Date: Thu, 31 Jul 2008 20:25:56 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 146341 for review Message-ID: <200807312025.m6VKPuEf040083@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=146341 Change 146341 by trasz@trasz_traszkan on 2008/07/31 20:25:39 Fix delete on filesystems with nfs4acls disabled. Affected files ... .. //depot/projects/soc2008/trasz_nfs4acl/TODO#25 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_posix1e.c#5 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vfs_subr.c#5 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_lookup.c#8 edit Differences ... ==== //depot/projects/soc2008/trasz_nfs4acl/TODO#25 (text+ko) ==== @@ -2,6 +2,8 @@ - Make setfacl(1) error messages more user friendly. +- Decide what to do with write vs append on regular files. + - Either add or extend existing manual pages for new API routines: acl_add_flag_np, acl_clear_flags_np, acl_create_entry_np, acl_delete_entry_np, acl_delete_flag_np, acl_get_extended_np, acl_get_flag_np, acl_get_flagset_np, ==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_posix1e.c#5 (text+ko) ==== @@ -75,6 +75,12 @@ return (0); /* + * Unix does not provide any explicit "deny" access rules. + */ + if (acc_mode & VEXPLICIT_DENY) + return (0); + + /* * Determine privileges now, but don't apply until we've found a DAC * entry that matches but has failed to allow access. * ==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vfs_subr.c#5 (text+ko) ==== @@ -3463,6 +3463,12 @@ if (acc_mode == VSTAT) return (0); + /* + * Unix does not provide any explicit "deny" access rules. + */ + if (acc_mode & VEXPLICIT_DENY) + return (0); + /* Check the owner. */ if (cred->cr_uid == file_uid) { dac_granted |= VADMIN; ==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_lookup.c#8 (text+ko) ==== @@ -101,12 +101,12 @@ if (error == 0) return (0); - error = VOP_GRANULAR(vdp, VWRITE, ACL_DELETE_CHILD, cred, td); + error = VOP_GRANULAR(vdp, VADMIN, ACL_DELETE_CHILD, cred, td); if (error == 0) return (0); - error = VOP_GRANULAR(vdp, VWRITE | VEXPLICIT_DENY, ACL_DELETE_CHILD, - cred, td); + error = VOP_GRANULAR(vdp, VADMIN | VEXPLICIT_DENY, + ACL_DELETE_CHILD, cred, td); if (error) return (error);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807312025.m6VKPuEf040083>