diff options
author | J.Bruce Fields <bfields@fieldses.org> | 2006-10-04 05:16:12 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-10-04 10:55:20 -0400 |
commit | b548edc2dd9440c561f3302cb9f212ef2d06a8ef (patch) | |
tree | 4e6c2e3c1907747abd294bc1bbfcd6439cbfbd4c /fs/nfsd | |
parent | 09229edb68a3961db54174a2725055bd1589b4b8 (diff) |
[PATCH] knfsd: nfsd4: acls: fix inheritance
We can be a little more flexible about the flags allowed for inheritance (in
particular, we can deal with either the presence or the absence of
INHERIT_ONLY), but we should probably reject other combinations that we don't
understand.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/nfsd')
-rw-r--r-- | fs/nfsd/nfs4acl.c | 43 |
1 files changed, 30 insertions, 13 deletions
diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c index f2f66b3da7ac..59fdd9c1d3ee 100644 --- a/fs/nfsd/nfs4acl.c +++ b/fs/nfsd/nfs4acl.c | |||
@@ -63,6 +63,8 @@ | |||
63 | #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ | 63 | #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ |
64 | | NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE) | 64 | | NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE) |
65 | 65 | ||
66 | #define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS | NFS4_ACE_IDENTIFIER_GROUP) | ||
67 | |||
66 | #define MASK_EQUAL(mask1, mask2) \ | 68 | #define MASK_EQUAL(mask1, mask2) \ |
67 | ( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) ) | 69 | ( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) ) |
68 | 70 | ||
@@ -721,22 +723,37 @@ nfs4_acl_split(struct nfs4_acl *acl, struct nfs4_acl *dacl) | |||
721 | ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) | 723 | ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) |
722 | return -EINVAL; | 724 | return -EINVAL; |
723 | 725 | ||
724 | if ((ace->flag & NFS4_INHERITANCE_FLAGS) | 726 | if (ace->flag & ~NFS4_SUPPORTED_FLAGS) |
725 | != NFS4_INHERITANCE_FLAGS) | 727 | return -EINVAL; |
726 | continue; | ||
727 | 728 | ||
728 | error = nfs4_acl_add_ace(dacl, ace->type, ace->flag, | 729 | switch (ace->flag & NFS4_INHERITANCE_FLAGS) { |
730 | case 0: | ||
731 | /* Leave this ace in the effective acl: */ | ||
732 | continue; | ||
733 | case NFS4_INHERITANCE_FLAGS: | ||
734 | /* Add this ace to the default acl and remove it | ||
735 | * from the effective acl: */ | ||
736 | error = nfs4_acl_add_ace(dacl, ace->type, ace->flag, | ||
729 | ace->access_mask, ace->whotype, ace->who); | 737 | ace->access_mask, ace->whotype, ace->who); |
730 | if (error < 0) | 738 | if (error) |
731 | goto out; | 739 | return error; |
732 | 740 | list_del(h); | |
733 | list_del(h); | 741 | kfree(ace); |
734 | kfree(ace); | 742 | acl->naces--; |
735 | acl->naces--; | 743 | break; |
744 | case NFS4_INHERITANCE_FLAGS & ~NFS4_ACE_INHERIT_ONLY_ACE: | ||
745 | /* Add this ace to the default, but leave it in | ||
746 | * the effective acl as well: */ | ||
747 | error = nfs4_acl_add_ace(dacl, ace->type, ace->flag, | ||
748 | ace->access_mask, ace->whotype, ace->who); | ||
749 | if (error) | ||
750 | return error; | ||
751 | break; | ||
752 | default: | ||
753 | return -EINVAL; | ||
754 | } | ||
736 | } | 755 | } |
737 | 756 | return 0; | |
738 | out: | ||
739 | return error; | ||
740 | } | 757 | } |
741 | 758 | ||
742 | static short | 759 | static short |