[PATCH] knfsd: nfsd4: acls: fix inheritance

We can be a little more flexible about the flags allowed for inheritance (in particular, we can deal with either the presence or the absence of INHERIT_ONLY), but we should probably reject other combinations that we don't understand. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: J.Bruce Fields <bfields@fieldses.org> 2006-10-04 05:16:12 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-10-04 10:55:20 -0400
commit: b548edc2dd9440c561f3302cb9f212ef2d06a8ef (patch)
tree: 4e6c2e3c1907747abd294bc1bbfcd6439cbfbd4c
parent: 09229edb68a3961db54174a2725055bd1589b4b8 (diff)
1 files changed, 30 insertions, 13 deletions
diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c
index f2f66b3da7ac..59fdd9c1d3ee 100644
--- a/fs/nfsd/nfs4acl.c
+++ b/fs/nfsd/nfs4acl.c
@@ -63,6 +63,8 @@
 #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \
                | NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE)
+#define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS | NFS4_ACE_IDENTIFIER_GROUP)
 #define MASK_EQUAL(mask1, mask2) \
        ( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) )
@@ -721,22 +723,37 @@ nfs4_acl_split(struct nfs4_acl *acl, struct nfs4_acl *dacl)
                    ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE)
                        return -EINVAL;
-                if ((ace->flag & NFS4_INHERITANCE_FLAGS)
+                if (ace->flag & ~NFS4_SUPPORTED_FLAGS)
-                                != NFS4_INHERITANCE_FLAGS)
+                        return -EINVAL;
-                        continue;
-                error = nfs4_acl_add_ace(dacl, ace->type, ace->flag,
+                switch (ace->flag & NFS4_INHERITANCE_FLAGS) {
+                case 0:
+                        /* Leave this ace in the effective acl: */
+                        continue;
+                case NFS4_INHERITANCE_FLAGS:
+                        /* Add this ace to the default acl and remove it
+                         * from the effective acl: */
+                        error = nfs4_acl_add_ace(dacl, ace->type, ace->flag,
                                ace->access_mask, ace->whotype, ace->who);
-                if (error < 0)
+                        if (error)
-                        goto out;
+                                return error;
+                        list_del(h);
-                list_del(h);
+                        kfree(ace);
-                kfree(ace);
+                        acl->naces--;
-                acl->naces--;
+                        break;
+                case NFS4_INHERITANCE_FLAGS & ~NFS4_ACE_INHERIT_ONLY_ACE:
+                        /* Add this ace to the default, but leave it in
+                         * the effective acl as well: */
+                        error = nfs4_acl_add_ace(dacl, ace->type, ace->flag,
+                                ace->access_mask, ace->whotype, ace->who);
+                        if (error)
+                                return error;
+                        break;
+                default:
+                        return -EINVAL;
+                }
        }
+        return 0;
-out:
-        return error;
 }
 static short
author	J.Bruce Fields <bfields@fieldses.org>	2006-10-04 05:16:12 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-10-04 10:55:20 -0400
commit	b548edc2dd9440c561f3302cb9f212ef2d06a8ef (patch)
tree	4e6c2e3c1907747abd294bc1bbfcd6439cbfbd4c
parent	09229edb68a3961db54174a2725055bd1589b4b8 (diff)

diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c index f2f66b3da7ac..59fdd9c1d3ee 100644 --- a/fs/nfsd/nfs4acl.c +++ b/fs/nfsd/nfs4acl.c
@@ -63,6 +63,8 @@
63	#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \	63	#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \
64	\| NFS4_ACE_DIRECTORY_INHERIT_ACE \| NFS4_ACE_INHERIT_ONLY_ACE)	64	\| NFS4_ACE_DIRECTORY_INHERIT_ACE \| NFS4_ACE_INHERIT_ONLY_ACE)
65		65
		66	#define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS \| NFS4_ACE_IDENTIFIER_GROUP)
		67
66	#define MASK_EQUAL(mask1, mask2) \	68	#define MASK_EQUAL(mask1, mask2) \
67	( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) )	69	( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) )
68		70
@@ -721,22 +723,37 @@ nfs4_acl_split(struct nfs4_acl acl, struct nfs4_acl dacl)
721	ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE)	723	ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE)
722	return -EINVAL;	724	return -EINVAL;
723		725
724	if ((ace->flag & NFS4_INHERITANCE_FLAGS)	726	if (ace->flag & ~NFS4_SUPPORTED_FLAGS)
725	!= NFS4_INHERITANCE_FLAGS)	727	return -EINVAL;
726	continue;
727		728
728	error = nfs4_acl_add_ace(dacl, ace->type, ace->flag,	729	switch (ace->flag & NFS4_INHERITANCE_FLAGS) {
		730	case 0:
		731	/* Leave this ace in the effective acl: */
		732	continue;
		733	case NFS4_INHERITANCE_FLAGS:
		734	/* Add this ace to the default acl and remove it
		735	* from the effective acl: */
		736	error = nfs4_acl_add_ace(dacl, ace->type, ace->flag,
729	ace->access_mask, ace->whotype, ace->who);	737	ace->access_mask, ace->whotype, ace->who);
730	if (error < 0)	738	if (error)
731	goto out;	739	return error;
732		740	list_del(h);
733	list_del(h);	741	kfree(ace);
734	kfree(ace);	742	acl->naces--;
735	acl->naces--;	743	break;
		744	case NFS4_INHERITANCE_FLAGS & ~NFS4_ACE_INHERIT_ONLY_ACE:
		745	/* Add this ace to the default, but leave it in
		746	* the effective acl as well: */
		747	error = nfs4_acl_add_ace(dacl, ace->type, ace->flag,
		748	ace->access_mask, ace->whotype, ace->who);
		749	if (error)
		750	return error;
		751	break;
		752	default:
		753	return -EINVAL;
		754	}
736	}	755	}
737		756	return 0;
738	out:
739	return error;
740	}	757	}
741		758
742	static short	759	static short