forked from Minki/linux
[PATCH] nfsacl: Solaris VxFS compatibility fix
Here is a compatibility fix between Linux and Solaris when used with VxFS filesystems: Solaris usually accepts acl entries in any order, but with VxFS it replies with NFSERR_INVAL when it sees a four-entry acl that is not in canonical form. It may also fail with other non-canonical acls -- I can't tell, because that case never triggers: We only send non-canonical acls when we fake up an ACL_MASK entry. Instead of adding fake ACL_MASK entries at the end, inserting them in the correct position makes Solaris+VxFS happy. The Linux client and server sides don't care about entry order. The three-entry-acl special case in which we need a fake ACL_MASK entry was handled in xdr_nfsace_encode. The patch moves this into nfsacl_encode. Signed-off-by: Andreas Gruenbacher <agruen@suse.de> Acked-by: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
19cba8abd6
commit
22c1ea44f0
@ -48,43 +48,26 @@ xdr_nfsace_encode(struct xdr_array2_desc *desc, void *elem)
|
||||
(struct nfsacl_encode_desc *) desc;
|
||||
u32 *p = (u32 *) elem;
|
||||
|
||||
if (nfsacl_desc->count < nfsacl_desc->acl->a_count) {
|
||||
struct posix_acl_entry *entry =
|
||||
&nfsacl_desc->acl->a_entries[nfsacl_desc->count++];
|
||||
struct posix_acl_entry *entry =
|
||||
&nfsacl_desc->acl->a_entries[nfsacl_desc->count++];
|
||||
|
||||
*p++ = htonl(entry->e_tag | nfsacl_desc->typeflag);
|
||||
switch(entry->e_tag) {
|
||||
case ACL_USER_OBJ:
|
||||
*p++ = htonl(nfsacl_desc->uid);
|
||||
break;
|
||||
case ACL_GROUP_OBJ:
|
||||
*p++ = htonl(nfsacl_desc->gid);
|
||||
break;
|
||||
case ACL_USER:
|
||||
case ACL_GROUP:
|
||||
*p++ = htonl(entry->e_id);
|
||||
break;
|
||||
default: /* Solaris depends on that! */
|
||||
*p++ = 0;
|
||||
break;
|
||||
}
|
||||
*p++ = htonl(entry->e_perm & S_IRWXO);
|
||||
} else {
|
||||
const struct posix_acl_entry *pa, *pe;
|
||||
int group_obj_perm = ACL_READ|ACL_WRITE|ACL_EXECUTE;
|
||||
|
||||
FOREACH_ACL_ENTRY(pa, nfsacl_desc->acl, pe) {
|
||||
if (pa->e_tag == ACL_GROUP_OBJ) {
|
||||
group_obj_perm = pa->e_perm & S_IRWXO;
|
||||
break;
|
||||
}
|
||||
}
|
||||
/* fake up ACL_MASK entry */
|
||||
*p++ = htonl(ACL_MASK | nfsacl_desc->typeflag);
|
||||
*p++ = htonl(0);
|
||||
*p++ = htonl(group_obj_perm);
|
||||
*p++ = htonl(entry->e_tag | nfsacl_desc->typeflag);
|
||||
switch(entry->e_tag) {
|
||||
case ACL_USER_OBJ:
|
||||
*p++ = htonl(nfsacl_desc->uid);
|
||||
break;
|
||||
case ACL_GROUP_OBJ:
|
||||
*p++ = htonl(nfsacl_desc->gid);
|
||||
break;
|
||||
case ACL_USER:
|
||||
case ACL_GROUP:
|
||||
*p++ = htonl(entry->e_id);
|
||||
break;
|
||||
default: /* Solaris depends on that! */
|
||||
*p++ = 0;
|
||||
break;
|
||||
}
|
||||
|
||||
*p++ = htonl(entry->e_perm & S_IRWXO);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -105,11 +88,28 @@ nfsacl_encode(struct xdr_buf *buf, unsigned int base, struct inode *inode,
|
||||
.gid = inode->i_gid,
|
||||
};
|
||||
int err;
|
||||
struct posix_acl *acl2 = NULL;
|
||||
|
||||
if (entries > NFS_ACL_MAX_ENTRIES ||
|
||||
xdr_encode_word(buf, base, entries))
|
||||
return -EINVAL;
|
||||
if (encode_entries && acl && acl->a_count == 3) {
|
||||
/* Fake up an ACL_MASK entry. */
|
||||
acl2 = posix_acl_alloc(4, GFP_KERNEL);
|
||||
if (!acl2)
|
||||
return -ENOMEM;
|
||||
/* Insert entries in canonical order: other orders seem
|
||||
to confuse Solaris VxFS. */
|
||||
acl2->a_entries[0] = acl->a_entries[0]; /* ACL_USER_OBJ */
|
||||
acl2->a_entries[1] = acl->a_entries[1]; /* ACL_GROUP_OBJ */
|
||||
acl2->a_entries[2] = acl->a_entries[1]; /* ACL_MASK */
|
||||
acl2->a_entries[2].e_tag = ACL_MASK;
|
||||
acl2->a_entries[3] = acl->a_entries[2]; /* ACL_OTHER */
|
||||
nfsacl_desc.acl = acl2;
|
||||
}
|
||||
err = xdr_encode_array2(buf, base + 4, &nfsacl_desc.desc);
|
||||
if (acl2)
|
||||
posix_acl_release(acl2);
|
||||
if (!err)
|
||||
err = 8 + nfsacl_desc.desc.elem_size *
|
||||
nfsacl_desc.desc.array_len;
|
||||
|
Loading…
Reference in New Issue
Block a user