From owner-p4-projects@FreeBSD.ORG Thu Jul 31 20:25:56 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id AB2EB1065674; Thu, 31 Jul 2008 20:25:56 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E9701065679 for ; Thu, 31 Jul 2008 20:25:56 +0000 (UTC) (envelope-from trasz@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 5B63B8FC08 for ; Thu, 31 Jul 2008 20:25:56 +0000 (UTC) (envelope-from trasz@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m6VKPukr040085 for ; Thu, 31 Jul 2008 20:25:56 GMT (envelope-from trasz@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m6VKPuEf040083 for perforce@freebsd.org; Thu, 31 Jul 2008 20:25:56 GMT (envelope-from trasz@freebsd.org) Date: Thu, 31 Jul 2008 20:25:56 GMT Message-Id: <200807312025.m6VKPuEf040083@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to trasz@freebsd.org using -f From: Edward Tomasz Napierala To: Perforce Change Reviews Cc: Subject: PERFORCE change 146341 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2008 20:25:57 -0000 http://perforce.freebsd.org/chv.cgi?CH=146341 Change 146341 by trasz@trasz_traszkan on 2008/07/31 20:25:39 Fix delete on filesystems with nfs4acls disabled. Affected files ... .. //depot/projects/soc2008/trasz_nfs4acl/TODO#25 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_posix1e.c#5 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vfs_subr.c#5 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_lookup.c#8 edit Differences ... ==== //depot/projects/soc2008/trasz_nfs4acl/TODO#25 (text+ko) ==== @@ -2,6 +2,8 @@ - Make setfacl(1) error messages more user friendly. +- Decide what to do with write vs append on regular files. + - Either add or extend existing manual pages for new API routines: acl_add_flag_np, acl_clear_flags_np, acl_create_entry_np, acl_delete_entry_np, acl_delete_flag_np, acl_get_extended_np, acl_get_flag_np, acl_get_flagset_np, ==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_posix1e.c#5 (text+ko) ==== @@ -75,6 +75,12 @@ return (0); /* + * Unix does not provide any explicit "deny" access rules. + */ + if (acc_mode & VEXPLICIT_DENY) + return (0); + + /* * Determine privileges now, but don't apply until we've found a DAC * entry that matches but has failed to allow access. * ==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vfs_subr.c#5 (text+ko) ==== @@ -3463,6 +3463,12 @@ if (acc_mode == VSTAT) return (0); + /* + * Unix does not provide any explicit "deny" access rules. + */ + if (acc_mode & VEXPLICIT_DENY) + return (0); + /* Check the owner. */ if (cred->cr_uid == file_uid) { dac_granted |= VADMIN; ==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_lookup.c#8 (text+ko) ==== @@ -101,12 +101,12 @@ if (error == 0) return (0); - error = VOP_GRANULAR(vdp, VWRITE, ACL_DELETE_CHILD, cred, td); + error = VOP_GRANULAR(vdp, VADMIN, ACL_DELETE_CHILD, cred, td); if (error == 0) return (0); - error = VOP_GRANULAR(vdp, VWRITE | VEXPLICIT_DENY, ACL_DELETE_CHILD, - cred, td); + error = VOP_GRANULAR(vdp, VADMIN | VEXPLICIT_DENY, + ACL_DELETE_CHILD, cred, td); if (error) return (error);