From owner-p4-projects@FreeBSD.ORG  Thu Jul 31 20:26:58 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D39E3106566B; Thu, 31 Jul 2008 20:26:57 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 969921065682
	for <perforce@freebsd.org>; Thu, 31 Jul 2008 20:26:57 +0000 (UTC)
	(envelope-from trasz@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 835AC8FC1A
	for <perforce@freebsd.org>; Thu, 31 Jul 2008 20:26:57 +0000 (UTC)
	(envelope-from trasz@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m6VKQvn3040184
	for <perforce@freebsd.org>; Thu, 31 Jul 2008 20:26:57 GMT
	(envelope-from trasz@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m6VKQvfV040182
	for perforce@freebsd.org; Thu, 31 Jul 2008 20:26:57 GMT
	(envelope-from trasz@freebsd.org)
Date: Thu, 31 Jul 2008 20:26:57 GMT
Message-Id: <200807312026.m6VKQvfV040182@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	trasz@freebsd.org using -f
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 146342 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jul 2008 20:26:58 -0000

http://perforce.freebsd.org/chv.cgi?CH=146342

Change 146342 by trasz@trasz_traszkan on 2008/07/31 20:26:37

	Fix an ugly thinko - VADMIN obviously cannot be expressed as
	an ACL access mask; don't even try.

Affected files ...

.. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_nfs4.c#12 edit

Differences ...

==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_nfs4.c#12 (text+ko) ====

@@ -79,11 +79,6 @@
 	if (mode & VEXEC)
 		access_mask |= ACL_EXECUTE;
 
-	if (mode & VADMIN)
-		access_mask |= (ACL_WRITE_NAMED_ATTRS |
-		    ACL_WRITE_ATTRIBUTES | ACL_WRITE_ACL |
-		    ACL_WRITE_OWNER);
-
 	return (access_mask);
 }
 
@@ -158,11 +153,30 @@
     int *privused)
 {
 	mode_t priv_granted = 0;
-	int denied, explicitly_denied, is_directory;
+	int denied, explicitly_denied, is_directory, must_be_owner = 0;
 
 	if (privused != NULL)
 		*privused = 0;
 
+	if (acc_mode & VADMIN) {
+		/*
+		 * XXX: This conditional will go away
+		 * after removing VOP_GRANULAR>
+		 */
+		if (needed_bits == 0) {
+			must_be_owner = 1;
+		} else {
+			/*
+			 * This is the case of
+			 * VOP_GRANULAR(..., VADMIN, ACL_WRITE_OWNER, ...).
+			 * In other words, we don't want actual VADMIN
+			 * here, just one of the permissions typically
+			 * reserved for file owner.
+			 */
+			must_be_owner = 0;
+		}
+	}
+
 	if (needed_bits == 0)
 		needed_bits = _access_mask_from_mode(acc_mode);
 
@@ -173,7 +187,9 @@
 
 	/*
 	 * File owner is always allowed to read and write the ACL
-	 * and basic attributes.
+	 * and basic attributes.  This is to prevent a situation
+	 * where user would change ACL in a way that prevents him
+	 * from undoing the change.
 	 */
 	if (file_uid == cred->cr_uid)
 		needed_bits &= ~(ACL_READ_ACL | ACL_WRITE_ACL |
@@ -181,29 +197,37 @@
 
 	denied = _acl_denies(aclp, needed_bits, cred, file_uid, file_gid,
 	    &explicitly_denied);
-	if (!denied)
-		return (0);
-
-	if ((acc_mode & VEXPLICIT_DENY) && explicitly_denied == 0)
-		return (0);
 
-	acc_mode &= ~VEXPLICIT_DENY;
-
 	/*
 	 * If we want to append data to the file, either one of ACL_APPEND_DATA
 	 * or ACL_WRITE_DATA is sufficient.  We just tested for the former
 	 * and we were denied access.  Let's try with the latter.
 	 */ 
-	if ((needed_bits & ACL_APPEND_DATA) && !is_directory) {
+	if (denied && (needed_bits & ACL_APPEND_DATA) && !is_directory) {
 		needed_bits |= ACL_WRITE_DATA;
 		needed_bits &= ~ACL_APPEND_DATA;
 
 		denied = _acl_denies(aclp, needed_bits, cred, file_uid,
-		    file_gid, NULL);
-		if (!denied)
-			return (0);
+		    file_gid, &explicitly_denied);
+	}
+
+	if (must_be_owner) {
+		if (file_uid != cred->cr_uid)
+			denied = EPERM;
 	}
 
+	if (!denied)
+		return (0);
+
+	/*
+	 * Access failed.  Iff it was not denied explicitly and
+	 * VEXPLICIT_DENY flag was specified, allow access.
+	 */
+	if ((acc_mode & VEXPLICIT_DENY) && explicitly_denied == 0)
+		return (0);
+
+	acc_mode &= ~VEXPLICIT_DENY;
+
 	/*
 	 * No match.  Try to use privileges, if there are any.
 	 * Taken from kern/subr_acl_posix1e.c.
@@ -238,10 +262,17 @@
 		return (0);
 	}
 
+	if ((acc_mode & VADMIN) || needed_bits & (ACL_DELETE_CHILD |
+	    ACL_DELETE | ACL_WRITE_ATTRIBUTES | ACL_WRITE_ACL |
+	    ACL_WRITE_OWNER))
+		denied = EPERM;
+	else
+		denied = EACCES;
+
 	/*
 	 * Nie wydostaniecie się.  Drzwi zamknięte.
 	 */
-	return ((acc_mode & VADMIN) ? EPERM : EACCES);
+	return (denied);
 }
 #endif