diff options
22 files changed, 0 insertions, 7006 deletions
diff --git a/sys-apps/acl/Manifest b/sys-apps/acl/Manifest deleted file mode 100644 index 705a1f7..0000000 --- a/sys-apps/acl/Manifest +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -DIST acl-2.2.51.src.tar.gz 385378 SHA256 06854521cf5d396801af7e54b9636680edf8064355e51c07657ec7442a185225 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.19 (GNU/Linux) - -iEYEAREKAAYFAlGXdDYACgkQ1fmVwcYIWAa9PQCg6htQpf2SFEbXEoXd2gzrckd6 -/CsAn1xenFUq/W903w2oA/Hdw1fTqKhN -=eGkY ------END PGP SIGNATURE----- diff --git a/sys-apps/acl/acl-2.2.51-r1.ebuild b/sys-apps/acl/acl-2.2.51-r1.ebuild deleted file mode 100644 index d7d40d0..0000000 --- a/sys-apps/acl/acl-2.2.51-r1.ebuild +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="4" - -inherit eutils multilib toolchain-funcs - -DESCRIPTION="access control list utilities, libraries and headers" -HOMEPAGE="http://savannah.nongnu.org/projects/acl" -SRC_URI="http://download.savannah.gnu.org/releases/${PN}/${P}.src.tar.gz" - -LICENSE="LGPL-2.1" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux" -IUSE="nfs nls static-libs" - -RDEPEND=">=sys-apps/attr-2.4 - nfs? ( net-libs/libnfsidmap )" -DEPEND="${RDEPEND} - nls? ( sys-devel/gettext )" - -src_prepare() { - if use nfs ; then - epatch \ - "${FILESDIR}"/0001-Add-nfsv4-posix-acl-translation.patch \ - "${FILESDIR}"/0002-nfsd4-move-to-new-nfsv4-posix-mapping-clean-up.patch \ - "${FILESDIR}"/0003-NFSv4-POSIX-mapping-clean-up-loop-interation.patch \ - "${FILESDIR}"/0004-acl_ptn4_get_mask-style-cleanup.patch \ - "${FILESDIR}"/0005-fix-WRITE_MODE.patch \ - "${FILESDIR}"/0006-Remove-some-some-unused-header-cruft.patch \ - "${FILESDIR}"/0007-NFSv4-POSIX-relax-inheritance-bit-mapping.patch \ - "${FILESDIR}"/0008-NFSv4-POSIX-factor-out-inheritance-splitting-code.patch \ - "${FILESDIR}"/0009-NFSv4-POSIX-remove-a-redundant-NULL-check.patch \ - "${FILESDIR}"/0010-Minor-header-cleanup.patch \ - "${FILESDIR}"/0011-POSIX-NFSv4-relax-inheritance-bit-mapping.patch \ - "${FILESDIR}"/0012-nfsv4-posix-mapping-don-t-add-unnecessary-masks.patch \ - "${FILESDIR}"/0013-nfsv4-posix-return-zero-length-default-acl-when-appr.patch \ - "${FILESDIR}"/0014-nfsd4-remove-spurious-XATTR_REPLACE.patch \ - "${FILESDIR}"/0015-fix-comment-typo.patch \ - "${FILESDIR}"/0016-fix-nfs4-posix-mapping-state-allocation.patch \ - "${FILESDIR}"/0017-fix-calculation-of-group-bits.patch - fi - epatch "${FILESDIR}"/${PN}-2.2.49-quote-strchr.patch - epatch "${FILESDIR}"/${PN}-2.2.51-config-shell.patch #365397 - sed -i \ - -e '/^as_dummy=/s:=":="$PATH$PATH_SEPARATOR:' \ - configure # hack PATH with AC_PATH_PROG - sed -i \ - -e "/^PKG_DOC_DIR/s:@pkg_name@:${PF}:" \ - -e '/HAVE_ZIPPED_MANPAGES/s:=.*:=false:' \ - include/builddefs.in \ - || die "failed to update builddefs" - strip-linguas po -} - -src_configure() { - unset PLATFORM #184564 - export OPTIMIZER=${CFLAGS} - export DEBUG=-DNDEBUG - - econf \ - $(use_enable nls gettext) \ - --enable-shared $(use_enable static-libs static) \ - --libexecdir="${EPREFIX}"/usr/$(get_libdir) \ - --bindir="${EPREFIX}"/bin -} - -src_install() { - emake DIST_ROOT="${D}" install install-dev install-lib || die - use static-libs || find "${D}" -name '*.la' -delete - - # move shared libs to / - gen_usr_ldscript -a acl -} diff --git a/sys-apps/acl/files/0001-Add-nfsv4-posix-acl-translation.patch b/sys-apps/acl/files/0001-Add-nfsv4-posix-acl-translation.patch deleted file mode 100644 index 5323e6e..0000000 --- a/sys-apps/acl/files/0001-Add-nfsv4-posix-acl-translation.patch +++ /dev/null @@ -1,4292 +0,0 @@ -From fb0b47fecc2ca9a36ce3a8e05ab501e2f338d81a Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@fieldses.org> -Date: Fri, 1 Sep 2006 18:59:12 -0400 -Subject: [PATCH 01/17] Add nfsv4<->posix acl translation - -Add nfs4<->posix acl translation to libacl, so we can present a posix -acl interface to nfs4 filesystems, which only understand v4 acls. - -Original implementation due to Nate Gallaher, based on implementation by -Marius Eriksen and others, subsequently maintained by Bruce Fields. - -Changes: - - update interface versions and library exports. (Not sure this - is really right; do we really want to export allo thosesymbols??) - - Rely on libnfsidmap's notion of a default domain instead of - hardwiring "CITI.UMICH.EDU". - - We check whether the filesystem we're on supports nfs4 acl's by - trying to fe the system.nfs4_acl xattr before falling back on - posix. Our check was sligh wrong--we should be checking for - an EOPNOTSUPP as well as an ENOATTR. - - Call nfs4_init_name_mapping() to read idmapd.conf and set - defaults before mapping names. (XXX: We're calling it before - every single mapping, when we should only have to call it once.) - - Set to zero all bits in the bitmask that aren't assigned a meaning - by the protocol. - - Allow default acls of zero length. (We were returning an error - when the default acl on a directory was length 0, which is actually - a perfectly normal occurance.) - - Ignore WRITE_OWNER bit and named attr bits - - Set DELETE_CHILD on directories with write permissions. (Thanks - to Simon Vallet <svallet@genoscope.cns.fr> for identifying the - bug and suggesting this solution. - - Remove some needless accessor functions. - - support the acl_extended_file function, so "ls -l" can show that - neat plus sign after the unix permissions if additional ACLs are - set (from Christophe Saout <christophe@saout.de>) - - Remove all native-nfsv4 acl getting/setting code (and all nfsv4 - acl printing code, only used for that); we're doing the native - NFSv4 ACL stuff in a separate package now. - - Fix some style problems. - - Fix handling of inherited aces: the calculated ACL mustn't - completely replace the existing ACL: instead, setting the default - ACL should only replace the iherited ACEs (leaving any effective - permissions untouched), and setting the access ACL should only - modify effective ACEs (leaving any inherited stuff alone). ---- - exports | 50 +++ - include/builddefs.in | 2 +- - include/libacl_nfs4.h | 134 ++++++++ - include/nfs4.h | 397 ++++++++++++++++++++++++ - libacl/Makefile | 31 ++- - libacl/__acl_extended_file.c | 29 ++ - libacl/__posix_acl_from_nfs4_xattr.c | 60 ++++ - libacl/acl_get_fd.c | 50 +++- - libacl/acl_get_file.c | 46 +++- - libacl/acl_n4tp_ace_count.c | 57 ++++ - libacl/acl_n4tp_ace_trans.c | 76 +++++ - libacl/acl_n4tp_acl_trans.c | 164 ++++++++++ - libacl/acl_n4tp_get_whotype.c | 73 +++++ - libacl/acl_n4tp_set_mode.c | 98 ++++++ - libacl/acl_n4tp_set_who.c | 89 ++++++ - libacl/acl_nfs4_add_ace.c | 83 +++++ - libacl/acl_nfs4_add_pair.c | 60 ++++ - libacl/acl_nfs4_copy_acl.c | 85 +++++ - libacl/acl_nfs4_free.c | 61 ++++ - libacl/acl_nfs4_get_who.c | 103 ++++++ - libacl/acl_nfs4_get_whotype.c | 60 ++++ - libacl/acl_nfs4_new.c | 58 ++++ - libacl/acl_nfs4_remove_ace.c | 48 +++ - libacl/acl_nfs4_set_who.c | 92 ++++++ - libacl/acl_nfs4_utils.c | 566 ++++++++++++++++++++++++++++++++++ - libacl/acl_nfs4_xattr_load.c | 191 ++++++++++++ - libacl/acl_nfs4_xattr_pack.c | 148 +++++++++ - libacl/acl_nfs4_xattr_size.c | 91 ++++++ - libacl/acl_ptn4_acl_trans.c | 518 +++++++++++++++++++++++++++++++ - libacl/acl_ptn4_get_mask.c | 81 +++++ - libacl/acl_set_fd.c | 37 +++ - libacl/acl_set_file.c | 75 +++++- - libacl/libacl_nfs4.h | 134 ++++++++ - 33 files changed, 3825 insertions(+), 22 deletions(-) - create mode 100644 include/libacl_nfs4.h - create mode 100644 include/nfs4.h - create mode 100644 libacl/__posix_acl_from_nfs4_xattr.c - create mode 100644 libacl/acl_n4tp_ace_count.c - create mode 100644 libacl/acl_n4tp_ace_trans.c - create mode 100644 libacl/acl_n4tp_acl_trans.c - create mode 100644 libacl/acl_n4tp_get_whotype.c - create mode 100644 libacl/acl_n4tp_set_mode.c - create mode 100644 libacl/acl_n4tp_set_who.c - create mode 100644 libacl/acl_nfs4_add_ace.c - create mode 100644 libacl/acl_nfs4_add_pair.c - create mode 100644 libacl/acl_nfs4_copy_acl.c - create mode 100644 libacl/acl_nfs4_free.c - create mode 100644 libacl/acl_nfs4_get_who.c - create mode 100644 libacl/acl_nfs4_get_whotype.c - create mode 100644 libacl/acl_nfs4_new.c - create mode 100644 libacl/acl_nfs4_remove_ace.c - create mode 100644 libacl/acl_nfs4_set_who.c - create mode 100644 libacl/acl_nfs4_utils.c - create mode 100644 libacl/acl_nfs4_xattr_load.c - create mode 100644 libacl/acl_nfs4_xattr_pack.c - create mode 100644 libacl/acl_nfs4_xattr_size.c - create mode 100644 libacl/acl_ptn4_acl_trans.c - create mode 100644 libacl/acl_ptn4_get_mask.c - create mode 100644 libacl/libacl_nfs4.h - -diff --git a/exports b/exports -index 7d8e69e..08bf390 100644 ---- a/exports -+++ b/exports -@@ -88,4 +88,54 @@ ACL_1.2 { - global: - # Linux specific extensions - acl_extended_file_nofollow; -+ -+ # NFSv4 specific extensions -+ acl_nfs4_add_ace; -+ acl_nfs4_add_pair; -+ acl_nfs4_free; -+ acl_nfs4_new; -+ acl_nfs4_set_dir; -+ acl_nfs4_set_who; -+ acl_nfs4_copy_acl; -+ acl_nfs4_xattr_load; -+ acl_nfs4_xattr_pack; -+ acl_nfs4_xattr_size; -+ acl_nfs4_remove_ace; -+ -+ acl_n4tp_acl_trans; -+ acl_n4tp_set_mode; -+ acl_n4tp_ace_count; -+ acl_n4tp_ace_trans; -+ acl_n4tp_set_who; -+ acl_n4tp_get_whotype; -+ -+ acl_ptn4_get_mask; -+ acl_ptn4_acl_trans; -+ -+ acl_nfs4_get_next_ace; -+ acl_nfs4_get_first_ace; -+ acl_nfs4_get_dir; -+ acl_nfs4_get_whotype; -+ acl_nfs4_get_who; -+ acl_nfs4_entries; -+ -+ local: -+ __posix_acl_from_nfs4_xattr; -+ complementary_ace_pair; -+ same_who; -+ nfs4_get_gid_from_who; -+ nfs4_get_uid_from_who; -+ nfs4_get_who_from_uid; -+ nfs4_get_who_from_gid; -+ __nfs4_get_local_uid_from_who; -+ __nfs4_get_foreign_uid_from_who; -+ __nfs4_get_local_gid_from_who; -+ __nfs4_get_foreign_gid_from_who; -+ is_who_local; -+ -+ user_obj_from_v4; -+ users_from_v4; -+ group_obj_and_groups_from_v4; -+ mask_from_v4; -+ other_from_v4; - } ACL_1.1; -diff --git a/include/builddefs.in b/include/builddefs.in -index d054a56..69d7d82 100644 ---- a/include/builddefs.in -+++ b/include/builddefs.in -@@ -81,7 +81,7 @@ endif - - GCFLAGS = $(OPTIMIZER) $(DEBUG) -funsigned-char -fno-strict-aliasing -Wall \ - -DVERSION=\"$(PKG_VERSION)\" -DLOCALEDIR=\"$(PKG_LOCALE_DIR)\" \ -- -DPACKAGE=\"$(PKG_NAME)\" -I$(TOPDIR)/include -+ -DPACKAGE=\"$(PKG_NAME)\" -I$(TOPDIR)/include -DUSE_NFSV4_TRANS - - # Global, Platform, Local CFLAGS - CFLAGS += $(GCFLAGS) $(PCFLAGS) $(LCFLAGS) -diff --git a/include/libacl_nfs4.h b/include/libacl_nfs4.h -new file mode 100644 -index 0000000..e6a466c ---- /dev/null -+++ b/include/libacl_nfs4.h -@@ -0,0 +1,134 @@ -+#include <sys/types.h> -+#include <pwd.h> -+#include <grp.h> -+#include <sys/acl.h> -+#include <stdlib.h> -+#include <sys/queue.h> -+#include <nfs4.h> -+#include <sys/errno.h> -+#include <string.h> -+ -+/* mode bit translations: */ -+#define NFS4_READ_MODE NFS4_ACE_READ_DATA -+#define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA \ -+ | NFS4_ACE_APPEND_DATA | NFS4_ACE_DELETE_CHILD) -+#define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE -+#define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | \ -+ NFS4_ACE_SYNCHRONIZE) -+#define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL) -+ -+/* flags used to simulate posix default ACLs */ -+#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ -+ | NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE) -+ -+#define NFS4_ACE_MASK_IGNORE (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \ -+ | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS) -+/* XXX not sure about the following. Note that e.g. DELETE_CHILD is wrong in -+ * general (should only be ignored on files). */ -+#define MASK_EQUAL(mask1, mask2) \ -+ (((mask1) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \ -+ ~NFS4_ACE_DELETE_CHILD) \ -+ == ((mask2) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \ -+ ~NFS4_ACE_DELETE_CHILD)) -+ -+/* Maximum length of the ace->who attribute */ -+#define NFS4_ACL_WHO_LENGTH_MAX 2048 -+#define NFS4_ACL_WHO_BUFFER_LEN_GUESS 255 -+ -+/* NFS4 acl xattr name */ -+#define ACL_NFS4_XATTR "system.nfs4_acl" -+ -+/* Macro for finding empty tailqs */ -+#define TAILQ_IS_EMPTY(head) (head.tqh_first == NULL) -+ -+/* Flags to pass certain properties around */ -+#define NFS4_ACL_NOFLAGS 0x00 -+#define NFS4_ACL_ISFILE 0x00 -+#define NFS4_ACL_ISDIR 0x01 -+#define NFS4_ACL_OWNER 0x02 -+#define NFS4_ACL_REQUEST_DEFAULT 0x04 -+#define NFS4_ACL_RAW 0x01 -+ -+#define NFS4_XDR_MOD 4 -+ -+typedef u_int32_t u32; -+ -+enum { ACL_NFS4_NOT_USED = 0, -+ ACL_NFS4_USED -+}; -+ -+struct ace_container { -+ struct nfs4_ace *ace; -+ TAILQ_ENTRY(ace_container) l_ace; -+}; -+ -+TAILQ_HEAD(ace_container_list_head, ace_container); -+ -+/**** Public functions ****/ -+ -+/** Manipulation functions **/ -+extern int acl_nfs4_add_ace(struct nfs4_acl *, u32, u32, u32, int, char*); -+extern int acl_nfs4_add_pair(struct nfs4_acl *, int, u32, int, char*); -+extern void acl_nfs4_free(struct nfs4_acl *); -+extern struct nfs4_acl *acl_nfs4_new(u32); -+extern int acl_nfs4_set_who(struct nfs4_ace*, int, char*); -+extern struct nfs4_acl *acl_nfs4_copy_acl(struct nfs4_acl *); -+extern struct nfs4_acl *acl_nfs4_xattr_load(char *, int, u32); -+extern int acl_nfs4_xattr_pack(struct nfs4_acl *, char**); -+extern int acl_nfs4_xattr_size(struct nfs4_acl *); -+extern void acl_nfs4_remove_ace(struct nfs4_acl * acl, struct nfs4_ace * ace); -+ -+/** Conversion functions **/ -+ -+/* nfs4 -> posix */ -+extern acl_t acl_n4tp_acl_trans(struct nfs4_acl *, acl_type_t); -+extern int acl_n4tp_set_mode(acl_entry_t pace, u32 nfs4_access_mask, -+ int iflags); -+extern int acl_n4tp_ace_count(struct nfs4_acl *n4acl); -+extern int acl_n4tp_ace_trans(struct nfs4_ace *ace, acl_t *pacl, -+ acl_tag_t tag, int iflags); -+extern int acl_n4tp_set_who(acl_entry_t ace, char* who, -+ acl_tag_t who_type); -+extern acl_tag_t acl_n4tp_get_whotype(struct nfs4_ace *ace); -+ -+/* posix -> nfs4 */ -+extern int acl_ptn4_get_mask(u32* mask, acl_permset_t perms, -+ int iflags); -+extern int acl_ptn4_acl_trans(acl_t, struct nfs4_acl *, acl_type_t, u32, char*); -+ -+ -+/** Access Functions **/ -+extern inline struct nfs4_ace * -+ acl_nfs4_get_next_ace(struct nfs4_ace **); -+extern inline struct nfs4_ace * -+ acl_nfs4_get_first_ace(struct nfs4_acl *); -+extern inline int acl_nfs4_get_whotype(char*); -+extern int acl_nfs4_get_who(struct nfs4_ace*, int*, char**); -+ -+/**** Private(?) functions ****/ -+acl_t __posix_acl_from_nfs4_xattr(char*, int, acl_type_t, u32); -+int complementary_ace_pair(struct nfs4_ace *allow, struct nfs4_ace *deny); -+int same_who(struct nfs4_ace *a, struct nfs4_ace *b); -+ -+/* These will change */ -+int nfs4_get_gid_from_who(gid_t* gid, const char * who); -+int nfs4_get_uid_from_who(uid_t* uid, const char * who); -+char * nfs4_get_who_from_uid(uid_t); -+char * nfs4_get_who_from_gid(gid_t); -+int __nfs4_get_local_uid_from_who(uid_t* uid, const char * who); -+int __nfs4_get_foreign_uid_from_who(uid_t* uid, const char * who); -+int __nfs4_get_local_gid_from_who(gid_t* gid, const char * who); -+int __nfs4_get_foreign_gid_from_who(gid_t* gid, const char * who); -+int is_who_local(const char * who); -+/* End change */ -+ -+int user_obj_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace **n4ace, -+ acl_t *pacl, int iflags); -+int users_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -+ struct nfs4_ace **mask_ace, acl_t *pacl, int iflags); -+int group_obj_and_groups_from_v4(struct nfs4_acl *n4acl, -+ struct nfs4_ace ** n4ace_p, struct nfs4_ace **mask_ace, acl_t *pacl, int iflags); -+int mask_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -+ struct nfs4_ace **mask_ace, acl_t *pacl, int iflags); -+int other_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -+ acl_t *pacl, int iflags); -diff --git a/include/nfs4.h b/include/nfs4.h -new file mode 100644 -index 0000000..43a6418 ---- /dev/null -+++ b/include/nfs4.h -@@ -0,0 +1,397 @@ -+/* -+ * NFSv4 protocol definitions. -+ * -+ * Copyright (c) 2002 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Kendrick Smith <kmsmith@umich.edu> -+ * Andy Adamson <andros@umich.edu> -+ */ -+ -+#include<sys/types.h> -+#include<sys/queue.h> -+ -+#ifndef _LINUX_NFS4_H -+#define _LINUX_NFS4_H -+ -+#define NFS4_VERIFIER_SIZE 8 -+#define NFS4_FHSIZE 128 -+#define NFS4_MAXNAMLEN NAME_MAX -+ -+#define NFS4_ACCESS_READ 0x0001 -+#define NFS4_ACCESS_LOOKUP 0x0002 -+#define NFS4_ACCESS_MODIFY 0x0004 -+#define NFS4_ACCESS_EXTEND 0x0008 -+#define NFS4_ACCESS_DELETE 0x0010 -+#define NFS4_ACCESS_EXECUTE 0x0020 -+ -+#define NFS4_FH_PERISTENT 0x0000 -+#define NFS4_FH_NOEXPIRE_WITH_OPEN 0x0001 -+#define NFS4_FH_VOLATILE_ANY 0x0002 -+#define NFS4_FH_VOL_MIGRATION 0x0004 -+#define NFS4_FH_VOL_RENAME 0x0008 -+ -+#define NFS4_OPEN_RESULT_CONFIRM 0x0002 -+ -+#define NFS4_SHARE_ACCESS_READ 0x0001 -+#define NFS4_SHARE_ACCESS_WRITE 0x0002 -+#define NFS4_SHARE_ACCESS_BOTH 0x0003 -+#define NFS4_SHARE_DENY_READ 0x0001 -+#define NFS4_SHARE_DENY_WRITE 0x0002 -+#define NFS4_SHARE_DENY_BOTH 0x0003 -+ -+#define NFS4_SET_TO_SERVER_TIME 0 -+#define NFS4_SET_TO_CLIENT_TIME 1 -+ -+#define NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE 0 -+#define NFS4_ACE_ACCESS_DENIED_ACE_TYPE 1 -+#define NFS4_ACE_SYSTEM_AUDIT_ACE_TYPE 2 -+#define NFS4_ACE_SYSTEM_ALARM_ACE_TYPE 3 -+ -+#define ACL4_SUPPORT_ALLOW_ACL 0x01 -+#define ACL4_SUPPORT_DENY_ACL 0x02 -+#define ACL4_SUPPORT_AUDIT_ACL 0x04 -+#define ACL4_SUPPORT_ALARM_ACL 0x08 -+ -+#define NFS4_ACE_FILE_INHERIT_ACE 0x00000001 -+#define NFS4_ACE_DIRECTORY_INHERIT_ACE 0x00000002 -+#define NFS4_ACE_NO_PROPAGATE_INHERIT_ACE 0x00000004 -+#define NFS4_ACE_INHERIT_ONLY_ACE 0x00000008 -+#define NFS4_ACE_SUCCESSFUL_ACCESS_ACE_FLAG 0x00000010 -+#define NFS4_ACE_FAILED_ACCESS_ACE_FLAG 0x00000020 -+#define NFS4_ACE_IDENTIFIER_GROUP 0x00000040 -+#define NFS4_ACE_OWNER 0x00000080 -+#define NFS4_ACE_GROUP 0x00000100 -+#define NFS4_ACE_EVERYONE 0x00000200 -+ -+#define NFS4_ACE_READ_DATA 0x00000001 -+#define NFS4_ACE_LIST_DIRECTORY 0x00000001 -+#define NFS4_ACE_WRITE_DATA 0x00000002 -+#define NFS4_ACE_ADD_FILE 0x00000002 -+#define NFS4_ACE_APPEND_DATA 0x00000004 -+#define NFS4_ACE_ADD_SUBDIRECTORY 0x00000004 -+#define NFS4_ACE_READ_NAMED_ATTRS 0x00000008 -+#define NFS4_ACE_WRITE_NAMED_ATTRS 0x00000010 -+#define NFS4_ACE_EXECUTE 0x00000020 -+#define NFS4_ACE_DELETE_CHILD 0x00000040 -+#define NFS4_ACE_READ_ATTRIBUTES 0x00000080 -+#define NFS4_ACE_WRITE_ATTRIBUTES 0x00000100 -+#define NFS4_ACE_DELETE 0x00010000 -+#define NFS4_ACE_READ_ACL 0x00020000 -+#define NFS4_ACE_WRITE_ACL 0x00040000 -+#define NFS4_ACE_WRITE_OWNER 0x00080000 -+#define NFS4_ACE_SYNCHRONIZE 0x00100000 -+#define NFS4_ACE_GENERIC_READ 0x00120081 -+#define NFS4_ACE_GENERIC_WRITE 0x00160106 -+#define NFS4_ACE_GENERIC_EXECUTE 0x001200A0 -+#define NFS4_ACE_MASK_ALL 0x001F01FF -+ -+enum nfs4_acl_whotype { -+ NFS4_ACL_WHO_NAMED = 0, -+ NFS4_ACL_WHO_OWNER, -+ NFS4_ACL_WHO_GROUP, -+ NFS4_ACL_WHO_EVERYONE, -+}; -+ -+#define NFS4_ACL_WHO_OWNER_STRING "OWNER@" -+#define NFS4_ACL_WHO_GROUP_STRING "GROUP@" -+#define NFS4_ACL_WHO_EVERYONE_STRING "EVERYONE@" -+ -+struct nfs4_ace { -+ u_int32_t type; -+ u_int32_t flag; -+ u_int32_t access_mask; -+ char* who; -+ TAILQ_ENTRY(nfs4_ace) l_ace; -+}; -+ -+TAILQ_HEAD(ace_list_head, nfs4_ace); -+ -+struct nfs4_acl { -+ u_int32_t naces; -+ u_int32_t is_directory; -+ struct ace_list_head ace_head; -+}; -+ -+typedef struct { char data[NFS4_VERIFIER_SIZE]; } nfs4_verifier; -+typedef struct { char data[16]; } nfs4_stateid; -+ -+enum nfs_opnum4 { -+ OP_ACCESS = 3, -+ OP_CLOSE = 4, -+ OP_COMMIT = 5, -+ OP_CREATE = 6, -+ OP_DELEGPURGE = 7, -+ OP_DELEGRETURN = 8, -+ OP_GETATTR = 9, -+ OP_GETFH = 10, -+ OP_LINK = 11, -+ OP_LOCK = 12, -+ OP_LOCKT = 13, -+ OP_LOCKU = 14, -+ OP_LOOKUP = 15, -+ OP_LOOKUPP = 16, -+ OP_NVERIFY = 17, -+ OP_OPEN = 18, -+ OP_OPENATTR = 19, -+ OP_OPEN_CONFIRM = 20, -+ OP_OPEN_DOWNGRADE = 21, -+ OP_PUTFH = 22, -+ OP_PUTPUBFH = 23, -+ OP_PUTROOTFH = 24, -+ OP_READ = 25, -+ OP_READDIR = 26, -+ OP_READLINK = 27, -+ OP_REMOVE = 28, -+ OP_RENAME = 29, -+ OP_RENEW = 30, -+ OP_RESTOREFH = 31, -+ OP_SAVEFH = 32, -+ OP_SECINFO = 33, -+ OP_SETATTR = 34, -+ OP_SETCLIENTID = 35, -+ OP_SETCLIENTID_CONFIRM = 36, -+ OP_VERIFY = 37, -+ OP_WRITE = 38, -+ OP_RELEASE_LOCKOWNER = 39, -+ OP_ILLEGAL = 10044, -+}; -+ -+enum nfsstat4 { -+ NFS4_OK = 0, -+ NFS4ERR_PERM = 1, -+ NFS4ERR_NOENT = 2, -+ NFS4ERR_IO = 5, -+ NFS4ERR_NXIO = 6, -+ NFS4ERR_ACCESS = 13, -+ NFS4ERR_EXIST = 17, -+ NFS4ERR_XDEV = 18, -+ /* Unused/reserved 19 */ -+ NFS4ERR_NOTDIR = 20, -+ NFS4ERR_ISDIR = 21, -+ NFS4ERR_INVAL = 22, -+ NFS4ERR_FBIG = 27, -+ NFS4ERR_NOSPC = 28, -+ NFS4ERR_ROFS = 30, -+ NFS4ERR_MLINK = 31, -+ NFS4ERR_NAMETOOLONG = 63, -+ NFS4ERR_NOTEMPTY = 66, -+ NFS4ERR_DQUOT = 69, -+ NFS4ERR_STALE = 70, -+ NFS4ERR_BADHANDLE = 10001, -+ NFS4ERR_BAD_COOKIE = 10003, -+ NFS4ERR_NOTSUPP = 10004, -+ NFS4ERR_TOOSMALL = 10005, -+ NFS4ERR_SERVERFAULT = 10006, -+ NFS4ERR_BADTYPE = 10007, -+ NFS4ERR_DELAY = 10008, -+ NFS4ERR_SAME = 10009, -+ NFS4ERR_DENIED = 10010, -+ NFS4ERR_EXPIRED = 10011, -+ NFS4ERR_LOCKED = 10012, -+ NFS4ERR_GRACE = 10013, -+ NFS4ERR_FHEXPIRED = 10014, -+ NFS4ERR_SHARE_DENIED = 10015, -+ NFS4ERR_WRONGSEC = 10016, -+ NFS4ERR_CLID_INUSE = 10017, -+ NFS4ERR_RESOURCE = 10018, -+ NFS4ERR_MOVED = 10019, -+ NFS4ERR_NOFILEHANDLE = 10020, -+ NFS4ERR_MINOR_VERS_MISMATCH = 10021, -+ NFS4ERR_STALE_CLIENTID = 10022, -+ NFS4ERR_STALE_STATEID = 10023, -+ NFS4ERR_OLD_STATEID = 10024, -+ NFS4ERR_BAD_STATEID = 10025, -+ NFS4ERR_BAD_SEQID = 10026, -+ NFS4ERR_NOT_SAME = 10027, -+ NFS4ERR_LOCK_RANGE = 10028, -+ NFS4ERR_SYMLINK = 10029, -+ NFS4ERR_RESTOREFH = 10030, -+ NFS4ERR_LEASE_MOVED = 10031, -+ NFS4ERR_ATTRNOTSUPP = 10032, -+ NFS4ERR_NO_GRACE = 10033, -+ NFS4ERR_RECLAIM_BAD = 10034, -+ NFS4ERR_RECLAIM_CONFLICT = 10035, -+ NFS4ERR_BADXDR = 10036, -+ NFS4ERR_LOCKS_HELD = 10037, -+ NFS4ERR_OPENMODE = 10038, -+ NFS4ERR_BADOWNER = 10039, -+ NFS4ERR_BADCHAR = 10040, -+ NFS4ERR_BADNAME = 10041, -+ NFS4ERR_BAD_RANGE = 10042, -+ NFS4ERR_LOCK_NOTSUPP = 10043, -+ NFS4ERR_OP_ILLEGAL = 10044, -+ NFS4ERR_DEADLOCK = 10045, -+ NFS4ERR_FILE_OPEN = 10046, -+ NFS4ERR_ADMIN_REVOKED = 10047, -+ NFS4ERR_CB_PATH_DOWN = 10048 -+}; -+ -+/* -+ * Note: NF4BAD is not actually part of the protocol; it is just used -+ * internally by nfsd. -+ */ -+enum nfs_ftype4 { -+ NF4BAD = 0, -+ NF4REG = 1, /* Regular File */ -+ NF4DIR = 2, /* Directory */ -+ NF4BLK = 3, /* Special File - block device */ -+ NF4CHR = 4, /* Special File - character device */ -+ NF4LNK = 5, /* Symbolic Link */ -+ NF4SOCK = 6, /* Special File - socket */ -+ NF4FIFO = 7, /* Special File - fifo */ -+ NF4ATTRDIR = 8, /* Attribute Directory */ -+ NF4NAMEDATTR = 9 /* Named Attribute */ -+}; -+ -+enum open_claim_type4 { -+ NFS4_OPEN_CLAIM_NULL = 0, -+ NFS4_OPEN_CLAIM_PREVIOUS = 1, -+ NFS4_OPEN_CLAIM_DELEGATE_CUR = 2, -+ NFS4_OPEN_CLAIM_DELEGATE_PREV = 3 -+}; -+ -+enum opentype4 { -+ NFS4_OPEN_NOCREATE = 0, -+ NFS4_OPEN_CREATE = 1 -+}; -+ -+enum createmode4 { -+ NFS4_CREATE_UNCHECKED = 0, -+ NFS4_CREATE_GUARDED = 1, -+ NFS4_CREATE_EXCLUSIVE = 2 -+}; -+ -+enum limit_by4 { -+ NFS4_LIMIT_SIZE = 1, -+ NFS4_LIMIT_BLOCKS = 2 -+}; -+ -+enum open_delegation_type4 { -+ NFS4_OPEN_DELEGATE_NONE = 0, -+ NFS4_OPEN_DELEGATE_READ = 1, -+ NFS4_OPEN_DELEGATE_WRITE = 2 -+}; -+ -+enum lock_type4 { -+ NFS4_UNLOCK_LT = 0, -+ NFS4_READ_LT = 1, -+ NFS4_WRITE_LT = 2, -+ NFS4_READW_LT = 3, -+ NFS4_WRITEW_LT = 4 -+}; -+ -+ -+/* Mandatory Attributes */ -+#define FATTR4_WORD0_SUPPORTED_ATTRS (1UL << 0) -+#define FATTR4_WORD0_TYPE (1UL << 1) -+#define FATTR4_WORD0_FH_EXPIRE_TYPE (1UL << 2) -+#define FATTR4_WORD0_CHANGE (1UL << 3) -+#define FATTR4_WORD0_SIZE (1UL << 4) -+#define FATTR4_WORD0_LINK_SUPPORT (1UL << 5) -+#define FATTR4_WORD0_SYMLINK_SUPPORT (1UL << 6) -+#define FATTR4_WORD0_NAMED_ATTR (1UL << 7) -+#define FATTR4_WORD0_FSID (1UL << 8) -+#define FATTR4_WORD0_UNIQUE_HANDLES (1UL << 9) -+#define FATTR4_WORD0_LEASE_TIME (1UL << 10) -+#define FATTR4_WORD0_RDATTR_ERROR (1UL << 11) -+ -+/* Recommended Attributes */ -+#define FATTR4_WORD0_ACL (1UL << 12) -+#define FATTR4_WORD0_ACLSUPPORT (1UL << 13) -+#define FATTR4_WORD0_ARCHIVE (1UL << 14) -+#define FATTR4_WORD0_CANSETTIME (1UL << 15) -+#define FATTR4_WORD0_CASE_INSENSITIVE (1UL << 16) -+#define FATTR4_WORD0_CASE_PRESERVING (1UL << 17) -+#define FATTR4_WORD0_CHOWN_RESTRICTED (1UL << 18) -+#define FATTR4_WORD0_FILEHANDLE (1UL << 19) -+#define FATTR4_WORD0_FILEID (1UL << 20) -+#define FATTR4_WORD0_FILES_AVAIL (1UL << 21) -+#define FATTR4_WORD0_FILES_FREE (1UL << 22) -+#define FATTR4_WORD0_FILES_TOTAL (1UL << 23) -+#define FATTR4_WORD0_FS_LOCATIONS (1UL << 24) -+#define FATTR4_WORD0_HIDDEN (1UL << 25) -+#define FATTR4_WORD0_HOMOGENEOUS (1UL << 26) -+#define FATTR4_WORD0_MAXFILESIZE (1UL << 27) -+#define FATTR4_WORD0_MAXLINK (1UL << 28) -+#define FATTR4_WORD0_MAXNAME (1UL << 29) -+#define FATTR4_WORD0_MAXREAD (1UL << 30) -+#define FATTR4_WORD0_MAXWRITE (1UL << 31) -+#define FATTR4_WORD1_MIMETYPE (1UL << 0) -+#define FATTR4_WORD1_MODE (1UL << 1) -+#define FATTR4_WORD1_NO_TRUNC (1UL << 2) -+#define FATTR4_WORD1_NUMLINKS (1UL << 3) -+#define FATTR4_WORD1_OWNER (1UL << 4) -+#define FATTR4_WORD1_OWNER_GROUP (1UL << 5) -+#define FATTR4_WORD1_QUOTA_HARD (1UL << 6) -+#define FATTR4_WORD1_QUOTA_SOFT (1UL << 7) -+#define FATTR4_WORD1_QUOTA_USED (1UL << 8) -+#define FATTR4_WORD1_RAWDEV (1UL << 9) -+#define FATTR4_WORD1_SPACE_AVAIL (1UL << 10) -+#define FATTR4_WORD1_SPACE_FREE (1UL << 11) -+#define FATTR4_WORD1_SPACE_TOTAL (1UL << 12) -+#define FATTR4_WORD1_SPACE_USED (1UL << 13) -+#define FATTR4_WORD1_SYSTEM (1UL << 14) -+#define FATTR4_WORD1_TIME_ACCESS (1UL << 15) -+#define FATTR4_WORD1_TIME_ACCESS_SET (1UL << 16) -+#define FATTR4_WORD1_TIME_BACKUP (1UL << 17) -+#define FATTR4_WORD1_TIME_CREATE (1UL << 18) -+#define FATTR4_WORD1_TIME_DELTA (1UL << 19) -+#define FATTR4_WORD1_TIME_METADATA (1UL << 20) -+#define FATTR4_WORD1_TIME_MODIFY (1UL << 21) -+#define FATTR4_WORD1_TIME_MODIFY_SET (1UL << 22) -+#define FATTR4_WORD1_MOUNTED_ON_FILEID (1UL << 23) -+ -+#define NFSPROC4_NULL 0 -+#define NFSPROC4_COMPOUND 1 -+#define NFS4_MINOR_VERSION 0 -+#define NFS4_DEBUG 1 -+ -+#ifdef __KERNEL__ -+ -+/* Index of predefined Linux client operations */ -+ -+enum { -+ NFSPROC4_CLNT_NULL = 0, /* Unused */ -+ NFSPROC4_CLNT_READ, -+ NFSPROC4_CLNT_WRITE, -+ NFSPROC4_CLNT_COMMIT, -+ NFSPROC4_CLNT_OPEN, -+ NFSPROC4_CLNT_OPEN_CONFIRM, -+ NFSPROC4_CLNT_OPEN_RECLAIM, -+ NFSPROC4_CLNT_OPEN_DOWNGRADE, -+ NFSPROC4_CLNT_CLOSE, -+ NFSPROC4_CLNT_SETATTR, -+ NFSPROC4_CLNT_FSINFO, -+ NFSPROC4_CLNT_RENEW, -+ NFSPROC4_CLNT_SETCLIENTID, -+ NFSPROC4_CLNT_SETCLIENTID_CONFIRM, -+ NFSPROC4_CLNT_LOCK, -+ NFSPROC4_CLNT_LOCKT, -+ NFSPROC4_CLNT_LOCKU, -+ NFSPROC4_CLNT_ACCESS, -+ NFSPROC4_CLNT_GETATTR, -+ NFSPROC4_CLNT_LOOKUP, -+ NFSPROC4_CLNT_LOOKUP_ROOT, -+ NFSPROC4_CLNT_REMOVE, -+ NFSPROC4_CLNT_RENAME, -+ NFSPROC4_CLNT_LINK, -+ NFSPROC4_CLNT_CREATE, -+ NFSPROC4_CLNT_PATHCONF, -+ NFSPROC4_CLNT_STATFS, -+ NFSPROC4_CLNT_READLINK, -+ NFSPROC4_CLNT_READDIR, -+ NFSPROC4_CLNT_SERVER_CAPS, -+ NFSPROC4_CLNT_DELEGRETURN, -+ NFSPROC4_CLNT_GETACL, -+ NFSPROC4_CLNT_SETACL, -+}; -+ -+#endif -+#endif -+ -+/* -+ * Local variables: -+ * c-basic-offset: 8 -+ * End: -+ */ -diff --git a/libacl/Makefile b/libacl/Makefile -index 6befcd4..8335170 100644 ---- a/libacl/Makefile -+++ b/libacl/Makefile -@@ -22,19 +22,38 @@ LTLDFLAGS += -Wl,--version-script,$(TOPDIR)/exports - include $(TOPDIR)/include/builddefs - - LTLIBRARY = libacl.la --LTLIBS = -lattr $(LIBMISC) -+LTLIBS = -lattr -lnfsidmap $(LIBMISC) - LTDEPENDENCIES = $(LIBMISC) --LT_CURRENT = 2 -+LT_CURRENT = 3 - LT_REVISION = 0 --LT_AGE = 1 -+LT_AGE = 2 -+ -+CFILES = $(POSIX_CFILES) $(LIBACL_CFILES) $(LIBACL_NFS4_CFILES) \ -+ $(INTERNAL_CFILES) perm_copy_fd.c perm_copy_file.c - --CFILES = $(POSIX_CFILES) $(LIBACL_CFILES) $(INTERNAL_CFILES) \ -- perm_copy_fd.c perm_copy_file.c - HFILES = libobj.h libacl.h byteorder.h __acl_from_xattr.h __acl_to_xattr.h \ -- perm_copy.h __acl_extended_file.h -+ perm_copy.h __acl_extended_file.h $(LIBACL_NFS4_HFILES) - - LCFLAGS = -include perm_copy.h - -+LIBACL_NFS4_CFILES = \ -+ acl_n4tp_ace_count.c \ -+ acl_n4tp_ace_trans.c acl_nfs4_get_who.c \ -+ acl_n4tp_acl_trans.c acl_nfs4_get_whotype.c \ -+ acl_n4tp_get_whotype.c acl_nfs4_new.c \ -+ acl_n4tp_set_mode.c acl_n4tp_set_who.c \ -+ acl_nfs4_add_ace.c acl_nfs4_remove_ace.c \ -+ acl_nfs4_add_pair.c \ -+ acl_nfs4_copy_acl.c acl_nfs4_set_who.c \ -+ acl_nfs4_utils.c \ -+ acl_nfs4_free.c acl_nfs4_xattr_load.c \ -+ acl_nfs4_xattr_pack.c acl_nfs4_xattr_size.c \ -+ acl_ptn4_acl_trans.c \ -+ acl_ptn4_get_mask.c __posix_acl_from_nfs4_xattr.c \ -+ -+ -+LIBACL_NFS4_HFILES = ../include/libacl_nfs4.h ../include/nfs4.h -+ - POSIX_CFILES = \ - acl_add_perm.c acl_calc_mask.c acl_clear_perms.c acl_copy_entry.c \ - acl_copy_ext.c acl_copy_int.c acl_create_entry.c acl_delete_def_file.c \ -diff --git a/libacl/__acl_extended_file.c b/libacl/__acl_extended_file.c -index 3e45abd..b84f2a8 100644 ---- a/libacl/__acl_extended_file.c -+++ b/libacl/__acl_extended_file.c -@@ -22,6 +22,7 @@ - #include <unistd.h> - #include <attr/xattr.h> - #include "libacl.h" -+#include "libacl_nfs4.h" - - #include "byteorder.h" - #include "acl_ea.h" -@@ -36,6 +37,34 @@ __acl_extended_file(const char *path_p, - int base_size = sizeof(acl_ea_header) + 3 * sizeof(acl_ea_entry); - int retval; - -+ /* XXX: Ugh: what's the easiest way to do this, taking -+ * into account default acl's, and that length alone won't do this? -+ * Also I'm a little uncomfortable with the amount of #ifdef -+ * NFS4 stuff that's going on. We need a cleaner separation. */ -+#ifdef USE_NFSV4_TRANS -+ retval = fun(path_p, ACL_NFS4_XATTR, NULL, 0); -+ if (retval < 0 && errno != ENOATTR && errno != EOPNOTSUPP) -+ return -1; -+ if (retval >= 0) { -+ struct nfs4_acl *nfsacl; -+ char *ext_acl_p = alloca(retval); -+ if (!ext_acl_p) -+ return -1; -+ -+ retval = fun(path_p, ACL_NFS4_XATTR, ext_acl_p, retval); -+ if (retval == -1) -+ return -1; -+ -+ nfsacl = acl_nfs4_xattr_load(ext_acl_p, retval, NFS4_ACL_ISFILE); -+ if (nfsacl) { -+ int count = nfsacl->naces; -+ acl_nfs4_free(nfsacl); -+ return count > 6; -+ } -+ return 0; -+ } -+#endif -+ - retval = fun(path_p, ACL_EA_ACCESS, NULL, 0); - if (retval < 0 && errno != ENOATTR && errno != ENODATA) - return -1; -diff --git a/libacl/__posix_acl_from_nfs4_xattr.c b/libacl/__posix_acl_from_nfs4_xattr.c -new file mode 100644 -index 0000000..8941024 ---- /dev/null -+++ b/libacl/__posix_acl_from_nfs4_xattr.c -@@ -0,0 +1,60 @@ -+/* -+ * NFSv4 ACL Code -+ * Convert NFSv4 xattr values to a posix ACL -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include <acl/libacl.h> -+#include "libacl_nfs4.h" -+ -+/* xattr_v is a char buffer filled with the nfsv4 xattr value. -+ * xattr_size should be the byte count of the length of the xattr_v -+ * data size. xattr_v may be larger than <xattr_size> bytes, but only -+ * the first <xattr_size> bytes will be read. <type> is the posix acl -+ * type requested. Currently either default, or access */ -+ -+acl_t __posix_acl_from_nfs4_xattr(char* xattr_v, -+ int xattr_size, acl_type_t ptype, u32 is_dir) -+{ -+ struct nfs4_acl * nfsacl = NULL; -+ acl_t pacl; -+ -+ nfsacl = acl_nfs4_xattr_load(xattr_v, xattr_size, is_dir); -+ if(nfsacl == NULL) { -+ return NULL; -+ } -+ -+ pacl = acl_n4tp_acl_trans(nfsacl, ptype); -+ -+ return pacl; -+} -+ -diff --git a/libacl/acl_get_fd.c b/libacl/acl_get_fd.c -index f2525ef..eb678a8 100644 ---- a/libacl/acl_get_fd.c -+++ b/libacl/acl_get_fd.c -@@ -28,6 +28,10 @@ - #include "libacl.h" - #include "__acl_from_xattr.h" - -+#ifdef USE_NFSV4_TRANS -+ #include "libacl_nfs4.h" -+#endif -+ - #include "byteorder.h" - #include "acl_ea.h" - -@@ -38,31 +42,59 @@ acl_get_fd(int fd) - { - const size_t size_guess = acl_ea_size(16); - char *ext_acl_p = alloca(size_guess); -+ char *name = ACL_EA_ACCESS; - int retval; -+ int nfsv4acls; - - if (!ext_acl_p) - return NULL; -- retval = fgetxattr(fd, ACL_EA_ACCESS, ext_acl_p, size_guess); -+ -+#ifdef USE_NFSV4_TRANS -+ retval = fgetxattr(fd, ACL_NFS4_XATTR, ext_acl_p, size_guess); -+ if(retval == -1 && (errno == ENOATTR || errno == EOPNOTSUPP)) { -+ nfsv4acls = ACL_NFS4_NOT_USED; -+ retval = fgetxattr(fd, name, ext_acl_p, size_guess); -+ } else { -+ nfsv4acls = ACL_NFS4_USED; -+ name = ACL_NFS4_XATTR; -+ } -+#else -+ retval = fgetxattr(fd, name, ext_acl_p, size_guess); -+#endif -+ - if (retval == -1 && errno == ERANGE) { -- retval = fgetxattr(fd, ACL_EA_ACCESS, NULL, 0); -+ retval = fgetxattr(fd, name, NULL, 0); - if (retval > 0) { - ext_acl_p = alloca(retval); - if (!ext_acl_p) - return NULL; -- retval = fgetxattr(fd, ACL_EA_ACCESS, ext_acl_p,retval); -+ retval = fgetxattr(fd, name, ext_acl_p, retval); - } - } - if (retval > 0) { -- acl_t acl = __acl_from_xattr(ext_acl_p, retval); -- return acl; -+#ifdef USE_NFSV4_TRANS -+ if(nfsv4acls == ACL_NFS4_USED) { -+ acl_t acl = __posix_acl_from_nfs4_xattr(ext_acl_p, retval, -+ ACL_TYPE_ACCESS, NFS4_ACL_ISFILE); -+ -+ return acl; -+ } -+ else -+#endif -+ { -+ acl_t acl = __acl_from_xattr(ext_acl_p, retval); -+ return acl; -+ } - } else if (retval == 0 || errno == ENOATTR || errno == ENODATA) { - struct stat st; - -- if (fstat(fd, &st) == 0) -- return acl_from_mode(st.st_mode); -- else -+ if (fstat(fd, &st) != 0) { - return NULL; -- } else -+ } -+ -+ return acl_from_mode(st.st_mode); -+ } else { - return NULL; -+ } - } - -diff --git a/libacl/acl_get_file.c b/libacl/acl_get_file.c -index 110ef2e..42ac536 100644 ---- a/libacl/acl_get_file.c -+++ b/libacl/acl_get_file.c -@@ -28,6 +28,10 @@ - #include "libacl.h" - #include "__acl_from_xattr.h" - -+#ifdef USE_NFSV4_TRANS -+ #include "libacl_nfs4.h" -+#endif -+ - #include "byteorder.h" - #include "acl_ea.h" - -@@ -40,6 +44,8 @@ acl_get_file(const char *path_p, acl_type_t type) - char *ext_acl_p = alloca(size_guess); - const char *name; - int retval; -+ int nfsv4acls; -+ int iflags; - - switch(type) { - case ACL_TYPE_ACCESS: -@@ -55,8 +61,20 @@ acl_get_file(const char *path_p, acl_type_t type) - - if (!ext_acl_p) - return NULL; -+#ifdef USE_NFSV4_TRANS -+ retval = getxattr(path_p, ACL_NFS4_XATTR, ext_acl_p, size_guess); -+ if((retval == -1) && (errno == ENOATTR || errno == EOPNOTSUPP)) { -+ nfsv4acls = ACL_NFS4_NOT_USED; -+ retval = getxattr(path_p, name, ext_acl_p, size_guess); -+ } else { -+ nfsv4acls = ACL_NFS4_USED; -+ name = ACL_NFS4_XATTR; -+ } -+#else - retval = getxattr(path_p, name, ext_acl_p, size_guess); -- if (retval == -1 && errno == ERANGE) { -+#endif -+ -+ if ((retval == -1) && (errno == ERANGE)) { - retval = getxattr(path_p, name, NULL, 0); - if (retval > 0) { - ext_acl_p = alloca(retval); -@@ -66,9 +84,29 @@ acl_get_file(const char *path_p, acl_type_t type) - } - } - if (retval > 0) { -- acl_t acl = __acl_from_xattr(ext_acl_p, retval); -- return acl; -- } else if (retval == 0 || errno == ENOATTR || errno == ENODATA) { -+#ifdef USE_NFSV4_TRANS -+ if(nfsv4acls == ACL_NFS4_USED) { -+ struct stat st; -+ -+ iflags = NFS4_ACL_ISFILE; -+ -+ if (stat(path_p, &st) != 0) -+ return NULL; -+ -+ if (S_ISDIR(st.st_mode)) -+ iflags = NFS4_ACL_ISDIR; -+ -+ acl_t acl = __posix_acl_from_nfs4_xattr(ext_acl_p, retval, type, -+ iflags); -+ return acl; -+ } -+ else -+#endif -+ { -+ acl_t acl = __acl_from_xattr(ext_acl_p, retval); -+ return acl; -+ } -+ } else if ((retval == 0) || (errno == ENOATTR) || (errno == ENODATA)) { - struct stat st; - - if (stat(path_p, &st) != 0) -diff --git a/libacl/acl_n4tp_ace_count.c b/libacl/acl_n4tp_ace_count.c -new file mode 100644 -index 0000000..ecce637 ---- /dev/null -+++ b/libacl/acl_n4tp_ace_count.c -@@ -0,0 +1,57 @@ -+/* -+ * NFSv4 ACL Code -+ * Calculate the POSIX ACE count based upon the assumption that -+ * POSIX<->NFSv4 ACL translation has been the standard on the -+ * server/client. This would break against other servers? -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include <acl/libacl.h> -+#include "libacl_nfs4.h" -+ -+int acl_n4tp_ace_count(struct nfs4_acl *n4acl) -+{ -+ if (n4acl->naces == 0) -+ return 0; -+ if (n4acl->naces == 6) /* owner, owner group, and other only */ -+ return 3; -+ else { /* Otherwise there must be a mask entry. */ -+ /* Also, the remaining entries are for named users and -+ * groups, and come in threes (mask, allow, deny): */ -+ if (n4acl->naces < 7) -+ return -1; -+ if ((n4acl->naces - 7) % 3) -+ return -1; -+ return 4 + (n4acl->naces - 7)/3; -+ } -+} -+ -diff --git a/libacl/acl_n4tp_ace_trans.c b/libacl/acl_n4tp_ace_trans.c -new file mode 100644 -index 0000000..c5cc4da ---- /dev/null -+++ b/libacl/acl_n4tp_ace_trans.c -@@ -0,0 +1,76 @@ -+/* -+ * NFSv4 ACL Code -+ * Translate an NFSv4 ace to a POSIX ace. -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include "libacl_nfs4.h" -+ -+int acl_n4tp_ace_trans(struct nfs4_ace *ace, acl_t *pacl, acl_tag_t tag, -+ int iflags) -+{ -+ int result; -+ acl_entry_t new_ace; -+ -+ -+ if(ace == NULL || pacl == NULL || *pacl == NULL) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ result = acl_create_entry(pacl, &new_ace); -+ if(result < 0) -+ goto failed; -+ -+ result = acl_set_tag_type(new_ace, tag); -+ if(result < 0) -+ goto ace_failed; -+ -+ result = acl_n4tp_set_mode(new_ace, ace->access_mask, iflags); -+ if(result < 0) -+ goto ace_failed; -+ -+ if(tag == ACL_USER || tag == ACL_GROUP) { -+ result = acl_n4tp_set_who(new_ace, ace->who, tag); -+ if(result < 0) -+ goto ace_failed; -+ } -+ -+ return 0; -+ -+ace_failed: -+ acl_delete_entry(*pacl, new_ace); -+ -+failed: -+ return -1; -+} -+ -diff --git a/libacl/acl_n4tp_acl_trans.c b/libacl/acl_n4tp_acl_trans.c -new file mode 100644 -index 0000000..f658242 ---- /dev/null -+++ b/libacl/acl_n4tp_acl_trans.c -@@ -0,0 +1,164 @@ -+/* -+ * NFSv4 ACL Code -+ * Convert NFSv4 ACL to a POSIX ACL -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include <acl/libacl.h> -+#include "libacl_nfs4.h" -+ -+acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) -+{ -+ -+ acl_t pacl_p = NULL; -+ acl_t * pacl_pp; -+ struct nfs4_acl * temp_acl; -+ int naces = -1; -+ int num_aces; -+ int ace_num; -+ struct nfs4_ace * cur_ace = NULL; -+ struct nfs4_ace * mask_ace = NULL; -+ struct nfs4_ace * temp_ace = NULL; -+ int result; -+ u32 flags; -+ u32 iflags = NFS4_ACL_NOFLAGS; -+ -+ if (nacl_p == NULL) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ if (ptype == ACL_TYPE_DEFAULT) { -+ if (nacl_p->is_directory) -+ iflags |= NFS4_ACL_REQUEST_DEFAULT; -+ else { -+ errno = EINVAL; -+ goto failed; -+ } -+ } -+ -+ /* Copy so we can delete bits without borking the original */ -+ temp_acl = acl_nfs4_copy_acl(nacl_p); -+ if (temp_acl == NULL) -+ goto failed; -+ -+ num_aces = temp_acl->naces; -+ -+ /* Strip or keep inheritance aces depending upon the type of posix acl -+ * requested */ -+ cur_ace = acl_nfs4_get_first_ace(temp_acl); -+ ace_num = 1; -+ -+ while(1) { -+ if(cur_ace == NULL) { -+ if(ace_num > num_aces) -+ break; -+ else -+ goto free_failed; -+ } -+ -+ /* get the next ace now because we may be freeing the current ace */ -+ temp_ace = cur_ace; -+ acl_nfs4_get_next_ace(&cur_ace); -+ -+ flags = temp_ace->flag; -+ -+ if (iflags & NFS4_ACL_REQUEST_DEFAULT) { -+ if((flags & NFS4_INHERITANCE_FLAGS) != NFS4_INHERITANCE_FLAGS) -+ acl_nfs4_remove_ace(temp_acl, temp_ace); -+ } else { -+ if ((flags & NFS4_INHERITANCE_FLAGS) == NFS4_INHERITANCE_FLAGS) { -+ acl_nfs4_remove_ace(temp_acl, temp_ace); -+ } -+ } -+ -+ ace_num++; -+ } -+ -+ -+ naces = acl_n4tp_ace_count(temp_acl); -+ if (naces < 0) { -+ errno = EINVAL; -+ goto free_failed; -+ } -+ -+ if (naces == 0) -+ return acl_init(0); -+ -+ pacl_p = acl_init(naces); -+ -+ if(pacl_p == NULL) -+ goto free_failed; -+ -+ pacl_pp = &pacl_p; -+ -+ cur_ace = acl_nfs4_get_first_ace(temp_acl); -+ -+ result = user_obj_from_v4(temp_acl, &cur_ace, pacl_pp, iflags); -+ if(result < 0) -+ goto acl_free_failed; -+ -+ result = users_from_v4(temp_acl, &cur_ace, &mask_ace, pacl_pp, iflags); -+ if(result < 0) -+ goto acl_free_failed; -+ -+ result = group_obj_and_groups_from_v4(temp_acl, &cur_ace, -+ &mask_ace, pacl_pp, iflags); -+ if(result < 0) -+ goto acl_free_failed; -+ -+ result = mask_from_v4(temp_acl, &cur_ace, &mask_ace, pacl_pp, iflags); -+ if(result < 0) -+ goto acl_free_failed; -+ -+ result = other_from_v4(temp_acl, &cur_ace, pacl_pp, iflags); -+ if(result < 0) -+ goto acl_free_failed; -+ -+ result = acl_valid(*pacl_pp); -+ if(result < 0) -+ goto acl_free_failed; -+ -+ acl_nfs4_free(temp_acl); -+ -+ return *pacl_pp; -+ -+acl_free_failed: -+ acl_free(*pacl_pp); -+ -+free_failed: -+ acl_nfs4_free(temp_acl); -+ -+failed: -+ return NULL; -+} -+ -diff --git a/libacl/acl_n4tp_get_whotype.c b/libacl/acl_n4tp_get_whotype.c -new file mode 100644 -index 0000000..fd553c6 ---- /dev/null -+++ b/libacl/acl_n4tp_get_whotype.c -@@ -0,0 +1,73 @@ -+/* -+ * NFSv4 ACL Code -+ * Convert NFSv4 ACE who to a POSIX ACE whotype -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include <acl/libacl.h> -+#include "libacl_nfs4.h" -+ -+acl_tag_t acl_n4tp_get_whotype(struct nfs4_ace *ace) -+{ -+ int nfs4type; -+ int result; -+ -+ if(ace == NULL) -+ goto inval_failed; -+ -+ if(ace->who == NULL || strlen(ace->who) <= 0) -+ goto inval_failed; -+ -+ result = acl_nfs4_get_who(ace, &nfs4type, NULL); -+ if ( result < 0 ) -+ goto failed; -+ -+ switch (nfs4type) { -+ case NFS4_ACL_WHO_NAMED: -+ return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? -+ ACL_GROUP : ACL_USER); -+ case NFS4_ACL_WHO_OWNER: -+ return ACL_USER_OBJ; -+ case NFS4_ACL_WHO_GROUP: -+ return ACL_GROUP_OBJ; -+ case NFS4_ACL_WHO_EVERYONE: -+ return ACL_OTHER; -+ } -+ -+inval_failed: -+ errno = EINVAL; -+ -+failed: -+ return -1; -+} -+ -+ -diff --git a/libacl/acl_n4tp_set_mode.c b/libacl/acl_n4tp_set_mode.c -new file mode 100644 -index 0000000..bef5e23 ---- /dev/null -+++ b/libacl/acl_n4tp_set_mode.c -@@ -0,0 +1,98 @@ -+/* -+ * NFSv4 ACL Code -+ * Set posix ACL mode based on NFSv4 mask -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include <acl/libacl.h> -+#include "libacl_nfs4.h" -+ -+int acl_n4tp_set_mode(acl_entry_t pace, u32 nfs4_access_mask, int iflags) -+{ -+ /* XXX we might also want to ignore DELETE_CHILD on non-directories */ -+ /* XXX also add special interpretation to EXECUTE on directories */ -+ u32 ignore = NFS4_ACE_SYNCHRONIZE; -+ u32 new_mask; -+ acl_permset_t perms; -+ int result; -+ -+ if((iflags & NFS4_ACL_ISDIR) != NFS4_ACL_ISDIR) -+ ignore |= NFS4_ACE_DELETE_CHILD; -+ -+ nfs4_access_mask |= ignore; -+ -+ result = acl_get_permset(pace, &perms); -+ if(result < 0) -+ goto failed; -+ -+ result = acl_clear_perms(perms); -+ if(result < 0) -+ goto failed; -+ -+ if ((nfs4_access_mask & NFS4_READ_MODE) == NFS4_READ_MODE) { -+ result = acl_add_perm(perms, ACL_READ); -+ if(result < 0) -+ goto failed; -+ } -+ -+ if ((nfs4_access_mask & NFS4_WRITE_MODE) == NFS4_WRITE_MODE) { -+ result = acl_add_perm(perms, ACL_WRITE); -+ if(result < 0) -+ goto failed; -+ } -+ -+ if ((nfs4_access_mask & NFS4_EXECUTE_MODE) == NFS4_EXECUTE_MODE) { -+ result = acl_add_perm(perms, ACL_EXECUTE); -+ if(result < 0) -+ goto failed; -+ } -+ -+ result = acl_ptn4_get_mask(&new_mask, perms, iflags); -+ if(result < 0) -+ goto failed; -+ -+ new_mask |= ignore; -+ -+ if (!MASK_EQUAL(nfs4_access_mask, new_mask)) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ result = acl_set_permset(pace, perms); -+ if(result < 0) -+ goto failed; -+ -+ return 0; -+ -+failed: -+ return -1; -+} -+ -diff --git a/libacl/acl_n4tp_set_who.c b/libacl/acl_n4tp_set_who.c -new file mode 100644 -index 0000000..241ef71 ---- /dev/null -+++ b/libacl/acl_n4tp_set_who.c -@@ -0,0 +1,89 @@ -+/* -+ * NFSv4 ACL Code -+ * Set the POSIX ACE who based on the whotype and NFS who attr. -+ * Translation is done using the NFS4 mapping functions. -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include <acl/libacl.h> -+#include <nfsidmap.h> -+#include "libacl_nfs4.h" -+ -+#define PATH_IDMAPDCONF "/etc/idmapd.conf" -+char *conf_path = PATH_IDMAPDCONF; -+ -+int acl_n4tp_set_who(acl_entry_t ace, char* who, acl_tag_t who_type) -+{ -+ int result; -+ uid_t uid; -+ gid_t gid; -+ -+ if(ace == NULL || who == NULL) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ switch(who_type) { -+ case ACL_USER: -+ result = nfs4_init_name_mapping(NULL); -+ if (result < 0) -+ goto failed; -+ result = nfs4_name_to_uid(who, &uid); -+ if(result < 0) -+ goto failed; -+ result = acl_set_qualifier(ace, (void *) &uid); -+ if(result < 0) -+ goto failed; -+ break; -+ case ACL_GROUP: -+ result = nfs4_init_name_mapping(NULL); -+ if (result < 0) -+ goto failed; -+ result = nfs4_name_to_gid(who, &gid); -+ if(result < 0) -+ goto failed; -+ result = acl_set_qualifier(ace, (void *) &gid); -+ if(result < 0) -+ goto failed; -+ break; -+ default: -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ return 0; -+ -+failed: -+ return -1; -+} -+ -+ -diff --git a/libacl/acl_nfs4_add_ace.c b/libacl/acl_nfs4_add_ace.c -new file mode 100644 -index 0000000..4c1ff9a ---- /dev/null -+++ b/libacl/acl_nfs4_add_ace.c -@@ -0,0 +1,83 @@ -+/* -+ * NFSv4 ACL Code -+ * Add an ace to the acl -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Marius Aamodt Eriksen <marius@umich.edu> -+ * J. Bruce Fields <bfields@umich.edu> -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * Jeff Sedlak <jsedlak@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include "libacl_nfs4.h" -+ -+int -+acl_nfs4_add_ace(struct nfs4_acl *acl, u32 type, u32 flag, u32 access_mask, -+ int whotype, char* who) -+{ -+ struct nfs4_ace *ace; -+ int result; -+ -+ if(acl == NULL) -+ { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if ((ace = malloc(sizeof(*ace))) == NULL) -+ { -+ errno = ENOMEM; -+ return -1; -+ } -+ -+ ace->type = type; -+ ace->flag = flag; -+ -+ if( type == NFS4_ACE_ACCESS_DENIED_ACE_TYPE ) -+ access_mask = access_mask & ~(NFS4_ACE_MASK_IGNORE); -+ -+ -+ /* Castrate delete_child if we aren't a directory */ -+ if (!acl->is_directory) -+ access_mask &= ~NFS4_ACE_DELETE_CHILD; -+ -+ -+ ace->access_mask = access_mask & NFS4_ACE_MASK_ALL; -+ -+ result = acl_nfs4_set_who(ace, whotype, who); -+ if(result < 0) -+ return -1; -+ -+ TAILQ_INSERT_TAIL(&acl->ace_head, ace, l_ace); -+ acl->naces++; -+ -+ return 0; -+} -+ -diff --git a/libacl/acl_nfs4_add_pair.c b/libacl/acl_nfs4_add_pair.c -new file mode 100644 -index 0000000..d849fb9 ---- /dev/null -+++ b/libacl/acl_nfs4_add_pair.c -@@ -0,0 +1,60 @@ -+/* -+ * Add a pair of aces to the acl. The ace masks are complements of each other -+ * This keeps us from walking off the end of the acl -+ * -+ * Copyright (c) 2004 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Marius Aamodt Eriksen <marius@umich.edu> -+ * J. Bruce Fields <bfields@umich.edu> -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * Jeff Sedlak <jsedlak@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions, the following disclaimer, and -+ * any and all other licensing or copyright notices included in -+ * any files in this distribution. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+ -+#include "libacl_nfs4.h" -+ -+int -+acl_nfs4_add_pair(struct nfs4_acl *acl, int eflag, u32 mask, int ownertype, -+ char* owner) -+{ -+ int error; -+ -+ error = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, -+ eflag, mask, ownertype, owner); -+ if (error < 0) -+ return error; -+ error = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, -+ eflag, ~mask, ownertype, owner); -+ return error; -+} -+ -+ -diff --git a/libacl/acl_nfs4_copy_acl.c b/libacl/acl_nfs4_copy_acl.c -new file mode 100644 -index 0000000..94d8a83 ---- /dev/null -+++ b/libacl/acl_nfs4_copy_acl.c -@@ -0,0 +1,85 @@ -+/* -+ * NFSv4 ACL Code -+ * Deep copy an NFS4 ACL -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include "libacl_nfs4.h" -+ -+struct nfs4_acl * acl_nfs4_copy_acl(struct nfs4_acl * nacl) -+{ -+ struct nfs4_acl * new_acl; -+ struct nfs4_ace * ace; -+ u32 nace; -+ u32 num_aces; -+ int result; -+ -+ if(nacl == NULL) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ num_aces = nacl->naces; -+ -+ new_acl = acl_nfs4_new(nacl->is_directory); -+ if(new_acl == NULL) -+ goto failed; -+ -+ ace = acl_nfs4_get_first_ace(nacl); -+ nace = 1; -+ -+ while(1) -+ { -+ if(ace == NULL) { -+ if(nace > num_aces) -+ break; -+ else -+ goto free_failed; -+ } -+ -+ result = acl_nfs4_add_ace(new_acl, ace->type, ace->flag, -+ ace->access_mask, acl_nfs4_get_whotype(ace->who), ace->who); -+ if(result < 0) -+ goto free_failed; -+ -+ acl_nfs4_get_next_ace(&ace); -+ nace++; -+ } -+ -+ return new_acl; -+ -+free_failed: -+ acl_nfs4_free(new_acl); -+ -+failed: -+ return NULL; -+} -diff --git a/libacl/acl_nfs4_free.c b/libacl/acl_nfs4_free.c -new file mode 100644 -index 0000000..9cab808 ---- /dev/null -+++ b/libacl/acl_nfs4_free.c -@@ -0,0 +1,61 @@ -+/* -+ * Copyright (c) 2004 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Marius Aamodt Eriksen <marius@umich.edu> -+ * J. Bruce Fields <bfields@umich.edu> -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * Jeff Sedlak <jsedlak@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions, the following disclaimer, and -+ * any and all other licensing or copyright notices included in -+ * any files in this distribution. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include "libacl_nfs4.h" -+ -+void -+acl_nfs4_free(struct nfs4_acl *acl) -+{ -+ struct nfs4_ace *ace; -+ -+ if (!acl) -+ return; -+ -+ while (!TAILQ_IS_EMPTY(acl->ace_head)) { -+ ace = (acl)->ace_head.tqh_first; -+ -+ TAILQ_REMOVE( &(acl->ace_head), ace, l_ace); -+ free(ace->who); -+ free(ace); -+ } -+ -+ free(acl); -+ -+ return; -+} -+ -diff --git a/libacl/acl_nfs4_get_who.c b/libacl/acl_nfs4_get_who.c -new file mode 100644 -index 0000000..8c21b16 ---- /dev/null -+++ b/libacl/acl_nfs4_get_who.c -@@ -0,0 +1,103 @@ -+/* -+ * NFSv4 ACL Code -+ * Read the who value from the ace and return its type and optionally -+ * its value. -+ * -+ * Ace is a reference to the ace to extract the who value from. -+ * Type is a reference where the value of the whotype will be stored. -+ * Who is a double reference that should either be passed as NULL -+ * (and thus no who string will be returned) or as a pointer to a -+ * char* where the who string will be allocated. This string must be -+ * freed by the caller. -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include "libacl_nfs4.h" -+ -+int acl_nfs4_get_who(struct nfs4_ace* ace, int* type, char** who) -+{ -+ int itype; -+ char* iwho = NULL; -+ int wholen; -+ -+ if(ace == NULL || ace->who == NULL) -+ goto inval_failed; -+ -+ itype = acl_nfs4_get_whotype(ace->who); -+ -+ if(type != NULL) { -+ *type = itype; -+ } -+ -+ -+ if(who == NULL) -+ return 0; -+ -+ switch(itype) -+ { -+ case NFS4_ACL_WHO_NAMED: -+ iwho = ace->who; -+ break; -+ case NFS4_ACL_WHO_OWNER: -+ iwho = NFS4_ACL_WHO_OWNER_STRING; -+ break; -+ case NFS4_ACL_WHO_GROUP: -+ iwho = NFS4_ACL_WHO_GROUP_STRING; -+ break; -+ case NFS4_ACL_WHO_EVERYONE: -+ iwho = NFS4_ACL_WHO_EVERYONE_STRING; -+ break; -+ default: -+ goto inval_failed; -+ } -+ -+ wholen = strlen(iwho); -+ if(wholen < 0) -+ goto inval_failed; -+ -+ (*who) = (char *) malloc(sizeof(char) * (wholen + 1)); -+ if((*who) == NULL) { -+ errno = ENOMEM; -+ goto failed; -+ } -+ -+ strcpy((*who), iwho); -+ -+ return 0; -+ -+inval_failed: -+ errno = EINVAL; -+ -+failed: -+ return -1; -+} -+ -diff --git a/libacl/acl_nfs4_get_whotype.c b/libacl/acl_nfs4_get_whotype.c -new file mode 100644 -index 0000000..10574f8 ---- /dev/null -+++ b/libacl/acl_nfs4_get_whotype.c -@@ -0,0 +1,60 @@ -+/* -+ * NFSv4 ACL Code -+ * Get the whotype of the who string passed -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Marius Aamodt Eriksen <marius@umich.edu> -+ * J. Bruce Fields <bfields@umich.edu> -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * Jeff Sedlak <jsedlak@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include "libacl_nfs4.h" -+ -+inline int -+acl_nfs4_get_whotype(char *p) -+{ -+ if(0 == strcmp(p, NFS4_ACL_WHO_OWNER_STRING) && -+ strlen(p) == strlen(NFS4_ACL_WHO_OWNER_STRING)) { -+ return NFS4_ACL_WHO_OWNER; -+ } -+ if(0 == strcmp(p, NFS4_ACL_WHO_GROUP_STRING) && -+ strlen(p) == strlen(NFS4_ACL_WHO_GROUP_STRING)) { -+ return NFS4_ACL_WHO_GROUP; -+ } -+ if(0 == strcmp(p, NFS4_ACL_WHO_EVERYONE_STRING) && -+ strlen(p) == strlen(NFS4_ACL_WHO_EVERYONE_STRING)) { -+ return NFS4_ACL_WHO_EVERYONE; -+ } -+ -+ return NFS4_ACL_WHO_NAMED; -+} -+ -+ -diff --git a/libacl/acl_nfs4_new.c b/libacl/acl_nfs4_new.c -new file mode 100644 -index 0000000..658a282 ---- /dev/null -+++ b/libacl/acl_nfs4_new.c -@@ -0,0 +1,58 @@ -+/* -+ * Common NFSv4 ACL handling code. -+ * Create a new NFSv4 ACL -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Marius Aamodt Eriksen <marius@umich.edu> -+ * J. Bruce Fields <bfields@umich.edu> -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * Jeff Sedlak <jsedlak@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+ -+ -+#include "libacl_nfs4.h" -+ -+struct nfs4_acl * -+acl_nfs4_new(u32 is_dir) -+{ -+ struct nfs4_acl *acl; -+ -+ if ((acl = malloc(sizeof(*acl))) == NULL) -+ return NULL; -+ -+ acl->naces = 0; -+ acl->is_directory = is_dir; -+ -+ TAILQ_INIT(&acl->ace_head); -+ -+ return acl; -+} -+ -diff --git a/libacl/acl_nfs4_remove_ace.c b/libacl/acl_nfs4_remove_ace.c -new file mode 100644 -index 0000000..f7dbba2 ---- /dev/null -+++ b/libacl/acl_nfs4_remove_ace.c -@@ -0,0 +1,48 @@ -+/* -+ * NFSv4 ACL Code -+ * Remove an ace from an NFS4 ACL -+ * -+ * Copyright (c) 2004 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions, the following disclaimer, and -+ * any and all other licensing or copyright notices included in -+ * any files in this distribution. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include "libacl_nfs4.h" -+ -+void acl_nfs4_remove_ace(struct nfs4_acl * acl, struct nfs4_ace * ace) -+{ -+ TAILQ_REMOVE(&acl->ace_head, ace, l_ace); -+ free(ace->who); -+ free(ace); -+ acl->naces--; -+} -+ -diff --git a/libacl/acl_nfs4_set_who.c b/libacl/acl_nfs4_set_who.c -new file mode 100644 -index 0000000..c0ddfa7 ---- /dev/null -+++ b/libacl/acl_nfs4_set_who.c -@@ -0,0 +1,92 @@ -+/* -+ * NFSv4 ACL Code -+ * Write the who entry in the nfs4 ace. Who is a user supplied buffer -+ * containing a named who entry (null terminated string) if type is -+ * set to NFS4_ACL_WHO_NAMED. Otherwise, the who buffer is not used. -+ * The user supplied who buffer must be freed by the caller. -+ * -+ * This code allocates the who buffer used in the ace. This must be freed -+ * upon ace removal by the ace_remove or acl_free. -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include "libacl_nfs4.h" -+ -+int acl_nfs4_set_who(struct nfs4_ace* ace, int type, char* who) -+{ -+ char* iwho = NULL; -+ int wholen; -+ -+ if(ace == NULL) -+ goto inval_failed; -+ -+ switch(type) -+ { -+ case NFS4_ACL_WHO_NAMED: -+ if(who == NULL) -+ goto inval_failed; -+ iwho = who; -+ break; -+ case NFS4_ACL_WHO_OWNER: -+ iwho = NFS4_ACL_WHO_OWNER_STRING; -+ break; -+ case NFS4_ACL_WHO_GROUP: -+ iwho = NFS4_ACL_WHO_GROUP_STRING; -+ break; -+ case NFS4_ACL_WHO_EVERYONE: -+ iwho = NFS4_ACL_WHO_EVERYONE_STRING; -+ break; -+ default: -+ goto inval_failed; -+ } -+ -+ wholen = strlen(iwho); -+ if(wholen < 1) -+ goto inval_failed; -+ -+ ace->who = (char *) malloc(sizeof(char) * (wholen + 1)); -+ if(ace->who == NULL) { -+ errno = ENOMEM; -+ goto failed; -+ } -+ -+ strcpy(ace->who, iwho); -+ -+ return 0; -+ -+inval_failed: -+ errno = EINVAL; -+ -+failed: -+ return -1; -+} -+ -diff --git a/libacl/acl_nfs4_utils.c b/libacl/acl_nfs4_utils.c -new file mode 100644 -index 0000000..49238ee ---- /dev/null -+++ b/libacl/acl_nfs4_utils.c -@@ -0,0 +1,566 @@ -+#include <acl/libacl.h> -+#include "libacl_nfs4.h" -+ -+int user_obj_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace **n4ace, -+ acl_t *pacl, int iflags) -+{ -+ struct nfs4_ace *ace = *n4ace; -+ struct nfs4_ace *ace2; -+ -+ if (ace == NULL) -+ goto inval_out; -+ -+ if (pacl == NULL || *pacl == NULL) -+ goto inval_out; -+ -+ if (acl_n4tp_get_whotype(ace) != ACL_USER_OBJ) -+ goto inval_out; -+ -+ if(acl_n4tp_ace_trans(ace, pacl, ACL_USER_OBJ, iflags|NFS4_ACL_OWNER) < 0) -+ goto out; -+ -+ ace2 = acl_nfs4_get_next_ace(n4ace); -+ if (ace2 == NULL) -+ goto inval_out; -+ -+ if (!complementary_ace_pair(ace, ace2)) -+ goto inval_out; -+ -+ ace2 = acl_nfs4_get_next_ace(n4ace); -+ -+ return 0; -+ -+inval_out: -+ errno = EINVAL; -+out: -+ return -1; -+} -+ -+/* public */ -+inline struct nfs4_ace * acl_nfs4_get_next_ace(struct nfs4_ace ** ace) -+{ -+ if(ace == NULL || (*ace) == NULL) -+ return NULL; -+ -+ (*ace) = (*ace)->l_ace.tqe_next; -+ return *ace; -+} -+ -+/* public */ -+inline struct nfs4_ace * acl_nfs4_get_first_ace(struct nfs4_acl * acl) -+{ -+ if(acl == NULL) -+ return NULL; -+ -+ return acl->ace_head.tqh_first; -+} -+ -+ -+ -+ -+int nfs4_get_gid_from_who(gid_t* gid, const char * who) -+{ -+ int islocal; -+ int result; -+ -+ if(who == NULL || gid == NULL) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ islocal = is_who_local(who); -+ if(islocal < 0) -+ goto failed; -+ else if (islocal == 1) -+ result = __nfs4_get_local_gid_from_who(gid, who); -+ else -+ result = __nfs4_get_foreign_gid_from_who(gid, who); -+ -+ if(result < 0) -+ goto failed; -+ -+ return 0; -+ -+failed: -+ return -1; -+} -+ -+int __nfs4_get_local_gid_from_who(gid_t* gid, const char * who) -+{ -+ /* XXX Just trim things at the @. We need to pull the local domain -+ * name from the conf file for comparison, and handle foriegn names -+ * as well. Tie this in with idmapd and gssvcd */ -+ /* Special whos? */ -+ -+ struct group * grent; -+ char * gname_buf = NULL; -+ int gname_buflen; -+ char * char_pos = NULL; -+ int char_posi; -+ -+ -+ if(who == NULL) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ gname_buflen = strlen(who); -+ if(gname_buflen <= 0) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ char_pos = strchr(who, '@'); -+ char_posi = char_pos - who; -+ -+ if((gname_buf = (char*) malloc(sizeof(char) * (char_posi + 1))) == NULL) -+ { -+ errno = ENOMEM; -+ goto failed; -+ } -+ -+ strncpy(gname_buf, who, char_posi); -+ gname_buf[char_posi] = '\0'; -+ -+ grent = getgrnam(gname_buf); -+ free(gname_buf); -+ -+ if(grent == NULL) -+ goto failed; -+ -+ *gid = grent->gr_gid; -+ -+ return 0; -+ -+failed: -+ return -1; -+} -+ -+int __nfs4_get_foreign_gid_from_who(gid_t* gid, const char * who) -+{ -+ return -1; -+} -+ -+ -+int nfs4_get_uid_from_who(uid_t* uid, const char * who) -+{ -+ int islocal; -+ int result; -+ -+ if(who == NULL || uid == NULL) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ islocal = is_who_local(who); -+ if(islocal < 0) -+ goto failed; -+ else if (islocal == 1) -+ result = __nfs4_get_local_uid_from_who(uid, who); -+ else -+ result = __nfs4_get_foreign_uid_from_who(uid, who); -+ -+ if(result < 0) -+ goto failed; -+ -+ return 0; -+ -+failed: -+ return -1; -+} -+ -+int __nfs4_get_local_uid_from_who(uid_t* uid, const char * who) -+{ -+ /* XXX Just trim things at the @. We need to pull the local domain -+ * name from the conf file for comparison, and handle foriegn names -+ * as well. Tie this in with idmapd and gssvcd */ -+ /* Special whos? */ -+ -+ char* lname_buf; -+ char* char_pos; -+ int lname_buflen; -+ struct passwd *pwent; -+ int char_posi; -+ -+ if(who == NULL) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ lname_buflen = strlen(who); -+ if(lname_buflen <= 0) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ char_pos = strchr(who, '@'); -+ char_posi = char_pos - who; -+ -+ if((lname_buf = (char*) malloc(sizeof(char) * (char_posi + 1))) == NULL) -+ { -+ errno = ENOMEM; -+ goto failed; -+ } -+ -+ strncpy(lname_buf, who, char_posi); -+ lname_buf[char_posi] = '\0'; -+ -+ pwent = getpwnam(lname_buf); -+ free(lname_buf); -+ -+ if(pwent == NULL) -+ goto failed; -+ -+ *uid = pwent->pw_uid; -+ -+ return 0; -+ -+failed: -+ return -1; -+} -+ -+ -+ -+int is_who_local(const char * who) -+{ -+ /* -1 on error, 0 for no, 1 for yes */ -+ /* TODO: Compare domain to local domain */ -+ if(who == NULL){ -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if(strchr(who, '@') == NULL) { -+ errno = EINVAL; -+ return -1; -+ } -+ -+ return 1; -+} -+ -+int __nfs4_get_foreign_uid_from_who(uid_t* uid, const char * who) -+{ -+ /* TODO: Make this work */ -+ return -1; -+} -+ -+ -+ -+int users_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -+ struct nfs4_ace **mask_ace, acl_t *pacl, int iflags) -+{ -+ struct nfs4_ace *ace, *ace2; -+ int result; -+ -+ ace = *n4ace_p; -+ -+ if (ace == NULL) { -+ goto inval_failed; -+ } -+ -+ while (ace != NULL && acl_n4tp_get_whotype(ace) == ACL_USER) { -+ if (ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) -+ goto inval_failed; -+ if (*mask_ace && -+ !MASK_EQUAL(ace->access_mask, (*mask_ace)->access_mask)) -+ goto inval_failed; -+ *mask_ace = ace; -+ -+ ace = acl_nfs4_get_next_ace(n4ace_p); -+ if (ace == NULL) -+ goto inval_failed; -+ if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) -+ goto inval_failed; -+ result = acl_n4tp_ace_trans(ace, pacl, ACL_USER, iflags); -+ if (result < 0) -+ goto failed; -+ -+ ace2 = acl_nfs4_get_next_ace(n4ace_p); -+ if (ace2 == NULL) -+ goto failed; -+ if (!complementary_ace_pair(ace, ace2)) -+ goto failed; -+ if ((*mask_ace)->flag != ace2->flag || -+ !same_who(*mask_ace, ace2)) -+ goto failed; -+ ace = acl_nfs4_get_next_ace(n4ace_p); -+ } -+ -+ return 0; -+ -+inval_failed: -+ errno = EINVAL; -+ -+failed: -+ return -1; -+} -+ -+int complementary_ace_pair(struct nfs4_ace *allow, struct nfs4_ace *deny) -+{ -+ return MASK_EQUAL(allow->access_mask, ~deny->access_mask) && -+ allow->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE && -+ deny->type == NFS4_ACE_ACCESS_DENIED_ACE_TYPE && -+ allow->flag == deny->flag && -+ same_who(allow, deny); -+} -+ -+int same_who(struct nfs4_ace *a, struct nfs4_ace *b) -+{ -+ if(!strcmp(a->who, b->who) && strlen(a->who) == strlen(b->who)) -+ return 1; -+ return 0; -+} -+ -+int group_obj_and_groups_from_v4(struct nfs4_acl *n4acl, -+ struct nfs4_ace ** n4ace_p, struct nfs4_ace **mask_ace, -+ acl_t *pacl, int iflags) -+{ -+ struct nfs4_ace *ace, *ace2; -+ int num_aces; -+ struct ace_container_list_head ace_list; -+ struct ace_container *ace_c = NULL; -+ int result; -+ -+ TAILQ_INIT(&ace_list); -+ -+ ace = *n4ace_p; -+ -+ num_aces = acl_n4tp_ace_count(n4acl); -+ -+ if(num_aces < 0) -+ goto inval_failed; -+ -+ /* group owner (mask and allow aces) */ -+ -+ if (num_aces != 3) { -+ /* then the group owner should be preceded by mask */ -+ if (ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) -+ goto inval_failed; -+ -+ /* If we already got a mask, and it doesn't match this one... */ -+ if (*mask_ace && -+ !MASK_EQUAL(ace->access_mask, (*mask_ace)->access_mask)) -+ goto inval_failed; -+ *mask_ace = ace; -+ ace = acl_nfs4_get_next_ace(n4ace_p); -+ if (ace == NULL) -+ goto inval_failed; -+ -+ if ((*mask_ace)->flag != ace->flag || !same_who(*mask_ace, ace)) -+ goto inval_failed; -+ } -+ -+ if (acl_n4tp_get_whotype(ace) != ACL_GROUP_OBJ) -+ goto inval_failed; -+ -+ if((ace_c = malloc(sizeof(struct ace_container))) == NULL) { -+ errno = ENOMEM; -+ goto failed; -+ } -+ ace_c->ace = ace; -+ -+ TAILQ_INSERT_TAIL(&ace_list, ace_c, l_ace); -+ -+ if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) -+ goto inval_failed; -+ -+ result = acl_n4tp_ace_trans(ace, pacl, ACL_GROUP_OBJ, iflags); -+ if (result < 0) -+ goto inval_failed; -+ -+ ace = acl_nfs4_get_next_ace(n4ace_p); -+ if (ace == NULL) -+ goto inval_failed; -+ -+ /* groups (mask and allow aces) */ -+ -+ while (acl_n4tp_get_whotype(ace) == ACL_GROUP) { -+ if (*mask_ace == NULL) -+ goto inval_failed; -+ -+ if (ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE || -+ !MASK_EQUAL(ace->access_mask, (*mask_ace)->access_mask)) -+ goto inval_failed; -+ *mask_ace = ace; -+ -+ ace = acl_nfs4_get_next_ace(n4ace_p); -+ if (ace == NULL) -+ goto inval_failed; -+ -+ if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE || -+ !same_who(ace, *mask_ace)) -+ goto inval_failed; -+ -+ if((ace_c = malloc(sizeof(struct ace_container))) == NULL) { -+ errno = ENOMEM; -+ goto failed; -+ } -+ ace_c->ace = ace; -+ -+ TAILQ_INSERT_TAIL(&ace_list, ace_c, l_ace); -+ -+ result = acl_n4tp_ace_trans(ace, pacl, ACL_GROUP, iflags); -+ if (result < 0) -+ goto inval_failed; -+ -+ ace = acl_nfs4_get_next_ace(n4ace_p); -+ if (ace == NULL) -+ goto inval_failed; -+ } -+ -+ /* group owner (deny ace) */ -+ -+ if (acl_n4tp_get_whotype(ace) != ACL_GROUP_OBJ) -+ goto inval_failed; -+ -+ ace_c = ace_list.tqh_first; -+ ace2 = ace_c->ace; -+ if (!complementary_ace_pair(ace2, ace)) -+ goto inval_failed; -+ TAILQ_REMOVE(&ace_list, ace_c, l_ace); -+ free(ace_c); -+ -+ /* groups (deny aces) */ -+ -+ while (!TAILQ_IS_EMPTY(ace_list)) { -+ ace = acl_nfs4_get_next_ace(n4ace_p); -+ if (ace == NULL) -+ goto inval_failed; -+ if (acl_n4tp_get_whotype(ace) != ACL_GROUP) -+ goto inval_failed; -+ ace_c = ace_list.tqh_first; -+ ace2 = ace_c->ace; -+ if (!complementary_ace_pair(ace2, ace)) -+ goto inval_failed; -+ TAILQ_REMOVE(&ace_list, ace_c, l_ace); -+ free(ace_c); -+ } -+ -+ ace = acl_nfs4_get_next_ace(n4ace_p); -+ if (ace == NULL) -+ goto inval_failed; -+ if (acl_n4tp_get_whotype(ace) != ACL_OTHER) -+ goto inval_failed; -+ -+ return 0; -+ -+inval_failed: -+ errno = EINVAL; -+ -+failed: -+ while (!TAILQ_IS_EMPTY(ace_list)) { -+ ace_c = ace_list.tqh_first; -+ TAILQ_REMOVE(&ace_list, ace_c, l_ace); -+ free(ace_c); -+ } -+ return -1; -+} -+ -+int -+other_from_v4(struct nfs4_acl *n4acl, -+ struct nfs4_ace ** n4ace_p, acl_t *pacl, int iflags) -+{ -+ int result; -+ struct nfs4_ace *ace, *ace2; -+ -+ ace = *n4ace_p; -+ if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) -+ goto inval_failed; -+ -+ result = acl_n4tp_ace_trans(ace, pacl, ACL_OTHER, iflags); -+ if (result < 0) -+ goto failed; -+ -+ ace2 = acl_nfs4_get_next_ace(n4ace_p); -+ if (ace2 == NULL) -+ goto inval_failed; -+ -+ if (!complementary_ace_pair(ace, ace2)) -+ goto inval_failed; -+ -+ return 0; -+ -+inval_failed: -+ errno = EINVAL; -+ -+failed: -+ return -1; -+} -+ -+int mask_from_v4(struct nfs4_acl *n4acl, -+ struct nfs4_ace ** n4ace_p, struct nfs4_ace **mask_ace, -+ acl_t *pacl, int iflags) -+{ -+ int result; -+ struct nfs4_ace *ace; -+ -+ ace = *n4ace_p; -+ if (acl_n4tp_ace_count(n4acl) != 3) { -+ if (*mask_ace == NULL) -+ goto inval_failed; -+ (*mask_ace)->access_mask = ~(*mask_ace)->access_mask; -+ -+ result = acl_n4tp_ace_trans(*mask_ace, pacl, ACL_MASK, iflags); -+ if(result < 0) -+ goto failed; -+ -+ //ace = acl_nfs4_get_next_ace(n4ace_p); -+ //if (ace == NULL) -+ // goto inval_failed; -+ } -+ -+ return 0; -+ -+inval_failed: -+ errno = EINVAL; -+ -+failed: -+ return -1; -+} -+ -+ -+/* -+static inline int -+match_who(struct nfs4_ace *ace, uid_t owner, gid_t group, uid_t who) -+{ -+ switch (ace->whotype) { -+ case NFS4_ACL_WHO_NAMED: -+ return who == ace->who; -+ case NFS4_ACL_WHO_OWNER: -+ return who == owner; -+ case NFS4_ACL_WHO_GROUP: -+ return who == group; -+ case NFS4_ACL_WHO_EVERYONE: -+ return 1; -+ default: -+ return 0; -+ } -+} -+*/ -+/* 0 = granted, -EACCES = denied; mask is an nfsv4 mask, not mode bits */ -+/* -+int -+nfs4_acl_permission(struct nfs4_acl *acl, uid_t owner, gid_t group, -+ uid_t who, u32 mask) -+{ -+ struct nfs4_ace *ace; -+ u32 allowed = 0; -+ -+ list_for_each_entry(ace, &acl->ace_head, l_ace) { -+ if (!match_who(ace, group, owner, who)) -+ continue; -+ switch (ace->type) { -+ case NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE: -+ allowed |= ace->access_mask; -+ if ((allowed & mask) == mask) -+ return 0; -+ break; -+ case NFS4_ACE_ACCESS_DENIED_ACE_TYPE: -+ if (ace->access_mask & mask) -+ return -EACCES; -+ break; -+ } -+ } -+ return -EACCES; -+} -+*/ -diff --git a/libacl/acl_nfs4_xattr_load.c b/libacl/acl_nfs4_xattr_load.c -new file mode 100644 -index 0000000..e045cd2 ---- /dev/null -+++ b/libacl/acl_nfs4_xattr_load.c -@@ -0,0 +1,191 @@ -+/* -+ * NFSv4 ACL Code -+ * Convert NFSv4 xattr values to a posix ACL -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+ -+#include <acl/libacl.h> -+#include <netinet/in.h> -+#include "libacl_nfs4.h" -+ -+ -+struct nfs4_acl * acl_nfs4_xattr_load( -+ char * xattr_v, -+ int xattr_size, -+ u32 is_dir) -+{ -+ struct nfs4_acl * nacl_p; -+ char* bufp = xattr_v; -+ int bufs = xattr_size; -+ u32 ace_n; -+ u32 wholen; -+ char* who; -+ int d_ptr; -+ u32 num_aces; -+ -+ u32 type, flag, access_mask; -+ -+ if(xattr_size < sizeof(u32)) { -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ if((nacl_p = acl_nfs4_new(is_dir)) == NULL) { -+ errno = ENOMEM; -+ return NULL; -+ } -+ -+ /* Grab the number of aces in the acl */ -+ num_aces = (u32)ntohl(*((u32*)(bufp))); -+ -+#ifdef LIBACL_NFS4_DEBUG -+ printf(" Got number of aces: %d\n", nacl_p->naces); -+#endif -+ -+ -+ d_ptr = sizeof(u32); -+ bufp += d_ptr; -+ bufs -= d_ptr; -+ -+ for(ace_n = 0; num_aces > ace_n ; ace_n++) -+ { -+#ifdef LIBACL_NFS4_DEBUG -+ printf(" Getting Ace #%d of %d\n", ace_n, num_aces); -+#endif -+ /* Get the acl type */ -+ if(bufs <= 0) { -+ errno = EINVAL; -+ goto bad_xattr_val; -+ } -+ -+ type = (u32)ntohl(*((u32*)bufp)); -+#ifdef LIBACL_NFS4_DEBUG -+ printf(" Type: %x\n", type); -+#endif -+ -+ d_ptr = sizeof(u32); -+ bufp += d_ptr; -+ bufs -= d_ptr; -+ -+ /* Get the acl flag */ -+ if(bufs <= 0) { -+ errno = EINVAL; -+ goto bad_xattr_val; -+ } -+ -+ flag = (u32)ntohl(*((u32*)bufp)); -+#ifdef LIBACL_NFS4_DEBUG -+ printf(" Flag: %x\n", flag); -+#endif -+ -+ bufp += d_ptr; -+ bufs -= d_ptr; -+ -+ /* Get the access mask */ -+ -+ if(bufs <= 0) { -+ errno = EINVAL; -+ goto bad_xattr_val; -+ } -+ -+ access_mask = (u32)ntohl(*((u32*)bufp)); -+#ifdef LIBACL_NFS4_DEBUG -+ printf(" Access Mask: %x\n", access_mask); -+#endif -+ -+ bufp += d_ptr; -+ bufs -= d_ptr; -+ -+ /* Get the who string length*/ -+ if(bufs <= 0) { -+ errno = EINVAL; -+ goto bad_xattr_val; -+ } -+ -+ wholen = (u32)ntohl(*((u32*)bufp)); -+#ifdef LIBACL_NFS4_DEBUG -+ printf(" Wholen: %d\n", wholen); -+#endif -+ -+ bufp += d_ptr; -+ bufs -= d_ptr; -+ -+ /* Get the who string */ -+ if(bufs <= 0) { -+ errno = EINVAL; -+ goto bad_xattr_val; -+ } -+ -+ who = (char *) malloc((wholen+1) * sizeof(char)); -+ if(who == NULL) -+ { -+ errno = ENOMEM; -+ goto bad_xattr_val; -+ } -+ -+ memcpy(who, bufp, wholen); -+ -+ who[wholen] = '\0'; -+ -+#ifdef LIBACL_NFS4_DEBUG -+ printf(" Who: %s\n", who); -+#endif -+ -+ d_ptr = ((wholen / sizeof(u32))*sizeof(u32)); -+ if(wholen % sizeof(u32) != 0) -+ d_ptr += sizeof(u32); -+ -+ bufp += d_ptr; -+ bufs -= d_ptr; -+ -+ /* Make sure we aren't outside our domain */ -+ if(bufs < 0) { -+ free(who); -+ goto bad_xattr_val; -+ } -+ -+ if(acl_nfs4_add_ace(nacl_p, type, flag, access_mask, acl_nfs4_get_whotype(who), who) < 0) { -+ free(who); -+ goto bad_xattr_val; -+ } -+ -+ free(who); -+ } -+ -+ return nacl_p; -+ -+bad_xattr_val: -+ /* We bailed for some reason */ -+ acl_nfs4_free(nacl_p); -+ return NULL; -+} -diff --git a/libacl/acl_nfs4_xattr_pack.c b/libacl/acl_nfs4_xattr_pack.c -new file mode 100644 -index 0000000..be92ba4 ---- /dev/null -+++ b/libacl/acl_nfs4_xattr_pack.c -@@ -0,0 +1,148 @@ -+/* -+ * NFSv4 ACL Code -+ * Pack an NFS4 ACL into an XDR encoded buffer. -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include <libacl_nfs4.h> -+#include <netinet/in.h> -+ -+int acl_nfs4_xattr_pack(struct nfs4_acl * acl, char** bufp) -+{ -+ struct nfs4_ace * ace; -+ int buflen; -+ int rbuflen; -+ int num_aces; -+ int ace_num; -+ int wholen; -+ int result; -+ char* p; -+ char* who; -+ -+ if(acl == NULL || bufp == NULL) -+ { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ buflen = acl_nfs4_xattr_size(acl); -+ if(buflen < 0) -+ { -+ goto failed; -+ } -+ -+ *bufp = (char*) malloc(buflen); -+ if(*bufp == NULL) { -+ errno = ENOMEM; -+ goto failed; -+ } -+ -+ p = *bufp; -+ -+ num_aces = acl->naces; -+ -+ *((u32*)p) = htonl(num_aces); -+ -+ rbuflen = sizeof(u32); -+ p += sizeof(u32); -+ -+ ace = acl_nfs4_get_first_ace(acl); -+ ace_num = 1; -+ -+ while(1) -+ { -+ if(ace == NULL) -+ { -+ if(ace_num > num_aces) { -+ break; -+ } else { -+ errno = ENODATA; -+ goto failed; -+ } -+ } -+ -+ *((u32*)p) = htonl(ace->type); -+ p += sizeof(u32); -+ rbuflen += sizeof(u32); -+ -+ *((u32*)p) = htonl(ace->flag); -+ p += sizeof(u32); -+ rbuflen += sizeof(u32); -+ -+ *((u32*)p) = htonl(ace->access_mask); -+ p += sizeof(u32); -+ rbuflen += sizeof(u32); -+ -+ result = acl_nfs4_get_who(ace, NULL, &who); -+ if(result < 0) { -+ goto free_failed; -+ } -+ -+ wholen = strlen(who); -+ *((u32*)p) = htonl(wholen); -+ rbuflen += sizeof(u32); -+ -+ p += sizeof(u32); -+ -+ memcpy(p, who, wholen); -+ free(who); -+ -+ p += (wholen / NFS4_XDR_MOD) * NFS4_XDR_MOD; -+ if(wholen % NFS4_XDR_MOD) { -+ p += NFS4_XDR_MOD; -+ } -+ -+ rbuflen += (wholen / NFS4_XDR_MOD) * NFS4_XDR_MOD; -+ if(wholen % NFS4_XDR_MOD) { -+ rbuflen += NFS4_XDR_MOD; -+ } -+ -+ acl_nfs4_get_next_ace(&ace); -+ ace_num++; -+ } -+ -+ if (buflen != rbuflen) -+ { -+ goto free_failed; -+ } -+ return buflen; -+ -+free_failed: -+ free(*bufp); -+ *bufp = NULL; -+ -+failed: -+ return -1; -+} -+ -+ -+ -diff --git a/libacl/acl_nfs4_xattr_size.c b/libacl/acl_nfs4_xattr_size.c -new file mode 100644 -index 0000000..3719535 ---- /dev/null -+++ b/libacl/acl_nfs4_xattr_size.c -@@ -0,0 +1,91 @@ -+/* -+ * NFSv4 ACL Code -+ * Return the expected xattr XDR encoded size of the nfs acl. Used for -+ * figuring the size of the xattr buffer. -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include <libacl_nfs4.h> -+ -+int acl_nfs4_xattr_size(struct nfs4_acl * acl) -+{ -+ int size = 0; -+ struct nfs4_ace * ace; -+ int ace_num; -+ int num_aces; -+ -+ if(acl == NULL) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ /* Space for number of aces */ -+ size += sizeof(u32); -+ -+ ace = acl_nfs4_get_first_ace(acl); -+ ace_num = 1; -+ -+ num_aces = acl->naces; -+ -+ while(1) -+ { -+ if(ace == NULL) { -+ if(ace_num > num_aces) { -+ break; -+ } else { -+ errno = ENODATA; -+ goto failed; -+ } -+ } -+ -+ /* space for type, flag, and mask */ -+ size += (3 * sizeof(u32)); -+ -+ /* space for strlen */ -+ size += sizeof(u32); -+ -+ /* space for the who string... xdr encoded */ -+ size += (strlen(ace->who) / NFS4_XDR_MOD) * NFS4_XDR_MOD * sizeof(char); -+ if(strlen(ace->who) % NFS4_XDR_MOD) { -+ size += NFS4_XDR_MOD; -+ } -+ -+ acl_nfs4_get_next_ace(&ace); -+ ace_num++; -+ } -+ -+ return size; -+ -+failed: -+ return -1; -+} -+ -diff --git a/libacl/acl_ptn4_acl_trans.c b/libacl/acl_ptn4_acl_trans.c -new file mode 100644 -index 0000000..2e5aa51 ---- /dev/null -+++ b/libacl/acl_ptn4_acl_trans.c -@@ -0,0 +1,518 @@ -+/* -+ * NFSv4 ACL Code -+ * Convert a posix ACL to an NFSv4 ACL -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * J. Bruce Fields <bfields@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include <acl/libacl.h> -+#include <nfsidmap.h> -+#include "libacl_nfs4.h" -+ -+ -+/* Plan: -+ * 1: if setting default, remove all purely inherited aces, and replace -+ * all dual-use aces by purely effective aces -+ * 2: if setting effective, remove all purely effective aces, and replace -+ * all dual-use aces by purely inherited ones -+ */ -+ -+int purge_aces(struct nfs4_acl *nacl, acl_type_t type) -+{ -+ struct nfs4_ace *p, *next; -+ -+ for (p = nacl->ace_head.tqh_first; p != NULL; p = next) { -+ next = p->l_ace.tqe_next; -+ -+ switch (p->flag & NFS4_INHERITANCE_FLAGS) { -+ case 0: -+ /* purely effective */ -+ if (type == ACL_TYPE_ACCESS) -+ acl_nfs4_remove_ace(nacl, p); -+ continue; -+ case NFS4_INHERITANCE_FLAGS: -+ /* purely inherited */ -+ if (type == ACL_TYPE_DEFAULT) -+ acl_nfs4_remove_ace(nacl, p); -+ break; -+ case NFS4_INHERITANCE_FLAGS & ~NFS4_ACE_INHERIT_ONLY_ACE: -+ /* both effective and inherited */ -+ if (type == ACL_TYPE_DEFAULT) { -+ /* Change to purely effective */ -+ p->flag &= ~NFS4_INHERITANCE_FLAGS; -+ } else { /* ACL_TYPE_ACCESS */ -+ /* Change to purely inherited */ -+ p->flag |= NFS4_INHERITANCE_FLAGS; -+ } -+ break; -+ default: -+ errno = EINVAL; -+ return -1; -+ } -+ -+ } -+ return 0; -+} -+ -+int -+acl_ptn4_acl_trans(acl_t pacl, struct nfs4_acl *acl, acl_type_t type, u32 is_dir, char *nfs_domain) -+{ -+ int eflag; -+ u32 mask, mask_mask = 0; -+ int num_aces; -+ int result, result2; -+ u32 iflags = NFS4_ACL_NOFLAGS; -+ int allocated = 0; -+ -+ acl_entry_t pace_p; -+ acl_tag_t ace_type; -+ acl_permset_t perms; -+ -+ char who_buf_static[NFS4_ACL_WHO_BUFFER_LEN_GUESS]; -+ char *who_buf = NULL; -+ int who_buflen; -+ int who_buflen_static = NFS4_ACL_WHO_BUFFER_LEN_GUESS; -+ uid_t * uid_p; -+ gid_t * gid_p; -+ -+ eflag = 0; -+ -+ if (type == ACL_TYPE_DEFAULT) { -+ eflag = NFS4_INHERITANCE_FLAGS; -+ iflags |= NFS4_ACL_REQUEST_DEFAULT; -+ } -+ -+ result = purge_aces(acl, type); -+ if (result) -+ return -1; -+ -+ if (is_dir & NFS4_ACL_ISDIR) -+ iflags |= NFS4_ACL_ISDIR; -+ -+ -+ if (pacl == NULL || (acl_valid(pacl) < 0 || acl_entries(pacl) == 0)) { -+ errno = EINVAL; -+ goto out; -+ } -+ -+ /* Start Conversion */ -+ -+ /* 3 aces minimum (mode bits) */ -+ num_aces = acl_entries(pacl); -+ if (num_aces < 3) { -+ errno = EINVAL; -+ goto out; -+ } -+ -+ /* Get the mask entry */ -+ -+ result = acl_get_entry(pacl, ACL_FIRST_ENTRY, &pace_p); -+ if (result < 0) -+ goto out; -+ -+ while (result > 0 && mask_mask == 0) { -+ result = acl_get_tag_type(pace_p, &ace_type); -+ if (result < 0) -+ goto out; -+ -+ if (ace_type == ACL_MASK) { -+ result = acl_get_permset(pace_p, &perms); -+ if(result < 0) -+ goto out; -+ -+ result = acl_ptn4_get_mask(&mask_mask, perms, iflags); -+ if(result < 0) -+ goto out; -+ -+ mask_mask = ~mask_mask; -+ } -+ -+ result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p); -+ if (result < 0) -+ goto out; -+ } -+ -+ /* Get the file owner entry */ -+ result = acl_get_entry(pacl, ACL_FIRST_ENTRY, &pace_p); -+ if (result < 0) -+ goto out; -+ -+ result = acl_get_tag_type(pace_p, &ace_type); -+ if (result < 0) -+ goto out; -+ -+ if (ace_type != ACL_USER_OBJ) { -+ errno = EINVAL; -+ goto out; -+ } -+ -+ result = acl_get_permset(pace_p, &perms); -+ if (result < 0) -+ goto out; -+ -+ result = acl_ptn4_get_mask(&mask, perms, iflags | NFS4_ACL_OWNER); -+ if (result < 0) -+ goto out; -+ -+ result = acl_nfs4_add_pair(acl, eflag, mask, NFS4_ACL_WHO_OWNER, NULL); -+ -+ if (result < 0) -+ goto out; -+ -+ result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p); -+ if (result < 0) -+ goto out; -+ -+ result2 = acl_get_tag_type(pace_p, &ace_type); -+ if (result2 < 0) -+ goto out; -+ -+ while (ace_type == ACL_USER && result > 0) { -+ result = acl_get_permset(pace_p, &perms); -+ if (result < 0) -+ goto out; -+ -+ result = acl_ptn4_get_mask(&mask, perms, iflags); -+ if (result < 0) -+ goto out; -+ -+ uid_p = acl_get_qualifier(pace_p); -+ -+ who_buf = who_buf_static; -+ who_buflen = who_buflen_static; -+ -+ result = nfs4_init_name_mapping(NULL); -+ result = nfs4_uid_to_name(*uid_p, nfs_domain, who_buf, who_buflen); -+ -+ -+ while (result == -ENOBUFS) { -+ if (who_buf != who_buf_static) -+ free(who_buf); -+ -+ /* Increase the size by a full buflen unit */ -+ who_buflen += who_buflen_static; -+ who_buf = malloc(who_buflen); -+ -+ if (who_buf == NULL) { -+ result = -ENOMEM; -+ break; -+ } -+ -+ result = nfs4_init_name_mapping(NULL); -+ result = nfs4_uid_to_name(*uid_p, nfs_domain, who_buf, who_buflen); -+ -+ } -+ acl_free(uid_p); -+ if (result < 0) { -+ errno = -result; -+ goto out; -+ } -+ -+ if (who_buf == NULL) -+ goto out; -+ -+ result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, -+ eflag, mask_mask, NFS4_ACL_WHO_NAMED, who_buf); -+ if (result < 0) { -+ if(who_buf != who_buf_static) -+ free(who_buf); -+ goto out; -+ } -+ -+ result = acl_nfs4_add_pair(acl, eflag, mask, NFS4_ACL_WHO_NAMED, -+ who_buf); -+ if (who_buf != who_buf_static) -+ free(who_buf); -+ if (result < 0) -+ goto out; -+ -+ result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p); -+ if (result <= 0) -+ goto out; -+ -+ result2 = acl_get_tag_type(pace_p, &ace_type); -+ if (result2 < 0) -+ goto out; -+ -+ } -+ -+ /* In the case of groups, we apply allow ACEs first, then deny ACEs, -+ * since a user can be in more than one group. */ -+ -+ /* allow ACEs */ -+ -+ if (num_aces > 3) { -+ result2 = acl_get_tag_type(pace_p, &ace_type); -+ if (result2 < 0) -+ goto out; -+ -+ if (ace_type != ACL_GROUP_OBJ) { -+ errno = EINVAL; -+ goto out; -+ } -+ -+ result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, -+ NFS4_ACE_IDENTIFIER_GROUP | eflag, mask_mask, -+ NFS4_ACL_WHO_GROUP, NULL); -+ -+ if (result < 0) -+ goto out; -+ } -+ -+ result = acl_get_permset(pace_p, &perms); -+ if (result < 0) -+ goto out; -+ -+ result = acl_ptn4_get_mask(&mask, perms, iflags); -+ if (result < 0) -+ goto out; -+ -+ result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, -+ NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, NFS4_ACL_WHO_GROUP, NULL); -+ -+ if (result < 0) -+ goto out; -+ -+ result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p); -+ if (result <= 0) -+ goto out; -+ -+ result2 = acl_get_tag_type(pace_p, &ace_type); -+ if (result2 < 0) -+ goto out; -+ -+ while (ace_type == ACL_GROUP && result > 0) { -+ result = acl_get_permset(pace_p, &perms); -+ if (result < 0) -+ goto out; -+ -+ result = acl_ptn4_get_mask(&mask, perms, iflags); -+ if (result < 0) -+ goto out; -+ -+ gid_p = acl_get_qualifier(pace_p); -+ -+ who_buf = who_buf_static; -+ who_buflen = who_buflen_static; -+ -+ result = nfs4_gid_to_name(*gid_p, nfs_domain, who_buf, who_buflen); -+ -+ -+ while (result == -ENOBUFS) { -+ if (who_buf != who_buf_static) -+ free(who_buf); -+ -+ /* Increase the size by a full buflen unit */ -+ who_buflen += who_buflen_static; -+ who_buf = malloc(who_buflen); -+ -+ if (who_buf == NULL) { -+ result = -ENOMEM; -+ break; -+ } -+ -+ result = nfs4_gid_to_name(*gid_p, nfs_domain, who_buf, who_buflen); -+ } -+ -+ acl_free(gid_p); -+ -+ if (result < 0) { -+ errno = -result; -+ goto out; -+ } -+ -+ if (who_buf == NULL) -+ goto out; -+ -+ result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, -+ NFS4_ACE_IDENTIFIER_GROUP | eflag, mask_mask, -+ NFS4_ACL_WHO_NAMED, who_buf); -+ if (result < 0) { -+ if(who_buf != who_buf_static) -+ free(who_buf); -+ goto out; -+ } -+ -+ result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE, -+ NFS4_ACE_IDENTIFIER_GROUP | eflag, mask, -+ NFS4_ACL_WHO_NAMED, who_buf); -+ -+ if (who_buf != who_buf_static) -+ free(who_buf); -+ -+ if (result < 0) -+ goto out; -+ result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p); -+ if (result <= 0) -+ goto out; -+ -+ result2 = acl_get_tag_type(pace_p, &ace_type); -+ if (result2 < 0) -+ goto out; -+ } -+ -+ /* deny ACEs */ -+ -+ result = acl_get_entry(pacl, ACL_FIRST_ENTRY, &pace_p); -+ if (result <= 0) -+ goto out; -+ -+ result2 = acl_get_tag_type(pace_p, &ace_type); -+ if (result2 < 0) -+ goto out; -+ -+ while (ace_type != ACL_GROUP_OBJ && result > 0) { -+ result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p); -+ if(result <= 0) -+ goto out; -+ -+ result2 = acl_get_tag_type(pace_p, &ace_type); -+ if(result2 < 0) -+ goto out; -+ } -+ -+ result = acl_get_permset(pace_p, &perms); -+ if (result < 0) -+ goto out; -+ -+ result = acl_ptn4_get_mask(&mask, perms, iflags); -+ if (result < 0) -+ goto out; -+ -+ result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, -+ NFS4_ACE_IDENTIFIER_GROUP | eflag, ~mask, NFS4_ACL_WHO_GROUP, -+ NULL); -+ -+ if (result < 0) -+ goto out; -+ -+ result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p); -+ if (result <= 0) -+ goto out; -+ -+ result2 = acl_get_tag_type(pace_p, &ace_type); -+ if (result2 < 0) -+ goto out; -+ -+ while (ace_type == ACL_GROUP && result > 0) { -+ result = acl_get_permset(pace_p, &perms); -+ if (result < 0) -+ goto out; -+ -+ result = acl_ptn4_get_mask(&mask, perms, iflags); -+ if (result < 0) -+ goto out; -+ -+ gid_p = acl_get_qualifier(pace_p); -+ -+ who_buf = who_buf_static; -+ who_buflen = who_buflen_static; -+ -+ result = nfs4_gid_to_name(*gid_p, nfs_domain, who_buf, who_buflen); -+ -+ -+ while (result == -ENOBUFS) { -+ if (who_buf != who_buf_static) -+ free(who_buf); -+ -+ /* Increase the size by a full buflen unit */ -+ who_buflen += who_buflen_static; -+ who_buf = malloc(who_buflen); -+ -+ if (who_buf == NULL) { -+ result = -ENOMEM; -+ break; -+ } -+ -+ result = nfs4_gid_to_name(*gid_p, nfs_domain, who_buf, who_buflen); -+ } -+ -+ acl_free(gid_p); -+ -+ if (result < 0) { -+ errno = -result; -+ goto out; -+ } -+ -+ if (who_buf == NULL) -+ goto out; -+ -+ result = acl_nfs4_add_ace(acl, NFS4_ACE_ACCESS_DENIED_ACE_TYPE, -+ NFS4_ACE_IDENTIFIER_GROUP | eflag, ~mask, -+ NFS4_ACL_WHO_NAMED, who_buf); -+ if (who_buf != who_buf_static) -+ free(who_buf); -+ if (result < 0) -+ goto out; -+ -+ result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p); -+ if (result <= 0) -+ goto out; -+ -+ result2 = acl_get_tag_type(pace_p, &ace_type); -+ if (result2 < 0) -+ goto out; -+ } -+ -+ if (ace_type == ACL_MASK) { -+ result = acl_get_entry(pacl, ACL_NEXT_ENTRY, &pace_p); -+ if (result <= 0) -+ goto out; -+ -+ result2 = acl_get_tag_type(pace_p, &ace_type); -+ if (result2 < 0) -+ goto out; -+ } -+ -+ if (ace_type != ACL_OTHER) { -+ errno = EINVAL; -+ goto out; -+ } -+ -+ result = acl_get_permset(pace_p, &perms); -+ if (result < 0) -+ goto out; -+ -+ result = acl_ptn4_get_mask(&mask, perms, iflags); -+ if (result < 0) -+ goto out; -+ -+ result = acl_nfs4_add_pair(acl, eflag, mask, NFS4_ACL_WHO_EVERYONE, NULL); -+ -+ return result; -+out: -+ if (allocated) -+ acl_nfs4_free(acl); -+ return -1; -+} -+ -+ -diff --git a/libacl/acl_ptn4_get_mask.c b/libacl/acl_ptn4_get_mask.c -new file mode 100644 -index 0000000..bee0a97 ---- /dev/null -+++ b/libacl/acl_ptn4_get_mask.c -@@ -0,0 +1,81 @@ -+/* -+ * NFSv4 ACL Code -+ * Translate POSIX permissions to an NFSv4 mask -+ * -+ * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -+ * All rights reserved. -+ * -+ * Nathaniel Gallaher <ngallahe@umich.edu> -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of the University nor the names of its -+ * contributors may be used to endorse or promote products derived -+ * from this software without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include <acl/libacl.h> -+#include <libacl_nfs4.h> -+ -+int acl_ptn4_get_mask(u32* mask, acl_permset_t perms, int iflags) -+{ -+ int result; -+ -+ *mask = NFS4_ANYONE_MODE; -+ -+ if(perms == NULL) { -+ errno = EINVAL; -+ goto failed; -+ } -+ -+ if (iflags & NFS4_ACL_OWNER) -+ *mask |= NFS4_OWNER_MODE; -+ -+ result = acl_get_perm(perms, ACL_READ); -+ if(result < 0) -+ goto failed; -+ else if(result == 1) -+ *mask |= NFS4_READ_MODE; -+ -+ result = acl_get_perm(perms, ACL_WRITE); -+ if(result < 0) -+ goto failed; -+ else if(result == 1) { -+ *mask |= NFS4_WRITE_MODE; -+ if(iflags & NFS4_ACL_ISDIR) -+ *mask |= NFS4_ACE_DELETE_CHILD; -+ } -+ -+ result = acl_get_perm(perms, ACL_EXECUTE); -+ if(result < 0) -+ goto failed; -+ else if(result == 1) -+ *mask |= NFS4_EXECUTE_MODE; -+ -+ return 0; -+ -+failed: -+ return -1; -+} -+ -+ -+ -diff --git a/libacl/acl_set_fd.c b/libacl/acl_set_fd.c -index e6413ad..93536a8 100644 ---- a/libacl/acl_set_fd.c -+++ b/libacl/acl_set_fd.c -@@ -24,6 +24,11 @@ - #include "libacl.h" - #include "__acl_to_xattr.h" - -+#ifdef USE_NFSV4_TRANS -+ #include "libacl_nfs4.h" -+ #include <nfsidmap.h> -+#endif -+ - #include "byteorder.h" - #include "acl_ea.h" - -@@ -37,10 +42,42 @@ acl_set_fd(int fd, acl_t acl) - const char *name = ACL_EA_ACCESS; - size_t size; - int error; -+#ifdef USE_NFSV4_TRANS -+ int retval; -+ struct nfs4_acl * nacl; -+#endif - - if (!acl_obj_p) - return -1; -+ -+#ifdef USE_NFSV4_TRANS -+ retval = fgetxattr(fd, ACL_NFS4_XATTR, NULL, 0); -+ -+ if(retval == -1 && (errno == ENOATTR || errno == EOPNOTSUPP)) { -+ ext_acl_p = __acl_to_xattr(acl_obj_p, &size); -+ } else { -+ char domain[NFS4_MAX_DOMAIN_LEN]; -+ nfs4_init_name_mapping(NULL); -+ error = nfs4_get_default_domain(NULL, domain, sizeof(domain)); -+ if (error) -+ return -1; -+ nacl = acl_nfs4_new(0); -+ if (acl == NULL) { -+ errno = ENOMEM; -+ return -1; -+ } -+ error = acl_ptn4_acl_trans(acl, nacl, ACL_TYPE_ACCESS, 0, domain); -+ if (error) -+ return -1; -+ -+ size = acl_nfs4_xattr_pack(nacl, &ext_acl_p); -+ name = ACL_NFS4_XATTR; -+ acl_nfs4_free(nacl); -+ } -+#else - ext_acl_p = __acl_to_xattr(acl_obj_p, &size); -+#endif -+ - if (!ext_acl_p) - return -1; - error = fsetxattr(fd, name, (char *)ext_acl_p, size, 0); -diff --git a/libacl/acl_set_file.c b/libacl/acl_set_file.c -index 6821851..303e39c 100644 ---- a/libacl/acl_set_file.c -+++ b/libacl/acl_set_file.c -@@ -26,9 +26,38 @@ - #include "libacl.h" - #include "__acl_to_xattr.h" - -+#ifdef USE_NFSV4_TRANS -+ #include "libacl_nfs4.h" -+ #include <nfsidmap.h> -+#endif -+ - #include "byteorder.h" - #include "acl_ea.h" - -+#ifdef USE_NFSV4_TRANS -+static struct nfs4_acl *get_nfs4_acl(const char *path_p, int is_dir) -+{ -+ struct nfs4_acl * acl = NULL; -+ ssize_t ret; -+ char *buf; -+ -+ ret = getxattr(path_p, ACL_NFS4_XATTR, NULL, 0); -+ if (ret < 0) -+ return NULL; -+ buf = malloc(ret); -+ if (buf == NULL) -+ return NULL; -+ ret = getxattr(path_p, ACL_NFS4_XATTR, buf, ret); -+ if (ret < 0) -+ goto out_free; -+ acl = acl_nfs4_xattr_load(buf, ret, is_dir); -+ -+out_free: -+ free(buf); -+ return acl; -+} -+ -+#endif - - /* 23.4.22 */ - int -@@ -39,9 +68,15 @@ acl_set_file(const char *path_p, acl_type_t type, acl_t acl) - const char *name; - size_t size; - int error; -+ struct stat st; -+#ifdef USE_NFSV4_TRANS -+ struct nfs4_acl * nacl; -+ int is_dir = NFS4_ACL_ISFILE; -+#endif - - if (!acl_obj_p) - return -1; -+ - switch (type) { - case ACL_TYPE_ACCESS: - name = ACL_EA_ACCESS; -@@ -54,8 +89,41 @@ acl_set_file(const char *path_p, acl_type_t type, acl_t acl) - return -1; - } - -+ -+#ifdef USE_NFSV4_TRANS -+ if (stat(path_p, &st) != 0) -+ return -1; -+ if (S_ISDIR(st.st_mode)) -+ is_dir = NFS4_ACL_ISDIR; -+ if (type == ACL_TYPE_DEFAULT && !is_dir) { -+ errno = EACCES; -+ return -1; -+ } -+ nacl = get_nfs4_acl(path_p, is_dir); -+ if (nacl == NULL && (errno == ENOATTR || errno == EOPNOTSUPP)) -+ ext_acl_p = __acl_to_xattr(acl_obj_p, &size); -+ else { -+ char domain[NFS4_MAX_DOMAIN_LEN]; -+ -+ nfs4_init_name_mapping(NULL); -+ error = nfs4_get_default_domain(NULL, domain, sizeof(domain)); -+ if (error) { -+ acl_nfs4_free(nacl); -+ return -1; -+ } -+ error = acl_ptn4_acl_trans(acl, nacl, type, is_dir, domain); -+ if (error) { -+ acl_nfs4_free(nacl); -+ return -1; -+ } -+ -+ size = acl_nfs4_xattr_pack(nacl, &ext_acl_p); -+ name = ACL_NFS4_XATTR; -+ acl_nfs4_free(nacl); -+ } -+#else -+ - if (type == ACL_TYPE_DEFAULT) { -- struct stat st; - - if (stat(path_p, &st) != 0) - return -1; -@@ -68,9 +136,12 @@ acl_set_file(const char *path_p, acl_type_t type, acl_t acl) - } - - ext_acl_p = __acl_to_xattr(acl_obj_p, &size); -+#endif -+ - if (!ext_acl_p) - return -1; -- error = setxattr(path_p, name, (char *)ext_acl_p, size, 0); -+ -+ error = setxattr(path_p, name, (char *)ext_acl_p, size, XATTR_REPLACE); - free(ext_acl_p); - return error; - } -diff --git a/libacl/libacl_nfs4.h b/libacl/libacl_nfs4.h -new file mode 100644 -index 0000000..e6a466c ---- /dev/null -+++ b/libacl/libacl_nfs4.h -@@ -0,0 +1,134 @@ -+#include <sys/types.h> -+#include <pwd.h> -+#include <grp.h> -+#include <sys/acl.h> -+#include <stdlib.h> -+#include <sys/queue.h> -+#include <nfs4.h> -+#include <sys/errno.h> -+#include <string.h> -+ -+/* mode bit translations: */ -+#define NFS4_READ_MODE NFS4_ACE_READ_DATA -+#define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA \ -+ | NFS4_ACE_APPEND_DATA | NFS4_ACE_DELETE_CHILD) -+#define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE -+#define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | \ -+ NFS4_ACE_SYNCHRONIZE) -+#define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL) -+ -+/* flags used to simulate posix default ACLs */ -+#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ -+ | NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE) -+ -+#define NFS4_ACE_MASK_IGNORE (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \ -+ | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS) -+/* XXX not sure about the following. Note that e.g. DELETE_CHILD is wrong in -+ * general (should only be ignored on files). */ -+#define MASK_EQUAL(mask1, mask2) \ -+ (((mask1) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \ -+ ~NFS4_ACE_DELETE_CHILD) \ -+ == ((mask2) & NFS4_ACE_MASK_ALL & ~NFS4_ACE_MASK_IGNORE & \ -+ ~NFS4_ACE_DELETE_CHILD)) -+ -+/* Maximum length of the ace->who attribute */ -+#define NFS4_ACL_WHO_LENGTH_MAX 2048 -+#define NFS4_ACL_WHO_BUFFER_LEN_GUESS 255 -+ -+/* NFS4 acl xattr name */ -+#define ACL_NFS4_XATTR "system.nfs4_acl" -+ -+/* Macro for finding empty tailqs */ -+#define TAILQ_IS_EMPTY(head) (head.tqh_first == NULL) -+ -+/* Flags to pass certain properties around */ -+#define NFS4_ACL_NOFLAGS 0x00 -+#define NFS4_ACL_ISFILE 0x00 -+#define NFS4_ACL_ISDIR 0x01 -+#define NFS4_ACL_OWNER 0x02 -+#define NFS4_ACL_REQUEST_DEFAULT 0x04 -+#define NFS4_ACL_RAW 0x01 -+ -+#define NFS4_XDR_MOD 4 -+ -+typedef u_int32_t u32; -+ -+enum { ACL_NFS4_NOT_USED = 0, -+ ACL_NFS4_USED -+}; -+ -+struct ace_container { -+ struct nfs4_ace *ace; -+ TAILQ_ENTRY(ace_container) l_ace; -+}; -+ -+TAILQ_HEAD(ace_container_list_head, ace_container); -+ -+/**** Public functions ****/ -+ -+/** Manipulation functions **/ -+extern int acl_nfs4_add_ace(struct nfs4_acl *, u32, u32, u32, int, char*); -+extern int acl_nfs4_add_pair(struct nfs4_acl *, int, u32, int, char*); -+extern void acl_nfs4_free(struct nfs4_acl *); -+extern struct nfs4_acl *acl_nfs4_new(u32); -+extern int acl_nfs4_set_who(struct nfs4_ace*, int, char*); -+extern struct nfs4_acl *acl_nfs4_copy_acl(struct nfs4_acl *); -+extern struct nfs4_acl *acl_nfs4_xattr_load(char *, int, u32); -+extern int acl_nfs4_xattr_pack(struct nfs4_acl *, char**); -+extern int acl_nfs4_xattr_size(struct nfs4_acl *); -+extern void acl_nfs4_remove_ace(struct nfs4_acl * acl, struct nfs4_ace * ace); -+ -+/** Conversion functions **/ -+ -+/* nfs4 -> posix */ -+extern acl_t acl_n4tp_acl_trans(struct nfs4_acl *, acl_type_t); -+extern int acl_n4tp_set_mode(acl_entry_t pace, u32 nfs4_access_mask, -+ int iflags); -+extern int acl_n4tp_ace_count(struct nfs4_acl *n4acl); -+extern int acl_n4tp_ace_trans(struct nfs4_ace *ace, acl_t *pacl, -+ acl_tag_t tag, int iflags); -+extern int acl_n4tp_set_who(acl_entry_t ace, char* who, -+ acl_tag_t who_type); -+extern acl_tag_t acl_n4tp_get_whotype(struct nfs4_ace *ace); -+ -+/* posix -> nfs4 */ -+extern int acl_ptn4_get_mask(u32* mask, acl_permset_t perms, -+ int iflags); -+extern int acl_ptn4_acl_trans(acl_t, struct nfs4_acl *, acl_type_t, u32, char*); -+ -+ -+/** Access Functions **/ -+extern inline struct nfs4_ace * -+ acl_nfs4_get_next_ace(struct nfs4_ace **); -+extern inline struct nfs4_ace * -+ acl_nfs4_get_first_ace(struct nfs4_acl *); -+extern inline int acl_nfs4_get_whotype(char*); -+extern int acl_nfs4_get_who(struct nfs4_ace*, int*, char**); -+ -+/**** Private(?) functions ****/ -+acl_t __posix_acl_from_nfs4_xattr(char*, int, acl_type_t, u32); -+int complementary_ace_pair(struct nfs4_ace *allow, struct nfs4_ace *deny); -+int same_who(struct nfs4_ace *a, struct nfs4_ace *b); -+ -+/* These will change */ -+int nfs4_get_gid_from_who(gid_t* gid, const char * who); -+int nfs4_get_uid_from_who(uid_t* uid, const char * who); -+char * nfs4_get_who_from_uid(uid_t); -+char * nfs4_get_who_from_gid(gid_t); -+int __nfs4_get_local_uid_from_who(uid_t* uid, const char * who); -+int __nfs4_get_foreign_uid_from_who(uid_t* uid, const char * who); -+int __nfs4_get_local_gid_from_who(gid_t* gid, const char * who); -+int __nfs4_get_foreign_gid_from_who(gid_t* gid, const char * who); -+int is_who_local(const char * who); -+/* End change */ -+ -+int user_obj_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace **n4ace, -+ acl_t *pacl, int iflags); -+int users_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -+ struct nfs4_ace **mask_ace, acl_t *pacl, int iflags); -+int group_obj_and_groups_from_v4(struct nfs4_acl *n4acl, -+ struct nfs4_ace ** n4ace_p, struct nfs4_ace **mask_ace, acl_t *pacl, int iflags); -+int mask_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -+ struct nfs4_ace **mask_ace, acl_t *pacl, int iflags); -+int other_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -+ acl_t *pacl, int iflags); --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0002-nfsd4-move-to-new-nfsv4-posix-mapping-clean-up.patch b/sys-apps/acl/files/0002-nfsd4-move-to-new-nfsv4-posix-mapping-clean-up.patch deleted file mode 100644 index f6c134d..0000000 --- a/sys-apps/acl/files/0002-nfsd4-move-to-new-nfsv4-posix-mapping-clean-up.patch +++ /dev/null @@ -1,1740 +0,0 @@ -From 7b6f7353fe4d05c18fcc5a932282b16c4cfe55b4 Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@snoopy.citi.umich.edu> -Date: Mon, 11 Dec 2006 18:38:01 -0500 -Subject: [PATCH 02/17] nfsd4: move to new nfsv4->posix mapping; clean up - -Move to the new nfsv4->posix mapping which accepts any nfsv4 acl and converts -it to the closest posix acl, erring on the side of permissiveness. - -Also delete some cruft. - -Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> ---- - exports | 22 -- - include/libacl_nfs4.h | 21 -- - libacl/Makefile | 7 +- - libacl/acl_n4tp_ace_count.c | 57 ---- - libacl/acl_n4tp_ace_trans.c | 76 ------ - libacl/acl_n4tp_acl_trans.c | 400 +++++++++++++++++++++++++----- - libacl/acl_n4tp_get_whotype.c | 73 ------ - libacl/acl_n4tp_set_mode.c | 98 ------- - libacl/acl_n4tp_set_who.c | 89 ------- - libacl/acl_nfs4_copy_acl.c | 4 +- - libacl/acl_nfs4_utils.c | 566 ----------------------------------------- - libacl/acl_nfs4_xattr_pack.c | 4 +- - libacl/acl_nfs4_xattr_size.c | 4 +- - libacl/libacl_nfs4.h | 32 --- - 14 files changed, 348 insertions(+), 1105 deletions(-) - delete mode 100644 libacl/acl_n4tp_ace_count.c - delete mode 100644 libacl/acl_n4tp_ace_trans.c - delete mode 100644 libacl/acl_n4tp_get_whotype.c - delete mode 100644 libacl/acl_n4tp_set_mode.c - delete mode 100644 libacl/acl_n4tp_set_who.c - delete mode 100644 libacl/acl_nfs4_utils.c - -diff --git a/exports b/exports -index 08bf390..31f3e00 100644 ---- a/exports -+++ b/exports -@@ -103,39 +103,17 @@ ACL_1.2 { - acl_nfs4_remove_ace; - - acl_n4tp_acl_trans; -- acl_n4tp_set_mode; -- acl_n4tp_ace_count; -- acl_n4tp_ace_trans; -- acl_n4tp_set_who; -- acl_n4tp_get_whotype; - - acl_ptn4_get_mask; - acl_ptn4_acl_trans; - -- acl_nfs4_get_next_ace; -- acl_nfs4_get_first_ace; -- acl_nfs4_get_dir; - acl_nfs4_get_whotype; - acl_nfs4_get_who; - acl_nfs4_entries; - - local: - __posix_acl_from_nfs4_xattr; -- complementary_ace_pair; -- same_who; -- nfs4_get_gid_from_who; -- nfs4_get_uid_from_who; - nfs4_get_who_from_uid; - nfs4_get_who_from_gid; -- __nfs4_get_local_uid_from_who; -- __nfs4_get_foreign_uid_from_who; -- __nfs4_get_local_gid_from_who; -- __nfs4_get_foreign_gid_from_who; -- is_who_local; - -- user_obj_from_v4; -- users_from_v4; -- group_obj_and_groups_from_v4; -- mask_from_v4; -- other_from_v4; - } ACL_1.1; -diff --git a/include/libacl_nfs4.h b/include/libacl_nfs4.h -index e6a466c..9103424 100644 ---- a/include/libacl_nfs4.h -+++ b/include/libacl_nfs4.h -@@ -82,14 +82,6 @@ extern void acl_nfs4_remove_ace(struct nfs4_acl * acl, struct nfs4_ace * ace) - - /* nfs4 -> posix */ - extern acl_t acl_n4tp_acl_trans(struct nfs4_acl *, acl_type_t); --extern int acl_n4tp_set_mode(acl_entry_t pace, u32 nfs4_access_mask, -- int iflags); --extern int acl_n4tp_ace_count(struct nfs4_acl *n4acl); --extern int acl_n4tp_ace_trans(struct nfs4_ace *ace, acl_t *pacl, -- acl_tag_t tag, int iflags); --extern int acl_n4tp_set_who(acl_entry_t ace, char* who, -- acl_tag_t who_type); --extern acl_tag_t acl_n4tp_get_whotype(struct nfs4_ace *ace); - - /* posix -> nfs4 */ - extern int acl_ptn4_get_mask(u32* mask, acl_permset_t perms, -@@ -98,28 +90,15 @@ extern int acl_ptn4_acl_trans(acl_t, struct nfs4_acl *, acl_type_t, u32, char*); - - - /** Access Functions **/ --extern inline struct nfs4_ace * -- acl_nfs4_get_next_ace(struct nfs4_ace **); --extern inline struct nfs4_ace * -- acl_nfs4_get_first_ace(struct nfs4_acl *); - extern inline int acl_nfs4_get_whotype(char*); - extern int acl_nfs4_get_who(struct nfs4_ace*, int*, char**); - - /**** Private(?) functions ****/ - acl_t __posix_acl_from_nfs4_xattr(char*, int, acl_type_t, u32); --int complementary_ace_pair(struct nfs4_ace *allow, struct nfs4_ace *deny); --int same_who(struct nfs4_ace *a, struct nfs4_ace *b); - - /* These will change */ --int nfs4_get_gid_from_who(gid_t* gid, const char * who); --int nfs4_get_uid_from_who(uid_t* uid, const char * who); - char * nfs4_get_who_from_uid(uid_t); - char * nfs4_get_who_from_gid(gid_t); --int __nfs4_get_local_uid_from_who(uid_t* uid, const char * who); --int __nfs4_get_foreign_uid_from_who(uid_t* uid, const char * who); --int __nfs4_get_local_gid_from_who(gid_t* gid, const char * who); --int __nfs4_get_foreign_gid_from_who(gid_t* gid, const char * who); --int is_who_local(const char * who); - /* End change */ - - int user_obj_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace **n4ace, -diff --git a/libacl/Makefile b/libacl/Makefile -index 8335170..feee9a5 100644 ---- a/libacl/Makefile -+++ b/libacl/Makefile -@@ -37,15 +37,12 @@ HFILES = libobj.h libacl.h byteorder.h __acl_from_xattr.h __acl_to_xattr.h \ - LCFLAGS = -include perm_copy.h - - LIBACL_NFS4_CFILES = \ -- acl_n4tp_ace_count.c \ -- acl_n4tp_ace_trans.c acl_nfs4_get_who.c \ -+ acl_nfs4_get_who.c \ - acl_n4tp_acl_trans.c acl_nfs4_get_whotype.c \ -- acl_n4tp_get_whotype.c acl_nfs4_new.c \ -- acl_n4tp_set_mode.c acl_n4tp_set_who.c \ -+ acl_nfs4_new.c \ - acl_nfs4_add_ace.c acl_nfs4_remove_ace.c \ - acl_nfs4_add_pair.c \ - acl_nfs4_copy_acl.c acl_nfs4_set_who.c \ -- acl_nfs4_utils.c \ - acl_nfs4_free.c acl_nfs4_xattr_load.c \ - acl_nfs4_xattr_pack.c acl_nfs4_xattr_size.c \ - acl_ptn4_acl_trans.c \ -diff --git a/libacl/acl_n4tp_ace_count.c b/libacl/acl_n4tp_ace_count.c -deleted file mode 100644 -index ecce637..0000000 ---- a/libacl/acl_n4tp_ace_count.c -+++ /dev/null -@@ -1,57 +0,0 @@ --/* -- * NFSv4 ACL Code -- * Calculate the POSIX ACE count based upon the assumption that -- * POSIX<->NFSv4 ACL translation has been the standard on the -- * server/client. This would break against other servers? -- * -- * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -- * All rights reserved. -- * -- * Nathaniel Gallaher <ngallahe@umich.edu> -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * -- * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. Neither the name of the University nor the names of its -- * contributors may be used to endorse or promote products derived -- * from this software without specific prior written permission. -- * -- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- */ -- --#include <acl/libacl.h> --#include "libacl_nfs4.h" -- --int acl_n4tp_ace_count(struct nfs4_acl *n4acl) --{ -- if (n4acl->naces == 0) -- return 0; -- if (n4acl->naces == 6) /* owner, owner group, and other only */ -- return 3; -- else { /* Otherwise there must be a mask entry. */ -- /* Also, the remaining entries are for named users and -- * groups, and come in threes (mask, allow, deny): */ -- if (n4acl->naces < 7) -- return -1; -- if ((n4acl->naces - 7) % 3) -- return -1; -- return 4 + (n4acl->naces - 7)/3; -- } --} -- -diff --git a/libacl/acl_n4tp_ace_trans.c b/libacl/acl_n4tp_ace_trans.c -deleted file mode 100644 -index c5cc4da..0000000 ---- a/libacl/acl_n4tp_ace_trans.c -+++ /dev/null -@@ -1,76 +0,0 @@ --/* -- * NFSv4 ACL Code -- * Translate an NFSv4 ace to a POSIX ace. -- * -- * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -- * All rights reserved. -- * -- * Nathaniel Gallaher <ngallahe@umich.edu> -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * -- * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. Neither the name of the University nor the names of its -- * contributors may be used to endorse or promote products derived -- * from this software without specific prior written permission. -- * -- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- */ -- --#include "libacl_nfs4.h" -- --int acl_n4tp_ace_trans(struct nfs4_ace *ace, acl_t *pacl, acl_tag_t tag, -- int iflags) --{ -- int result; -- acl_entry_t new_ace; -- -- -- if(ace == NULL || pacl == NULL || *pacl == NULL) { -- errno = EINVAL; -- goto failed; -- } -- -- result = acl_create_entry(pacl, &new_ace); -- if(result < 0) -- goto failed; -- -- result = acl_set_tag_type(new_ace, tag); -- if(result < 0) -- goto ace_failed; -- -- result = acl_n4tp_set_mode(new_ace, ace->access_mask, iflags); -- if(result < 0) -- goto ace_failed; -- -- if(tag == ACL_USER || tag == ACL_GROUP) { -- result = acl_n4tp_set_who(new_ace, ace->who, tag); -- if(result < 0) -- goto ace_failed; -- } -- -- return 0; -- --ace_failed: -- acl_delete_entry(*pacl, new_ace); -- --failed: -- return -1; --} -- -diff --git a/libacl/acl_n4tp_acl_trans.c b/libacl/acl_n4tp_acl_trans.c -index f658242..7fcb992 100644 ---- a/libacl/acl_n4tp_acl_trans.c -+++ b/libacl/acl_n4tp_acl_trans.c -@@ -34,27 +34,335 @@ - */ - - #include <acl/libacl.h> -+#include <nfsidmap.h> - #include "libacl_nfs4.h" - --acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) -+ -+/* -+ * While processing the NFSv4 ACE, this maintains bitmasks representing -+ * which permission bits have been allowed and which denied to a given -+ * entity: */ -+struct posix_ace_state { -+ u_int32_t allow; -+ u_int32_t deny; -+}; -+ -+struct posix_user_ace_state { -+ uid_t uid; -+ struct posix_ace_state perms; -+}; -+ -+struct posix_ace_state_array { -+ int n; -+ struct posix_user_ace_state aces[]; -+}; -+ -+/* -+ * While processing the NFSv4 ACE, this maintains the partial permissions -+ * calculated so far: */ -+ -+struct posix_acl_state { -+ struct posix_ace_state owner; -+ struct posix_ace_state group; -+ struct posix_ace_state other; -+ struct posix_ace_state everyone; -+ struct posix_ace_state mask; /* Deny unused in this case */ -+ struct posix_ace_state_array *users; -+ struct posix_ace_state_array *groups; -+}; -+ -+static int -+init_state(struct posix_acl_state *state, int cnt) -+{ -+ int alloc; -+ -+ memset(state, 0, sizeof(struct posix_acl_state)); -+ /* -+ * In the worst case, each individual acl could be for a distinct -+ * named user or group, but we don't no which, so we allocate -+ * enough space for either: -+ */ -+ alloc = sizeof(struct posix_ace_state_array) -+ + cnt*sizeof(struct posix_ace_state); -+ state->users = calloc(1, alloc); -+ if (!state->users) -+ return -ENOMEM; -+ state->groups = calloc(1, alloc); -+ if (!state->groups) { -+ free(state->users); -+ return -ENOMEM; -+ } -+ return 0; -+} -+ -+static void -+free_state(struct posix_acl_state *state) { -+ free(state->users); -+ free(state->groups); -+} -+ -+static inline void add_to_mask(struct posix_acl_state *state, struct posix_ace_state *astate) -+{ -+ state->mask.allow |= astate->allow; -+} -+ -+/* -+ * We only map from NFSv4 to POSIX ACLs when getting ACLs, when we err on the -+ * side of permissiveness (so as not to make the file appear more secure than -+ * it really is), so the mode bit mapping below is optimistic. -+ */ -+static void -+set_mode_from_nfs4(acl_entry_t pace, u_int32_t perm, int is_dir) -+{ -+ u32 write_mode = NFS4_WRITE_MODE; -+ acl_permset_t perms; -+ -+ acl_get_permset(pace, &perms); -+ acl_clear_perms(perms); -+ if (is_dir) -+ write_mode |= NFS4_ACE_DELETE_CHILD; -+ if (perm & NFS4_READ_MODE) -+ acl_add_perm(perms, ACL_READ); -+ if (perm & write_mode) -+ acl_add_perm(perms, ACL_WRITE); -+ if (perm & NFS4_EXECUTE_MODE) -+ acl_add_perm(perms, ACL_EXECUTE); -+ acl_set_permset(pace, perms); -+} -+ -+/* XXX: add a "check allow" that can warn on e.g. allows of WRITE_ACL -+ * to non-owner? */ -+ -+/* XXX: replace error returns by errno sets all over. Ugh. */ -+ -+static acl_t -+posix_state_to_acl(struct posix_acl_state *state, int is_dir) -+{ -+ acl_entry_t pace; -+ acl_t pacl; -+ int nace; -+ int i, error = 0; -+ -+ nace = 4 + state->users->n + state->groups->n; -+ pacl = acl_init(nace); -+ if (!pacl) -+ return NULL; -+ -+ error = acl_create_entry(&pacl, &pace); -+ if (error) -+ goto out_err; -+ acl_set_tag_type(pace, ACL_USER_OBJ); -+ set_mode_from_nfs4(pace, state->owner.allow, is_dir); -+ -+ for (i=0; i < state->users->n; i++) { -+ error = acl_create_entry(&pacl, &pace); -+ if (error) -+ goto out_err; -+ acl_set_tag_type(pace, ACL_USER); -+ set_mode_from_nfs4(pace, state->users->aces[i].perms.allow, -+ is_dir); -+ acl_set_qualifier(pace, &state->users->aces[i].uid); -+ add_to_mask(state, &state->users->aces[i].perms); -+ } -+ -+ error = acl_create_entry(&pacl, &pace); -+ if (error) -+ goto out_err; -+ acl_set_tag_type(pace, ACL_GROUP_OBJ); -+ set_mode_from_nfs4(pace, state->group.allow, is_dir); -+ add_to_mask(state, &state->group); -+ -+ for (i=0; i < state->groups->n; i++) { -+ error = acl_create_entry(&pacl, &pace); -+ if (error) -+ goto out_err; -+ acl_set_tag_type(pace, ACL_GROUP); -+ set_mode_from_nfs4(pace, state->groups->aces[i].perms.allow, -+ is_dir); -+ acl_set_qualifier(pace, &state->groups->aces[i].uid); -+ add_to_mask(state, &state->groups->aces[i].perms); -+ } -+ -+ error = acl_create_entry(&pacl, &pace); -+ if (error) -+ goto out_err; -+ acl_set_tag_type(pace, ACL_MASK); -+ set_mode_from_nfs4(pace, state->mask.allow, is_dir); -+ -+ error = acl_create_entry(&pacl, &pace); -+ if (error) -+ goto out_err; -+ acl_set_tag_type(pace, ACL_OTHER); -+ set_mode_from_nfs4(pace, state->other.allow, is_dir); -+ -+ return pacl; -+out_err: -+ acl_free(pacl); -+ return NULL; -+} -+ -+static inline void allow_bits(struct posix_ace_state *astate, u32 mask) -+{ -+ /* Allow all bits in the mask not already denied: */ -+ astate->allow |= mask & ~astate->deny; -+} -+ -+static inline void deny_bits(struct posix_ace_state *astate, u32 mask) -+{ -+ /* Deny all bits in the mask not already allowed: */ -+ astate->deny |= mask & ~astate->allow; -+} -+ -+static int find_uid(struct posix_acl_state *state, struct posix_ace_state_array *a, uid_t uid) -+{ -+ int i; -+ -+ for (i = 0; i < a->n; i++) -+ if (a->aces[i].uid == uid) -+ return i; -+ /* Not found: */ -+ a->n++; -+ a->aces[i].uid = uid; -+ a->aces[i].perms.allow = state->everyone.allow; -+ a->aces[i].perms.deny = state->everyone.deny; -+ -+ return i; -+} -+ -+static void deny_bits_array(struct posix_ace_state_array *a, u32 mask) -+{ -+ int i; -+ -+ for (i=0; i < a->n; i++) -+ deny_bits(&a->aces[i].perms, mask); -+} -+ -+static void allow_bits_array(struct posix_ace_state_array *a, u32 mask) -+{ -+ int i; -+ -+ for (i=0; i < a->n; i++) -+ allow_bits(&a->aces[i].perms, mask); -+} -+ -+static acl_tag_t acl_n4tp_get_whotype(struct nfs4_ace *ace) - { -+ int nfs4type; -+ int result; -+ -+ result = acl_nfs4_get_who(ace, &nfs4type, NULL); -+ if (result < 0) -+ return -1; -+ -+ switch (nfs4type) { -+ case NFS4_ACL_WHO_NAMED: -+ return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? -+ ACL_GROUP : ACL_USER); -+ case NFS4_ACL_WHO_OWNER: -+ return ACL_USER_OBJ; -+ case NFS4_ACL_WHO_GROUP: -+ return ACL_GROUP_OBJ; -+ case NFS4_ACL_WHO_EVERYONE: -+ return ACL_OTHER; -+ } -+ errno = EINVAL; -+ return -1; -+} -+ -+static int process_one_v4_ace(struct posix_acl_state *state, -+ struct nfs4_ace *ace) -+{ -+ u32 mask = ace->access_mask; -+ uid_t id; -+ int i; -+ -+ if (nfs4_init_name_mapping(NULL)) -+ return -1; -+ -+ switch (acl_n4tp_get_whotype(ace)) { -+ case ACL_USER_OBJ: -+ if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { -+ allow_bits(&state->owner, mask); -+ } else { -+ deny_bits(&state->owner, mask); -+ } -+ break; -+ case ACL_USER: -+ if (nfs4_name_to_uid(ace->who, &id)) -+ return -1; -+ i = find_uid(state, state->users, id); -+ if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { -+ allow_bits(&state->users->aces[i].perms, mask); -+ mask = state->users->aces[i].perms.allow; -+ allow_bits(&state->owner, mask); -+ } else { -+ deny_bits(&state->users->aces[i].perms, mask); -+ } -+ break; -+ case ACL_GROUP_OBJ: -+ if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { -+ allow_bits(&state->group, mask); -+ mask = state->group.allow; -+ allow_bits(&state->owner, mask); -+ allow_bits(&state->everyone, mask); -+ allow_bits_array(state->users, mask); -+ allow_bits_array(state->groups, mask); -+ } else { -+ deny_bits(&state->group, mask); -+ } -+ break; -+ case ACL_GROUP: -+ if (nfs4_name_to_gid(ace->who, &id)) -+ return -1; -+ i = find_uid(state, state->groups, id); -+ if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { -+ allow_bits(&state->groups->aces[i].perms, mask); -+ mask = state->groups->aces[i].perms.allow; -+ allow_bits(&state->owner, mask); -+ allow_bits(&state->group, mask); -+ allow_bits(&state->everyone, mask); -+ allow_bits_array(state->users, mask); -+ allow_bits_array(state->groups, mask); -+ } else { -+ deny_bits(&state->groups->aces[i].perms, mask); -+ } -+ break; -+ case ACL_OTHER: -+ if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { -+ allow_bits(&state->owner, mask); -+ allow_bits(&state->group, mask); -+ allow_bits(&state->other, mask); -+ allow_bits(&state->everyone, mask); -+ allow_bits_array(state->users, mask); -+ allow_bits_array(state->groups, mask); -+ } else { -+ deny_bits(&state->owner, mask); -+ deny_bits(&state->group, mask); -+ deny_bits(&state->other, mask); -+ deny_bits(&state->everyone, mask); -+ deny_bits_array(state->users, mask); -+ deny_bits_array(state->groups, mask); -+ } -+ } -+ return 0; -+} - -- acl_t pacl_p = NULL; -- acl_t * pacl_pp; -+acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) -+{ -+ struct posix_acl_state state; -+ acl_t pacl; - struct nfs4_acl * temp_acl; -- int naces = -1; - int num_aces; - int ace_num; - struct nfs4_ace * cur_ace = NULL; -- struct nfs4_ace * mask_ace = NULL; - struct nfs4_ace * temp_ace = NULL; -- int result; -+ int ret; - u32 flags; - u32 iflags = NFS4_ACL_NOFLAGS; - - if (nacl_p == NULL) { - errno = EINVAL; -- goto failed; -+ return NULL; - } - - if (ptype == ACL_TYPE_DEFAULT) { -@@ -62,25 +370,25 @@ acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) - iflags |= NFS4_ACL_REQUEST_DEFAULT; - else { - errno = EINVAL; -- goto failed; -+ return NULL; - } - } - - /* Copy so we can delete bits without borking the original */ - temp_acl = acl_nfs4_copy_acl(nacl_p); - if (temp_acl == NULL) -- goto failed; -+ return NULL; - - num_aces = temp_acl->naces; - - /* Strip or keep inheritance aces depending upon the type of posix acl - * requested */ -- cur_ace = acl_nfs4_get_first_ace(temp_acl); -+ cur_ace = temp_acl->ace_head.tqh_first; - ace_num = 1; - -- while(1) { -- if(cur_ace == NULL) { -- if(ace_num > num_aces) -+ while (1) { -+ if (cur_ace == NULL) { -+ if (ace_num > num_aces) - break; - else - goto free_failed; -@@ -88,10 +396,11 @@ acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) - - /* get the next ace now because we may be freeing the current ace */ - temp_ace = cur_ace; -- acl_nfs4_get_next_ace(&cur_ace); -+ cur_ace = cur_ace->l_ace.tqe_next; - - flags = temp_ace->flag; - -+ /* XXX: bring in sync with current kernel: */ - if (iflags & NFS4_ACL_REQUEST_DEFAULT) { - if((flags & NFS4_INHERITANCE_FLAGS) != NFS4_INHERITANCE_FLAGS) - acl_nfs4_remove_ace(temp_acl, temp_ace); -@@ -104,61 +413,32 @@ acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) - ace_num++; - } - -- -- naces = acl_n4tp_ace_count(temp_acl); -- if (naces < 0) { -- errno = EINVAL; -+ ret = init_state(&state, temp_acl->naces); -+ if (ret) - goto free_failed; -- } -- -- if (naces == 0) -- return acl_init(0); -- -- pacl_p = acl_init(naces); -- -- if(pacl_p == NULL) -- goto free_failed; -- -- pacl_pp = &pacl_p; - -- cur_ace = acl_nfs4_get_first_ace(temp_acl); -- -- result = user_obj_from_v4(temp_acl, &cur_ace, pacl_pp, iflags); -- if(result < 0) -- goto acl_free_failed; -- -- result = users_from_v4(temp_acl, &cur_ace, &mask_ace, pacl_pp, iflags); -- if(result < 0) -- goto acl_free_failed; -- -- result = group_obj_and_groups_from_v4(temp_acl, &cur_ace, -- &mask_ace, pacl_pp, iflags); -- if(result < 0) -- goto acl_free_failed; -- -- result = mask_from_v4(temp_acl, &cur_ace, &mask_ace, pacl_pp, iflags); -- if(result < 0) -- goto acl_free_failed; -+ cur_ace = temp_acl->ace_head.tqh_first; -+ while (cur_ace) { -+ if (process_one_v4_ace(&state, cur_ace)) { -+ free_state(&state); -+ goto free_failed; -+ } -+ cur_ace = cur_ace->l_ace.tqe_next; -+ } - -- result = other_from_v4(temp_acl, &cur_ace, pacl_pp, iflags); -- if(result < 0) -- goto acl_free_failed; -+ acl_nfs4_free(temp_acl); - -- result = acl_valid(*pacl_pp); -- if(result < 0) -- goto acl_free_failed; -+ pacl = posix_state_to_acl(&state, nacl_p->is_directory); - -- acl_nfs4_free(temp_acl); -+ free_state(&state); - -- return *pacl_pp; -+ ret = acl_valid(pacl); -+ if (ret < 0) -+ goto free_failed; - --acl_free_failed: -- acl_free(*pacl_pp); -+ return pacl; - - free_failed: - acl_nfs4_free(temp_acl); -- --failed: - return NULL; - } -- -diff --git a/libacl/acl_n4tp_get_whotype.c b/libacl/acl_n4tp_get_whotype.c -deleted file mode 100644 -index fd553c6..0000000 ---- a/libacl/acl_n4tp_get_whotype.c -+++ /dev/null -@@ -1,73 +0,0 @@ --/* -- * NFSv4 ACL Code -- * Convert NFSv4 ACE who to a POSIX ACE whotype -- * -- * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -- * All rights reserved. -- * -- * Nathaniel Gallaher <ngallahe@umich.edu> -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * -- * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. Neither the name of the University nor the names of its -- * contributors may be used to endorse or promote products derived -- * from this software without specific prior written permission. -- * -- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- */ -- --#include <acl/libacl.h> --#include "libacl_nfs4.h" -- --acl_tag_t acl_n4tp_get_whotype(struct nfs4_ace *ace) --{ -- int nfs4type; -- int result; -- -- if(ace == NULL) -- goto inval_failed; -- -- if(ace->who == NULL || strlen(ace->who) <= 0) -- goto inval_failed; -- -- result = acl_nfs4_get_who(ace, &nfs4type, NULL); -- if ( result < 0 ) -- goto failed; -- -- switch (nfs4type) { -- case NFS4_ACL_WHO_NAMED: -- return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? -- ACL_GROUP : ACL_USER); -- case NFS4_ACL_WHO_OWNER: -- return ACL_USER_OBJ; -- case NFS4_ACL_WHO_GROUP: -- return ACL_GROUP_OBJ; -- case NFS4_ACL_WHO_EVERYONE: -- return ACL_OTHER; -- } -- --inval_failed: -- errno = EINVAL; -- --failed: -- return -1; --} -- -- -diff --git a/libacl/acl_n4tp_set_mode.c b/libacl/acl_n4tp_set_mode.c -deleted file mode 100644 -index bef5e23..0000000 ---- a/libacl/acl_n4tp_set_mode.c -+++ /dev/null -@@ -1,98 +0,0 @@ --/* -- * NFSv4 ACL Code -- * Set posix ACL mode based on NFSv4 mask -- * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -- * All rights reserved. -- * -- * Nathaniel Gallaher <ngallahe@umich.edu> -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * -- * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. Neither the name of the University nor the names of its -- * contributors may be used to endorse or promote products derived -- * from this software without specific prior written permission. -- * -- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- */ -- --#include <acl/libacl.h> --#include "libacl_nfs4.h" -- --int acl_n4tp_set_mode(acl_entry_t pace, u32 nfs4_access_mask, int iflags) --{ -- /* XXX we might also want to ignore DELETE_CHILD on non-directories */ -- /* XXX also add special interpretation to EXECUTE on directories */ -- u32 ignore = NFS4_ACE_SYNCHRONIZE; -- u32 new_mask; -- acl_permset_t perms; -- int result; -- -- if((iflags & NFS4_ACL_ISDIR) != NFS4_ACL_ISDIR) -- ignore |= NFS4_ACE_DELETE_CHILD; -- -- nfs4_access_mask |= ignore; -- -- result = acl_get_permset(pace, &perms); -- if(result < 0) -- goto failed; -- -- result = acl_clear_perms(perms); -- if(result < 0) -- goto failed; -- -- if ((nfs4_access_mask & NFS4_READ_MODE) == NFS4_READ_MODE) { -- result = acl_add_perm(perms, ACL_READ); -- if(result < 0) -- goto failed; -- } -- -- if ((nfs4_access_mask & NFS4_WRITE_MODE) == NFS4_WRITE_MODE) { -- result = acl_add_perm(perms, ACL_WRITE); -- if(result < 0) -- goto failed; -- } -- -- if ((nfs4_access_mask & NFS4_EXECUTE_MODE) == NFS4_EXECUTE_MODE) { -- result = acl_add_perm(perms, ACL_EXECUTE); -- if(result < 0) -- goto failed; -- } -- -- result = acl_ptn4_get_mask(&new_mask, perms, iflags); -- if(result < 0) -- goto failed; -- -- new_mask |= ignore; -- -- if (!MASK_EQUAL(nfs4_access_mask, new_mask)) { -- errno = EINVAL; -- goto failed; -- } -- -- result = acl_set_permset(pace, perms); -- if(result < 0) -- goto failed; -- -- return 0; -- --failed: -- return -1; --} -- -diff --git a/libacl/acl_n4tp_set_who.c b/libacl/acl_n4tp_set_who.c -deleted file mode 100644 -index 241ef71..0000000 ---- a/libacl/acl_n4tp_set_who.c -+++ /dev/null -@@ -1,89 +0,0 @@ --/* -- * NFSv4 ACL Code -- * Set the POSIX ACE who based on the whotype and NFS who attr. -- * Translation is done using the NFS4 mapping functions. -- * -- * Copyright (c) 2002, 2003 The Regents of the University of Michigan. -- * All rights reserved. -- * -- * Nathaniel Gallaher <ngallahe@umich.edu> -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * -- * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. Neither the name of the University nor the names of its -- * contributors may be used to endorse or promote products derived -- * from this software without specific prior written permission. -- * -- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- */ -- --#include <acl/libacl.h> --#include <nfsidmap.h> --#include "libacl_nfs4.h" -- --#define PATH_IDMAPDCONF "/etc/idmapd.conf" --char *conf_path = PATH_IDMAPDCONF; -- --int acl_n4tp_set_who(acl_entry_t ace, char* who, acl_tag_t who_type) --{ -- int result; -- uid_t uid; -- gid_t gid; -- -- if(ace == NULL || who == NULL) { -- errno = EINVAL; -- goto failed; -- } -- -- switch(who_type) { -- case ACL_USER: -- result = nfs4_init_name_mapping(NULL); -- if (result < 0) -- goto failed; -- result = nfs4_name_to_uid(who, &uid); -- if(result < 0) -- goto failed; -- result = acl_set_qualifier(ace, (void *) &uid); -- if(result < 0) -- goto failed; -- break; -- case ACL_GROUP: -- result = nfs4_init_name_mapping(NULL); -- if (result < 0) -- goto failed; -- result = nfs4_name_to_gid(who, &gid); -- if(result < 0) -- goto failed; -- result = acl_set_qualifier(ace, (void *) &gid); -- if(result < 0) -- goto failed; -- break; -- default: -- errno = EINVAL; -- goto failed; -- } -- -- return 0; -- --failed: -- return -1; --} -- -- -diff --git a/libacl/acl_nfs4_copy_acl.c b/libacl/acl_nfs4_copy_acl.c -index 94d8a83..4ce63f7 100644 ---- a/libacl/acl_nfs4_copy_acl.c -+++ b/libacl/acl_nfs4_copy_acl.c -@@ -54,7 +54,7 @@ struct nfs4_acl * acl_nfs4_copy_acl(struct nfs4_acl * nacl) - if(new_acl == NULL) - goto failed; - -- ace = acl_nfs4_get_first_ace(nacl); -+ ace = nacl->ace_head.tqh_first; - nace = 1; - - while(1) -@@ -71,7 +71,7 @@ struct nfs4_acl * acl_nfs4_copy_acl(struct nfs4_acl * nacl) - if(result < 0) - goto free_failed; - -- acl_nfs4_get_next_ace(&ace); -+ ace = ace->l_ace.tqe_next; - nace++; - } - -diff --git a/libacl/acl_nfs4_utils.c b/libacl/acl_nfs4_utils.c -deleted file mode 100644 -index 49238ee..0000000 ---- a/libacl/acl_nfs4_utils.c -+++ /dev/null -@@ -1,566 +0,0 @@ --#include <acl/libacl.h> --#include "libacl_nfs4.h" -- --int user_obj_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace **n4ace, -- acl_t *pacl, int iflags) --{ -- struct nfs4_ace *ace = *n4ace; -- struct nfs4_ace *ace2; -- -- if (ace == NULL) -- goto inval_out; -- -- if (pacl == NULL || *pacl == NULL) -- goto inval_out; -- -- if (acl_n4tp_get_whotype(ace) != ACL_USER_OBJ) -- goto inval_out; -- -- if(acl_n4tp_ace_trans(ace, pacl, ACL_USER_OBJ, iflags|NFS4_ACL_OWNER) < 0) -- goto out; -- -- ace2 = acl_nfs4_get_next_ace(n4ace); -- if (ace2 == NULL) -- goto inval_out; -- -- if (!complementary_ace_pair(ace, ace2)) -- goto inval_out; -- -- ace2 = acl_nfs4_get_next_ace(n4ace); -- -- return 0; -- --inval_out: -- errno = EINVAL; --out: -- return -1; --} -- --/* public */ --inline struct nfs4_ace * acl_nfs4_get_next_ace(struct nfs4_ace ** ace) --{ -- if(ace == NULL || (*ace) == NULL) -- return NULL; -- -- (*ace) = (*ace)->l_ace.tqe_next; -- return *ace; --} -- --/* public */ --inline struct nfs4_ace * acl_nfs4_get_first_ace(struct nfs4_acl * acl) --{ -- if(acl == NULL) -- return NULL; -- -- return acl->ace_head.tqh_first; --} -- -- -- -- --int nfs4_get_gid_from_who(gid_t* gid, const char * who) --{ -- int islocal; -- int result; -- -- if(who == NULL || gid == NULL) { -- errno = EINVAL; -- goto failed; -- } -- -- islocal = is_who_local(who); -- if(islocal < 0) -- goto failed; -- else if (islocal == 1) -- result = __nfs4_get_local_gid_from_who(gid, who); -- else -- result = __nfs4_get_foreign_gid_from_who(gid, who); -- -- if(result < 0) -- goto failed; -- -- return 0; -- --failed: -- return -1; --} -- --int __nfs4_get_local_gid_from_who(gid_t* gid, const char * who) --{ -- /* XXX Just trim things at the @. We need to pull the local domain -- * name from the conf file for comparison, and handle foriegn names -- * as well. Tie this in with idmapd and gssvcd */ -- /* Special whos? */ -- -- struct group * grent; -- char * gname_buf = NULL; -- int gname_buflen; -- char * char_pos = NULL; -- int char_posi; -- -- -- if(who == NULL) { -- errno = EINVAL; -- goto failed; -- } -- -- gname_buflen = strlen(who); -- if(gname_buflen <= 0) { -- errno = EINVAL; -- goto failed; -- } -- -- char_pos = strchr(who, '@'); -- char_posi = char_pos - who; -- -- if((gname_buf = (char*) malloc(sizeof(char) * (char_posi + 1))) == NULL) -- { -- errno = ENOMEM; -- goto failed; -- } -- -- strncpy(gname_buf, who, char_posi); -- gname_buf[char_posi] = '\0'; -- -- grent = getgrnam(gname_buf); -- free(gname_buf); -- -- if(grent == NULL) -- goto failed; -- -- *gid = grent->gr_gid; -- -- return 0; -- --failed: -- return -1; --} -- --int __nfs4_get_foreign_gid_from_who(gid_t* gid, const char * who) --{ -- return -1; --} -- -- --int nfs4_get_uid_from_who(uid_t* uid, const char * who) --{ -- int islocal; -- int result; -- -- if(who == NULL || uid == NULL) { -- errno = EINVAL; -- goto failed; -- } -- -- islocal = is_who_local(who); -- if(islocal < 0) -- goto failed; -- else if (islocal == 1) -- result = __nfs4_get_local_uid_from_who(uid, who); -- else -- result = __nfs4_get_foreign_uid_from_who(uid, who); -- -- if(result < 0) -- goto failed; -- -- return 0; -- --failed: -- return -1; --} -- --int __nfs4_get_local_uid_from_who(uid_t* uid, const char * who) --{ -- /* XXX Just trim things at the @. We need to pull the local domain -- * name from the conf file for comparison, and handle foriegn names -- * as well. Tie this in with idmapd and gssvcd */ -- /* Special whos? */ -- -- char* lname_buf; -- char* char_pos; -- int lname_buflen; -- struct passwd *pwent; -- int char_posi; -- -- if(who == NULL) { -- errno = EINVAL; -- goto failed; -- } -- -- lname_buflen = strlen(who); -- if(lname_buflen <= 0) { -- errno = EINVAL; -- goto failed; -- } -- -- char_pos = strchr(who, '@'); -- char_posi = char_pos - who; -- -- if((lname_buf = (char*) malloc(sizeof(char) * (char_posi + 1))) == NULL) -- { -- errno = ENOMEM; -- goto failed; -- } -- -- strncpy(lname_buf, who, char_posi); -- lname_buf[char_posi] = '\0'; -- -- pwent = getpwnam(lname_buf); -- free(lname_buf); -- -- if(pwent == NULL) -- goto failed; -- -- *uid = pwent->pw_uid; -- -- return 0; -- --failed: -- return -1; --} -- -- -- --int is_who_local(const char * who) --{ -- /* -1 on error, 0 for no, 1 for yes */ -- /* TODO: Compare domain to local domain */ -- if(who == NULL){ -- errno = EINVAL; -- return -1; -- } -- -- if(strchr(who, '@') == NULL) { -- errno = EINVAL; -- return -1; -- } -- -- return 1; --} -- --int __nfs4_get_foreign_uid_from_who(uid_t* uid, const char * who) --{ -- /* TODO: Make this work */ -- return -1; --} -- -- -- --int users_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -- struct nfs4_ace **mask_ace, acl_t *pacl, int iflags) --{ -- struct nfs4_ace *ace, *ace2; -- int result; -- -- ace = *n4ace_p; -- -- if (ace == NULL) { -- goto inval_failed; -- } -- -- while (ace != NULL && acl_n4tp_get_whotype(ace) == ACL_USER) { -- if (ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) -- goto inval_failed; -- if (*mask_ace && -- !MASK_EQUAL(ace->access_mask, (*mask_ace)->access_mask)) -- goto inval_failed; -- *mask_ace = ace; -- -- ace = acl_nfs4_get_next_ace(n4ace_p); -- if (ace == NULL) -- goto inval_failed; -- if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) -- goto inval_failed; -- result = acl_n4tp_ace_trans(ace, pacl, ACL_USER, iflags); -- if (result < 0) -- goto failed; -- -- ace2 = acl_nfs4_get_next_ace(n4ace_p); -- if (ace2 == NULL) -- goto failed; -- if (!complementary_ace_pair(ace, ace2)) -- goto failed; -- if ((*mask_ace)->flag != ace2->flag || -- !same_who(*mask_ace, ace2)) -- goto failed; -- ace = acl_nfs4_get_next_ace(n4ace_p); -- } -- -- return 0; -- --inval_failed: -- errno = EINVAL; -- --failed: -- return -1; --} -- --int complementary_ace_pair(struct nfs4_ace *allow, struct nfs4_ace *deny) --{ -- return MASK_EQUAL(allow->access_mask, ~deny->access_mask) && -- allow->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE && -- deny->type == NFS4_ACE_ACCESS_DENIED_ACE_TYPE && -- allow->flag == deny->flag && -- same_who(allow, deny); --} -- --int same_who(struct nfs4_ace *a, struct nfs4_ace *b) --{ -- if(!strcmp(a->who, b->who) && strlen(a->who) == strlen(b->who)) -- return 1; -- return 0; --} -- --int group_obj_and_groups_from_v4(struct nfs4_acl *n4acl, -- struct nfs4_ace ** n4ace_p, struct nfs4_ace **mask_ace, -- acl_t *pacl, int iflags) --{ -- struct nfs4_ace *ace, *ace2; -- int num_aces; -- struct ace_container_list_head ace_list; -- struct ace_container *ace_c = NULL; -- int result; -- -- TAILQ_INIT(&ace_list); -- -- ace = *n4ace_p; -- -- num_aces = acl_n4tp_ace_count(n4acl); -- -- if(num_aces < 0) -- goto inval_failed; -- -- /* group owner (mask and allow aces) */ -- -- if (num_aces != 3) { -- /* then the group owner should be preceded by mask */ -- if (ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) -- goto inval_failed; -- -- /* If we already got a mask, and it doesn't match this one... */ -- if (*mask_ace && -- !MASK_EQUAL(ace->access_mask, (*mask_ace)->access_mask)) -- goto inval_failed; -- *mask_ace = ace; -- ace = acl_nfs4_get_next_ace(n4ace_p); -- if (ace == NULL) -- goto inval_failed; -- -- if ((*mask_ace)->flag != ace->flag || !same_who(*mask_ace, ace)) -- goto inval_failed; -- } -- -- if (acl_n4tp_get_whotype(ace) != ACL_GROUP_OBJ) -- goto inval_failed; -- -- if((ace_c = malloc(sizeof(struct ace_container))) == NULL) { -- errno = ENOMEM; -- goto failed; -- } -- ace_c->ace = ace; -- -- TAILQ_INSERT_TAIL(&ace_list, ace_c, l_ace); -- -- if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) -- goto inval_failed; -- -- result = acl_n4tp_ace_trans(ace, pacl, ACL_GROUP_OBJ, iflags); -- if (result < 0) -- goto inval_failed; -- -- ace = acl_nfs4_get_next_ace(n4ace_p); -- if (ace == NULL) -- goto inval_failed; -- -- /* groups (mask and allow aces) */ -- -- while (acl_n4tp_get_whotype(ace) == ACL_GROUP) { -- if (*mask_ace == NULL) -- goto inval_failed; -- -- if (ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE || -- !MASK_EQUAL(ace->access_mask, (*mask_ace)->access_mask)) -- goto inval_failed; -- *mask_ace = ace; -- -- ace = acl_nfs4_get_next_ace(n4ace_p); -- if (ace == NULL) -- goto inval_failed; -- -- if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE || -- !same_who(ace, *mask_ace)) -- goto inval_failed; -- -- if((ace_c = malloc(sizeof(struct ace_container))) == NULL) { -- errno = ENOMEM; -- goto failed; -- } -- ace_c->ace = ace; -- -- TAILQ_INSERT_TAIL(&ace_list, ace_c, l_ace); -- -- result = acl_n4tp_ace_trans(ace, pacl, ACL_GROUP, iflags); -- if (result < 0) -- goto inval_failed; -- -- ace = acl_nfs4_get_next_ace(n4ace_p); -- if (ace == NULL) -- goto inval_failed; -- } -- -- /* group owner (deny ace) */ -- -- if (acl_n4tp_get_whotype(ace) != ACL_GROUP_OBJ) -- goto inval_failed; -- -- ace_c = ace_list.tqh_first; -- ace2 = ace_c->ace; -- if (!complementary_ace_pair(ace2, ace)) -- goto inval_failed; -- TAILQ_REMOVE(&ace_list, ace_c, l_ace); -- free(ace_c); -- -- /* groups (deny aces) */ -- -- while (!TAILQ_IS_EMPTY(ace_list)) { -- ace = acl_nfs4_get_next_ace(n4ace_p); -- if (ace == NULL) -- goto inval_failed; -- if (acl_n4tp_get_whotype(ace) != ACL_GROUP) -- goto inval_failed; -- ace_c = ace_list.tqh_first; -- ace2 = ace_c->ace; -- if (!complementary_ace_pair(ace2, ace)) -- goto inval_failed; -- TAILQ_REMOVE(&ace_list, ace_c, l_ace); -- free(ace_c); -- } -- -- ace = acl_nfs4_get_next_ace(n4ace_p); -- if (ace == NULL) -- goto inval_failed; -- if (acl_n4tp_get_whotype(ace) != ACL_OTHER) -- goto inval_failed; -- -- return 0; -- --inval_failed: -- errno = EINVAL; -- --failed: -- while (!TAILQ_IS_EMPTY(ace_list)) { -- ace_c = ace_list.tqh_first; -- TAILQ_REMOVE(&ace_list, ace_c, l_ace); -- free(ace_c); -- } -- return -1; --} -- --int --other_from_v4(struct nfs4_acl *n4acl, -- struct nfs4_ace ** n4ace_p, acl_t *pacl, int iflags) --{ -- int result; -- struct nfs4_ace *ace, *ace2; -- -- ace = *n4ace_p; -- if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) -- goto inval_failed; -- -- result = acl_n4tp_ace_trans(ace, pacl, ACL_OTHER, iflags); -- if (result < 0) -- goto failed; -- -- ace2 = acl_nfs4_get_next_ace(n4ace_p); -- if (ace2 == NULL) -- goto inval_failed; -- -- if (!complementary_ace_pair(ace, ace2)) -- goto inval_failed; -- -- return 0; -- --inval_failed: -- errno = EINVAL; -- --failed: -- return -1; --} -- --int mask_from_v4(struct nfs4_acl *n4acl, -- struct nfs4_ace ** n4ace_p, struct nfs4_ace **mask_ace, -- acl_t *pacl, int iflags) --{ -- int result; -- struct nfs4_ace *ace; -- -- ace = *n4ace_p; -- if (acl_n4tp_ace_count(n4acl) != 3) { -- if (*mask_ace == NULL) -- goto inval_failed; -- (*mask_ace)->access_mask = ~(*mask_ace)->access_mask; -- -- result = acl_n4tp_ace_trans(*mask_ace, pacl, ACL_MASK, iflags); -- if(result < 0) -- goto failed; -- -- //ace = acl_nfs4_get_next_ace(n4ace_p); -- //if (ace == NULL) -- // goto inval_failed; -- } -- -- return 0; -- --inval_failed: -- errno = EINVAL; -- --failed: -- return -1; --} -- -- --/* --static inline int --match_who(struct nfs4_ace *ace, uid_t owner, gid_t group, uid_t who) --{ -- switch (ace->whotype) { -- case NFS4_ACL_WHO_NAMED: -- return who == ace->who; -- case NFS4_ACL_WHO_OWNER: -- return who == owner; -- case NFS4_ACL_WHO_GROUP: -- return who == group; -- case NFS4_ACL_WHO_EVERYONE: -- return 1; -- default: -- return 0; -- } --} --*/ --/* 0 = granted, -EACCES = denied; mask is an nfsv4 mask, not mode bits */ --/* --int --nfs4_acl_permission(struct nfs4_acl *acl, uid_t owner, gid_t group, -- uid_t who, u32 mask) --{ -- struct nfs4_ace *ace; -- u32 allowed = 0; -- -- list_for_each_entry(ace, &acl->ace_head, l_ace) { -- if (!match_who(ace, group, owner, who)) -- continue; -- switch (ace->type) { -- case NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE: -- allowed |= ace->access_mask; -- if ((allowed & mask) == mask) -- return 0; -- break; -- case NFS4_ACE_ACCESS_DENIED_ACE_TYPE: -- if (ace->access_mask & mask) -- return -EACCES; -- break; -- } -- } -- return -EACCES; --} --*/ -diff --git a/libacl/acl_nfs4_xattr_pack.c b/libacl/acl_nfs4_xattr_pack.c -index be92ba4..6274f48 100644 ---- a/libacl/acl_nfs4_xattr_pack.c -+++ b/libacl/acl_nfs4_xattr_pack.c -@@ -75,7 +75,7 @@ int acl_nfs4_xattr_pack(struct nfs4_acl * acl, char** bufp) - rbuflen = sizeof(u32); - p += sizeof(u32); - -- ace = acl_nfs4_get_first_ace(acl); -+ ace = acl->ace_head.tqh_first; - ace_num = 1; - - while(1) -@@ -126,7 +126,7 @@ int acl_nfs4_xattr_pack(struct nfs4_acl * acl, char** bufp) - rbuflen += NFS4_XDR_MOD; - } - -- acl_nfs4_get_next_ace(&ace); -+ ace = ace->l_ace.tqe_next; - ace_num++; - } - -diff --git a/libacl/acl_nfs4_xattr_size.c b/libacl/acl_nfs4_xattr_size.c -index 3719535..a20b5d6 100644 ---- a/libacl/acl_nfs4_xattr_size.c -+++ b/libacl/acl_nfs4_xattr_size.c -@@ -51,7 +51,7 @@ int acl_nfs4_xattr_size(struct nfs4_acl * acl) - /* Space for number of aces */ - size += sizeof(u32); - -- ace = acl_nfs4_get_first_ace(acl); -+ ace = acl->ace_head.tqh_first; - ace_num = 1; - - num_aces = acl->naces; -@@ -79,7 +79,7 @@ int acl_nfs4_xattr_size(struct nfs4_acl * acl) - size += NFS4_XDR_MOD; - } - -- acl_nfs4_get_next_ace(&ace); -+ ace = ace->l_ace.tqe_next; - ace_num++; - } - -diff --git a/libacl/libacl_nfs4.h b/libacl/libacl_nfs4.h -index e6a466c..1402f92 100644 ---- a/libacl/libacl_nfs4.h -+++ b/libacl/libacl_nfs4.h -@@ -82,14 +82,6 @@ extern void acl_nfs4_remove_ace(struct nfs4_acl * acl, struct nfs4_ace * ace) - - /* nfs4 -> posix */ - extern acl_t acl_n4tp_acl_trans(struct nfs4_acl *, acl_type_t); --extern int acl_n4tp_set_mode(acl_entry_t pace, u32 nfs4_access_mask, -- int iflags); --extern int acl_n4tp_ace_count(struct nfs4_acl *n4acl); --extern int acl_n4tp_ace_trans(struct nfs4_ace *ace, acl_t *pacl, -- acl_tag_t tag, int iflags); --extern int acl_n4tp_set_who(acl_entry_t ace, char* who, -- acl_tag_t who_type); --extern acl_tag_t acl_n4tp_get_whotype(struct nfs4_ace *ace); - - /* posix -> nfs4 */ - extern int acl_ptn4_get_mask(u32* mask, acl_permset_t perms, -@@ -98,37 +90,13 @@ extern int acl_ptn4_acl_trans(acl_t, struct nfs4_acl *, acl_type_t, u32, char*); - - - /** Access Functions **/ --extern inline struct nfs4_ace * -- acl_nfs4_get_next_ace(struct nfs4_ace **); --extern inline struct nfs4_ace * -- acl_nfs4_get_first_ace(struct nfs4_acl *); - extern inline int acl_nfs4_get_whotype(char*); - extern int acl_nfs4_get_who(struct nfs4_ace*, int*, char**); - - /**** Private(?) functions ****/ - acl_t __posix_acl_from_nfs4_xattr(char*, int, acl_type_t, u32); --int complementary_ace_pair(struct nfs4_ace *allow, struct nfs4_ace *deny); --int same_who(struct nfs4_ace *a, struct nfs4_ace *b); - - /* These will change */ --int nfs4_get_gid_from_who(gid_t* gid, const char * who); --int nfs4_get_uid_from_who(uid_t* uid, const char * who); - char * nfs4_get_who_from_uid(uid_t); - char * nfs4_get_who_from_gid(gid_t); --int __nfs4_get_local_uid_from_who(uid_t* uid, const char * who); --int __nfs4_get_foreign_uid_from_who(uid_t* uid, const char * who); --int __nfs4_get_local_gid_from_who(gid_t* gid, const char * who); --int __nfs4_get_foreign_gid_from_who(gid_t* gid, const char * who); --int is_who_local(const char * who); - /* End change */ -- --int user_obj_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace **n4ace, -- acl_t *pacl, int iflags); --int users_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -- struct nfs4_ace **mask_ace, acl_t *pacl, int iflags); --int group_obj_and_groups_from_v4(struct nfs4_acl *n4acl, -- struct nfs4_ace ** n4ace_p, struct nfs4_ace **mask_ace, acl_t *pacl, int iflags); --int mask_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -- struct nfs4_ace **mask_ace, acl_t *pacl, int iflags); --int other_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -- acl_t *pacl, int iflags); --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0003-NFSv4-POSIX-mapping-clean-up-loop-interation.patch b/sys-apps/acl/files/0003-NFSv4-POSIX-mapping-clean-up-loop-interation.patch deleted file mode 100644 index 34e6ce2..0000000 --- a/sys-apps/acl/files/0003-NFSv4-POSIX-mapping-clean-up-loop-interation.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 2710403cf7742fd6f919977df4da4797625c4407 Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@snoopy.citi.umich.edu> -Date: Tue, 12 Dec 2006 16:41:12 -0500 -Subject: [PATCH 03/17] NFSv4->POSIX mapping: clean up loop interation - -Clean up slightly over-complicated iteration here. ---- - libacl/acl_n4tp_acl_trans.c | 16 ++-------------- - 1 files changed, 2 insertions(+), 14 deletions(-) - -diff --git a/libacl/acl_n4tp_acl_trans.c b/libacl/acl_n4tp_acl_trans.c -index 7fcb992..0e505c4 100644 ---- a/libacl/acl_n4tp_acl_trans.c -+++ b/libacl/acl_n4tp_acl_trans.c -@@ -353,7 +353,6 @@ acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) - acl_t pacl; - struct nfs4_acl * temp_acl; - int num_aces; -- int ace_num; - struct nfs4_ace * cur_ace = NULL; - struct nfs4_ace * temp_ace = NULL; - int ret; -@@ -384,23 +383,14 @@ acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) - /* Strip or keep inheritance aces depending upon the type of posix acl - * requested */ - cur_ace = temp_acl->ace_head.tqh_first; -- ace_num = 1; -- -- while (1) { -- if (cur_ace == NULL) { -- if (ace_num > num_aces) -- break; -- else -- goto free_failed; -- } - -- /* get the next ace now because we may be freeing the current ace */ -+ while (cur_ace) { -+ /* get the next ace now in case we free the current ace */ - temp_ace = cur_ace; - cur_ace = cur_ace->l_ace.tqe_next; - - flags = temp_ace->flag; - -- /* XXX: bring in sync with current kernel: */ - if (iflags & NFS4_ACL_REQUEST_DEFAULT) { - if((flags & NFS4_INHERITANCE_FLAGS) != NFS4_INHERITANCE_FLAGS) - acl_nfs4_remove_ace(temp_acl, temp_ace); -@@ -409,8 +399,6 @@ acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) - acl_nfs4_remove_ace(temp_acl, temp_ace); - } - } -- -- ace_num++; - } - - ret = init_state(&state, temp_acl->naces); --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0004-acl_ptn4_get_mask-style-cleanup.patch b/sys-apps/acl/files/0004-acl_ptn4_get_mask-style-cleanup.patch deleted file mode 100644 index cab4856..0000000 --- a/sys-apps/acl/files/0004-acl_ptn4_get_mask-style-cleanup.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 4e2a9689bca5bd260e151e0f5bf877a0720c8b53 Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@snoopy.citi.umich.edu> -Date: Tue, 12 Dec 2006 16:44:39 -0500 -Subject: [PATCH 04/17] acl_ptn4_get_mask: style cleanup - -Minor style cleanup; indentation, if()->if () ---- - libacl/acl_ptn4_get_mask.c | 20 ++++++++++---------- - 1 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/libacl/acl_ptn4_get_mask.c b/libacl/acl_ptn4_get_mask.c -index bee0a97..a6b117b 100644 ---- a/libacl/acl_ptn4_get_mask.c -+++ b/libacl/acl_ptn4_get_mask.c -@@ -40,35 +40,35 @@ int acl_ptn4_get_mask(u32* mask, acl_permset_t perms, int iflags) - { - int result; - -- *mask = NFS4_ANYONE_MODE; -+ *mask = NFS4_ANYONE_MODE; - -- if(perms == NULL) { -+ if (perms == NULL) { - errno = EINVAL; - goto failed; - } - -- if (iflags & NFS4_ACL_OWNER) -- *mask |= NFS4_OWNER_MODE; -+ if (iflags & NFS4_ACL_OWNER) -+ *mask |= NFS4_OWNER_MODE; - - result = acl_get_perm(perms, ACL_READ); -- if(result < 0) -+ if (result < 0) - goto failed; - else if(result == 1) - *mask |= NFS4_READ_MODE; - - result = acl_get_perm(perms, ACL_WRITE); -- if(result < 0) -+ if (result < 0) - goto failed; -- else if(result == 1) { -+ else if (result == 1) { - *mask |= NFS4_WRITE_MODE; -- if(iflags & NFS4_ACL_ISDIR) -+ if (iflags & NFS4_ACL_ISDIR) - *mask |= NFS4_ACE_DELETE_CHILD; - } - - result = acl_get_perm(perms, ACL_EXECUTE); -- if(result < 0) -+ if (result < 0) - goto failed; -- else if(result == 1) -+ else if (result == 1) - *mask |= NFS4_EXECUTE_MODE; - - return 0; --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0005-fix-WRITE_MODE.patch b/sys-apps/acl/files/0005-fix-WRITE_MODE.patch deleted file mode 100644 index 07146a2..0000000 --- a/sys-apps/acl/files/0005-fix-WRITE_MODE.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 2f7a5c64d7e873ee7afc47e420a124b2f5aa26e5 Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@snoopy.citi.umich.edu> -Date: Tue, 12 Dec 2006 16:46:54 -0500 -Subject: [PATCH 05/17] fix WRITE_MODE - -Note only two uses of WRITE_MODE both assume that DELETE_CHILD is not or'd in -to it. ---- - include/libacl_nfs4.h | 3 +-- - libacl/libacl_nfs4.h | 3 +-- - 2 files changed, 2 insertions(+), 4 deletions(-) - -diff --git a/include/libacl_nfs4.h b/include/libacl_nfs4.h -index 9103424..ab16450 100644 ---- a/include/libacl_nfs4.h -+++ b/include/libacl_nfs4.h -@@ -10,8 +10,7 @@ - - /* mode bit translations: */ - #define NFS4_READ_MODE NFS4_ACE_READ_DATA --#define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA \ -- | NFS4_ACE_APPEND_DATA | NFS4_ACE_DELETE_CHILD) -+#define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA | NFS4_ACE_APPEND_DATA) - #define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE - #define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | \ - NFS4_ACE_SYNCHRONIZE) -diff --git a/libacl/libacl_nfs4.h b/libacl/libacl_nfs4.h -index 1402f92..c3d7ef3 100644 ---- a/libacl/libacl_nfs4.h -+++ b/libacl/libacl_nfs4.h -@@ -10,8 +10,7 @@ - - /* mode bit translations: */ - #define NFS4_READ_MODE NFS4_ACE_READ_DATA --#define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA \ -- | NFS4_ACE_APPEND_DATA | NFS4_ACE_DELETE_CHILD) -+#define NFS4_WRITE_MODE (NFS4_ACE_WRITE_DATA | NFS4_ACE_APPEND_DATA) - #define NFS4_EXECUTE_MODE NFS4_ACE_EXECUTE - #define NFS4_ANYONE_MODE (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL | \ - NFS4_ACE_SYNCHRONIZE) --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0006-Remove-some-some-unused-header-cruft.patch b/sys-apps/acl/files/0006-Remove-some-some-unused-header-cruft.patch deleted file mode 100644 index 68fc2ac..0000000 --- a/sys-apps/acl/files/0006-Remove-some-some-unused-header-cruft.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 443f30f29aa4a5520d2daf2748444e0cd0196749 Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@snoopy.citi.umich.edu> -Date: Tue, 12 Dec 2006 16:47:57 -0500 -Subject: [PATCH 06/17] Remove some some unused header cruft - -These functions were deleted a while ago; forgot to delete them from both -copies of header file. (*Why* do we have two copies of this file?) ---- - include/libacl_nfs4.h | 11 ----------- - 1 files changed, 0 insertions(+), 11 deletions(-) - -diff --git a/include/libacl_nfs4.h b/include/libacl_nfs4.h -index ab16450..c3d7ef3 100644 ---- a/include/libacl_nfs4.h -+++ b/include/libacl_nfs4.h -@@ -99,14 +99,3 @@ acl_t __posix_acl_from_nfs4_xattr(char*, int, acl_type_t, u32); - char * nfs4_get_who_from_uid(uid_t); - char * nfs4_get_who_from_gid(gid_t); - /* End change */ -- --int user_obj_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace **n4ace, -- acl_t *pacl, int iflags); --int users_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -- struct nfs4_ace **mask_ace, acl_t *pacl, int iflags); --int group_obj_and_groups_from_v4(struct nfs4_acl *n4acl, -- struct nfs4_ace ** n4ace_p, struct nfs4_ace **mask_ace, acl_t *pacl, int iflags); --int mask_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -- struct nfs4_ace **mask_ace, acl_t *pacl, int iflags); --int other_from_v4(struct nfs4_acl *n4acl, struct nfs4_ace ** n4ace_p, -- acl_t *pacl, int iflags); --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0007-NFSv4-POSIX-relax-inheritance-bit-mapping.patch b/sys-apps/acl/files/0007-NFSv4-POSIX-relax-inheritance-bit-mapping.patch deleted file mode 100644 index 48d2bd6..0000000 --- a/sys-apps/acl/files/0007-NFSv4-POSIX-relax-inheritance-bit-mapping.patch +++ /dev/null @@ -1,42 +0,0 @@ -From ac166c83ea05339fe197b56ea906bed558481eec Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@snoopy.citi.umich.edu> -Date: Tue, 12 Dec 2006 17:06:17 -0500 -Subject: [PATCH 07/17] NFSv4->POSIX: relax inheritance bit mapping - -Relax the inheritance bit mapping, and make it a little more accurate. ---- - libacl/acl_n4tp_acl_trans.c | 8 +++++--- - 1 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/libacl/acl_n4tp_acl_trans.c b/libacl/acl_n4tp_acl_trans.c -index 0e505c4..f0f802d 100644 ---- a/libacl/acl_n4tp_acl_trans.c -+++ b/libacl/acl_n4tp_acl_trans.c -@@ -384,6 +384,9 @@ acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) - * requested */ - cur_ace = temp_acl->ace_head.tqh_first; - -+#define FILE_OR_DIR_INHERIT (NFS4_ACE_FILE_INHERIT_ACE \ -+ | NFS4_ACE_DIRECTORY_INHERIT_ACE) -+ - while (cur_ace) { - /* get the next ace now in case we free the current ace */ - temp_ace = cur_ace; -@@ -392,12 +395,11 @@ acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) - flags = temp_ace->flag; - - if (iflags & NFS4_ACL_REQUEST_DEFAULT) { -- if((flags & NFS4_INHERITANCE_FLAGS) != NFS4_INHERITANCE_FLAGS) -+ if (!(temp_ace->flag & FILE_OR_DIR_INHERIT)) - acl_nfs4_remove_ace(temp_acl, temp_ace); - } else { -- if ((flags & NFS4_INHERITANCE_FLAGS) == NFS4_INHERITANCE_FLAGS) { -+ if (temp_ace->flag & NFS4_ACE_INHERIT_ONLY_ACE) - acl_nfs4_remove_ace(temp_acl, temp_ace); -- } - } - } - --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0008-NFSv4-POSIX-factor-out-inheritance-splitting-code.patch b/sys-apps/acl/files/0008-NFSv4-POSIX-factor-out-inheritance-splitting-code.patch deleted file mode 100644 index 8991891..0000000 --- a/sys-apps/acl/files/0008-NFSv4-POSIX-factor-out-inheritance-splitting-code.patch +++ /dev/null @@ -1,94 +0,0 @@ -From d55de6fa0c8d2448e55d51ce7b6c9b48fa5632cb Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@snoopy.citi.umich.edu> -Date: Tue, 12 Dec 2006 17:15:14 -0500 -Subject: [PATCH 08/17] NFSv4->POSIX: factor out inheritance splitting code - -Factor out the code that splits out ACEs that are irrelevant (because of -inheritance bits) into a separate function, do a little more cleanup. ---- - libacl/acl_n4tp_acl_trans.c | 56 +++++++++++++++++++++--------------------- - 1 files changed, 28 insertions(+), 28 deletions(-) - -diff --git a/libacl/acl_n4tp_acl_trans.c b/libacl/acl_n4tp_acl_trans.c -index f0f802d..b0d2b54 100644 ---- a/libacl/acl_n4tp_acl_trans.c -+++ b/libacl/acl_n4tp_acl_trans.c -@@ -347,16 +347,39 @@ static int process_one_v4_ace(struct posix_acl_state *state, - return 0; - } - -+#define FILE_OR_DIR_INHERIT (NFS4_ACE_FILE_INHERIT_ACE \ -+ | NFS4_ACE_DIRECTORY_INHERIT_ACE) -+ -+/* Strip or keep inheritance aces depending on type of posix acl requested */ -+static void acl_nfs4_check_inheritance(struct nfs4_acl *acl, u32 iflags) -+{ -+ struct nfs4_ace * cur_ace; -+ struct nfs4_ace * temp_ace; -+ -+ cur_ace = acl->ace_head.tqh_first; -+ -+ while (cur_ace) { -+ /* get the next ace now in case we free the current ace */ -+ temp_ace = cur_ace; -+ cur_ace = cur_ace->l_ace.tqe_next; -+ -+ if (iflags & NFS4_ACL_REQUEST_DEFAULT) { -+ if (!(temp_ace->flag & FILE_OR_DIR_INHERIT)) -+ acl_nfs4_remove_ace(acl, temp_ace); -+ } else { -+ if (temp_ace->flag & NFS4_ACE_INHERIT_ONLY_ACE) -+ acl_nfs4_remove_ace(acl, temp_ace); -+ } -+ } -+} -+ - acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) - { - struct posix_acl_state state; - acl_t pacl; - struct nfs4_acl * temp_acl; -- int num_aces; -- struct nfs4_ace * cur_ace = NULL; -- struct nfs4_ace * temp_ace = NULL; -+ struct nfs4_ace * cur_ace; - int ret; -- u32 flags; - u32 iflags = NFS4_ACL_NOFLAGS; - - if (nacl_p == NULL) { -@@ -378,30 +401,7 @@ acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) - if (temp_acl == NULL) - return NULL; - -- num_aces = temp_acl->naces; -- -- /* Strip or keep inheritance aces depending upon the type of posix acl -- * requested */ -- cur_ace = temp_acl->ace_head.tqh_first; -- --#define FILE_OR_DIR_INHERIT (NFS4_ACE_FILE_INHERIT_ACE \ -- | NFS4_ACE_DIRECTORY_INHERIT_ACE) -- -- while (cur_ace) { -- /* get the next ace now in case we free the current ace */ -- temp_ace = cur_ace; -- cur_ace = cur_ace->l_ace.tqe_next; -- -- flags = temp_ace->flag; -- -- if (iflags & NFS4_ACL_REQUEST_DEFAULT) { -- if (!(temp_ace->flag & FILE_OR_DIR_INHERIT)) -- acl_nfs4_remove_ace(temp_acl, temp_ace); -- } else { -- if (temp_ace->flag & NFS4_ACE_INHERIT_ONLY_ACE) -- acl_nfs4_remove_ace(temp_acl, temp_ace); -- } -- } -+ acl_nfs4_check_inheritance(temp_acl, iflags); - - ret = init_state(&state, temp_acl->naces); - if (ret) --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0009-NFSv4-POSIX-remove-a-redundant-NULL-check.patch b/sys-apps/acl/files/0009-NFSv4-POSIX-remove-a-redundant-NULL-check.patch deleted file mode 100644 index 515ec9c..0000000 --- a/sys-apps/acl/files/0009-NFSv4-POSIX-remove-a-redundant-NULL-check.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0989e9ad282ae0806ec9601d4a1038f4103dc0e6 Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@snoopy.citi.umich.edu> -Date: Tue, 12 Dec 2006 17:15:54 -0500 -Subject: [PATCH 09/17] NFSv4->POSIX: remove a redundant NULL check - -The caller already checks this. ---- - libacl/acl_n4tp_acl_trans.c | 5 ----- - 1 files changed, 0 insertions(+), 5 deletions(-) - -diff --git a/libacl/acl_n4tp_acl_trans.c b/libacl/acl_n4tp_acl_trans.c -index b0d2b54..a81a06d 100644 ---- a/libacl/acl_n4tp_acl_trans.c -+++ b/libacl/acl_n4tp_acl_trans.c -@@ -382,11 +382,6 @@ acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) - int ret; - u32 iflags = NFS4_ACL_NOFLAGS; - -- if (nacl_p == NULL) { -- errno = EINVAL; -- return NULL; -- } -- - if (ptype == ACL_TYPE_DEFAULT) { - if (nacl_p->is_directory) - iflags |= NFS4_ACL_REQUEST_DEFAULT; --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0010-Minor-header-cleanup.patch b/sys-apps/acl/files/0010-Minor-header-cleanup.patch deleted file mode 100644 index e6270bf..0000000 --- a/sys-apps/acl/files/0010-Minor-header-cleanup.patch +++ /dev/null @@ -1,59 +0,0 @@ -From c96b248f388587ebcff23d3a2625054899badcff Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@snoopy.citi.umich.edu> -Date: Tue, 12 Dec 2006 17:25:43 -0500 -Subject: [PATCH 10/17] Minor header cleanup - -Move a define out of common header to where it's actually used. ---- - include/libacl_nfs4.h | 4 ---- - libacl/acl_ptn4_acl_trans.c | 3 +++ - libacl/libacl_nfs4.h | 4 ---- - 3 files changed, 3 insertions(+), 8 deletions(-) - -diff --git a/include/libacl_nfs4.h b/include/libacl_nfs4.h -index c3d7ef3..b29b802 100644 ---- a/include/libacl_nfs4.h -+++ b/include/libacl_nfs4.h -@@ -16,10 +16,6 @@ - NFS4_ACE_SYNCHRONIZE) - #define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL) - --/* flags used to simulate posix default ACLs */ --#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ -- | NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE) -- - #define NFS4_ACE_MASK_IGNORE (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \ - | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS) - /* XXX not sure about the following. Note that e.g. DELETE_CHILD is wrong in -diff --git a/libacl/acl_ptn4_acl_trans.c b/libacl/acl_ptn4_acl_trans.c -index 2e5aa51..3c23f01 100644 ---- a/libacl/acl_ptn4_acl_trans.c -+++ b/libacl/acl_ptn4_acl_trans.c -@@ -38,6 +38,9 @@ - #include <nfsidmap.h> - #include "libacl_nfs4.h" - -+/* flags used to simulate posix default ACLs */ -+#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ -+ | NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE) - - /* Plan: - * 1: if setting default, remove all purely inherited aces, and replace -diff --git a/libacl/libacl_nfs4.h b/libacl/libacl_nfs4.h -index c3d7ef3..b29b802 100644 ---- a/libacl/libacl_nfs4.h -+++ b/libacl/libacl_nfs4.h -@@ -16,10 +16,6 @@ - NFS4_ACE_SYNCHRONIZE) - #define NFS4_OWNER_MODE (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL) - --/* flags used to simulate posix default ACLs */ --#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ -- | NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE) -- - #define NFS4_ACE_MASK_IGNORE (NFS4_ACE_DELETE | NFS4_ACE_WRITE_OWNER \ - | NFS4_ACE_READ_NAMED_ATTRS | NFS4_ACE_WRITE_NAMED_ATTRS) - /* XXX not sure about the following. Note that e.g. DELETE_CHILD is wrong in --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0011-POSIX-NFSv4-relax-inheritance-bit-mapping.patch b/sys-apps/acl/files/0011-POSIX-NFSv4-relax-inheritance-bit-mapping.patch deleted file mode 100644 index 3d97eea..0000000 --- a/sys-apps/acl/files/0011-POSIX-NFSv4-relax-inheritance-bit-mapping.patch +++ /dev/null @@ -1,95 +0,0 @@ -From cd582e0230f502a8e9710b03ec6375699d2e484e Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@snoopy.citi.umich.edu> -Date: Tue, 12 Dec 2006 17:37:22 -0500 -Subject: [PATCH 11/17] POSIX->NFSv4: relax inheritance bit mapping - -Accept wider range of inheritance bits by e.g. treating file inherit and -directory inherit as if both were always on if one is. ---- - libacl/acl_ptn4_acl_trans.c | 30 +++++++++--------------------- - 1 files changed, 9 insertions(+), 21 deletions(-) - -diff --git a/libacl/acl_ptn4_acl_trans.c b/libacl/acl_ptn4_acl_trans.c -index 3c23f01..4dbd4c5 100644 ---- a/libacl/acl_ptn4_acl_trans.c -+++ b/libacl/acl_ptn4_acl_trans.c -@@ -38,9 +38,10 @@ - #include <nfsidmap.h> - #include "libacl_nfs4.h" - --/* flags used to simulate posix default ACLs */ --#define NFS4_INHERITANCE_FLAGS (NFS4_ACE_FILE_INHERIT_ACE \ -- | NFS4_ACE_DIRECTORY_INHERIT_ACE | NFS4_ACE_INHERIT_ONLY_ACE) -+ -+#define FILE_OR_DIR_INHERIT (NFS4_ACE_FILE_INHERIT_ACE \ -+ | NFS4_ACE_DIRECTORY_INHERIT_ACE) -+#define NFS4_INHERITANCE_FLAGS (FILE_OR_DIR_INHERIT | NFS4_ACE_INHERIT_ONLY_ACE) - - /* Plan: - * 1: if setting default, remove all purely inherited aces, and replace -@@ -48,26 +49,22 @@ - * 2: if setting effective, remove all purely effective aces, and replace - * all dual-use aces by purely inherited ones - */ -- --int purge_aces(struct nfs4_acl *nacl, acl_type_t type) -+static void purge_aces(struct nfs4_acl *nacl, acl_type_t type) - { - struct nfs4_ace *p, *next; - - for (p = nacl->ace_head.tqh_first; p != NULL; p = next) { - next = p->l_ace.tqe_next; - -- switch (p->flag & NFS4_INHERITANCE_FLAGS) { -- case 0: -+ if (!(p->flag & FILE_OR_DIR_INHERIT)) { - /* purely effective */ - if (type == ACL_TYPE_ACCESS) - acl_nfs4_remove_ace(nacl, p); -- continue; -- case NFS4_INHERITANCE_FLAGS: -+ } else if (p->flag & NFS4_ACE_INHERIT_ONLY_ACE) { - /* purely inherited */ - if (type == ACL_TYPE_DEFAULT) - acl_nfs4_remove_ace(nacl, p); -- break; -- case NFS4_INHERITANCE_FLAGS & ~NFS4_ACE_INHERIT_ONLY_ACE: -+ } else { - /* both effective and inherited */ - if (type == ACL_TYPE_DEFAULT) { - /* Change to purely effective */ -@@ -76,14 +73,9 @@ int purge_aces(struct nfs4_acl *nacl, acl_type_t type) - /* Change to purely inherited */ - p->flag |= NFS4_INHERITANCE_FLAGS; - } -- break; -- default: -- errno = EINVAL; -- return -1; - } - - } -- return 0; - } - - int -@@ -114,9 +106,7 @@ acl_ptn4_acl_trans(acl_t pacl, struct nfs4_acl *acl, acl_type_t type, u32 is_dir - iflags |= NFS4_ACL_REQUEST_DEFAULT; - } - -- result = purge_aces(acl, type); -- if (result) -- return -1; -+ purge_aces(acl, type); - - if (is_dir & NFS4_ACL_ISDIR) - iflags |= NFS4_ACL_ISDIR; -@@ -517,5 +507,3 @@ out: - acl_nfs4_free(acl); - return -1; - } -- -- --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0012-nfsv4-posix-mapping-don-t-add-unnecessary-masks.patch b/sys-apps/acl/files/0012-nfsv4-posix-mapping-don-t-add-unnecessary-masks.patch deleted file mode 100644 index 47e9177..0000000 --- a/sys-apps/acl/files/0012-nfsv4-posix-mapping-don-t-add-unnecessary-masks.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 106227f0a4f89724b099114dfb2584b4eb249130 Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@citi.umich.edu> -Date: Tue, 30 Jan 2007 18:45:55 -0500 -Subject: [PATCH 12/17] nfsv4->posix mapping: don't add unnecessary masks - -Don't add masks to 3-element ACLs unnecessarily; otherwise we never -translate to a posix ACL exactly equivalent to a mode, which seems a -little rude. - -Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> ---- - libacl/acl_n4tp_acl_trans.c | 17 +++++++++++------ - 1 files changed, 11 insertions(+), 6 deletions(-) - -diff --git a/libacl/acl_n4tp_acl_trans.c b/libacl/acl_n4tp_acl_trans.c -index a81a06d..eca94ff 100644 ---- a/libacl/acl_n4tp_acl_trans.c -+++ b/libacl/acl_n4tp_acl_trans.c -@@ -143,7 +143,10 @@ posix_state_to_acl(struct posix_acl_state *state, int is_dir) - int nace; - int i, error = 0; - -- nace = 4 + state->users->n + state->groups->n; -+ if (state->users->n || state->groups->n) -+ nace = 4 + state->users->n + state->groups->n; -+ else -+ nace = 3; - pacl = acl_init(nace); - if (!pacl) - return NULL; -@@ -183,11 +186,13 @@ posix_state_to_acl(struct posix_acl_state *state, int is_dir) - add_to_mask(state, &state->groups->aces[i].perms); - } - -- error = acl_create_entry(&pacl, &pace); -- if (error) -- goto out_err; -- acl_set_tag_type(pace, ACL_MASK); -- set_mode_from_nfs4(pace, state->mask.allow, is_dir); -+ if (nace > 3) { -+ error = acl_create_entry(&pacl, &pace); -+ if (error) -+ goto out_err; -+ acl_set_tag_type(pace, ACL_MASK); -+ set_mode_from_nfs4(pace, state->mask.allow, is_dir); -+ } - - error = acl_create_entry(&pacl, &pace); - if (error) --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0013-nfsv4-posix-return-zero-length-default-acl-when-appr.patch b/sys-apps/acl/files/0013-nfsv4-posix-return-zero-length-default-acl-when-appr.patch deleted file mode 100644 index 6c16356..0000000 --- a/sys-apps/acl/files/0013-nfsv4-posix-return-zero-length-default-acl-when-appr.patch +++ /dev/null @@ -1,39 +0,0 @@ -From aaa123a30a393fce1b5c998ef24c236d030fe8e2 Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@citi.umich.edu> -Date: Wed, 31 Jan 2007 12:47:27 -0500 -Subject: [PATCH 13/17] nfsv4->posix: return zero-length default acl when - appropriate - -A normal posix acl isn't zero-length: having "no" posix acl is -equivalent to having a 3-ace posix acl determined by the mode. - -Default acls, however, may be zero-length. We should be returning a -zero-length posix acl when given an nfsv4 acl with no inheritable aces. - -Fixes a problem that caused all directories to appear to have a default -acl that grants no permissions. - -Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> ---- - libacl/acl_n4tp_acl_trans.c | 5 +++++ - 1 files changed, 5 insertions(+), 0 deletions(-) - -diff --git a/libacl/acl_n4tp_acl_trans.c b/libacl/acl_n4tp_acl_trans.c -index eca94ff..62ac81a 100644 ---- a/libacl/acl_n4tp_acl_trans.c -+++ b/libacl/acl_n4tp_acl_trans.c -@@ -403,6 +403,11 @@ acl_t acl_n4tp_acl_trans(struct nfs4_acl * nacl_p, acl_type_t ptype) - - acl_nfs4_check_inheritance(temp_acl, iflags); - -+ if (ptype == ACL_TYPE_DEFAULT && temp_acl->naces == 0) { -+ acl_nfs4_free(temp_acl); -+ return acl_init(0); -+ } -+ - ret = init_state(&state, temp_acl->naces); - if (ret) - goto free_failed; --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0014-nfsd4-remove-spurious-XATTR_REPLACE.patch b/sys-apps/acl/files/0014-nfsd4-remove-spurious-XATTR_REPLACE.patch deleted file mode 100644 index f2f8402..0000000 --- a/sys-apps/acl/files/0014-nfsd4-remove-spurious-XATTR_REPLACE.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6542fbd970376cc7f7cbdfa1a6dfc7efc5149d62 Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@citi.umich.edu> -Date: Wed, 9 May 2007 14:20:34 -0400 -Subject: [PATCH 14/17] nfsd4: remove spurious XATTR_REPLACE - -For some reason we're calling acl_set_file with XATTR_REPLACE. I have -no idea why, and it can make it impossible to set an acl on a filesystem -that didn't previously have one (on those filesystems that don't just -fake up an acl on their on in this case). - -Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> ---- - libacl/acl_set_file.c | 3 +-- - 1 files changed, 1 insertions(+), 2 deletions(-) - -diff --git a/libacl/acl_set_file.c b/libacl/acl_set_file.c -index 303e39c..ba84999 100644 ---- a/libacl/acl_set_file.c -+++ b/libacl/acl_set_file.c -@@ -140,8 +140,7 @@ acl_set_file(const char *path_p, acl_type_t type, acl_t acl) - - if (!ext_acl_p) - return -1; -- -- error = setxattr(path_p, name, (char *)ext_acl_p, size, XATTR_REPLACE); -+ error = setxattr(path_p, name, (char *)ext_acl_p, size, 0); - free(ext_acl_p); - return error; - } --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0015-fix-comment-typo.patch b/sys-apps/acl/files/0015-fix-comment-typo.patch deleted file mode 100644 index 7a01c79..0000000 --- a/sys-apps/acl/files/0015-fix-comment-typo.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 8d66a2ef07b205b701aa5b3805136ca9320dddd2 Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@citi.umich.edu> -Date: Wed, 15 Aug 2007 14:32:36 -0400 -Subject: [PATCH 15/17] fix comment typo - -Fix a comment typo - -Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> ---- - libacl/acl_n4tp_acl_trans.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/libacl/acl_n4tp_acl_trans.c b/libacl/acl_n4tp_acl_trans.c -index 62ac81a..7708248 100644 ---- a/libacl/acl_n4tp_acl_trans.c -+++ b/libacl/acl_n4tp_acl_trans.c -@@ -79,7 +79,7 @@ init_state(struct posix_acl_state *state, int cnt) - memset(state, 0, sizeof(struct posix_acl_state)); - /* - * In the worst case, each individual acl could be for a distinct -- * named user or group, but we don't no which, so we allocate -+ * named user or group, but we don't know which, so we allocate - * enough space for either: - */ - alloc = sizeof(struct posix_ace_state_array) --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0016-fix-nfs4-posix-mapping-state-allocation.patch b/sys-apps/acl/files/0016-fix-nfs4-posix-mapping-state-allocation.patch deleted file mode 100644 index 10c0f9a..0000000 --- a/sys-apps/acl/files/0016-fix-nfs4-posix-mapping-state-allocation.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 7cb0e09ded7c5c0138fb5e4621f0ce54df1f381e Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@citi.umich.edu> -Date: Wed, 15 Aug 2007 16:43:26 -0400 -Subject: [PATCH 16/17] fix nfs4->posix mapping state allocation - -Fix allocation of a couple arrays used in the nfs4->posix mapping; -without this we could get heap corruption when translating acls with -more than a few users or groups. - -Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> ---- - libacl/acl_n4tp_acl_trans.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/libacl/acl_n4tp_acl_trans.c b/libacl/acl_n4tp_acl_trans.c -index 7708248..52972c7 100644 ---- a/libacl/acl_n4tp_acl_trans.c -+++ b/libacl/acl_n4tp_acl_trans.c -@@ -83,7 +83,7 @@ init_state(struct posix_acl_state *state, int cnt) - * enough space for either: - */ - alloc = sizeof(struct posix_ace_state_array) -- + cnt*sizeof(struct posix_ace_state); -+ + cnt*sizeof(struct posix_user_ace_state); - state->users = calloc(1, alloc); - if (!state->users) - return -ENOMEM; --- -1.7.8.1 - diff --git a/sys-apps/acl/files/0017-fix-calculation-of-group-bits.patch b/sys-apps/acl/files/0017-fix-calculation-of-group-bits.patch deleted file mode 100644 index 69cfb07..0000000 --- a/sys-apps/acl/files/0017-fix-calculation-of-group-bits.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 6dfe0d58bd27ee1b3668831b59a14218a441c3bd Mon Sep 17 00:00:00 2001 -From: "J. Bruce Fields" <bfields@citi.umich.edu> -Date: Tue, 18 Sep 2007 15:28:34 -0400 -Subject: [PATCH 17/17] fix calculation of group bits - -With the current code allowing bits to a group can result in those bits -also being allowed to other groups. This is unnecessary, as posix group -permissions already accumulate in most cases. - -Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> ---- - libacl/acl_n4tp_acl_trans.c | 39 +++++++++++++++++++++++++++------------ - 1 files changed, 27 insertions(+), 12 deletions(-) - -diff --git a/libacl/acl_n4tp_acl_trans.c b/libacl/acl_n4tp_acl_trans.c -index 52972c7..3b0563f 100644 ---- a/libacl/acl_n4tp_acl_trans.c -+++ b/libacl/acl_n4tp_acl_trans.c -@@ -218,18 +218,36 @@ static inline void deny_bits(struct posix_ace_state *astate, u32 mask) - astate->deny |= mask & ~astate->allow; - } - --static int find_uid(struct posix_acl_state *state, struct posix_ace_state_array *a, uid_t uid) -+static int find_uid(struct posix_acl_state *state, uid_t uid) - { - int i; -+ struct posix_ace_state_array *users = state->users; - -- for (i = 0; i < a->n; i++) -- if (a->aces[i].uid == uid) -+ for (i = 0; i < users->n; i++) -+ if (users->aces[i].uid == uid) - return i; - /* Not found: */ -- a->n++; -- a->aces[i].uid = uid; -- a->aces[i].perms.allow = state->everyone.allow; -- a->aces[i].perms.deny = state->everyone.deny; -+ users->n++; -+ users->aces[i].uid = uid; -+ users->aces[i].perms.allow = state->everyone.allow; -+ users->aces[i].perms.deny = state->everyone.deny; -+ -+ return i; -+} -+ -+static int find_gid(struct posix_acl_state *state, uid_t uid) -+{ -+ int i; -+ struct posix_ace_state_array *groups = state->groups; -+ -+ for (i = 0; i < groups->n; i++) -+ if (groups->aces[i].uid == uid) -+ return i; -+ /* Not found: */ -+ groups->n++; -+ groups->aces[i].uid = uid; -+ groups->aces[i].perms.allow = state->other.allow; -+ groups->aces[i].perms.deny = state->other.deny; - - return i; - } -@@ -295,7 +313,7 @@ static int process_one_v4_ace(struct posix_acl_state *state, - case ACL_USER: - if (nfs4_name_to_uid(ace->who, &id)) - return -1; -- i = find_uid(state, state->users, id); -+ i = find_uid(state, id); - if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { - allow_bits(&state->users->aces[i].perms, mask); - mask = state->users->aces[i].perms.allow; -@@ -311,7 +329,6 @@ static int process_one_v4_ace(struct posix_acl_state *state, - allow_bits(&state->owner, mask); - allow_bits(&state->everyone, mask); - allow_bits_array(state->users, mask); -- allow_bits_array(state->groups, mask); - } else { - deny_bits(&state->group, mask); - } -@@ -319,15 +336,13 @@ static int process_one_v4_ace(struct posix_acl_state *state, - case ACL_GROUP: - if (nfs4_name_to_gid(ace->who, &id)) - return -1; -- i = find_uid(state, state->groups, id); -+ i = find_gid(state, id); - if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { - allow_bits(&state->groups->aces[i].perms, mask); - mask = state->groups->aces[i].perms.allow; - allow_bits(&state->owner, mask); -- allow_bits(&state->group, mask); - allow_bits(&state->everyone, mask); - allow_bits_array(state->users, mask); -- allow_bits_array(state->groups, mask); - } else { - deny_bits(&state->groups->aces[i].perms, mask); - } --- -1.7.8.1 - diff --git a/sys-apps/acl/files/acl-2.2.49-quote-strchr.patch b/sys-apps/acl/files/acl-2.2.49-quote-strchr.patch deleted file mode 100644 index d2510da..0000000 --- a/sys-apps/acl/files/acl-2.2.49-quote-strchr.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 7565e4fcb9209782ed02f3caff246cf5ea816674 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Fri, 8 Jan 2010 21:28:31 -0500 -Subject: [PATCH] quote: pull in string.h for strchr prototype - -Signed-off-by: Mike Frysinger <vapier@gentoo.org> ---- - libmisc/quote.c | 1 + - 1 files changed, 1 insertions(+), 0 deletions(-) - -diff --git a/libmisc/quote.c b/libmisc/quote.c -index f98c887..bf8f9eb 100644 ---- a/libmisc/quote.c -+++ b/libmisc/quote.c -@@ -20,6 +20,7 @@ - #include <stdio.h> - #include <stdlib.h> - #include <ctype.h> -+#include <string.h> - #include "misc.h" - - const char *quote(const char *str, const char *quote_chars) --- -1.6.6 - diff --git a/sys-apps/acl/files/acl-2.2.51-config-shell.patch b/sys-apps/acl/files/acl-2.2.51-config-shell.patch deleted file mode 100644 index 78b3f0f..0000000 --- a/sys-apps/acl/files/acl-2.2.51-config-shell.patch +++ /dev/null @@ -1,53 +0,0 @@ -https://bugs.gentoo.org/365397 - -From 10bfb16245ec4b55c1f5b6dc5554913bc9b13c9c Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Mon, 16 May 2011 01:59:52 -0400 -Subject: [PATCH] use SHELL from configure - -If /bin/sh is not a functional enough shell, configure will select a -SHELL of /bin/bash or better. But the current build helpers always -hardcode /bin/sh, so if libtool itself configures itself for /bin/bash, -things will fail when it attempts to do: - SHELL = /bin/sh - LIBTOOL = $(SHELL) .../libtool - ... - eval: 1: base_compile+= -pipe: not found - ... - -So rather than hardcoding SHELL to /bin/sh, set it to @SHELL@ and let -configure find a good value for us. - -Signed-off-by: Mike Frysinger <vapier@gentoo.org> ---- - include/builddefs.in | 1 + - include/buildmacros | 1 - - 2 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/include/builddefs.in b/include/builddefs.in -index d054a56..434ce95 100644 ---- a/include/builddefs.in -+++ b/include/builddefs.in -@@ -46,6 +46,7 @@ MAKE = @make@ - ECHO = @echo@ - SORT = @sort@ - LN_S = @LN_S@ -+SHELL = @SHELL@ - LIBTOOL = @LIBTOOL@ - MAKEDEPEND = @makedepend@ - -diff --git a/include/buildmacros b/include/buildmacros -index ab89182..8efb32e 100644 ---- a/include/buildmacros -+++ b/include/buildmacros -@@ -42,7 +42,6 @@ OBJECTS = $(ASFILES:.s=.o) \ - - INSTALL = $(TOPDIR)/include/install-sh -o $(PKG_USER) -g $(PKG_GROUP) - --SHELL = /bin/sh - IMAGES_DIR = $(TOPDIR)/all-images - DIST_DIR = $(TOPDIR)/dist - --- -1.7.5.rc3 - diff --git a/sys-apps/acl/metadata.xml b/sys-apps/acl/metadata.xml deleted file mode 100644 index 432c381..0000000 --- a/sys-apps/acl/metadata.xml +++ /dev/null @@ -1,13 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> -<maintainer type="project"> - <email>base-system@gentoo.org</email> - <name>Gentoo Base System</name> -</maintainer> -<use> - <flag name="nfs"> - add support for NFS acls - </flag> -</use> -</pkgmetadata> |