[PATCH] knfsd: nfsd4: acls: fix inheritance
We can be a little more flexible about the flags allowed for inheritance (in particular, we can deal with either the presence or the absence of INHERIT_ONLY), but we should probably reject other combinations that we don't understand. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
J.Bruce Fields
committed by
Linus Torvalds
Linus Torvalds
parent
09229edb68
commit
b548edc2dd
@@ -63,6 +63,8 @@
|
|||||||
#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \
|
#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \
|
||||||
| NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE)
|
| NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE)
|
||||||
|
|
||||||
|
#define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS | NFS4_ACE_IDENTIFIER_GROUP)
|
||||||
|
|
||||||
#define MASK_EQUAL(mask1, mask2) \
|
#define MASK_EQUAL(mask1, mask2) \
|
||||||
( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) )
|
( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) )
|
||||||
|
|
||||||
@@ -721,22 +723,37 @@ nfs4_acl_split(struct nfs4_acl *acl, struct nfs4_acl *dacl)
|
|||||||
ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE)
|
ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if ((ace->flag & NFS4_INHERITANCE_FLAGS)
|
if (ace->flag & ~NFS4_SUPPORTED_FLAGS)
|
||||||
!= NFS4_INHERITANCE_FLAGS)
|
return -EINVAL;
|
||||||
|
|
||||||
|
switch (ace->flag & NFS4_INHERITANCE_FLAGS) {
|
||||||
|
case 0:
|
||||||
|
/* Leave this ace in the effective acl: */
|
||||||
continue;
|
continue;
|
||||||
|
case NFS4_INHERITANCE_FLAGS:
|
||||||
error = nfs4_acl_add_ace(dacl, ace->type, ace->flag,
|
/* Add this ace to the default acl and remove it
|
||||||
|
* from the effective acl: */
|
||||||
|
error = nfs4_acl_add_ace(dacl, ace->type, ace->flag,
|
||||||
ace->access_mask, ace->whotype, ace->who);
|
ace->access_mask, ace->whotype, ace->who);
|
||||||
if (error < 0)
|
if (error)
|
||||||
goto out;
|
return error;
|
||||||
|
list_del(h);
|
||||||
list_del(h);
|
kfree(ace);
|
||||||
kfree(ace);
|
acl->naces--;
|
||||||
acl->naces--;
|
break;
|
||||||
|
case NFS4_INHERITANCE_FLAGS & ~NFS4_ACE_INHERIT_ONLY_ACE:
|
||||||
|
/* Add this ace to the default, but leave it in
|
||||||
|
* the effective acl as well: */
|
||||||
|
error = nfs4_acl_add_ace(dacl, ace->type, ace->flag,
|
||||||
|
ace->access_mask, ace->whotype, ace->who);
|
||||||
|
if (error)
|
||||||
|
return error;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
return 0;
|
||||||
out:
|
|
||||||
return error;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static short
|
static short
|
||||||
|
|||||||
Reference in New Issue
Block a user