The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=f10dc28ec21db60cf1faa3c4b445c4065e760dba
commit f10dc28ec21db60cf1faa3c4b445c4065e760dba Author: Rick Macklem <[email protected]> AuthorDate: 2021-12-27 16:03:41 +0000 Commit: Rick Macklem <[email protected]> CommitDate: 2021-12-27 16:03:41 +0000 nfscommon: Return NFSERR_ATTRNOTSUPP for AUDIT/ALARM ACEs FreeBSD only supports Allow/Deny ACEs in NFSv4 ACLs. As such, it does not make sense to parse Audit/Alarm ACEs. Modify nfsrv_dissectace() so that it returns NFSERR_ATTRNOTSUPP if an Audit/Alarm ACE is found in the ACL being parsed. The code has been #ifdef notnow'd, since Audit/Alarm ACEs might be supported someday. This should not have significant impact, since FreeBSD reports to clients that only Allow/Deny ACEs are supported and an attempt to set one would have failed anyhow. MFC after: 2 weeks --- sys/fs/nfs/nfs_commonacl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/fs/nfs/nfs_commonacl.c b/sys/fs/nfs/nfs_commonacl.c index e3583b273db8..057efdfbc29c 100644 --- a/sys/fs/nfs/nfs_commonacl.c +++ b/sys/fs/nfs/nfs_commonacl.c @@ -158,10 +158,13 @@ nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep, acep->ae_entry_type = ACL_ENTRY_TYPE_ALLOW; else if (acetype == NFSV4ACE_DENIEDTYPE) acep->ae_entry_type = ACL_ENTRY_TYPE_DENY; +#ifdef notnow + /* FreeBSD does not support Audit/Alarm ACEs at this time. */ else if (acetype == NFSV4ACE_AUDITTYPE) acep->ae_entry_type = ACL_ENTRY_TYPE_AUDIT; else if (acetype == NFSV4ACE_ALARMTYPE) acep->ae_entry_type = ACL_ENTRY_TYPE_ALARM; +#endif else aceerr = NFSERR_ATTRNOTSUPP; }
