Lines Matching +full:valid +full:- +full:mask
68 int mask = NFS4_ANYONE_MODE; in mask_from_posix() local
71 mask |= NFS4_OWNER_MODE; in mask_from_posix()
73 mask |= NFS4_READ_MODE; in mask_from_posix()
75 mask |= NFS4_WRITE_MODE; in mask_from_posix()
77 mask |= NFS4_ACE_DELETE_CHILD; in mask_from_posix()
79 mask |= NFS4_EXECUTE_MODE; in mask_from_posix()
80 return mask; in mask_from_posix()
86 u32 mask = 0; in deny_mask_from_posix() local
89 mask |= NFS4_READ_MODE; in deny_mask_from_posix()
91 mask |= NFS4_WRITE_MODE; in deny_mask_from_posix()
93 mask |= NFS4_ACE_DELETE_CHILD; in deny_mask_from_posix()
95 mask |= NFS4_EXECUTE_MODE; in deny_mask_from_posix()
96 return mask; in deny_mask_from_posix()
140 pacl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL); in nfsd4_get_nfs4_acl()
146 size += 2 * pacl->a_count; in nfsd4_get_nfs4_acl()
148 if (S_ISDIR(inode->i_mode)) { in nfsd4_get_nfs4_acl()
157 size += 2 * dpacl->a_count; in nfsd4_get_nfs4_acl()
162 error = -ENOMEM; in nfsd4_get_nfs4_acl()
165 (*acl)->naces = 0; in nfsd4_get_nfs4_acl()
185 unsigned short mask; member
199 pas->mask = 07; in summarize_posix_acl()
202 switch (pa->e_tag) { in summarize_posix_acl()
204 pas->owner = pa->e_perm; in summarize_posix_acl()
207 pas->group = pa->e_perm; in summarize_posix_acl()
210 pas->users |= pa->e_perm; in summarize_posix_acl()
213 pas->groups |= pa->e_perm; in summarize_posix_acl()
216 pas->other = pa->e_perm; in summarize_posix_acl()
219 pas->mask = pa->e_perm; in summarize_posix_acl()
224 pas->users &= pas->mask; in summarize_posix_acl()
225 pas->group &= pas->mask; in summarize_posix_acl()
226 pas->groups &= pas->mask; in summarize_posix_acl()
241 BUG_ON(pacl->a_count < 3); in _posix_to_nfsv4_one()
244 pa = pacl->a_entries; in _posix_to_nfsv4_one()
245 ace = acl->aces + acl->naces; in _posix_to_nfsv4_one()
255 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; in _posix_to_nfsv4_one()
256 ace->flag = eflag; in _posix_to_nfsv4_one()
257 ace->access_mask = deny_mask_from_posix(deny, flags); in _posix_to_nfsv4_one()
258 ace->whotype = NFS4_ACL_WHO_OWNER; in _posix_to_nfsv4_one()
260 acl->naces++; in _posix_to_nfsv4_one()
263 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; in _posix_to_nfsv4_one()
264 ace->flag = eflag; in _posix_to_nfsv4_one()
265 ace->access_mask = mask_from_posix(pa->e_perm, flags | NFS4_ACL_OWNER); in _posix_to_nfsv4_one()
266 ace->whotype = NFS4_ACL_WHO_OWNER; in _posix_to_nfsv4_one()
268 acl->naces++; in _posix_to_nfsv4_one()
271 while (pa->e_tag == ACL_USER) { in _posix_to_nfsv4_one()
272 deny = ~(pa->e_perm & pas.mask); in _posix_to_nfsv4_one()
275 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; in _posix_to_nfsv4_one()
276 ace->flag = eflag; in _posix_to_nfsv4_one()
277 ace->access_mask = deny_mask_from_posix(deny, flags); in _posix_to_nfsv4_one()
278 ace->whotype = NFS4_ACL_WHO_NAMED; in _posix_to_nfsv4_one()
279 ace->who_uid = pa->e_uid; in _posix_to_nfsv4_one()
281 acl->naces++; in _posix_to_nfsv4_one()
283 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; in _posix_to_nfsv4_one()
284 ace->flag = eflag; in _posix_to_nfsv4_one()
285 ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, in _posix_to_nfsv4_one()
287 ace->whotype = NFS4_ACL_WHO_NAMED; in _posix_to_nfsv4_one()
288 ace->who_uid = pa->e_uid; in _posix_to_nfsv4_one()
290 acl->naces++; in _posix_to_nfsv4_one()
301 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; in _posix_to_nfsv4_one()
302 ace->flag = eflag; in _posix_to_nfsv4_one()
303 ace->access_mask = mask_from_posix(pas.group, flags); in _posix_to_nfsv4_one()
304 ace->whotype = NFS4_ACL_WHO_GROUP; in _posix_to_nfsv4_one()
306 acl->naces++; in _posix_to_nfsv4_one()
309 while (pa->e_tag == ACL_GROUP) { in _posix_to_nfsv4_one()
310 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; in _posix_to_nfsv4_one()
311 ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; in _posix_to_nfsv4_one()
312 ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, in _posix_to_nfsv4_one()
314 ace->whotype = NFS4_ACL_WHO_NAMED; in _posix_to_nfsv4_one()
315 ace->who_gid = pa->e_gid; in _posix_to_nfsv4_one()
317 acl->naces++; in _posix_to_nfsv4_one()
327 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; in _posix_to_nfsv4_one()
328 ace->flag = eflag; in _posix_to_nfsv4_one()
329 ace->access_mask = deny_mask_from_posix(deny, flags); in _posix_to_nfsv4_one()
330 ace->whotype = NFS4_ACL_WHO_GROUP; in _posix_to_nfsv4_one()
332 acl->naces++; in _posix_to_nfsv4_one()
336 while (pa->e_tag == ACL_GROUP) { in _posix_to_nfsv4_one()
337 deny = ~(pa->e_perm & pas.mask); in _posix_to_nfsv4_one()
340 ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; in _posix_to_nfsv4_one()
341 ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; in _posix_to_nfsv4_one()
342 ace->access_mask = deny_mask_from_posix(deny, flags); in _posix_to_nfsv4_one()
343 ace->whotype = NFS4_ACL_WHO_NAMED; in _posix_to_nfsv4_one()
344 ace->who_gid = pa->e_gid; in _posix_to_nfsv4_one()
346 acl->naces++; in _posix_to_nfsv4_one()
351 if (pa->e_tag == ACL_MASK) in _posix_to_nfsv4_one()
353 ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; in _posix_to_nfsv4_one()
354 ace->flag = eflag; in _posix_to_nfsv4_one()
355 ace->access_mask = mask_from_posix(pa->e_perm, flags); in _posix_to_nfsv4_one()
356 ace->whotype = NFS4_ACL_WHO_EVERYONE; in _posix_to_nfsv4_one()
357 acl->naces++; in _posix_to_nfsv4_one()
363 if (pace1->e_tag != pace2->e_tag) in pace_gt()
364 return pace1->e_tag > pace2->e_tag; in pace_gt()
365 if (pace1->e_tag == ACL_USER) in pace_gt()
366 return uid_gt(pace1->e_uid, pace2->e_uid); in pace_gt()
367 if (pace1->e_tag == ACL_GROUP) in pace_gt()
368 return gid_gt(pace1->e_gid, pace2->e_gid); in pace_gt()
381 if (pace_gt(&pacl->a_entries[i], in sort_pacl_range()
382 &pacl->a_entries[i+1])) { in sort_pacl_range()
384 swap(pacl->a_entries[i], in sort_pacl_range()
385 pacl->a_entries[i + 1]); in sort_pacl_range()
399 if (!pacl || pacl->a_count <= 4) in sort_pacl()
403 while (pacl->a_entries[i].e_tag == ACL_USER) in sort_pacl()
405 sort_pacl_range(pacl, 1, i-1); in sort_pacl()
407 BUG_ON(pacl->a_entries[i].e_tag != ACL_GROUP_OBJ); in sort_pacl()
409 while (pacl->a_entries[j].e_tag == ACL_GROUP) in sort_pacl()
411 sort_pacl_range(pacl, i, j-1); in sort_pacl()
442 unsigned char valid; member
447 struct posix_ace_state mask; /* Deny unused in this case */ member
465 state->users = kzalloc(alloc, GFP_KERNEL); in init_state()
466 if (!state->users) in init_state()
467 return -ENOMEM; in init_state()
468 state->groups = kzalloc(alloc, GFP_KERNEL); in init_state()
469 if (!state->groups) { in init_state()
470 kfree(state->users); in init_state()
471 return -ENOMEM; in init_state()
478 kfree(state->users); in free_state()
479 kfree(state->groups); in free_state()
484 state->mask.allow |= astate->allow; in add_to_mask()
498 * calls ->set_acl with a NULL ACL structure. in posix_state_to_acl()
500 if (!state->valid && (flags & NFS4_ACL_TYPE_DEFAULT)) in posix_state_to_acl()
505 * up setting a 3-element effective posix ACL with all in posix_state_to_acl()
508 if (!state->users->n && !state->groups->n) in posix_state_to_acl()
510 else /* Note we also include a MASK ACE in this case: */ in posix_state_to_acl()
511 nace = 4 + state->users->n + state->groups->n; in posix_state_to_acl()
514 return ERR_PTR(-ENOMEM); in posix_state_to_acl()
516 pace = pacl->a_entries; in posix_state_to_acl()
517 pace->e_tag = ACL_USER_OBJ; in posix_state_to_acl()
518 low_mode_from_nfs4(state->owner.allow, &pace->e_perm, flags); in posix_state_to_acl()
520 for (i=0; i < state->users->n; i++) { in posix_state_to_acl()
522 pace->e_tag = ACL_USER; in posix_state_to_acl()
523 low_mode_from_nfs4(state->users->aces[i].perms.allow, in posix_state_to_acl()
524 &pace->e_perm, flags); in posix_state_to_acl()
525 pace->e_uid = state->users->aces[i].uid; in posix_state_to_acl()
526 add_to_mask(state, &state->users->aces[i].perms); in posix_state_to_acl()
530 pace->e_tag = ACL_GROUP_OBJ; in posix_state_to_acl()
531 low_mode_from_nfs4(state->group.allow, &pace->e_perm, flags); in posix_state_to_acl()
532 add_to_mask(state, &state->group); in posix_state_to_acl()
534 for (i=0; i < state->groups->n; i++) { in posix_state_to_acl()
536 pace->e_tag = ACL_GROUP; in posix_state_to_acl()
537 low_mode_from_nfs4(state->groups->aces[i].perms.allow, in posix_state_to_acl()
538 &pace->e_perm, flags); in posix_state_to_acl()
539 pace->e_gid = state->groups->aces[i].gid; in posix_state_to_acl()
540 add_to_mask(state, &state->groups->aces[i].perms); in posix_state_to_acl()
543 if (state->users->n || state->groups->n) { in posix_state_to_acl()
545 pace->e_tag = ACL_MASK; in posix_state_to_acl()
546 low_mode_from_nfs4(state->mask.allow, &pace->e_perm, flags); in posix_state_to_acl()
550 pace->e_tag = ACL_OTHER; in posix_state_to_acl()
551 low_mode_from_nfs4(state->other.allow, &pace->e_perm, flags); in posix_state_to_acl()
556 static inline void allow_bits(struct posix_ace_state *astate, u32 mask) in allow_bits() argument
558 /* Allow all bits in the mask not already denied: */ in allow_bits()
559 astate->allow |= mask & ~astate->deny; in allow_bits()
562 static inline void deny_bits(struct posix_ace_state *astate, u32 mask) in deny_bits() argument
564 /* Deny all bits in the mask not already allowed: */ in deny_bits()
565 astate->deny |= mask & ~astate->allow; in deny_bits()
570 struct posix_ace_state_array *a = state->users; in find_uid()
573 for (i = 0; i < a->n; i++) in find_uid()
574 if (uid_eq(a->aces[i].uid, uid)) in find_uid()
577 a->n++; in find_uid()
578 a->aces[i].uid = uid; in find_uid()
579 a->aces[i].perms.allow = state->everyone.allow; in find_uid()
580 a->aces[i].perms.deny = state->everyone.deny; in find_uid()
587 struct posix_ace_state_array *a = state->groups; in find_gid()
590 for (i = 0; i < a->n; i++) in find_gid()
591 if (gid_eq(a->aces[i].gid, gid)) in find_gid()
594 a->n++; in find_gid()
595 a->aces[i].gid = gid; in find_gid()
596 a->aces[i].perms.allow = state->everyone.allow; in find_gid()
597 a->aces[i].perms.deny = state->everyone.deny; in find_gid()
602 static void deny_bits_array(struct posix_ace_state_array *a, u32 mask) in deny_bits_array() argument
606 for (i=0; i < a->n; i++) in deny_bits_array()
607 deny_bits(&a->aces[i].perms, mask); in deny_bits_array()
610 static void allow_bits_array(struct posix_ace_state_array *a, u32 mask) in allow_bits_array() argument
614 for (i=0; i < a->n; i++) in allow_bits_array()
615 allow_bits(&a->aces[i].perms, mask); in allow_bits_array()
621 u32 mask = ace->access_mask; in process_one_v4_ace() local
625 state->valid |= type; in process_one_v4_ace()
629 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { in process_one_v4_ace()
630 allow_bits(&state->owner, mask); in process_one_v4_ace()
632 deny_bits(&state->owner, mask); in process_one_v4_ace()
636 i = find_uid(state, ace->who_uid); in process_one_v4_ace()
637 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { in process_one_v4_ace()
638 allow_bits(&state->users->aces[i].perms, mask); in process_one_v4_ace()
640 deny_bits(&state->users->aces[i].perms, mask); in process_one_v4_ace()
641 mask = state->users->aces[i].perms.deny; in process_one_v4_ace()
642 deny_bits(&state->owner, mask); in process_one_v4_ace()
646 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { in process_one_v4_ace()
647 allow_bits(&state->group, mask); in process_one_v4_ace()
649 deny_bits(&state->group, mask); in process_one_v4_ace()
650 mask = state->group.deny; in process_one_v4_ace()
651 deny_bits(&state->owner, mask); in process_one_v4_ace()
652 deny_bits(&state->everyone, mask); in process_one_v4_ace()
653 deny_bits_array(state->users, mask); in process_one_v4_ace()
654 deny_bits_array(state->groups, mask); in process_one_v4_ace()
658 i = find_gid(state, ace->who_gid); in process_one_v4_ace()
659 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { in process_one_v4_ace()
660 allow_bits(&state->groups->aces[i].perms, mask); in process_one_v4_ace()
662 deny_bits(&state->groups->aces[i].perms, mask); in process_one_v4_ace()
663 mask = state->groups->aces[i].perms.deny; in process_one_v4_ace()
664 deny_bits(&state->owner, mask); in process_one_v4_ace()
665 deny_bits(&state->group, mask); in process_one_v4_ace()
666 deny_bits(&state->everyone, mask); in process_one_v4_ace()
667 deny_bits_array(state->users, mask); in process_one_v4_ace()
668 deny_bits_array(state->groups, mask); in process_one_v4_ace()
672 if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { in process_one_v4_ace()
673 allow_bits(&state->owner, mask); in process_one_v4_ace()
674 allow_bits(&state->group, mask); in process_one_v4_ace()
675 allow_bits(&state->other, mask); in process_one_v4_ace()
676 allow_bits(&state->everyone, mask); in process_one_v4_ace()
677 allow_bits_array(state->users, mask); in process_one_v4_ace()
678 allow_bits_array(state->groups, mask); in process_one_v4_ace()
680 deny_bits(&state->owner, mask); in process_one_v4_ace()
681 deny_bits(&state->group, mask); in process_one_v4_ace()
682 deny_bits(&state->other, mask); in process_one_v4_ace()
683 deny_bits(&state->everyone, mask); in process_one_v4_ace()
684 deny_bits_array(state->users, mask); in process_one_v4_ace()
685 deny_bits_array(state->groups, mask); in process_one_v4_ace()
698 ret = init_state(&effective_acl_state, acl->naces); in nfs4_acl_nfsv4_to_posix()
701 ret = init_state(&default_acl_state, acl->naces); in nfs4_acl_nfsv4_to_posix()
704 ret = -EINVAL; in nfs4_acl_nfsv4_to_posix()
705 for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) { in nfs4_acl_nfsv4_to_posix()
706 if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE && in nfs4_acl_nfsv4_to_posix()
707 ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) in nfs4_acl_nfsv4_to_posix()
709 if (ace->flag & ~NFS4_SUPPORTED_FLAGS) in nfs4_acl_nfsv4_to_posix()
711 if ((ace->flag & NFS4_INHERITANCE_FLAGS) == 0) { in nfs4_acl_nfsv4_to_posix()
724 if (!(ace->flag & NFS4_ACE_INHERIT_ONLY_ACE)) in nfs4_acl_nfsv4_to_posix()
729 * At this point, the default ACL may have zeroed-out entries for owner, in nfs4_acl_nfsv4_to_posix()
730 * group and other. That usually results in a non-sensical resulting ACL in nfs4_acl_nfsv4_to_posix()
742 if (default_acl_state.valid) { in nfs4_acl_nfsv4_to_posix()
743 if (!(default_acl_state.valid & ACL_USER_OBJ)) in nfs4_acl_nfsv4_to_posix()
745 if (!(default_acl_state.valid & ACL_GROUP_OBJ)) in nfs4_acl_nfsv4_to_posix()
747 if (!(default_acl_state.valid & ACL_OTHER)) in nfs4_acl_nfsv4_to_posix()
788 host_error = nfs4_acl_nfsv4_to_posix(acl, &attr->na_pacl, in nfsd4_acl_to_attr()
789 &attr->na_dpacl, flags); in nfsd4_acl_to_attr()
790 if (host_error == -EINVAL) in nfsd4_acl_to_attr()
799 switch (ace->whotype) { in ace2type()
801 return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? in ace2type()
811 return -1; in ace2type()
830 .stringlen = sizeof("OWNER@") - 1,
835 .stringlen = sizeof("GROUP@") - 1,
840 .stringlen = sizeof("EVERYONE@") - 1,