2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2009 Rick Macklem, University of Guelph
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
34 #include <fs/nfs/nfsport.h>
36 extern int nfsrv_useacl;
39 static int nfsrv_acemasktoperm(u_int32_t acetype, u_int32_t mask, int owner,
40 enum vtype type, acl_perm_t *permp);
43 * Handle xdr for an ace.
46 nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep,
47 int *aceerrp, int *acesizep, NFSPROC_T *p)
50 int len, gotid = 0, owner = 0, error = 0, aceerr = 0;
51 u_char *name, namestr[NFSV4_SMALLSTR + 1];
52 u_int32_t flag, mask, acetype;
58 NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
59 acetype = fxdr_unsigned(u_int32_t, *tl++);
60 flag = fxdr_unsigned(u_int32_t, *tl++);
61 mask = fxdr_unsigned(u_int32_t, *tl++);
62 len = fxdr_unsigned(int, *tl);
64 error = NFSERR_BADXDR;
66 } else if (len == 0) {
67 /* Netapp filers return a 0 length who for nil users */
68 acep->ae_tag = ACL_UNDEFINED_TAG;
69 acep->ae_id = ACL_UNDEFINED_ID;
70 acep->ae_perm = (acl_perm_t)0;
71 acep->ae_entry_type = ACL_ENTRY_TYPE_DENY;
73 *acesizep = 4 * NFSX_UNSIGNED;
77 if (len > NFSV4_SMALLSTR)
78 name = malloc(len + 1, M_NFSSTRING, M_WAITOK);
81 error = nfsrv_mtostr(nd, name, len);
83 if (len > NFSV4_SMALLSTR)
84 free(name, M_NFSSTRING);
88 if (!NFSBCMP(name, "OWNER@", 6)) {
89 acep->ae_tag = ACL_USER_OBJ;
90 acep->ae_id = ACL_UNDEFINED_ID;
93 } else if (!NFSBCMP(name, "GROUP@", 6)) {
94 acep->ae_tag = ACL_GROUP_OBJ;
95 acep->ae_id = ACL_UNDEFINED_ID;
98 } else if (len == 9 && !NFSBCMP(name, "EVERYONE@", 9)) {
99 acep->ae_tag = ACL_EVERYONE;
100 acep->ae_id = ACL_UNDEFINED_ID;
104 if (flag & NFSV4ACE_IDENTIFIERGROUP) {
105 acep->ae_tag = ACL_GROUP;
106 aceerr = nfsv4_strtogid(nd, name, len, &gid);
108 acep->ae_id = (uid_t)gid;
110 acep->ae_tag = ACL_USER;
111 aceerr = nfsv4_strtouid(nd, name, len, &uid);
116 if (len > NFSV4_SMALLSTR)
117 free(name, M_NFSSTRING);
123 flag &= ~NFSV4ACE_IDENTIFIERGROUP;
124 if (flag & NFSV4ACE_FILEINHERIT) {
125 flag &= ~NFSV4ACE_FILEINHERIT;
126 acep->ae_flags |= ACL_ENTRY_FILE_INHERIT;
128 if (flag & NFSV4ACE_DIRECTORYINHERIT) {
129 flag &= ~NFSV4ACE_DIRECTORYINHERIT;
130 acep->ae_flags |= ACL_ENTRY_DIRECTORY_INHERIT;
132 if (flag & NFSV4ACE_NOPROPAGATEINHERIT) {
133 flag &= ~NFSV4ACE_NOPROPAGATEINHERIT;
134 acep->ae_flags |= ACL_ENTRY_NO_PROPAGATE_INHERIT;
136 if (flag & NFSV4ACE_INHERITONLY) {
137 flag &= ~NFSV4ACE_INHERITONLY;
138 acep->ae_flags |= ACL_ENTRY_INHERIT_ONLY;
140 if (flag & NFSV4ACE_SUCCESSFULACCESS) {
141 flag &= ~NFSV4ACE_SUCCESSFULACCESS;
142 acep->ae_flags |= ACL_ENTRY_SUCCESSFUL_ACCESS;
144 if (flag & NFSV4ACE_FAILEDACCESS) {
145 flag &= ~NFSV4ACE_FAILEDACCESS;
146 acep->ae_flags |= ACL_ENTRY_FAILED_ACCESS;
151 if (acetype == NFSV4ACE_ALLOWEDTYPE)
152 acep->ae_entry_type = ACL_ENTRY_TYPE_ALLOW;
153 else if (acetype == NFSV4ACE_DENIEDTYPE)
154 acep->ae_entry_type = ACL_ENTRY_TYPE_DENY;
155 else if (acetype == NFSV4ACE_AUDITTYPE)
156 acep->ae_entry_type = ACL_ENTRY_TYPE_AUDIT;
157 else if (acetype == NFSV4ACE_ALARMTYPE)
158 acep->ae_entry_type = ACL_ENTRY_TYPE_ALARM;
160 aceerr = NFSERR_ATTRNOTSUPP;
164 * Now, check for unsupported flag bits.
166 if (aceerr == 0 && flag != 0)
167 aceerr = NFSERR_ATTRNOTSUPP;
170 * And turn the mask into perm bits.
173 aceerr = nfsrv_acemasktoperm(acetype, mask, owner, VREG,
177 *acesizep = NFSM_RNDUP(len) + (4 * NFSX_UNSIGNED);
185 * Turn an NFSv4 ace mask into R/W/X flag bits.
188 nfsrv_acemasktoperm(u_int32_t acetype, u_int32_t mask, int owner,
189 enum vtype type, acl_perm_t *permp)
191 acl_perm_t perm = 0x0;
194 if (mask & NFSV4ACE_READDATA) {
195 mask &= ~NFSV4ACE_READDATA;
196 perm |= ACL_READ_DATA;
198 if (mask & NFSV4ACE_LISTDIRECTORY) {
199 mask &= ~NFSV4ACE_LISTDIRECTORY;
200 perm |= ACL_LIST_DIRECTORY;
202 if (mask & NFSV4ACE_WRITEDATA) {
203 mask &= ~NFSV4ACE_WRITEDATA;
204 perm |= ACL_WRITE_DATA;
206 if (mask & NFSV4ACE_ADDFILE) {
207 mask &= ~NFSV4ACE_ADDFILE;
208 perm |= ACL_ADD_FILE;
210 if (mask & NFSV4ACE_APPENDDATA) {
211 mask &= ~NFSV4ACE_APPENDDATA;
212 perm |= ACL_APPEND_DATA;
214 if (mask & NFSV4ACE_ADDSUBDIRECTORY) {
215 mask &= ~NFSV4ACE_ADDSUBDIRECTORY;
216 perm |= ACL_ADD_SUBDIRECTORY;
218 if (mask & NFSV4ACE_READNAMEDATTR) {
219 mask &= ~NFSV4ACE_READNAMEDATTR;
220 perm |= ACL_READ_NAMED_ATTRS;
222 if (mask & NFSV4ACE_WRITENAMEDATTR) {
223 mask &= ~NFSV4ACE_WRITENAMEDATTR;
224 perm |= ACL_WRITE_NAMED_ATTRS;
226 if (mask & NFSV4ACE_EXECUTE) {
227 mask &= ~NFSV4ACE_EXECUTE;
230 if (mask & NFSV4ACE_SEARCH) {
231 mask &= ~NFSV4ACE_SEARCH;
234 if (mask & NFSV4ACE_DELETECHILD) {
235 mask &= ~NFSV4ACE_DELETECHILD;
236 perm |= ACL_DELETE_CHILD;
238 if (mask & NFSV4ACE_READATTRIBUTES) {
239 mask &= ~NFSV4ACE_READATTRIBUTES;
240 perm |= ACL_READ_ATTRIBUTES;
242 if (mask & NFSV4ACE_WRITEATTRIBUTES) {
243 mask &= ~NFSV4ACE_WRITEATTRIBUTES;
244 perm |= ACL_WRITE_ATTRIBUTES;
246 if (mask & NFSV4ACE_DELETE) {
247 mask &= ~NFSV4ACE_DELETE;
250 if (mask & NFSV4ACE_READACL) {
251 mask &= ~NFSV4ACE_READACL;
252 perm |= ACL_READ_ACL;
254 if (mask & NFSV4ACE_WRITEACL) {
255 mask &= ~NFSV4ACE_WRITEACL;
256 perm |= ACL_WRITE_ACL;
258 if (mask & NFSV4ACE_WRITEOWNER) {
259 mask &= ~NFSV4ACE_WRITEOWNER;
260 perm |= ACL_WRITE_OWNER;
262 if (mask & NFSV4ACE_SYNCHRONIZE) {
263 mask &= ~NFSV4ACE_SYNCHRONIZE;
264 perm |= ACL_SYNCHRONIZE;
267 error = NFSERR_ATTRNOTSUPP;
277 /* local functions */
278 static int nfsrv_buildace(struct nfsrv_descript *, u_char *, int,
279 enum vtype, int, int, struct acl_entry *);
282 * This function builds an NFS ace.
285 nfsrv_buildace(struct nfsrv_descript *nd, u_char *name, int namelen,
286 enum vtype type, int group, int owner, struct acl_entry *ace)
288 u_int32_t *tl, aceflag = 0x0, acemask = 0x0, acetype;
291 full_len = NFSM_RNDUP(namelen);
292 NFSM_BUILD(tl, u_int32_t *, 4 * NFSX_UNSIGNED + full_len);
295 * Fill in the ace type.
297 if (ace->ae_entry_type & ACL_ENTRY_TYPE_ALLOW)
298 acetype = NFSV4ACE_ALLOWEDTYPE;
299 else if (ace->ae_entry_type & ACL_ENTRY_TYPE_DENY)
300 acetype = NFSV4ACE_DENIEDTYPE;
301 else if (ace->ae_entry_type & ACL_ENTRY_TYPE_AUDIT)
302 acetype = NFSV4ACE_AUDITTYPE;
304 acetype = NFSV4ACE_ALARMTYPE;
305 *tl++ = txdr_unsigned(acetype);
308 * Set the flag bits from the ACL.
310 if (ace->ae_flags & ACL_ENTRY_FILE_INHERIT)
311 aceflag |= NFSV4ACE_FILEINHERIT;
312 if (ace->ae_flags & ACL_ENTRY_DIRECTORY_INHERIT)
313 aceflag |= NFSV4ACE_DIRECTORYINHERIT;
314 if (ace->ae_flags & ACL_ENTRY_NO_PROPAGATE_INHERIT)
315 aceflag |= NFSV4ACE_NOPROPAGATEINHERIT;
316 if (ace->ae_flags & ACL_ENTRY_INHERIT_ONLY)
317 aceflag |= NFSV4ACE_INHERITONLY;
318 if (ace->ae_flags & ACL_ENTRY_SUCCESSFUL_ACCESS)
319 aceflag |= NFSV4ACE_SUCCESSFULACCESS;
320 if (ace->ae_flags & ACL_ENTRY_FAILED_ACCESS)
321 aceflag |= NFSV4ACE_FAILEDACCESS;
323 aceflag |= NFSV4ACE_IDENTIFIERGROUP;
324 *tl++ = txdr_unsigned(aceflag);
326 if (ace->ae_perm & ACL_LIST_DIRECTORY)
327 acemask |= NFSV4ACE_LISTDIRECTORY;
328 if (ace->ae_perm & ACL_ADD_FILE)
329 acemask |= NFSV4ACE_ADDFILE;
330 if (ace->ae_perm & ACL_ADD_SUBDIRECTORY)
331 acemask |= NFSV4ACE_ADDSUBDIRECTORY;
332 if (ace->ae_perm & ACL_READ_NAMED_ATTRS)
333 acemask |= NFSV4ACE_READNAMEDATTR;
334 if (ace->ae_perm & ACL_WRITE_NAMED_ATTRS)
335 acemask |= NFSV4ACE_WRITENAMEDATTR;
336 if (ace->ae_perm & ACL_EXECUTE)
337 acemask |= NFSV4ACE_SEARCH;
338 if (ace->ae_perm & ACL_DELETE_CHILD)
339 acemask |= NFSV4ACE_DELETECHILD;
340 if (ace->ae_perm & ACL_READ_ATTRIBUTES)
341 acemask |= NFSV4ACE_READATTRIBUTES;
342 if (ace->ae_perm & ACL_WRITE_ATTRIBUTES)
343 acemask |= NFSV4ACE_WRITEATTRIBUTES;
344 if (ace->ae_perm & ACL_DELETE)
345 acemask |= NFSV4ACE_DELETE;
346 if (ace->ae_perm & ACL_READ_ACL)
347 acemask |= NFSV4ACE_READACL;
348 if (ace->ae_perm & ACL_WRITE_ACL)
349 acemask |= NFSV4ACE_WRITEACL;
350 if (ace->ae_perm & ACL_WRITE_OWNER)
351 acemask |= NFSV4ACE_WRITEOWNER;
352 if (ace->ae_perm & ACL_SYNCHRONIZE)
353 acemask |= NFSV4ACE_SYNCHRONIZE;
355 if (ace->ae_perm & ACL_READ_DATA)
356 acemask |= NFSV4ACE_READDATA;
357 if (ace->ae_perm & ACL_WRITE_DATA)
358 acemask |= NFSV4ACE_WRITEDATA;
359 if (ace->ae_perm & ACL_APPEND_DATA)
360 acemask |= NFSV4ACE_APPENDDATA;
361 if (ace->ae_perm & ACL_READ_NAMED_ATTRS)
362 acemask |= NFSV4ACE_READNAMEDATTR;
363 if (ace->ae_perm & ACL_WRITE_NAMED_ATTRS)
364 acemask |= NFSV4ACE_WRITENAMEDATTR;
365 if (ace->ae_perm & ACL_EXECUTE)
366 acemask |= NFSV4ACE_EXECUTE;
367 if (ace->ae_perm & ACL_READ_ATTRIBUTES)
368 acemask |= NFSV4ACE_READATTRIBUTES;
369 if (ace->ae_perm & ACL_WRITE_ATTRIBUTES)
370 acemask |= NFSV4ACE_WRITEATTRIBUTES;
371 if (ace->ae_perm & ACL_DELETE)
372 acemask |= NFSV4ACE_DELETE;
373 if (ace->ae_perm & ACL_READ_ACL)
374 acemask |= NFSV4ACE_READACL;
375 if (ace->ae_perm & ACL_WRITE_ACL)
376 acemask |= NFSV4ACE_WRITEACL;
377 if (ace->ae_perm & ACL_WRITE_OWNER)
378 acemask |= NFSV4ACE_WRITEOWNER;
379 if (ace->ae_perm & ACL_SYNCHRONIZE)
380 acemask |= NFSV4ACE_SYNCHRONIZE;
382 *tl++ = txdr_unsigned(acemask);
383 *tl++ = txdr_unsigned(namelen);
384 if (full_len - namelen)
385 *(tl + (namelen / NFSX_UNSIGNED)) = 0x0;
386 NFSBCOPY(name, (caddr_t)tl, namelen);
387 return (full_len + 4 * NFSX_UNSIGNED);
391 * Build an NFSv4 ACL.
394 nfsrv_buildacl(struct nfsrv_descript *nd, NFSACL_T *aclp, enum vtype type,
397 int i, entrycnt = 0, retlen;
398 u_int32_t *entrycntp;
399 int isowner, isgroup, namelen, malloced;
400 u_char *name, namestr[NFSV4_SMALLSTR];
402 NFSM_BUILD(entrycntp, u_int32_t *, NFSX_UNSIGNED);
403 retlen = NFSX_UNSIGNED;
405 * Loop through the acl entries, building each one.
407 for (i = 0; i < aclp->acl_cnt; i++) {
408 isowner = isgroup = malloced = 0;
409 switch (aclp->acl_entry[i].ae_tag) {
426 nfsv4_uidtostr(aclp->acl_entry[i].ae_id, &name,
434 nfsv4_gidtostr((gid_t)aclp->acl_entry[i].ae_id, &name,
442 retlen += nfsrv_buildace(nd, name, namelen, type, isgroup,
443 isowner, &aclp->acl_entry[i]);
446 free(name, M_NFSSTRING);
448 *entrycntp = txdr_unsigned(entrycnt);
453 * Compare two NFSv4 acls.
454 * Return 0 if they are the same, 1 if not the same.
457 nfsrv_compareacl(NFSACL_T *aclp1, NFSACL_T *aclp2)
460 struct acl_entry *acep1, *acep2;
462 if (aclp1->acl_cnt != aclp2->acl_cnt)
464 acep1 = aclp1->acl_entry;
465 acep2 = aclp2->acl_entry;
466 for (i = 0; i < aclp1->acl_cnt; i++) {
467 if (acep1->ae_tag != acep2->ae_tag)
469 switch (acep1->ae_tag) {
472 if (acep1->ae_id != acep2->ae_id)
478 if (acep1->ae_perm != acep2->ae_perm)
projects / FreeBSD / FreeBSD.git / blob