PERFORCE change 163909 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Tue Jun 9 16:32:25 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=163909
Change 163909 by trasz at trasz_victim on 2009/06/09 16:31:50
Little cleanup.
Affected files ...
.. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_nfs4.c#48 edit
Differences ...
==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_nfs4.c#48 (text+ko) ====
@@ -256,25 +256,25 @@
#endif
static int
-_entry_does_not_match(struct acl_entry *entry, acl_tag_t tag, acl_perm_t perm,
+_acl_entry_matches(struct acl_entry *entry, acl_tag_t tag, acl_perm_t perm,
acl_entry_type_t entry_type)
{
if (entry->ae_tag != tag)
- return (1);
+ return (0);
if (entry->ae_id != ACL_UNDEFINED_ID)
- return (1);
+ return (0);
if (entry->ae_perm != perm)
- return (1);
+ return (0);
if (entry->ae_entry_type != entry_type)
- return (1);
+ return (0);
if (entry->ae_flags != 0)
- return (1);
+ return (0);
- return (0);
+ return (1);
}
static struct acl_entry *
@@ -464,7 +464,7 @@
previous = entry;
entry = _acl_duplicate_entry(aclp, i);
- /* Adjust counter, as we've just entry_type the ACL. */
+ /* Adjust counter, as we've just added an entry. */
i++;
previous->ae_tag = entry->ae_tag;
@@ -475,11 +475,15 @@
}
/*
- * 1.5.2.
+ * 1.5.2. The following modifications are made to the prepended
+ * ACE. The intent is to mask the following ACE
+ * to disallow ACL_READ_DATA, ACL_WRITE_DATA,
+ * ACL_APPEND_DATA, or ACL_EXECUTE, based upon the group
+ * permissions of the new mode. As a special case,
+ * if the ACE matches the current owner of the file,
+ * the owner bits are used, rather than the group bits.
+ * This is reflected in the algorithm below.
*/
- /*
- * XXX: Verify all these shifts.
- */
amode = mode >> 3;
/*
@@ -568,24 +572,24 @@
a2 = &(aclp->acl_entry[aclp->acl_cnt - 5]);
a1 = &(aclp->acl_entry[aclp->acl_cnt - 6]);
- if (_entry_does_not_match(a1, ACL_USER_OBJ, 0,
+ if (!_acl_entry_matches(a1, ACL_USER_OBJ, 0,
ACL_ENTRY_TYPE_DENY))
must_append = 1;
- if (_entry_does_not_match(a2, ACL_USER_OBJ, ACL_WRITE_ACL |
+ if (!_acl_entry_matches(a2, ACL_USER_OBJ, ACL_WRITE_ACL |
ACL_WRITE_OWNER | ACL_WRITE_ATTRIBUTES |
ACL_WRITE_NAMED_ATTRS, ACL_ENTRY_TYPE_ALLOW))
must_append = 1;
- if (_entry_does_not_match(a3, ACL_GROUP_OBJ, 0,
+ if (!_acl_entry_matches(a3, ACL_GROUP_OBJ, 0,
ACL_ENTRY_TYPE_DENY))
must_append = 1;
- if (_entry_does_not_match(a4, ACL_GROUP_OBJ, 0,
+ if (!_acl_entry_matches(a4, ACL_GROUP_OBJ, 0,
ACL_ENTRY_TYPE_ALLOW))
must_append = 1;
- if (_entry_does_not_match(a5, ACL_EVERYONE, ACL_WRITE_ACL |
+ if (!_acl_entry_matches(a5, ACL_EVERYONE, ACL_WRITE_ACL |
ACL_WRITE_OWNER | ACL_WRITE_ATTRIBUTES |
ACL_WRITE_NAMED_ATTRS, ACL_ENTRY_TYPE_DENY))
must_append = 1;
- if (_entry_does_not_match(a6, ACL_EVERYONE, ACL_READ_ACL |
+ if (!_acl_entry_matches(a6, ACL_EVERYONE, ACL_READ_ACL |
ACL_READ_ATTRIBUTES | ACL_READ_NAMED_ATTRS |
ACL_SYNCHRONIZE, ACL_ENTRY_TYPE_ALLOW))
must_append = 1;
More information about the p4-projects
mailing list