diff options
| author | J. Bruce Fields <bfields@snoopy.citi.umich.edu> | 2007-02-16 04:28:34 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-02-16 11:14:01 -0500 |
| commit | f43daf67871d9da5c638994416b4144eac63c992 (patch) | |
| tree | 6452a3c8e7b92a0e6d7c87d375e4c81d124756fb /fs/nfsd/nfs4acl.c | |
| parent | f34f924274ad8f84c6d86ea9e52b0682347f5701 (diff) | |
[PATCH] knfsd: nfsd4: acls: don't return explicit mask
Return just the effective permissions, and forget about the mask. It isn't
worth the complexity.
WARNING: This breaks backwards compatibility with overly-picky nfsv4->posix
acl translation, as may has been included in some patched versions of libacl.
To our knowledge no such version was every distributed by anyone outside citi.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/nfsd/nfs4acl.c')
| -rw-r--r-- | fs/nfsd/nfs4acl.c | 25 |
1 files changed, 7 insertions, 18 deletions
diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c index 2797051cd2b4..8daa3f8bb303 100644 --- a/fs/nfsd/nfs4acl.c +++ b/fs/nfsd/nfs4acl.c | |||
| @@ -180,7 +180,8 @@ _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, | |||
| 180 | unsigned int flags) | 180 | unsigned int flags) |
| 181 | { | 181 | { |
| 182 | struct posix_acl_entry *pa, *pe, *group_owner_entry; | 182 | struct posix_acl_entry *pa, *pe, *group_owner_entry; |
| 183 | u32 mask, mask_mask; | 183 | u32 mask; |
| 184 | unsigned short mask_mask; | ||
| 184 | int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ? | 185 | int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ? |
| 185 | NFS4_INHERITANCE_FLAGS : 0); | 186 | NFS4_INHERITANCE_FLAGS : 0); |
| 186 | 187 | ||
| @@ -188,9 +189,9 @@ _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, | |||
| 188 | pe = pacl->a_entries + pacl->a_count; | 189 | pe = pacl->a_entries + pacl->a_count; |
| 189 | pa = pe - 2; /* if mask entry exists, it's second from the last. */ | 190 | pa = pe - 2; /* if mask entry exists, it's second from the last. */ |
| 190 | if (pa->e_tag == ACL_MASK) | 191 | if (pa->e_tag == ACL_MASK) |
| 191 | mask_mask = deny_mask(mask_from_posix(pa->e_perm, flags), flags); | 192 | mask_mask = pa->e_perm; |
| 192 | else | 193 | else |
| 193 | mask_mask = 0; | 194 | mask_mask = S_IRWXO; |
| 194 | 195 | ||
| 195 | pa = pacl->a_entries; | 196 | pa = pacl->a_entries; |
| 196 | BUG_ON(pa->e_tag != ACL_USER_OBJ); | 197 | BUG_ON(pa->e_tag != ACL_USER_OBJ); |
| @@ -199,10 +200,7 @@ _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, | |||
| 199 | pa++; | 200 | pa++; |
| 200 | 201 | ||
| 201 | while (pa->e_tag == ACL_USER) { | 202 | while (pa->e_tag == ACL_USER) { |
| 202 | mask = mask_from_posix(pa->e_perm, flags); | 203 | mask = mask_from_posix(pa->e_perm & mask_mask, flags); |
| 203 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, | ||
| 204 | eflag, mask_mask, NFS4_ACL_WHO_NAMED, pa->e_id); | ||
| 205 | |||
| 206 | nfs4_acl_add_pair(acl, eflag, mask, | 204 | nfs4_acl_add_pair(acl, eflag, mask, |
| 207 | NFS4_ACL_WHO_NAMED, pa->e_id, flags); | 205 | NFS4_ACL_WHO_NAMED, pa->e_id, flags); |
| 208 | pa++; | 206 | pa++; |
| @@ -213,24 +211,15 @@ _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, | |||
| 213 | 211 | ||
| 214 | /* allow ACEs */ | 212 | /* allow ACEs */ |
| 215 | 213 | ||
| 216 | if (pacl->a_count > 3) { | ||
| 217 | BUG_ON(pa->e_tag != ACL_GROUP_OBJ); | ||
| 218 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, | ||
| 219 | NFS4_ACE_IDENTIFIER_GROUP | eflag, mask_mask, | ||
| 220 | NFS4_ACL_WHO_GROUP, 0); | ||
| 221 | } | ||
| 222 | group_owner_entry = pa; | 214 | group_owner_entry = pa; |
| 223 | mask = mask_from_posix(pa->e_perm, flags); | 215 | mask = mask_from_posix(pa->e_perm & mask_mask, flags); |
| 224 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, | 216 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, |
| 225 | NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, | 217 | NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, |
| 226 | NFS4_ACL_WHO_GROUP, 0); | 218 | NFS4_ACL_WHO_GROUP, 0); |
| 227 | pa++; | 219 | pa++; |
| 228 | 220 | ||
| 229 | while (pa->e_tag == ACL_GROUP) { | 221 | while (pa->e_tag == ACL_GROUP) { |
| 230 | mask = mask_from_posix(pa->e_perm, flags); | 222 | mask = mask_from_posix(pa->e_perm & mask_mask, flags); |
| 231 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, | ||
| 232 | NFS4_ACE_IDENTIFIER_GROUP | eflag, mask_mask, | ||
| 233 | NFS4_ACL_WHO_NAMED, pa->e_id); | ||
| 234 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, | 223 | nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, |
| 235 | NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, | 224 | NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, |
| 236 | NFS4_ACL_WHO_NAMED, pa->e_id); | 225 | NFS4_ACL_WHO_NAMED, pa->e_id); |