Commit | Line | Data |
---|---|---|
1da177e4 | 1 | /* |
1da177e4 LT |
2 | * Common NFSv4 ACL handling code. |
3 | * | |
4 | * Copyright (c) 2002, 2003 The Regents of the University of Michigan. | |
5 | * All rights reserved. | |
6 | * | |
7 | * Marius Aamodt Eriksen <marius@umich.edu> | |
8 | * Jeff Sedlak <jsedlak@umich.edu> | |
9 | * J. Bruce Fields <bfields@umich.edu> | |
10 | * | |
11 | * Redistribution and use in source and binary forms, with or without | |
12 | * modification, are permitted provided that the following conditions | |
13 | * are met: | |
14 | * | |
15 | * 1. Redistributions of source code must retain the above copyright | |
16 | * notice, this list of conditions and the following disclaimer. | |
17 | * 2. Redistributions in binary form must reproduce the above copyright | |
18 | * notice, this list of conditions and the following disclaimer in the | |
19 | * documentation and/or other materials provided with the distribution. | |
20 | * 3. Neither the name of the University nor the names of its | |
21 | * contributors may be used to endorse or promote products derived | |
22 | * from this software without specific prior written permission. | |
23 | * | |
24 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED | |
25 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | |
26 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
27 | * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
29 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
30 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR | |
31 | * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
32 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
33 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
34 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
35 | */ | |
36 | ||
1da177e4 | 37 | #include <linux/nfs_fs.h> |
1da177e4 LT |
38 | #include <linux/nfs4_acl.h> |
39 | ||
40 | ||
41 | /* mode bit translations: */ | |
42 | #define NFS4_READ_MODE (NFS4_ACE_READ_DATA) | |
43 | #define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA | NFS4_ACE_APPEND_DATA) | |
44 | #define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE | |
45 | #define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | NFS4_ACE_SYNCHRONIZE) | |
46 | #define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL) | |
47 | ||
48 | /* We don't support these bits; insist they be neither allowed nor denied */ | |
49 | #define NFS4_MASK_UNSUPP (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \ | |
50 | | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS) | |
51 | ||
52 | /* flags used to simulate posix default ACLs */ | |
53 | #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ | |
7bdfa68c | 54 | | NFS4_ACE_DIRECTORY_INHERIT_ACE) |
1da177e4 | 55 | |
7bdfa68c BF |
56 | #define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS \ |
57 | | NFS4_ACE_INHERIT_ONLY_ACE \ | |
58 | | NFS4_ACE_IDENTIFIER_GROUP) | |
b548edc2 | 59 | |
1da177e4 LT |
60 | #define MASK_EQUAL(mask1, mask2) \ |
61 | ( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) ) | |
62 | ||
63 | static u32 | |
64 | mask_from_posix(unsigned short perm, unsigned int flags) | |
65 | { | |
66 | int mask = NFS4_ANYONE_MODE; | |
67 | ||
68 | if (flags & NFS4_ACL_OWNER) | |
69 | mask |= NFS4_OWNER_MODE; | |
70 | if (perm & ACL_READ) | |
71 | mask |= NFS4_READ_MODE; | |
72 | if (perm & ACL_WRITE) | |
73 | mask |= NFS4_WRITE_MODE; | |
74 | if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) | |
75 | mask |= NFS4_ACE_DELETE_CHILD; | |
76 | if (perm & ACL_EXECUTE) | |
77 | mask |= NFS4_EXECUTE_MODE; | |
78 | return mask; | |
79 | } | |
80 | ||
81 | static u32 | |
bec50c47 | 82 | deny_mask_from_posix(unsigned short perm, u32 flags) |
1da177e4 | 83 | { |
bec50c47 BF |
84 | u32 mask = 0; |
85 | ||
86 | if (perm & ACL_READ) | |
87 | mask |= NFS4_READ_MODE; | |
88 | if (perm & ACL_WRITE) | |
89 | mask |= NFS4_WRITE_MODE; | |
90 | if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) | |
91 | mask |= NFS4_ACE_DELETE_CHILD; | |
92 | if (perm & ACL_EXECUTE) | |
93 | mask |= NFS4_EXECUTE_MODE; | |
94 | return mask; | |
1da177e4 LT |
95 | } |
96 | ||
97 | /* XXX: modify functions to return NFS errors; they're only ever | |
98 | * used by nfs code, after all.... */ | |
99 | ||
09229edb BF |
100 | /* We only map from NFSv4 to POSIX ACLs when setting ACLs, when we err on the |
101 | * side of being more restrictive, so the mode bit mapping below is | |
102 | * pessimistic. An optimistic version would be needed to handle DENY's, | |
103 | * but we espect to coalesce all ALLOWs and DENYs before mapping to mode | |
104 | * bits. */ | |
105 | ||
106 | static void | |
107 | low_mode_from_nfs4(u32 perm, unsigned short *mode, unsigned int flags) | |
1da177e4 | 108 | { |
09229edb | 109 | u32 write_mode = NFS4_WRITE_MODE; |
1da177e4 | 110 | |
09229edb BF |
111 | if (flags & NFS4_ACL_DIR) |
112 | write_mode |= NFS4_ACE_DELETE_CHILD; | |
1da177e4 LT |
113 | *mode = 0; |
114 | if ((perm & NFS4_READ_MODE) == NFS4_READ_MODE) | |
115 | *mode |= ACL_READ; | |
09229edb | 116 | if ((perm & write_mode) == write_mode) |
1da177e4 LT |
117 | *mode |= ACL_WRITE; |
118 | if ((perm & NFS4_EXECUTE_MODE) == NFS4_EXECUTE_MODE) | |
119 | *mode |= ACL_EXECUTE; | |
1da177e4 LT |
120 | } |
121 | ||
122 | struct ace_container { | |
123 | struct nfs4_ace *ace; | |
124 | struct list_head ace_l; | |
125 | }; | |
126 | ||
127 | static short ace2type(struct nfs4_ace *); | |
28e05dd8 BF |
128 | static void _posix_to_nfsv4_one(struct posix_acl *, struct nfs4_acl *, |
129 | unsigned int); | |
1da177e4 LT |
130 | |
131 | struct nfs4_acl * | |
132 | nfs4_acl_posix_to_nfsv4(struct posix_acl *pacl, struct posix_acl *dpacl, | |
133 | unsigned int flags) | |
134 | { | |
135 | struct nfs4_acl *acl; | |
28e05dd8 | 136 | int size = 0; |
1da177e4 | 137 | |
28e05dd8 BF |
138 | if (pacl) { |
139 | if (posix_acl_valid(pacl) < 0) | |
140 | return ERR_PTR(-EINVAL); | |
141 | size += 2*pacl->a_count; | |
1da177e4 | 142 | } |
28e05dd8 BF |
143 | if (dpacl) { |
144 | if (posix_acl_valid(dpacl) < 0) | |
145 | return ERR_PTR(-EINVAL); | |
146 | size += 2*dpacl->a_count; | |
1da177e4 LT |
147 | } |
148 | ||
28e05dd8 BF |
149 | /* Allocate for worst case: one (deny, allow) pair each: */ |
150 | acl = nfs4_acl_new(size); | |
151 | if (acl == NULL) | |
152 | return ERR_PTR(-ENOMEM); | |
1da177e4 | 153 | |
28e05dd8 BF |
154 | if (pacl) |
155 | _posix_to_nfsv4_one(pacl, acl, flags & ~NFS4_ACL_TYPE_DEFAULT); | |
1da177e4 | 156 | |
28e05dd8 BF |
157 | if (dpacl) |
158 | _posix_to_nfsv4_one(dpacl, acl, flags | NFS4_ACL_TYPE_DEFAULT); | |
1da177e4 LT |
159 | |
160 | return acl; | |
161 | } | |
162 | ||
bec50c47 BF |
163 | struct posix_acl_summary { |
164 | unsigned short owner; | |
165 | unsigned short users; | |
166 | unsigned short group; | |
167 | unsigned short groups; | |
168 | unsigned short other; | |
169 | unsigned short mask; | |
170 | }; | |
171 | ||
28e05dd8 | 172 | static void |
bec50c47 | 173 | summarize_posix_acl(struct posix_acl *acl, struct posix_acl_summary *pas) |
1da177e4 | 174 | { |
bec50c47 | 175 | struct posix_acl_entry *pa, *pe; |
f7fede4b BF |
176 | |
177 | /* | |
178 | * Only pas.users and pas.groups need initialization; previous | |
179 | * posix_acl_valid() calls ensure that the other fields will be | |
180 | * initialized in the following loop. But, just to placate gcc: | |
181 | */ | |
182 | memset(pas, 0, sizeof(*pas)); | |
bec50c47 BF |
183 | pas->mask = 07; |
184 | ||
185 | pe = acl->a_entries + acl->a_count; | |
186 | ||
187 | FOREACH_ACL_ENTRY(pa, acl, pe) { | |
188 | switch (pa->e_tag) { | |
189 | case ACL_USER_OBJ: | |
190 | pas->owner = pa->e_perm; | |
191 | break; | |
192 | case ACL_GROUP_OBJ: | |
193 | pas->group = pa->e_perm; | |
194 | break; | |
195 | case ACL_USER: | |
196 | pas->users |= pa->e_perm; | |
197 | break; | |
198 | case ACL_GROUP: | |
199 | pas->groups |= pa->e_perm; | |
200 | break; | |
201 | case ACL_OTHER: | |
202 | pas->other = pa->e_perm; | |
203 | break; | |
204 | case ACL_MASK: | |
205 | pas->mask = pa->e_perm; | |
206 | break; | |
207 | } | |
208 | } | |
209 | /* We'll only care about effective permissions: */ | |
210 | pas->users &= pas->mask; | |
211 | pas->group &= pas->mask; | |
212 | pas->groups &= pas->mask; | |
1da177e4 LT |
213 | } |
214 | ||
215 | /* We assume the acl has been verified with posix_acl_valid. */ | |
28e05dd8 | 216 | static void |
1da177e4 LT |
217 | _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, |
218 | unsigned int flags) | |
219 | { | |
bec50c47 BF |
220 | struct posix_acl_entry *pa, *group_owner_entry; |
221 | struct nfs4_ace *ace; | |
222 | struct posix_acl_summary pas; | |
223 | unsigned short deny; | |
1da177e4 | 224 | int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ? |
54c04409 | 225 | NFS4_INHERITANCE_FLAGS | NFS4_ACE_INHERIT_ONLY_ACE : 0); |
1da177e4 LT |
226 | |
227 | BUG_ON(pacl->a_count < 3); | |
bec50c47 | 228 | summarize_posix_acl(pacl, &pas); |
1da177e4 LT |
229 | |
230 | pa = pacl->a_entries; | |
bec50c47 BF |
231 | ace = acl->aces + acl->naces; |
232 | ||
233 | /* We could deny everything not granted by the owner: */ | |
234 | deny = ~pas.owner; | |
235 | /* | |
236 | * but it is equivalent (and simpler) to deny only what is not | |
237 | * granted by later entries: | |
238 | */ | |
239 | deny &= pas.users | pas.group | pas.groups | pas.other; | |
240 | if (deny) { | |
241 | ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; | |
242 | ace->flag = eflag; | |
243 | ace->access_mask = deny_mask_from_posix(deny, flags); | |
244 | ace->whotype = NFS4_ACL_WHO_OWNER; | |
245 | ace++; | |
246 | acl->naces++; | |
247 | } | |
248 | ||
249 | ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; | |
250 | ace->flag = eflag; | |
251 | ace->access_mask = mask_from_posix(pa->e_perm, flags | NFS4_ACL_OWNER); | |
252 | ace->whotype = NFS4_ACL_WHO_OWNER; | |
253 | ace++; | |
254 | acl->naces++; | |
1da177e4 LT |
255 | pa++; |
256 | ||
257 | while (pa->e_tag == ACL_USER) { | |
bec50c47 BF |
258 | deny = ~(pa->e_perm & pas.mask); |
259 | deny &= pas.groups | pas.group | pas.other; | |
260 | if (deny) { | |
261 | ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; | |
262 | ace->flag = eflag; | |
263 | ace->access_mask = deny_mask_from_posix(deny, flags); | |
264 | ace->whotype = NFS4_ACL_WHO_NAMED; | |
265 | ace->who = pa->e_id; | |
266 | ace++; | |
267 | acl->naces++; | |
268 | } | |
269 | ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; | |
270 | ace->flag = eflag; | |
271 | ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, | |
272 | flags); | |
273 | ace->whotype = NFS4_ACL_WHO_NAMED; | |
274 | ace->who = pa->e_id; | |
275 | ace++; | |
276 | acl->naces++; | |
1da177e4 LT |
277 | pa++; |
278 | } | |
279 | ||
280 | /* In the case of groups, we apply allow ACEs first, then deny ACEs, | |
281 | * since a user can be in more than one group. */ | |
282 | ||
283 | /* allow ACEs */ | |
284 | ||
1da177e4 | 285 | group_owner_entry = pa; |
bec50c47 BF |
286 | |
287 | ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; | |
288 | ace->flag = eflag; | |
289 | ace->access_mask = mask_from_posix(pas.group, flags); | |
290 | ace->whotype = NFS4_ACL_WHO_GROUP; | |
291 | ace++; | |
292 | acl->naces++; | |
1da177e4 LT |
293 | pa++; |
294 | ||
295 | while (pa->e_tag == ACL_GROUP) { | |
bec50c47 BF |
296 | ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; |
297 | ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; | |
298 | ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, | |
299 | flags); | |
300 | ace->whotype = NFS4_ACL_WHO_NAMED; | |
301 | ace->who = pa->e_id; | |
302 | ace++; | |
303 | acl->naces++; | |
1da177e4 LT |
304 | pa++; |
305 | } | |
306 | ||
307 | /* deny ACEs */ | |
308 | ||
309 | pa = group_owner_entry; | |
bec50c47 BF |
310 | |
311 | deny = ~pas.group & pas.other; | |
312 | if (deny) { | |
313 | ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; | |
d8d0b85b | 314 | ace->flag = eflag; |
bec50c47 BF |
315 | ace->access_mask = deny_mask_from_posix(deny, flags); |
316 | ace->whotype = NFS4_ACL_WHO_GROUP; | |
317 | ace++; | |
318 | acl->naces++; | |
319 | } | |
1da177e4 | 320 | pa++; |
bec50c47 | 321 | |
1da177e4 | 322 | while (pa->e_tag == ACL_GROUP) { |
bec50c47 BF |
323 | deny = ~(pa->e_perm & pas.mask); |
324 | deny &= pas.other; | |
325 | if (deny) { | |
326 | ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; | |
327 | ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; | |
55bb55dc | 328 | ace->access_mask = deny_mask_from_posix(deny, flags); |
bec50c47 BF |
329 | ace->whotype = NFS4_ACL_WHO_NAMED; |
330 | ace->who = pa->e_id; | |
331 | ace++; | |
332 | acl->naces++; | |
333 | } | |
1da177e4 LT |
334 | pa++; |
335 | } | |
336 | ||
337 | if (pa->e_tag == ACL_MASK) | |
338 | pa++; | |
bec50c47 BF |
339 | ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; |
340 | ace->flag = eflag; | |
341 | ace->access_mask = mask_from_posix(pa->e_perm, flags); | |
342 | ace->whotype = NFS4_ACL_WHO_EVERYONE; | |
343 | acl->naces++; | |
1da177e4 LT |
344 | } |
345 | ||
346 | static void | |
347 | sort_pacl_range(struct posix_acl *pacl, int start, int end) { | |
348 | int sorted = 0, i; | |
349 | struct posix_acl_entry tmp; | |
350 | ||
351 | /* We just do a bubble sort; easy to do in place, and we're not | |
352 | * expecting acl's to be long enough to justify anything more. */ | |
353 | while (!sorted) { | |
354 | sorted = 1; | |
355 | for (i = start; i < end; i++) { | |
356 | if (pacl->a_entries[i].e_id | |
357 | > pacl->a_entries[i+1].e_id) { | |
358 | sorted = 0; | |
359 | tmp = pacl->a_entries[i]; | |
360 | pacl->a_entries[i] = pacl->a_entries[i+1]; | |
361 | pacl->a_entries[i+1] = tmp; | |
362 | } | |
363 | } | |
364 | } | |
365 | } | |
366 | ||
367 | static void | |
368 | sort_pacl(struct posix_acl *pacl) | |
369 | { | |
370 | /* posix_acl_valid requires that users and groups be in order | |
371 | * by uid/gid. */ | |
372 | int i, j; | |
373 | ||
374 | if (pacl->a_count <= 4) | |
375 | return; /* no users or groups */ | |
376 | i = 1; | |
377 | while (pacl->a_entries[i].e_tag == ACL_USER) | |
378 | i++; | |
379 | sort_pacl_range(pacl, 1, i-1); | |
380 | ||
381 | BUG_ON(pacl->a_entries[i].e_tag != ACL_GROUP_OBJ); | |
aba24d71 | 382 | j = ++i; |
1da177e4 LT |
383 | while (pacl->a_entries[j].e_tag == ACL_GROUP) |
384 | j++; | |
385 | sort_pacl_range(pacl, i, j-1); | |
386 | return; | |
387 | } | |
388 | ||
09229edb BF |
389 | /* |
390 | * While processing the NFSv4 ACE, this maintains bitmasks representing | |
391 | * which permission bits have been allowed and which denied to a given | |
392 | * entity: */ | |
393 | struct posix_ace_state { | |
394 | u32 allow; | |
395 | u32 deny; | |
396 | }; | |
397 | ||
398 | struct posix_user_ace_state { | |
399 | uid_t uid; | |
400 | struct posix_ace_state perms; | |
401 | }; | |
402 | ||
403 | struct posix_ace_state_array { | |
404 | int n; | |
405 | struct posix_user_ace_state aces[]; | |
406 | }; | |
407 | ||
408 | /* | |
409 | * While processing the NFSv4 ACE, this maintains the partial permissions | |
410 | * calculated so far: */ | |
411 | ||
412 | struct posix_acl_state { | |
3160a711 | 413 | int empty; |
09229edb BF |
414 | struct posix_ace_state owner; |
415 | struct posix_ace_state group; | |
416 | struct posix_ace_state other; | |
417 | struct posix_ace_state everyone; | |
418 | struct posix_ace_state mask; /* Deny unused in this case */ | |
419 | struct posix_ace_state_array *users; | |
420 | struct posix_ace_state_array *groups; | |
421 | }; | |
422 | ||
1da177e4 | 423 | static int |
09229edb | 424 | init_state(struct posix_acl_state *state, int cnt) |
1da177e4 | 425 | { |
09229edb BF |
426 | int alloc; |
427 | ||
428 | memset(state, 0, sizeof(struct posix_acl_state)); | |
3160a711 | 429 | state->empty = 1; |
09229edb BF |
430 | /* |
431 | * In the worst case, each individual acl could be for a distinct | |
432 | * named user or group, but we don't no which, so we allocate | |
433 | * enough space for either: | |
434 | */ | |
435 | alloc = sizeof(struct posix_ace_state_array) | |
91b80969 | 436 | + cnt*sizeof(struct posix_user_ace_state); |
09229edb BF |
437 | state->users = kzalloc(alloc, GFP_KERNEL); |
438 | if (!state->users) | |
439 | return -ENOMEM; | |
440 | state->groups = kzalloc(alloc, GFP_KERNEL); | |
441 | if (!state->groups) { | |
442 | kfree(state->users); | |
443 | return -ENOMEM; | |
444 | } | |
445 | return 0; | |
1da177e4 LT |
446 | } |
447 | ||
09229edb BF |
448 | static void |
449 | free_state(struct posix_acl_state *state) { | |
450 | kfree(state->users); | |
451 | kfree(state->groups); | |
1da177e4 LT |
452 | } |
453 | ||
09229edb | 454 | static inline void add_to_mask(struct posix_acl_state *state, struct posix_ace_state *astate) |
1da177e4 | 455 | { |
09229edb | 456 | state->mask.allow |= astate->allow; |
1da177e4 LT |
457 | } |
458 | ||
09229edb BF |
459 | /* |
460 | * Certain bits (SYNCHRONIZE, DELETE, WRITE_OWNER, READ/WRITE_NAMED_ATTRS, | |
461 | * READ_ATTRIBUTES, READ_ACL) are currently unenforceable and don't translate | |
462 | * to traditional read/write/execute permissions. | |
463 | * | |
464 | * It's problematic to reject acls that use certain mode bits, because it | |
465 | * places the burden on users to learn the rules about which bits one | |
466 | * particular server sets, without giving the user a lot of help--we return an | |
467 | * error that could mean any number of different things. To make matters | |
468 | * worse, the problematic bits might be introduced by some application that's | |
469 | * automatically mapping from some other acl model. | |
470 | * | |
471 | * So wherever possible we accept anything, possibly erring on the side of | |
472 | * denying more permissions than necessary. | |
473 | * | |
474 | * However we do reject *explicit* DENY's of a few bits representing | |
475 | * permissions we could never deny: | |
476 | */ | |
1da177e4 | 477 | |
09229edb BF |
478 | static inline int check_deny(u32 mask, int isowner) |
479 | { | |
480 | if (mask & (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL)) | |
481 | return -EINVAL; | |
482 | if (!isowner) | |
483 | return 0; | |
484 | if (mask & (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL)) | |
485 | return -EINVAL; | |
486 | return 0; | |
1da177e4 LT |
487 | } |
488 | ||
09229edb BF |
489 | static struct posix_acl * |
490 | posix_state_to_acl(struct posix_acl_state *state, unsigned int flags) | |
1da177e4 | 491 | { |
09229edb BF |
492 | struct posix_acl_entry *pace; |
493 | struct posix_acl *pacl; | |
494 | int nace; | |
495 | int i, error = 0; | |
1da177e4 | 496 | |
3160a711 BF |
497 | /* |
498 | * ACLs with no ACEs are treated differently in the inheritable | |
499 | * and effective cases: when there are no inheritable ACEs, we | |
500 | * set a zero-length default posix acl: | |
501 | */ | |
502 | if (state->empty && (flags & NFS4_ACL_TYPE_DEFAULT)) { | |
503 | pacl = posix_acl_alloc(0, GFP_KERNEL); | |
504 | return pacl ? pacl : ERR_PTR(-ENOMEM); | |
505 | } | |
506 | /* | |
507 | * When there are no effective ACEs, the following will end | |
508 | * up setting a 3-element effective posix ACL with all | |
509 | * permissions zero. | |
510 | */ | |
09229edb BF |
511 | nace = 4 + state->users->n + state->groups->n; |
512 | pacl = posix_acl_alloc(nace, GFP_KERNEL); | |
513 | if (!pacl) | |
514 | return ERR_PTR(-ENOMEM); | |
1da177e4 | 515 | |
09229edb BF |
516 | pace = pacl->a_entries; |
517 | pace->e_tag = ACL_USER_OBJ; | |
518 | error = check_deny(state->owner.deny, 1); | |
519 | if (error) | |
520 | goto out_err; | |
521 | low_mode_from_nfs4(state->owner.allow, &pace->e_perm, flags); | |
522 | pace->e_id = ACL_UNDEFINED_ID; | |
523 | ||
524 | for (i=0; i < state->users->n; i++) { | |
525 | pace++; | |
526 | pace->e_tag = ACL_USER; | |
527 | error = check_deny(state->users->aces[i].perms.deny, 0); | |
528 | if (error) | |
529 | goto out_err; | |
530 | low_mode_from_nfs4(state->users->aces[i].perms.allow, | |
531 | &pace->e_perm, flags); | |
532 | pace->e_id = state->users->aces[i].uid; | |
533 | add_to_mask(state, &state->users->aces[i].perms); | |
1da177e4 LT |
534 | } |
535 | ||
09229edb BF |
536 | pace++; |
537 | pace->e_tag = ACL_GROUP_OBJ; | |
538 | error = check_deny(state->group.deny, 0); | |
539 | if (error) | |
540 | goto out_err; | |
541 | low_mode_from_nfs4(state->group.allow, &pace->e_perm, flags); | |
542 | pace->e_id = ACL_UNDEFINED_ID; | |
543 | add_to_mask(state, &state->group); | |
544 | ||
545 | for (i=0; i < state->groups->n; i++) { | |
546 | pace++; | |
547 | pace->e_tag = ACL_GROUP; | |
548 | error = check_deny(state->groups->aces[i].perms.deny, 0); | |
549 | if (error) | |
550 | goto out_err; | |
551 | low_mode_from_nfs4(state->groups->aces[i].perms.allow, | |
552 | &pace->e_perm, flags); | |
553 | pace->e_id = state->groups->aces[i].uid; | |
554 | add_to_mask(state, &state->groups->aces[i].perms); | |
555 | } | |
1da177e4 | 556 | |
09229edb BF |
557 | pace++; |
558 | pace->e_tag = ACL_MASK; | |
559 | low_mode_from_nfs4(state->mask.allow, &pace->e_perm, flags); | |
560 | pace->e_id = ACL_UNDEFINED_ID; | |
1da177e4 | 561 | |
09229edb BF |
562 | pace++; |
563 | pace->e_tag = ACL_OTHER; | |
564 | error = check_deny(state->other.deny, 0); | |
565 | if (error) | |
566 | goto out_err; | |
567 | low_mode_from_nfs4(state->other.allow, &pace->e_perm, flags); | |
568 | pace->e_id = ACL_UNDEFINED_ID; | |
1da177e4 | 569 | |
09229edb BF |
570 | return pacl; |
571 | out_err: | |
572 | posix_acl_release(pacl); | |
573 | return ERR_PTR(error); | |
574 | } | |
1da177e4 | 575 | |
09229edb BF |
576 | static inline void allow_bits(struct posix_ace_state *astate, u32 mask) |
577 | { | |
578 | /* Allow all bits in the mask not already denied: */ | |
579 | astate->allow |= mask & ~astate->deny; | |
580 | } | |
1da177e4 | 581 | |
09229edb BF |
582 | static inline void deny_bits(struct posix_ace_state *astate, u32 mask) |
583 | { | |
584 | /* Deny all bits in the mask not already allowed: */ | |
585 | astate->deny |= mask & ~astate->allow; | |
586 | } | |
1da177e4 | 587 | |
09229edb BF |
588 | static int find_uid(struct posix_acl_state *state, struct posix_ace_state_array *a, uid_t uid) |
589 | { | |
590 | int i; | |
1da177e4 | 591 | |
09229edb BF |
592 | for (i = 0; i < a->n; i++) |
593 | if (a->aces[i].uid == uid) | |
594 | return i; | |
595 | /* Not found: */ | |
596 | a->n++; | |
597 | a->aces[i].uid = uid; | |
598 | a->aces[i].perms.allow = state->everyone.allow; | |
599 | a->aces[i].perms.deny = state->everyone.deny; | |
1da177e4 | 600 | |
09229edb | 601 | return i; |
1da177e4 LT |
602 | } |
603 | ||
09229edb | 604 | static void deny_bits_array(struct posix_ace_state_array *a, u32 mask) |
1da177e4 | 605 | { |
09229edb | 606 | int i; |
1da177e4 | 607 | |
09229edb BF |
608 | for (i=0; i < a->n; i++) |
609 | deny_bits(&a->aces[i].perms, mask); | |
1da177e4 LT |
610 | } |
611 | ||
09229edb | 612 | static void allow_bits_array(struct posix_ace_state_array *a, u32 mask) |
1da177e4 | 613 | { |
09229edb | 614 | int i; |
1da177e4 | 615 | |
09229edb BF |
616 | for (i=0; i < a->n; i++) |
617 | allow_bits(&a->aces[i].perms, mask); | |
1da177e4 LT |
618 | } |
619 | ||
09229edb BF |
620 | static void process_one_v4_ace(struct posix_acl_state *state, |
621 | struct nfs4_ace *ace) | |
1da177e4 | 622 | { |
09229edb BF |
623 | u32 mask = ace->access_mask; |
624 | int i; | |
625 | ||
3160a711 BF |
626 | state->empty = 0; |
627 | ||
09229edb BF |
628 | switch (ace2type(ace)) { |
629 | case ACL_USER_OBJ: | |
630 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
631 | allow_bits(&state->owner, mask); | |
632 | } else { | |
633 | deny_bits(&state->owner, mask); | |
634 | } | |
635 | break; | |
636 | case ACL_USER: | |
637 | i = find_uid(state, state->users, ace->who); | |
638 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
639 | allow_bits(&state->users->aces[i].perms, mask); | |
640 | } else { | |
641 | deny_bits(&state->users->aces[i].perms, mask); | |
642 | mask = state->users->aces[i].perms.deny; | |
643 | deny_bits(&state->owner, mask); | |
644 | } | |
645 | break; | |
646 | case ACL_GROUP_OBJ: | |
647 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
648 | allow_bits(&state->group, mask); | |
649 | } else { | |
650 | deny_bits(&state->group, mask); | |
651 | mask = state->group.deny; | |
652 | deny_bits(&state->owner, mask); | |
653 | deny_bits(&state->everyone, mask); | |
654 | deny_bits_array(state->users, mask); | |
655 | deny_bits_array(state->groups, mask); | |
656 | } | |
657 | break; | |
658 | case ACL_GROUP: | |
659 | i = find_uid(state, state->groups, ace->who); | |
660 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
661 | allow_bits(&state->groups->aces[i].perms, mask); | |
662 | } else { | |
663 | deny_bits(&state->groups->aces[i].perms, mask); | |
664 | mask = state->groups->aces[i].perms.deny; | |
665 | deny_bits(&state->owner, mask); | |
666 | deny_bits(&state->group, mask); | |
667 | deny_bits(&state->everyone, mask); | |
668 | deny_bits_array(state->users, mask); | |
669 | deny_bits_array(state->groups, mask); | |
670 | } | |
671 | break; | |
672 | case ACL_OTHER: | |
673 | if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { | |
674 | allow_bits(&state->owner, mask); | |
675 | allow_bits(&state->group, mask); | |
676 | allow_bits(&state->other, mask); | |
677 | allow_bits(&state->everyone, mask); | |
678 | allow_bits_array(state->users, mask); | |
679 | allow_bits_array(state->groups, mask); | |
680 | } else { | |
681 | deny_bits(&state->owner, mask); | |
682 | deny_bits(&state->group, mask); | |
683 | deny_bits(&state->other, mask); | |
684 | deny_bits(&state->everyone, mask); | |
685 | deny_bits_array(state->users, mask); | |
686 | deny_bits_array(state->groups, mask); | |
687 | } | |
1da177e4 LT |
688 | } |
689 | } | |
690 | ||
575a6290 BF |
691 | int nfs4_acl_nfsv4_to_posix(struct nfs4_acl *acl, struct posix_acl **pacl, |
692 | struct posix_acl **dpacl, unsigned int flags) | |
1da177e4 | 693 | { |
575a6290 | 694 | struct posix_acl_state effective_acl_state, default_acl_state; |
09229edb BF |
695 | struct nfs4_ace *ace; |
696 | int ret; | |
1da177e4 | 697 | |
575a6290 | 698 | ret = init_state(&effective_acl_state, acl->naces); |
09229edb | 699 | if (ret) |
575a6290 BF |
700 | return ret; |
701 | ret = init_state(&default_acl_state, acl->naces); | |
702 | if (ret) | |
703 | goto out_estate; | |
704 | ret = -EINVAL; | |
28e05dd8 | 705 | for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) { |
09229edb BF |
706 | if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE && |
707 | ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) | |
575a6290 | 708 | goto out_dstate; |
b548edc2 | 709 | if (ace->flag & ~NFS4_SUPPORTED_FLAGS) |
575a6290 | 710 | goto out_dstate; |
7bdfa68c | 711 | if ((ace->flag & NFS4_INHERITANCE_FLAGS) == 0) { |
575a6290 | 712 | process_one_v4_ace(&effective_acl_state, ace); |
b548edc2 | 713 | continue; |
7bdfa68c | 714 | } |
575a6290 BF |
715 | if (!(flags & NFS4_ACL_DIR)) |
716 | goto out_dstate; | |
7bdfa68c BF |
717 | /* |
718 | * Note that when only one of FILE_INHERIT or DIRECTORY_INHERIT | |
719 | * is set, we're effectively turning on the other. That's OK, | |
720 | * according to rfc 3530. | |
721 | */ | |
575a6290 BF |
722 | process_one_v4_ace(&default_acl_state, ace); |
723 | ||
724 | if (!(ace->flag & NFS4_ACE_INHERIT_ONLY_ACE)) | |
725 | process_one_v4_ace(&effective_acl_state, ace); | |
1da177e4 | 726 | } |
575a6290 BF |
727 | *pacl = posix_state_to_acl(&effective_acl_state, flags); |
728 | if (IS_ERR(*pacl)) { | |
729 | ret = PTR_ERR(*pacl); | |
4b2ca38a | 730 | *pacl = NULL; |
575a6290 BF |
731 | goto out_dstate; |
732 | } | |
3160a711 BF |
733 | *dpacl = posix_state_to_acl(&default_acl_state, |
734 | flags | NFS4_ACL_TYPE_DEFAULT); | |
575a6290 BF |
735 | if (IS_ERR(*dpacl)) { |
736 | ret = PTR_ERR(*dpacl); | |
4b2ca38a | 737 | *dpacl = NULL; |
575a6290 | 738 | posix_acl_release(*pacl); |
4b2ca38a | 739 | *pacl = NULL; |
575a6290 BF |
740 | goto out_dstate; |
741 | } | |
742 | sort_pacl(*pacl); | |
743 | sort_pacl(*dpacl); | |
744 | ret = 0; | |
745 | out_dstate: | |
746 | free_state(&default_acl_state); | |
747 | out_estate: | |
748 | free_state(&effective_acl_state); | |
749 | return ret; | |
1da177e4 LT |
750 | } |
751 | ||
752 | static short | |
753 | ace2type(struct nfs4_ace *ace) | |
754 | { | |
755 | switch (ace->whotype) { | |
756 | case NFS4_ACL_WHO_NAMED: | |
757 | return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? | |
758 | ACL_GROUP : ACL_USER); | |
759 | case NFS4_ACL_WHO_OWNER: | |
760 | return ACL_USER_OBJ; | |
761 | case NFS4_ACL_WHO_GROUP: | |
762 | return ACL_GROUP_OBJ; | |
763 | case NFS4_ACL_WHO_EVERYONE: | |
764 | return ACL_OTHER; | |
765 | } | |
766 | BUG(); | |
767 | return -1; | |
768 | } | |
769 | ||
770 | EXPORT_SYMBOL(nfs4_acl_posix_to_nfsv4); | |
771 | EXPORT_SYMBOL(nfs4_acl_nfsv4_to_posix); | |
772 | ||
773 | struct nfs4_acl * | |
28e05dd8 | 774 | nfs4_acl_new(int n) |
1da177e4 LT |
775 | { |
776 | struct nfs4_acl *acl; | |
777 | ||
28e05dd8 BF |
778 | acl = kmalloc(sizeof(*acl) + n*sizeof(struct nfs4_ace), GFP_KERNEL); |
779 | if (acl == NULL) | |
1da177e4 | 780 | return NULL; |
1da177e4 | 781 | acl->naces = 0; |
1da177e4 LT |
782 | return acl; |
783 | } | |
784 | ||
1da177e4 LT |
785 | static struct { |
786 | char *string; | |
787 | int stringlen; | |
788 | int type; | |
789 | } s2t_map[] = { | |
790 | { | |
791 | .string = "OWNER@", | |
792 | .stringlen = sizeof("OWNER@") - 1, | |
793 | .type = NFS4_ACL_WHO_OWNER, | |
794 | }, | |
795 | { | |
796 | .string = "GROUP@", | |
797 | .stringlen = sizeof("GROUP@") - 1, | |
798 | .type = NFS4_ACL_WHO_GROUP, | |
799 | }, | |
800 | { | |
801 | .string = "EVERYONE@", | |
802 | .stringlen = sizeof("EVERYONE@") - 1, | |
803 | .type = NFS4_ACL_WHO_EVERYONE, | |
804 | }, | |
805 | }; | |
806 | ||
807 | int | |
808 | nfs4_acl_get_whotype(char *p, u32 len) | |
809 | { | |
810 | int i; | |
811 | ||
e8c96f8c | 812 | for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { |
1da177e4 LT |
813 | if (s2t_map[i].stringlen == len && |
814 | 0 == memcmp(s2t_map[i].string, p, len)) | |
815 | return s2t_map[i].type; | |
816 | } | |
817 | return NFS4_ACL_WHO_NAMED; | |
818 | } | |
819 | ||
820 | int | |
821 | nfs4_acl_write_who(int who, char *p) | |
822 | { | |
823 | int i; | |
824 | ||
e8c96f8c | 825 | for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { |
1da177e4 LT |
826 | if (s2t_map[i].type == who) { |
827 | memcpy(p, s2t_map[i].string, s2t_map[i].stringlen); | |
828 | return s2t_map[i].stringlen; | |
829 | } | |
830 | } | |
831 | BUG(); | |
832 | return -1; | |
833 | } | |
834 | ||
1da177e4 | 835 | EXPORT_SYMBOL(nfs4_acl_new); |
1da177e4 LT |
836 | EXPORT_SYMBOL(nfs4_acl_get_whotype); |
837 | EXPORT_SYMBOL(nfs4_acl_write_who); |