1 // SPDX-License-Identifier: GPL-2.0-only
5  *  Copyright (C) 2002-2003 Andreas Gruenbacher <agruen@suse.de>
12  *  - Minimal ACLs always have an ACL_MASK entry, so they have
14  *  - The ACL_MASK entry in such minimal ACLs always has the same
17  *  - The identifier fields of the ACL_USER_OBJ and ACL_GROUP_OBJ
19  *    (In POSIX ACLs we always set them to ACL_UNDEFINED_ID).
20  *  - ACL entries in the kernel are kept sorted in ascending order
57 		&nfsacl_desc->acl->a_entries[nfsacl_desc->count++];  in xdr_nfsace_encode()
59 	*p++ = htonl(entry->e_tag | nfsacl_desc->typeflag);  in xdr_nfsace_encode()
60 	switch(entry->e_tag) {  in xdr_nfsace_encode()
62 			*p++ = htonl(from_kuid(&init_user_ns, nfsacl_desc->uid));  in xdr_nfsace_encode()
65 			*p++ = htonl(from_kgid(&init_user_ns, nfsacl_desc->gid));  in xdr_nfsace_encode()
68 			*p++ = htonl(from_kuid(&init_user_ns, entry->e_uid));  in xdr_nfsace_encode()
71 			*p++ = htonl(from_kgid(&init_user_ns, entry->e_gid));  in xdr_nfsace_encode()
77 	*p++ = htonl(entry->e_perm & S_IRWXO);  in xdr_nfsace_encode()
82  * nfsacl_encode - Encode an NFSv3 ACL
88  * @encode_entries: whether to encode ACEs as well
96 	int entries = (acl && acl->a_count) ? max_t(int, acl->a_count, 4) : 0;  in nfsacl_encode()
105 		.uid = inode->i_uid,  in nfsacl_encode()
106 		.gid = inode->i_gid,  in nfsacl_encode()
113 		return -EINVAL;  in nfsacl_encode()
114 	if (encode_entries && acl && acl->a_count == 3) {  in nfsacl_encode()
125 		acl2->a_entries[0] = acl->a_entries[0];  /* ACL_USER_OBJ */  in nfsacl_encode()
126 		acl2->a_entries[1] = acl->a_entries[1];  /* ACL_GROUP_OBJ */  in nfsacl_encode()
127 		acl2->a_entries[2] = acl->a_entries[1];  /* ACL_MASK */  in nfsacl_encode()
128 		acl2->a_entries[2].e_tag = ACL_MASK;  in nfsacl_encode()
129 		acl2->a_entries[3] = acl->a_entries[2];  /* ACL_OTHER */  in nfsacl_encode()
141  * nfs_stream_encode_acl - Encode an NFSv3 ACL
146  * @encode_entries: whether to encode ACEs as well
158 	u32 entries = (acl && acl->a_count) ? max_t(int, acl->a_count, 4) : 0;  in nfs_stream_encode_acl()
167 		.uid = inode->i_uid,  in nfs_stream_encode_acl()
168 		.gid = inode->i_gid,  in nfs_stream_encode_acl()
179 	if (encode_entries && acl && acl->a_count == 3) {  in nfs_stream_encode_acl()
190 		acl2->a_entries[0] = acl->a_entries[0];  /* ACL_USER_OBJ */  in nfs_stream_encode_acl()
191 		acl2->a_entries[1] = acl->a_entries[1];  /* ACL_GROUP_OBJ */  in nfs_stream_encode_acl()
192 		acl2->a_entries[2] = acl->a_entries[1];  /* ACL_MASK */  in nfs_stream_encode_acl()
193 		acl2->a_entries[2].e_tag = ACL_MASK;  in nfs_stream_encode_acl()
194 		acl2->a_entries[3] = acl->a_entries[2];  /* ACL_OTHER */  in nfs_stream_encode_acl()
202 	err = xdr_encode_array2(xdr->buf, base, &nfsacl_desc.desc);  in nfs_stream_encode_acl()
226 	if (!nfsacl_desc->acl) {  in xdr_nfsace_decode()
227 		if (desc->array_len > NFS_ACL_MAX_ENTRIES)  in xdr_nfsace_decode()
228 			return -EINVAL;  in xdr_nfsace_decode()
229 		nfsacl_desc->acl = posix_acl_alloc(desc->array_len, GFP_KERNEL);  in xdr_nfsace_decode()
230 		if (!nfsacl_desc->acl)  in xdr_nfsace_decode()
231 			return -ENOMEM;  in xdr_nfsace_decode()
232 		nfsacl_desc->count = 0;  in xdr_nfsace_decode()
235 	entry = &nfsacl_desc->acl->a_entries[nfsacl_desc->count++];  in xdr_nfsace_decode()
236 	entry->e_tag = ntohl(*p++) & ~NFS_ACL_DEFAULT;  in xdr_nfsace_decode()
238 	entry->e_perm = ntohl(*p++);  in xdr_nfsace_decode()
240 	switch(entry->e_tag) {  in xdr_nfsace_decode()
242 			entry->e_uid = make_kuid(&init_user_ns, id);  in xdr_nfsace_decode()
243 			if (!uid_valid(entry->e_uid))  in xdr_nfsace_decode()
244 				return -EINVAL;  in xdr_nfsace_decode()
247 			entry->e_gid = make_kgid(&init_user_ns, id);  in xdr_nfsace_decode()
248 			if (!gid_valid(entry->e_gid))  in xdr_nfsace_decode()
249 				return -EINVAL;  in xdr_nfsace_decode()
254 			if (entry->e_perm & ~S_IRWXO)  in xdr_nfsace_decode()
255 				return -EINVAL;  in xdr_nfsace_decode()
259 			entry->e_perm &= S_IRWXO;  in xdr_nfsace_decode()
262 			return -EINVAL;  in xdr_nfsace_decode()
273 	if (a->e_tag != b->e_tag)  in cmp_acl_entry()
274 		return a->e_tag - b->e_tag;  in cmp_acl_entry()
275 	else if ((a->e_tag == ACL_USER) && uid_gt(a->e_uid, b->e_uid))  in cmp_acl_entry()
277 	else if ((a->e_tag == ACL_USER) && uid_lt(a->e_uid, b->e_uid))  in cmp_acl_entry()
278 		return -1;  in cmp_acl_entry()
279 	else if ((a->e_tag == ACL_GROUP) && gid_gt(a->e_gid, b->e_gid))  in cmp_acl_entry()
281 	else if ((a->e_tag == ACL_GROUP) && gid_lt(a->e_gid, b->e_gid))  in cmp_acl_entry()
282 		return -1;  in cmp_acl_entry()
299 	sort(acl->a_entries, acl->a_count, sizeof(struct posix_acl_entry),  in posix_acl_from_nfsacl()
304 		switch(pa->e_tag) {  in posix_acl_from_nfsacl()
317 	if (acl->a_count == 4 && group_obj && mask &&  in posix_acl_from_nfsacl()
318 	    mask->e_perm == group_obj->e_perm) {  in posix_acl_from_nfsacl()
320 		memmove(mask, mask+1, (3 - (mask - acl->a_entries)) *  in posix_acl_from_nfsacl()
322 		acl->a_count = 3;  in posix_acl_from_nfsacl()
328  * nfsacl_decode - Decode an NFSv3 ACL
332  * @aclcnt: count of ACEs in decoded posix_acl
351 		return -EINVAL;  in nfsacl_decode()
360 			return -EINVAL;  in nfsacl_decode()
372  * nfs_stream_decode_acl - Decode an NFSv3 ACL
375  * @aclcnt: OUT: count of ACEs in decoded posix_acl
376  * @pacl: OUT: a dynamically-allocated buffer containing the decoded posix_acl
406 	if (xdr_decode_array2(xdr->buf, base, &nfsacl_desc.desc))  in nfs_stream_decode_acl()