git: 0fa074b53e7c - main - nfscommon: Add arguments for support of the dacl attribute

Rick Macklem Sun, 26 Dec 2021 16:47:38 -0800

The branch main has been updated by rmacklem:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=0fa074b53e7c22157dcb41aaa25a33abc8118f26


commit 0fa074b53e7c22157dcb41aaa25a33abc8118f26
Author:     Rick Macklem <[email protected]>
AuthorDate: 2021-12-27 00:37:02 +0000
Commit:     Rick Macklem <[email protected]>
CommitDate: 2021-12-27 00:43:46 +0000

    nfscommon: Add arguments for support of the dacl attribute
    
    NFSv4.1/4.2 has an alternative to the acl attribute, called
    dacl, that includes support for the ACL_ENTRY_INHERITED flag,
    called NFSV4ACE_INHERITED in NFSv4.
    
    This patch adds a dacl argument to nfsrv_buildacl(),
    nfsrv_dissectacl() and nfsrv_dissectace(), so that they
    will handle NFSV4ACE_INHERITED when dacl == true.
    
    Since these functions are always called with dacl == false
    for this patch, semantics should not have changed.
    A future patch will add support for dacl.
    
    MFC after:      2 weeks
---
 sys/fs/nfs/nfs_commonacl.c      | 16 +++++++++++-----
 sys/fs/nfs/nfs_commonsubs.c     | 25 +++++++++++++------------
 sys/fs/nfs/nfs_var.h            |  6 +++---
 sys/fs/nfs/nfsproto.h           |  1 +
 sys/fs/nfsclient/nfs_clrpcops.c | 16 ++++++++--------
 sys/fs/nfsserver/nfs_nfsdport.c |  4 ++--
 6 files changed, 38 insertions(+), 30 deletions(-)

diff --git a/sys/fs/nfs/nfs_commonacl.c b/sys/fs/nfs/nfs_commonacl.c
index 19492675e731..e3583b273db8 100644
--- a/sys/fs/nfs/nfs_commonacl.c
+++ b/sys/fs/nfs/nfs_commonacl.c
@@ -42,7 +42,7 @@ static int nfsrv_acemasktoperm(u_int32_t acetype, u_int32_t 
mask, int owner,
  */
 int
 nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep,
-    int *aceerrp, int *acesizep, NFSPROC_T *p)
+    bool dacl, int *aceerrp, int *acesizep, NFSPROC_T *p)
 {
        u_int32_t *tl;
        int len, gotid = 0, owner = 0, error = 0, aceerr = 0;
@@ -147,6 +147,10 @@ nfsrv_dissectace(struct nfsrv_descript *nd, struct 
acl_entry *acep,
                        flag &= ~NFSV4ACE_FAILEDACCESS;
                        acep->ae_flags |= ACL_ENTRY_FAILED_ACCESS;
                }
+               if (dacl && (flag & NFSV4ACE_INHERITED)) {
+                       flag &= ~NFSV4ACE_INHERITED;
+                       acep->ae_flags |= ACL_ENTRY_INHERITED;
+               }
                /*
                 * Set ae_entry_type.
                 */
@@ -278,14 +282,14 @@ out:
 
 /* local functions */
 static int nfsrv_buildace(struct nfsrv_descript *, u_char *, int,
-    enum vtype, int, int, struct acl_entry *);
+    enum vtype, int, int, bool, struct acl_entry *);
 
 /*
  * This function builds an NFS ace.
  */
 static int
 nfsrv_buildace(struct nfsrv_descript *nd, u_char *name, int namelen,
-    enum vtype type, int group, int owner, struct acl_entry *ace)
+    enum vtype type, int group, int owner, bool dacl, struct acl_entry *ace)
 {
        u_int32_t *tl, aceflag = 0x0, acemask = 0x0, acetype;
        int full_len;
@@ -321,6 +325,8 @@ nfsrv_buildace(struct nfsrv_descript *nd, u_char *name, int 
namelen,
                aceflag |= NFSV4ACE_SUCCESSFULACCESS;
        if (ace->ae_flags & ACL_ENTRY_FAILED_ACCESS)
                aceflag |= NFSV4ACE_FAILEDACCESS;
+       if (dacl && (ace->ae_flags & ACL_ENTRY_INHERITED))
+               aceflag |= NFSV4ACE_INHERITED;
        if (group)
                aceflag |= NFSV4ACE_IDENTIFIERGROUP;
        *tl++ = txdr_unsigned(aceflag);
@@ -394,7 +400,7 @@ nfsrv_buildace(struct nfsrv_descript *nd, u_char *name, int 
namelen,
  */
 int
 nfsrv_buildacl(struct nfsrv_descript *nd, NFSACL_T *aclp, enum vtype type,
-    NFSPROC_T *p)
+    bool dacl, NFSPROC_T *p)
 {
        int i, entrycnt = 0, retlen;
        u_int32_t *entrycntp;
@@ -442,7 +448,7 @@ nfsrv_buildacl(struct nfsrv_descript *nd, NFSACL_T *aclp, 
enum vtype type,
                        continue;
                }
                retlen += nfsrv_buildace(nd, name, namelen, type, isgroup,
-                   isowner, &aclp->acl_entry[i]);
+                   isowner, dacl, &aclp->acl_entry[i]);
                entrycnt++;
                if (malloced)
                        free(name, M_NFSSTRING);
diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c
index e61327075a87..d2124d1f3c0a 100644
--- a/sys/fs/nfs/nfs_commonsubs.c
+++ b/sys/fs/nfs/nfs_commonsubs.c
@@ -1091,8 +1091,8 @@ nfsmout:
  * If the aclp == NULL or won't fit in an acl, just discard the acl info.
  */
 int
-nfsrv_dissectacl(struct nfsrv_descript *nd, NFSACL_T *aclp, int *aclerrp,
-    int *aclsizep, __unused NFSPROC_T *p)
+nfsrv_dissectacl(struct nfsrv_descript *nd, NFSACL_T *aclp, bool dacl,
+    int *aclerrp, int *aclsizep, __unused NFSPROC_T *p)
 {
        u_int32_t *tl;
        int i, aclsize;
@@ -1123,7 +1123,7 @@ nfsrv_dissectacl(struct nfsrv_descript *nd, NFSACL_T 
*aclp, int *aclerrp,
        for (i = 0; i < acecnt; i++) {
                if (aclp && !aceerr)
                        error = nfsrv_dissectace(nd, &aclp->acl_entry[i],
-                           &aceerr, &acesize, p);
+                           dacl, &aceerr, &acesize, p);
                else
                        error = nfsrv_skipace(nd, &acesize);
                if (error)
@@ -1488,8 +1488,8 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp,
                                NFSACL_T *naclp;
 
                                naclp = acl_alloc(M_WAITOK);
-                               error = nfsrv_dissectacl(nd, naclp, &aceerr,
-                                   &cnt, p);
+                               error = nfsrv_dissectacl(nd, naclp, false,
+                                   &aceerr, &cnt, p);
                                if (error) {
                                    acl_free(naclp);
                                    goto nfsmout;
@@ -1499,8 +1499,8 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp,
                                    *retcmpp = NFSERR_NOTSAME;
                                acl_free(naclp);
                            } else {
-                               error = nfsrv_dissectacl(nd, NULL, &aceerr,
-                                   &cnt, p);
+                               error = nfsrv_dissectacl(nd, NULL, false,
+                                   &aceerr, &cnt, p);
                                if (error)
                                    goto nfsmout;
                                *retcmpp = NFSERR_ATTRNOTSUPP;
@@ -1508,11 +1508,11 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp,
                          }
                        } else {
                                if (vp != NULL && aclp != NULL)
-                                   error = nfsrv_dissectacl(nd, aclp, &aceerr,
-                                       &cnt, p);
+                                   error = nfsrv_dissectacl(nd, aclp, false,
+                                       &aceerr, &cnt, p);
                                else
-                                   error = nfsrv_dissectacl(nd, NULL, &aceerr,
-                                       &cnt, p);
+                                   error = nfsrv_dissectacl(nd, NULL, false,
+                                       &aceerr, &cnt, p);
                                if (error)
                                    goto nfsmout;
                        }
@@ -2691,7 +2691,8 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount 
*mp, vnode_t vp,
                 * Recommended Attributes. (Only the supported ones.)
                 */
                case NFSATTRBIT_ACL:
-                       retnum += nfsrv_buildacl(nd, aclp, vnode_vtype(vp), p);
+                       retnum += nfsrv_buildacl(nd, aclp, vnode_vtype(vp),
+                           false, p);
                        break;
                case NFSATTRBIT_ACLSUPPORT:
                        NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
diff --git a/sys/fs/nfs/nfs_var.h b/sys/fs/nfs/nfs_var.h
index 8fbf72345167..b2a44e6e16f2 100644
--- a/sys/fs/nfs/nfs_var.h
+++ b/sys/fs/nfs/nfs_var.h
@@ -331,7 +331,7 @@ int nfsm_advance(struct nfsrv_descript *, int, int);
 void *nfsm_dissct(struct nfsrv_descript *, int, int);
 void newnfs_copycred(struct nfscred *, struct ucred *);
 void newnfs_copyincred(struct ucred *, struct nfscred *);
-int nfsrv_dissectacl(struct nfsrv_descript *, NFSACL_T *, int *,
+int nfsrv_dissectacl(struct nfsrv_descript *, NFSACL_T *, bool, int *,
     int *, NFSPROC_T *);
 int nfsrv_getattrbits(struct nfsrv_descript *, nfsattrbit_t *, int *,
     int *);
@@ -436,9 +436,9 @@ int nfs_supportsnfsv4acls(vnode_t);
 
 /* nfs_commonacl.c */
 int nfsrv_dissectace(struct nfsrv_descript *, struct acl_entry *,
-    int *, int *, NFSPROC_T *);
+    bool, int *, int *, NFSPROC_T *);
 int nfsrv_buildacl(struct nfsrv_descript *, NFSACL_T *, enum vtype,
-    NFSPROC_T *);
+    bool, NFSPROC_T *);
 int nfsrv_compareacl(NFSACL_T *, NFSACL_T *);
 
 /* nfs_clrpcops.c */
diff --git a/sys/fs/nfs/nfsproto.h b/sys/fs/nfs/nfsproto.h
index 968cc6a41cc3..b1b624e824c2 100644
--- a/sys/fs/nfs/nfsproto.h
+++ b/sys/fs/nfs/nfsproto.h
@@ -508,6 +508,7 @@
 #define        NFSV4ACE_SUCCESSFULACCESS       0x00000010
 #define        NFSV4ACE_FAILEDACCESS           0x00000020
 #define        NFSV4ACE_IDENTIFIERGROUP        0x00000040
+#define        NFSV4ACE_INHERITED              0x00000080
 
 #define        NFSV4ACE_READDATA               0x00000001
 #define        NFSV4ACE_LISTDIRECTORY          0x00000001
diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c
index e7558b85a46f..8886ccc8429e 100644
--- a/sys/fs/nfsclient/nfs_clrpcops.c
+++ b/sys/fs/nfsclient/nfs_clrpcops.c
@@ -621,8 +621,8 @@ nfsrpc_openrpc(struct nfsmount *nmp, vnode_t vp, u_int8_t 
*nfhp, int fhlen,
                        }
                        if (ret)
                                ndp->nfsdl_flags |= NFSCLDL_RECALL;
-                       error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, &ret,
-                           &acesize, p);
+                       error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, false,
+                           &ret, &acesize, p);
                        if (error)
                                goto nfsmout;
                } else if (deleg != NFSV4OPEN_DELEGATENONE) {
@@ -2567,8 +2567,8 @@ nfsrpc_createv4(vnode_t dvp, char *name, int namelen, 
struct vattr *vap,
                        }
                        if (ret)
                                dp->nfsdl_flags |= NFSCLDL_RECALL;
-                       error = nfsrv_dissectace(nd, &dp->nfsdl_ace, &ret,
-                           &acesize, p);
+                       error = nfsrv_dissectace(nd, &dp->nfsdl_ace, false,
+                           &ret, &acesize, p);
                        if (error)
                                goto nfsmout;
                } else if (deleg != NFSV4OPEN_DELEGATENONE) {
@@ -8005,8 +8005,8 @@ nfsrpc_openlayoutrpc(struct nfsmount *nmp, vnode_t vp, 
u_int8_t *nfhp,
                                ndp->nfsdl_flags = NFSCLDL_READ;
                        if (ret != 0)
                                ndp->nfsdl_flags |= NFSCLDL_RECALL;
-                       error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, &ret,
-                           &acesize, p);
+                       error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, false,
+                           &ret, &acesize, p);
                        if (error != 0)
                                goto nfsmout;
                } else if (deleg != NFSV4OPEN_DELEGATENONE) {
@@ -8216,8 +8216,8 @@ nfsrpc_createlayout(vnode_t dvp, char *name, int namelen, 
struct vattr *vap,
                        }
                        if (ret != 0)
                                dp->nfsdl_flags |= NFSCLDL_RECALL;
-                       error = nfsrv_dissectace(nd, &dp->nfsdl_ace, &ret,
-                           &acesize, p);
+                       error = nfsrv_dissectace(nd, &dp->nfsdl_ace, false,
+                           &ret, &acesize, p);
                        if (error != 0)
                                goto nfsmout;
                } else if (deleg != NFSV4OPEN_DELEGATENONE) {
diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index 943523d2da14..50d679397f7b 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -2991,8 +2991,8 @@ nfsv4_sattr(struct nfsrv_descript *nd, vnode_t vp, struct 
nfsvattr *nvap,
                        attrsum += NFSX_HYPER;
                        break;
                case NFSATTRBIT_ACL:
-                       error = nfsrv_dissectacl(nd, aclp, &aceerr, &aclsize,
-                           p);
+                       error = nfsrv_dissectacl(nd, aclp, false, &aceerr,
+                           &aclsize, p);
                        if (error)
                                goto nfsmout;
                        if (aceerr && !nd->nd_repstat)

git: 0fa074b53e7c - main - nfscommon: Add arguments for support of the dacl attribute

Reply via email to