PERFORCE change 163909 for review

Edward Tomasz Napierala trasz at FreeBSD.org
Tue Jun 9 16:32:25 UTC 2009 

http://perforce.freebsd.org/chv.cgi?CH=163909

Change 163909 by trasz at trasz_victim on 2009/06/09 16:31:50

	Little cleanup.

Affected files ...

.. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_nfs4.c#48 edit

Differences ...

==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_nfs4.c#48 (text+ko) ====

@@ -256,25 +256,25 @@
 #endif
 
 static int
-_entry_does_not_match(struct acl_entry *entry, acl_tag_t tag, acl_perm_t perm,
+_acl_entry_matches(struct acl_entry *entry, acl_tag_t tag, acl_perm_t perm,
     acl_entry_type_t entry_type)
 {
 	if (entry->ae_tag != tag)
-		return (1);
+		return (0);
 
 	if (entry->ae_id != ACL_UNDEFINED_ID)
-		return (1);
+		return (0);
 
 	if (entry->ae_perm != perm)
-		return (1);
+		return (0);
 
 	if (entry->ae_entry_type != entry_type)
-		return (1);
+		return (0);
 
 	if (entry->ae_flags != 0)
-		return (1);
+		return (0);
 
-	return (0);
+	return (1);
 }
 
 static struct acl_entry *
@@ -464,7 +464,7 @@
 			previous = entry;
 			entry = _acl_duplicate_entry(aclp, i);
 
-			/* Adjust counter, as we've just entry_type the ACL. */
+			/* Adjust counter, as we've just added an entry. */
 			i++;
 
 			previous->ae_tag = entry->ae_tag;
@@ -475,11 +475,15 @@
 		}
 
 		/*
-		 * 1.5.2.
+		 * 1.5.2. The following modifications are made to the prepended
+		 *        ACE.  The intent is to mask the following ACE
+		 *        to disallow ACL_READ_DATA, ACL_WRITE_DATA,
+		 *        ACL_APPEND_DATA, or ACL_EXECUTE, based upon the group
+		 *        permissions of the new mode.  As a special case,
+		 *        if the ACE matches the current owner of the file,
+		 *        the owner bits are used, rather than the group bits.
+		 *        This is reflected in the algorithm below.
 		 */
-		/*
-		 * XXX: Verify all these shifts.
-		 */
 		amode = mode >> 3;
 
 		/*
@@ -568,24 +572,24 @@
 		a2 = &(aclp->acl_entry[aclp->acl_cnt - 5]);
 		a1 = &(aclp->acl_entry[aclp->acl_cnt - 6]);
 
-		if (_entry_does_not_match(a1, ACL_USER_OBJ, 0,
+		if (!_acl_entry_matches(a1, ACL_USER_OBJ, 0,
 		    ACL_ENTRY_TYPE_DENY))
 			must_append = 1;
-		if (_entry_does_not_match(a2, ACL_USER_OBJ, ACL_WRITE_ACL |
+		if (!_acl_entry_matches(a2, ACL_USER_OBJ, ACL_WRITE_ACL |
 		    ACL_WRITE_OWNER | ACL_WRITE_ATTRIBUTES |
 		    ACL_WRITE_NAMED_ATTRS, ACL_ENTRY_TYPE_ALLOW))
 			must_append = 1;
-		if (_entry_does_not_match(a3, ACL_GROUP_OBJ, 0,
+		if (!_acl_entry_matches(a3, ACL_GROUP_OBJ, 0,
 		    ACL_ENTRY_TYPE_DENY))
 			must_append = 1;
-		if (_entry_does_not_match(a4, ACL_GROUP_OBJ, 0,
+		if (!_acl_entry_matches(a4, ACL_GROUP_OBJ, 0,
 		    ACL_ENTRY_TYPE_ALLOW))
 			must_append = 1;
-		if (_entry_does_not_match(a5, ACL_EVERYONE, ACL_WRITE_ACL |
+		if (!_acl_entry_matches(a5, ACL_EVERYONE, ACL_WRITE_ACL |
 		    ACL_WRITE_OWNER | ACL_WRITE_ATTRIBUTES |
 		    ACL_WRITE_NAMED_ATTRS, ACL_ENTRY_TYPE_DENY))
 			must_append = 1;
-		if (_entry_does_not_match(a6, ACL_EVERYONE, ACL_READ_ACL |
+		if (!_acl_entry_matches(a6, ACL_EVERYONE, ACL_READ_ACL |
 		    ACL_READ_ATTRIBUTES | ACL_READ_NAMED_ATTRS |
 		    ACL_SYNCHRONIZE, ACL_ENTRY_TYPE_ALLOW))
 			must_append = 1;

More information about the p4-projects mailing list