Lines Matching +full:set +full:- +full:aces
1 // SPDX-License-Identifier: GPL-2.0-only
5 * Copyright (C) 2002-2003 Andreas Gruenbacher <agruen@suse.de>
12 * - Minimal ACLs always have an ACL_MASK entry, so they have
14 * - The ACL_MASK entry in such minimal ACLs always has the same
17 * - The identifier fields of the ACL_USER_OBJ and ACL_GROUP_OBJ
19 * (In POSIX ACLs we always set them to ACL_UNDEFINED_ID).
20 * - ACL entries in the kernel are kept sorted in ascending order
56 &nfsacl_desc->acl->a_entries[nfsacl_desc->count++]; in xdr_nfsace_encode()
58 *p++ = htonl(entry->e_tag | nfsacl_desc->typeflag); in xdr_nfsace_encode()
59 switch(entry->e_tag) { in xdr_nfsace_encode()
61 *p++ = htonl(from_kuid(&init_user_ns, nfsacl_desc->uid)); in xdr_nfsace_encode()
64 *p++ = htonl(from_kgid(&init_user_ns, nfsacl_desc->gid)); in xdr_nfsace_encode()
67 *p++ = htonl(from_kuid(&init_user_ns, entry->e_uid)); in xdr_nfsace_encode()
70 *p++ = htonl(from_kgid(&init_user_ns, entry->e_gid)); in xdr_nfsace_encode()
76 *p++ = htonl(entry->e_perm & S_IRWXO); in xdr_nfsace_encode()
81 * nfsacl_encode - Encode an NFSv3 ACL
87 * @encode_entries: whether to encode ACEs as well
95 int entries = (acl && acl->a_count) ? max_t(int, acl->a_count, 4) : 0; in nfsacl_encode()
104 .uid = inode->i_uid, in nfsacl_encode()
105 .gid = inode->i_gid, in nfsacl_encode()
112 return -EINVAL; in nfsacl_encode()
113 if (encode_entries && acl && acl->a_count == 3) { in nfsacl_encode()
124 acl2->a_entries[0] = acl->a_entries[0]; /* ACL_USER_OBJ */ in nfsacl_encode()
125 acl2->a_entries[1] = acl->a_entries[1]; /* ACL_GROUP_OBJ */ in nfsacl_encode()
126 acl2->a_entries[2] = acl->a_entries[1]; /* ACL_MASK */ in nfsacl_encode()
127 acl2->a_entries[2].e_tag = ACL_MASK; in nfsacl_encode()
128 acl2->a_entries[3] = acl->a_entries[2]; /* ACL_OTHER */ in nfsacl_encode()
154 if (!nfsacl_desc->acl) { in xdr_nfsace_decode()
155 if (desc->array_len > NFS_ACL_MAX_ENTRIES) in xdr_nfsace_decode()
156 return -EINVAL; in xdr_nfsace_decode()
157 nfsacl_desc->acl = posix_acl_alloc(desc->array_len, GFP_KERNEL); in xdr_nfsace_decode()
158 if (!nfsacl_desc->acl) in xdr_nfsace_decode()
159 return -ENOMEM; in xdr_nfsace_decode()
160 nfsacl_desc->count = 0; in xdr_nfsace_decode()
163 entry = &nfsacl_desc->acl->a_entries[nfsacl_desc->count++]; in xdr_nfsace_decode()
164 entry->e_tag = ntohl(*p++) & ~NFS_ACL_DEFAULT; in xdr_nfsace_decode()
166 entry->e_perm = ntohl(*p++); in xdr_nfsace_decode()
168 switch(entry->e_tag) { in xdr_nfsace_decode()
170 entry->e_uid = make_kuid(&init_user_ns, id); in xdr_nfsace_decode()
171 if (!uid_valid(entry->e_uid)) in xdr_nfsace_decode()
172 return -EINVAL; in xdr_nfsace_decode()
175 entry->e_gid = make_kgid(&init_user_ns, id); in xdr_nfsace_decode()
176 if (!gid_valid(entry->e_gid)) in xdr_nfsace_decode()
177 return -EINVAL; in xdr_nfsace_decode()
182 if (entry->e_perm & ~S_IRWXO) in xdr_nfsace_decode()
183 return -EINVAL; in xdr_nfsace_decode()
187 entry->e_perm &= S_IRWXO; in xdr_nfsace_decode()
190 return -EINVAL; in xdr_nfsace_decode()
201 if (a->e_tag != b->e_tag) in cmp_acl_entry()
202 return a->e_tag - b->e_tag; in cmp_acl_entry()
203 else if ((a->e_tag == ACL_USER) && uid_gt(a->e_uid, b->e_uid)) in cmp_acl_entry()
205 else if ((a->e_tag == ACL_USER) && uid_lt(a->e_uid, b->e_uid)) in cmp_acl_entry()
206 return -1; in cmp_acl_entry()
207 else if ((a->e_tag == ACL_GROUP) && gid_gt(a->e_gid, b->e_gid)) in cmp_acl_entry()
209 else if ((a->e_tag == ACL_GROUP) && gid_lt(a->e_gid, b->e_gid)) in cmp_acl_entry()
210 return -1; in cmp_acl_entry()
227 sort(acl->a_entries, acl->a_count, sizeof(struct posix_acl_entry), in posix_acl_from_nfsacl()
232 switch(pa->e_tag) { in posix_acl_from_nfsacl()
245 if (acl->a_count == 4 && group_obj && mask && in posix_acl_from_nfsacl()
246 mask->e_perm == group_obj->e_perm) { in posix_acl_from_nfsacl()
248 memmove(mask, mask+1, (3 - (mask - acl->a_entries)) * in posix_acl_from_nfsacl()
250 acl->a_count = 3; in posix_acl_from_nfsacl()
256 * nfsacl_decode - Decode an NFSv3 ACL
260 * @aclcnt: count of ACEs in decoded posix_acl
279 return -EINVAL; in nfsacl_decode()
288 return -EINVAL; in nfsacl_decode()