[PATCH] knfsd: nfsd4: acls: fix inheritance
authorJ.Bruce Fields <bfields@fieldses.org>
Wed, 4 Oct 2006 09:16:12 +0000 (02:16 -0700)
committerLinus Torvalds <torvalds@g5.osdl.org>
Wed, 4 Oct 2006 14:55:20 +0000 (07:55 -0700)
We can be a little more flexible about the flags allowed for inheritance (in
particular, we can deal with either the presence or the absence of
INHERIT_ONLY), but we should probably reject other combinations that we don't
understand.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
fs/nfsd/nfs4acl.c

index f2f66b3da7ac1d3b9ff3ac505d84c407e0cba1c9..59fdd9c1d3ee2c74638e449eab212c77afdf2c8a 100644 (file)
@@ -63,6 +63,8 @@
 #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \
                | NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE)
 
+#define NFS4_SUPPORTED_FLAGS (NFS4_INHERITANCE_FLAGS | NFS4_ACE_IDENTIFIER_GROUP)
+
 #define MASK_EQUAL(mask1, mask2) \
        ( ((mask1) & NFS4_ACE_MASK_ALL) == ((mask2) & NFS4_ACE_MASK_ALL) )
 
@@ -721,22 +723,37 @@ nfs4_acl_split(struct nfs4_acl *acl, struct nfs4_acl *dacl)
                    ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE)
                        return -EINVAL;
 
-               if ((ace->flag & NFS4_INHERITANCE_FLAGS)
-                               != NFS4_INHERITANCE_FLAGS)
-                       continue;
+               if (ace->flag & ~NFS4_SUPPORTED_FLAGS)
+                       return -EINVAL;
 
-               error = nfs4_acl_add_ace(dacl, ace->type, ace->flag,
+               switch (ace->flag & NFS4_INHERITANCE_FLAGS) {
+               case 0:
+                       /* Leave this ace in the effective acl: */
+                       continue;
+               case NFS4_INHERITANCE_FLAGS:
+                       /* Add this ace to the default acl and remove it
+                        * from the effective acl: */
+                       error = nfs4_acl_add_ace(dacl, ace->type, ace->flag,
                                ace->access_mask, ace->whotype, ace->who);
-               if (error < 0)
-                       goto out;
-
-               list_del(h);
-               kfree(ace);
-               acl->naces--;
+                       if (error)
+                               return error;
+                       list_del(h);
+                       kfree(ace);
+                       acl->naces--;
+                       break;
+               case NFS4_INHERITANCE_FLAGS & ~NFS4_ACE_INHERIT_ONLY_ACE:
+                       /* Add this ace to the default, but leave it in
+                        * the effective acl as well: */
+                       error = nfs4_acl_add_ace(dacl, ace->type, ace->flag,
+                               ace->access_mask, ace->whotype, ace->who);
+                       if (error)
+                               return error;
+                       break;
+               default:
+                       return -EINVAL;
+               }
        }
-
-out:
-       return error;
+       return 0;
 }
 
 static short