From f04a989f2dbe7ffdf8dc178715cc5fe4c658f813 Mon Sep 17 00:00:00 2001
From: trasz <trasz@FreeBSD.org>
Date: Mon, 21 Dec 2009 19:39:10 +0000
Subject: Implement NFSv4 ACL support for UFS.

Reviewed by:	rwatson
---
 sbin/dumpfs/dumpfs.c |  5 ++++-
 sbin/mount/mntopts.h |  4 +++-
 sbin/mount/mount.8   | 14 +++++++++++-
 sbin/mount/mount.c   |  2 ++
 sbin/tunefs/tunefs.8 |  5 ++++-
 sbin/tunefs/tunefs.c | 60 +++++++++++++++++++++++++++++++++++++++++++---------
 6 files changed, 76 insertions(+), 14 deletions(-)

(limited to 'sbin')

diff --git a/sbin/dumpfs/dumpfs.c b/sbin/dumpfs/dumpfs.c
index 4bcbe5f..b7f6d39 100644
--- a/sbin/dumpfs/dumpfs.c
+++ b/sbin/dumpfs/dumpfs.c
@@ -251,8 +251,11 @@ dumpfs(const char *name)
 		printf("gjournal ");
 	if (fsflags & FS_FLAGS_UPDATED)
 		printf("fs_flags expanded ");
+	if (fsflags & FS_NFS4ACLS)
+		printf("nfsv4acls ");
 	fsflags &= ~(FS_UNCLEAN | FS_DOSOFTDEP | FS_NEEDSFSCK | FS_INDEXDIRS |
-		     FS_ACLS | FS_MULTILABEL | FS_GJOURNAL | FS_FLAGS_UPDATED);
+		     FS_ACLS | FS_MULTILABEL | FS_GJOURNAL | FS_FLAGS_UPDATED |
+		     FS_NFS4ACLS);
 	if (fsflags != 0)
 		printf("unknown flags (%#x)", fsflags);
 	putchar('\n');
diff --git a/sbin/mount/mntopts.h b/sbin/mount/mntopts.h
index 2fcbbdd..2903d55 100644
--- a/sbin/mount/mntopts.h
+++ b/sbin/mount/mntopts.h
@@ -54,6 +54,7 @@ struct mntopt {
 #define MOPT_SNAPSHOT		{ "snapshot",	0, MNT_SNAPSHOT, 0 }
 #define MOPT_MULTILABEL		{ "multilabel",	0, MNT_MULTILABEL, 0 }
 #define MOPT_ACLS		{ "acls",	0, MNT_ACLS, 0 }
+#define MOPT_NFS4ACLS		{ "nfsv4acls",	0, MNT_NFS4ACLS, 0 }
 
 /* Control flags. */
 #define MOPT_FORCE		{ "force",	0, MNT_FORCE, 0 }
@@ -87,7 +88,8 @@ struct mntopt {
 	MOPT_NOCLUSTERR,						\
 	MOPT_NOCLUSTERW,						\
 	MOPT_MULTILABEL,						\
-	MOPT_ACLS
+	MOPT_ACLS,							\
+	MOPT_NFS4ACLS
 
 void getmntopts(const char *, const struct mntopt *, int *, int *);
 void rmslashes(char *, char *);
diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8
index 3efc9f1..ea01455 100644
--- a/sbin/mount/mount.8
+++ b/sbin/mount/mount.8
@@ -120,11 +120,14 @@ takes effect.
 The following options are available:
 .Bl -tag -width indent
 .It Cm acls
-Enable Access Control Lists, or ACLS, which can be customized via the
+Enable POSIX.1e Access Control Lists, or ACLs, which can be customized via the
 .Xr setfacl 1
 and
 .Xr getfacl 1
 commands.
+This flag is mutually exclusive with
+.Cm nfsv4acls
+flag.
 .It Cm async
 All
 .Tn I/O
@@ -186,6 +189,15 @@ See
 .Xr mac 4
 for more information, which cause the multilabel mount flag to be set
 automatically at mount-time.
+.It Cm nfsv4acls
+Enable NFSv4 ACLs, which can be customized via the
+.Xr setfacl 1
+and
+.Xr getfacl 1
+commands.
+This flag is mutually exclusive with
+.Cm acls
+flag.
 .It Cm noasync
 Metadata I/O should be done synchronously, while data I/O should be done
 asynchronously.
diff --git a/sbin/mount/mount.c b/sbin/mount/mount.c
index 0bd5533..907f754 100644
--- a/sbin/mount/mount.c
+++ b/sbin/mount/mount.c
@@ -111,6 +111,7 @@ static struct opt {
 	{ MNT_SOFTDEP,		"soft-updates" },
 	{ MNT_MULTILABEL,	"multilabel" },
 	{ MNT_ACLS,		"acls" },
+	{ MNT_NFS4ACLS,		"nfsv4acls" },
 	{ MNT_GJOURNAL,		"gjournal" },
 	{ 0, NULL }
 };
@@ -918,6 +919,7 @@ flags2opts(int flags)
 	if (flags & MNT_SUIDDIR)	res = catopt(res, "suiddir");
 	if (flags & MNT_MULTILABEL)	res = catopt(res, "multilabel");
 	if (flags & MNT_ACLS)		res = catopt(res, "acls");
+	if (flags & MNT_NFS4ACLS)	res = catopt(res, "nfsv4acls");
 
 	return (res);
 }
diff --git a/sbin/tunefs/tunefs.8 b/sbin/tunefs/tunefs.8
index e2664e3..53e463c 100644
--- a/sbin/tunefs/tunefs.8
+++ b/sbin/tunefs/tunefs.8
@@ -44,6 +44,7 @@
 .Op Fl L Ar volname
 .Op Fl l Cm enable | disable
 .Op Fl m Ar minfree
+.Op Fl N Cm enable | disable
 .Op Fl n Cm enable | disable
 .Op Fl o Cm space | time
 .Op Fl p
@@ -70,7 +71,7 @@ this option will cause all backups to be modified as well as the
 primary super-block.
 This is potentially dangerous - use with caution.
 .It Fl a Cm enable | disable
-Turn on/off the administrative ACL enable flag.
+Turn on/off the administrative POSIX.1e ACL enable flag.
 .It Fl e Ar maxbpg
 Indicate the maximum number of blocks any single file can
 allocate out of a cylinder group before it is forced to begin
@@ -114,6 +115,8 @@ factor of three over the performance obtained at a 10% threshold.
 If the value is raised above the current usage level,
 users will be unable to allocate files until enough files have
 been deleted to get under the higher threshold.
+.It Fl N Cm enable | disable
+Turn on/off the administrative NFSv4 ACL enable flag.
 .It Fl n Cm enable | disable
 Turn on/off soft updates.
 .It Fl o Cm space | time
diff --git a/sbin/tunefs/tunefs.c b/sbin/tunefs/tunefs.c
index 2b263bb..1b5f21a 100644
--- a/sbin/tunefs/tunefs.c
+++ b/sbin/tunefs/tunefs.c
@@ -76,12 +76,12 @@ void printfs(void);
 int
 main(int argc, char *argv[])
 {
-	char *avalue, *Jvalue, *Lvalue, *lvalue, *nvalue;
+	char *avalue, *Jvalue, *Lvalue, *lvalue, *Nvalue, *nvalue;
 	const char *special, *on;
 	const char *name;
 	int active;
 	int Aflag, aflag, eflag, evalue, fflag, fvalue, Jflag, Lflag, lflag;
-	int mflag, mvalue, nflag, oflag, ovalue, pflag, sflag, svalue;
+	int mflag, mvalue, Nflag, nflag, oflag, ovalue, pflag, sflag, svalue;
 	int ch, found_arg, i;
 	const char *chg[2];
 	struct ufs_args args;
@@ -90,12 +90,12 @@ main(int argc, char *argv[])
 	if (argc < 3)
 		usage();
 	Aflag = aflag = eflag = fflag = Jflag = Lflag = lflag = mflag = 0;
-	nflag = oflag = pflag = sflag = 0;
-	avalue = Jvalue = Lvalue = lvalue = nvalue = NULL;
+	Nflag = nflag = oflag = pflag = sflag = 0;
+	avalue = Jvalue = Lvalue = lvalue = Nvalue = nvalue = NULL;
 	evalue = fvalue = mvalue = ovalue = svalue = 0;
 	active = 0;
 	found_arg = 0;		/* At least one arg is required. */
-	while ((ch = getopt(argc, argv, "Aa:e:f:J:L:l:m:n:o:ps:")) != -1)
+	while ((ch = getopt(argc, argv, "Aa:e:f:J:L:l:m:N:n:o:ps:")) != -1)
 		switch (ch) {
 
 		case 'A':
@@ -105,7 +105,7 @@ main(int argc, char *argv[])
 
 		case 'a':
 			found_arg = 1;
-			name = "ACLs";
+			name = "POSIX.1e ACLs";
 			avalue = optarg;
 			if (strcmp(avalue, "enable") &&
 			    strcmp(avalue, "disable")) {
@@ -187,6 +187,18 @@ main(int argc, char *argv[])
 			mflag = 1;
 			break;
 
+		case 'N':
+			found_arg = 1;
+			name = "NFSv4 ACLs";
+			Nvalue = optarg;
+			if (strcmp(Nvalue, "enable") &&
+			    strcmp(Nvalue, "disable")) {
+				errx(10, "bad %s (options are %s)",
+				    name, "`enable' or `disable'");
+			}
+			Nflag = 1;
+			break;
+
 		case 'n':
 			found_arg = 1;
 			name = "soft updates";
@@ -255,10 +267,13 @@ main(int argc, char *argv[])
 		strlcpy(sblock.fs_volname, Lvalue, MAXVOLLEN);
 	}
 	if (aflag) {
-		name = "ACLs";
+		name = "POSIX.1e ACLs";
 		if (strcmp(avalue, "enable") == 0) {
 			if (sblock.fs_flags & FS_ACLS) {
 				warnx("%s remains unchanged as enabled", name);
+			} else if (sblock.fs_flags & FS_NFS4ACLS) {
+				warnx("%s and NFSv4 ACLs are mutually "
+				    "exclusive", name);
 			} else {
 				sblock.fs_flags |= FS_ACLS;
 				warnx("%s set", name);
@@ -349,6 +364,29 @@ main(int argc, char *argv[])
 				warnx(OPTWARN, "space", "<", MINFREE);
 		}
 	}
+	if (Nflag) {
+		name = "NFSv4 ACLs";
+		if (strcmp(Nvalue, "enable") == 0) {
+			if (sblock.fs_flags & FS_NFS4ACLS) {
+				warnx("%s remains unchanged as enabled", name);
+			} else if (sblock.fs_flags & FS_ACLS) {
+				warnx("%s and POSIX.1e ACLs are mutually "
+				    "exclusive", name);
+			} else {
+				sblock.fs_flags |= FS_NFS4ACLS;
+				warnx("%s set", name);
+			}
+		} else if (strcmp(Nvalue, "disable") == 0) {
+			if ((~sblock.fs_flags & FS_NFS4ACLS) ==
+			    FS_NFS4ACLS) {
+				warnx("%s remains unchanged as disabled",
+				    name);
+			} else {
+				sblock.fs_flags &= ~FS_NFS4ACLS;
+				warnx("%s cleared", name);
+			}
+		}
+	}
 	if (nflag) {
  		name = "soft updates";
  		if (strcmp(nvalue, "enable") == 0) {
@@ -423,16 +461,18 @@ usage(void)
 	fprintf(stderr, "%s\n%s\n%s\n%s\n",
 "usage: tunefs [-A] [-a enable | disable] [-e maxbpg] [-f avgfilesize]",
 "              [-J enable | disable ] [-L volname] [-l enable | disable]",
-"              [-m minfree] [-n enable | disable] [-o space | time] [-p]",
-"              [-s avgfpdir] special | filesystem");
+"              [-m minfree] [-N enable | disable] [-n enable | disable]",
+"              [-o space | time] [-p] [-s avgfpdir] special | filesystem");
 	exit(2);
 }
 
 void
 printfs(void)
 {
-	warnx("ACLs: (-a)                                         %s",
+	warnx("POSIX.1e ACLs: (-a)                                %s",
 		(sblock.fs_flags & FS_ACLS)? "enabled" : "disabled");
+	warnx("NFSv4 ACLs: (-N)                                   %s",
+		(sblock.fs_flags & FS_NFS4ACLS)? "enabled" : "disabled");
 	warnx("MAC multilabel: (-l)                               %s",
 		(sblock.fs_flags & FS_MULTILABEL)? "enabled" : "disabled");
 	warnx("soft updates: (-n)                                 %s", 
-- 
cgit v1.1