1 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
2 +++ acl-2.2.39/libacl/acl_nfs4_get_who.c 2007-08-22 12:02:13.000000000 -0400
6 + * Read the who value from the ace and return its type and optionally
9 + * Ace is a reference to the ace to extract the who value from.
10 + * Type is a reference where the value of the whotype will be stored.
11 + * Who is a double reference that should either be passed as NULL
12 + * (and thus no who string will be returned) or as a pointer to a
13 + * char* where the who string will be allocated. This string must be
14 + * freed by the caller.
16 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
17 + * All rights reserved.
19 + * Nathaniel Gallaher <ngallahe@umich.edu>
21 + * Redistribution and use in source and binary forms, with or without
22 + * modification, are permitted provided that the following conditions
25 + * 1. Redistributions of source code must retain the above copyright
26 + * notice, this list of conditions and the following disclaimer.
27 + * 2. Redistributions in binary form must reproduce the above copyright
28 + * notice, this list of conditions and the following disclaimer in the
29 + * documentation and/or other materials provided with the distribution.
30 + * 3. Neither the name of the University nor the names of its
31 + * contributors may be used to endorse or promote products derived
32 + * from this software without specific prior written permission.
34 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
35 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
36 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
37 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
38 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
39 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
40 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
41 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
42 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
43 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
44 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
47 +#include "libacl_nfs4.h"
49 +int acl_nfs4_get_who(struct nfs4_ace* ace, int* type, char** who)
55 + if(ace == NULL || ace->who == NULL)
58 + itype = acl_nfs4_get_whotype(ace->who);
70 + case NFS4_ACL_WHO_NAMED:
73 + case NFS4_ACL_WHO_OWNER:
74 + iwho = NFS4_ACL_WHO_OWNER_STRING;
76 + case NFS4_ACL_WHO_GROUP:
77 + iwho = NFS4_ACL_WHO_GROUP_STRING;
79 + case NFS4_ACL_WHO_EVERYONE:
80 + iwho = NFS4_ACL_WHO_EVERYONE_STRING;
86 + wholen = strlen(iwho);
90 + (*who) = (char *) malloc(sizeof(char) * (wholen + 1));
91 + if((*who) == NULL) {
96 + strcpy((*who), iwho);
107 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
108 +++ acl-2.2.39/libacl/acl_nfs4_add_ace.c 2007-08-22 12:02:13.000000000 -0400
112 + * Add an ace to the acl
114 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
115 + * All rights reserved.
117 + * Marius Aamodt Eriksen <marius@umich.edu>
118 + * J. Bruce Fields <bfields@umich.edu>
119 + * Nathaniel Gallaher <ngallahe@umich.edu>
120 + * Jeff Sedlak <jsedlak@umich.edu>
122 + * Redistribution and use in source and binary forms, with or without
123 + * modification, are permitted provided that the following conditions
126 + * 1. Redistributions of source code must retain the above copyright
127 + * notice, this list of conditions and the following disclaimer.
128 + * 2. Redistributions in binary form must reproduce the above copyright
129 + * notice, this list of conditions and the following disclaimer in the
130 + * documentation and/or other materials provided with the distribution.
131 + * 3. Neither the name of the University nor the names of its
132 + * contributors may be used to endorse or promote products derived
133 + * from this software without specific prior written permission.
135 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
136 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
137 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
138 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
139 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
140 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
141 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
142 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
143 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
144 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
145 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
148 +#include "libacl_nfs4.h"
151 +acl_nfs4_add_ace(struct nfs4_acl *acl, u32 type, u32 flag, u32 access_mask,
152 + int whotype, char* who)
154 + struct nfs4_ace *ace;
163 + if ((ace = malloc(sizeof(*ace))) == NULL)
172 + if( type == NFS4_ACE_ACCESS_DENIED_ACE_TYPE )
173 + access_mask = access_mask & ~(NFS4_ACE_MASK_IGNORE);
176 + /* Castrate delete_child if we aren't a directory */
177 + if (!acl->is_directory)
178 + access_mask &= ~NFS4_ACE_DELETE_CHILD;
181 + ace->access_mask = access_mask & NFS4_ACE_MASK_ALL;
183 + result = acl_nfs4_set_who(ace, whotype, who);
187 + TAILQ_INSERT_TAIL(&acl->ace_head, ace, l_ace);
193 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
194 +++ acl-2.2.39/libacl/acl_nfs4_get_whotype.c 2007-08-22 12:02:13.000000000 -0400
198 + * Get the whotype of the who string passed
200 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
201 + * All rights reserved.
203 + * Marius Aamodt Eriksen <marius@umich.edu>
204 + * J. Bruce Fields <bfields@umich.edu>
205 + * Nathaniel Gallaher <ngallahe@umich.edu>
206 + * Jeff Sedlak <jsedlak@umich.edu>
208 + * Redistribution and use in source and binary forms, with or without
209 + * modification, are permitted provided that the following conditions
212 + * 1. Redistributions of source code must retain the above copyright
213 + * notice, this list of conditions and the following disclaimer.
214 + * 2. Redistributions in binary form must reproduce the above copyright
215 + * notice, this list of conditions and the following disclaimer in the
216 + * documentation and/or other materials provided with the distribution.
217 + * 3. Neither the name of the University nor the names of its
218 + * contributors may be used to endorse or promote products derived
219 + * from this software without specific prior written permission.
221 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
222 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
223 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
224 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
225 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
226 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
227 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
228 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
229 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
230 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
231 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
234 +#include "libacl_nfs4.h"
237 +acl_nfs4_get_whotype(char *p)
239 + if(0 == strcmp(p, NFS4_ACL_WHO_OWNER_STRING) &&
240 + strlen(p) == strlen(NFS4_ACL_WHO_OWNER_STRING)) {
241 + return NFS4_ACL_WHO_OWNER;
243 + if(0 == strcmp(p, NFS4_ACL_WHO_GROUP_STRING) &&
244 + strlen(p) == strlen(NFS4_ACL_WHO_GROUP_STRING)) {
245 + return NFS4_ACL_WHO_GROUP;
247 + if(0 == strcmp(p, NFS4_ACL_WHO_EVERYONE_STRING) &&
248 + strlen(p) == strlen(NFS4_ACL_WHO_EVERYONE_STRING)) {
249 + return NFS4_ACL_WHO_EVERYONE;
252 + return NFS4_ACL_WHO_NAMED;
256 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
257 +++ acl-2.2.39/libacl/acl_nfs4_free.c 2007-08-22 12:02:13.000000000 -0400
260 + * Copyright (c) 2004 The Regents of the University of Michigan.
261 + * All rights reserved.
263 + * Marius Aamodt Eriksen <marius@umich.edu>
264 + * J. Bruce Fields <bfields@umich.edu>
265 + * Nathaniel Gallaher <ngallahe@umich.edu>
266 + * Jeff Sedlak <jsedlak@umich.edu>
268 + * Redistribution and use in source and binary forms, with or without
269 + * modification, are permitted provided that the following conditions
272 + * 1. Redistributions of source code must retain the above copyright
273 + * notice, this list of conditions, the following disclaimer, and
274 + * any and all other licensing or copyright notices included in
275 + * any files in this distribution.
276 + * 2. Redistributions in binary form must reproduce the above copyright
277 + * notice, this list of conditions and the following disclaimer in the
278 + * documentation and/or other materials provided with the distribution.
279 + * 3. Neither the name of the University nor the names of its
280 + * contributors may be used to endorse or promote products derived
281 + * from this software without specific prior written permission.
283 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
284 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
285 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
286 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
287 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
288 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
289 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
290 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
291 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
292 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
293 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
297 +#include "libacl_nfs4.h"
300 +acl_nfs4_free(struct nfs4_acl *acl)
302 + struct nfs4_ace *ace;
307 + while (!TAILQ_IS_EMPTY(acl->ace_head)) {
308 + ace = (acl)->ace_head.tqh_first;
310 + TAILQ_REMOVE( &(acl->ace_head), ace, l_ace);
320 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
321 +++ acl-2.2.39/libacl/acl_n4tp_acl_trans.c 2007-08-22 12:02:13.000000000 -0400
325 + * Convert NFSv4 ACL to a POSIX ACL
327 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
328 + * All rights reserved.
330 + * Nathaniel Gallaher <ngallahe@umich.edu>
332 + * Redistribution and use in source and binary forms, with or without
333 + * modification, are permitted provided that the following conditions
336 + * 1. Redistributions of source code must retain the above copyright
337 + * notice, this list of conditions and the following disclaimer.
338 + * 2. Redistributions in binary form must reproduce the above copyright
339 + * notice, this list of conditions and the following disclaimer in the
340 + * documentation and/or other materials provided with the distribution.
341 + * 3. Neither the name of the University nor the names of its
342 + * contributors may be used to endorse or promote products derived
343 + * from this software without specific prior written permission.
345 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
346 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
347 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
348 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
349 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
350 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
351 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
352 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
353 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
354 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
355 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
358 +#include <acl/libacl.h>
359 +#include <nfsidmap.h>
360 +#include "libacl_nfs4.h"
364 + * While processing the NFSv4 ACE, this maintains bitmasks representing
365 + * which permission bits have been allowed and which denied to a given
367 +struct posix_ace_state {
372 +struct posix_user_ace_state {
374 + struct posix_ace_state perms;
377 +struct posix_ace_state_array {
379 + struct posix_user_ace_state aces[];
383 + * While processing the NFSv4 ACE, this maintains the partial permissions
384 + * calculated so far: */
386 +struct posix_acl_state {
387 + struct posix_ace_state owner;
388 + struct posix_ace_state group;
389 + struct posix_ace_state other;
390 + struct posix_ace_state everyone;
391 + struct posix_ace_state mask; /* Deny unused in this case */
392 + struct posix_ace_state_array *users;
393 + struct posix_ace_state_array *groups;
397 +init_state(struct posix_acl_state *state, int cnt)
401 + memset(state, 0, sizeof(struct posix_acl_state));
403 + * In the worst case, each individual acl could be for a distinct
404 + * named user or group, but we don't know which, so we allocate
405 + * enough space for either:
407 + alloc = sizeof(struct posix_ace_state_array)
408 + + cnt*sizeof(struct posix_user_ace_state);
409 + state->users = calloc(1, alloc);
412 + state->groups = calloc(1, alloc);
413 + if (!state->groups) {
414 + free(state->users);
421 +free_state(struct posix_acl_state *state) {
422 + free(state->users);
423 + free(state->groups);
426 +static inline void add_to_mask(struct posix_acl_state *state, struct posix_ace_state *astate)
428 + state->mask.allow |= astate->allow;
432 + * We only map from NFSv4 to POSIX ACLs when getting ACLs, when we err on the
433 + * side of permissiveness (so as not to make the file appear more secure than
434 + * it really is), so the mode bit mapping below is optimistic.
437 +set_mode_from_nfs4(acl_entry_t pace, u_int32_t perm, int is_dir)
439 + u32 write_mode = NFS4_WRITE_MODE;
440 + acl_permset_t perms;
442 + acl_get_permset(pace, &perms);
443 + acl_clear_perms(perms);
445 + write_mode |= NFS4_ACE_DELETE_CHILD;
446 + if (perm & NFS4_READ_MODE)
447 + acl_add_perm(perms, ACL_READ);
448 + if (perm & write_mode)
449 + acl_add_perm(perms, ACL_WRITE);
450 + if (perm & NFS4_EXECUTE_MODE)
451 + acl_add_perm(perms, ACL_EXECUTE);
452 + acl_set_permset(pace, perms);
455 +/* XXX: add a "check allow" that can warn on e.g. allows of WRITE_ACL
458 +/* XXX: replace error returns by errno sets all over. Ugh. */
461 +posix_state_to_acl(struct posix_acl_state *state, int is_dir)
468 + if (state->users->n || state->groups->n)
469 + nace = 4 + state->users->n + state->groups->n;
472 + pacl = acl_init(nace);
476 + error = acl_create_entry(&pacl, &pace);
479 + acl_set_tag_type(pace, ACL_USER_OBJ);
480 + set_mode_from_nfs4(pace, state->owner.allow, is_dir);
482 + for (i=0; i < state->users->n; i++) {
483 + error = acl_create_entry(&pacl, &pace);
486 + acl_set_tag_type(pace, ACL_USER);
487 + set_mode_from_nfs4(pace, state->users->aces[i].perms.allow,
489 + acl_set_qualifier(pace, &state->users->aces[i].uid);
490 + add_to_mask(state, &state->users->aces[i].perms);
493 + error = acl_create_entry(&pacl, &pace);
496 + acl_set_tag_type(pace, ACL_GROUP_OBJ);
497 + set_mode_from_nfs4(pace, state->group.allow, is_dir);
498 + add_to_mask(state, &state->group);
500 + for (i=0; i < state->groups->n; i++) {
501 + error = acl_create_entry(&pacl, &pace);
504 + acl_set_tag_type(pace, ACL_GROUP);
505 + set_mode_from_nfs4(pace, state->groups->aces[i].perms.allow,
507 + acl_set_qualifier(pace, &state->groups->aces[i].uid);
508 + add_to_mask(state, &state->groups->aces[i].perms);
512 + error = acl_create_entry(&pacl, &pace);
515 + acl_set_tag_type(pace, ACL_MASK);
516 + set_mode_from_nfs4(pace, state->mask.allow, is_dir);
519 + error = acl_create_entry(&pacl, &pace);
522 + acl_set_tag_type(pace, ACL_OTHER);
523 + set_mode_from_nfs4(pace, state->other.allow, is_dir);
531 +static inline void allow_bits(struct posix_ace_state *astate, u32 mask)
533 + /* Allow all bits in the mask not already denied: */
534 + astate->allow |= mask & ~astate->deny;
537 +static inline void deny_bits(struct posix_ace_state *astate, u32 mask)
539 + /* Deny all bits in the mask not already allowed: */
540 + astate->deny |= mask & ~astate->allow;
543 +static int find_uid(struct posix_acl_state *state, struct posix_ace_state_array *a, uid_t uid)
547 + for (i = 0; i < a->n; i++)
548 + if (a->aces[i].uid == uid)
552 + a->aces[i].uid = uid;
553 + a->aces[i].perms.allow = state->everyone.allow;
554 + a->aces[i].perms.deny = state->everyone.deny;
559 +static void deny_bits_array(struct posix_ace_state_array *a, u32 mask)
563 + for (i=0; i < a->n; i++)
564 + deny_bits(&a->aces[i].perms, mask);
567 +static void allow_bits_array(struct posix_ace_state_array *a, u32 mask)
571 + for (i=0; i < a->n; i++)
572 + allow_bits(&a->aces[i].perms, mask);
575 +static acl_tag_t acl_n4tp_get_whotype(struct nfs4_ace *ace)
580 + result = acl_nfs4_get_who(ace, &nfs4type, NULL);
584 + switch (nfs4type) {
585 + case NFS4_ACL_WHO_NAMED:
586 + return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ?
587 + ACL_GROUP : ACL_USER);
588 + case NFS4_ACL_WHO_OWNER:
589 + return ACL_USER_OBJ;
590 + case NFS4_ACL_WHO_GROUP:
591 + return ACL_GROUP_OBJ;
592 + case NFS4_ACL_WHO_EVERYONE:
599 +static int process_one_v4_ace(struct posix_acl_state *state,
600 + struct nfs4_ace *ace)
602 + u32 mask = ace->access_mask;
606 + if (nfs4_init_name_mapping(NULL))
609 + switch (acl_n4tp_get_whotype(ace)) {
611 + if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
612 + allow_bits(&state->owner, mask);
614 + deny_bits(&state->owner, mask);
618 + if (nfs4_name_to_uid(ace->who, &id))
620 + i = find_uid(state, state->users, id);
621 + if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
622 + allow_bits(&state->users->aces[i].perms, mask);
623 + mask = state->users->aces[i].perms.allow;
624 + allow_bits(&state->owner, mask);
626 + deny_bits(&state->users->aces[i].perms, mask);
629 + case ACL_GROUP_OBJ:
630 + if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
631 + allow_bits(&state->group, mask);
632 + mask = state->group.allow;
633 + allow_bits(&state->owner, mask);
634 + allow_bits(&state->everyone, mask);
635 + allow_bits_array(state->users, mask);
636 + allow_bits_array(state->groups, mask);
638 + deny_bits(&state->group, mask);
642 + if (nfs4_name_to_gid(ace->who, &id))
644 + i = find_uid(state, state->groups, id);
645 + if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
646 + allow_bits(&state->groups->aces[i].perms, mask);
647 + mask = state->groups->aces[i].perms.allow;
648 + allow_bits(&state->owner, mask);
649 + allow_bits(&state->group, mask);
650 + allow_bits(&state->everyone, mask);
651 + allow_bits_array(state->users, mask);
652 + allow_bits_array(state->groups, mask);
654 + deny_bits(&state->groups->aces[i].perms, mask);
658 + if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) {
659 + allow_bits(&state->owner, mask);
660 + allow_bits(&state->group, mask);
661 + allow_bits(&state->other, mask);
662 + allow_bits(&state->everyone, mask);
663 + allow_bits_array(state->users, mask);
664 + allow_bits_array(state->groups, mask);
666 + deny_bits(&state->owner, mask);
667 + deny_bits(&state->group, mask);
668 + deny_bits(&state->other, mask);
669 + deny_bits(&state->everyone, mask);
670 + deny_bits_array(state->users, mask);
671 + deny_bits_array(state->groups, mask);
677 +#define FILE_OR_DIR_INHERIT (NFS4_ACE_FILE_INHERIT_ACE \
678 + | NFS4_ACE_DIRECTORY_INHERIT_ACE)
680 +/* Strip or keep inheritance aces depending on type of posix acl requested */
681 +static void acl_nfs4_check_inheritance(struct nfs4_acl *acl, u32 iflags)
683 + struct nfs4_ace * cur_ace;
684 + struct nfs4_ace * temp_ace;
686 + cur_ace = acl->ace_head.tqh_first;
689 + /* get the next ace now in case we free the current ace */
690 + temp_ace = cur_ace;
691 + cur_ace = cur_ace->l_ace.tqe_next;
693 + if (iflags & NFS4_ACL_REQUEST_DEFAULT) {
694 + if (!(temp_ace->flag & FILE_OR_DIR_INHERIT))
695 + acl_nfs4_remove_ace(acl, temp_ace);
697 + if (temp_ace->flag & NFS4_ACE_INHERIT_ONLY_ACE)
698 + acl_nfs4_remove_ace(acl, temp_ace);
703 +acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype)
705 + struct posix_acl_state state;
707 + struct nfs4_acl * temp_acl;
708 + struct nfs4_ace * cur_ace;
710 + u32 iflags = NFS4_ACL_NOFLAGS;
712 + if (ptype == ACL_TYPE_DEFAULT) {
713 + if (nacl_p->is_directory)
714 + iflags |= NFS4_ACL_REQUEST_DEFAULT;
721 + /* Copy so we can delete bits without borking the original */
722 + temp_acl = acl_nfs4_copy_acl(nacl_p);
723 + if (temp_acl == NULL)
726 + acl_nfs4_check_inheritance(temp_acl, iflags);
728 + if (ptype == ACL_TYPE_DEFAULT && temp_acl->naces == 0) {
729 + acl_nfs4_free(temp_acl);
730 + return acl_init(0);
733 + ret = init_state(&state, temp_acl->naces);
737 + cur_ace = temp_acl->ace_head.tqh_first;
739 + if (process_one_v4_ace(&state, cur_ace)) {
740 + free_state(&state);
743 + cur_ace = cur_ace->l_ace.tqe_next;
746 + acl_nfs4_free(temp_acl);
748 + pacl = posix_state_to_acl(&state, nacl_p->is_directory);
750 + free_state(&state);
752 + ret = acl_valid(pacl);
759 + acl_nfs4_free(temp_acl);
762 --- acl-2.2.39/libacl/acl_set_fd.c.orig 2006-06-20 02:51:25.000000000 -0400
763 +++ acl-2.2.39/libacl/acl_set_fd.c 2007-08-22 12:02:13.000000000 -0400
766 #include "__acl_to_xattr.h"
768 +#ifdef USE_NFSV4_TRANS
769 + #include "libacl_nfs4.h"
770 + #include <nfsidmap.h>
773 #include "byteorder.h"
776 @@ -37,10 +42,42 @@ acl_set_fd(int fd, acl_t acl)
777 const char *name = ACL_EA_ACCESS;
780 +#ifdef USE_NFSV4_TRANS
782 + struct nfs4_acl * nacl;
788 +#ifdef USE_NFSV4_TRANS
789 + retval = fgetxattr(fd, ACL_NFS4_XATTR, NULL, 0);
791 + if(retval == -1 && (errno == ENOATTR || errno == EOPNOTSUPP)) {
792 + ext_acl_p = __acl_to_xattr(acl_obj_p, &size);
794 + char domain[NFS4_MAX_DOMAIN_LEN];
795 + nfs4_init_name_mapping(NULL);
796 + error = nfs4_get_default_domain(NULL, domain, sizeof(domain));
799 + nacl = acl_nfs4_new(0);
804 + error = acl_ptn4_acl_trans(acl, nacl, ACL_TYPE_ACCESS, 0, domain);
808 + size = acl_nfs4_xattr_pack(nacl, &ext_acl_p);
809 + name = ACL_NFS4_XATTR;
810 + acl_nfs4_free(nacl);
813 ext_acl_p = __acl_to_xattr(acl_obj_p, &size);
818 error = fsetxattr(fd, name, (char *)ext_acl_p, size, 0);
819 --- acl-2.2.39/libacl/Makefile.orig 2006-06-20 02:51:25.000000000 -0400
820 +++ acl-2.2.39/libacl/Makefile 2007-08-22 12:02:13.000000000 -0400
821 @@ -8,19 +8,35 @@ LTLDFLAGS += -Wl,--version-script,$(TOPD
822 include $(TOPDIR)/include/builddefs
824 LTLIBRARY = libacl.la
825 -LTLIBS = -lattr $(LIBMISC)
826 +LTLIBS = -lattr -lnfsidmap $(LIBMISC)
827 LTDEPENDENCIES = $(LIBMISC)
834 +CFILES = $(POSIX_CFILES) $(LIBACL_CFILES) $(LIBACL_NFS4_CFILES) \
835 + $(INTERNAL_CFILES) perm_copy_fd.c perm_copy_file.c
837 -CFILES = $(POSIX_CFILES) $(LIBACL_CFILES) $(INTERNAL_CFILES) \
838 - perm_copy_fd.c perm_copy_file.c
839 HFILES = libobj.h libacl.h byteorder.h __acl_from_xattr.h __acl_to_xattr.h \
841 + perm_copy.h $(LIBACL_NFS4_HFILES)
843 LCFLAGS = -include perm_copy.h
845 +LIBACL_NFS4_CFILES = \
846 + acl_nfs4_get_who.c \
847 + acl_n4tp_acl_trans.c acl_nfs4_get_whotype.c \
849 + acl_nfs4_add_ace.c acl_nfs4_remove_ace.c \
850 + acl_nfs4_add_pair.c \
851 + acl_nfs4_copy_acl.c acl_nfs4_set_who.c \
852 + acl_nfs4_free.c acl_nfs4_xattr_load.c \
853 + acl_nfs4_xattr_pack.c acl_nfs4_xattr_size.c \
854 + acl_ptn4_acl_trans.c \
855 + acl_ptn4_get_mask.c __posix_acl_from_nfs4_xattr.c \
858 +LIBACL_NFS4_HFILES = ../include/libacl_nfs4.h ../include/nfs4.h
861 acl_add_perm.c acl_calc_mask.c acl_clear_perms.c acl_copy_entry.c \
862 acl_copy_ext.c acl_copy_int.c acl_create_entry.c acl_delete_def_file.c \
863 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
864 +++ acl-2.2.39/libacl/acl_nfs4_remove_ace.c 2007-08-22 12:02:13.000000000 -0400
868 + * Remove an ace from an NFS4 ACL
870 + * Copyright (c) 2004 The Regents of the University of Michigan.
871 + * All rights reserved.
873 + * Nathaniel Gallaher <ngallahe@umich.edu>
875 + * Redistribution and use in source and binary forms, with or without
876 + * modification, are permitted provided that the following conditions
879 + * 1. Redistributions of source code must retain the above copyright
880 + * notice, this list of conditions, the following disclaimer, and
881 + * any and all other licensing or copyright notices included in
882 + * any files in this distribution.
883 + * 2. Redistributions in binary form must reproduce the above copyright
884 + * notice, this list of conditions and the following disclaimer in the
885 + * documentation and/or other materials provided with the distribution.
886 + * 3. Neither the name of the University nor the names of its
887 + * contributors may be used to endorse or promote products derived
888 + * from this software without specific prior written permission.
890 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
891 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
892 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
893 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
894 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
895 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
896 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
897 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
898 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
899 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
900 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
904 +#include "libacl_nfs4.h"
906 +void acl_nfs4_remove_ace(struct nfs4_acl * acl, struct nfs4_ace * ace)
908 + TAILQ_REMOVE(&acl->ace_head, ace, l_ace);
914 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
915 +++ acl-2.2.39/libacl/acl_nfs4_set_who.c 2007-08-22 12:02:13.000000000 -0400
919 + * Write the who entry in the nfs4 ace. Who is a user supplied buffer
920 + * containing a named who entry (null terminated string) if type is
921 + * set to NFS4_ACL_WHO_NAMED. Otherwise, the who buffer is not used.
922 + * The user supplied who buffer must be freed by the caller.
924 + * This code allocates the who buffer used in the ace. This must be freed
925 + * upon ace removal by the ace_remove or acl_free.
927 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
928 + * All rights reserved.
930 + * Nathaniel Gallaher <ngallahe@umich.edu>
932 + * Redistribution and use in source and binary forms, with or without
933 + * modification, are permitted provided that the following conditions
936 + * 1. Redistributions of source code must retain the above copyright
937 + * notice, this list of conditions and the following disclaimer.
938 + * 2. Redistributions in binary form must reproduce the above copyright
939 + * notice, this list of conditions and the following disclaimer in the
940 + * documentation and/or other materials provided with the distribution.
941 + * 3. Neither the name of the University nor the names of its
942 + * contributors may be used to endorse or promote products derived
943 + * from this software without specific prior written permission.
945 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
946 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
947 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
948 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
949 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
950 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
951 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
952 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
953 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
954 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
955 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
958 +#include "libacl_nfs4.h"
960 +int acl_nfs4_set_who(struct nfs4_ace* ace, int type, char* who)
970 + case NFS4_ACL_WHO_NAMED:
975 + case NFS4_ACL_WHO_OWNER:
976 + iwho = NFS4_ACL_WHO_OWNER_STRING;
978 + case NFS4_ACL_WHO_GROUP:
979 + iwho = NFS4_ACL_WHO_GROUP_STRING;
981 + case NFS4_ACL_WHO_EVERYONE:
982 + iwho = NFS4_ACL_WHO_EVERYONE_STRING;
988 + wholen = strlen(iwho);
992 + ace->who = (char *) malloc(sizeof(char) * (wholen + 1));
993 + if(ace->who == NULL) {
998 + strcpy(ace->who, iwho);
1009 --- acl-2.2.39/libacl/acl_set_file.c.orig 2006-06-20 02:51:25.000000000 -0400
1010 +++ acl-2.2.39/libacl/acl_set_file.c 2007-08-22 12:02:13.000000000 -0400
1013 #include "__acl_to_xattr.h"
1015 +#ifdef USE_NFSV4_TRANS
1016 + #include "libacl_nfs4.h"
1017 + #include <nfsidmap.h>
1020 #include "byteorder.h"
1023 +#ifdef USE_NFSV4_TRANS
1024 +static struct nfs4_acl *get_nfs4_acl(const char *path_p, int is_dir)
1026 + struct nfs4_acl * acl = NULL;
1030 + ret = getxattr(path_p, ACL_NFS4_XATTR, NULL, 0);
1033 + buf = malloc(ret);
1036 + ret = getxattr(path_p, ACL_NFS4_XATTR, buf, ret);
1039 + acl = acl_nfs4_xattr_load(buf, ret, is_dir);
1050 @@ -39,9 +68,15 @@ acl_set_file(const char *path_p, acl_typ
1055 +#ifdef USE_NFSV4_TRANS
1056 + struct nfs4_acl * nacl;
1057 + int is_dir = NFS4_ACL_ISFILE;
1064 case ACL_TYPE_ACCESS:
1065 name = ACL_EA_ACCESS;
1066 @@ -54,8 +89,41 @@ acl_set_file(const char *path_p, acl_typ
1071 +#ifdef USE_NFSV4_TRANS
1072 + if (stat(path_p, &st) != 0)
1074 + if (S_ISDIR(st.st_mode))
1075 + is_dir = NFS4_ACL_ISDIR;
1076 + if (type == ACL_TYPE_DEFAULT && !is_dir) {
1080 + nacl = get_nfs4_acl(path_p, is_dir);
1081 + if (nacl == NULL && (errno == ENOATTR || errno == EOPNOTSUPP))
1082 + ext_acl_p = __acl_to_xattr(acl_obj_p, &size);
1084 + char domain[NFS4_MAX_DOMAIN_LEN];
1086 + nfs4_init_name_mapping(NULL);
1087 + error = nfs4_get_default_domain(NULL, domain, sizeof(domain));
1089 + acl_nfs4_free(nacl);
1092 + error = acl_ptn4_acl_trans(acl, nacl, type, is_dir, domain);
1094 + acl_nfs4_free(nacl);
1098 + size = acl_nfs4_xattr_pack(nacl, &ext_acl_p);
1099 + name = ACL_NFS4_XATTR;
1100 + acl_nfs4_free(nacl);
1104 if (type == ACL_TYPE_DEFAULT) {
1107 if (stat(path_p, &st) != 0)
1109 @@ -68,6 +136,8 @@ acl_set_file(const char *path_p, acl_typ
1112 ext_acl_p = __acl_to_xattr(acl_obj_p, &size);
1117 error = setxattr(path_p, name, (char *)ext_acl_p, size, 0);
1118 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
1119 +++ acl-2.2.39/libacl/__posix_acl_from_nfs4_xattr.c 2007-08-22 12:02:13.000000000 -0400
1123 + * Convert NFSv4 xattr values to a posix ACL
1125 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
1126 + * All rights reserved.
1128 + * Nathaniel Gallaher <ngallahe@umich.edu>
1130 + * Redistribution and use in source and binary forms, with or without
1131 + * modification, are permitted provided that the following conditions
1134 + * 1. Redistributions of source code must retain the above copyright
1135 + * notice, this list of conditions and the following disclaimer.
1136 + * 2. Redistributions in binary form must reproduce the above copyright
1137 + * notice, this list of conditions and the following disclaimer in the
1138 + * documentation and/or other materials provided with the distribution.
1139 + * 3. Neither the name of the University nor the names of its
1140 + * contributors may be used to endorse or promote products derived
1141 + * from this software without specific prior written permission.
1143 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
1144 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1145 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1146 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
1147 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
1148 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
1149 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
1150 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
1151 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
1152 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
1153 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1156 +#include <acl/libacl.h>
1157 +#include "libacl_nfs4.h"
1159 +/* xattr_v is a char buffer filled with the nfsv4 xattr value.
1160 + * xattr_size should be the byte count of the length of the xattr_v
1161 + * data size. xattr_v may be larger than <xattr_size> bytes, but only
1162 + * the first <xattr_size> bytes will be read. <type> is the posix acl
1163 + * type requested. Currently either default, or access */
1165 +acl_t __posix_acl_from_nfs4_xattr(char* xattr_v,
1166 + int xattr_size, acl_type_t ptype, u32 is_dir)
1168 + struct nfs4_acl * nfsacl = NULL;
1171 + nfsacl = acl_nfs4_xattr_load(xattr_v, xattr_size, is_dir);
1172 + if(nfsacl == NULL) {
1176 + pacl = acl_n4tp_acl_trans(nfsacl, ptype);
1181 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
1182 +++ acl-2.2.39/libacl/acl_nfs4_xattr_load.c 2007-08-22 12:02:13.000000000 -0400
1186 + * Convert NFSv4 xattr values to a posix ACL
1188 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
1189 + * All rights reserved.
1191 + * Nathaniel Gallaher <ngallahe@umich.edu>
1193 + * Redistribution and use in source and binary forms, with or without
1194 + * modification, are permitted provided that the following conditions
1197 + * 1. Redistributions of source code must retain the above copyright
1198 + * notice, this list of conditions and the following disclaimer.
1199 + * 2. Redistributions in binary form must reproduce the above copyright
1200 + * notice, this list of conditions and the following disclaimer in the
1201 + * documentation and/or other materials provided with the distribution.
1202 + * 3. Neither the name of the University nor the names of its
1203 + * contributors may be used to endorse or promote products derived
1204 + * from this software without specific prior written permission.
1206 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
1207 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1208 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1209 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
1210 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
1211 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
1212 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
1213 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
1214 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
1215 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
1216 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1220 +#include <acl/libacl.h>
1221 +#include <netinet/in.h>
1222 +#include "libacl_nfs4.h"
1225 +struct nfs4_acl * acl_nfs4_xattr_load(
1230 + struct nfs4_acl * nacl_p;
1231 + char* bufp = xattr_v;
1232 + int bufs = xattr_size;
1239 + u32 type, flag, access_mask;
1241 + if(xattr_size < sizeof(u32)) {
1246 + if((nacl_p = acl_nfs4_new(is_dir)) == NULL) {
1251 + /* Grab the number of aces in the acl */
1252 + num_aces = (u32)ntohl(*((u32*)(bufp)));
1254 +#ifdef LIBACL_NFS4_DEBUG
1255 + printf(" Got number of aces: %d\n", nacl_p->naces);
1259 + d_ptr = sizeof(u32);
1263 + for(ace_n = 0; num_aces > ace_n ; ace_n++)
1265 +#ifdef LIBACL_NFS4_DEBUG
1266 + printf(" Getting Ace #%d of %d\n", ace_n, num_aces);
1268 + /* Get the acl type */
1271 + goto bad_xattr_val;
1274 + type = (u32)ntohl(*((u32*)bufp));
1275 +#ifdef LIBACL_NFS4_DEBUG
1276 + printf(" Type: %x\n", type);
1279 + d_ptr = sizeof(u32);
1283 + /* Get the acl flag */
1286 + goto bad_xattr_val;
1289 + flag = (u32)ntohl(*((u32*)bufp));
1290 +#ifdef LIBACL_NFS4_DEBUG
1291 + printf(" Flag: %x\n", flag);
1297 + /* Get the access mask */
1301 + goto bad_xattr_val;
1304 + access_mask = (u32)ntohl(*((u32*)bufp));
1305 +#ifdef LIBACL_NFS4_DEBUG
1306 + printf(" Access Mask: %x\n", access_mask);
1312 + /* Get the who string length*/
1315 + goto bad_xattr_val;
1318 + wholen = (u32)ntohl(*((u32*)bufp));
1319 +#ifdef LIBACL_NFS4_DEBUG
1320 + printf(" Wholen: %d\n", wholen);
1326 + /* Get the who string */
1329 + goto bad_xattr_val;
1332 + who = (char *) malloc((wholen+1) * sizeof(char));
1336 + goto bad_xattr_val;
1339 + memcpy(who, bufp, wholen);
1341 + who[wholen] = '\0';
1343 +#ifdef LIBACL_NFS4_DEBUG
1344 + printf(" Who: %s\n", who);
1347 + d_ptr = ((wholen / sizeof(u32))*sizeof(u32));
1348 + if(wholen % sizeof(u32) != 0)
1349 + d_ptr += sizeof(u32);
1354 + /* Make sure we aren't outside our domain */
1357 + goto bad_xattr_val;
1360 + if(acl_nfs4_add_ace(nacl_p, type, flag, access_mask, acl_nfs4_get_whotype(who), who) < 0) {
1362 + goto bad_xattr_val;
1371 + /* We bailed for some reason */
1372 + acl_nfs4_free(nacl_p);
1375 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
1376 +++ acl-2.2.39/libacl/acl_nfs4_xattr_pack.c 2007-08-22 12:02:13.000000000 -0400
1380 + * Pack an NFS4 ACL into an XDR encoded buffer.
1382 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
1383 + * All rights reserved.
1385 + * Nathaniel Gallaher <ngallahe@umich.edu>
1387 + * Redistribution and use in source and binary forms, with or without
1388 + * modification, are permitted provided that the following conditions
1391 + * 1. Redistributions of source code must retain the above copyright
1392 + * notice, this list of conditions and the following disclaimer.
1393 + * 2. Redistributions in binary form must reproduce the above copyright
1394 + * notice, this list of conditions and the following disclaimer in the
1395 + * documentation and/or other materials provided with the distribution.
1396 + * 3. Neither the name of the University nor the names of its
1397 + * contributors may be used to endorse or promote products derived
1398 + * from this software without specific prior written permission.
1400 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
1401 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1402 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1403 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
1404 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
1405 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
1406 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
1407 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
1408 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
1409 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
1410 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1413 +#include <libacl_nfs4.h>
1414 +#include <netinet/in.h>
1416 +int acl_nfs4_xattr_pack(struct nfs4_acl * acl, char** bufp)
1418 + struct nfs4_ace * ace;
1428 + if(acl == NULL || bufp == NULL)
1434 + buflen = acl_nfs4_xattr_size(acl);
1440 + *bufp = (char*) malloc(buflen);
1441 + if(*bufp == NULL) {
1448 + num_aces = acl->naces;
1450 + *((u32*)p) = htonl(num_aces);
1452 + rbuflen = sizeof(u32);
1455 + ace = acl->ace_head.tqh_first;
1462 + if(ace_num > num_aces) {
1470 + *((u32*)p) = htonl(ace->type);
1472 + rbuflen += sizeof(u32);
1474 + *((u32*)p) = htonl(ace->flag);
1476 + rbuflen += sizeof(u32);
1478 + *((u32*)p) = htonl(ace->access_mask);
1480 + rbuflen += sizeof(u32);
1482 + result = acl_nfs4_get_who(ace, NULL, &who);
1487 + wholen = strlen(who);
1488 + *((u32*)p) = htonl(wholen);
1489 + rbuflen += sizeof(u32);
1493 + memcpy(p, who, wholen);
1496 + p += (wholen / NFS4_XDR_MOD) * NFS4_XDR_MOD;
1497 + if(wholen % NFS4_XDR_MOD) {
1498 + p += NFS4_XDR_MOD;
1501 + rbuflen += (wholen / NFS4_XDR_MOD) * NFS4_XDR_MOD;
1502 + if(wholen % NFS4_XDR_MOD) {
1503 + rbuflen += NFS4_XDR_MOD;
1506 + ace = ace->l_ace.tqe_next;
1510 + if (buflen != rbuflen)
1526 --- acl-2.2.39/libacl/acl_extended_file.c.orig 2006-06-20 02:51:25.000000000 -0400
1527 +++ acl-2.2.39/libacl/acl_extended_file.c 2007-08-22 12:02:13.000000000 -0400
1530 #include <attr/xattr.h>
1532 +#include "libacl_nfs4.h"
1534 #include "byteorder.h"
1536 @@ -33,6 +34,34 @@ acl_extended_file(const char *path_p)
1537 int base_size = sizeof(acl_ea_header) + 3 * sizeof(acl_ea_entry);
1540 + /* XXX: Ugh: what's the easiest way to do this, taking
1541 + * into account default acl's, and that length alone won't do this?
1542 + * Also I'm a little uncomfortable with the amount of #ifdef
1543 + * NFS4 stuff that's going on. We need a cleaner separation. */
1544 +#ifdef USE_NFSV4_TRANS
1545 + retval = getxattr(path_p, ACL_NFS4_XATTR, NULL, 0);
1546 + if (retval < 0 && errno != ENOATTR && errno != EOPNOTSUPP)
1548 + if (retval >= 0) {
1549 + struct nfs4_acl *nfsacl;
1550 + char *ext_acl_p = alloca(retval);
1554 + retval = getxattr(path_p, ACL_NFS4_XATTR, ext_acl_p, retval);
1558 + nfsacl = acl_nfs4_xattr_load(ext_acl_p, retval, NFS4_ACL_ISFILE);
1560 + int count = nfsacl->naces;
1561 + acl_nfs4_free(nfsacl);
1568 retval = getxattr(path_p, ACL_EA_ACCESS, NULL, 0);
1569 if (retval < 0 && errno != ENOATTR && errno != ENODATA)
1571 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
1572 +++ acl-2.2.39/libacl/acl_ptn4_acl_trans.c 2007-08-22 12:02:13.000000000 -0400
1576 + * Convert a posix ACL to an NFSv4 ACL
1578 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
1579 + * All rights reserved.
1581 + * Nathaniel Gallaher <ngallahe@umich.edu>
1582 + * J. Bruce Fields <bfields@umich.edu>
1584 + * Redistribution and use in source and binary forms, with or without
1585 + * modification, are permitted provided that the following conditions
1588 + * 1. Redistributions of source code must retain the above copyright
1589 + * notice, this list of conditions and the following disclaimer.
1590 + * 2. Redistributions in binary form must reproduce the above copyright
1591 + * notice, this list of conditions and the following disclaimer in the
1592 + * documentation and/or other materials provided with the distribution.
1593 + * 3. Neither the name of the University nor the names of its
1594 + * contributors may be used to endorse or promote products derived
1595 + * from this software without specific prior written permission.
1597 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
1598 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1599 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
1600 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
1601 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
1602 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
1603 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
1604 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
1605 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
1606 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
1607 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1610 +#include <acl/libacl.h>
1611 +#include <nfsidmap.h>
1612 +#include "libacl_nfs4.h"
1615 +#define FILE_OR_DIR_INHERIT (NFS4_ACE_FILE_INHERIT_ACE \
1616 + | NFS4_ACE_DIRECTORY_INHERIT_ACE)
1617 +#define NFS4_INHERITANCE_FLAGS (FILE_OR_DIR_INHERIT | NFS4_ACE_INHERIT_ONLY_ACE)
1620 + * 1: if setting default, remove all purely inherited aces, and replace
1621 + * all dual-use aces by purely effective aces
1622 + * 2: if setting effective, remove all purely effective aces, and replace
1623 + * all dual-use aces by purely inherited ones
1625 +static void purge_aces(struct nfs4_acl *nacl, acl_type_t type)
1627 + struct nfs4_ace *p, *next;
1629 + for (p = nacl->ace_head.tqh_first; p != NULL; p = next) {
1630 + next = p->l_ace.tqe_next;
1632 + if (!(p->flag & FILE_OR_DIR_INHERIT)) {
1633 + /* purely effective */
1634 + if (type == ACL_TYPE_ACCESS)
1635 + acl_nfs4_remove_ace(nacl, p);
1636 + } else if (p->flag & NFS4_ACE_INHERIT_ONLY_ACE) {
1637 + /* purely inherited */
1638 + if (type == ACL_TYPE_DEFAULT)
1639 + acl_nfs4_remove_ace(nacl, p);
1641 + /* both effective and inherited */
1642 + if (type == ACL_TYPE_DEFAULT) {
1643 + /* Change to purely effective */
1644 + p->flag &= ~NFS4_INHERITANCE_FLAGS;
1645 + } else { /* ACL_TYPE_ACCESS */
1646 + /* Change to purely inherited */
1647 + p->flag |= NFS4_INHERITANCE_FLAGS;
1655 +acl_ptn4_acl_trans(acl_t pacl, struct nfs4_acl *acl, acl_type_t type, u32 is_dir, char *nfs_domain)
1658 + u32 mask, mask_mask = 0;
1660 + int result, result2;
1661 + u32 iflags = NFS4_ACL_NOFLAGS;
1662 + int allocated = 0;
1664 + acl_entry_t pace_p;
1665 + acl_tag_t ace_type;
1666 + acl_permset_t perms;
1668 + char who_buf_static[NFS4_ACL_WHO_BUFFER_LEN_GUESS];
1669 + char *who_buf = NULL;
1671 + int who_buflen_static = NFS4_ACL_WHO_BUFFER_LEN_GUESS;
1677 + if (type == ACL_TYPE_DEFAULT) {
1678 + eflag = NFS4_INHERITANCE_FLAGS;
1679 + iflags |= NFS4_ACL_REQUEST_DEFAULT;
1682 + purge_aces(acl, type);
1684 + if (is_dir & NFS4_ACL_ISDIR)
1685 + iflags |= NFS4_ACL_ISDIR;
1688 + if (pacl == NULL || (acl_valid(pacl) < 0 || acl_entries(pacl) == 0)) {
1693 + /* Start Conversion */
1695 + /* 3 aces minimum (mode bits) */
1696 + num_aces = acl_entries(pacl);
1697 + if (num_aces < 3) {
1702 + /* Get the mask entry */
1704 + result = acl_get_entry(pacl, ACL_FIRST_ENTRY, &pace_p);
1708 + while (result > 0 && mask_mask == 0) {
1709 + result = acl_get_tag_type(pace_p, &ace_type);
1713 + if (ace_type == ACL_MASK) {
1714 + result = acl_get_permset(pace_p, &perms);
1718 + result = acl_ptn4_get_mask(&mask_mask, perms, iflags);
1722 + mask_mask = ~mask_mask;
1725 + result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p);
1730 + /* Get the file owner entry */
1731 + result = acl_get_entry(pacl, ACL_FIRST_ENTRY, &pace_p);
1735 + result = acl_get_tag_type(pace_p, &ace_type);
1739 + if (ace_type != ACL_USER_OBJ) {
1744 + result = acl_get_permset(pace_p, &perms);
1748 + result = acl_ptn4_get_mask(&mask, perms, iflags | NFS4_ACL_OWNER);
1752 + result = acl_nfs4_add_pair(acl, eflag, mask, NFS4_ACL_WHO_OWNER, NULL);
1757 + result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p);
1761 + result2 = acl_get_tag_type(pace_p, &ace_type);
1765 + while (ace_type == ACL_USER && result > 0) {
1766 + result = acl_get_permset(pace_p, &perms);
1770 + result = acl_ptn4_get_mask(&mask, perms, iflags);
1774 + uid_p = acl_get_qualifier(pace_p);
1776 + who_buf = who_buf_static;
1777 + who_buflen = who_buflen_static;
1779 + result = nfs4_init_name_mapping(NULL);
1780 + result = nfs4_uid_to_name(*uid_p, nfs_domain, who_buf, who_buflen);
1783 + while (result == -ENOBUFS) {
1784 + if (who_buf != who_buf_static)
1787 + /* Increase the size by a full buflen unit */
1788 + who_buflen += who_buflen_static;
1789 + who_buf = malloc(who_buflen);
1791 + if (who_buf == NULL) {
1796 + result = nfs4_init_name_mapping(NULL);
1797 + result = nfs4_uid_to_name(*uid_p, nfs_domain, who_buf, who_buflen);
1806 + if (who_buf == NULL)
1809 + result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE,
1810 + eflag, mask_mask, NFS4_ACL_WHO_NAMED, who_buf);
1812 + if(who_buf != who_buf_static)
1817 + result = acl_nfs4_add_pair(acl, eflag, mask, NFS4_ACL_WHO_NAMED,
1819 + if (who_buf != who_buf_static)
1824 + result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p);
1828 + result2 = acl_get_tag_type(pace_p, &ace_type);
1834 + /* In the case of groups, we apply allow ACEs first, then deny ACEs,
1835 + * since a user can be in more than one group. */
1839 + if (num_aces > 3) {
1840 + result2 = acl_get_tag_type(pace_p, &ace_type);
1844 + if (ace_type != ACL_GROUP_OBJ) {
1849 + result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE,
1850 + NFS4_ACE_IDENTIFIER_GROUP | eflag, mask_mask,
1851 + NFS4_ACL_WHO_GROUP, NULL);
1857 + result = acl_get_permset(pace_p, &perms);
1861 + result = acl_ptn4_get_mask(&mask, perms, iflags);
1865 + result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE,
1866 + NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, NFS4_ACL_WHO_GROUP, NULL);
1871 + result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p);
1875 + result2 = acl_get_tag_type(pace_p, &ace_type);
1879 + while (ace_type == ACL_GROUP && result > 0) {
1880 + result = acl_get_permset(pace_p, &perms);
1884 + result = acl_ptn4_get_mask(&mask, perms, iflags);
1888 + gid_p = acl_get_qualifier(pace_p);
1890 + who_buf = who_buf_static;
1891 + who_buflen = who_buflen_static;
1893 + result = nfs4_gid_to_name(*gid_p, nfs_domain, who_buf, who_buflen);
1896 + while (result == -ENOBUFS) {
1897 + if (who_buf != who_buf_static)
1900 + /* Increase the size by a full buflen unit */
1901 + who_buflen += who_buflen_static;
1902 + who_buf = malloc(who_buflen);
1904 + if (who_buf == NULL) {
1909 + result = nfs4_gid_to_name(*gid_p, nfs_domain, who_buf, who_buflen);
1919 + if (who_buf == NULL)
1922 + result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE,
1923 + NFS4_ACE_IDENTIFIER_GROUP | eflag, mask_mask,
1924 + NFS4_ACL_WHO_NAMED, who_buf);
1926 + if(who_buf != who_buf_static)
1931 + result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE,
1932 + NFS4_ACE_IDENTIFIER_GROUP | eflag, mask,
1933 + NFS4_ACL_WHO_NAMED, who_buf);
1935 + if (who_buf != who_buf_static)
1940 + result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p);
1944 + result2 = acl_get_tag_type(pace_p, &ace_type);
1951 + result = acl_get_entry(pacl, ACL_FIRST_ENTRY, &pace_p);
1955 + result2 = acl_get_tag_type(pace_p, &ace_type);
1959 + while (ace_type != ACL_GROUP_OBJ && result > 0) {
1960 + result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p);
1964 + result2 = acl_get_tag_type(pace_p, &ace_type);
1969 + result = acl_get_permset(pace_p, &perms);
1973 + result = acl_ptn4_get_mask(&mask, perms, iflags);
1977 + result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE,
1978 + NFS4_ACE_IDENTIFIER_GROUP | eflag, ~mask, NFS4_ACL_WHO_GROUP,
1984 + result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p);
1988 + result2 = acl_get_tag_type(pace_p, &ace_type);
1992 + while (ace_type == ACL_GROUP && result > 0) {
1993 + result = acl_get_permset(pace_p, &perms);
1997 + result = acl_ptn4_get_mask(&mask, perms, iflags);
2001 + gid_p = acl_get_qualifier(pace_p);
2003 + who_buf = who_buf_static;
2004 + who_buflen = who_buflen_static;
2006 + result = nfs4_gid_to_name(*gid_p, nfs_domain, who_buf, who_buflen);
2009 + while (result == -ENOBUFS) {
2010 + if (who_buf != who_buf_static)
2013 + /* Increase the size by a full buflen unit */
2014 + who_buflen += who_buflen_static;
2015 + who_buf = malloc(who_buflen);
2017 + if (who_buf == NULL) {
2022 + result = nfs4_gid_to_name(*gid_p, nfs_domain, who_buf, who_buflen);
2032 + if (who_buf == NULL)
2035 + result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE,
2036 + NFS4_ACE_IDENTIFIER_GROUP | eflag, ~mask,
2037 + NFS4_ACL_WHO_NAMED, who_buf);
2038 + if (who_buf != who_buf_static)
2043 + result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p);
2047 + result2 = acl_get_tag_type(pace_p, &ace_type);
2052 + if (ace_type == ACL_MASK) {
2053 + result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p);
2057 + result2 = acl_get_tag_type(pace_p, &ace_type);
2062 + if (ace_type != ACL_OTHER) {
2067 + result = acl_get_permset(pace_p, &perms);
2071 + result = acl_ptn4_get_mask(&mask, perms, iflags);
2075 + result = acl_nfs4_add_pair(acl, eflag, mask, NFS4_ACL_WHO_EVERYONE, NULL);
2080 + acl_nfs4_free(acl);
2083 --- acl-2.2.39/libacl/acl_get_fd.c.orig 2006-06-20 02:51:25.000000000 -0400
2084 +++ acl-2.2.39/libacl/acl_get_fd.c 2007-08-22 12:02:13.000000000 -0400
2087 #include "__acl_from_xattr.h"
2089 +#ifdef USE_NFSV4_TRANS
2090 + #include "libacl_nfs4.h"
2093 #include "byteorder.h"
2096 @@ -38,31 +42,59 @@ acl_get_fd(int fd)
2098 const size_t size_guess = acl_ea_size(16);
2099 char *ext_acl_p = alloca(size_guess);
2100 + char *name = ACL_EA_ACCESS;
2106 - retval = fgetxattr(fd, ACL_EA_ACCESS, ext_acl_p, size_guess);
2108 +#ifdef USE_NFSV4_TRANS
2109 + retval = fgetxattr(fd, ACL_NFS4_XATTR, ext_acl_p, size_guess);
2110 + if(retval == -1 && (errno == ENOATTR || errno == EOPNOTSUPP)) {
2111 + nfsv4acls = ACL_NFS4_NOT_USED;
2112 + retval = fgetxattr(fd, name, ext_acl_p, size_guess);
2114 + nfsv4acls = ACL_NFS4_USED;
2115 + name = ACL_NFS4_XATTR;
2118 + retval = fgetxattr(fd, name, ext_acl_p, size_guess);
2121 if (retval == -1 && errno == ERANGE) {
2122 - retval = fgetxattr(fd, ACL_EA_ACCESS, NULL, 0);
2123 + retval = fgetxattr(fd, name, NULL, 0);
2125 ext_acl_p = alloca(retval);
2128 - retval = fgetxattr(fd, ACL_EA_ACCESS, ext_acl_p,retval);
2129 + retval = fgetxattr(fd, name, ext_acl_p, retval);
2133 - acl_t acl = __acl_from_xattr(ext_acl_p, retval);
2135 +#ifdef USE_NFSV4_TRANS
2136 + if(nfsv4acls == ACL_NFS4_USED) {
2137 + acl_t acl = __posix_acl_from_nfs4_xattr(ext_acl_p, retval,
2138 + ACL_TYPE_ACCESS, NFS4_ACL_ISFILE);
2145 + acl_t acl = __acl_from_xattr(ext_acl_p, retval);
2148 } else if (retval == 0 || errno == ENOATTR || errno == ENODATA) {
2151 - if (fstat(fd, &st) == 0)
2152 - return acl_from_mode(st.st_mode);
2154 + if (fstat(fd, &st) != 0) {
2159 + return acl_from_mode(st.st_mode);
2165 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
2166 +++ acl-2.2.39/libacl/acl_nfs4_xattr_size.c 2007-08-22 12:02:13.000000000 -0400
2170 + * Return the expected xattr XDR encoded size of the nfs acl. Used for
2171 + * figuring the size of the xattr buffer.
2173 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
2174 + * All rights reserved.
2176 + * Nathaniel Gallaher <ngallahe@umich.edu>
2178 + * Redistribution and use in source and binary forms, with or without
2179 + * modification, are permitted provided that the following conditions
2182 + * 1. Redistributions of source code must retain the above copyright
2183 + * notice, this list of conditions and the following disclaimer.
2184 + * 2. Redistributions in binary form must reproduce the above copyright
2185 + * notice, this list of conditions and the following disclaimer in the
2186 + * documentation and/or other materials provided with the distribution.
2187 + * 3. Neither the name of the University nor the names of its
2188 + * contributors may be used to endorse or promote products derived
2189 + * from this software without specific prior written permission.
2191 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
2192 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
2193 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
2194 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
2195 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
2196 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
2197 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
2198 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
2199 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
2200 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
2201 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2204 +#include <libacl_nfs4.h>
2206 +int acl_nfs4_xattr_size(struct nfs4_acl * acl)
2209 + struct nfs4_ace * ace;
2218 + /* Space for number of aces */
2219 + size += sizeof(u32);
2221 + ace = acl->ace_head.tqh_first;
2224 + num_aces = acl->naces;
2229 + if(ace_num > num_aces) {
2237 + /* space for type, flag, and mask */
2238 + size += (3 * sizeof(u32));
2240 + /* space for strlen */
2241 + size += sizeof(u32);
2243 + /* space for the who string... xdr encoded */
2244 + size += (strlen(ace->who) / NFS4_XDR_MOD) * NFS4_XDR_MOD * sizeof(char);
2245 + if(strlen(ace->who) % NFS4_XDR_MOD) {
2246 + size += NFS4_XDR_MOD;
2249 + ace = ace->l_ace.tqe_next;
2259 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
2260 +++ acl-2.2.39/libacl/acl_ptn4_get_mask.c 2007-08-22 12:02:13.000000000 -0400
2264 + * Translate POSIX permissions to an NFSv4 mask
2266 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
2267 + * All rights reserved.
2269 + * Nathaniel Gallaher <ngallahe@umich.edu>
2271 + * Redistribution and use in source and binary forms, with or without
2272 + * modification, are permitted provided that the following conditions
2275 + * 1. Redistributions of source code must retain the above copyright
2276 + * notice, this list of conditions and the following disclaimer.
2277 + * 2. Redistributions in binary form must reproduce the above copyright
2278 + * notice, this list of conditions and the following disclaimer in the
2279 + * documentation and/or other materials provided with the distribution.
2280 + * 3. Neither the name of the University nor the names of its
2281 + * contributors may be used to endorse or promote products derived
2282 + * from this software without specific prior written permission.
2284 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
2285 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
2286 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
2287 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
2288 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
2289 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
2290 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
2291 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
2292 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
2293 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
2294 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2297 +#include <acl/libacl.h>
2298 +#include <libacl_nfs4.h>
2300 +int acl_ptn4_get_mask(u32* mask, acl_permset_t perms, int iflags)
2304 + *mask = NFS4_ANYONE_MODE;
2306 + if (perms == NULL) {
2311 + if (iflags & NFS4_ACL_OWNER)
2312 + *mask |= NFS4_OWNER_MODE;
2314 + result = acl_get_perm(perms, ACL_READ);
2317 + else if(result == 1)
2318 + *mask |= NFS4_READ_MODE;
2320 + result = acl_get_perm(perms, ACL_WRITE);
2323 + else if (result == 1) {
2324 + *mask |= NFS4_WRITE_MODE;
2325 + if (iflags & NFS4_ACL_ISDIR)
2326 + *mask |= NFS4_ACE_DELETE_CHILD;
2329 + result = acl_get_perm(perms, ACL_EXECUTE);
2332 + else if (result == 1)
2333 + *mask |= NFS4_EXECUTE_MODE;
2343 --- acl-2.2.39/libacl/acl_get_file.c.orig 2006-06-20 02:51:25.000000000 -0400
2344 +++ acl-2.2.39/libacl/acl_get_file.c 2007-08-22 12:02:13.000000000 -0400
2347 #include "__acl_from_xattr.h"
2349 +#ifdef USE_NFSV4_TRANS
2350 + #include "libacl_nfs4.h"
2353 #include "byteorder.h"
2356 @@ -40,6 +44,8 @@ acl_get_file(const char *path_p, acl_typ
2357 char *ext_acl_p = alloca(size_guess);
2364 case ACL_TYPE_ACCESS:
2365 @@ -55,8 +61,20 @@ acl_get_file(const char *path_p, acl_typ
2369 +#ifdef USE_NFSV4_TRANS
2370 + retval = getxattr(path_p, ACL_NFS4_XATTR, ext_acl_p, size_guess);
2371 + if((retval == -1) && (errno == ENOATTR || errno == EOPNOTSUPP)) {
2372 + nfsv4acls = ACL_NFS4_NOT_USED;
2373 + retval = getxattr(path_p, name, ext_acl_p, size_guess);
2375 + nfsv4acls = ACL_NFS4_USED;
2376 + name = ACL_NFS4_XATTR;
2379 retval = getxattr(path_p, name, ext_acl_p, size_guess);
2380 - if (retval == -1 && errno == ERANGE) {
2383 + if ((retval == -1) && (errno == ERANGE)) {
2384 retval = getxattr(path_p, name, NULL, 0);
2386 ext_acl_p = alloca(retval);
2387 @@ -66,9 +84,29 @@ acl_get_file(const char *path_p, acl_typ
2391 - acl_t acl = __acl_from_xattr(ext_acl_p, retval);
2393 - } else if (retval == 0 || errno == ENOATTR || errno == ENODATA) {
2394 +#ifdef USE_NFSV4_TRANS
2395 + if(nfsv4acls == ACL_NFS4_USED) {
2398 + iflags = NFS4_ACL_ISFILE;
2400 + if (stat(path_p, &st) != 0)
2403 + if (S_ISDIR(st.st_mode))
2404 + iflags = NFS4_ACL_ISDIR;
2406 + acl_t acl = __posix_acl_from_nfs4_xattr(ext_acl_p, retval, type,
2413 + acl_t acl = __acl_from_xattr(ext_acl_p, retval);
2416 + } else if ((retval == 0) || (errno == ENOATTR) || (errno == ENODATA)) {
2419 if (stat(path_p, &st) != 0)
2420 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
2421 +++ acl-2.2.39/libacl/libacl_nfs4.h 2007-08-22 12:02:13.000000000 -0400
2423 +#include <sys/types.h>
2426 +#include <sys/acl.h>
2427 +#include <stdlib.h>
2428 +#include <sys/queue.h>
2430 +#include <sys/errno.h>
2431 +#include <string.h>
2433 +/* mode bit translations: */
2434 +#define NFS4_READ_MODE NFS4_ACE_READ_DATA
2435 +#define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA | NFS4_ACE_APPEND_DATA)
2436 +#define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE
2437 +#define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | \
2438 + NFS4_ACE_SYNCHRONIZE)
2439 +#define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL)
2441 +#define NFS4_ACE_MASK_IGNORE (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \
2442 + | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS)
2443 +/* XXX not sure about the following. Note that e.g. DELETE_CHILD is wrong in
2444 + * general (should only be ignored on files). */
2445 +#define MASK_EQUAL(mask1, mask2) \
2446 + (((mask1) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \
2447 + ~NFS4_ACE_DELETE_CHILD) \
2448 + == ((mask2) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \
2449 + ~NFS4_ACE_DELETE_CHILD))
2451 +/* Maximum length of the ace->who attribute */
2452 +#define NFS4_ACL_WHO_LENGTH_MAX 2048
2453 +#define NFS4_ACL_WHO_BUFFER_LEN_GUESS 255
2455 +/* NFS4 acl xattr name */
2456 +#define ACL_NFS4_XATTR "system.nfs4_acl"
2458 +/* Macro for finding empty tailqs */
2459 +#define TAILQ_IS_EMPTY(head) (head.tqh_first == NULL)
2461 +/* Flags to pass certain properties around */
2462 +#define NFS4_ACL_NOFLAGS 0x00
2463 +#define NFS4_ACL_ISFILE 0x00
2464 +#define NFS4_ACL_ISDIR 0x01
2465 +#define NFS4_ACL_OWNER 0x02
2466 +#define NFS4_ACL_REQUEST_DEFAULT 0x04
2467 +#define NFS4_ACL_RAW 0x01
2469 +#define NFS4_XDR_MOD 4
2471 +typedef u_int32_t u32;
2473 +enum { ACL_NFS4_NOT_USED = 0,
2477 +struct ace_container {
2478 + struct nfs4_ace *ace;
2479 + TAILQ_ENTRY(ace_container) l_ace;
2482 +TAILQ_HEAD(ace_container_list_head, ace_container);
2484 +/**** Public functions ****/
2486 +/** Manipulation functions **/
2487 +extern int acl_nfs4_add_ace(struct nfs4_acl *, u32, u32, u32, int, char*);
2488 +extern int acl_nfs4_add_pair(struct nfs4_acl *, int, u32, int, char*);
2489 +extern void acl_nfs4_free(struct nfs4_acl *);
2490 +extern struct nfs4_acl *acl_nfs4_new(u32);
2491 +extern int acl_nfs4_set_who(struct nfs4_ace*, int, char*);
2492 +extern struct nfs4_acl *acl_nfs4_copy_acl(struct nfs4_acl *);
2493 +extern struct nfs4_acl *acl_nfs4_xattr_load(char *, int, u32);
2494 +extern int acl_nfs4_xattr_pack(struct nfs4_acl *, char**);
2495 +extern int acl_nfs4_xattr_size(struct nfs4_acl *);
2496 +extern void acl_nfs4_remove_ace(struct nfs4_acl * acl, struct nfs4_ace * ace);
2498 +/** Conversion functions **/
2500 +/* nfs4 -> posix */
2501 +extern acl_t acl_n4tp_acl_trans(struct nfs4_acl *, acl_type_t);
2503 +/* posix -> nfs4 */
2504 +extern int acl_ptn4_get_mask(u32* mask, acl_permset_t perms,
2506 +extern int acl_ptn4_acl_trans(acl_t, struct nfs4_acl *, acl_type_t, u32, char*);
2509 +/** Access Functions **/
2510 +extern inline int acl_nfs4_get_whotype(char*);
2511 +extern int acl_nfs4_get_who(struct nfs4_ace*, int*, char**);
2513 +/**** Private(?) functions ****/
2514 +acl_t __posix_acl_from_nfs4_xattr(char*, int, acl_type_t, u32);
2516 +/* These will change */
2517 +char * nfs4_get_who_from_uid(uid_t);
2518 +char * nfs4_get_who_from_gid(gid_t);
2520 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
2521 +++ acl-2.2.39/libacl/acl_nfs4_new.c 2007-08-22 12:02:13.000000000 -0400
2524 + * Common NFSv4 ACL handling code.
2525 + * Create a new NFSv4 ACL
2527 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
2528 + * All rights reserved.
2530 + * Marius Aamodt Eriksen <marius@umich.edu>
2531 + * J. Bruce Fields <bfields@umich.edu>
2532 + * Nathaniel Gallaher <ngallahe@umich.edu>
2533 + * Jeff Sedlak <jsedlak@umich.edu>
2535 + * Redistribution and use in source and binary forms, with or without
2536 + * modification, are permitted provided that the following conditions
2539 + * 1. Redistributions of source code must retain the above copyright
2540 + * notice, this list of conditions and the following disclaimer.
2541 + * 2. Redistributions in binary form must reproduce the above copyright
2542 + * notice, this list of conditions and the following disclaimer in the
2543 + * documentation and/or other materials provided with the distribution.
2544 + * 3. Neither the name of the University nor the names of its
2545 + * contributors may be used to endorse or promote products derived
2546 + * from this software without specific prior written permission.
2548 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
2549 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
2550 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
2551 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
2552 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
2553 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
2554 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
2555 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
2556 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
2557 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
2558 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2563 +#include "libacl_nfs4.h"
2566 +acl_nfs4_new(u32 is_dir)
2568 + struct nfs4_acl *acl;
2570 + if ((acl = malloc(sizeof(*acl))) == NULL)
2574 + acl->is_directory = is_dir;
2576 + TAILQ_INIT(&acl->ace_head);
2581 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
2582 +++ acl-2.2.39/libacl/acl_nfs4_copy_acl.c 2007-08-22 12:02:13.000000000 -0400
2586 + * Deep copy an NFS4 ACL
2588 + * Copyright (c) 2002, 2003 The Regents of the University of Michigan.
2589 + * All rights reserved.
2591 + * Nathaniel Gallaher <ngallahe@umich.edu>
2593 + * Redistribution and use in source and binary forms, with or without
2594 + * modification, are permitted provided that the following conditions
2597 + * 1. Redistributions of source code must retain the above copyright
2598 + * notice, this list of conditions and the following disclaimer.
2599 + * 2. Redistributions in binary form must reproduce the above copyright
2600 + * notice, this list of conditions and the following disclaimer in the
2601 + * documentation and/or other materials provided with the distribution.
2602 + * 3. Neither the name of the University nor the names of its
2603 + * contributors may be used to endorse or promote products derived
2604 + * from this software without specific prior written permission.
2606 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
2607 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
2608 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
2609 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
2610 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
2611 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
2612 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
2613 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
2614 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
2615 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
2616 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2619 +#include "libacl_nfs4.h"
2621 +struct nfs4_acl * acl_nfs4_copy_acl(struct nfs4_acl * nacl)
2623 + struct nfs4_acl * new_acl;
2624 + struct nfs4_ace * ace;
2629 + if(nacl == NULL) {
2634 + num_aces = nacl->naces;
2636 + new_acl = acl_nfs4_new(nacl->is_directory);
2637 + if(new_acl == NULL)
2640 + ace = nacl->ace_head.tqh_first;
2646 + if(nace > num_aces)
2652 + result = acl_nfs4_add_ace(new_acl, ace->type, ace->flag,
2653 + ace->access_mask, acl_nfs4_get_whotype(ace->who), ace->who);
2657 + ace = ace->l_ace.tqe_next;
2664 + acl_nfs4_free(new_acl);
2669 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
2670 +++ acl-2.2.39/libacl/acl_nfs4_add_pair.c 2007-08-22 12:02:13.000000000 -0400
2673 + * Add a pair of aces to the acl. The ace masks are complements of each other
2674 + * This keeps us from walking off the end of the acl
2676 + * Copyright (c) 2004 The Regents of the University of Michigan.
2677 + * All rights reserved.
2679 + * Marius Aamodt Eriksen <marius@umich.edu>
2680 + * J. Bruce Fields <bfields@umich.edu>
2681 + * Nathaniel Gallaher <ngallahe@umich.edu>
2682 + * Jeff Sedlak <jsedlak@umich.edu>
2684 + * Redistribution and use in source and binary forms, with or without
2685 + * modification, are permitted provided that the following conditions
2688 + * 1. Redistributions of source code must retain the above copyright
2689 + * notice, this list of conditions, the following disclaimer, and
2690 + * any and all other licensing or copyright notices included in
2691 + * any files in this distribution.
2692 + * 2. Redistributions in binary form must reproduce the above copyright
2693 + * notice, this list of conditions and the following disclaimer in the
2694 + * documentation and/or other materials provided with the distribution.
2695 + * 3. Neither the name of the University nor the names of its
2696 + * contributors may be used to endorse or promote products derived
2697 + * from this software without specific prior written permission.
2699 + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
2700 + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
2701 + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
2702 + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
2703 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
2704 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
2705 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
2706 + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
2707 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
2708 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
2709 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2714 +#include "libacl_nfs4.h"
2717 +acl_nfs4_add_pair(struct nfs4_acl *acl, int eflag, u32 mask, int ownertype,
2722 + error = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE,
2723 + eflag, mask, ownertype, owner);
2726 + error = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE,
2727 + eflag, ~mask, ownertype, owner);
2732 --- acl-2.2.39/exports.orig 2006-06-20 02:51:25.000000000 -0400
2733 +++ acl-2.2.39/exports 2007-08-22 12:02:13.000000000 -0400
2734 @@ -67,3 +67,33 @@ ACL_1.1 {
2742 + acl_nfs4_add_pair;
2747 + acl_nfs4_copy_acl;
2748 + acl_nfs4_xattr_load;
2749 + acl_nfs4_xattr_pack;
2750 + acl_nfs4_xattr_size;
2751 + acl_nfs4_remove_ace;
2753 + acl_n4tp_acl_trans;
2755 + acl_ptn4_get_mask;
2756 + acl_ptn4_acl_trans;
2758 + acl_nfs4_get_whotype;
2763 + __posix_acl_from_nfs4_xattr;
2764 + nfs4_get_who_from_uid;
2765 + nfs4_get_who_from_gid;
2768 --- acl-2.2.39/include/builddefs.in.orig 2007-08-22 11:59:37.000000000 -0400
2769 +++ acl-2.2.39/include/builddefs.in 2007-08-22 12:02:13.000000000 -0400
2770 @@ -65,7 +65,7 @@ endif
2772 GCFLAGS = $(OPTIMIZER) $(DEBUG) -funsigned-char -fno-strict-aliasing -Wall \
2773 -DVERSION=\"$(PKG_VERSION)\" -DLOCALEDIR=\"$(PKG_LOCALE_DIR)\" \
2774 - -DPACKAGE=\"$(PKG_NAME)\" -I$(TOPDIR)/include
2775 + -DPACKAGE=\"$(PKG_NAME)\" -I$(TOPDIR)/include -DUSE_NFSV4_TRANS
2777 # Global, Platform, Local CFLAGS
2778 CFLAGS += $(GCFLAGS) $(PCFLAGS) $(LCFLAGS)
2779 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
2780 +++ acl-2.2.39/include/nfs4.h 2007-08-22 12:02:13.000000000 -0400
2783 + * NFSv4 protocol definitions.
2785 + * Copyright (c) 2002 The Regents of the University of Michigan.
2786 + * All rights reserved.
2788 + * Kendrick Smith <kmsmith@umich.edu>
2789 + * Andy Adamson <andros@umich.edu>
2792 +#include<sys/types.h>
2793 +#include<sys/queue.h>
2795 +#ifndef _LINUX_NFS4_H
2796 +#define _LINUX_NFS4_H
2798 +#define NFS4_VERIFIER_SIZE 8
2799 +#define NFS4_FHSIZE 128
2800 +#define NFS4_MAXNAMLEN NAME_MAX
2802 +#define NFS4_ACCESS_READ 0x0001
2803 +#define NFS4_ACCESS_LOOKUP 0x0002
2804 +#define NFS4_ACCESS_MODIFY 0x0004
2805 +#define NFS4_ACCESS_EXTEND 0x0008
2806 +#define NFS4_ACCESS_DELETE 0x0010
2807 +#define NFS4_ACCESS_EXECUTE 0x0020
2809 +#define NFS4_FH_PERISTENT 0x0000
2810 +#define NFS4_FH_NOEXPIRE_WITH_OPEN 0x0001
2811 +#define NFS4_FH_VOLATILE_ANY 0x0002
2812 +#define NFS4_FH_VOL_MIGRATION 0x0004
2813 +#define NFS4_FH_VOL_RENAME 0x0008
2815 +#define NFS4_OPEN_RESULT_CONFIRM 0x0002
2817 +#define NFS4_SHARE_ACCESS_READ 0x0001
2818 +#define NFS4_SHARE_ACCESS_WRITE 0x0002
2819 +#define NFS4_SHARE_ACCESS_BOTH 0x0003
2820 +#define NFS4_SHARE_DENY_READ 0x0001
2821 +#define NFS4_SHARE_DENY_WRITE 0x0002
2822 +#define NFS4_SHARE_DENY_BOTH 0x0003
2824 +#define NFS4_SET_TO_SERVER_TIME 0
2825 +#define NFS4_SET_TO_CLIENT_TIME 1
2827 +#define NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE 0
2828 +#define NFS4_ACE_ACCESS_DENIED_ACE_TYPE 1
2829 +#define NFS4_ACE_SYSTEM_AUDIT_ACE_TYPE 2
2830 +#define NFS4_ACE_SYSTEM_ALARM_ACE_TYPE 3
2832 +#define ACL4_SUPPORT_ALLOW_ACL 0x01
2833 +#define ACL4_SUPPORT_DENY_ACL 0x02
2834 +#define ACL4_SUPPORT_AUDIT_ACL 0x04
2835 +#define ACL4_SUPPORT_ALARM_ACL 0x08
2837 +#define NFS4_ACE_FILE_INHERIT_ACE 0x00000001
2838 +#define NFS4_ACE_DIRECTORY_INHERIT_ACE 0x00000002
2839 +#define NFS4_ACE_NO_PROPAGATE_INHERIT_ACE 0x00000004
2840 +#define NFS4_ACE_INHERIT_ONLY_ACE 0x00000008
2841 +#define NFS4_ACE_SUCCESSFUL_ACCESS_ACE_FLAG 0x00000010
2842 +#define NFS4_ACE_FAILED_ACCESS_ACE_FLAG 0x00000020
2843 +#define NFS4_ACE_IDENTIFIER_GROUP 0x00000040
2844 +#define NFS4_ACE_OWNER 0x00000080
2845 +#define NFS4_ACE_GROUP 0x00000100
2846 +#define NFS4_ACE_EVERYONE 0x00000200
2848 +#define NFS4_ACE_READ_DATA 0x00000001
2849 +#define NFS4_ACE_LIST_DIRECTORY 0x00000001
2850 +#define NFS4_ACE_WRITE_DATA 0x00000002
2851 +#define NFS4_ACE_ADD_FILE 0x00000002
2852 +#define NFS4_ACE_APPEND_DATA 0x00000004
2853 +#define NFS4_ACE_ADD_SUBDIRECTORY 0x00000004
2854 +#define NFS4_ACE_READ_NAMED_ATTRS 0x00000008
2855 +#define NFS4_ACE_WRITE_NAMED_ATTRS 0x00000010
2856 +#define NFS4_ACE_EXECUTE 0x00000020
2857 +#define NFS4_ACE_DELETE_CHILD 0x00000040
2858 +#define NFS4_ACE_READ_ATTRIBUTES 0x00000080
2859 +#define NFS4_ACE_WRITE_ATTRIBUTES 0x00000100
2860 +#define NFS4_ACE_DELETE 0x00010000
2861 +#define NFS4_ACE_READ_ACL 0x00020000
2862 +#define NFS4_ACE_WRITE_ACL 0x00040000
2863 +#define NFS4_ACE_WRITE_OWNER 0x00080000
2864 +#define NFS4_ACE_SYNCHRONIZE 0x00100000
2865 +#define NFS4_ACE_GENERIC_READ 0x00120081
2866 +#define NFS4_ACE_GENERIC_WRITE 0x00160106
2867 +#define NFS4_ACE_GENERIC_EXECUTE 0x001200A0
2868 +#define NFS4_ACE_MASK_ALL 0x001F01FF
2870 +enum nfs4_acl_whotype {
2871 + NFS4_ACL_WHO_NAMED = 0,
2872 + NFS4_ACL_WHO_OWNER,
2873 + NFS4_ACL_WHO_GROUP,
2874 + NFS4_ACL_WHO_EVERYONE,
2877 +#define NFS4_ACL_WHO_OWNER_STRING "OWNER@"
2878 +#define NFS4_ACL_WHO_GROUP_STRING "GROUP@"
2879 +#define NFS4_ACL_WHO_EVERYONE_STRING "EVERYONE@"
2884 + u_int32_t access_mask;
2886 + TAILQ_ENTRY(nfs4_ace) l_ace;
2889 +TAILQ_HEAD(ace_list_head, nfs4_ace);
2893 + u_int32_t is_directory;
2894 + struct ace_list_head ace_head;
2897 +typedef struct { char data[NFS4_VERIFIER_SIZE]; } nfs4_verifier;
2898 +typedef struct { char data[16]; } nfs4_stateid;
2905 + OP_DELEGPURGE = 7,
2906 + OP_DELEGRETURN = 8,
2918 + OP_OPEN_CONFIRM = 20,
2919 + OP_OPEN_DOWNGRADE = 21,
2922 + OP_PUTROOTFH = 24,
2929 + OP_RESTOREFH = 31,
2933 + OP_SETCLIENTID = 35,
2934 + OP_SETCLIENTID_CONFIRM = 36,
2937 + OP_RELEASE_LOCKOWNER = 39,
2938 + OP_ILLEGAL = 10044,
2944 + NFS4ERR_NOENT = 2,
2947 + NFS4ERR_ACCESS = 13,
2948 + NFS4ERR_EXIST = 17,
2949 + NFS4ERR_XDEV = 18,
2950 + /* Unused/reserved 19 */
2951 + NFS4ERR_NOTDIR = 20,
2952 + NFS4ERR_ISDIR = 21,
2953 + NFS4ERR_INVAL = 22,
2954 + NFS4ERR_FBIG = 27,
2955 + NFS4ERR_NOSPC = 28,
2956 + NFS4ERR_ROFS = 30,
2957 + NFS4ERR_MLINK = 31,
2958 + NFS4ERR_NAMETOOLONG = 63,
2959 + NFS4ERR_NOTEMPTY = 66,
2960 + NFS4ERR_DQUOT = 69,
2961 + NFS4ERR_STALE = 70,
2962 + NFS4ERR_BADHANDLE = 10001,
2963 + NFS4ERR_BAD_COOKIE = 10003,
2964 + NFS4ERR_NOTSUPP = 10004,
2965 + NFS4ERR_TOOSMALL = 10005,
2966 + NFS4ERR_SERVERFAULT = 10006,
2967 + NFS4ERR_BADTYPE = 10007,
2968 + NFS4ERR_DELAY = 10008,
2969 + NFS4ERR_SAME = 10009,
2970 + NFS4ERR_DENIED = 10010,
2971 + NFS4ERR_EXPIRED = 10011,
2972 + NFS4ERR_LOCKED = 10012,
2973 + NFS4ERR_GRACE = 10013,
2974 + NFS4ERR_FHEXPIRED = 10014,
2975 + NFS4ERR_SHARE_DENIED = 10015,
2976 + NFS4ERR_WRONGSEC = 10016,
2977 + NFS4ERR_CLID_INUSE = 10017,
2978 + NFS4ERR_RESOURCE = 10018,
2979 + NFS4ERR_MOVED = 10019,
2980 + NFS4ERR_NOFILEHANDLE = 10020,
2981 + NFS4ERR_MINOR_VERS_MISMATCH = 10021,
2982 + NFS4ERR_STALE_CLIENTID = 10022,
2983 + NFS4ERR_STALE_STATEID = 10023,
2984 + NFS4ERR_OLD_STATEID = 10024,
2985 + NFS4ERR_BAD_STATEID = 10025,
2986 + NFS4ERR_BAD_SEQID = 10026,
2987 + NFS4ERR_NOT_SAME = 10027,
2988 + NFS4ERR_LOCK_RANGE = 10028,
2989 + NFS4ERR_SYMLINK = 10029,
2990 + NFS4ERR_RESTOREFH = 10030,
2991 + NFS4ERR_LEASE_MOVED = 10031,
2992 + NFS4ERR_ATTRNOTSUPP = 10032,
2993 + NFS4ERR_NO_GRACE = 10033,
2994 + NFS4ERR_RECLAIM_BAD = 10034,
2995 + NFS4ERR_RECLAIM_CONFLICT = 10035,
2996 + NFS4ERR_BADXDR = 10036,
2997 + NFS4ERR_LOCKS_HELD = 10037,
2998 + NFS4ERR_OPENMODE = 10038,
2999 + NFS4ERR_BADOWNER = 10039,
3000 + NFS4ERR_BADCHAR = 10040,
3001 + NFS4ERR_BADNAME = 10041,
3002 + NFS4ERR_BAD_RANGE = 10042,
3003 + NFS4ERR_LOCK_NOTSUPP = 10043,
3004 + NFS4ERR_OP_ILLEGAL = 10044,
3005 + NFS4ERR_DEADLOCK = 10045,
3006 + NFS4ERR_FILE_OPEN = 10046,
3007 + NFS4ERR_ADMIN_REVOKED = 10047,
3008 + NFS4ERR_CB_PATH_DOWN = 10048
3012 + * Note: NF4BAD is not actually part of the protocol; it is just used
3013 + * internally by nfsd.
3017 + NF4REG = 1, /* Regular File */
3018 + NF4DIR = 2, /* Directory */
3019 + NF4BLK = 3, /* Special File - block device */
3020 + NF4CHR = 4, /* Special File - character device */
3021 + NF4LNK = 5, /* Symbolic Link */
3022 + NF4SOCK = 6, /* Special File - socket */
3023 + NF4FIFO = 7, /* Special File - fifo */
3024 + NF4ATTRDIR = 8, /* Attribute Directory */
3025 + NF4NAMEDATTR = 9 /* Named Attribute */
3028 +enum open_claim_type4 {
3029 + NFS4_OPEN_CLAIM_NULL = 0,
3030 + NFS4_OPEN_CLAIM_PREVIOUS = 1,
3031 + NFS4_OPEN_CLAIM_DELEGATE_CUR = 2,
3032 + NFS4_OPEN_CLAIM_DELEGATE_PREV = 3
3036 + NFS4_OPEN_NOCREATE = 0,
3037 + NFS4_OPEN_CREATE = 1
3041 + NFS4_CREATE_UNCHECKED = 0,
3042 + NFS4_CREATE_GUARDED = 1,
3043 + NFS4_CREATE_EXCLUSIVE = 2
3047 + NFS4_LIMIT_SIZE = 1,
3048 + NFS4_LIMIT_BLOCKS = 2
3051 +enum open_delegation_type4 {
3052 + NFS4_OPEN_DELEGATE_NONE = 0,
3053 + NFS4_OPEN_DELEGATE_READ = 1,
3054 + NFS4_OPEN_DELEGATE_WRITE = 2
3058 + NFS4_UNLOCK_LT = 0,
3060 + NFS4_WRITE_LT = 2,
3061 + NFS4_READW_LT = 3,
3062 + NFS4_WRITEW_LT = 4
3066 +/* Mandatory Attributes */
3067 +#define FATTR4_WORD0_SUPPORTED_ATTRS (1UL << 0)
3068 +#define FATTR4_WORD0_TYPE (1UL << 1)
3069 +#define FATTR4_WORD0_FH_EXPIRE_TYPE (1UL << 2)
3070 +#define FATTR4_WORD0_CHANGE (1UL << 3)
3071 +#define FATTR4_WORD0_SIZE (1UL << 4)
3072 +#define FATTR4_WORD0_LINK_SUPPORT (1UL << 5)
3073 +#define FATTR4_WORD0_SYMLINK_SUPPORT (1UL << 6)
3074 +#define FATTR4_WORD0_NAMED_ATTR (1UL << 7)
3075 +#define FATTR4_WORD0_FSID (1UL << 8)
3076 +#define FATTR4_WORD0_UNIQUE_HANDLES (1UL << 9)
3077 +#define FATTR4_WORD0_LEASE_TIME (1UL << 10)
3078 +#define FATTR4_WORD0_RDATTR_ERROR (1UL << 11)
3080 +/* Recommended Attributes */
3081 +#define FATTR4_WORD0_ACL (1UL << 12)
3082 +#define FATTR4_WORD0_ACLSUPPORT (1UL << 13)
3083 +#define FATTR4_WORD0_ARCHIVE (1UL << 14)
3084 +#define FATTR4_WORD0_CANSETTIME (1UL << 15)
3085 +#define FATTR4_WORD0_CASE_INSENSITIVE (1UL << 16)
3086 +#define FATTR4_WORD0_CASE_PRESERVING (1UL << 17)
3087 +#define FATTR4_WORD0_CHOWN_RESTRICTED (1UL << 18)
3088 +#define FATTR4_WORD0_FILEHANDLE (1UL << 19)
3089 +#define FATTR4_WORD0_FILEID (1UL << 20)
3090 +#define FATTR4_WORD0_FILES_AVAIL (1UL << 21)
3091 +#define FATTR4_WORD0_FILES_FREE (1UL << 22)
3092 +#define FATTR4_WORD0_FILES_TOTAL (1UL << 23)
3093 +#define FATTR4_WORD0_FS_LOCATIONS (1UL << 24)
3094 +#define FATTR4_WORD0_HIDDEN (1UL << 25)
3095 +#define FATTR4_WORD0_HOMOGENEOUS (1UL << 26)
3096 +#define FATTR4_WORD0_MAXFILESIZE (1UL << 27)
3097 +#define FATTR4_WORD0_MAXLINK (1UL << 28)
3098 +#define FATTR4_WORD0_MAXNAME (1UL << 29)
3099 +#define FATTR4_WORD0_MAXREAD (1UL << 30)
3100 +#define FATTR4_WORD0_MAXWRITE (1UL << 31)
3101 +#define FATTR4_WORD1_MIMETYPE (1UL << 0)
3102 +#define FATTR4_WORD1_MODE (1UL << 1)
3103 +#define FATTR4_WORD1_NO_TRUNC (1UL << 2)
3104 +#define FATTR4_WORD1_NUMLINKS (1UL << 3)
3105 +#define FATTR4_WORD1_OWNER (1UL << 4)
3106 +#define FATTR4_WORD1_OWNER_GROUP (1UL << 5)
3107 +#define FATTR4_WORD1_QUOTA_HARD (1UL << 6)
3108 +#define FATTR4_WORD1_QUOTA_SOFT (1UL << 7)
3109 +#define FATTR4_WORD1_QUOTA_USED (1UL << 8)
3110 +#define FATTR4_WORD1_RAWDEV (1UL << 9)
3111 +#define FATTR4_WORD1_SPACE_AVAIL (1UL << 10)
3112 +#define FATTR4_WORD1_SPACE_FREE (1UL << 11)
3113 +#define FATTR4_WORD1_SPACE_TOTAL (1UL << 12)
3114 +#define FATTR4_WORD1_SPACE_USED (1UL << 13)
3115 +#define FATTR4_WORD1_SYSTEM (1UL << 14)
3116 +#define FATTR4_WORD1_TIME_ACCESS (1UL << 15)
3117 +#define FATTR4_WORD1_TIME_ACCESS_SET (1UL << 16)
3118 +#define FATTR4_WORD1_TIME_BACKUP (1UL << 17)
3119 +#define FATTR4_WORD1_TIME_CREATE (1UL << 18)
3120 +#define FATTR4_WORD1_TIME_DELTA (1UL << 19)
3121 +#define FATTR4_WORD1_TIME_METADATA (1UL << 20)
3122 +#define FATTR4_WORD1_TIME_MODIFY (1UL << 21)
3123 +#define FATTR4_WORD1_TIME_MODIFY_SET (1UL << 22)
3124 +#define FATTR4_WORD1_MOUNTED_ON_FILEID (1UL << 23)
3126 +#define NFSPROC4_NULL 0
3127 +#define NFSPROC4_COMPOUND 1
3128 +#define NFS4_MINOR_VERSION 0
3129 +#define NFS4_DEBUG 1
3133 +/* Index of predefined Linux client operations */
3136 + NFSPROC4_CLNT_NULL = 0, /* Unused */
3137 + NFSPROC4_CLNT_READ,
3138 + NFSPROC4_CLNT_WRITE,
3139 + NFSPROC4_CLNT_COMMIT,
3140 + NFSPROC4_CLNT_OPEN,
3141 + NFSPROC4_CLNT_OPEN_CONFIRM,
3142 + NFSPROC4_CLNT_OPEN_RECLAIM,
3143 + NFSPROC4_CLNT_OPEN_DOWNGRADE,
3144 + NFSPROC4_CLNT_CLOSE,
3145 + NFSPROC4_CLNT_SETATTR,
3146 + NFSPROC4_CLNT_FSINFO,
3147 + NFSPROC4_CLNT_RENEW,
3148 + NFSPROC4_CLNT_SETCLIENTID,
3149 + NFSPROC4_CLNT_SETCLIENTID_CONFIRM,
3150 + NFSPROC4_CLNT_LOCK,
3151 + NFSPROC4_CLNT_LOCKT,
3152 + NFSPROC4_CLNT_LOCKU,
3153 + NFSPROC4_CLNT_ACCESS,
3154 + NFSPROC4_CLNT_GETATTR,
3155 + NFSPROC4_CLNT_LOOKUP,
3156 + NFSPROC4_CLNT_LOOKUP_ROOT,
3157 + NFSPROC4_CLNT_REMOVE,
3158 + NFSPROC4_CLNT_RENAME,
3159 + NFSPROC4_CLNT_LINK,
3160 + NFSPROC4_CLNT_CREATE,
3161 + NFSPROC4_CLNT_PATHCONF,
3162 + NFSPROC4_CLNT_STATFS,
3163 + NFSPROC4_CLNT_READLINK,
3164 + NFSPROC4_CLNT_READDIR,
3165 + NFSPROC4_CLNT_SERVER_CAPS,
3166 + NFSPROC4_CLNT_DELEGRETURN,
3167 + NFSPROC4_CLNT_GETACL,
3168 + NFSPROC4_CLNT_SETACL,
3175 + * Local variables:
3176 + * c-basic-offset: 8
3179 --- /dev/null 2007-08-22 11:21:03.626521839 -0400
3180 +++ acl-2.2.39/include/libacl_nfs4.h 2007-08-22 12:02:13.000000000 -0400
3182 +#include <sys/types.h>
3185 +#include <sys/acl.h>
3186 +#include <stdlib.h>
3187 +#include <sys/queue.h>
3189 +#include <sys/errno.h>
3190 +#include <string.h>
3192 +/* mode bit translations: */
3193 +#define NFS4_READ_MODE NFS4_ACE_READ_DATA
3194 +#define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA | NFS4_ACE_APPEND_DATA)
3195 +#define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE
3196 +#define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | \
3197 + NFS4_ACE_SYNCHRONIZE)
3198 +#define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL)
3200 +#define NFS4_ACE_MASK_IGNORE (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \
3201 + | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS)
3202 +/* XXX not sure about the following. Note that e.g. DELETE_CHILD is wrong in
3203 + * general (should only be ignored on files). */
3204 +#define MASK_EQUAL(mask1, mask2) \
3205 + (((mask1) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \
3206 + ~NFS4_ACE_DELETE_CHILD) \
3207 + == ((mask2) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \
3208 + ~NFS4_ACE_DELETE_CHILD))
3210 +/* Maximum length of the ace->who attribute */
3211 +#define NFS4_ACL_WHO_LENGTH_MAX 2048
3212 +#define NFS4_ACL_WHO_BUFFER_LEN_GUESS 255
3214 +/* NFS4 acl xattr name */
3215 +#define ACL_NFS4_XATTR "system.nfs4_acl"
3217 +/* Macro for finding empty tailqs */
3218 +#define TAILQ_IS_EMPTY(head) (head.tqh_first == NULL)
3220 +/* Flags to pass certain properties around */
3221 +#define NFS4_ACL_NOFLAGS 0x00
3222 +#define NFS4_ACL_ISFILE 0x00
3223 +#define NFS4_ACL_ISDIR 0x01
3224 +#define NFS4_ACL_OWNER 0x02
3225 +#define NFS4_ACL_REQUEST_DEFAULT 0x04
3226 +#define NFS4_ACL_RAW 0x01
3228 +#define NFS4_XDR_MOD 4
3230 +typedef u_int32_t u32;
3232 +enum { ACL_NFS4_NOT_USED = 0,
3236 +struct ace_container {
3237 + struct nfs4_ace *ace;
3238 + TAILQ_ENTRY(ace_container) l_ace;
3241 +TAILQ_HEAD(ace_container_list_head, ace_container);
3243 +/**** Public functions ****/
3245 +/** Manipulation functions **/
3246 +extern int acl_nfs4_add_ace(struct nfs4_acl *, u32, u32, u32, int, char*);
3247 +extern int acl_nfs4_add_pair(struct nfs4_acl *, int, u32, int, char*);
3248 +extern void acl_nfs4_free(struct nfs4_acl *);
3249 +extern struct nfs4_acl *acl_nfs4_new(u32);
3250 +extern int acl_nfs4_set_who(struct nfs4_ace*, int, char*);
3251 +extern struct nfs4_acl *acl_nfs4_copy_acl(struct nfs4_acl *);
3252 +extern struct nfs4_acl *acl_nfs4_xattr_load(char *, int, u32);
3253 +extern int acl_nfs4_xattr_pack(struct nfs4_acl *, char**);
3254 +extern int acl_nfs4_xattr_size(struct nfs4_acl *);
3255 +extern void acl_nfs4_remove_ace(struct nfs4_acl * acl, struct nfs4_ace * ace);
3257 +/** Conversion functions **/
3259 +/* nfs4 -> posix */
3260 +extern acl_t acl_n4tp_acl_trans(struct nfs4_acl *, acl_type_t);
3262 +/* posix -> nfs4 */
3263 +extern int acl_ptn4_get_mask(u32* mask, acl_permset_t perms,
3265 +extern int acl_ptn4_acl_trans(acl_t, struct nfs4_acl *, acl_type_t, u32, char*);
3268 +/** Access Functions **/
3269 +extern inline int acl_nfs4_get_whotype(char*);
3270 +extern int acl_nfs4_get_who(struct nfs4_ace*, int*, char**);
3272 +/**** Private(?) functions ****/
3273 +acl_t __posix_acl_from_nfs4_xattr(char*, int, acl_type_t, u32);
3275 +/* These will change */
3276 +char * nfs4_get_who_from_uid(uid_t);
3277 +char * nfs4_get_who_from_gid(gid_t);