Lines Matching +full:set +full:- +full:aces
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2008-2010 Edward Tomasz Napierała <trasz@FreeBSD.org>
64 &acl_nfs4_old_semantics, 0, "Use pre-PSARC/2010/029 NFSv4 ACL semantics");
118 KASSERT(aclp->acl_cnt <= ACL_MAX_ENTRIES, in _acl_denies()
119 ("aclp->acl_cnt <= ACL_MAX_ENTRIES")); in _acl_denies()
121 for (i = 0; i < aclp->acl_cnt; i++) { in _acl_denies()
122 entry = &(aclp->acl_entry[i]); in _acl_denies()
124 if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && in _acl_denies()
125 entry->ae_entry_type != ACL_ENTRY_TYPE_DENY) in _acl_denies()
127 if (entry->ae_flags & ACL_ENTRY_INHERIT_ONLY) in _acl_denies()
129 switch (entry->ae_tag) { in _acl_denies()
131 if (file_uid != cred->cr_uid) in _acl_denies()
135 if (entry->ae_id != cred->cr_uid) in _acl_denies()
143 if (!groupmember(entry->ae_id, cred)) in _acl_denies()
147 KASSERT(entry->ae_tag == ACL_EVERYONE, in _acl_denies()
148 ("entry->ae_tag == ACL_EVERYONE")); in _acl_denies()
151 if (entry->ae_entry_type == ACL_ENTRY_TYPE_DENY) { in _acl_denies()
152 if (entry->ae_perm & access_mask) { in _acl_denies()
159 access_mask &= ~(entry->ae_perm); in _acl_denies()
208 if (file_uid == cred->cr_uid) in vaccess_acl_nfs4()
225 if (file_uid != cred->cr_uid) in vaccess_acl_nfs4()
230 * For VEXEC, ensure that at least one execute bit is set for in vaccess_acl_nfs4()
231 * non-directories. We have to check the mode here to stay in vaccess_acl_nfs4()
302 if (entry->ae_tag != tag) in _acl_entry_matches()
305 if (entry->ae_id != ACL_UNDEFINED_ID) in _acl_entry_matches()
308 if (entry->ae_perm != perm) in _acl_entry_matches()
311 if (entry->ae_entry_type != entry_type) in _acl_entry_matches()
314 if (entry->ae_flags != 0) in _acl_entry_matches()
326 KASSERT(aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES, in _acl_append()
327 ("aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES")); in _acl_append()
329 entry = &(aclp->acl_entry[aclp->acl_cnt]); in _acl_append()
330 aclp->acl_cnt++; in _acl_append()
332 entry->ae_tag = tag; in _acl_append()
333 entry->ae_id = ACL_UNDEFINED_ID; in _acl_append()
334 entry->ae_perm = perm; in _acl_append()
335 entry->ae_entry_type = entry_type; in _acl_append()
336 entry->ae_flags = 0; in _acl_append()
346 KASSERT(aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES, in _acl_duplicate_entry()
347 ("aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES")); in _acl_duplicate_entry()
349 for (i = aclp->acl_cnt; i > entry_index; i--) in _acl_duplicate_entry()
350 aclp->acl_entry[i] = aclp->acl_entry[i - 1]; in _acl_duplicate_entry()
352 aclp->acl_cnt++; in _acl_duplicate_entry()
354 return (&(aclp->acl_entry[entry_index + 1])); in _acl_duplicate_entry()
370 KASSERT(aclp->acl_cnt <= ACL_MAX_ENTRIES, in acl_nfs4_sync_acl_from_mode_draft()
371 ("aclp->acl_cnt <= ACL_MAX_ENTRIES")); in acl_nfs4_sync_acl_from_mode_draft()
374 * NFSv4 Minor Version 1, draft-ietf-nfsv4-minorversion1-03.txt in acl_nfs4_sync_acl_from_mode_draft()
382 for (i = 0; i < aclp->acl_cnt; i++) { in acl_nfs4_sync_acl_from_mode_draft()
383 entry = &(aclp->acl_entry[i]); in acl_nfs4_sync_acl_from_mode_draft()
386 * 1.1. If the type is neither ALLOW or DENY - skip. in acl_nfs4_sync_acl_from_mode_draft()
388 if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && in acl_nfs4_sync_acl_from_mode_draft()
389 entry->ae_entry_type != ACL_ENTRY_TYPE_DENY) in acl_nfs4_sync_acl_from_mode_draft()
393 * 1.2. If ACL_ENTRY_INHERIT_ONLY is set - skip. in acl_nfs4_sync_acl_from_mode_draft()
395 if (entry->ae_flags & ACL_ENTRY_INHERIT_ONLY) in acl_nfs4_sync_acl_from_mode_draft()
400 * are set: in acl_nfs4_sync_acl_from_mode_draft()
402 if (entry->ae_flags & in acl_nfs4_sync_acl_from_mode_draft()
413 * ACL_ENTRY_INHERIT_ONLY is set. in acl_nfs4_sync_acl_from_mode_draft()
415 entry->ae_flags |= ACL_ENTRY_INHERIT_ONLY; in acl_nfs4_sync_acl_from_mode_draft()
424 copy->ae_flags &= ~(ACL_ENTRY_FILE_INHERIT | in acl_nfs4_sync_acl_from_mode_draft()
440 if (entry->ae_tag == ACL_USER_OBJ || in acl_nfs4_sync_acl_from_mode_draft()
441 entry->ae_tag == ACL_GROUP_OBJ || in acl_nfs4_sync_acl_from_mode_draft()
442 entry->ae_tag == ACL_EVERYONE) { in acl_nfs4_sync_acl_from_mode_draft()
443 entry->ae_perm &= ~(ACL_READ_DATA | ACL_WRITE_DATA | in acl_nfs4_sync_acl_from_mode_draft()
455 if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_acl_from_mode_draft()
461 previous = &(aclp->acl_entry[i - 1]); in acl_nfs4_sync_acl_from_mode_draft()
466 if (previous->ae_entry_type != ACL_ENTRY_TYPE_DENY) in acl_nfs4_sync_acl_from_mode_draft()
475 * and no other flag bits are set, in acl_nfs4_sync_acl_from_mode_draft()
477 if (previous->ae_id != entry->ae_id || in acl_nfs4_sync_acl_from_mode_draft()
478 previous->ae_tag != entry->ae_tag) in acl_nfs4_sync_acl_from_mode_draft()
481 if (previous->ae_flags) in acl_nfs4_sync_acl_from_mode_draft()
490 if (previous->ae_perm & ~(entry->ae_perm)) in acl_nfs4_sync_acl_from_mode_draft()
493 if (previous->ae_perm & ~(ACL_READ_DATA | in acl_nfs4_sync_acl_from_mode_draft()
511 previous->ae_tag = entry->ae_tag; in acl_nfs4_sync_acl_from_mode_draft()
512 previous->ae_id = entry->ae_id; in acl_nfs4_sync_acl_from_mode_draft()
513 previous->ae_flags = entry->ae_flags; in acl_nfs4_sync_acl_from_mode_draft()
514 previous->ae_perm = 0; in acl_nfs4_sync_acl_from_mode_draft()
515 previous->ae_entry_type = ACL_ENTRY_TYPE_DENY; in acl_nfs4_sync_acl_from_mode_draft()
531 * If ACE4_IDENTIFIER_GROUP is not set, and the "who" field in acl_nfs4_sync_acl_from_mode_draft()
536 if (entry->ae_tag == ACL_USER && entry->ae_id == file_owner_id) in acl_nfs4_sync_acl_from_mode_draft()
539 if (entry->ae_perm & ACL_READ_DATA) { in acl_nfs4_sync_acl_from_mode_draft()
541 previous->ae_perm &= ~ACL_READ_DATA; in acl_nfs4_sync_acl_from_mode_draft()
543 previous->ae_perm |= ACL_READ_DATA; in acl_nfs4_sync_acl_from_mode_draft()
546 if (entry->ae_perm & ACL_WRITE_DATA) { in acl_nfs4_sync_acl_from_mode_draft()
548 previous->ae_perm &= ~ACL_WRITE_DATA; in acl_nfs4_sync_acl_from_mode_draft()
550 previous->ae_perm |= ACL_WRITE_DATA; in acl_nfs4_sync_acl_from_mode_draft()
553 if (entry->ae_perm & ACL_APPEND_DATA) { in acl_nfs4_sync_acl_from_mode_draft()
555 previous->ae_perm &= ~ACL_APPEND_DATA; in acl_nfs4_sync_acl_from_mode_draft()
557 previous->ae_perm |= ACL_APPEND_DATA; in acl_nfs4_sync_acl_from_mode_draft()
560 if (entry->ae_perm & ACL_EXECUTE) { in acl_nfs4_sync_acl_from_mode_draft()
562 previous->ae_perm &= ~ACL_EXECUTE; in acl_nfs4_sync_acl_from_mode_draft()
564 previous->ae_perm |= ACL_EXECUTE; in acl_nfs4_sync_acl_from_mode_draft()
568 * 1.5.3. If ACE4_IDENTIFIER_GROUP is set in the flags in acl_nfs4_sync_acl_from_mode_draft()
573 if (entry->ae_tag == ACL_GROUP && in acl_nfs4_sync_acl_from_mode_draft()
574 entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) { in acl_nfs4_sync_acl_from_mode_draft()
582 entry->ae_perm &= ~ACL_READ_DATA; in acl_nfs4_sync_acl_from_mode_draft()
583 previous->ae_perm &= ~ACL_READ_DATA; in acl_nfs4_sync_acl_from_mode_draft()
587 entry->ae_perm &= in acl_nfs4_sync_acl_from_mode_draft()
589 previous->ae_perm &= in acl_nfs4_sync_acl_from_mode_draft()
594 entry->ae_perm &= ~ACL_EXECUTE; in acl_nfs4_sync_acl_from_mode_draft()
595 previous->ae_perm &= ~ACL_EXECUTE; in acl_nfs4_sync_acl_from_mode_draft()
602 * 2. If there at least six ACEs, the final six ACEs are examined. in acl_nfs4_sync_acl_from_mode_draft()
603 * If they are not equal to what we want, append six ACEs. in acl_nfs4_sync_acl_from_mode_draft()
606 if (aclp->acl_cnt < 6) { in acl_nfs4_sync_acl_from_mode_draft()
609 a6 = &(aclp->acl_entry[aclp->acl_cnt - 1]); in acl_nfs4_sync_acl_from_mode_draft()
610 a5 = &(aclp->acl_entry[aclp->acl_cnt - 2]); in acl_nfs4_sync_acl_from_mode_draft()
611 a4 = &(aclp->acl_entry[aclp->acl_cnt - 3]); in acl_nfs4_sync_acl_from_mode_draft()
612 a3 = &(aclp->acl_entry[aclp->acl_cnt - 4]); in acl_nfs4_sync_acl_from_mode_draft()
613 a2 = &(aclp->acl_entry[aclp->acl_cnt - 5]); in acl_nfs4_sync_acl_from_mode_draft()
614 a1 = &(aclp->acl_entry[aclp->acl_cnt - 6]); in acl_nfs4_sync_acl_from_mode_draft()
640 KASSERT(aclp->acl_cnt + 6 <= ACL_MAX_ENTRIES, in acl_nfs4_sync_acl_from_mode_draft()
641 ("aclp->acl_cnt <= ACL_MAX_ENTRIES")); in acl_nfs4_sync_acl_from_mode_draft()
661 * 3. The final six ACEs are adjusted according to the incoming mode. in acl_nfs4_sync_acl_from_mode_draft()
664 a2->ae_perm |= ACL_READ_DATA; in acl_nfs4_sync_acl_from_mode_draft()
666 a1->ae_perm |= ACL_READ_DATA; in acl_nfs4_sync_acl_from_mode_draft()
668 a2->ae_perm |= (ACL_WRITE_DATA | ACL_APPEND_DATA); in acl_nfs4_sync_acl_from_mode_draft()
670 a1->ae_perm |= (ACL_WRITE_DATA | ACL_APPEND_DATA); in acl_nfs4_sync_acl_from_mode_draft()
672 a2->ae_perm |= ACL_EXECUTE; in acl_nfs4_sync_acl_from_mode_draft()
674 a1->ae_perm |= ACL_EXECUTE; in acl_nfs4_sync_acl_from_mode_draft()
677 a4->ae_perm |= ACL_READ_DATA; in acl_nfs4_sync_acl_from_mode_draft()
679 a3->ae_perm |= ACL_READ_DATA; in acl_nfs4_sync_acl_from_mode_draft()
681 a4->ae_perm |= (ACL_WRITE_DATA | ACL_APPEND_DATA); in acl_nfs4_sync_acl_from_mode_draft()
683 a3->ae_perm |= (ACL_WRITE_DATA | ACL_APPEND_DATA); in acl_nfs4_sync_acl_from_mode_draft()
685 a4->ae_perm |= ACL_EXECUTE; in acl_nfs4_sync_acl_from_mode_draft()
687 a3->ae_perm |= ACL_EXECUTE; in acl_nfs4_sync_acl_from_mode_draft()
690 a6->ae_perm |= ACL_READ_DATA; in acl_nfs4_sync_acl_from_mode_draft()
692 a5->ae_perm |= ACL_READ_DATA; in acl_nfs4_sync_acl_from_mode_draft()
694 a6->ae_perm |= (ACL_WRITE_DATA | ACL_APPEND_DATA); in acl_nfs4_sync_acl_from_mode_draft()
696 a5->ae_perm |= (ACL_WRITE_DATA | ACL_APPEND_DATA); in acl_nfs4_sync_acl_from_mode_draft()
698 a6->ae_perm |= ACL_EXECUTE; in acl_nfs4_sync_acl_from_mode_draft()
700 a5->ae_perm |= ACL_EXECUTE; in acl_nfs4_sync_acl_from_mode_draft()
723 KASSERT(aclp->acl_cnt <= ACL_MAX_ENTRIES, in acl_nfs4_sync_mode_from_acl()
724 ("aclp->acl_cnt <= ACL_MAX_ENTRIES")); in acl_nfs4_sync_mode_from_acl()
727 * NFSv4 Minor Version 1, draft-ietf-nfsv4-minorversion1-03.txt in acl_nfs4_sync_mode_from_acl()
732 for (i = 0; i < aclp->acl_cnt; i++) { in acl_nfs4_sync_mode_from_acl()
733 entry = &(aclp->acl_entry[i]); in acl_nfs4_sync_mode_from_acl()
735 if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && in acl_nfs4_sync_mode_from_acl()
736 entry->ae_entry_type != ACL_ENTRY_TYPE_DENY) in acl_nfs4_sync_mode_from_acl()
739 if (entry->ae_flags & ACL_ENTRY_INHERIT_ONLY) in acl_nfs4_sync_mode_from_acl()
742 if (entry->ae_tag == ACL_USER_OBJ) { in acl_nfs4_sync_mode_from_acl()
743 if ((entry->ae_perm & ACL_READ_DATA) && in acl_nfs4_sync_mode_from_acl()
746 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
749 if ((entry->ae_perm & ACL_WRITE_DATA) && in acl_nfs4_sync_mode_from_acl()
752 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
755 if ((entry->ae_perm & ACL_EXECUTE) && in acl_nfs4_sync_mode_from_acl()
758 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
761 } else if (entry->ae_tag == ACL_GROUP_OBJ) { in acl_nfs4_sync_mode_from_acl()
762 if ((entry->ae_perm & ACL_READ_DATA) && in acl_nfs4_sync_mode_from_acl()
765 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
768 if ((entry->ae_perm & ACL_WRITE_DATA) && in acl_nfs4_sync_mode_from_acl()
771 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
774 if ((entry->ae_perm & ACL_EXECUTE) && in acl_nfs4_sync_mode_from_acl()
777 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
780 } else if (entry->ae_tag == ACL_EVERYONE) { in acl_nfs4_sync_mode_from_acl()
781 if (entry->ae_perm & ACL_READ_DATA) { in acl_nfs4_sync_mode_from_acl()
784 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
789 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
794 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
798 if (entry->ae_perm & ACL_WRITE_DATA) { in acl_nfs4_sync_mode_from_acl()
801 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
806 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
811 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
815 if (entry->ae_perm & ACL_EXECUTE) { in acl_nfs4_sync_mode_from_acl()
818 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
823 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
828 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_sync_mode_from_acl()
841 * draft-ietf-nfsv4-minorversion1-03.txt.
852 KASSERT(child_aclp->acl_cnt == 0, ("child_aclp->acl_cnt == 0")); in acl_nfs4_compute_inherited_acl_draft()
853 KASSERT(parent_aclp->acl_cnt <= ACL_MAX_ENTRIES, in acl_nfs4_compute_inherited_acl_draft()
854 ("parent_aclp->acl_cnt <= ACL_MAX_ENTRIES")); in acl_nfs4_compute_inherited_acl_draft()
857 * NFSv4 Minor Version 1, draft-ietf-nfsv4-minorversion1-03.txt in acl_nfs4_compute_inherited_acl_draft()
864 * 1. Form an ACL that is the concatenation of all inheritable ACEs. in acl_nfs4_compute_inherited_acl_draft()
866 for (i = 0; i < parent_aclp->acl_cnt; i++) { in acl_nfs4_compute_inherited_acl_draft()
867 parent_entry = &(parent_aclp->acl_entry[i]); in acl_nfs4_compute_inherited_acl_draft()
868 flags = parent_entry->ae_flags; in acl_nfs4_compute_inherited_acl_draft()
886 * flag set, and we're creating a directory, so it wouldn't in acl_nfs4_compute_inherited_acl_draft()
894 KASSERT(child_aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES, in acl_nfs4_compute_inherited_acl_draft()
895 ("child_aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES")); in acl_nfs4_compute_inherited_acl_draft()
896 child_aclp->acl_entry[child_aclp->acl_cnt] = *parent_entry; in acl_nfs4_compute_inherited_acl_draft()
897 child_aclp->acl_cnt++; in acl_nfs4_compute_inherited_acl_draft()
904 for (i = 0; i < child_aclp->acl_cnt; i++) { in acl_nfs4_compute_inherited_acl_draft()
905 entry = &(child_aclp->acl_entry[i]); in acl_nfs4_compute_inherited_acl_draft()
911 if (((entry->ae_flags & ACL_ENTRY_NO_PROPAGATE_INHERIT) || in acl_nfs4_compute_inherited_acl_draft()
913 entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_compute_inherited_acl_draft()
914 entry->ae_perm &= ~(ACL_WRITE_ACL | ACL_WRITE_OWNER); in acl_nfs4_compute_inherited_acl_draft()
917 * 2.A. If the ACL_ENTRY_NO_PROPAGATE_INHERIT is set, or if the object in acl_nfs4_compute_inherited_acl_draft()
923 if (entry->ae_flags & ACL_ENTRY_NO_PROPAGATE_INHERIT || in acl_nfs4_compute_inherited_acl_draft()
925 entry->ae_flags &= ~(ACL_ENTRY_NO_PROPAGATE_INHERIT | in acl_nfs4_compute_inherited_acl_draft()
937 * is set, but ACL_ENTRY_NO_PROPAGATE_INHERIT is not set, ensure in acl_nfs4_compute_inherited_acl_draft()
938 * that ACL_ENTRY_INHERIT_ONLY is set. Continue to the in acl_nfs4_compute_inherited_acl_draft()
946 (entry->ae_flags & ACL_ENTRY_FILE_INHERIT) && in acl_nfs4_compute_inherited_acl_draft()
947 ((entry->ae_flags & ACL_ENTRY_DIRECTORY_INHERIT) == 0)) { in acl_nfs4_compute_inherited_acl_draft()
948 entry->ae_flags |= ACL_ENTRY_INHERIT_ONLY; in acl_nfs4_compute_inherited_acl_draft()
956 if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && in acl_nfs4_compute_inherited_acl_draft()
957 entry->ae_entry_type != ACL_ENTRY_TYPE_DENY) in acl_nfs4_compute_inherited_acl_draft()
967 * is set. in acl_nfs4_compute_inherited_acl_draft()
969 entry->ae_flags |= ACL_ENTRY_INHERIT_ONLY; in acl_nfs4_compute_inherited_acl_draft()
976 copy->ae_flags &= ~(ACL_ENTRY_NO_PROPAGATE_INHERIT | in acl_nfs4_compute_inherited_acl_draft()
985 if (copy->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) in acl_nfs4_compute_inherited_acl_draft()
986 copy->ae_perm &= ~(ACL_WRITE_ACL | ACL_WRITE_OWNER); in acl_nfs4_compute_inherited_acl_draft()
1015 KASSERT(parent_aclp->acl_cnt <= ACL_MAX_ENTRIES, in acl_nfs4_inherit_entries()
1016 ("parent_aclp->acl_cnt <= ACL_MAX_ENTRIES")); in acl_nfs4_inherit_entries()
1018 for (i = 0; i < parent_aclp->acl_cnt; i++) { in acl_nfs4_inherit_entries()
1019 parent_entry = &(parent_aclp->acl_entry[i]); in acl_nfs4_inherit_entries()
1020 flags = parent_entry->ae_flags; in acl_nfs4_inherit_entries()
1021 tag = parent_entry->ae_tag; in acl_nfs4_inherit_entries()
1046 * flag set, and we're creating a directory, so it wouldn't in acl_nfs4_inherit_entries()
1057 KASSERT(child_aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES, in acl_nfs4_inherit_entries()
1058 ("child_aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES")); in acl_nfs4_inherit_entries()
1059 entry = &(child_aclp->acl_entry[child_aclp->acl_cnt]); in acl_nfs4_inherit_entries()
1061 child_aclp->acl_cnt++; in acl_nfs4_inherit_entries()
1063 entry->ae_flags &= ~ACL_ENTRY_INHERIT_ONLY; in acl_nfs4_inherit_entries()
1064 entry->ae_flags |= ACL_ENTRY_INHERITED; in acl_nfs4_inherit_entries()
1070 if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && in acl_nfs4_inherit_entries()
1071 entry->ae_entry_type != ACL_ENTRY_TYPE_DENY) in acl_nfs4_inherit_entries()
1075 * If the ACL_ENTRY_NO_PROPAGATE_INHERIT is set, or if in acl_nfs4_inherit_entries()
1081 if (entry->ae_flags & ACL_ENTRY_NO_PROPAGATE_INHERIT || in acl_nfs4_inherit_entries()
1083 entry->ae_flags &= ~(ACL_ENTRY_NO_PROPAGATE_INHERIT | in acl_nfs4_inherit_entries()
1090 * is set, but ACL_ENTRY_DIRECTORY_INHERIT is not set, ensure in acl_nfs4_inherit_entries()
1091 * that ACL_ENTRY_INHERIT_ONLY is set. in acl_nfs4_inherit_entries()
1094 (entry->ae_flags & ACL_ENTRY_FILE_INHERIT) && in acl_nfs4_inherit_entries()
1095 ((entry->ae_flags & ACL_ENTRY_DIRECTORY_INHERIT) == 0)) { in acl_nfs4_inherit_entries()
1096 entry->ae_flags |= ACL_ENTRY_INHERIT_ONLY; in acl_nfs4_inherit_entries()
1099 if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW && in acl_nfs4_inherit_entries()
1100 (entry->ae_flags & ACL_ENTRY_INHERIT_ONLY) == 0) { in acl_nfs4_inherit_entries()
1104 entry->ae_perm &= ~(ACL_WRITE_ACL | ACL_WRITE_OWNER | in acl_nfs4_inherit_entries()
1111 entry->ae_perm &= ~ACL_READ_DATA; in acl_nfs4_inherit_entries()
1113 entry->ae_perm &= in acl_nfs4_inherit_entries()
1116 entry->ae_perm &= ~ACL_EXECUTE; in acl_nfs4_inherit_entries()
1133 KASSERT(aclp->acl_cnt == 0, ("aclp->acl_cnt == 0")); in acl_nfs4_compute_inherited_acl_psarc()
1204 * described in draft-ietf-nfsv4-minorversion1-03.txt, 3.16.6.2.
1210 aclp->acl_cnt = 0; in acl_nfs4_trivial_from_mode()
1211 acl_nfs4_compute_inherited_acl_psarc(NULL, aclp, mode, -1, -1); in acl_nfs4_trivial_from_mode()
1223 aclp->acl_cnt = 0; in acl_nfs4_trivial_from_mode_libc()
1225 acl_nfs4_sync_acl_from_mode_draft(aclp, mode, -1); in acl_nfs4_trivial_from_mode_libc()
1238 if (a->acl_cnt != b->acl_cnt) in _acls_are_equal()
1241 for (i = 0; i < b->acl_cnt; i++) { in _acls_are_equal()
1242 entrya = &(a->acl_entry[i]); in _acls_are_equal()
1243 entryb = &(b->acl_entry[i]); in _acls_are_equal()
1245 if (entrya->ae_tag != entryb->ae_tag || in _acls_are_equal()
1246 entrya->ae_id != entryb->ae_id || in _acls_are_equal()
1247 entrya->ae_perm != entryb->ae_perm || in _acls_are_equal()
1248 entrya->ae_entry_type != entryb->ae_entry_type || in _acls_are_equal()
1249 entrya->ae_flags != entryb->ae_flags) in _acls_are_equal()
1267 if (aclp->acl_cnt > 6) in acl_nfs4_is_trivial()
1276 * for files that don't have non-trivial ACLs - it's critical in acl_nfs4_is_trivial()
1291 * Check if it's a draft-ietf-nfsv4-minorversion1-03.txt trivial ACL. in acl_nfs4_is_trivial()
1293 tmpaclp->acl_cnt = 0; in acl_nfs4_is_trivial()
1316 if (aclp->acl_cnt > ACL_MAX_ENTRIES || aclp->acl_cnt <= 0) in acl_nfs4_check()
1319 for (i = 0; i < aclp->acl_cnt; i++) { in acl_nfs4_check()
1320 entry = &(aclp->acl_entry[i]); in acl_nfs4_check()
1322 switch (entry->ae_tag) { in acl_nfs4_check()
1326 if (entry->ae_id != ACL_UNDEFINED_ID) in acl_nfs4_check()
1332 if (entry->ae_id == ACL_UNDEFINED_ID) in acl_nfs4_check()
1340 if ((entry->ae_perm | ACL_NFS4_PERM_BITS) != ACL_NFS4_PERM_BITS) in acl_nfs4_check()
1346 if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && in acl_nfs4_check()
1347 entry->ae_entry_type != ACL_ENTRY_TYPE_DENY) in acl_nfs4_check()
1350 if ((entry->ae_flags | ACL_FLAGS_BITS) != ACL_FLAGS_BITS) in acl_nfs4_check()
1354 if (entry->ae_flags & (ACL_ENTRY_SUCCESSFUL_ACCESS | in acl_nfs4_check()
1360 if (entry->ae_flags & (ACL_ENTRY_FILE_INHERIT | in acl_nfs4_check()