PERFORCE change 144380 for review

Mon Jun 30 19:54:35 UTC 2008

http://perforce.freebsd.org/chv.cgi?CH=144380

Change 144380 by trasz at trasz_traszkan on 2008/06/30 19:53:55

	Backout some old stuff that is not relevant to the current work.

Affected files ...

.. //depot/projects/soc2008/trasz_nfs4acl/lib/libc/include/namespace.h#4 edit
.. //depot/projects/soc2008/trasz_nfs4acl/lib/libc/sys/Symbol.map#4 edit
.. //depot/projects/soc2008/trasz_nfs4acl/lib/libc_r/uthread/Makefile.inc#3 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/compat/freebsd32/syscalls.master#3 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/syscalls.master#3 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vfs_acl.c#3 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vnode_if.src#3 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/sys/acl.h#4 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_acl.c#4 edit

Differences ...

==== //depot/projects/soc2008/trasz_nfs4acl/lib/libc/include/namespace.h#4 (text+ko) ====

@@ -53,8 +53,6 @@
 #define		__acl_delete_fd			___acl_delete_fd
 #define		__acl_get_fd			___acl_get_fd
 #define		__acl_set_fd			___acl_set_fd
-#define		acl				_acl
-#define		facl				_facl
 #define		bind				_bind
 #define		__cap_get_fd			___cap_get_fd
 #define		__cap_set_fd			___cap_set_fd

==== //depot/projects/soc2008/trasz_nfs4acl/lib/libc/sys/Symbol.map#4 (text) ====

@@ -20,8 +20,6 @@
 	__acl_set_fd;
 	__acl_set_file;
 	__acl_set_link;
-	acl;
-	facl;
 	__getcwd;
 	__mac_execve;
 	__mac_get_fd;

==== //depot/projects/soc2008/trasz_nfs4acl/lib/libc_r/uthread/Makefile.inc#3 (text+ko) ====

@@ -9,7 +9,6 @@
 	uthread_acl_get_fd.c \
 	uthread_acl_set_fd.c \
 	uthread_acl_aclcheck_fd.c \
-	uthread_facl.c \
 	uthread_aio_suspend.c \
 	uthread_atfork.c \
 	uthread_attr_destroy.c \

==== //depot/projects/soc2008/trasz_nfs4acl/sys/compat/freebsd32/syscalls.master#3 (text+ko) ====

@@ -795,8 +795,6 @@
 480	AUE_FTRUNCATE	STD	{ int freebsd32_ftruncate(int fd, \
 				    u_int32_t lengthlo, u_int32_t lengthhi); }
 481	AUE_KILL	NOPROTO	{ int thr_kill2(pid_t pid, long id, int sig); }
-482	AUE_NULL	STD	{ int acl(char *path, int cmd, int nentries, void *aclp); }
-483	AUE_NULL	STD	{ int facl(int filedes, int cmd, int nentries, void *aclp); }
 482	AUE_SHMOPEN	NOPROTO	{ int shm_open(const char *path, int flags, \
 				    mode_t mode); }
 483	AUE_SHMUNLINK	NOPROTO	{ int shm_unlink(const char *path); }

==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/syscalls.master#3 (text+ko) ====

@@ -843,8 +843,6 @@
 479	AUE_TRUNCATE	STD	{ int truncate(char *path, off_t length); }
 480	AUE_FTRUNCATE	STD	{ int ftruncate(int fd, off_t length); }
 481	AUE_KILL	STD	{ int thr_kill2(pid_t pid, long id, int sig); }
-482	AUE_NULL	STD	{ int acl(char *path, int cmd, int nentries, void *aclp); }
-483	AUE_NULL	STD	{ int facl(int filedes, int cmd, int nentries, void *aclp); }
 482	AUE_SHMOPEN	STD	{ int shm_open(const char *path, int flags, \
 				    mode_t mode); }
 483	AUE_SHMUNLINK	STD	{ int shm_unlink(const char *path); }

==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vfs_acl.c#3 (text+ko) ====

@@ -66,8 +66,6 @@
 static int	vacl_aclcheck(struct thread *td, struct vnode *vp,
 		    acl_type_t type, struct acl *aclp);
 
-MALLOC_DEFINE(M_ACE, "acebuffers", "NFSv4 ACL buffers");
-
 /*
  * These calls wrap the real vnode operations, and are called by the syscall
  * code once the syscall has converted the path or file descriptor to a vnode
@@ -422,157 +420,6 @@
 	return (error);
 }
 
-static int
-kacl_get(struct thread *td, struct vnode *vp, int nentries, void *aclp)
-{
-	void *inkernelacl;
-	int error, count;
-
-	if (nentries <= 0 || nentries > MAX_ACL_ENTRIES)
-		return (EINVAL);
-
-	inkernelacl = malloc(nentries * sizeof(ace_t), M_ACE, M_ZERO | M_WAITOK);
-	KASSERT(inkernelacl != NULL, "null inkernelacl");
-
-	VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
-	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
-#if 0
-	error = mac_check_vnode_getacl(td->td_ucred, vp, ACL_TYPE_NFS4);
-	if (error != 0)
-		goto out;
-#endif
-	error = VOP_GETACE(vp, nentries, &count, inkernelacl, td->td_ucred, td);
-#ifdef MAC
-out:
-#endif
-	VOP_UNLOCK(vp, 0, td);
-
-	if (error == 0) {
-		td->td_retval[0] = count;
-		error = copyout(inkernelacl, aclp, nentries * sizeof(ace_t));
-	}
-
-	free(inkernelacl, M_ACE);
-
-	return (error);
-}
-
-static int
-kacl_getaclcnt(struct thread *td, struct vnode *vp, int nentries, void *notused)
-{
-	int error, count;
-
-	VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
-	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
-#if 0
-	error = mac_check_vnode_getacl(td->td_ucred, vp, ACL_TYPE_NFS4);
-	if (error != 0)
-		goto out;
-#endif
-	error = VOP_GETACECNT(vp, &count, td->td_ucred, td);
-#ifdef MAC
-out:
-#endif
-	VOP_UNLOCK(vp, 0, td);
-
-	if (error == 0)
-		td->td_retval[0] = count;
-
-	return (error);
-}
-
-static int
-kacl_set(struct thread *td, struct vnode *vp, int nentries, void *aclp)
-{
-	struct mount *mp;
-	void *inkernelacl;
-	int error;
-
-	if (nentries <= 0 || nentries > MAX_ACL_ENTRIES)
-		return (EINVAL);
-
-	inkernelacl = malloc(nentries * sizeof(ace_t), M_ACE, M_ZERO | M_WAITOK);
-	KASSERT(inkernelacl != NULL, "null inkernelacl");
-
-	error = copyin(aclp, inkernelacl, nentries * sizeof(ace_t));
-	if (error)
-		goto out_free;
-
-	error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
-	if (error != 0)
-		goto out_free;
-
-	VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
-	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
-#if 0
-	error = mac_check_vnode_setacl(td->td_ucred, vp, type, &inkernelacl);
-	if (error != 0)
-		goto out;
-#endif
-	error = VOP_SETACE(vp, nentries, inkernelacl, td->td_ucred, td);
-#ifdef MAC
-out:
-#endif
-	VOP_UNLOCK(vp, 0, td);
-	vn_finished_write(mp);
-
-out_free:
-	free(inkernelacl, M_ACE);
-
-	return (error);
-}
-
-static int
-kacl(struct thread *td, struct vnode *vp, int cmd, int nentries, void *aclp)
-{
-	switch (cmd) {
-		case ACE_GETACL:
-			return (kacl_get(td, vp, nentries, aclp));
-
-		case ACE_GETACLCNT:
-			return (kacl_getaclcnt(td, vp, nentries, aclp));
-
-		case ACE_SETACL:
-			return (kacl_set(td, vp, nentries, aclp));
-
-		default:
-			return (EINVAL);
-	}
-}
-
-int
-acl(struct thread *td, struct acl_args *uap)
-{
-	struct nameidata nd;
-	int vfslocked, error;
-
-	NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
-	error = namei(&nd);
-	vfslocked = NDHASGIANT(&nd);
-	if (error == 0) {
-		error = kacl(td, nd.ni_vp, uap->cmd, uap->nentries, uap->aclp);
-		NDFREE(&nd, 0);
-	}
-	VFS_UNLOCK_GIANT(vfslocked);
-	return (error);
-}
-
-int
-facl(struct thread *td, struct facl_args *uap)
-{
-	struct file *fp;
-	int vfslocked, error;
-
-	error = getvnode(td->td_proc->p_fd, uap->filedes, &fp);
-	if (error == 0) {
-		vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
-		error = kacl(td, fp->f_vnode, uap->cmd, uap->nentries, uap->aclp);
-		fdrop(fp, td);
-		VFS_UNLOCK_GIANT(vfslocked);
-	}
-	return (error);
-}
-
 /* ARGUSED */
 
 static void

==== //depot/projects/soc2008/trasz_nfs4acl/sys/kern/vnode_if.src#3 (text+ko) ====

@@ -513,35 +513,6 @@
 	IN struct thread *td;
 };
 
-%% getace	vp	L L L
-
-vop_getace {
-	IN struct vnode *vp;
-	IN int nentries;
-	OUT int *count;
-	OUT void *aclp;
-	IN struct ucred *cred;
-	IN struct thread *td;
-};
-
-%% getacecnt	vp	L L L
-
-vop_getacecnt {
-	IN struct vnode *vp;
-	OUT int *count;
-	IN struct ucred *cred;
-	IN struct thread *td;
-};
-
-%% setace	vp	E E E
-
-vop_setace {
-	IN struct vnode *vp;
-	IN int nentries;
-	IN void *aclp;
-	IN struct ucred *cred;
-	IN struct thread *td;
-};
 
 %% closeextattr	vp	L L L
 

==== //depot/projects/soc2008/trasz_nfs4acl/sys/sys/acl.h#4 (text+ko) ====

@@ -113,65 +113,8 @@
  */
 #define	ACL_UNDEFINED_ID	((uid_t)-1)
 
-/*
- * NFSv4 ACL types and related constants.
- */
-#ifndef _SOLARIS_C_SOURCE /* XXX: Otherwise zfs won't compile. */
 
-#define	NFS4_ACL_EXTATTR_NAMESPACE		EXTATTR_NAMESPACE_SYSTEM
-#define	NFS4_ACL_EXTATTR_NAME			"nfs4.acl"
-#define	NFS4_ACLCNT_EXTATTR_NAME		"nfs4.aclcount"
-
-#define MAX_ACL_ENTRIES				1024
-
-typedef uint32_t	ace_type_t;
-typedef uint32_t	ace_flags_t;
-typedef uint32_t	ace_mask_t;
-
-struct ace_t_struct {
-	ace_type_t	a_type;
-	ace_flags_t	a_flags;
-	ace_mask_t	a_access_mask;
-	uid_t		a_who;
-};
-typedef struct ace_t_struct ace_t;
-
-/*
- * Possible values for a_type field.
- */
-#define ACE_ACCESS_ALLOWED_ACE_TYPE	0x00000000
-#define ACE_ACCESS_DENIED_ACE_TYPE	0x00000001
-#define ACE_SYSTEM_AUDIT_ACE_TYPE	0x00000002
-#define ACE_SYSTEM_ALARM_ACE_TYPE	0x00000003
-
-/*
- * Possible values for a_flags field.
- */
-#define ACE_FILE_INHERIT_ACE		0x00000001
-#define ACE_DIRECTORY_INHERIT_ACE	0x00000002
-#define ACE_NO_PROPAGATE_INHERIT_ACE	0x00000004
-#define ACE_INHERIT_ONLY_ACE		0x00000008
-#define ACE_SUCCESSFUL_ACCESS_ACE_FLAG	0x00000010
-#define ACE_FAILED_ACCESS_ACE_FLAG	0x00000020
-#define ACE_IDENTIFIER_GROUP		0x00000040
-
-/*
- * The following three values go into a_flags field and mean,
- * respectively, OWNER@, GROUP@ and EVERYONE at .
- */
-#define ACE_OWNER			0x10000000
-#define ACE_GROUP			0x20000000
-#define ACE_EVERYONE			0x40000000
-
-/*
- * Possible values for a_access_mask field.
- */
-#define ACE_READ_DATA			0x00000001
-#define ACE_LIST_DIRECTORY		0x00000001
-#define ACE_WRITE_DATA			0x00000002
-#define ACE_ADD_FILE			0x00000002
-#define ACE_APPEND_DATA			0x00000004
-#define ACE_ADD_SUBDIRECTORY		0x00000004
+#define ACE_ACE_ADD_SUBDIRECTORY	0x00000004
 #define ACE_READ_NAMED_ATTRS		0x00000008
 #define ACE_WRITE_NAMED_ATTRS		0x00000010
 #define ACE_EXECUTE			0x00000020
@@ -195,8 +138,6 @@
 
 #ifdef _KERNEL
 
-MALLOC_DECLARE(M_ACE);
-
 extern uma_zone_t	acl_zone;
 
 /*
@@ -232,7 +173,7 @@
 
 /*
  * Syscall interface -- use the library calls instead as the syscalls have
- * strict acl entry ordering requirements.  This does not support NFSv4 ACLs.
+ * strict acl entry ordering requirements.
  */
 __BEGIN_DECLS
 int	__acl_aclcheck_fd(int _filedes, acl_type_t _type, struct acl *_aclp);
@@ -252,14 +193,6 @@
 __END_DECLS
 
 /*
- * SunOS-compatible syscall interface.  It supports only NFSv4 ACLs (ace_t).
- */
-__BEGIN_DECLS
-int	acl(char *_path, int _cmd, int _nentries, void *_aclp);
-int	facl(int _filedes, int _cmd, int _nentries, void *_aclp);
-__END_DECLS
-
-/*
  * Supported POSIX.1e ACL manipulation and assignment/retrieval API _np calls
  * are local extensions that reflect an environment capable of opening file
  * descriptors of directories, and allowing additional ACL type for different

==== //depot/projects/soc2008/trasz_nfs4acl/sys/ufs/ufs/ufs_acl.c#4 (text+ko) ====

@@ -438,263 +438,4 @@
 	return (acl_posix1e_check(ap->a_aclp));
 }
 
-int
-ufs_load_acecnt(struct vnode *vp, int *nentries, struct thread *td)
-{
-	int error, length;
-
-	length = sizeof (*nentries);
-
-	error = vn_extattr_get(vp, IO_NODELOCKED,
-	    NFS4_ACL_EXTATTR_NAMESPACE,
-	    NFS4_ACLCNT_EXTATTR_NAME, &length,
-	    (char *)nentries, td);
-
-	if (error == 0 && length != sizeof (*nentries)) {
-		printf("ufs_load_acecnt: short read (%d bytes)\n", length);
-		return (EIO);
-	}
-
-	if (error != 0 && error != ENOATTR)
-		printf("ufs_load_acecnt: error %d\n", error);
-
-	return error;
-}
-
-static void
-ace_pair(ace_t *denied, ace_t *allowed, uint32_t flags, uint32_t allowed_mask, uint32_t denied_mask)
-{
-	/* XXX: SunOS seems to put 0xffffffff here. */
-	allowed->a_who = denied->a_who = 0;
-	allowed->a_flags = denied->a_flags = flags;
-	allowed->a_type = ACE_ACCESS_ALLOWED_ACE_TYPE;
-	allowed->a_access_mask = allowed_mask;
-	denied->a_type = ACE_ACCESS_DENIED_ACE_TYPE;
-	denied->a_access_mask = denied_mask;
-}
-
-int
-ufs_nfs4acl_from_inode(struct vop_getace_args *ap)
-{
-	struct inode *ip = VTOI(ap->a_vp);
-	uint32_t allowed, denied;
-	ace_t *aces = ap->a_aclp;
-
-	if (ap->a_nentries < 6)
-		return (ENOSPC);
-
-	/* XXX: Where is this thing described in the spec? */
-	allowed = 0;
-	if (ip->i_mode & S_IRUSR)
-		allowed |= ACE_READ_DATA;
-	if (ip->i_mode & S_IWUSR)
-		allowed |= ACE_WRITE_DATA | ACE_APPEND_DATA;
-	if (ip->i_mode & S_IXUSR)
-		allowed |= ACE_EXECUTE;
-	denied = ~allowed & (ACE_READ_DATA | ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE);
-	allowed |= ACE_WRITE_NAMED_ATTRS | ACE_WRITE_ATTRIBUTES | ACE_WRITE_ACL | ACE_WRITE_OWNER;
-
-	ace_pair(&aces[0], &aces[1], ACE_OWNER, allowed, denied);
-
-	allowed = 0;
-	if (ip->i_mode & S_IRGRP)
-		allowed |= ACE_READ_DATA;
-	if (ip->i_mode & S_IWGRP)
-		allowed |= ACE_WRITE_DATA | ACE_APPEND_DATA;
-	if (ip->i_mode & S_IXGRP)
-		allowed |= ACE_EXECUTE;
-	denied = ~allowed & (ACE_READ_DATA | ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE);
-
-	ace_pair(&aces[2], &aces[3], ACE_GROUP, allowed, denied);
-
-	allowed = 0;
-	if (ip->i_mode & S_IROTH)
-		allowed |= ACE_READ_DATA;
-	if (ip->i_mode & S_IWOTH)
-		allowed |= ACE_WRITE_DATA | ACE_APPEND_DATA;
-	if (ip->i_mode & S_IXOTH)
-		allowed |= ACE_EXECUTE;
-	denied = ~allowed & (ACE_READ_DATA | ACE_WRITE_DATA | ACE_APPEND_DATA | ACE_EXECUTE);
-	denied |= ACE_WRITE_NAMED_ATTRS | ACE_WRITE_ATTRIBUTES | ACE_WRITE_ACL | ACE_WRITE_OWNER;
-	allowed |= ACE_READ_NAMED_ATTRS | ACE_READ_ATTRIBUTES | ACE_READ_ACL | ACE_SYNCHRONIZE;
-
-	ace_pair(&aces[4], &aces[5], ACE_EVERYONE, allowed, denied);
-
-	*(ap->a_count) = 6;
-
-	return (0);
-}
-
-void
-ufs_sync_inode_from_nfs4acl(ace_t *aclp, int nentries, struct inode *ip)
-{
-}
-
-int
-ufs_getace(struct vop_getace_args *ap)
-{
-	int error, length, expected_length;
-
-	/*
-	 * XXX: If ufs_getace() should work on file systems not supporting
-	 * ACLs, remove this check.
-	 */
-	if ((ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) == 0)
-		return (EOPNOTSUPP);
-
-	error = ufs_load_acecnt(ap->a_vp, ap->a_count, ap->a_td);
-	switch (error) {
-	case ENOATTR:
-		return (ufs_nfs4acl_from_inode(ap));
-
-	case 0:
-		break;
-
-	default:
-		return (EPERM);
-	}
-
-	if (*(ap->a_count) > ap->a_nentries)
-		return (ENOSPC);
-
-	expected_length = *(ap->a_count) * sizeof(ace_t);
-	length = expected_length;
-
-	error = vn_extattr_get(ap->a_vp, IO_NODELOCKED,
-	    NFS4_ACL_EXTATTR_NAMESPACE,
-	    NFS4_ACL_EXTATTR_NAME, &length, (char *)ap->a_aclp,
-	    ap->a_td);
-
-	switch (error) {
-	/* XXX: If ufs_getace() should work on filesystems without
-	 * the EA configured, add case EOPNOTSUPP here. */
-	case ENOATTR:
-		/*
-		 * Legitimately no ACL set on object, purely
-		 * emulate it through the inode.  These fields will
-		 * be updated when the ACL is synchronized with
-		 * the inode later.
-		 */
-		return (ufs_nfs4acl_from_inode(ap));
-
-	case 0:
-		if (length != expected_length) {
-			/*
-			 * A short (or long) read, meaning that for
-			 * some reason the ACL is corrupted.  Return
-			 * EPERM since the object DAC protections
-			 * are unsafe.
-			 */
-			printf("ufs_getace(): short read, wanted %d bytes, "
-			    "got only %d.", expected_length, length);
-
-			return (EPERM);
-		}
-
-		break;
-
-	default:
-		error = EINVAL;
-	}
-
-	return (error);
-}
-
-int
-ufs_getacecnt(struct vop_getacecnt_args *ap)
-{
-	int error;
-
-	/*
-	 * XXX: If ufs_getacecnt() should work on file systems not supporting
-	 * ACLs, remove this check.
-	 */
-	if ((ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) == 0)
-		return (EOPNOTSUPP);
-
-	error = ufs_load_acecnt(ap->a_vp, ap->a_count, ap->a_td);
-
-	if (error == ENOATTR) {
-		*(ap->a_count) = 6;
-		error = 0;
-	}
-
-	/* If the loaded ACE count is too big, return error. */
-	if (*(ap->a_count) > MAX_ACL_ENTRIES)
-		return (EIO);
-
-	return (error);
-}
-
-int
-ufs_setace(struct vop_setace_args *ap)
-{
-	struct inode *ip = VTOI(ap->a_vp);
-	int error, nentries;
-
-	if ((ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) == 0)
-		return (EOPNOTSUPP);
-
-	/*
-	 * XXX: Check if ACL is valid.
-	 */
-
-	/*
-	 * XXX: Remove ACL if it's trivial.
-	 */
-
-	if (ap->a_vp->v_mount->mnt_flag & MNT_RDONLY)
-		return (EROFS);
-
-	/*
-	 * Authorize the ACL operation.
-	 */
-	if (ip->i_flags & (IMMUTABLE | APPEND))
-		return (EPERM);
-
-	/*
-	 * Must hold VADMIN (be file owner) or have appropriate privilege.
-	 */
-	if ((error = VOP_ACCESS(ap->a_vp, VADMIN, ap->a_cred, ap->a_td)))
-		return (error);
-
-	nentries = ap->a_nentries;
-
-	error = vn_extattr_set(ap->a_vp, IO_NODELOCKED,
-	    NFS4_ACL_EXTATTR_NAMESPACE,
-	    NFS4_ACLCNT_EXTATTR_NAME, sizeof(int),
-	    (char *)&nentries, ap->a_td);
-
-	if (error == ENOATTR)
-		return (EOPNOTSUPP);
-
-	if (error != 0)
-		return (error);
-
-	error = vn_extattr_set(ap->a_vp, IO_NODELOCKED,
-	    NFS4_ACL_EXTATTR_NAMESPACE,
-	    NFS4_ACL_EXTATTR_NAME, ap->a_nentries * sizeof(ace_t),
-	    (char *)ap->a_aclp, ap->a_td);
-
-	/*
-	 * Map lack of attribute definition in UFS_EXTATTR into lack of
-	 * support for ACLs on the filesystem.
-	 */
-	if (error == ENOATTR)
-		return (EOPNOTSUPP);
-
-	if (error != 0)
-		return (error);
-
-	/*
-	 * Now that the EA is successfully updated, update the
-	 * inode and mark it as changed.
-	 */
-	ufs_sync_inode_from_nfs4acl(ap->a_aclp, ap->a_nentries, ip);
-	ip->i_flag |= IN_CHANGE;
-
-	VN_KNOTE_UNLOCKED(ap->a_vp, NOTE_ATTRIB);
-	return (0);
-}
-
 #endif /* !UFS_ACL */
