| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Jul 2023 10:26:41 -0400
From: Jeff Layton <jlayton@...nel.org>
To: Chuck Lever <chuck.lever@...cle.com>, Neil Brown <neilb@...e.de>,
Olga Kornievskaia <kolga@...app.com>,
Dai Ngo <Dai.Ngo@...cle.com>, Tom Talpey <tom@...pey.com>
Cc: Andreas Grünbacher
<andreas.gruenbacher@...il.com>, linux-nfs@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] nfsd: better conform to setfacl's method for setting missing ACEs
Andreas pointed out that the way we're setting missing ACEs doesn't
quite conform to what setfacl does. Change it to better conform to
how setfacl does this.
Cc: Andreas Grünbacher <andreas.gruenbacher@...il.com>
Signed-off-by: Jeff Layton <jlayton@...nel.org>
---
fs/nfsd/nfs4acl.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
Chuck, it might be best to fold this into the original patch, if it
looks ok.
diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c
index 64e45551d1b6..9ec61bd0e11b 100644
--- a/fs/nfsd/nfs4acl.c
+++ b/fs/nfsd/nfs4acl.c
@@ -742,14 +742,15 @@ static int nfs4_acl_nfsv4_to_posix(struct nfs4_acl *acl,
* no owner, owning group, or others entry, a copy of the ACL
* owner, owning group, or others entry is added to the Default ACL."
*
- * If none of the requisite ACEs were set, and some explicit user or group
- * ACEs were, copy the requisite entries from the effective set.
+ * Copy any missing ACEs from the effective set.
*/
- if (!default_acl_state.valid &&
- (default_acl_state.users->n || default_acl_state.groups->n)) {
- default_acl_state.owner = effective_acl_state.owner;
- default_acl_state.group = effective_acl_state.group;
- default_acl_state.other = effective_acl_state.other;
+ if (default_acl_state.users->n || default_acl_state.groups->n) {
+ if (!(default_acl_state.valid & ACL_USER_OBJ))
+ default_acl_state.owner = effective_acl_state.owner;
+ if (!(default_acl_state.valid & ACL_GROUP_OBJ))
+ default_acl_state.group = effective_acl_state.group;
+ if (!(default_acl_state.valid & ACL_OTHER))
+ default_acl_state.other = effective_acl_state.other;
}
*pacl = posix_state_to_acl(&effective_acl_state, flags);
--
2.41.0
Powered by blists - more mailing lists