* [PATCH 1/1] [nfs4-acl-tools] handle DENY ace for DELETE, WRITE_OWNER, and NAMED_ATTRS
@ 2014-11-03 19:46 Olga Kornievskaia
2014-11-05 20:28 ` J. Bruce Fields
0 siblings, 1 reply; 3+ messages in thread
From: Olga Kornievskaia @ 2014-11-03 19:46 UTC (permalink / raw)
To: bfields; +Cc: linux-nfs
Don't ignore setting or viewing DENY ace for DELETE, WRITE_OWNER, and
NAMED_ATTRS.
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
---
include/libacl_nfs4.h | 8 ++------
libnfs4acl/nfs4_new_ace.c | 3 ---
2 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/include/libacl_nfs4.h b/include/libacl_nfs4.h
index 2f7cc28..7b19c6f 100644
--- a/include/libacl_nfs4.h
+++ b/include/libacl_nfs4.h
@@ -95,15 +95,11 @@
#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \
| NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE)
-#define NFS4_ACE_MASK_IGNORE (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \
- | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS)
/* XXX not sure about the following. Note that e.g. DELETE_CHILD is wrong in
* general (should only be ignored on files). */
#define MASK_EQUAL(mask1, mask2) \
- (((mask1) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \
- ~NFS4_ACE_DELETE_CHILD) \
- == ((mask2) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \
- ~NFS4_ACE_DELETE_CHILD))
+ (((mask1) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_DELETE_CHILD) \
+ == ((mask2) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_DELETE_CHILD))
/*
* NFS4_MAX_ACESIZE -- the number of bytes in the string representation we
diff --git a/libnfs4acl/nfs4_new_ace.c b/libnfs4acl/nfs4_new_ace.c
index a93f74a..0c875b1 100644
--- a/libnfs4acl/nfs4_new_ace.c
+++ b/libnfs4acl/nfs4_new_ace.c
@@ -51,9 +51,6 @@ struct nfs4_ace * nfs4_new_ace(int is_directory, u32 type, u32 flag, u32 access_
ace->type = type;
ace->flag = flag;
- if( type == NFS4_ACE_ACCESS_DENIED_ACE_TYPE )
- access_mask = access_mask & ~(NFS4_ACE_MASK_IGNORE);
-
/* Castrate delete_child if we aren't a directory */
if (!is_directory)
access_mask &= ~NFS4_ACE_DELETE_CHILD;
--
1.9.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] [nfs4-acl-tools] handle DENY ace for DELETE, WRITE_OWNER, and NAMED_ATTRS
2014-11-03 19:46 [PATCH 1/1] [nfs4-acl-tools] handle DENY ace for DELETE, WRITE_OWNER, and NAMED_ATTRS Olga Kornievskaia
@ 2014-11-05 20:28 ` J. Bruce Fields
2014-11-05 20:33 ` Kornievskaia, Olga
0 siblings, 1 reply; 3+ messages in thread
From: J. Bruce Fields @ 2014-11-05 20:28 UTC (permalink / raw)
To: Olga Kornievskaia; +Cc: linux-nfs
On Mon, Nov 03, 2014 at 02:46:51PM -0500, Olga Kornievskaia wrote:
> Don't ignore setting or viewing DENY ace for DELETE, WRITE_OWNER, and
> NAMED_ATTRS.
Agreed, it's trying to enforce some sort of policy when it should just
be leaving the ACL untouched and letting the server sort it out.
Looks like we may as well remove MASK_EQUAL too, though, I can't see any
user.
Applying as follows.
--b.
commit 47f4fae9b746
Author: Olga Kornievskaia <kolga@netapp.com>
Date: Mon Nov 3 14:46:51 2014 -0500
handle DENY ace for DELETE, WRITE_OWNER, and NAMED_ATTRS
Don't ignore setting or viewing DENY ace for DELETE, WRITE_OWNER, and
NAMED_ATTRS.
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
diff --git a/include/libacl_nfs4.h b/include/libacl_nfs4.h
index 2f7cc2898678..47ca3c458110 100644
--- a/include/libacl_nfs4.h
+++ b/include/libacl_nfs4.h
@@ -95,16 +95,6 @@
#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \
| NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE)
-#define NFS4_ACE_MASK_IGNORE (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \
- | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS)
-/* XXX not sure about the following. Note that e.g. DELETE_CHILD is wrong in
- * general (should only be ignored on files). */
-#define MASK_EQUAL(mask1, mask2) \
- (((mask1) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \
- ~NFS4_ACE_DELETE_CHILD) \
- == ((mask2) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \
- ~NFS4_ACE_DELETE_CHILD))
-
/*
* NFS4_MAX_ACESIZE -- the number of bytes in the string representation we
* read in (not the same as on-the-wire, which is also not the same as how
diff --git a/libnfs4acl/nfs4_new_ace.c b/libnfs4acl/nfs4_new_ace.c
index a93f74a3c7b2..0c875b1d9ebd 100644
--- a/libnfs4acl/nfs4_new_ace.c
+++ b/libnfs4acl/nfs4_new_ace.c
@@ -51,9 +51,6 @@ struct nfs4_ace * nfs4_new_ace(int is_directory, u32 type, u32 flag, u32 access_
ace->type = type;
ace->flag = flag;
- if( type == NFS4_ACE_ACCESS_DENIED_ACE_TYPE )
- access_mask = access_mask & ~(NFS4_ACE_MASK_IGNORE);
-
/* Castrate delete_child if we aren't a directory */
if (!is_directory)
access_mask &= ~NFS4_ACE_DELETE_CHILD;
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] [nfs4-acl-tools] handle DENY ace for DELETE, WRITE_OWNER, and NAMED_ATTRS
2014-11-05 20:28 ` J. Bruce Fields
@ 2014-11-05 20:33 ` Kornievskaia, Olga
0 siblings, 0 replies; 3+ messages in thread
From: Kornievskaia, Olga @ 2014-11-05 20:33 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: linux-nfs@vger.kernel.org
On Nov 5, 2014, at 3:28 PM, J. Bruce Fields <bfields@redhat.com> wrote:
> On Mon, Nov 03, 2014 at 02:46:51PM -0500, Olga Kornievskaia wrote:
>> Don't ignore setting or viewing DENY ace for DELETE, WRITE_OWNER, and
>> NAMED_ATTRS.
>
> Agreed, it's trying to enforce some sort of policy when it should just
> be leaving the ACL untouched and letting the server sort it out.
>
> Looks like we may as well remove MASK_EQUAL too, though, I can't see any
> user.
>
> Applying as follows.
Thank you, Bruce.
>
> --b.
>
> commit 47f4fae9b746
> Author: Olga Kornievskaia <kolga@netapp.com>
> Date: Mon Nov 3 14:46:51 2014 -0500
>
> handle DENY ace for DELETE, WRITE_OWNER, and NAMED_ATTRS
>
> Don't ignore setting or viewing DENY ace for DELETE, WRITE_OWNER, and
> NAMED_ATTRS.
>
> Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
>
> diff --git a/include/libacl_nfs4.h b/include/libacl_nfs4.h
> index 2f7cc2898678..47ca3c458110 100644
> --- a/include/libacl_nfs4.h
> +++ b/include/libacl_nfs4.h
> @@ -95,16 +95,6 @@
> #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \
> | NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE)
>
> -#define NFS4_ACE_MASK_IGNORE (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \
> - | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS)
> -/* XXX not sure about the following. Note that e.g. DELETE_CHILD is wrong in
> - * general (should only be ignored on files). */
> -#define MASK_EQUAL(mask1, mask2) \
> - (((mask1) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \
> - ~NFS4_ACE_DELETE_CHILD) \
> - == ((mask2) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \
> - ~NFS4_ACE_DELETE_CHILD))
> -
> /*
> * NFS4_MAX_ACESIZE -- the number of bytes in the string representation we
> * read in (not the same as on-the-wire, which is also not the same as how
> diff --git a/libnfs4acl/nfs4_new_ace.c b/libnfs4acl/nfs4_new_ace.c
> index a93f74a3c7b2..0c875b1d9ebd 100644
> --- a/libnfs4acl/nfs4_new_ace.c
> +++ b/libnfs4acl/nfs4_new_ace.c
> @@ -51,9 +51,6 @@ struct nfs4_ace * nfs4_new_ace(int is_directory, u32 type, u32 flag, u32 access_
> ace->type = type;
> ace->flag = flag;
>
> - if( type == NFS4_ACE_ACCESS_DENIED_ACE_TYPE )
> - access_mask = access_mask & ~(NFS4_ACE_MASK_IGNORE);
> -
> /* Castrate delete_child if we aren't a directory */
> if (!is_directory)
> access_mask &= ~NFS4_ACE_DELETE_CHILD;
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-11-05 20:33 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-03 19:46 [PATCH 1/1] [nfs4-acl-tools] handle DENY ace for DELETE, WRITE_OWNER, and NAMED_ATTRS Olga Kornievskaia
2014-11-05 20:28 ` J. Bruce Fields
2014-11-05 20:33 ` Kornievskaia, Olga
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox