xref: /linux/fs/nfs_common/nfsacl.c (revision b77e0ce62d63a761ffb7f7245a215a49f5921c2f)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * fs/nfs_common/nfsacl.c
4  *
5  *  Copyright (C) 2002-2003 Andreas Gruenbacher <agruen@suse.de>
6  */
7 
8 /*
9  * The Solaris nfsacl protocol represents some ACLs slightly differently
10  * than POSIX 1003.1e draft 17 does (and we do):
11  *
12  *  - Minimal ACLs always have an ACL_MASK entry, so they have
13  *    four instead of three entries.
14  *  - The ACL_MASK entry in such minimal ACLs always has the same
15  *    permissions as the ACL_GROUP_OBJ entry. (In extended ACLs
16  *    the ACL_MASK and ACL_GROUP_OBJ entries may differ.)
17  *  - The identifier fields of the ACL_USER_OBJ and ACL_GROUP_OBJ
18  *    entries contain the identifiers of the owner and owning group.
19  *    (In POSIX ACLs we always set them to ACL_UNDEFINED_ID).
20  *  - ACL entries in the kernel are kept sorted in ascending order
21  *    of (e_tag, e_id). Solaris ACLs are unsorted.
22  */
23 
24 #include <linux/module.h>
25 #include <linux/fs.h>
26 #include <linux/gfp.h>
27 #include <linux/sunrpc/xdr.h>
28 #include <linux/nfsacl.h>
29 #include <linux/nfs3.h>
30 #include <linux/sort.h>
31 
32 MODULE_LICENSE("GPL");
33 
34 struct nfsacl_encode_desc {
35 	struct xdr_array2_desc desc;
36 	unsigned int count;
37 	struct posix_acl *acl;
38 	int typeflag;
39 	kuid_t uid;
40 	kgid_t gid;
41 };
42 
43 struct nfsacl_simple_acl {
44 	struct posix_acl acl;
45 	struct posix_acl_entry ace[4];
46 };
47 
48 static int
49 xdr_nfsace_encode(struct xdr_array2_desc *desc, void *elem)
50 {
51 	struct nfsacl_encode_desc *nfsacl_desc =
52 		(struct nfsacl_encode_desc *) desc;
53 	__be32 *p = elem;
54 
55 	struct posix_acl_entry *entry =
56 		&nfsacl_desc->acl->a_entries[nfsacl_desc->count++];
57 
58 	*p++ = htonl(entry->e_tag | nfsacl_desc->typeflag);
59 	switch(entry->e_tag) {
60 		case ACL_USER_OBJ:
61 			*p++ = htonl(from_kuid(&init_user_ns, nfsacl_desc->uid));
62 			break;
63 		case ACL_GROUP_OBJ:
64 			*p++ = htonl(from_kgid(&init_user_ns, nfsacl_desc->gid));
65 			break;
66 		case ACL_USER:
67 			*p++ = htonl(from_kuid(&init_user_ns, entry->e_uid));
68 			break;
69 		case ACL_GROUP:
70 			*p++ = htonl(from_kgid(&init_user_ns, entry->e_gid));
71 			break;
72 		default:  /* Solaris depends on that! */
73 			*p++ = 0;
74 			break;
75 	}
76 	*p++ = htonl(entry->e_perm & S_IRWXO);
77 	return 0;
78 }
79 
80 /**
81  * nfsacl_encode - Encode an NFSv3 ACL
82  *
83  * @buf: destination xdr_buf to contain XDR encoded ACL
84  * @base: byte offset in xdr_buf where XDR'd ACL begins
85  * @inode: inode of file whose ACL this is
86  * @acl: posix_acl to encode
87  * @encode_entries: whether to encode ACEs as well
88  * @typeflag: ACL type: NFS_ACL_DEFAULT or zero
89  *
90  * Returns size of encoded ACL in bytes or a negative errno value.
91  */
92 int nfsacl_encode(struct xdr_buf *buf, unsigned int base, struct inode *inode,
93 		  struct posix_acl *acl, int encode_entries, int typeflag)
94 {
95 	int entries = (acl && acl->a_count) ? max_t(int, acl->a_count, 4) : 0;
96 	struct nfsacl_encode_desc nfsacl_desc = {
97 		.desc = {
98 			.elem_size = 12,
99 			.array_len = encode_entries ? entries : 0,
100 			.xcode = xdr_nfsace_encode,
101 		},
102 		.acl = acl,
103 		.typeflag = typeflag,
104 		.uid = inode->i_uid,
105 		.gid = inode->i_gid,
106 	};
107 	struct nfsacl_simple_acl aclbuf;
108 	int err;
109 
110 	if (entries > NFS_ACL_MAX_ENTRIES ||
111 	    xdr_encode_word(buf, base, entries))
112 		return -EINVAL;
113 	if (encode_entries && acl && acl->a_count == 3) {
114 		struct posix_acl *acl2 = &aclbuf.acl;
115 
116 		/* Avoid the use of posix_acl_alloc().  nfsacl_encode() is
117 		 * invoked in contexts where a memory allocation failure is
118 		 * fatal.  Fortunately this fake ACL is small enough to
119 		 * construct on the stack. */
120 		posix_acl_init(acl2, 4);
121 
122 		/* Insert entries in canonical order: other orders seem
123 		 to confuse Solaris VxFS. */
124 		acl2->a_entries[0] = acl->a_entries[0];  /* ACL_USER_OBJ */
125 		acl2->a_entries[1] = acl->a_entries[1];  /* ACL_GROUP_OBJ */
126 		acl2->a_entries[2] = acl->a_entries[1];  /* ACL_MASK */
127 		acl2->a_entries[2].e_tag = ACL_MASK;
128 		acl2->a_entries[3] = acl->a_entries[2];  /* ACL_OTHER */
129 		nfsacl_desc.acl = acl2;
130 	}
131 	err = xdr_encode_array2(buf, base + 4, &nfsacl_desc.desc);
132 	if (!err)
133 		err = 8 + nfsacl_desc.desc.elem_size *
134 			  nfsacl_desc.desc.array_len;
135 	return err;
136 }
137 EXPORT_SYMBOL_GPL(nfsacl_encode);
138 
139 struct nfsacl_decode_desc {
140 	struct xdr_array2_desc desc;
141 	unsigned int count;
142 	struct posix_acl *acl;
143 };
144 
145 static int
146 xdr_nfsace_decode(struct xdr_array2_desc *desc, void *elem)
147 {
148 	struct nfsacl_decode_desc *nfsacl_desc =
149 		(struct nfsacl_decode_desc *) desc;
150 	__be32 *p = elem;
151 	struct posix_acl_entry *entry;
152 	unsigned int id;
153 
154 	if (!nfsacl_desc->acl) {
155 		if (desc->array_len > NFS_ACL_MAX_ENTRIES)
156 			return -EINVAL;
157 		nfsacl_desc->acl = posix_acl_alloc(desc->array_len, GFP_KERNEL);
158 		if (!nfsacl_desc->acl)
159 			return -ENOMEM;
160 		nfsacl_desc->count = 0;
161 	}
162 
163 	entry = &nfsacl_desc->acl->a_entries[nfsacl_desc->count++];
164 	entry->e_tag = ntohl(*p++) & ~NFS_ACL_DEFAULT;
165 	id = ntohl(*p++);
166 	entry->e_perm = ntohl(*p++);
167 
168 	switch(entry->e_tag) {
169 		case ACL_USER:
170 			entry->e_uid = make_kuid(&init_user_ns, id);
171 			if (!uid_valid(entry->e_uid))
172 				return -EINVAL;
173 			break;
174 		case ACL_GROUP:
175 			entry->e_gid = make_kgid(&init_user_ns, id);
176 			if (!gid_valid(entry->e_gid))
177 				return -EINVAL;
178 			break;
179 		case ACL_USER_OBJ:
180 		case ACL_GROUP_OBJ:
181 		case ACL_OTHER:
182 			if (entry->e_perm & ~S_IRWXO)
183 				return -EINVAL;
184 			break;
185 		case ACL_MASK:
186 			/* Solaris sometimes sets additional bits in the mask */
187 			entry->e_perm &= S_IRWXO;
188 			break;
189 		default:
190 			return -EINVAL;
191 	}
192 
193 	return 0;
194 }
195 
196 static int
197 cmp_acl_entry(const void *x, const void *y)
198 {
199 	const struct posix_acl_entry *a = x, *b = y;
200 
201 	if (a->e_tag != b->e_tag)
202 		return a->e_tag - b->e_tag;
203 	else if ((a->e_tag == ACL_USER) && uid_gt(a->e_uid, b->e_uid))
204 		return 1;
205 	else if ((a->e_tag == ACL_USER) && uid_lt(a->e_uid, b->e_uid))
206 		return -1;
207 	else if ((a->e_tag == ACL_GROUP) && gid_gt(a->e_gid, b->e_gid))
208 		return 1;
209 	else if ((a->e_tag == ACL_GROUP) && gid_lt(a->e_gid, b->e_gid))
210 		return -1;
211 	else
212 		return 0;
213 }
214 
215 /*
216  * Convert from a Solaris ACL to a POSIX 1003.1e draft 17 ACL.
217  */
218 static int
219 posix_acl_from_nfsacl(struct posix_acl *acl)
220 {
221 	struct posix_acl_entry *pa, *pe,
222 	       *group_obj = NULL, *mask = NULL;
223 
224 	if (!acl)
225 		return 0;
226 
227 	sort(acl->a_entries, acl->a_count, sizeof(struct posix_acl_entry),
228 	     cmp_acl_entry, NULL);
229 
230 	/* Find the ACL_GROUP_OBJ and ACL_MASK entries. */
231 	FOREACH_ACL_ENTRY(pa, acl, pe) {
232 		switch(pa->e_tag) {
233 			case ACL_USER_OBJ:
234 				break;
235 			case ACL_GROUP_OBJ:
236 				group_obj = pa;
237 				break;
238 			case ACL_MASK:
239 				mask = pa;
240 				fallthrough;
241 			case ACL_OTHER:
242 				break;
243 		}
244 	}
245 	if (acl->a_count == 4 && group_obj && mask &&
246 	    mask->e_perm == group_obj->e_perm) {
247 		/* remove bogus ACL_MASK entry */
248 		memmove(mask, mask+1, (3 - (mask - acl->a_entries)) *
249 				      sizeof(struct posix_acl_entry));
250 		acl->a_count = 3;
251 	}
252 	return 0;
253 }
254 
255 /**
256  * nfsacl_decode - Decode an NFSv3 ACL
257  *
258  * @buf: xdr_buf containing XDR'd ACL data to decode
259  * @base: byte offset in xdr_buf where XDR'd ACL begins
260  * @aclcnt: count of ACEs in decoded posix_acl
261  * @pacl: buffer in which to place decoded posix_acl
262  *
263  * Returns the length of the decoded ACL in bytes, or a negative errno value.
264  */
265 int nfsacl_decode(struct xdr_buf *buf, unsigned int base, unsigned int *aclcnt,
266 		  struct posix_acl **pacl)
267 {
268 	struct nfsacl_decode_desc nfsacl_desc = {
269 		.desc = {
270 			.elem_size = 12,
271 			.xcode = pacl ? xdr_nfsace_decode : NULL,
272 		},
273 	};
274 	u32 entries;
275 	int err;
276 
277 	if (xdr_decode_word(buf, base, &entries) ||
278 	    entries > NFS_ACL_MAX_ENTRIES)
279 		return -EINVAL;
280 	nfsacl_desc.desc.array_maxlen = entries;
281 	err = xdr_decode_array2(buf, base + 4, &nfsacl_desc.desc);
282 	if (err)
283 		return err;
284 	if (pacl) {
285 		if (entries != nfsacl_desc.desc.array_len ||
286 		    posix_acl_from_nfsacl(nfsacl_desc.acl) != 0) {
287 			posix_acl_release(nfsacl_desc.acl);
288 			return -EINVAL;
289 		}
290 		*pacl = nfsacl_desc.acl;
291 	}
292 	if (aclcnt)
293 		*aclcnt = entries;
294 	return 8 + nfsacl_desc.desc.elem_size *
295 		   nfsacl_desc.desc.array_len;
296 }
297 EXPORT_SYMBOL_GPL(nfsacl_decode);
298 
299 /**
300  * nfs_stream_decode_acl - Decode an NFSv3 ACL
301  *
302  * @xdr: an xdr_stream positioned at an encoded ACL
303  * @aclcnt: OUT: count of ACEs in decoded posix_acl
304  * @pacl: OUT: a dynamically-allocated buffer containing the decoded posix_acl
305  *
306  * Return values:
307  *   %false: The encoded ACL is not valid
308  *   %true: @pacl contains a decoded ACL, and @xdr is advanced
309  *
310  * On a successful return, caller must release *pacl using posix_acl_release().
311  */
312 bool nfs_stream_decode_acl(struct xdr_stream *xdr, unsigned int *aclcnt,
313 			   struct posix_acl **pacl)
314 {
315 	const size_t elem_size = XDR_UNIT * 3;
316 	struct nfsacl_decode_desc nfsacl_desc = {
317 		.desc = {
318 			.elem_size = elem_size,
319 			.xcode = pacl ? xdr_nfsace_decode : NULL,
320 		},
321 	};
322 	unsigned int base;
323 	u32 entries;
324 
325 	if (xdr_stream_decode_u32(xdr, &entries) < 0)
326 		return false;
327 	if (entries > NFS_ACL_MAX_ENTRIES)
328 		return false;
329 
330 	base = xdr_stream_pos(xdr);
331 	if (!xdr_inline_decode(xdr, XDR_UNIT + elem_size * entries))
332 		return false;
333 	nfsacl_desc.desc.array_maxlen = entries;
334 	if (xdr_decode_array2(xdr->buf, base, &nfsacl_desc.desc))
335 		return false;
336 
337 	if (pacl) {
338 		if (entries != nfsacl_desc.desc.array_len ||
339 		    posix_acl_from_nfsacl(nfsacl_desc.acl) != 0) {
340 			posix_acl_release(nfsacl_desc.acl);
341 			return false;
342 		}
343 		*pacl = nfsacl_desc.acl;
344 	}
345 	if (aclcnt)
346 		*aclcnt = entries;
347 	return true;
348 }
349 EXPORT_SYMBOL_GPL(nfs_stream_decode_acl);
350