Blame view
fs/nfsd/nfs4acl.c
21.5 KB
1da177e4c Linux-2.6.12-rc2 |
1 |
/* |
1da177e4c Linux-2.6.12-rc2 |
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
* Common NFSv4 ACL handling code. * * Copyright (c) 2002, 2003 The Regents of the University of Michigan. * All rights reserved. * * Marius Aamodt Eriksen <marius@umich.edu> * Jeff Sedlak <jsedlak@umich.edu> * J. Bruce Fields <bfields@umich.edu> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ |
5a0e3ad6a include cleanup: ... |
36 |
#include <linux/slab.h> |
1da177e4c Linux-2.6.12-rc2 |
37 |
#include <linux/nfs_fs.h> |
afeacc8c1 fs: add export.h ... |
38 |
#include <linux/export.h> |
2ca72e17e nfsd4: move idmap... |
39 |
#include "acl.h" |
1da177e4c Linux-2.6.12-rc2 |
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
/* mode bit translations: */ #define NFS4_READ_MODE (NFS4_ACE_READ_DATA) #define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA | NFS4_ACE_APPEND_DATA) #define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE #define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | NFS4_ACE_SYNCHRONIZE) #define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL) /* We don't support these bits; insist they be neither allowed nor denied */ #define NFS4_MASK_UNSUPP (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \ | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS) /* flags used to simulate posix default ACLs */ #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ |
7bdfa68c5 [PATCH] knfsd: nf... |
55 |
| NFS4_ACE_DIRECTORY_INHERIT_ACE) |
1da177e4c Linux-2.6.12-rc2 |
56 |
|
7bdfa68c5 [PATCH] knfsd: nf... |
57 58 59 |
#define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS \ | NFS4_ACE_INHERIT_ONLY_ACE \ | NFS4_ACE_IDENTIFIER_GROUP) |
b548edc2d [PATCH] knfsd: nf... |
60 |
|
1da177e4c Linux-2.6.12-rc2 |
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
#define MASK_EQUAL(mask1, mask2) \ ( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) ) static u32 mask_from_posix(unsigned short perm, unsigned int flags) { int mask = NFS4_ANYONE_MODE; if (flags & NFS4_ACL_OWNER) mask |= NFS4_OWNER_MODE; if (perm & ACL_READ) mask |= NFS4_READ_MODE; if (perm & ACL_WRITE) mask |= NFS4_WRITE_MODE; if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) mask |= NFS4_ACE_DELETE_CHILD; if (perm & ACL_EXECUTE) mask |= NFS4_EXECUTE_MODE; return mask; } static u32 |
bec50c47a [PATCH] knfsd: nf... |
83 |
deny_mask_from_posix(unsigned short perm, u32 flags) |
1da177e4c Linux-2.6.12-rc2 |
84 |
{ |
bec50c47a [PATCH] knfsd: nf... |
85 86 87 88 89 90 91 92 93 94 95 |
u32 mask = 0; if (perm & ACL_READ) mask |= NFS4_READ_MODE; if (perm & ACL_WRITE) mask |= NFS4_WRITE_MODE; if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) mask |= NFS4_ACE_DELETE_CHILD; if (perm & ACL_EXECUTE) mask |= NFS4_EXECUTE_MODE; return mask; |
1da177e4c Linux-2.6.12-rc2 |
96 97 98 99 |
} /* XXX: modify functions to return NFS errors; they're only ever * used by nfs code, after all.... */ |
09229edb6 [PATCH] knfsd: nf... |
100 101 102 103 104 105 106 107 |
/* We only map from NFSv4 to POSIX ACLs when setting ACLs, when we err on the * side of being more restrictive, so the mode bit mapping below is * pessimistic. An optimistic version would be needed to handle DENY's, * but we espect to coalesce all ALLOWs and DENYs before mapping to mode * bits. */ static void low_mode_from_nfs4(u32 perm, unsigned short *mode, unsigned int flags) |
1da177e4c Linux-2.6.12-rc2 |
108 |
{ |
09229edb6 [PATCH] knfsd: nf... |
109 |
u32 write_mode = NFS4_WRITE_MODE; |
1da177e4c Linux-2.6.12-rc2 |
110 |
|
09229edb6 [PATCH] knfsd: nf... |
111 112 |
if (flags & NFS4_ACL_DIR) write_mode |= NFS4_ACE_DELETE_CHILD; |
1da177e4c Linux-2.6.12-rc2 |
113 114 115 |
*mode = 0; if ((perm & NFS4_READ_MODE) == NFS4_READ_MODE) *mode |= ACL_READ; |
09229edb6 [PATCH] knfsd: nf... |
116 |
if ((perm & write_mode) == write_mode) |
1da177e4c Linux-2.6.12-rc2 |
117 118 119 |
*mode |= ACL_WRITE; if ((perm & NFS4_EXECUTE_MODE) == NFS4_EXECUTE_MODE) *mode |= ACL_EXECUTE; |
1da177e4c Linux-2.6.12-rc2 |
120 121 122 123 124 125 126 127 |
} struct ace_container { struct nfs4_ace *ace; struct list_head ace_l; }; static short ace2type(struct nfs4_ace *); |
28e05dd84 [PATCH] knfsd: nf... |
128 129 |
static void _posix_to_nfsv4_one(struct posix_acl *, struct nfs4_acl *, unsigned int); |
1da177e4c Linux-2.6.12-rc2 |
130 131 132 133 134 135 |
struct nfs4_acl * nfs4_acl_posix_to_nfsv4(struct posix_acl *pacl, struct posix_acl *dpacl, unsigned int flags) { struct nfs4_acl *acl; |
28e05dd84 [PATCH] knfsd: nf... |
136 |
int size = 0; |
1da177e4c Linux-2.6.12-rc2 |
137 |
|
28e05dd84 [PATCH] knfsd: nf... |
138 139 140 141 |
if (pacl) { if (posix_acl_valid(pacl) < 0) return ERR_PTR(-EINVAL); size += 2*pacl->a_count; |
1da177e4c Linux-2.6.12-rc2 |
142 |
} |
28e05dd84 [PATCH] knfsd: nf... |
143 144 145 146 |
if (dpacl) { if (posix_acl_valid(dpacl) < 0) return ERR_PTR(-EINVAL); size += 2*dpacl->a_count; |
1da177e4c Linux-2.6.12-rc2 |
147 |
} |
28e05dd84 [PATCH] knfsd: nf... |
148 149 150 151 |
/* Allocate for worst case: one (deny, allow) pair each: */ acl = nfs4_acl_new(size); if (acl == NULL) return ERR_PTR(-ENOMEM); |
1da177e4c Linux-2.6.12-rc2 |
152 |
|
28e05dd84 [PATCH] knfsd: nf... |
153 154 |
if (pacl) _posix_to_nfsv4_one(pacl, acl, flags & ~NFS4_ACL_TYPE_DEFAULT); |
1da177e4c Linux-2.6.12-rc2 |
155 |
|
28e05dd84 [PATCH] knfsd: nf... |
156 157 |
if (dpacl) _posix_to_nfsv4_one(dpacl, acl, flags | NFS4_ACL_TYPE_DEFAULT); |
1da177e4c Linux-2.6.12-rc2 |
158 159 160 |
return acl; } |
bec50c47a [PATCH] knfsd: nf... |
161 162 163 164 165 166 167 168 |
struct posix_acl_summary { unsigned short owner; unsigned short users; unsigned short group; unsigned short groups; unsigned short other; unsigned short mask; }; |
28e05dd84 [PATCH] knfsd: nf... |
169 |
static void |
bec50c47a [PATCH] knfsd: nf... |
170 |
summarize_posix_acl(struct posix_acl *acl, struct posix_acl_summary *pas) |
1da177e4c Linux-2.6.12-rc2 |
171 |
{ |
bec50c47a [PATCH] knfsd: nf... |
172 |
struct posix_acl_entry *pa, *pe; |
f7fede4b2 knfsd: nfsd4: sil... |
173 174 175 176 177 178 179 |
/* * Only pas.users and pas.groups need initialization; previous * posix_acl_valid() calls ensure that the other fields will be * initialized in the following loop. But, just to placate gcc: */ memset(pas, 0, sizeof(*pas)); |
bec50c47a [PATCH] knfsd: nf... |
180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 |
pas->mask = 07; pe = acl->a_entries + acl->a_count; FOREACH_ACL_ENTRY(pa, acl, pe) { switch (pa->e_tag) { case ACL_USER_OBJ: pas->owner = pa->e_perm; break; case ACL_GROUP_OBJ: pas->group = pa->e_perm; break; case ACL_USER: pas->users |= pa->e_perm; break; case ACL_GROUP: pas->groups |= pa->e_perm; break; case ACL_OTHER: pas->other = pa->e_perm; break; case ACL_MASK: pas->mask = pa->e_perm; break; } } /* We'll only care about effective permissions: */ pas->users &= pas->mask; pas->group &= pas->mask; pas->groups &= pas->mask; |
1da177e4c Linux-2.6.12-rc2 |
210 211 212 |
} /* We assume the acl has been verified with posix_acl_valid. */ |
28e05dd84 [PATCH] knfsd: nf... |
213 |
static void |
1da177e4c Linux-2.6.12-rc2 |
214 215 216 |
_posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, unsigned int flags) { |
bec50c47a [PATCH] knfsd: nf... |
217 218 219 220 |
struct posix_acl_entry *pa, *group_owner_entry; struct nfs4_ace *ace; struct posix_acl_summary pas; unsigned short deny; |
1da177e4c Linux-2.6.12-rc2 |
221 |
int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ? |
54c044094 [PATCH] knfsd: nf... |
222 |
NFS4_INHERITANCE_FLAGS | NFS4_ACE_INHERIT_ONLY_ACE : 0); |
1da177e4c Linux-2.6.12-rc2 |
223 224 |
BUG_ON(pacl->a_count < 3); |
bec50c47a [PATCH] knfsd: nf... |
225 |
summarize_posix_acl(pacl, &pas); |
1da177e4c Linux-2.6.12-rc2 |
226 227 |
pa = pacl->a_entries; |
bec50c47a [PATCH] knfsd: nf... |
228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 |
ace = acl->aces + acl->naces; /* We could deny everything not granted by the owner: */ deny = ~pas.owner; /* * but it is equivalent (and simpler) to deny only what is not * granted by later entries: */ deny &= pas.users | pas.group | pas.groups | pas.other; if (deny) { ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; ace->flag = eflag; ace->access_mask = deny_mask_from_posix(deny, flags); ace->whotype = NFS4_ACL_WHO_OWNER; ace++; acl->naces++; } ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; ace->flag = eflag; ace->access_mask = mask_from_posix(pa->e_perm, flags | NFS4_ACL_OWNER); ace->whotype = NFS4_ACL_WHO_OWNER; ace++; acl->naces++; |
1da177e4c Linux-2.6.12-rc2 |
252 253 254 |
pa++; while (pa->e_tag == ACL_USER) { |
bec50c47a [PATCH] knfsd: nf... |
255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 |
deny = ~(pa->e_perm & pas.mask); deny &= pas.groups | pas.group | pas.other; if (deny) { ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; ace->flag = eflag; ace->access_mask = deny_mask_from_posix(deny, flags); ace->whotype = NFS4_ACL_WHO_NAMED; ace->who = pa->e_id; ace++; acl->naces++; } ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; ace->flag = eflag; ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, flags); ace->whotype = NFS4_ACL_WHO_NAMED; ace->who = pa->e_id; ace++; acl->naces++; |
1da177e4c Linux-2.6.12-rc2 |
274 275 276 277 278 279 280 |
pa++; } /* In the case of groups, we apply allow ACEs first, then deny ACEs, * since a user can be in more than one group. */ /* allow ACEs */ |
1da177e4c Linux-2.6.12-rc2 |
281 |
group_owner_entry = pa; |
bec50c47a [PATCH] knfsd: nf... |
282 283 284 285 286 287 288 |
ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; ace->flag = eflag; ace->access_mask = mask_from_posix(pas.group, flags); ace->whotype = NFS4_ACL_WHO_GROUP; ace++; acl->naces++; |
1da177e4c Linux-2.6.12-rc2 |
289 290 291 |
pa++; while (pa->e_tag == ACL_GROUP) { |
bec50c47a [PATCH] knfsd: nf... |
292 293 294 295 296 297 298 299 |
ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, flags); ace->whotype = NFS4_ACL_WHO_NAMED; ace->who = pa->e_id; ace++; acl->naces++; |
1da177e4c Linux-2.6.12-rc2 |
300 301 302 303 304 305 |
pa++; } /* deny ACEs */ pa = group_owner_entry; |
bec50c47a [PATCH] knfsd: nf... |
306 307 308 309 |
deny = ~pas.group & pas.other; if (deny) { ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; |
d8d0b85b1 nfsd4: remove ACE... |
310 |
ace->flag = eflag; |
bec50c47a [PATCH] knfsd: nf... |
311 312 313 314 315 |
ace->access_mask = deny_mask_from_posix(deny, flags); ace->whotype = NFS4_ACL_WHO_GROUP; ace++; acl->naces++; } |
1da177e4c Linux-2.6.12-rc2 |
316 |
pa++; |
bec50c47a [PATCH] knfsd: nf... |
317 |
|
1da177e4c Linux-2.6.12-rc2 |
318 |
while (pa->e_tag == ACL_GROUP) { |
bec50c47a [PATCH] knfsd: nf... |
319 320 321 322 323 |
deny = ~(pa->e_perm & pas.mask); deny &= pas.other; if (deny) { ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; |
55bb55dca nfsd: Fix unneces... |
324 |
ace->access_mask = deny_mask_from_posix(deny, flags); |
bec50c47a [PATCH] knfsd: nf... |
325 326 327 328 329 |
ace->whotype = NFS4_ACL_WHO_NAMED; ace->who = pa->e_id; ace++; acl->naces++; } |
1da177e4c Linux-2.6.12-rc2 |
330 331 332 333 334 |
pa++; } if (pa->e_tag == ACL_MASK) pa++; |
bec50c47a [PATCH] knfsd: nf... |
335 336 337 338 339 |
ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; ace->flag = eflag; ace->access_mask = mask_from_posix(pa->e_perm, flags); ace->whotype = NFS4_ACL_WHO_EVERYONE; acl->naces++; |
1da177e4c Linux-2.6.12-rc2 |
340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
} static void sort_pacl_range(struct posix_acl *pacl, int start, int end) { int sorted = 0, i; struct posix_acl_entry tmp; /* We just do a bubble sort; easy to do in place, and we're not * expecting acl's to be long enough to justify anything more. */ while (!sorted) { sorted = 1; for (i = start; i < end; i++) { if (pacl->a_entries[i].e_id > pacl->a_entries[i+1].e_id) { sorted = 0; tmp = pacl->a_entries[i]; pacl->a_entries[i] = pacl->a_entries[i+1]; pacl->a_entries[i+1] = tmp; } } } } static void sort_pacl(struct posix_acl *pacl) { /* posix_acl_valid requires that users and groups be in order * by uid/gid. */ int i, j; if (pacl->a_count <= 4) return; /* no users or groups */ i = 1; while (pacl->a_entries[i].e_tag == ACL_USER) i++; sort_pacl_range(pacl, 1, i-1); BUG_ON(pacl->a_entries[i].e_tag != ACL_GROUP_OBJ); |
aba24d715 nfsd: Fix sort_pa... |
378 |
j = ++i; |
1da177e4c Linux-2.6.12-rc2 |
379 380 381 382 383 |
while (pacl->a_entries[j].e_tag == ACL_GROUP) j++; sort_pacl_range(pacl, i, j-1); return; } |
09229edb6 [PATCH] knfsd: nf... |
384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 |
/* * While processing the NFSv4 ACE, this maintains bitmasks representing * which permission bits have been allowed and which denied to a given * entity: */ struct posix_ace_state { u32 allow; u32 deny; }; struct posix_user_ace_state { uid_t uid; struct posix_ace_state perms; }; struct posix_ace_state_array { int n; struct posix_user_ace_state aces[]; }; /* * While processing the NFSv4 ACE, this maintains the partial permissions * calculated so far: */ struct posix_acl_state { |
3160a711e [PATCH] knfsd: nf... |
408 |
int empty; |
09229edb6 [PATCH] knfsd: nf... |
409 410 411 412 413 414 415 416 |
struct posix_ace_state owner; struct posix_ace_state group; struct posix_ace_state other; struct posix_ace_state everyone; struct posix_ace_state mask; /* Deny unused in this case */ struct posix_ace_state_array *users; struct posix_ace_state_array *groups; }; |
1da177e4c Linux-2.6.12-rc2 |
417 |
static int |
09229edb6 [PATCH] knfsd: nf... |
418 |
init_state(struct posix_acl_state *state, int cnt) |
1da177e4c Linux-2.6.12-rc2 |
419 |
{ |
09229edb6 [PATCH] knfsd: nf... |
420 421 422 |
int alloc; memset(state, 0, sizeof(struct posix_acl_state)); |
3160a711e [PATCH] knfsd: nf... |
423 |
state->empty = 1; |
09229edb6 [PATCH] knfsd: nf... |
424 425 426 427 428 429 |
/* * In the worst case, each individual acl could be for a distinct * named user or group, but we don't no which, so we allocate * enough space for either: */ alloc = sizeof(struct posix_ace_state_array) |
91b80969b nfsd: fix buffer ... |
430 |
+ cnt*sizeof(struct posix_user_ace_state); |
09229edb6 [PATCH] knfsd: nf... |
431 432 433 434 435 436 437 438 439 |
state->users = kzalloc(alloc, GFP_KERNEL); if (!state->users) return -ENOMEM; state->groups = kzalloc(alloc, GFP_KERNEL); if (!state->groups) { kfree(state->users); return -ENOMEM; } return 0; |
1da177e4c Linux-2.6.12-rc2 |
440 |
} |
09229edb6 [PATCH] knfsd: nf... |
441 442 443 444 |
static void free_state(struct posix_acl_state *state) { kfree(state->users); kfree(state->groups); |
1da177e4c Linux-2.6.12-rc2 |
445 |
} |
09229edb6 [PATCH] knfsd: nf... |
446 |
static inline void add_to_mask(struct posix_acl_state *state, struct posix_ace_state *astate) |
1da177e4c Linux-2.6.12-rc2 |
447 |
{ |
09229edb6 [PATCH] knfsd: nf... |
448 |
state->mask.allow |= astate->allow; |
1da177e4c Linux-2.6.12-rc2 |
449 |
} |
09229edb6 [PATCH] knfsd: nf... |
450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 |
/* * Certain bits (SYNCHRONIZE, DELETE, WRITE_OWNER, READ/WRITE_NAMED_ATTRS, * READ_ATTRIBUTES, READ_ACL) are currently unenforceable and don't translate * to traditional read/write/execute permissions. * * It's problematic to reject acls that use certain mode bits, because it * places the burden on users to learn the rules about which bits one * particular server sets, without giving the user a lot of help--we return an * error that could mean any number of different things. To make matters * worse, the problematic bits might be introduced by some application that's * automatically mapping from some other acl model. * * So wherever possible we accept anything, possibly erring on the side of * denying more permissions than necessary. * * However we do reject *explicit* DENY's of a few bits representing * permissions we could never deny: */ |
1da177e4c Linux-2.6.12-rc2 |
468 |
|
09229edb6 [PATCH] knfsd: nf... |
469 470 471 472 473 474 475 476 477 |
static inline int check_deny(u32 mask, int isowner) { if (mask & (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL)) return -EINVAL; if (!isowner) return 0; if (mask & (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL)) return -EINVAL; return 0; |
1da177e4c Linux-2.6.12-rc2 |
478 |
} |
09229edb6 [PATCH] knfsd: nf... |
479 480 |
static struct posix_acl * posix_state_to_acl(struct posix_acl_state *state, unsigned int flags) |
1da177e4c Linux-2.6.12-rc2 |
481 |
{ |
09229edb6 [PATCH] knfsd: nf... |
482 483 484 485 |
struct posix_acl_entry *pace; struct posix_acl *pacl; int nace; int i, error = 0; |
1da177e4c Linux-2.6.12-rc2 |
486 |
|
3160a711e [PATCH] knfsd: nf... |
487 488 489 490 491 492 493 494 495 496 497 498 499 500 |
/* * ACLs with no ACEs are treated differently in the inheritable * and effective cases: when there are no inheritable ACEs, we * set a zero-length default posix acl: */ if (state->empty && (flags & NFS4_ACL_TYPE_DEFAULT)) { pacl = posix_acl_alloc(0, GFP_KERNEL); return pacl ? pacl : ERR_PTR(-ENOMEM); } /* * When there are no effective ACEs, the following will end * up setting a 3-element effective posix ACL with all * permissions zero. */ |
09229edb6 [PATCH] knfsd: nf... |
501 502 503 504 |
nace = 4 + state->users->n + state->groups->n; pacl = posix_acl_alloc(nace, GFP_KERNEL); if (!pacl) return ERR_PTR(-ENOMEM); |
1da177e4c Linux-2.6.12-rc2 |
505 |
|
09229edb6 [PATCH] knfsd: nf... |
506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 |
pace = pacl->a_entries; pace->e_tag = ACL_USER_OBJ; error = check_deny(state->owner.deny, 1); if (error) goto out_err; low_mode_from_nfs4(state->owner.allow, &pace->e_perm, flags); pace->e_id = ACL_UNDEFINED_ID; for (i=0; i < state->users->n; i++) { pace++; pace->e_tag = ACL_USER; error = check_deny(state->users->aces[i].perms.deny, 0); if (error) goto out_err; low_mode_from_nfs4(state->users->aces[i].perms.allow, &pace->e_perm, flags); pace->e_id = state->users->aces[i].uid; add_to_mask(state, &state->users->aces[i].perms); |
1da177e4c Linux-2.6.12-rc2 |
524 |
} |
09229edb6 [PATCH] knfsd: nf... |
525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 |
pace++; pace->e_tag = ACL_GROUP_OBJ; error = check_deny(state->group.deny, 0); if (error) goto out_err; low_mode_from_nfs4(state->group.allow, &pace->e_perm, flags); pace->e_id = ACL_UNDEFINED_ID; add_to_mask(state, &state->group); for (i=0; i < state->groups->n; i++) { pace++; pace->e_tag = ACL_GROUP; error = check_deny(state->groups->aces[i].perms.deny, 0); if (error) goto out_err; low_mode_from_nfs4(state->groups->aces[i].perms.allow, &pace->e_perm, flags); pace->e_id = state->groups->aces[i].uid; add_to_mask(state, &state->groups->aces[i].perms); } |
1da177e4c Linux-2.6.12-rc2 |
545 |
|
09229edb6 [PATCH] knfsd: nf... |
546 547 548 549 |
pace++; pace->e_tag = ACL_MASK; low_mode_from_nfs4(state->mask.allow, &pace->e_perm, flags); pace->e_id = ACL_UNDEFINED_ID; |
1da177e4c Linux-2.6.12-rc2 |
550 |
|
09229edb6 [PATCH] knfsd: nf... |
551 552 553 554 555 556 557 |
pace++; pace->e_tag = ACL_OTHER; error = check_deny(state->other.deny, 0); if (error) goto out_err; low_mode_from_nfs4(state->other.allow, &pace->e_perm, flags); pace->e_id = ACL_UNDEFINED_ID; |
1da177e4c Linux-2.6.12-rc2 |
558 |
|
09229edb6 [PATCH] knfsd: nf... |
559 560 561 562 563 |
return pacl; out_err: posix_acl_release(pacl); return ERR_PTR(error); } |
1da177e4c Linux-2.6.12-rc2 |
564 |
|
09229edb6 [PATCH] knfsd: nf... |
565 566 567 568 569 |
static inline void allow_bits(struct posix_ace_state *astate, u32 mask) { /* Allow all bits in the mask not already denied: */ astate->allow |= mask & ~astate->deny; } |
1da177e4c Linux-2.6.12-rc2 |
570 |
|
09229edb6 [PATCH] knfsd: nf... |
571 572 573 574 575 |
static inline void deny_bits(struct posix_ace_state *astate, u32 mask) { /* Deny all bits in the mask not already allowed: */ astate->deny |= mask & ~astate->allow; } |
1da177e4c Linux-2.6.12-rc2 |
576 |
|
09229edb6 [PATCH] knfsd: nf... |
577 578 579 |
static int find_uid(struct posix_acl_state *state, struct posix_ace_state_array *a, uid_t uid) { int i; |
1da177e4c Linux-2.6.12-rc2 |
580 |
|
09229edb6 [PATCH] knfsd: nf... |
581 582 583 584 585 586 587 588 |
for (i = 0; i < a->n; i++) if (a->aces[i].uid == uid) return i; /* Not found: */ a->n++; a->aces[i].uid = uid; a->aces[i].perms.allow = state->everyone.allow; a->aces[i].perms.deny = state->everyone.deny; |
1da177e4c Linux-2.6.12-rc2 |
589 |
|
09229edb6 [PATCH] knfsd: nf... |
590 |
return i; |
1da177e4c Linux-2.6.12-rc2 |
591 |
} |
09229edb6 [PATCH] knfsd: nf... |
592 |
static void deny_bits_array(struct posix_ace_state_array *a, u32 mask) |
1da177e4c Linux-2.6.12-rc2 |
593 |
{ |
09229edb6 [PATCH] knfsd: nf... |
594 |
int i; |
1da177e4c Linux-2.6.12-rc2 |
595 |
|
09229edb6 [PATCH] knfsd: nf... |
596 597 |
for (i=0; i < a->n; i++) deny_bits(&a->aces[i].perms, mask); |
1da177e4c Linux-2.6.12-rc2 |
598 |
} |
09229edb6 [PATCH] knfsd: nf... |
599 |
static void allow_bits_array(struct posix_ace_state_array *a, u32 mask) |
1da177e4c Linux-2.6.12-rc2 |
600 |
{ |
09229edb6 [PATCH] knfsd: nf... |
601 |
int i; |
1da177e4c Linux-2.6.12-rc2 |
602 |
|
09229edb6 [PATCH] knfsd: nf... |
603 604 |
for (i=0; i < a->n; i++) allow_bits(&a->aces[i].perms, mask); |
1da177e4c Linux-2.6.12-rc2 |
605 |
} |
09229edb6 [PATCH] knfsd: nf... |
606 607 |
static void process_one_v4_ace(struct posix_acl_state *state, struct nfs4_ace *ace) |
1da177e4c Linux-2.6.12-rc2 |
608 |
{ |
09229edb6 [PATCH] knfsd: nf... |
609 610 |
u32 mask = ace->access_mask; int i; |
3160a711e [PATCH] knfsd: nf... |
611 |
state->empty = 0; |
09229edb6 [PATCH] knfsd: nf... |
612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 |
switch (ace2type(ace)) { case ACL_USER_OBJ: if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { allow_bits(&state->owner, mask); } else { deny_bits(&state->owner, mask); } break; case ACL_USER: i = find_uid(state, state->users, ace->who); if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { allow_bits(&state->users->aces[i].perms, mask); } else { deny_bits(&state->users->aces[i].perms, mask); mask = state->users->aces[i].perms.deny; deny_bits(&state->owner, mask); } break; case ACL_GROUP_OBJ: if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { allow_bits(&state->group, mask); } else { deny_bits(&state->group, mask); mask = state->group.deny; deny_bits(&state->owner, mask); deny_bits(&state->everyone, mask); deny_bits_array(state->users, mask); deny_bits_array(state->groups, mask); } break; case ACL_GROUP: i = find_uid(state, state->groups, ace->who); if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { allow_bits(&state->groups->aces[i].perms, mask); } else { deny_bits(&state->groups->aces[i].perms, mask); mask = state->groups->aces[i].perms.deny; deny_bits(&state->owner, mask); deny_bits(&state->group, mask); deny_bits(&state->everyone, mask); deny_bits_array(state->users, mask); deny_bits_array(state->groups, mask); } break; case ACL_OTHER: if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { allow_bits(&state->owner, mask); allow_bits(&state->group, mask); allow_bits(&state->other, mask); allow_bits(&state->everyone, mask); allow_bits_array(state->users, mask); allow_bits_array(state->groups, mask); } else { deny_bits(&state->owner, mask); deny_bits(&state->group, mask); deny_bits(&state->other, mask); deny_bits(&state->everyone, mask); deny_bits_array(state->users, mask); deny_bits_array(state->groups, mask); } |
1da177e4c Linux-2.6.12-rc2 |
672 673 |
} } |
575a6290f [PATCH] knfsd: nf... |
674 675 |
int nfs4_acl_nfsv4_to_posix(struct nfs4_acl *acl, struct posix_acl **pacl, struct posix_acl **dpacl, unsigned int flags) |
1da177e4c Linux-2.6.12-rc2 |
676 |
{ |
575a6290f [PATCH] knfsd: nf... |
677 |
struct posix_acl_state effective_acl_state, default_acl_state; |
09229edb6 [PATCH] knfsd: nf... |
678 679 |
struct nfs4_ace *ace; int ret; |
1da177e4c Linux-2.6.12-rc2 |
680 |
|
575a6290f [PATCH] knfsd: nf... |
681 |
ret = init_state(&effective_acl_state, acl->naces); |
09229edb6 [PATCH] knfsd: nf... |
682 |
if (ret) |
575a6290f [PATCH] knfsd: nf... |
683 684 685 686 687 |
return ret; ret = init_state(&default_acl_state, acl->naces); if (ret) goto out_estate; ret = -EINVAL; |
28e05dd84 [PATCH] knfsd: nf... |
688 |
for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) { |
09229edb6 [PATCH] knfsd: nf... |
689 690 |
if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE && ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) |
575a6290f [PATCH] knfsd: nf... |
691 |
goto out_dstate; |
b548edc2d [PATCH] knfsd: nf... |
692 |
if (ace->flag & ~NFS4_SUPPORTED_FLAGS) |
575a6290f [PATCH] knfsd: nf... |
693 |
goto out_dstate; |
7bdfa68c5 [PATCH] knfsd: nf... |
694 |
if ((ace->flag & NFS4_INHERITANCE_FLAGS) == 0) { |
575a6290f [PATCH] knfsd: nf... |
695 |
process_one_v4_ace(&effective_acl_state, ace); |
b548edc2d [PATCH] knfsd: nf... |
696 |
continue; |
7bdfa68c5 [PATCH] knfsd: nf... |
697 |
} |
575a6290f [PATCH] knfsd: nf... |
698 699 |
if (!(flags & NFS4_ACL_DIR)) goto out_dstate; |
7bdfa68c5 [PATCH] knfsd: nf... |
700 701 702 703 704 |
/* * Note that when only one of FILE_INHERIT or DIRECTORY_INHERIT * is set, we're effectively turning on the other. That's OK, * according to rfc 3530. */ |
575a6290f [PATCH] knfsd: nf... |
705 706 707 708 |
process_one_v4_ace(&default_acl_state, ace); if (!(ace->flag & NFS4_ACE_INHERIT_ONLY_ACE)) process_one_v4_ace(&effective_acl_state, ace); |
1da177e4c Linux-2.6.12-rc2 |
709 |
} |
575a6290f [PATCH] knfsd: nf... |
710 711 712 |
*pacl = posix_state_to_acl(&effective_acl_state, flags); if (IS_ERR(*pacl)) { ret = PTR_ERR(*pacl); |
4b2ca38ad knfsd: nfsd4: fix... |
713 |
*pacl = NULL; |
575a6290f [PATCH] knfsd: nf... |
714 715 |
goto out_dstate; } |
3160a711e [PATCH] knfsd: nf... |
716 717 |
*dpacl = posix_state_to_acl(&default_acl_state, flags | NFS4_ACL_TYPE_DEFAULT); |
575a6290f [PATCH] knfsd: nf... |
718 719 |
if (IS_ERR(*dpacl)) { ret = PTR_ERR(*dpacl); |
4b2ca38ad knfsd: nfsd4: fix... |
720 |
*dpacl = NULL; |
575a6290f [PATCH] knfsd: nf... |
721 |
posix_acl_release(*pacl); |
4b2ca38ad knfsd: nfsd4: fix... |
722 |
*pacl = NULL; |
575a6290f [PATCH] knfsd: nf... |
723 724 725 726 727 728 729 730 731 732 |
goto out_dstate; } sort_pacl(*pacl); sort_pacl(*dpacl); ret = 0; out_dstate: free_state(&default_acl_state); out_estate: free_state(&effective_acl_state); return ret; |
1da177e4c Linux-2.6.12-rc2 |
733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 |
} static short ace2type(struct nfs4_ace *ace) { switch (ace->whotype) { case NFS4_ACL_WHO_NAMED: return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? ACL_GROUP : ACL_USER); case NFS4_ACL_WHO_OWNER: return ACL_USER_OBJ; case NFS4_ACL_WHO_GROUP: return ACL_GROUP_OBJ; case NFS4_ACL_WHO_EVERYONE: return ACL_OTHER; } BUG(); return -1; } EXPORT_SYMBOL(nfs4_acl_posix_to_nfsv4); EXPORT_SYMBOL(nfs4_acl_nfsv4_to_posix); struct nfs4_acl * |
28e05dd84 [PATCH] knfsd: nf... |
757 |
nfs4_acl_new(int n) |
1da177e4c Linux-2.6.12-rc2 |
758 759 |
{ struct nfs4_acl *acl; |
28e05dd84 [PATCH] knfsd: nf... |
760 761 |
acl = kmalloc(sizeof(*acl) + n*sizeof(struct nfs4_ace), GFP_KERNEL); if (acl == NULL) |
1da177e4c Linux-2.6.12-rc2 |
762 |
return NULL; |
1da177e4c Linux-2.6.12-rc2 |
763 |
acl->naces = 0; |
1da177e4c Linux-2.6.12-rc2 |
764 765 |
return acl; } |
1da177e4c Linux-2.6.12-rc2 |
766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 |
static struct { char *string; int stringlen; int type; } s2t_map[] = { { .string = "OWNER@", .stringlen = sizeof("OWNER@") - 1, .type = NFS4_ACL_WHO_OWNER, }, { .string = "GROUP@", .stringlen = sizeof("GROUP@") - 1, .type = NFS4_ACL_WHO_GROUP, }, { .string = "EVERYONE@", .stringlen = sizeof("EVERYONE@") - 1, .type = NFS4_ACL_WHO_EVERYONE, }, }; int nfs4_acl_get_whotype(char *p, u32 len) { int i; |
e8c96f8c2 [PATCH] fs: Use A... |
792 |
for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { |
1da177e4c Linux-2.6.12-rc2 |
793 794 795 796 797 798 799 800 801 802 803 |
if (s2t_map[i].stringlen == len && 0 == memcmp(s2t_map[i].string, p, len)) return s2t_map[i].type; } return NFS4_ACL_WHO_NAMED; } int nfs4_acl_write_who(int who, char *p) { int i; |
e8c96f8c2 [PATCH] fs: Use A... |
804 |
for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { |
1da177e4c Linux-2.6.12-rc2 |
805 806 807 808 809 810 811 812 |
if (s2t_map[i].type == who) { memcpy(p, s2t_map[i].string, s2t_map[i].stringlen); return s2t_map[i].stringlen; } } BUG(); return -1; } |
1da177e4c Linux-2.6.12-rc2 |
813 |
EXPORT_SYMBOL(nfs4_acl_new); |
1da177e4c Linux-2.6.12-rc2 |
814 815 |
EXPORT_SYMBOL(nfs4_acl_get_whotype); EXPORT_SYMBOL(nfs4_acl_write_who); |