From owner-p4-projects@FreeBSD.ORG  Mon May 26 20:01:05 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 9809D106566C; Mon, 26 May 2008 20:01:05 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5A00D106566B
	for <perforce@freebsd.org>; Mon, 26 May 2008 20:01:05 +0000 (UTC)
	(envelope-from trasz@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 462A88FC1D
	for <perforce@freebsd.org>; Mon, 26 May 2008 20:01:05 +0000 (UTC)
	(envelope-from trasz@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m4QK15pE083425
	for <perforce@freebsd.org>; Mon, 26 May 2008 20:01:05 GMT
	(envelope-from trasz@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m4QK15Hj083423
	for perforce@freebsd.org; Mon, 26 May 2008 20:01:05 GMT
	(envelope-from trasz@freebsd.org)
Date: Mon, 26 May 2008 20:01:05 GMT
Message-Id: <200805262001.m4QK15Hj083423@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	trasz@freebsd.org using -f
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 142315 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 May 2008 20:01:05 -0000

http://perforce.freebsd.org/chv.cgi?CH=142315

Change 142315 by trasz@trasz_traszkan on 2008/05/26 20:00:08

	Calculate initial NFSv4 ACL from mode bits.

Affected files ...

.. //depot/projects/soc2008/trasz_nfs4acl/sys/sys/acl.h#3 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_acl.c#3 edit

Differences ...

==== //depot/projects/soc2008/trasz_nfs4acl/sys/sys/acl.h#3 (text+ko) ====

@@ -171,7 +171,7 @@
 #define ACE_WRITE_DATA			0x00000002
 #define ACE_ADD_FILE			0x00000002
 #define ACE_APPEND_DATA			0x00000004
-#define ACE_ACE_ADD_SUBDIRECTORY	0x00000004
+#define ACE_ADD_SUBDIRECTORY		0x00000004
 #define ACE_READ_NAMED_ATTRS		0x00000008
 #define ACE_WRITE_NAMED_ATTRS		0x00000010
 #define ACE_EXECUTE			0x00000020

==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_acl.c#3 (text+ko) ====

@@ -461,12 +461,65 @@
 	return error;
 }
 
+static void
+ace_pair(ace_t *denied, ace_t *allowed, uint32_t flags, uint32_t allowed_mask, uint32_t denied_mask)
+{
+	/* XXX: SunOS seems to put 0xffffffff here. */
+	allowed->a_who = denied->a_who = 0;
+	allowed->a_flags = denied->a_flags = flags;
+	allowed->a_type = ACE_ACCESS_ALLOWED_ACE_TYPE;
+	allowed->a_access_mask = allowed_mask;
+	denied->a_type = ACE_ACCESS_DENIED_ACE_TYPE;
+	denied->a_access_mask = denied_mask;
+}
+
 int
 ufs_nfs4acl_from_inode(struct vop_getace_args *ap)
 {
+	struct inode *ip = VTOI(ap->a_vp);
+	uint32_t allowed, denied;
+	ace_t *aces = ap->a_aclp;
+
 	if (ap->a_nentries < 6)
 		return (ENOSPC);
 
+	/* XXX: Where is this thing described in the spec? */
+	allowed = 0;
+	if (ip->i_mode & S_IRUSR)
+		allowed |= ACE_READ_DATA;
+	if (ip->i_mode & S_IWUSR)
+		allowed |= ACE_WRITE_DATA | ACE_APPEND_DATA;
+	if (ip->i_mode & S_IXUSR)
+		allowed |= ACE_EXECUTE;
+	denied = ~allowed & (ACE_READ_DATA | ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE);
+	allowed |= ACE_WRITE_NAMED_ATTRS | ACE_WRITE_ATTRIBUTES | ACE_WRITE_ACL | ACE_WRITE_OWNER;
+
+	ace_pair(&aces[0], &aces[1], ACE_OWNER, allowed, denied);
+
+	allowed = 0;
+	if (ip->i_mode & S_IRGRP)
+		allowed |= ACE_READ_DATA;
+	if (ip->i_mode & S_IWGRP)
+		allowed |= ACE_WRITE_DATA | ACE_APPEND_DATA;
+	if (ip->i_mode & S_IXGRP)
+		allowed |= ACE_EXECUTE;
+	denied = ~allowed & (ACE_READ_DATA | ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE);
+
+	ace_pair(&aces[2], &aces[3], ACE_GROUP, allowed, denied);
+
+	allowed = 0;
+	if (ip->i_mode & S_IROTH)
+		allowed |= ACE_READ_DATA;
+	if (ip->i_mode & S_IWOTH)
+		allowed |= ACE_WRITE_DATA | ACE_APPEND_DATA;
+	if (ip->i_mode & S_IXOTH)
+		allowed |= ACE_EXECUTE;
+	denied = ~allowed & (ACE_READ_DATA | ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE);
+	denied |= ACE_WRITE_NAMED_ATTRS | ACE_WRITE_ATTRIBUTES | ACE_WRITE_ACL | ACE_WRITE_OWNER;
+	allowed |= ACE_READ_NAMED_ATTRS | ACE_READ_ATTRIBUTES | ACE_READ_ACL | ACE_SYNCHRONIZE;
+
+	ace_pair(&aces[4], &aces[5], ACE_EVERYONE, allowed, denied);
+
 	*(ap->a_count) = 6;
 
 	return (0);
@@ -566,6 +619,10 @@
 		error = 0;
 	}
 
+	/* If the loaded ACE count is too big, return error. */
+	if (*(ap->a_count) > MAX_ACL_ENTRIES)
+		return (EIO);
+
 	return (error);
 }