From 604dc3da0d94c47fae2c4e91f740dff51d4b770f Mon Sep 17 00:00:00 2001 From: Olga Kornievskaia Date: Mon, 3 Nov 2014 12:49:46 -0500 Subject: [PATCH 1/1] [nfs4-acl-tools] handle DENY ace for DELETE, WRITE_OWNER, and NAMED_ATTRS Don't ignore setting or viewing DENY ace for DELETE, WRITE_OWNER, and NAMED_ATTRS. Signed-off-by: Olga Kornievskaia --- include/libacl_nfs4.h | 8 ++------ libnfs4acl/nfs4_new_ace.c | 3 --- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/include/libacl_nfs4.h b/include/libacl_nfs4.h index 2f7cc28..7b19c6f 100644 --- a/include/libacl_nfs4.h +++ b/include/libacl_nfs4.h @@ -95,15 +95,11 @@ #define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ | NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE) -#define NFS4_ACE_MASK_IGNORE (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \ - | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS) /* XXX not sure about the following. Note that e.g. DELETE_CHILD is wrong in * general (should only be ignored on files). */ #define MASK_EQUAL(mask1, mask2) \ - (((mask1) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \ - ~NFS4_ACE_DELETE_CHILD) \ - == ((mask2) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \ - ~NFS4_ACE_DELETE_CHILD)) + (((mask1) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_DELETE_CHILD) \ + == ((mask2) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_DELETE_CHILD)) /* * NFS4_MAX_ACESIZE -- the number of bytes in the string representation we diff --git a/libnfs4acl/nfs4_new_ace.c b/libnfs4acl/nfs4_new_ace.c index a93f74a..0c875b1 100644 --- a/libnfs4acl/nfs4_new_ace.c +++ b/libnfs4acl/nfs4_new_ace.c @@ -51,9 +51,6 @@ struct nfs4_ace * nfs4_new_ace(int is_directory, u32 type, u32 flag, u32 access_ ace->type = type; ace->flag = flag; - if( type == NFS4_ACE_ACCESS_DENIED_ACE_TYPE ) - access_mask = access_mask & ~(NFS4_ACE_MASK_IGNORE); - /* Castrate delete_child if we aren't a directory */ if (!is_directory) access_mask &= ~NFS4_ACE_DELETE_CHILD; -- 1.9.3