nfs4acl.c source code [linux/fs/nfsd/nfs4acl.c]

1	/*
2	* Common NFSv4 ACL handling code.
3	*
4	* Copyright (c) 2002, 2003 The Regents of the University of Michigan.
5	* All rights reserved.
6	*
7	* Marius Aamodt Eriksen <marius@umich.edu>
8	* Jeff Sedlak <jsedlak@umich.edu>
9	* J. Bruce Fields <bfields@umich.edu>
10	*
11	* Redistribution and use in source and binary forms, with or without
12	* modification, are permitted provided that the following conditions
13	* are met:
14	*
15	* 1. Redistributions of source code must retain the above copyright
16	* notice, this list of conditions and the following disclaimer.
17	* 2. Redistributions in binary form must reproduce the above copyright
18	* notice, this list of conditions and the following disclaimer in the
19	* documentation and/or other materials provided with the distribution.
20	* 3. Neither the name of the University nor the names of its
21	* contributors may be used to endorse or promote products derived
22	* from this software without specific prior written permission.
23	*
24	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
25	* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
26	* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27	* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
31	* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
32	* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
33	* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
34	* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	*/
36
37	#include <linux/fs.h>
38	#include <linux/slab.h>
39	#include <linux/posix_acl.h>
40
41	#include "nfsfh.h"
42	#include "nfsd.h"
43	#include "acl.h"
44	#include "vfs.h"
45
46	#define NFS4_ACL_TYPE_DEFAULT 0x01
47	#define NFS4_ACL_DIR 0x02
48	#define NFS4_ACL_OWNER 0x04
49
50	/ mode bit translations: /
51	#define NFS4_READ_MODE (NFS4_ACE_READ_DATA)
52	#define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA \| NFS4_ACE_APPEND_DATA)
53	#define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE
54	#define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES \| NFS4_ACE_READ_ACL \| NFS4_ACE_SYNCHRONIZE)
55	#define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES \| NFS4_ACE_WRITE_ACL)
56
57	/ flags used to simulate posix default ACLs /
58	#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \
59	\| NFS4_ACE_DIRECTORY_INHERIT_ACE)
60
61	#define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS \
62	\| NFS4_ACE_INHERIT_ONLY_ACE \
63	\| NFS4_ACE_IDENTIFIER_GROUP)
64
65	static u32
66	mask_from_posix(unsigned short perm, unsigned int flags)
67	{
68	int mask = NFS4_ANYONE_MODE;
69
70	if (flags & NFS4_ACL_OWNER)
71	mask \|= NFS4_OWNER_MODE;
72	if (perm & ACL_READ)
73	mask \|= NFS4_READ_MODE;
74	if (perm & ACL_WRITE)
75	mask \|= NFS4_WRITE_MODE;
76	if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR))
77	mask \|= NFS4_ACE_DELETE_CHILD;
78	if (perm & ACL_EXECUTE)
79	mask \|= NFS4_EXECUTE_MODE;
80	return mask;
81	}
82
83	static u32
84	deny_mask_from_posix(unsigned short perm, u32 flags)
85	{
86	u32 mask = `0`;
87
88	if (perm & ACL_READ)
89	mask \|= NFS4_READ_MODE;
90	if (perm & ACL_WRITE)
91	mask \|= NFS4_WRITE_MODE;
92	if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR))
93	mask \|= NFS4_ACE_DELETE_CHILD;
94	if (perm & ACL_EXECUTE)
95	mask \|= NFS4_EXECUTE_MODE;
96	return mask;
97	}
98
99	/ XXX: modify functions to return NFS errors; they're only ever*
100	* used by nfs code, after all.... */
101
102	/ We only map from NFSv4 to POSIX ACLs when setting ACLs, when we err on the*
103	* side of being more restrictive, so the mode bit mapping below is
104	* pessimistic. An optimistic version would be needed to handle DENY's,
105	* but we expect to coalesce all ALLOWs and DENYs before mapping to mode
106	* bits. */
107
108	static void
109	low_mode_from_nfs4(u32 perm, unsigned short mode, unsigned* int flags)
110	{
111	u32 write_mode = NFS4_WRITE_MODE;
112
113	if (flags & NFS4_ACL_DIR)
114	write_mode \|= NFS4_ACE_DELETE_CHILD;
115	*mode = `0`;
116	if ((perm & NFS4_READ_MODE) == NFS4_READ_MODE)
117	*mode \|= ACL_READ;
118	if ((perm & write_mode) == write_mode)
119	*mode \|= ACL_WRITE;
120	if ((perm & NFS4_EXECUTE_MODE) == NFS4_EXECUTE_MODE)
121	*mode \|= ACL_EXECUTE;
122	}
123
124	static short ace2type(struct nfs4_ace *);
125	static void _posix_to_nfsv4_one(struct posix_acl , struct* nfs4_acl *,
126	unsigned int);
127
128	int
129	nfsd4_get_nfs4_acl(struct svc_rqst rqstp, struct* dentry *dentry,
130	struct nfs4_acl **acl)
131	{
132	struct inode *inode = d_inode(dentry);
133	int error = `0`;
134	struct posix_acl pacl = NULL, dpacl = NULL;
135	unsigned int flags = `0`;
136	int size = `0`;
137
138	pacl = get_inode_acl(inode, ACL_TYPE_ACCESS);
139	if (!pacl)
140	pacl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL);
141
142	if (IS_ERR(ptr: pacl))
143	return PTR_ERR(ptr: pacl);
144
145	/ allocate for worst case: one (deny, allow) pair each: /
146	size += `2` * pacl->a_count;
147
148	if (S_ISDIR(inode->i_mode)) {
149	flags = NFS4_ACL_DIR;
150	dpacl = get_inode_acl(inode, ACL_TYPE_DEFAULT);
151	if (IS_ERR(ptr: dpacl)) {
152	error = PTR_ERR(ptr: dpacl);
153	goto rel_pacl;
154	}
155
156	if (dpacl)
157	size += `2` * dpacl->a_count;
158	}
159
160	*acl = kmalloc(size: nfs4_acl_bytes(entries: size), GFP_KERNEL);
161	if (*acl == NULL) {
162	error = -ENOMEM;
163	goto out;
164	}
165	(*acl)->naces = `0`;
166
167	_posix_to_nfsv4_one(pacl, *acl, flags & ~NFS4_ACL_TYPE_DEFAULT);
168
169	if (dpacl)
170	_posix_to_nfsv4_one(dpacl, *acl, flags \| NFS4_ACL_TYPE_DEFAULT);
171
172	out:
173	posix_acl_release(acl: dpacl);
174	rel_pacl:
175	posix_acl_release(acl: pacl);
176	return error;
177	}
178
179	struct posix_acl_summary {
180	unsigned short owner;
181	unsigned short users;
182	unsigned short group;
183	unsigned short groups;
184	unsigned short other;
185	unsigned short mask;
186	};
187
188	static void
189	summarize_posix_acl(struct posix_acl acl, struct* posix_acl_summary *pas)
190	{
191	struct posix_acl_entry pa, pe;
192
193	/*
194	* Only pas.users and pas.groups need initialization; previous
195	* posix_acl_valid() calls ensure that the other fields will be
196	* initialized in the following loop. But, just to placate gcc:
197	*/
198	memset(pas, `0`, sizeof(*pas));
199	pas->mask = `07`;
200
201	pe = acl->a_entries + acl->a_count;
202
203	FOREACH_ACL_ENTRY(pa, acl, pe) {
204	switch (pa->e_tag) {
205	case ACL_USER_OBJ:
206	pas->owner = pa->e_perm;
207	break;
208	case ACL_GROUP_OBJ:
209	pas->group = pa->e_perm;
210	break;
211	case ACL_USER:
212	pas->users \|= pa->e_perm;
213	break;
214	case ACL_GROUP:
215	pas->groups \|= pa->e_perm;
216	break;
217	case ACL_OTHER:
218	pas->other = pa->e_perm;
219	break;
220	case ACL_MASK:
221	pas->mask = pa->e_perm;
222	break;
223	}
224	}
225	/ We'll only care about effective permissions: /
226	pas->users &= pas->mask;
227	pas->group &= pas->mask;
228	pas->groups &= pas->mask;
229	}
230
231	/ We assume the acl has been verified with posix_acl_valid. /
232	static void
233	_posix_to_nfsv4_one(struct posix_acl pacl, struct* nfs4_acl *acl,
234	unsigned int flags)
235	{
236	struct posix_acl_entry pa, group_owner_entry;
237	struct nfs4_ace *ace;
238	struct posix_acl_summary pas;
239	unsigned short deny;
240	int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ?
241	NFS4_INHERITANCE_FLAGS \| NFS4_ACE_INHERIT_ONLY_ACE : `0`);
242
243	BUG_ON(pacl->a_count < `3`);
244	summarize_posix_acl(acl: pacl, pas: &pas);
245
246	pa = pacl->a_entries;
247	ace = acl->aces + acl->naces;
248
249	/ We could deny everything not granted by the owner: /
250	deny = ~pas.owner;
251	/*
252	* but it is equivalent (and simpler) to deny only what is not
253	* granted by later entries:
254	*/
255	deny &= pas.users \| pas.group \| pas.groups \| pas.other;
256	if (deny) {
257	ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE;
258	ace->flag = eflag;
259	ace->access_mask = deny_mask_from_posix(perm: deny, flags);
260	ace->whotype = NFS4_ACL_WHO_OWNER;
261	ace++;
262	acl->naces++;
263	}
264
265	ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE;
266	ace->flag = eflag;
267	ace->access_mask = mask_from_posix(perm: pa->e_perm, flags: flags \| NFS4_ACL_OWNER);
268	ace->whotype = NFS4_ACL_WHO_OWNER;
269	ace++;
270	acl->naces++;
271	pa++;
272
273	while (pa->e_tag == ACL_USER) {
274	deny = ~(pa->e_perm & pas.mask);
275	deny &= pas.groups \| pas.group \| pas.other;
276	if (deny) {
277	ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE;
278	ace->flag = eflag;
279	ace->access_mask = deny_mask_from_posix(perm: deny, flags);
280	ace->whotype = NFS4_ACL_WHO_NAMED;
281	ace->who_uid = pa->e_uid;
282	ace++;
283	acl->naces++;
284	}
285	ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE;
286	ace->flag = eflag;
287	ace->access_mask = mask_from_posix(perm: pa->e_perm & pas.mask,
288	flags);
289	ace->whotype = NFS4_ACL_WHO_NAMED;
290	ace->who_uid = pa->e_uid;
291	ace++;
292	acl->naces++;
293	pa++;
294	}
295
296	/ In the case of groups, we apply allow ACEs first, then deny ACEs,*
297	* since a user can be in more than one group. */
298
299	/ allow ACEs /
300
301	group_owner_entry = pa;
302
303	ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE;
304	ace->flag = eflag;
305	ace->access_mask = mask_from_posix(perm: pas.group, flags);
306	ace->whotype = NFS4_ACL_WHO_GROUP;
307	ace++;
308	acl->naces++;
309	pa++;
310
311	while (pa->e_tag == ACL_GROUP) {
312	ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE;
313	ace->flag = eflag \| NFS4_ACE_IDENTIFIER_GROUP;
314	ace->access_mask = mask_from_posix(perm: pa->e_perm & pas.mask,
315	flags);
316	ace->whotype = NFS4_ACL_WHO_NAMED;
317	ace->who_gid = pa->e_gid;
318	ace++;
319	acl->naces++;
320	pa++;
321	}
322
323	/ deny ACEs /
324
325	pa = group_owner_entry;
326
327	deny = ~pas.group & pas.other;
328	if (deny) {
329	ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE;
330	ace->flag = eflag;
331	ace->access_mask = deny_mask_from_posix(perm: deny, flags);
332	ace->whotype = NFS4_ACL_WHO_GROUP;
333	ace++;
334	acl->naces++;
335	}
336	pa++;
337
338	while (pa->e_tag == ACL_GROUP) {
339	deny = ~(pa->e_perm & pas.mask);
340	deny &= pas.other;
341	if (deny) {
342	ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE;
343	ace->flag = eflag \| NFS4_ACE_IDENTIFIER_GROUP;
344	ace->access_mask = deny_mask_from_posix(perm: deny, flags);
345	ace->whotype = NFS4_ACL_WHO_NAMED;
346	ace->who_gid = pa->e_gid;
347	ace++;
348	acl->naces++;
349	}
350	pa++;
351	}
352
353	if (pa->e_tag == ACL_MASK)
354	pa++;
355	ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE;
356	ace->flag = eflag;
357	ace->access_mask = mask_from_posix(perm: pa->e_perm, flags);
358	ace->whotype = NFS4_ACL_WHO_EVERYONE;
359	acl->naces++;
360	}
361
362	static bool
363	pace_gt(struct posix_acl_entry pace1, struct* posix_acl_entry *pace2)
364	{
365	if (pace1->e_tag != pace2->e_tag)
366	return pace1->e_tag > pace2->e_tag;
367	if (pace1->e_tag == ACL_USER)
368	return uid_gt(left: pace1->e_uid, right: pace2->e_uid);
369	if (pace1->e_tag == ACL_GROUP)
370	return gid_gt(left: pace1->e_gid, right: pace2->e_gid);
371	return false;
372	}
373
374	static void
375	sort_pacl_range(struct posix_acl pacl, int* start, int end) {
376	int sorted = `0`, i;
377
378	/ We just do a bubble sort; easy to do in place, and we're not*
379	* expecting acl's to be long enough to justify anything more. */
380	while (!sorted) {
381	sorted = `1`;
382	for (i = start; i < end; i++) {
383	if (pace_gt(pace1: &pacl->a_entries[i],
384	pace2: &pacl->a_entries[i+`1`])) {
385	sorted = `0`;
386	swap(pacl->a_entries[i],
387	pacl->a_entries[i + `1`]);
388	}
389	}
390	}
391	}
392
393	static void
394	sort_pacl(struct posix_acl *pacl)
395	{
396	/ posix_acl_valid requires that users and groups be in order*
397	* by uid/gid. */
398	int i, j;
399
400	/ no users or groups /
401	if (!pacl \|\| pacl->a_count <= `4`)
402	return;
403
404	i = `1`;
405	while (pacl->a_entries[i].e_tag == ACL_USER)
406	i++;
407	sort_pacl_range(pacl, start: `1`, end: i-`1`);
408
409	BUG_ON(pacl->a_entries[i].e_tag != ACL_GROUP_OBJ);
410	j = ++i;
411	while (pacl->a_entries[j].e_tag == ACL_GROUP)
412	j++;
413	sort_pacl_range(pacl, start: i, end: j-`1`);
414	return;
415	}
416
417	/*
418	* While processing the NFSv4 ACE, this maintains bitmasks representing
419	* which permission bits have been allowed and which denied to a given
420	* entity: */
421	struct posix_ace_state {
422	u32 allow;
423	u32 deny;
424	};
425
426	struct posix_user_ace_state {
427	union {
428	kuid_t uid;
429	kgid_t gid;
430	};
431	struct posix_ace_state perms;
432	};
433
434	struct posix_ace_state_array {
435	int n;
436	struct posix_user_ace_state aces[];
437	};
438
439	/*
440	* While processing the NFSv4 ACE, this maintains the partial permissions
441	* calculated so far: */
442
443	struct posix_acl_state {
444	unsigned char valid;
445	struct posix_ace_state owner;
446	struct posix_ace_state group;
447	struct posix_ace_state other;
448	struct posix_ace_state everyone;
449	struct posix_ace_state mask; / Deny unused in this case /
450	struct posix_ace_state_array *users;
451	struct posix_ace_state_array *groups;
452	};
453
454	static int
455	init_state(struct posix_acl_state state, int* cnt)
456	{
457	int alloc;
458
459	memset(state, `0`, sizeof(struct posix_acl_state));
460	/*
461	* In the worst case, each individual acl could be for a distinct
462	* named user or group, but we don't know which, so we allocate
463	* enough space for either:
464	*/
465	alloc = sizeof(struct posix_ace_state_array)
466	+ cnt*sizeof(struct posix_user_ace_state);
467	state->users = kzalloc(size: alloc, GFP_KERNEL);
468	if (!state->users)
469	return -ENOMEM;
470	state->groups = kzalloc(size: alloc, GFP_KERNEL);
471	if (!state->groups) {
472	kfree(objp: state->users);
473	return -ENOMEM;
474	}
475	return `0`;
476	}
477
478	static void
479	free_state(struct posix_acl_state *state) {
480	kfree(objp: state->users);
481	kfree(objp: state->groups);
482	}
483
484	static inline void add_to_mask(struct posix_acl_state state, struct* posix_ace_state *astate)
485	{
486	state->mask.allow \|= astate->allow;
487	}
488
489	static struct posix_acl *
490	posix_state_to_acl(struct posix_acl_state state, unsigned* int flags)
491	{
492	struct posix_acl_entry *pace;
493	struct posix_acl *pacl;
494	int nace;
495	int i;
496
497	/*
498	* ACLs with no ACEs are treated differently in the inheritable
499	* and effective cases: when there are no inheritable ACEs,
500	* calls ->set_acl with a NULL ACL structure.
501	*/
502	if (!state->valid && (flags & NFS4_ACL_TYPE_DEFAULT))
503	return NULL;
504
505	/*
506	* When there are no effective ACEs, the following will end
507	* up setting a 3-element effective posix ACL with all
508	* permissions zero.
509	*/
510	if (!state->users->n && !state->groups->n)
511	nace = `3`;
512	else / Note we also include a MASK ACE in this case: /
513	nace = `4` + state->users->n + state->groups->n;
514	pacl = posix_acl_alloc(nace, GFP_KERNEL);
515	if (!pacl)
516	return ERR_PTR(error: -ENOMEM);
517
518	pace = pacl->a_entries;
519	pace->e_tag = ACL_USER_OBJ;
520	low_mode_from_nfs4(perm: state->owner.allow, mode: &pace->e_perm, flags);
521
522	for (i=`0`; i < state->users->n; i++) {
523	pace++;
524	pace->e_tag = ACL_USER;
525	low_mode_from_nfs4(perm: state->users->aces[i].perms.allow,
526	mode: &pace->e_perm, flags);
527	pace->e_uid = state->users->aces[i].uid;
528	add_to_mask(state, astate: &state->users->aces[i].perms);
529	}
530
531	pace++;
532	pace->e_tag = ACL_GROUP_OBJ;
533	low_mode_from_nfs4(perm: state->group.allow, mode: &pace->e_perm, flags);
534	add_to_mask(state, astate: &state->group);
535
536	for (i=`0`; i < state->groups->n; i++) {
537	pace++;
538	pace->e_tag = ACL_GROUP;
539	low_mode_from_nfs4(perm: state->groups->aces[i].perms.allow,
540	mode: &pace->e_perm, flags);
541	pace->e_gid = state->groups->aces[i].gid;
542	add_to_mask(state, astate: &state->groups->aces[i].perms);
543	}
544
545	if (state->users->n \|\| state->groups->n) {
546	pace++;
547	pace->e_tag = ACL_MASK;
548	low_mode_from_nfs4(perm: state->mask.allow, mode: &pace->e_perm, flags);
549	}
550
551	pace++;
552	pace->e_tag = ACL_OTHER;
553	low_mode_from_nfs4(perm: state->other.allow, mode: &pace->e_perm, flags);
554
555	return pacl;
556	}
557
558	static inline void allow_bits(struct posix_ace_state *astate, u32 mask)
559	{
560	/ Allow all bits in the mask not already denied: /
561	astate->allow \|= mask & ~astate->deny;
562	}
563
564	static inline void deny_bits(struct posix_ace_state *astate, u32 mask)
565	{
566	/ Deny all bits in the mask not already allowed: /
567	astate->deny \|= mask & ~astate->allow;
568	}
569
570	static int find_uid(struct posix_acl_state *state, kuid_t uid)
571	{
572	struct posix_ace_state_array *a = state->users;
573	int i;
574
575	for (i = `0`; i < a->n; i++)
576	if (uid_eq(left: a->aces[i].uid, right: uid))
577	return i;
578	/ Not found: /
579	a->n++;
580	a->aces[i].uid = uid;
581	a->aces[i].perms.allow = state->everyone.allow;
582	a->aces[i].perms.deny = state->everyone.deny;
583
584	return i;
585	}
586
587	static int find_gid(struct posix_acl_state *state, kgid_t gid)
588	{
589	struct posix_ace_state_array *a = state->groups;
590	int i;
591
592	for (i = `0`; i < a->n; i++)
593	if (gid_eq(left: a->aces[i].gid, right: gid))
594	return i;
595	/ Not found: /
596	a->n++;
597	a->aces[i].gid = gid;
598	a->aces[i].perms.allow = state->everyone.allow;
599	a->aces[i].perms.deny = state->everyone.deny;
600
601	return i;
602	}
603
604	static void deny_bits_array(struct posix_ace_state_array *a, u32 mask)
605	{
606	int i;
607
608	for (i=`0`; i < a->n; i++)
609	deny_bits(astate: &a->aces[i].perms, mask);
610	}
611
612	static void allow_bits_array(struct posix_ace_state_array *a, u32 mask)
613	{
614	int i;
615
616	for (i=`0`; i < a->n; i++)
617	allow_bits(astate: &a->aces[i].perms, mask);
618	}
619
620	static void process_one_v4_ace(struct posix_acl_state *state,
621	struct nfs4_ace *ace)
622	{
623	u32 mask = ace->access_mask;
624	short type = ace2type(ace);
625	int i;
626
627	state->valid \|= type;
628
629	switch (type) {
630	case ACL_USER_OBJ:
631	if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
632	allow_bits(astate: &state->owner, mask);
633	} else {
634	deny_bits(astate: &state->owner, mask);
635	}
636	break;
637	case ACL_USER:
638	i = find_uid(state, uid: ace->who_uid);
639	if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
640	allow_bits(astate: &state->users->aces[i].perms, mask);
641	} else {
642	deny_bits(astate: &state->users->aces[i].perms, mask);
643	mask = state->users->aces[i].perms.deny;
644	deny_bits(astate: &state->owner, mask);
645	}
646	break;
647	case ACL_GROUP_OBJ:
648	if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
649	allow_bits(astate: &state->group, mask);
650	} else {
651	deny_bits(astate: &state->group, mask);
652	mask = state->group.deny;
653	deny_bits(astate: &state->owner, mask);
654	deny_bits(astate: &state->everyone, mask);
655	deny_bits_array(a: state->users, mask);
656	deny_bits_array(a: state->groups, mask);
657	}
658	break;
659	case ACL_GROUP:
660	i = find_gid(state, gid: ace->who_gid);
661	if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
662	allow_bits(astate: &state->groups->aces[i].perms, mask);
663	} else {
664	deny_bits(astate: &state->groups->aces[i].perms, mask);
665	mask = state->groups->aces[i].perms.deny;
666	deny_bits(astate: &state->owner, mask);
667	deny_bits(astate: &state->group, mask);
668	deny_bits(astate: &state->everyone, mask);
669	deny_bits_array(a: state->users, mask);
670	deny_bits_array(a: state->groups, mask);
671	}
672	break;
673	case ACL_OTHER:
674	if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
675	allow_bits(astate: &state->owner, mask);
676	allow_bits(astate: &state->group, mask);
677	allow_bits(astate: &state->other, mask);
678	allow_bits(astate: &state->everyone, mask);
679	allow_bits_array(a: state->users, mask);
680	allow_bits_array(a: state->groups, mask);
681	} else {
682	deny_bits(astate: &state->owner, mask);
683	deny_bits(astate: &state->group, mask);
684	deny_bits(astate: &state->other, mask);
685	deny_bits(astate: &state->everyone, mask);
686	deny_bits_array(a: state->users, mask);
687	deny_bits_array(a: state->groups, mask);
688	}
689	}
690	}
691
692	static int nfs4_acl_nfsv4_to_posix(struct nfs4_acl *acl,
693	struct posix_acl pacl, struct posix_acl dpacl,
694	unsigned int flags)
695	{
696	struct posix_acl_state effective_acl_state, default_acl_state;
697	struct nfs4_ace *ace;
698	int ret;
699
700	ret = init_state(state: &effective_acl_state, cnt: acl->naces);
701	if (ret)
702	return ret;
703	ret = init_state(state: &default_acl_state, cnt: acl->naces);
704	if (ret)
705	goto out_estate;
706	ret = -EINVAL;
707	for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) {
708	if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE &&
709	ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE)
710	goto out_dstate;
711	if (ace->flag & ~NFS4_SUPPORTED_FLAGS)
712	goto out_dstate;
713	if ((ace->flag & NFS4_INHERITANCE_FLAGS) == `0`) {
714	process_one_v4_ace(state: &effective_acl_state, ace);
715	continue;
716	}
717	if (!(flags & NFS4_ACL_DIR))
718	goto out_dstate;
719	/*
720	* Note that when only one of FILE_INHERIT or DIRECTORY_INHERIT
721	* is set, we're effectively turning on the other. That's OK,
722	* according to rfc 3530.
723	*/
724	process_one_v4_ace(state: &default_acl_state, ace);
725
726	if (!(ace->flag & NFS4_ACE_INHERIT_ONLY_ACE))
727	process_one_v4_ace(state: &effective_acl_state, ace);
728	}
729
730	/*
731	* At this point, the default ACL may have zeroed-out entries for owner,
732	* group and other. That usually results in a non-sensical resulting ACL
733	* that denies all access except to any ACE that was explicitly added.
734	*
735	* The setfacl command solves a similar problem with this logic:
736	*
737	* "If a Default ACL entry is created, and the Default ACL contains
738	* no owner, owning group, or others entry, a copy of the ACL
739	* owner, owning group, or others entry is added to the Default ACL."
740	*
741	* Copy any missing ACEs from the effective set, if any ACEs were
742	* explicitly set.
743	*/
744	if (default_acl_state.valid) {
745	if (!(default_acl_state.valid & ACL_USER_OBJ))
746	default_acl_state.owner = effective_acl_state.owner;
747	if (!(default_acl_state.valid & ACL_GROUP_OBJ))
748	default_acl_state.group = effective_acl_state.group;
749	if (!(default_acl_state.valid & ACL_OTHER))
750	default_acl_state.other = effective_acl_state.other;
751	}
752
753	*pacl = posix_state_to_acl(state: &effective_acl_state, flags);
754	if (IS_ERR(ptr: *pacl)) {
755	ret = PTR_ERR(ptr: *pacl);
756	*pacl = NULL;
757	goto out_dstate;
758	}
759	*dpacl = posix_state_to_acl(state: &default_acl_state,
760	flags: flags \| NFS4_ACL_TYPE_DEFAULT);
761	if (IS_ERR(ptr: *dpacl)) {
762	ret = PTR_ERR(ptr: *dpacl);
763	*dpacl = NULL;
764	posix_acl_release(acl: *pacl);
765	*pacl = NULL;
766	goto out_dstate;
767	}
768	sort_pacl(pacl: *pacl);
769	sort_pacl(pacl: *dpacl);
770	ret = `0`;
771	out_dstate:
772	free_state(state: &default_acl_state);
773	out_estate:
774	free_state(state: &effective_acl_state);
775	return ret;
776	}
777
778	__be32 nfsd4_acl_to_attr(enum nfs_ftype4 type, struct nfs4_acl *acl,
779	struct nfsd_attrs *attr)
780	{
781	int host_error;
782	unsigned int flags = `0`;
783
784	if (!acl)
785	return nfs_ok;
786
787	if (type == NF4DIR)
788	flags = NFS4_ACL_DIR;
789
790	host_error = nfs4_acl_nfsv4_to_posix(acl, pacl: &attr->na_pacl,
791	dpacl: &attr->na_dpacl, flags);
792	if (host_error == -EINVAL)
793	return nfserr_attrnotsupp;
794	else
795	return nfserrno(errno: host_error);
796	}
797
798	static short
799	ace2type(struct nfs4_ace *ace)
800	{
801	switch (ace->whotype) {
802	case NFS4_ACL_WHO_NAMED:
803	return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ?
804	ACL_GROUP : ACL_USER);
805	case NFS4_ACL_WHO_OWNER:
806	return ACL_USER_OBJ;
807	case NFS4_ACL_WHO_GROUP:
808	return ACL_GROUP_OBJ;
809	case NFS4_ACL_WHO_EVERYONE:
810	return ACL_OTHER;
811	}
812	BUG();
813	return -`1`;
814	}
815
816	/*
817	* return the size of the struct nfs4_acl required to represent an acl
818	* with @entries entries.
819	*/
820	int nfs4_acl_bytes(int entries)
821	{
822	return sizeof(struct nfs4_acl) + entries * sizeof(struct nfs4_ace);
823	}
824
825	static struct {
826	char *string;
827	int stringlen;
828	int type;
829	} s2t_map[] = {
830	{
831	.string = "OWNER@",
832	.stringlen = sizeof("OWNER@") - `1`,
833	.type = NFS4_ACL_WHO_OWNER,
834	},
835	{
836	.string = "GROUP@",
837	.stringlen = sizeof("GROUP@") - `1`,
838	.type = NFS4_ACL_WHO_GROUP,
839	},
840	{
841	.string = "EVERYONE@",
842	.stringlen = sizeof("EVERYONE@") - `1`,
843	.type = NFS4_ACL_WHO_EVERYONE,
844	},
845	};
846
847	int
848	nfs4_acl_get_whotype(char *p, u32 len)
849	{
850	int i;
851
852	for (i = `0`; i < ARRAY_SIZE(s2t_map); i++) {
853	if (s2t_map[i].stringlen == len &&
854	`0` == memcmp(p: s2t_map[i].string, q: p, size: len))
855	return s2t_map[i].type;
856	}
857	return NFS4_ACL_WHO_NAMED;
858	}
859
860	__be32 nfs4_acl_write_who(struct xdr_stream xdr, int* who)
861	{
862	__be32 *p;
863	int i;
864
865	for (i = `0`; i < ARRAY_SIZE(s2t_map); i++) {
866	if (s2t_map[i].type != who)
867	continue;
868	p = xdr_reserve_space(xdr, nbytes: s2t_map[i].stringlen + `4`);
869	if (!p)
870	return nfserr_resource;
871	p = xdr_encode_opaque(p, ptr: s2t_map[i].string,
872	len: s2t_map[i].stringlen);
873	return `0`;
874	}
875	WARN_ON_ONCE(`1`);
876	return nfserr_serverfault;
877	}
878

source code of linux/fs/nfsd/nfs4acl.c