nfscommon: Add arguments for support of the dacl attribute
NFSv4.1/4.2 has an alternative to the acl attribute, called dacl, that includes support for the ACL_ENTRY_INHERITED flag, called NFSV4ACE_INHERITED in NFSv4. This patch adds a dacl argument to nfsrv_buildacl(), nfsrv_dissectacl() and nfsrv_dissectace(), so that they will handle NFSV4ACE_INHERITED when dacl == true. Since these functions are always called with dacl == false for this patch, semantics should not have changed. A future patch will add support for dacl. MFC after: 2 weeks
This commit is contained in:
parent
2f1a46d12b
commit
0fa074b53e
@ -42,7 +42,7 @@ static int nfsrv_acemasktoperm(u_int32_t acetype, u_int32_t mask, int owner,
|
||||
*/
|
||||
int
|
||||
nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep,
|
||||
int *aceerrp, int *acesizep, NFSPROC_T *p)
|
||||
bool dacl, int *aceerrp, int *acesizep, NFSPROC_T *p)
|
||||
{
|
||||
u_int32_t *tl;
|
||||
int len, gotid = 0, owner = 0, error = 0, aceerr = 0;
|
||||
@ -147,6 +147,10 @@ nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep,
|
||||
flag &= ~NFSV4ACE_FAILEDACCESS;
|
||||
acep->ae_flags |= ACL_ENTRY_FAILED_ACCESS;
|
||||
}
|
||||
if (dacl && (flag & NFSV4ACE_INHERITED)) {
|
||||
flag &= ~NFSV4ACE_INHERITED;
|
||||
acep->ae_flags |= ACL_ENTRY_INHERITED;
|
||||
}
|
||||
/*
|
||||
* Set ae_entry_type.
|
||||
*/
|
||||
@ -278,14 +282,14 @@ nfsrv_acemasktoperm(u_int32_t acetype, u_int32_t mask, int owner,
|
||||
|
||||
/* local functions */
|
||||
static int nfsrv_buildace(struct nfsrv_descript *, u_char *, int,
|
||||
enum vtype, int, int, struct acl_entry *);
|
||||
enum vtype, int, int, bool, struct acl_entry *);
|
||||
|
||||
/*
|
||||
* This function builds an NFS ace.
|
||||
*/
|
||||
static int
|
||||
nfsrv_buildace(struct nfsrv_descript *nd, u_char *name, int namelen,
|
||||
enum vtype type, int group, int owner, struct acl_entry *ace)
|
||||
enum vtype type, int group, int owner, bool dacl, struct acl_entry *ace)
|
||||
{
|
||||
u_int32_t *tl, aceflag = 0x0, acemask = 0x0, acetype;
|
||||
int full_len;
|
||||
@ -321,6 +325,8 @@ nfsrv_buildace(struct nfsrv_descript *nd, u_char *name, int namelen,
|
||||
aceflag |= NFSV4ACE_SUCCESSFULACCESS;
|
||||
if (ace->ae_flags & ACL_ENTRY_FAILED_ACCESS)
|
||||
aceflag |= NFSV4ACE_FAILEDACCESS;
|
||||
if (dacl && (ace->ae_flags & ACL_ENTRY_INHERITED))
|
||||
aceflag |= NFSV4ACE_INHERITED;
|
||||
if (group)
|
||||
aceflag |= NFSV4ACE_IDENTIFIERGROUP;
|
||||
*tl++ = txdr_unsigned(aceflag);
|
||||
@ -394,7 +400,7 @@ nfsrv_buildace(struct nfsrv_descript *nd, u_char *name, int namelen,
|
||||
*/
|
||||
int
|
||||
nfsrv_buildacl(struct nfsrv_descript *nd, NFSACL_T *aclp, enum vtype type,
|
||||
NFSPROC_T *p)
|
||||
bool dacl, NFSPROC_T *p)
|
||||
{
|
||||
int i, entrycnt = 0, retlen;
|
||||
u_int32_t *entrycntp;
|
||||
@ -442,7 +448,7 @@ nfsrv_buildacl(struct nfsrv_descript *nd, NFSACL_T *aclp, enum vtype type,
|
||||
continue;
|
||||
}
|
||||
retlen += nfsrv_buildace(nd, name, namelen, type, isgroup,
|
||||
isowner, &aclp->acl_entry[i]);
|
||||
isowner, dacl, &aclp->acl_entry[i]);
|
||||
entrycnt++;
|
||||
if (malloced)
|
||||
free(name, M_NFSSTRING);
|
||||
|
@ -1091,8 +1091,8 @@ nfsm_getfh(struct nfsrv_descript *nd, struct nfsfh **nfhpp)
|
||||
* If the aclp == NULL or won't fit in an acl, just discard the acl info.
|
||||
*/
|
||||
int
|
||||
nfsrv_dissectacl(struct nfsrv_descript *nd, NFSACL_T *aclp, int *aclerrp,
|
||||
int *aclsizep, __unused NFSPROC_T *p)
|
||||
nfsrv_dissectacl(struct nfsrv_descript *nd, NFSACL_T *aclp, bool dacl,
|
||||
int *aclerrp, int *aclsizep, __unused NFSPROC_T *p)
|
||||
{
|
||||
u_int32_t *tl;
|
||||
int i, aclsize;
|
||||
@ -1123,7 +1123,7 @@ nfsrv_dissectacl(struct nfsrv_descript *nd, NFSACL_T *aclp, int *aclerrp,
|
||||
for (i = 0; i < acecnt; i++) {
|
||||
if (aclp && !aceerr)
|
||||
error = nfsrv_dissectace(nd, &aclp->acl_entry[i],
|
||||
&aceerr, &acesize, p);
|
||||
dacl, &aceerr, &acesize, p);
|
||||
else
|
||||
error = nfsrv_skipace(nd, &acesize);
|
||||
if (error)
|
||||
@ -1488,8 +1488,8 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp,
|
||||
NFSACL_T *naclp;
|
||||
|
||||
naclp = acl_alloc(M_WAITOK);
|
||||
error = nfsrv_dissectacl(nd, naclp, &aceerr,
|
||||
&cnt, p);
|
||||
error = nfsrv_dissectacl(nd, naclp, false,
|
||||
&aceerr, &cnt, p);
|
||||
if (error) {
|
||||
acl_free(naclp);
|
||||
goto nfsmout;
|
||||
@ -1499,8 +1499,8 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp,
|
||||
*retcmpp = NFSERR_NOTSAME;
|
||||
acl_free(naclp);
|
||||
} else {
|
||||
error = nfsrv_dissectacl(nd, NULL, &aceerr,
|
||||
&cnt, p);
|
||||
error = nfsrv_dissectacl(nd, NULL, false,
|
||||
&aceerr, &cnt, p);
|
||||
if (error)
|
||||
goto nfsmout;
|
||||
*retcmpp = NFSERR_ATTRNOTSUPP;
|
||||
@ -1508,11 +1508,11 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp,
|
||||
}
|
||||
} else {
|
||||
if (vp != NULL && aclp != NULL)
|
||||
error = nfsrv_dissectacl(nd, aclp, &aceerr,
|
||||
&cnt, p);
|
||||
error = nfsrv_dissectacl(nd, aclp, false,
|
||||
&aceerr, &cnt, p);
|
||||
else
|
||||
error = nfsrv_dissectacl(nd, NULL, &aceerr,
|
||||
&cnt, p);
|
||||
error = nfsrv_dissectacl(nd, NULL, false,
|
||||
&aceerr, &cnt, p);
|
||||
if (error)
|
||||
goto nfsmout;
|
||||
}
|
||||
@ -2691,7 +2691,8 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount *mp, vnode_t vp,
|
||||
* Recommended Attributes. (Only the supported ones.)
|
||||
*/
|
||||
case NFSATTRBIT_ACL:
|
||||
retnum += nfsrv_buildacl(nd, aclp, vnode_vtype(vp), p);
|
||||
retnum += nfsrv_buildacl(nd, aclp, vnode_vtype(vp),
|
||||
false, p);
|
||||
break;
|
||||
case NFSATTRBIT_ACLSUPPORT:
|
||||
NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
|
||||
|
@ -331,7 +331,7 @@ int nfsm_advance(struct nfsrv_descript *, int, int);
|
||||
void *nfsm_dissct(struct nfsrv_descript *, int, int);
|
||||
void newnfs_copycred(struct nfscred *, struct ucred *);
|
||||
void newnfs_copyincred(struct ucred *, struct nfscred *);
|
||||
int nfsrv_dissectacl(struct nfsrv_descript *, NFSACL_T *, int *,
|
||||
int nfsrv_dissectacl(struct nfsrv_descript *, NFSACL_T *, bool, int *,
|
||||
int *, NFSPROC_T *);
|
||||
int nfsrv_getattrbits(struct nfsrv_descript *, nfsattrbit_t *, int *,
|
||||
int *);
|
||||
@ -436,9 +436,9 @@ int nfs_supportsnfsv4acls(vnode_t);
|
||||
|
||||
/* nfs_commonacl.c */
|
||||
int nfsrv_dissectace(struct nfsrv_descript *, struct acl_entry *,
|
||||
int *, int *, NFSPROC_T *);
|
||||
bool, int *, int *, NFSPROC_T *);
|
||||
int nfsrv_buildacl(struct nfsrv_descript *, NFSACL_T *, enum vtype,
|
||||
NFSPROC_T *);
|
||||
bool, NFSPROC_T *);
|
||||
int nfsrv_compareacl(NFSACL_T *, NFSACL_T *);
|
||||
|
||||
/* nfs_clrpcops.c */
|
||||
|
@ -508,6 +508,7 @@
|
||||
#define NFSV4ACE_SUCCESSFULACCESS 0x00000010
|
||||
#define NFSV4ACE_FAILEDACCESS 0x00000020
|
||||
#define NFSV4ACE_IDENTIFIERGROUP 0x00000040
|
||||
#define NFSV4ACE_INHERITED 0x00000080
|
||||
|
||||
#define NFSV4ACE_READDATA 0x00000001
|
||||
#define NFSV4ACE_LISTDIRECTORY 0x00000001
|
||||
|
@ -621,8 +621,8 @@ nfsrpc_openrpc(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp, int fhlen,
|
||||
}
|
||||
if (ret)
|
||||
ndp->nfsdl_flags |= NFSCLDL_RECALL;
|
||||
error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, &ret,
|
||||
&acesize, p);
|
||||
error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, false,
|
||||
&ret, &acesize, p);
|
||||
if (error)
|
||||
goto nfsmout;
|
||||
} else if (deleg != NFSV4OPEN_DELEGATENONE) {
|
||||
@ -2567,8 +2567,8 @@ nfsrpc_createv4(vnode_t dvp, char *name, int namelen, struct vattr *vap,
|
||||
}
|
||||
if (ret)
|
||||
dp->nfsdl_flags |= NFSCLDL_RECALL;
|
||||
error = nfsrv_dissectace(nd, &dp->nfsdl_ace, &ret,
|
||||
&acesize, p);
|
||||
error = nfsrv_dissectace(nd, &dp->nfsdl_ace, false,
|
||||
&ret, &acesize, p);
|
||||
if (error)
|
||||
goto nfsmout;
|
||||
} else if (deleg != NFSV4OPEN_DELEGATENONE) {
|
||||
@ -8005,8 +8005,8 @@ nfsrpc_openlayoutrpc(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp,
|
||||
ndp->nfsdl_flags = NFSCLDL_READ;
|
||||
if (ret != 0)
|
||||
ndp->nfsdl_flags |= NFSCLDL_RECALL;
|
||||
error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, &ret,
|
||||
&acesize, p);
|
||||
error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, false,
|
||||
&ret, &acesize, p);
|
||||
if (error != 0)
|
||||
goto nfsmout;
|
||||
} else if (deleg != NFSV4OPEN_DELEGATENONE) {
|
||||
@ -8216,8 +8216,8 @@ nfsrpc_createlayout(vnode_t dvp, char *name, int namelen, struct vattr *vap,
|
||||
}
|
||||
if (ret != 0)
|
||||
dp->nfsdl_flags |= NFSCLDL_RECALL;
|
||||
error = nfsrv_dissectace(nd, &dp->nfsdl_ace, &ret,
|
||||
&acesize, p);
|
||||
error = nfsrv_dissectace(nd, &dp->nfsdl_ace, false,
|
||||
&ret, &acesize, p);
|
||||
if (error != 0)
|
||||
goto nfsmout;
|
||||
} else if (deleg != NFSV4OPEN_DELEGATENONE) {
|
||||
|
@ -2991,8 +2991,8 @@ nfsv4_sattr(struct nfsrv_descript *nd, vnode_t vp, struct nfsvattr *nvap,
|
||||
attrsum += NFSX_HYPER;
|
||||
break;
|
||||
case NFSATTRBIT_ACL:
|
||||
error = nfsrv_dissectacl(nd, aclp, &aceerr, &aclsize,
|
||||
p);
|
||||
error = nfsrv_dissectacl(nd, aclp, false, &aceerr,
|
||||
&aclsize, p);
|
||||
if (error)
|
||||
goto nfsmout;
|
||||
if (aceerr && !nd->nd_repstat)
|
||||
|
Loading…
Reference in New Issue
Block a user