIR)) 719 goto out_dstate; 720 /* 721 * Note that when only one of FILE_INHERIT or DIRECTORY_INHERIT 722 * is set, we're effectively turning on the other. That's OK, 723 * according to rfc 3530. 724 */ 725 process_one_v4_ace(&default_acl_state, ace); 726 727 if (!(ace->flag & NFS4_ACE_INHERIT_ONLY_ACE)) 728 process_one_v4_ace(&effective_acl_state, ace); 729 } 730 *pacl = posix_state_to_acl(&effective_acl_state, flags); 731 if (IS_ERR(*pacl)) { 732 ret = PTR_ERR(*pacl); 733 goto out_dstate; 734 } 735 *dpacl = posix_state_to_acl(&default_acl_state, 736 flags | NFS4_ACL_TYPE_DEFAULT); 737 if (IS_ERR(*dpacl)) { 738 ret = PTR_ERR(*dpacl); 739 posix_acl_release(*pacl); 740 goto out_dstate; 741 } 742 sort_pacl(*pacl); 743 sort_pacl(*dpacl); 744 ret = 0; 745out_dstate: 746 free_state(&default_acl_state); 747out_estate: 748 free_state(&effective_acl_state); 749 return ret; 750} 751 752static short 753ace2type(struct nfs4_ace *ace) 754{ 755 switch (ace->whotype) { 756 case NFS4_ACL_WHO_NAMED: 757 return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? 758 ACL_GROUP : ACL_USER); 759 case NFS4_ACL_WHO_OWNER: 760 return ACL_USER_OBJ; 761 case NFS4_ACL_WHO_GROUP: 762 return ACL_GROUP_OBJ; 763 case NFS4_ACL_WHO_EVERYONE: 764 return ACL_OTHER; 765 } 766 BUG(); 767 return -1; 768} 769 770EXPORT_SYMBOL(nfs4_acl_posix_to_nfsv4); 771EXPORT_SYMBOL(nfs4_acl_nfsv4_to_posix); 772 773struct nfs4_acl * 774nfs4_acl_new(int n) 775{ 776 struct nfs4_acl *acl; 777 778 acl = kmalloc(sizeof(*acl) + n*sizeof(struct nfs4_ace), GFP_KERNEL); 779 if (acl == NULL) 780 return NULL; 781 acl->naces = 0; 782 return acl; 783} 784 785static struct { 786 char *string; 787 int stringlen; 788 int type; 789} s2t_map[] = { 790 { 791 .string = "OWNER@", 792 .stringlen = sizeof("OWNER@") - 1, 793 .type = NFS4_ACL_WHO_OWNER, 794 }, 795 { 796 .string = "GROUP@", 797 .stringlen = sizeof("GROUP@") - 1, 798 .type = NFS4_ACL_WHO_GROUP, 799 }, 800 { 801 .string = "EVERYONE@", 802 .stringlen = sizeof("EVERYONE@") - 1, 803 .type = NFS4_ACL_WHO_EVERYONE, 804 }, 805}; 806 807int 808nfs4_acl_get_whotype(char *p, u32 len) 809{ 810 int i; 811 812 for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { 813 if (s2t_map[i].stringlen == len && 814 0 == memcmp(s2t_map[i].string, p, len)) 815 return s2t_map[i].type; 816 } 817 return NFS4_ACL_WHO_NAMED; 818} 819 820int 821nfs4_acl_write_who(int who, char *p) 822{ 823 int i; 824 825 for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { 826 if (s2t_map[i].type == who) { 827 memcpy(p, s2t_map[i].string, s2t_map[i].stringlen); 828 return s2t_map[i].stringlen; 829 } 830 } 831 BUG(); 832 return -1; 833} 834 835EXPORT_SYMBOL(nfs4_acl_new); 836EXPORT_SYMBOL(nfs4_acl_get_whotype); 837EXPORT_SYMBOL(nfs4_acl_write_who); 838