From: NeilBrown <neilb@suse.de>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: nfs@lists.sourceforge.net, linux-kernel@vger.kernel.org
Subject: [PATCH 009 of 9] knfsd: nfsd4: fix handling of directories without default ACLs
Date: Tue, 13 Feb 2007 10:45:07 +1100 [thread overview]
Message-ID: <1070212234507.29358@suse.de> (raw)
In-Reply-To: 20070213103941.28958.patches@notabene
From: J. Bruce Fields <bfields@citi.umich.edu>
When setting an ACL that lacks inheritable ACEs on a directory, we
should set a default ACL of zero length, not a default ACL with all bits
denied.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
### Diffstat output
./fs/nfsd/nfs4acl.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff .prev/fs/nfsd/nfs4acl.c ./fs/nfsd/nfs4acl.c
--- .prev/fs/nfsd/nfs4acl.c 2007-02-13 10:38:09.000000000 +1100
+++ ./fs/nfsd/nfs4acl.c 2007-02-13 10:38:26.000000000 +1100
@@ -416,6 +416,7 @@ struct posix_ace_state_array {
* calculated so far: */
struct posix_acl_state {
+ int empty;
struct posix_ace_state owner;
struct posix_ace_state group;
struct posix_ace_state other;
@@ -431,6 +432,7 @@ init_state(struct posix_acl_state *state
int alloc;
memset(state, 0, sizeof(struct posix_acl_state));
+ state->empty = 1;
/*
* In the worst case, each individual acl could be for a distinct
* named user or group, but we don't no which, so we allocate
@@ -498,6 +500,20 @@ posix_state_to_acl(struct posix_acl_stat
int nace;
int i, error = 0;
+ /*
+ * ACLs with no ACEs are treated differently in the inheritable
+ * and effective cases: when there are no inheritable ACEs, we
+ * set a zero-length default posix acl:
+ */
+ if (state->empty && (flags & NFS4_ACL_TYPE_DEFAULT)) {
+ pacl = posix_acl_alloc(0, GFP_KERNEL);
+ return pacl ? pacl : ERR_PTR(-ENOMEM);
+ }
+ /*
+ * When there are no effective ACEs, the following will end
+ * up setting a 3-element effective posix ACL with all
+ * permissions zero.
+ */
nace = 4 + state->users->n + state->groups->n;
pacl = posix_acl_alloc(nace, GFP_KERNEL);
if (!pacl)
@@ -613,6 +629,8 @@ static void process_one_v4_ace(struct po
u32 mask = ace->access_mask;
int i;
+ state->empty = 0;
+
switch (ace2type(ace)) {
case ACL_USER_OBJ:
if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
@@ -717,7 +735,8 @@ int nfs4_acl_nfsv4_to_posix(struct nfs4_
ret = PTR_ERR(*pacl);
goto out_dstate;
}
- *dpacl = posix_state_to_acl(&default_acl_state, flags);
+ *dpacl = posix_state_to_acl(&default_acl_state,
+ flags | NFS4_ACL_TYPE_DEFAULT);
if (IS_ERR(*dpacl)) {
ret = PTR_ERR(*dpacl);
posix_acl_release(*pacl);
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
WARNING: multiple messages have this Message-ID (diff)
From: NeilBrown <neilb@suse.de>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: nfs@lists.sourceforge.net, linux-kernel@vger.kernel.org
Subject: [PATCH 009 of 9] knfsd: nfsd4: fix handling of directories without default ACLs
Date: Tue, 13 Feb 2007 10:45:07 +1100 [thread overview]
Message-ID: <1070212234507.29358@suse.de> (raw)
In-Reply-To: 20070213103941.28958.patches@notabene
From: J. Bruce Fields <bfields@citi.umich.edu>
When setting an ACL that lacks inheritable ACEs on a directory, we
should set a default ACL of zero length, not a default ACL with all bits
denied.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
### Diffstat output
./fs/nfsd/nfs4acl.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff .prev/fs/nfsd/nfs4acl.c ./fs/nfsd/nfs4acl.c
--- .prev/fs/nfsd/nfs4acl.c 2007-02-13 10:38:09.000000000 +1100
+++ ./fs/nfsd/nfs4acl.c 2007-02-13 10:38:26.000000000 +1100
@@ -416,6 +416,7 @@ struct posix_ace_state_array {
* calculated so far: */
struct posix_acl_state {
+ int empty;
struct posix_ace_state owner;
struct posix_ace_state group;
struct posix_ace_state other;
@@ -431,6 +432,7 @@ init_state(struct posix_acl_state *state
int alloc;
memset(state, 0, sizeof(struct posix_acl_state));
+ state->empty = 1;
/*
* In the worst case, each individual acl could be for a distinct
* named user or group, but we don't no which, so we allocate
@@ -498,6 +500,20 @@ posix_state_to_acl(struct posix_acl_stat
int nace;
int i, error = 0;
+ /*
+ * ACLs with no ACEs are treated differently in the inheritable
+ * and effective cases: when there are no inheritable ACEs, we
+ * set a zero-length default posix acl:
+ */
+ if (state->empty && (flags & NFS4_ACL_TYPE_DEFAULT)) {
+ pacl = posix_acl_alloc(0, GFP_KERNEL);
+ return pacl ? pacl : ERR_PTR(-ENOMEM);
+ }
+ /*
+ * When there are no effective ACEs, the following will end
+ * up setting a 3-element effective posix ACL with all
+ * permissions zero.
+ */
nace = 4 + state->users->n + state->groups->n;
pacl = posix_acl_alloc(nace, GFP_KERNEL);
if (!pacl)
@@ -613,6 +629,8 @@ static void process_one_v4_ace(struct po
u32 mask = ace->access_mask;
int i;
+ state->empty = 0;
+
switch (ace2type(ace)) {
case ACL_USER_OBJ:
if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
@@ -717,7 +735,8 @@ int nfs4_acl_nfsv4_to_posix(struct nfs4_
ret = PTR_ERR(*pacl);
goto out_dstate;
}
- *dpacl = posix_state_to_acl(&default_acl_state, flags);
+ *dpacl = posix_state_to_acl(&default_acl_state,
+ flags | NFS4_ACL_TYPE_DEFAULT);
if (IS_ERR(*dpacl)) {
ret = PTR_ERR(*dpacl);
posix_acl_release(*pacl);
next prev parent reply other threads:[~2007-02-12 23:45 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-12 23:43 [PATCH 000 of 9] knfsd: NFSv4 ACL improvements and a couple of bug fixes NeilBrown
2007-02-12 23:43 ` NeilBrown
2007-02-12 23:44 ` [PATCH 001 of 9] knfsd: nfsd4: fix non-terminated string NeilBrown
2007-02-12 23:44 ` NeilBrown
2007-02-14 13:00 ` Ming Zhang
2007-02-14 13:00 ` [NFS] " Ming Zhang
2007-02-14 17:55 ` Chuck Lever
2007-02-14 17:55 ` [NFS] " Chuck Lever
2007-02-14 18:04 ` Ming Zhang
2007-02-14 18:04 ` [NFS] " Ming Zhang
2007-02-12 23:44 ` [PATCH 002 of 9] knfsd: nfsd4: relax checking of ACL inheritance bits NeilBrown
2007-02-12 23:44 ` NeilBrown
2007-02-12 23:44 ` [PATCH 003 of 9] knfsd: nfsd4: simplify nfsv4->posix translation NeilBrown
2007-02-12 23:44 ` NeilBrown
2007-02-12 23:44 ` [PATCH 004 of 9] knfsd: nfsd4: represent nfsv4 acl with array instead of linked list NeilBrown
2007-02-12 23:44 ` NeilBrown
2007-02-12 23:44 ` [PATCH 005 of 9] knfsd: nfsd4: fix memory leak on kmalloc failure in savemem NeilBrown
2007-02-12 23:44 ` NeilBrown
2007-02-12 23:44 ` [PATCH 006 of 9] knfsd: nfsd4: fix error return on unsupported acl NeilBrown
2007-02-12 23:44 ` NeilBrown
2007-02-12 23:44 ` [PATCH 007 of 9] knfsd: nfsd4: acls: don't return explicit mask NeilBrown
2007-02-12 23:44 ` NeilBrown
2007-02-12 23:45 ` [PATCH 008 of 9] knfsd: nfsd4: acls: avoid unnecessary denies NeilBrown
2007-02-12 23:45 ` NeilBrown
2007-02-12 23:45 ` NeilBrown [this message]
2007-02-12 23:45 ` [PATCH 009 of 9] knfsd: nfsd4: fix handling of directories without default ACLs NeilBrown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1070212234507.29358@suse.de \
--to=neilb@suse.de \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.