PERFORCE change 142315 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Mon May 26 20:01:05 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=142315
Change 142315 by trasz at trasz_traszkan on 2008/05/26 20:00:08
Calculate initial NFSv4 ACL from mode bits.
Affected files ...
.. //depot/projects/soc2008/trasz_nfs4acl/sys/sys/acl.h#3 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_acl.c#3 edit
Differences ...
==== //depot/projects/soc2008/trasz_nfs4acl/sys/sys/acl.h#3 (text+ko) ====
@@ -171,7 +171,7 @@
#define ACE_WRITE_DATA 0x00000002
#define ACE_ADD_FILE 0x00000002
#define ACE_APPEND_DATA 0x00000004
-#define ACE_ACE_ADD_SUBDIRECTORY 0x00000004
+#define ACE_ADD_SUBDIRECTORY 0x00000004
#define ACE_READ_NAMED_ATTRS 0x00000008
#define ACE_WRITE_NAMED_ATTRS 0x00000010
#define ACE_EXECUTE 0x00000020
==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_acl.c#3 (text+ko) ====
@@ -461,12 +461,65 @@
return error;
}
+static void
+ace_pair(ace_t *denied, ace_t *allowed, uint32_t flags, uint32_t allowed_mask, uint32_t denied_mask)
+{
+ /* XXX: SunOS seems to put 0xffffffff here. */
+ allowed->a_who = denied->a_who = 0;
+ allowed->a_flags = denied->a_flags = flags;
+ allowed->a_type = ACE_ACCESS_ALLOWED_ACE_TYPE;
+ allowed->a_access_mask = allowed_mask;
+ denied->a_type = ACE_ACCESS_DENIED_ACE_TYPE;
+ denied->a_access_mask = denied_mask;
+}
+
int
ufs_nfs4acl_from_inode(struct vop_getace_args *ap)
{
+ struct inode *ip = VTOI(ap->a_vp);
+ uint32_t allowed, denied;
+ ace_t *aces = ap->a_aclp;
+
if (ap->a_nentries < 6)
return (ENOSPC);
+ /* XXX: Where is this thing described in the spec? */
+ allowed = 0;
+ if (ip->i_mode & S_IRUSR)
+ allowed |= ACE_READ_DATA;
+ if (ip->i_mode & S_IWUSR)
+ allowed |= ACE_WRITE_DATA | ACE_APPEND_DATA;
+ if (ip->i_mode & S_IXUSR)
+ allowed |= ACE_EXECUTE;
+ denied = ~allowed & (ACE_READ_DATA | ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE);
+ allowed |= ACE_WRITE_NAMED_ATTRS | ACE_WRITE_ATTRIBUTES | ACE_WRITE_ACL | ACE_WRITE_OWNER;
+
+ ace_pair(&aces[0], &aces[1], ACE_OWNER, allowed, denied);
+
+ allowed = 0;
+ if (ip->i_mode & S_IRGRP)
+ allowed |= ACE_READ_DATA;
+ if (ip->i_mode & S_IWGRP)
+ allowed |= ACE_WRITE_DATA | ACE_APPEND_DATA;
+ if (ip->i_mode & S_IXGRP)
+ allowed |= ACE_EXECUTE;
+ denied = ~allowed & (ACE_READ_DATA | ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE);
+
+ ace_pair(&aces[2], &aces[3], ACE_GROUP, allowed, denied);
+
+ allowed = 0;
+ if (ip->i_mode & S_IROTH)
+ allowed |= ACE_READ_DATA;
+ if (ip->i_mode & S_IWOTH)
+ allowed |= ACE_WRITE_DATA | ACE_APPEND_DATA;
+ if (ip->i_mode & S_IXOTH)
+ allowed |= ACE_EXECUTE;
+ denied = ~allowed & (ACE_READ_DATA | ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE);
+ denied |= ACE_WRITE_NAMED_ATTRS | ACE_WRITE_ATTRIBUTES | ACE_WRITE_ACL | ACE_WRITE_OWNER;
+ allowed |= ACE_READ_NAMED_ATTRS | ACE_READ_ATTRIBUTES | ACE_READ_ACL | ACE_SYNCHRONIZE;
+
+ ace_pair(&aces[4], &aces[5], ACE_EVERYONE, allowed, denied);
+
*(ap->a_count) = 6;
return (0);
@@ -566,6 +619,10 @@
error = 0;
}
+ /* If the loaded ACE count is too big, return error. */
+ if (*(ap->a_count) > MAX_ACL_ENTRIES)
+ return (EIO);
+
return (error);
}
More information about the p4-projects
mailing list