Lines Matching +full:valid +full:- +full:mask
68 int mask = NFS4_ANYONE_MODE; in mask_from_posix() local
71 mask |= NFS4_OWNER_MODE; in mask_from_posix()
73 mask |= NFS4_READ_MODE; in mask_from_posix()
75 mask |= NFS4_WRITE_MODE; in mask_from_posix()
77 mask |= NFS4_ACE_DELETE_CHILD; in mask_from_posix()
79 mask |= NFS4_EXECUTE_MODE; in mask_from_posix()
80 return mask; in mask_from_posix()
86 u32 mask = 0; in deny_mask_from_posix() local
89 mask |= NFS4_READ_MODE; in deny_mask_from_posix()
91 mask |= NFS4_WRITE_MODE; in deny_mask_from_posix()
93 mask |= NFS4_ACE_DELETE_CHILD; in deny_mask_from_posix()
95 mask |= NFS4_EXECUTE_MODE; in deny_mask_from_posix()
96 return mask; in deny_mask_from_posix()
140 pacl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL); in nfsd4_get_nfs4_acl()
146 size += 2 * pacl->a_count; in nfsd4_get_nfs4_acl()
148 if (S_ISDIR(inode->i_mode)) { in nfsd4_get_nfs4_acl()
157 size += 2 * dpacl->a_count; in nfsd4_get_nfs4_acl()
162 error = -ENOMEM; in nfsd4_get_nfs4_acl()
165 (*acl)->naces = 0; in nfsd4_get_nfs4_acl()
185 unsigned short mask; member
199 pas->mask = 07; in summarize_posix_acl()
201 pe = acl->a_entries + acl->a_count; in summarize_posix_acl()
204 switch (pa->e_tag) { in summarize_posix_acl()
206 pas->owner = pa->e_perm; in summarize_posix_acl()
209 pas->group = pa->e_perm; in summarize_posix_acl()
212 pas->users |= pa->e_perm; in summarize_posix_acl()
215 pas->groups |= pa->e_perm; in summarize_posix_acl()
218 pas->other = pa->e_perm; in summarize_posix_acl()
221 pas->mask = pa->e_perm; in summarize_posix_acl()
226 pas->users &= pas->mask; in summarize_posix_acl()
227 pas->group &= pas->mask; in summarize_posix_acl()
228 pas->groups &= pas->mask; in summarize_posix_acl()
243 BUG_ON(pacl->a_count < 3); in _posix_to_nfsv4_one()
246 pa = pacl->a_entries; in _posix_to_nfsv4_one()
247 ace = acl->aces + acl->naces; in _posix_to_nfsv4_one()
257 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; in _posix_to_nfsv4_one()
258 ace->flag = eflag; in _posix_to_nfsv4_one()
259 ace->access_mask = deny_mask_from_posix(deny, flags); in _posix_to_nfsv4_one()
260 ace->whotype = NFS4_ACL_WHO_OWNER; in _posix_to_nfsv4_one()
262 acl->naces++; in _posix_to_nfsv4_one()
265 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; in _posix_to_nfsv4_one()
266 ace->flag = eflag; in _posix_to_nfsv4_one()
267 ace->access_mask = mask_from_posix(pa->e_perm, flags | NFS4_ACL_OWNER); in _posix_to_nfsv4_one()
268 ace->whotype = NFS4_ACL_WHO_OWNER; in _posix_to_nfsv4_one()
270 acl->naces++; in _posix_to_nfsv4_one()
273 while (pa->e_tag == ACL_USER) { in _posix_to_nfsv4_one()
274 deny = ~(pa->e_perm & pas.mask); in _posix_to_nfsv4_one()
277 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; in _posix_to_nfsv4_one()
278 ace->flag = eflag; in _posix_to_nfsv4_one()
279 ace->access_mask = deny_mask_from_posix(deny, flags); in _posix_to_nfsv4_one()
280 ace->whotype = NFS4_ACL_WHO_NAMED; in _posix_to_nfsv4_one()
281 ace->who_uid = pa->e_uid; in _posix_to_nfsv4_one()
283 acl->naces++; in _posix_to_nfsv4_one()
285 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; in _posix_to_nfsv4_one()
286 ace->flag = eflag; in _posix_to_nfsv4_one()
287 ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, in _posix_to_nfsv4_one()
289 ace->whotype = NFS4_ACL_WHO_NAMED; in _posix_to_nfsv4_one()
290 ace->who_uid = pa->e_uid; in _posix_to_nfsv4_one()
292 acl->naces++; in _posix_to_nfsv4_one()
303 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; in _posix_to_nfsv4_one()
304 ace->flag = eflag; in _posix_to_nfsv4_one()
305 ace->access_mask = mask_from_posix(pas.group, flags); in _posix_to_nfsv4_one()
306 ace->whotype = NFS4_ACL_WHO_GROUP; in _posix_to_nfsv4_one()
308 acl->naces++; in _posix_to_nfsv4_one()
311 while (pa->e_tag == ACL_GROUP) { in _posix_to_nfsv4_one()
312 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; in _posix_to_nfsv4_one()
313 ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; in _posix_to_nfsv4_one()
314 ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, in _posix_to_nfsv4_one()
316 ace->whotype = NFS4_ACL_WHO_NAMED; in _posix_to_nfsv4_one()
317 ace->who_gid = pa->e_gid; in _posix_to_nfsv4_one()
319 acl->naces++; in _posix_to_nfsv4_one()
329 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; in _posix_to_nfsv4_one()
330 ace->flag = eflag; in _posix_to_nfsv4_one()
331 ace->access_mask = deny_mask_from_posix(deny, flags); in _posix_to_nfsv4_one()
332 ace->whotype = NFS4_ACL_WHO_GROUP; in _posix_to_nfsv4_one()
334 acl->naces++; in _posix_to_nfsv4_one()
338 while (pa->e_tag == ACL_GROUP) { in _posix_to_nfsv4_one()
339 deny = ~(pa->e_perm & pas.mask); in _posix_to_nfsv4_one()
342 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; in _posix_to_nfsv4_one()
343 ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; in _posix_to_nfsv4_one()
344 ace->access_mask = deny_mask_from_posix(deny, flags); in _posix_to_nfsv4_one()
345 ace->whotype = NFS4_ACL_WHO_NAMED; in _posix_to_nfsv4_one()
346 ace->who_gid = pa->e_gid; in _posix_to_nfsv4_one()
348 acl->naces++; in _posix_to_nfsv4_one()
353 if (pa->e_tag == ACL_MASK) in _posix_to_nfsv4_one()
355 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; in _posix_to_nfsv4_one()
356 ace->flag = eflag; in _posix_to_nfsv4_one()
357 ace->access_mask = mask_from_posix(pa->e_perm, flags); in _posix_to_nfsv4_one()
358 ace->whotype = NFS4_ACL_WHO_EVERYONE; in _posix_to_nfsv4_one()
359 acl->naces++; in _posix_to_nfsv4_one()
365 if (pace1->e_tag != pace2->e_tag) in pace_gt()
366 return pace1->e_tag > pace2->e_tag; in pace_gt()
367 if (pace1->e_tag == ACL_USER) in pace_gt()
368 return uid_gt(pace1->e_uid, pace2->e_uid); in pace_gt()
369 if (pace1->e_tag == ACL_GROUP) in pace_gt()
370 return gid_gt(pace1->e_gid, pace2->e_gid); in pace_gt()
383 if (pace_gt(&pacl->a_entries[i], in sort_pacl_range()
384 &pacl->a_entries[i+1])) { in sort_pacl_range()
386 swap(pacl->a_entries[i], in sort_pacl_range()
387 pacl->a_entries[i + 1]); in sort_pacl_range()
401 if (!pacl || pacl->a_count <= 4) in sort_pacl()
405 while (pacl->a_entries[i].e_tag == ACL_USER) in sort_pacl()
407 sort_pacl_range(pacl, 1, i-1); in sort_pacl()
409 BUG_ON(pacl->a_entries[i].e_tag != ACL_GROUP_OBJ); in sort_pacl()
411 while (pacl->a_entries[j].e_tag == ACL_GROUP) in sort_pacl()
413 sort_pacl_range(pacl, i, j-1); in sort_pacl()
444 unsigned char valid; member
449 struct posix_ace_state mask; /* Deny unused in this case */ member
467 state->users = kzalloc(alloc, GFP_KERNEL); in init_state()
468 if (!state->users) in init_state()
469 return -ENOMEM; in init_state()
470 state->groups = kzalloc(alloc, GFP_KERNEL); in init_state()
471 if (!state->groups) { in init_state()
472 kfree(state->users); in init_state()
473 return -ENOMEM; in init_state()
480 kfree(state->users); in free_state()
481 kfree(state->groups); in free_state()
486 state->mask.allow |= astate->allow; in add_to_mask()
500 * calls ->set_acl with a NULL ACL structure. in posix_state_to_acl()
502 if (!state->valid && (flags & NFS4_ACL_TYPE_DEFAULT)) in posix_state_to_acl()
507 * up setting a 3-element effective posix ACL with all in posix_state_to_acl()
510 if (!state->users->n && !state->groups->n) in posix_state_to_acl()
512 else /* Note we also include a MASK ACE in this case: */ in posix_state_to_acl()
513 nace = 4 + state->users->n + state->groups->n; in posix_state_to_acl()
516 return ERR_PTR(-ENOMEM); in posix_state_to_acl()
518 pace = pacl->a_entries; in posix_state_to_acl()
519 pace->e_tag = ACL_USER_OBJ; in posix_state_to_acl()
520 low_mode_from_nfs4(state->owner.allow, &pace->e_perm, flags); in posix_state_to_acl()
522 for (i=0; i < state->users->n; i++) { in posix_state_to_acl()
524 pace->e_tag = ACL_USER; in posix_state_to_acl()
525 low_mode_from_nfs4(state->users->aces[i].perms.allow, in posix_state_to_acl()
526 &pace->e_perm, flags); in posix_state_to_acl()
527 pace->e_uid = state->users->aces[i].uid; in posix_state_to_acl()
528 add_to_mask(state, &state->users->aces[i].perms); in posix_state_to_acl()
532 pace->e_tag = ACL_GROUP_OBJ; in posix_state_to_acl()
533 low_mode_from_nfs4(state->group.allow, &pace->e_perm, flags); in posix_state_to_acl()
534 add_to_mask(state, &state->group); in posix_state_to_acl()
536 for (i=0; i < state->groups->n; i++) { in posix_state_to_acl()
538 pace->e_tag = ACL_GROUP; in posix_state_to_acl()
539 low_mode_from_nfs4(state->groups->aces[i].perms.allow, in posix_state_to_acl()
540 &pace->e_perm, flags); in posix_state_to_acl()
541 pace->e_gid = state->groups->aces[i].gid; in posix_state_to_acl()
542 add_to_mask(state, &state->groups->aces[i].perms); in posix_state_to_acl()
545 if (state->users->n || state->groups->n) { in posix_state_to_acl()
547 pace->e_tag = ACL_MASK; in posix_state_to_acl()
548 low_mode_from_nfs4(state->mask.allow, &pace->e_perm, flags); in posix_state_to_acl()
552 pace->e_tag = ACL_OTHER; in posix_state_to_acl()
553 low_mode_from_nfs4(state->other.allow, &pace->e_perm, flags); in posix_state_to_acl()
558 static inline void allow_bits(struct posix_ace_state *astate, u32 mask) in allow_bits() argument
560 /* Allow all bits in the mask not already denied: */ in allow_bits()
561 astate->allow |= mask & ~astate->deny; in allow_bits()
564 static inline void deny_bits(struct posix_ace_state *astate, u32 mask) in deny_bits() argument
566 /* Deny all bits in the mask not already allowed: */ in deny_bits()
567 astate->deny |= mask & ~astate->allow; in deny_bits()
572 struct posix_ace_state_array *a = state->users; in find_uid()
575 for (i = 0; i < a->n; i++) in find_uid()
576 if (uid_eq(a->aces[i].uid, uid)) in find_uid()
579 a->n++; in find_uid()
580 a->aces[i].uid = uid; in find_uid()
581 a->aces[i].perms.allow = state->everyone.allow; in find_uid()
582 a->aces[i].perms.deny = state->everyone.deny; in find_uid()
589 struct posix_ace_state_array *a = state->groups; in find_gid()
592 for (i = 0; i < a->n; i++) in find_gid()
593 if (gid_eq(a->aces[i].gid, gid)) in find_gid()
596 a->n++; in find_gid()
597 a->aces[i].gid = gid; in find_gid()
598 a->aces[i].perms.allow = state->everyone.allow; in find_gid()
599 a->aces[i].perms.deny = state->everyone.deny; in find_gid()
604 static void deny_bits_array(struct posix_ace_state_array *a, u32 mask) in deny_bits_array() argument
608 for (i=0; i < a->n; i++) in deny_bits_array()
609 deny_bits(&a->aces[i].perms, mask); in deny_bits_array()
612 static void allow_bits_array(struct posix_ace_state_array *a, u32 mask) in allow_bits_array() argument
616 for (i=0; i < a->n; i++) in allow_bits_array()
617 allow_bits(&a->aces[i].perms, mask); in allow_bits_array()
623 u32 mask = ace->access_mask; in process_one_v4_ace() local
627 state->valid |= type; in process_one_v4_ace()
631 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { in process_one_v4_ace()
632 allow_bits(&state->owner, mask); in process_one_v4_ace()
634 deny_bits(&state->owner, mask); in process_one_v4_ace()
638 i = find_uid(state, ace->who_uid); in process_one_v4_ace()
639 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { in process_one_v4_ace()
640 allow_bits(&state->users->aces[i].perms, mask); in process_one_v4_ace()
642 deny_bits(&state->users->aces[i].perms, mask); in process_one_v4_ace()
643 mask = state->users->aces[i].perms.deny; in process_one_v4_ace()
644 deny_bits(&state->owner, mask); in process_one_v4_ace()
648 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { in process_one_v4_ace()
649 allow_bits(&state->group, mask); in process_one_v4_ace()
651 deny_bits(&state->group, mask); in process_one_v4_ace()
652 mask = state->group.deny; in process_one_v4_ace()
653 deny_bits(&state->owner, mask); in process_one_v4_ace()
654 deny_bits(&state->everyone, mask); in process_one_v4_ace()
655 deny_bits_array(state->users, mask); in process_one_v4_ace()
656 deny_bits_array(state->groups, mask); in process_one_v4_ace()
660 i = find_gid(state, ace->who_gid); in process_one_v4_ace()
661 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { in process_one_v4_ace()
662 allow_bits(&state->groups->aces[i].perms, mask); in process_one_v4_ace()
664 deny_bits(&state->groups->aces[i].perms, mask); in process_one_v4_ace()
665 mask = state->groups->aces[i].perms.deny; in process_one_v4_ace()
666 deny_bits(&state->owner, mask); in process_one_v4_ace()
667 deny_bits(&state->group, mask); in process_one_v4_ace()
668 deny_bits(&state->everyone, mask); in process_one_v4_ace()
669 deny_bits_array(state->users, mask); in process_one_v4_ace()
670 deny_bits_array(state->groups, mask); in process_one_v4_ace()
674 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { in process_one_v4_ace()
675 allow_bits(&state->owner, mask); in process_one_v4_ace()
676 allow_bits(&state->group, mask); in process_one_v4_ace()
677 allow_bits(&state->other, mask); in process_one_v4_ace()
678 allow_bits(&state->everyone, mask); in process_one_v4_ace()
679 allow_bits_array(state->users, mask); in process_one_v4_ace()
680 allow_bits_array(state->groups, mask); in process_one_v4_ace()
682 deny_bits(&state->owner, mask); in process_one_v4_ace()
683 deny_bits(&state->group, mask); in process_one_v4_ace()
684 deny_bits(&state->other, mask); in process_one_v4_ace()
685 deny_bits(&state->everyone, mask); in process_one_v4_ace()
686 deny_bits_array(state->users, mask); in process_one_v4_ace()
687 deny_bits_array(state->groups, mask); in process_one_v4_ace()
700 ret = init_state(&effective_acl_state, acl->naces); in nfs4_acl_nfsv4_to_posix()
703 ret = init_state(&default_acl_state, acl->naces); in nfs4_acl_nfsv4_to_posix()
706 ret = -EINVAL; in nfs4_acl_nfsv4_to_posix()
707 for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) { in nfs4_acl_nfsv4_to_posix()
708 if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE && in nfs4_acl_nfsv4_to_posix()
709 ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) in nfs4_acl_nfsv4_to_posix()
711 if (ace->flag & ~NFS4_SUPPORTED_FLAGS) in nfs4_acl_nfsv4_to_posix()
713 if ((ace->flag & NFS4_INHERITANCE_FLAGS) == 0) { in nfs4_acl_nfsv4_to_posix()
726 if (!(ace->flag & NFS4_ACE_INHERIT_ONLY_ACE)) in nfs4_acl_nfsv4_to_posix()
731 * At this point, the default ACL may have zeroed-out entries for owner, in nfs4_acl_nfsv4_to_posix()
732 * group and other. That usually results in a non-sensical resulting ACL in nfs4_acl_nfsv4_to_posix()
744 if (default_acl_state.valid) { in nfs4_acl_nfsv4_to_posix()
745 if (!(default_acl_state.valid & ACL_USER_OBJ)) in nfs4_acl_nfsv4_to_posix()
747 if (!(default_acl_state.valid & ACL_GROUP_OBJ)) in nfs4_acl_nfsv4_to_posix()
749 if (!(default_acl_state.valid & ACL_OTHER)) in nfs4_acl_nfsv4_to_posix()
790 host_error = nfs4_acl_nfsv4_to_posix(acl, &attr->na_pacl, in nfsd4_acl_to_attr()
791 &attr->na_dpacl, flags); in nfsd4_acl_to_attr()
792 if (host_error == -EINVAL) in nfsd4_acl_to_attr()
801 switch (ace->whotype) { in ace2type()
803 return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? in ace2type()
813 return -1; in ace2type()
832 .stringlen = sizeof("OWNER@") - 1,
837 .stringlen = sizeof("GROUP@") - 1,
842 .stringlen = sizeof("EVERYONE@") - 1,