Date: Mon, 26 May 2008 20:01:05 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 142315 for review Message-ID: <200805262001.m4QK15Hj083423@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=142315 Change 142315 by trasz@trasz_traszkan on 2008/05/26 20:00:08 Calculate initial NFSv4 ACL from mode bits. Affected files ... .. //depot/projects/soc2008/trasz_nfs4acl/sys/sys/acl.h#3 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_acl.c#3 edit Differences ... ==== //depot/projects/soc2008/trasz_nfs4acl/sys/sys/acl.h#3 (text+ko) ==== @@ -171,7 +171,7 @@ #define ACE_WRITE_DATA 0x00000002 #define ACE_ADD_FILE 0x00000002 #define ACE_APPEND_DATA 0x00000004 -#define ACE_ACE_ADD_SUBDIRECTORY 0x00000004 +#define ACE_ADD_SUBDIRECTORY 0x00000004 #define ACE_READ_NAMED_ATTRS 0x00000008 #define ACE_WRITE_NAMED_ATTRS 0x00000010 #define ACE_EXECUTE 0x00000020 ==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_acl.c#3 (text+ko) ==== @@ -461,12 +461,65 @@ return error; } +static void +ace_pair(ace_t *denied, ace_t *allowed, uint32_t flags, uint32_t allowed_mask, uint32_t denied_mask) +{ + /* XXX: SunOS seems to put 0xffffffff here. */ + allowed->a_who = denied->a_who = 0; + allowed->a_flags = denied->a_flags = flags; + allowed->a_type = ACE_ACCESS_ALLOWED_ACE_TYPE; + allowed->a_access_mask = allowed_mask; + denied->a_type = ACE_ACCESS_DENIED_ACE_TYPE; + denied->a_access_mask = denied_mask; +} + int ufs_nfs4acl_from_inode(struct vop_getace_args *ap) { + struct inode *ip = VTOI(ap->a_vp); + uint32_t allowed, denied; + ace_t *aces = ap->a_aclp; + if (ap->a_nentries < 6) return (ENOSPC); + /* XXX: Where is this thing described in the spec? */ + allowed = 0; + if (ip->i_mode & S_IRUSR) + allowed |= ACE_READ_DATA; + if (ip->i_mode & S_IWUSR) + allowed |= ACE_WRITE_DATA | ACE_APPEND_DATA; + if (ip->i_mode & S_IXUSR) + allowed |= ACE_EXECUTE; + denied = ~allowed & (ACE_READ_DATA | ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE); + allowed |= ACE_WRITE_NAMED_ATTRS | ACE_WRITE_ATTRIBUTES | ACE_WRITE_ACL | ACE_WRITE_OWNER; + + ace_pair(&aces[0], &aces[1], ACE_OWNER, allowed, denied); + + allowed = 0; + if (ip->i_mode & S_IRGRP) + allowed |= ACE_READ_DATA; + if (ip->i_mode & S_IWGRP) + allowed |= ACE_WRITE_DATA | ACE_APPEND_DATA; + if (ip->i_mode & S_IXGRP) + allowed |= ACE_EXECUTE; + denied = ~allowed & (ACE_READ_DATA | ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE); + + ace_pair(&aces[2], &aces[3], ACE_GROUP, allowed, denied); + + allowed = 0; + if (ip->i_mode & S_IROTH) + allowed |= ACE_READ_DATA; + if (ip->i_mode & S_IWOTH) + allowed |= ACE_WRITE_DATA | ACE_APPEND_DATA; + if (ip->i_mode & S_IXOTH) + allowed |= ACE_EXECUTE; + denied = ~allowed & (ACE_READ_DATA | ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE); + denied |= ACE_WRITE_NAMED_ATTRS | ACE_WRITE_ATTRIBUTES | ACE_WRITE_ACL | ACE_WRITE_OWNER; + allowed |= ACE_READ_NAMED_ATTRS | ACE_READ_ATTRIBUTES | ACE_READ_ACL | ACE_SYNCHRONIZE; + + ace_pair(&aces[4], &aces[5], ACE_EVERYONE, allowed, denied); + *(ap->a_count) = 6; return (0); @@ -566,6 +619,10 @@ error = 0; } + /* If the loaded ACE count is too big, return error. */ + if (*(ap->a_count) > MAX_ACL_ENTRIES) + return (EIO); + return (error); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805262001.m4QK15Hj083423>