Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 6 Aug 2008 14:13:18 GMT
From:      Edward Tomasz Napierala <trasz@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 146774 for review
Message-ID:  <200808061413.m76EDIfR043441@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=146774

Change 146774 by trasz@trasz_traszkan on 2008/08/06 14:12:37

	Ignore "append" permission - use "write_data" instead - on regular
	files to match SunOS (and ZFS) behaviour.

Affected files ...

.. //depot/projects/soc2008/trasz_nfs4acl/TODO#33 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_nfs4.c#15 edit

Differences ...

==== //depot/projects/soc2008/trasz_nfs4acl/TODO#33 (text+ko) ====

@@ -8,8 +8,6 @@
   to ACL_READ_NAMED_ATTRS, so there is no need for translation
   between the two in kern/subr_acl_nfs4.c.
 
-- Decide what to do with write vs append on regular files.
-
 - Either add or extend existing manual pages for new API routines:
   acl_add_flag_np, acl_clear_flags_np, acl_create_entry_np, acl_delete_entry_np,
   acl_delete_flag_np, acl_get_extended_np, acl_get_flag_np, acl_get_flagset_np,

==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/subr_acl_nfs4.c#15 (text+ko) ====

@@ -81,17 +81,6 @@
 			access_mask |= mode2mask[i].mask;
 	}
 
-	if (mode & VAPPEND) {
-		/*
-		 * Translate from open(2) semantics to NFSv4 one.
-		 * In order to open file for writing, one needs
-		 * to specify both O_WRONLY and O_APPEND.  With NFSv4,
-		 * permission to write is not required to append,
-		 * permission to append is sufficient.
-		 */
-		access_mask &= ~ACL_WRITE_DATA;
-	}
-
 	return (access_mask);
 }
 
@@ -191,21 +180,17 @@
 		needed_bits &= ~(ACL_READ_ACL | ACL_WRITE_ACL |
 		    ACL_READ_ATTRIBUTES | ACL_WRITE_ATTRIBUTES);
 
-	denied = _acl_denies(aclp, needed_bits, cred, file_uid, file_gid,
-	    &explicitly_denied);
-
 	/*
-	 * If we want to append data to the file, either one of ACL_APPEND_DATA
-	 * or ACL_WRITE_DATA is sufficient.  We just tested for the former
-	 * and we were denied access.  Let's try with the latter.
-	 */ 
-	if (denied && (needed_bits & ACL_APPEND_DATA) && !is_directory) {
+	 * Ignore append permission for regular files; use write
+	 * permission instead.
+	 */
+	if (!is_directory && (needed_bits & ACL_APPEND_DATA)) {
+		needed_bits &= ~ACL_APPEND_DATA;
 		needed_bits |= ACL_WRITE_DATA;
-		needed_bits &= ~ACL_APPEND_DATA;
+	}
 
-		denied = _acl_denies(aclp, needed_bits, cred, file_uid,
-		    file_gid, &explicitly_denied);
-	}
+	denied = _acl_denies(aclp, needed_bits, cred, file_uid, file_gid,
+	    &explicitly_denied);
 
 	if (must_be_owner) {
 		if (file_uid != cred->cr_uid)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808061413.m76EDIfR043441>