From owner-p4-projects@FreeBSD.ORG Mon Aug 11 16:51:59 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 8665B106568E; Mon, 11 Aug 2008 16:51:59 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 47E75106567E for ; Mon, 11 Aug 2008 16:51:59 +0000 (UTC) (envelope-from trasz@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 367F88FC0C for ; Mon, 11 Aug 2008 16:51:59 +0000 (UTC) (envelope-from trasz@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m7BGpx9E046327 for ; Mon, 11 Aug 2008 16:51:59 GMT (envelope-from trasz@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m7BGpxaG046325 for perforce@freebsd.org; Mon, 11 Aug 2008 16:51:59 GMT (envelope-from trasz@freebsd.org) Date: Mon, 11 Aug 2008 16:51:59 GMT Message-Id: <200808111651.m7BGpxaG046325@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to trasz@freebsd.org using -f From: Edward Tomasz Napierala To: Perforce Change Reviews Cc: Subject: PERFORCE change 147160 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2008 16:51:59 -0000 http://perforce.freebsd.org/chv.cgi?CH=147160 Change 147160 by trasz@trasz_traszkan on 2008/08/11 16:51:06 Fix the fix from 147154. Affected files ... .. //depot/projects/soc2008/trasz_nfs4acl/TODO#39 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c#3 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_vnops.c#11 edit Differences ... ==== //depot/projects/soc2008/trasz_nfs4acl/TODO#39 (text+ko) ==== @@ -12,6 +12,11 @@ - Add the information about correct constants to the manual pages. +- Decide what to do when chmod(2) needs to add ACL entries, but + there is no room in 'struct acl' to do that. Solaris seems to + limit the numer of user-settable entries to half of ACL_MAX_ENTRIES, + so there is no risk of running out of them in chmod(2). + - Make 'struct acl' variable size. - Benchmark things. ==== //depot/projects/soc2008/trasz_nfs4acl/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c#3 (text+ko) ==== @@ -260,8 +260,10 @@ /* * Deny setting setuid if we are not the file owner. */ - if ((vap->va_mode & S_ISUID) && ovap->va_uid != cred->cr_uid) - return (EPERM); - + if ((vap->va_mode & S_ISUID) && ovap->va_uid != cred->cr_uid) { + error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); + if (error) + return (error); + } return (0); } ==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_vnops.c#11 (text+ko) ==== @@ -721,8 +721,11 @@ /* * Deny setting setuid if we are not the file owner. */ - if ((mode & ISUID) && ip->i_uid != cred->cr_uid) - return (EPERM); + if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { + error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); + if (error) + return (error); + } ip->i_mode &= ~ALLPERMS; ip->i_mode |= (mode & ALLPERMS);