1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * fs/nfs_common/nfsacl.c 4 * 5 * Copyright (C) 2002-2003 Andreas Gruenbacher <agruen@suse.de> 6 */ 7 8 /* 9 * The Solaris nfsacl protocol represents some ACLs slightly differently 10 * than POSIX 1003.1e draft 17 does (and we do): 11 * 12 * - Minimal ACLs always have an ACL_MASK entry, so they have 13 * four instead of three entries. 14 * - The ACL_MASK entry in such minimal ACLs always has the same 15 * permissions as the ACL_GROUP_OBJ entry. (In extended ACLs 16 * the ACL_MASK and ACL_GROUP_OBJ entries may differ.) 17 * - The identifier fields of the ACL_USER_OBJ and ACL_GROUP_OBJ 18 * entries contain the identifiers of the owner and owning group. 19 * (In POSIX ACLs we always set them to ACL_UNDEFINED_ID). 20 * - ACL entries in the kernel are kept sorted in ascending order 21 * of (e_tag, e_id). Solaris ACLs are unsorted. 22 */ 23 24 #include <linux/module.h> 25 #include <linux/fs.h> 26 #include <linux/gfp.h> 27 #include <linux/sunrpc/xdr.h> 28 #include <linux/nfsacl.h> 29 #include <linux/nfs3.h> 30 #include <linux/sort.h> 31 32 MODULE_LICENSE("GPL"); 33 34 struct nfsacl_encode_desc { 35 struct xdr_array2_desc desc; 36 unsigned int count; 37 struct posix_acl *acl; 38 int typeflag; 39 kuid_t uid; 40 kgid_t gid; 41 }; 42 43 struct nfsacl_simple_acl { 44 struct posix_acl acl; 45 struct posix_acl_entry ace[4]; 46 }; 47 48 static int 49 xdr_nfsace_encode(struct xdr_array2_desc *desc, void *elem) 50 { 51 struct nfsacl_encode_desc *nfsacl_desc = 52 (struct nfsacl_encode_desc *) desc; 53 __be32 *p = elem; 54 55 struct posix_acl_entry *entry = 56 &nfsacl_desc->acl->a_entries[nfsacl_desc->count++]; 57 58 *p++ = htonl(entry->e_tag | nfsacl_desc->typeflag); 59 switch(entry->e_tag) { 60 case ACL_USER_OBJ: 61 *p++ = htonl(from_kuid(&init_user_ns, nfsacl_desc->uid)); 62 break; 63 case ACL_GROUP_OBJ: 64 *p++ = htonl(from_kgid(&init_user_ns, nfsacl_desc->gid)); 65 break; 66 case ACL_USER: 67 *p++ = htonl(from_kuid(&init_user_ns, entry->e_uid)); 68 break; 69 case ACL_GROUP: 70 *p++ = htonl(from_kgid(&init_user_ns, entry->e_gid)); 71 break; 72 default: /* Solaris depends on that! */ 73 *p++ = 0; 74 break; 75 } 76 *p++ = htonl(entry->e_perm & S_IRWXO); 77 return 0; 78 } 79 80 /** 81 * nfsacl_encode - Encode an NFSv3 ACL 82 * 83 * @buf: destination xdr_buf to contain XDR encoded ACL 84 * @base: byte offset in xdr_buf where XDR'd ACL begins 85 * @inode: inode of file whose ACL this is 86 * @acl: posix_acl to encode 87 * @encode_entries: whether to encode ACEs as well 88 * @typeflag: ACL type: NFS_ACL_DEFAULT or zero 89 * 90 * Returns size of encoded ACL in bytes or a negative errno value. 91 */ 92 int nfsacl_encode(struct xdr_buf *buf, unsigned int base, struct inode *inode, 93 struct posix_acl *acl, int encode_entries, int typeflag) 94 { 95 int entries = (acl && acl->a_count) ? max_t(int, acl->a_count, 4) : 0; 96 struct nfsacl_encode_desc nfsacl_desc = { 97 .desc = { 98 .elem_size = 12, 99 .array_len = encode_entries ? entries : 0, 100 .xcode = xdr_nfsace_encode, 101 }, 102 .acl = acl, 103 .typeflag = typeflag, 104 .uid = inode->i_uid, 105 .gid = inode->i_gid, 106 }; 107 struct nfsacl_simple_acl aclbuf; 108 int err; 109 110 if (entries > NFS_ACL_MAX_ENTRIES || 111 xdr_encode_word(buf, base, entries)) 112 return -EINVAL; 113 if (encode_entries && acl && acl->a_count == 3) { 114 struct posix_acl *acl2 = &aclbuf.acl; 115 116 /* Avoid the use of posix_acl_alloc(). nfsacl_encode() is 117 * invoked in contexts where a memory allocation failure is 118 * fatal. Fortunately this fake ACL is small enough to 119 * construct on the stack. */ 120 posix_acl_init(acl2, 4); 121 122 /* Insert entries in canonical order: other orders seem 123 to confuse Solaris VxFS. */ 124 acl2->a_entries[0] = acl->a_entries[0]; /* ACL_USER_OBJ */ 125 acl2->a_entries[1] = acl->a_entries[1]; /* ACL_GROUP_OBJ */ 126 acl2->a_entries[2] = acl->a_entries[1]; /* ACL_MASK */ 127 acl2->a_entries[2].e_tag = ACL_MASK; 128 acl2->a_entries[3] = acl->a_entries[2]; /* ACL_OTHER */ 129 nfsacl_desc.acl = acl2; 130 } 131 err = xdr_encode_array2(buf, base + 4, &nfsacl_desc.desc); 132 if (!err) 133 err = 8 + nfsacl_desc.desc.elem_size * 134 nfsacl_desc.desc.array_len; 135 return err; 136 } 137 EXPORT_SYMBOL_GPL(nfsacl_encode); 138 139 struct nfsacl_decode_desc { 140 struct xdr_array2_desc desc; 141 unsigned int count; 142 struct posix_acl *acl; 143 }; 144 145 static int 146 xdr_nfsace_decode(struct xdr_array2_desc *desc, void *elem) 147 { 148 struct nfsacl_decode_desc *nfsacl_desc = 149 (struct nfsacl_decode_desc *) desc; 150 __be32 *p = elem; 151 struct posix_acl_entry *entry; 152 unsigned int id; 153 154 if (!nfsacl_desc->acl) { 155 if (desc->array_len > NFS_ACL_MAX_ENTRIES) 156 return -EINVAL; 157 nfsacl_desc->acl = posix_acl_alloc(desc->array_len, GFP_KERNEL); 158 if (!nfsacl_desc->acl) 159 return -ENOMEM; 160 nfsacl_desc->count = 0; 161 } 162 163 entry = &nfsacl_desc->acl->a_entries[nfsacl_desc->count++]; 164 entry->e_tag = ntohl(*p++) & ~NFS_ACL_DEFAULT; 165 id = ntohl(*p++); 166 entry->e_perm = ntohl(*p++); 167 168 switch(entry->e_tag) { 169 case ACL_USER: 170 entry->e_uid = make_kuid(&init_user_ns, id); 171 if (!uid_valid(entry->e_uid)) 172 return -EINVAL; 173 break; 174 case ACL_GROUP: 175 entry->e_gid = make_kgid(&init_user_ns, id); 176 if (!gid_valid(entry->e_gid)) 177 return -EINVAL; 178 break; 179 case ACL_USER_OBJ: 180 case ACL_GROUP_OBJ: 181 case ACL_OTHER: 182 if (entry->e_perm & ~S_IRWXO) 183 return -EINVAL; 184 break; 185 case ACL_MASK: 186 /* Solaris sometimes sets additional bits in the mask */ 187 entry->e_perm &= S_IRWXO; 188 break; 189 default: 190 return -EINVAL; 191 } 192 193 return 0; 194 } 195 196 static int 197 cmp_acl_entry(const void *x, const void *y) 198 { 199 const struct posix_acl_entry *a = x, *b = y; 200 201 if (a->e_tag != b->e_tag) 202 return a->e_tag - b->e_tag; 203 else if ((a->e_tag == ACL_USER) && uid_gt(a->e_uid, b->e_uid)) 204 return 1; 205 else if ((a->e_tag == ACL_USER) && uid_lt(a->e_uid, b->e_uid)) 206 return -1; 207 else if ((a->e_tag == ACL_GROUP) && gid_gt(a->e_gid, b->e_gid)) 208 return 1; 209 else if ((a->e_tag == ACL_GROUP) && gid_lt(a->e_gid, b->e_gid)) 210 return -1; 211 else 212 return 0; 213 } 214 215 /* 216 * Convert from a Solaris ACL to a POSIX 1003.1e draft 17 ACL. 217 */ 218 static int 219 posix_acl_from_nfsacl(struct posix_acl *acl) 220 { 221 struct posix_acl_entry *pa, *pe, 222 *group_obj = NULL, *mask = NULL; 223 224 if (!acl) 225 return 0; 226 227 sort(acl->a_entries, acl->a_count, sizeof(struct posix_acl_entry), 228 cmp_acl_entry, NULL); 229 230 /* Find the ACL_GROUP_OBJ and ACL_MASK entries. */ 231 FOREACH_ACL_ENTRY(pa, acl, pe) { 232 switch(pa->e_tag) { 233 case ACL_USER_OBJ: 234 break; 235 case ACL_GROUP_OBJ: 236 group_obj = pa; 237 break; 238 case ACL_MASK: 239 mask = pa; 240 fallthrough; 241 case ACL_OTHER: 242 break; 243 } 244 } 245 if (acl->a_count == 4 && group_obj && mask && 246 mask->e_perm == group_obj->e_perm) { 247 /* remove bogus ACL_MASK entry */ 248 memmove(mask, mask+1, (3 - (mask - acl->a_entries)) * 249 sizeof(struct posix_acl_entry)); 250 acl->a_count = 3; 251 } 252 return 0; 253 } 254 255 /** 256 * nfsacl_decode - Decode an NFSv3 ACL 257 * 258 * @buf: xdr_buf containing XDR'd ACL data to decode 259 * @base: byte offset in xdr_buf where XDR'd ACL begins 260 * @aclcnt: count of ACEs in decoded posix_acl 261 * @pacl: buffer in which to place decoded posix_acl 262 * 263 * Returns the length of the decoded ACL in bytes, or a negative errno value. 264 */ 265 int nfsacl_decode(struct xdr_buf *buf, unsigned int base, unsigned int *aclcnt, 266 struct posix_acl **pacl) 267 { 268 struct nfsacl_decode_desc nfsacl_desc = { 269 .desc = { 270 .elem_size = 12, 271 .xcode = pacl ? xdr_nfsace_decode : NULL, 272 }, 273 }; 274 u32 entries; 275 int err; 276 277 if (xdr_decode_word(buf, base, &entries) || 278 entries > NFS_ACL_MAX_ENTRIES) 279 return -EINVAL; 280 nfsacl_desc.desc.array_maxlen = entries; 281 err = xdr_decode_array2(buf, base + 4, &nfsacl_desc.desc); 282 if (err) 283 return err; 284 if (pacl) { 285 if (entries != nfsacl_desc.desc.array_len || 286 posix_acl_from_nfsacl(nfsacl_desc.acl) != 0) { 287 posix_acl_release(nfsacl_desc.acl); 288 return -EINVAL; 289 } 290 *pacl = nfsacl_desc.acl; 291 } 292 if (aclcnt) 293 *aclcnt = entries; 294 return 8 + nfsacl_desc.desc.elem_size * 295 nfsacl_desc.desc.array_len; 296 } 297 EXPORT_SYMBOL_GPL(nfsacl_decode); 298 299 /** 300 * nfs_stream_decode_acl - Decode an NFSv3 ACL 301 * 302 * @xdr: an xdr_stream positioned at an encoded ACL 303 * @aclcnt: OUT: count of ACEs in decoded posix_acl 304 * @pacl: OUT: a dynamically-allocated buffer containing the decoded posix_acl 305 * 306 * Return values: 307 * %false: The encoded ACL is not valid 308 * %true: @pacl contains a decoded ACL, and @xdr is advanced 309 * 310 * On a successful return, caller must release *pacl using posix_acl_release(). 311 */ 312 bool nfs_stream_decode_acl(struct xdr_stream *xdr, unsigned int *aclcnt, 313 struct posix_acl **pacl) 314 { 315 const size_t elem_size = XDR_UNIT * 3; 316 struct nfsacl_decode_desc nfsacl_desc = { 317 .desc = { 318 .elem_size = elem_size, 319 .xcode = pacl ? xdr_nfsace_decode : NULL, 320 }, 321 }; 322 unsigned int base; 323 u32 entries; 324 325 if (xdr_stream_decode_u32(xdr, &entries) < 0) 326 return false; 327 if (entries > NFS_ACL_MAX_ENTRIES) 328 return false; 329 330 base = xdr_stream_pos(xdr); 331 if (!xdr_inline_decode(xdr, XDR_UNIT + elem_size * entries)) 332 return false; 333 nfsacl_desc.desc.array_maxlen = entries; 334 if (xdr_decode_array2(xdr->buf, base, &nfsacl_desc.desc)) 335 return false; 336 337 if (pacl) { 338 if (entries != nfsacl_desc.desc.array_len || 339 posix_acl_from_nfsacl(nfsacl_desc.acl) != 0) { 340 posix_acl_release(nfsacl_desc.acl); 341 return false; 342 } 343 *pacl = nfsacl_desc.acl; 344 } 345 if (aclcnt) 346 *aclcnt = entries; 347 return true; 348 } 349 EXPORT_SYMBOL_GPL(nfs_stream_decode_acl); 350