git: f10dc28ec21d - main - nfscommon: Return NFSERR_ATTRNOTSUPP for AUDIT/ALARM ACEs

From: Rick Macklem <rmacklem_at_FreeBSD.org>
Date: Mon, 27 Dec 2021 16:06:58 UTC
The branch main has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=f10dc28ec21db60cf1faa3c4b445c4065e760dba

commit f10dc28ec21db60cf1faa3c4b445c4065e760dba
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2021-12-27 16:03:41 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2021-12-27 16:03:41 +0000

    nfscommon: Return NFSERR_ATTRNOTSUPP for AUDIT/ALARM ACEs
    
    FreeBSD only supports Allow/Deny ACEs in NFSv4 ACLs.
    As such, it does not make sense to parse Audit/Alarm
    ACEs.  Modify nfsrv_dissectace() so that it returns
    NFSERR_ATTRNOTSUPP if an Audit/Alarm ACE is found in
    the ACL being parsed.  The code has been #ifdef notnow'd,
    since Audit/Alarm ACEs might be supported someday.
    
    This should not have significant impact, since FreeBSD
    reports to clients that only Allow/Deny ACEs are
    supported and an attempt to set one would have failed
    anyhow.
    
    MFC after:      2 weeks
---
 sys/fs/nfs/nfs_commonacl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/fs/nfs/nfs_commonacl.c b/sys/fs/nfs/nfs_commonacl.c
index e3583b273db8..057efdfbc29c 100644
--- a/sys/fs/nfs/nfs_commonacl.c
+++ b/sys/fs/nfs/nfs_commonacl.c
@@ -158,10 +158,13 @@ nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep,
 			acep->ae_entry_type = ACL_ENTRY_TYPE_ALLOW;
 		else if (acetype == NFSV4ACE_DENIEDTYPE)
 			acep->ae_entry_type = ACL_ENTRY_TYPE_DENY;
+#ifdef notnow
+		/* FreeBSD does not support Audit/Alarm ACEs at this time. */
 		else if (acetype == NFSV4ACE_AUDITTYPE)
 			acep->ae_entry_type = ACL_ENTRY_TYPE_AUDIT;
 		else if (acetype == NFSV4ACE_ALARMTYPE)
 			acep->ae_entry_type = ACL_ENTRY_TYPE_ALARM;
+#endif
 		else
 			aceerr = NFSERR_ATTRNOTSUPP;
 	}