提交 f43daf67 编写于 作者: J J. Bruce Fields 提交者: Linus Torvalds

[PATCH] knfsd: nfsd4: acls: don't return explicit mask

Return just the effective permissions, and forget about the mask.  It isn't
worth the complexity.

WARNING: This breaks backwards compatibility with overly-picky nfsv4->posix
acl translation, as may has been included in some patched versions of libacl.
To our knowledge no such version was every distributed by anyone outside citi.
Signed-off-by: NJ. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: NNeil Brown <neilb@suse.de>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 f34f9242
...@@ -180,7 +180,8 @@ _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, ...@@ -180,7 +180,8 @@ _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl,
unsigned int flags) unsigned int flags)
{ {
struct posix_acl_entry *pa, *pe, *group_owner_entry; struct posix_acl_entry *pa, *pe, *group_owner_entry;
u32 mask, mask_mask; u32 mask;
unsigned short mask_mask;
int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ? int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ?
NFS4_INHERITANCE_FLAGS : 0); NFS4_INHERITANCE_FLAGS : 0);
...@@ -188,9 +189,9 @@ _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, ...@@ -188,9 +189,9 @@ _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl,
pe = pacl->a_entries + pacl->a_count; pe = pacl->a_entries + pacl->a_count;
pa = pe - 2; /* if mask entry exists, it's second from the last. */ pa = pe - 2; /* if mask entry exists, it's second from the last. */
if (pa->e_tag == ACL_MASK) if (pa->e_tag == ACL_MASK)
mask_mask = deny_mask(mask_from_posix(pa->e_perm, flags), flags); mask_mask = pa->e_perm;
else else
mask_mask = 0; mask_mask = S_IRWXO;
pa = pacl->a_entries; pa = pacl->a_entries;
BUG_ON(pa->e_tag != ACL_USER_OBJ); BUG_ON(pa->e_tag != ACL_USER_OBJ);
...@@ -199,10 +200,7 @@ _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, ...@@ -199,10 +200,7 @@ _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl,
pa++; pa++;
while (pa->e_tag == ACL_USER) { while (pa->e_tag == ACL_USER) {
mask = mask_from_posix(pa->e_perm, flags); mask = mask_from_posix(pa->e_perm & mask_mask, flags);
nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE,
eflag, mask_mask, NFS4_ACL_WHO_NAMED, pa->e_id);
nfs4_acl_add_pair(acl, eflag, mask, nfs4_acl_add_pair(acl, eflag, mask,
NFS4_ACL_WHO_NAMED, pa->e_id, flags); NFS4_ACL_WHO_NAMED, pa->e_id, flags);
pa++; pa++;
...@@ -213,24 +211,15 @@ _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, ...@@ -213,24 +211,15 @@ _posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl,
/* allow ACEs */ /* allow ACEs */
if (pacl->a_count > 3) {
BUG_ON(pa->e_tag != ACL_GROUP_OBJ);
nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE,
NFS4_ACE_IDENTIFIER_GROUP | eflag, mask_mask,
NFS4_ACL_WHO_GROUP, 0);
}
group_owner_entry = pa; group_owner_entry = pa;
mask = mask_from_posix(pa->e_perm, flags); mask = mask_from_posix(pa->e_perm & mask_mask, flags);
nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE,
NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, NFS4_ACE_IDENTIFIER_GROUP | eflag, mask,
NFS4_ACL_WHO_GROUP, 0); NFS4_ACL_WHO_GROUP, 0);
pa++; pa++;
while (pa->e_tag == ACL_GROUP) { while (pa->e_tag == ACL_GROUP) {
mask = mask_from_posix(pa->e_perm, flags); mask = mask_from_posix(pa->e_perm & mask_mask, flags);
nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE,
NFS4_ACE_IDENTIFIER_GROUP | eflag, mask_mask,
NFS4_ACL_WHO_NAMED, pa->e_id);
nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, nfs4_acl_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE,
NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, NFS4_ACE_IDENTIFIER_GROUP | eflag, mask,
NFS4_ACL_WHO_NAMED, pa->e_id); NFS4_ACL_WHO_NAMED, pa->e_id);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册