Make 'struct acl' larger, as required to support NFSv4 ACLs. Provide

compatibility interfaces in both kernel and libc.

Reviewed by:	rwatson

11 files changed, 111 insertions, 6 deletions

diff --git a/lib/libc/posix1e/Makefile.inc b/lib/libc/posix1e/Makefile.inc
index 99f58e3..8e60366 100644
--- a/lib/libc/posix1e/Makefile.inc
+++ b/lib/libc/posix1e/Makefile.inc
@@ -2,8 +2,11 @@
 
 .PATH: ${.CURDIR}/posix1e
 
+CFLAGS+=-D_ACL_PRIVATE
+
 SRCS+=	acl_calc_mask.c			\
 	acl_copy.c			\
+	acl_compat.c			\
 	acl_delete.c			\
 	acl_delete_entry.c		\
 	acl_entry.c			\
diff --git a/lib/libc/posix1e/Symbol.map b/lib/libc/posix1e/Symbol.map
index dd3c08f..16f452a 100644
--- a/lib/libc/posix1e/Symbol.map
+++ b/lib/libc/posix1e/Symbol.map
@@ -21,15 +21,12 @@ FBSD_1.0 {
 	acl_get_link_np;
 	acl_get_fd;
 	acl_get_fd_np;
-	acl_get_perm_np;
 	acl_get_permset;
 	acl_get_qualifier;
 	acl_get_tag_type;
 	acl_init;
 	acl_dup;
-	acl_add_perm;
 	acl_clear_perms;
-	acl_delete_perm;
 	acl_set_file;
 	acl_set_link_np;
 	acl_set_fd;
@@ -67,3 +64,9 @@ FBSD_1.0 {
 	mac_set_link;
 	mac_set_proc;
 };
+
+FBSD_1.1 {
+	acl_add_perm;
+	acl_delete_perm;
+	acl_get_perm_np;
+};
diff --git a/lib/libc/posix1e/acl_compat.c b/lib/libc/posix1e/acl_compat.c
new file mode 100644
index 0000000..6172f5e
--- /dev/null
+++ b/lib/libc/posix1e/acl_compat.c
@@ -0,0 +1,59 @@
+/*-
+ * Copyright (c) 2008 Edward Tomasz Napierała <trasz@FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * ALTHOUGH THIS SOFTWARE IS MADE OF WIN AND SCIENCE, IT IS PROVIDED BY THE
+ * AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+ * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/acl.h>
+
+/*
+ * Compatibility wrappers for applications compiled against libc from before
+ * NFSv4 ACLs were added.
+ */
+int
+__oldacl_get_perm_np(acl_permset_t permset_d, oldacl_perm_t perm)
+{
+
+	return (acl_get_perm_np(permset_d, perm));
+}
+
+int
+__oldacl_add_perm(acl_permset_t permset_d, oldacl_perm_t perm)
+{
+
+	return (acl_add_perm(permset_d, perm));
+}
+
+int
+__oldacl_delete_perm(acl_permset_t permset_d, oldacl_perm_t perm)
+{
+
+	return (acl_delete_perm(permset_d, perm));
+}
+
+__sym_compat(acl_get_perm_np, __oldacl_get_perm_np, FBSD_1.0);
+__sym_compat(acl_add_perm, __oldacl_add_perm, FBSD_1.0);
+__sym_compat(acl_delete_perm, __oldacl_delete_perm, FBSD_1.0);
diff --git a/lib/libc/posix1e/acl_delete.c b/lib/libc/posix1e/acl_delete.c
index a93cd7b..1bbadd5 100644
--- a/lib/libc/posix1e/acl_delete.c
+++ b/lib/libc/posix1e/acl_delete.c
@@ -38,6 +38,8 @@ __FBSDID("$FreeBSD$");
 #include "un-namespace.h"
 #include <sys/errno.h>
 
+#include "acl_support.h"
+
 int
 acl_delete_def_file(const char *path_p)
 {
@@ -56,6 +58,7 @@ int
 acl_delete_file_np(const char *path_p, acl_type_t type)
 {
 
+	type = _acl_type_unold(type);
 	return (__acl_delete_file(path_p, type));
 }
 
@@ -63,13 +66,14 @@ int
 acl_delete_link_np(const char *path_p, acl_type_t type)
 {
 
+	type = _acl_type_unold(type);
 	return (__acl_delete_link(path_p, type));
 }
 
-
 int
 acl_delete_fd_np(int filedes, acl_type_t type)
 {
 
+	type = _acl_type_unold(type);
 	return (___acl_delete_fd(filedes, type));
 }
diff --git a/lib/libc/posix1e/acl_entry.c b/lib/libc/posix1e/acl_entry.c
index f5bdbed..aaef611 100644
--- a/lib/libc/posix1e/acl_entry.c
+++ b/lib/libc/posix1e/acl_entry.c
@@ -61,6 +61,8 @@ acl_create_entry(acl_t *acl_p, acl_entry_t *entry_p)
 	(**entry_p).ae_tag  = ACL_UNDEFINED_TAG;
 	(**entry_p).ae_id   = ACL_UNDEFINED_ID;
 	(**entry_p).ae_perm = ACL_PERM_NONE;
+	(**entry_p).ae_entry_type = 0;
+	(**entry_p).ae_flags = 0;
 
 	(*acl_p)->ats_cur_entry = 0;
 
diff --git a/lib/libc/posix1e/acl_get.c b/lib/libc/posix1e/acl_get.c
index 1f97baa..6c98fe9 100644
--- a/lib/libc/posix1e/acl_get.c
+++ b/lib/libc/posix1e/acl_get.c
@@ -50,6 +50,8 @@ __FBSDID("$FreeBSD$");
 #include <stdlib.h>
 #include <string.h>
 
+#include "acl_support.h"
+
 acl_t
 acl_get_file(const char *path_p, acl_type_t type)
 {
@@ -60,6 +62,7 @@ acl_get_file(const char *path_p, acl_type_t type)
 	if (aclp == NULL)
 		return (NULL);
 
+	type = _acl_type_unold(type);
 	error = __acl_get_file(path_p, type, &aclp->ats_acl);
 	if (error) {
 		acl_free(aclp);
@@ -79,6 +82,7 @@ acl_get_link_np(const char *path_p, acl_type_t type)
 	if (aclp == NULL)
 		return (NULL);
 
+	type = _acl_type_unold(type);
 	error = __acl_get_link(path_p, type, &aclp->ats_acl);
 	if (error) {
 		acl_free(aclp);
@@ -117,6 +121,7 @@ acl_get_fd_np(int fd, acl_type_t type)
 	if (aclp == NULL)
 		return (NULL);
 
+	type = _acl_type_unold(type);
 	error = ___acl_get_fd(fd, type, &aclp->ats_acl);
 	if (error) {
 		acl_free(aclp);
diff --git a/lib/libc/posix1e/acl_init.c b/lib/libc/posix1e/acl_init.c
index 6ce40de..905df60 100644
--- a/lib/libc/posix1e/acl_init.c
+++ b/lib/libc/posix1e/acl_init.c
@@ -54,8 +54,10 @@ acl_init(int count)
 	}
 
 	acl = malloc(sizeof(struct acl_t_struct));
-	if (acl != NULL)
+	if (acl != NULL) {
 		bzero(acl, sizeof(struct acl_t_struct));
+		acl->ats_acl.acl_maxcnt = ACL_MAX_ENTRIES;
+	}
 
 	return (acl);
 }
diff --git a/lib/libc/posix1e/acl_set.c b/lib/libc/posix1e/acl_set.c
index 34d5a33..8abbe1b 100644
--- a/lib/libc/posix1e/acl_set.c
+++ b/lib/libc/posix1e/acl_set.c
@@ -58,6 +58,7 @@ acl_set_file(const char *path_p, acl_type_t type, acl_t acl)
 		errno = EINVAL;
 		return (-1);
 	}
+	type = _acl_type_unold(type);
 	if (_posix1e_acl(acl, type)) {
 		error = _posix1e_acl_sort(acl);
 		if (error) {
@@ -80,6 +81,7 @@ acl_set_link_np(const char *path_p, acl_type_t type, acl_t acl)
 		errno = EINVAL;
 		return (-1);
 	}
+	type = _acl_type_unold(type);
 	if (_posix1e_acl(acl, type)) {
 		error = _posix1e_acl_sort(acl);
 		if (error) {
@@ -114,6 +116,7 @@ acl_set_fd_np(int fd, acl_t acl, acl_type_t type)
 {
 	int	error;
 
+	type = _acl_type_unold(type);
 	if (_posix1e_acl(acl, type)) {
 		error = _posix1e_acl_sort(acl);
 		if (error) {
diff --git a/lib/libc/posix1e/acl_support.c b/lib/libc/posix1e/acl_support.c
index 7c1e878..8943f15 100644
--- a/lib/libc/posix1e/acl_support.c
+++ b/lib/libc/posix1e/acl_support.c
@@ -376,3 +376,24 @@ _posix1e_acl_add_entry(acl_t acl, acl_tag_t tag, uid_t id, acl_perm_t perm)
 
 	return (0);
 }
+
+/*
+ * Convert "old" type - ACL_TYPE_{ACCESS,DEFAULT}_OLD - into its "new"
+ * counterpart.  It's neccessary for the old (pre-NFS4 ACLs) binaries
+ * to work with new libc and kernel.  Fixing 'type' for old binaries with
+ * old libc and new kernel is being done by kern/vfs_acl.c:type_unold().
+ */
+int
+_acl_type_unold(acl_type_t type)
+{
+	switch (type) {
+	case ACL_TYPE_ACCESS_OLD:
+		return (ACL_TYPE_ACCESS);
+
+	case ACL_TYPE_DEFAULT_OLD:
+		return (ACL_TYPE_DEFAULT);
+
+	default:
+		return (type);
+	}
+}
diff --git a/lib/libc/posix1e/acl_support.h b/lib/libc/posix1e/acl_support.h
index a5c93c0..c5cbc9c 100644
--- a/lib/libc/posix1e/acl_support.h
+++ b/lib/libc/posix1e/acl_support.h
@@ -34,6 +34,7 @@
 
 #define _POSIX1E_ACL_STRING_PERM_MAXSIZE 3       /* read, write, exec */
 
+int	_acl_type_unold(acl_type_t type);
 int	_posix1e_acl_check(acl_t acl);
 int	_posix1e_acl_sort(acl_t acl);
 int	_posix1e_acl(acl_t acl, acl_type_t type);
diff --git a/lib/libc/posix1e/acl_valid.c b/lib/libc/posix1e/acl_valid.c
index 9b1f9b9..166e614 100644
--- a/lib/libc/posix1e/acl_valid.c
+++ b/lib/libc/posix1e/acl_valid.c
@@ -81,6 +81,7 @@ acl_valid_file_np(const char *pathp, acl_type_t type, acl_t acl)
 		errno = EINVAL;
 		return (-1);
 	}
+	type = _acl_type_unold(type);
 	if (_posix1e_acl(acl, type)) {
 		error = _posix1e_acl_sort(acl);
 		if (error) {
@@ -101,6 +102,7 @@ acl_valid_link_np(const char *pathp, acl_type_t type, acl_t acl)
 		errno = EINVAL;
 		return (-1);
 	}
+	type = _acl_type_unold(type);
 	if (_posix1e_acl(acl, type)) {
 		error = _posix1e_acl_sort(acl);
 		if (error) {
@@ -121,6 +123,7 @@ acl_valid_fd_np(int fd, acl_type_t type, acl_t acl)
 		errno = EINVAL;
 		return (-1);
 	}
+	type = _acl_type_unold(type);
 	if (_posix1e_acl(acl, type)) {
 		error = _posix1e_acl_sort(acl);
 		if (error) {
@@ -131,6 +134,5 @@ acl_valid_fd_np(int fd, acl_type_t type, acl_t acl)
 
 	acl->ats_cur_entry = 0;
 
-
 	return (___acl_aclcheck_fd(fd, type, &acl->ats_acl));
 }