2 * Copyright (c) 2009 Rick Macklem, University of Guelph
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
32 #include <fs/nfs/nfsport.h>
34 extern int nfsrv_useacl;
37 static int nfsrv_acemasktoperm(u_int32_t acetype, u_int32_t mask, int owner,
38 enum vtype type, acl_perm_t *permp);
40 #if defined(NFS4_ACL_EXTATTR_NAME)
42 * Handle xdr for an ace.
45 nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep,
46 int *aceerrp, int *acesizep, NFSPROC_T *p)
49 int len, gotid = 0, owner = 0, error = 0, aceerr = 0;
50 u_char *name, namestr[NFSV4_SMALLSTR + 1];
51 u_int32_t flag, mask, acetype;
57 NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
58 acetype = fxdr_unsigned(u_int32_t, *tl++);
59 flag = fxdr_unsigned(u_int32_t, *tl++);
60 mask = fxdr_unsigned(u_int32_t, *tl++);
61 len = fxdr_unsigned(int, *tl);
63 return (NFSERR_BADXDR);
64 } else if (len == 0) {
65 /* Netapp filers return a 0 length who for nil users */
66 acep->ae_tag = ACL_UNDEFINED_TAG;
67 acep->ae_id = ACL_UNDEFINED_ID;
68 acep->ae_perm = (acl_perm_t)0;
69 acep->ae_entry_type = ACL_ENTRY_TYPE_DENY;
71 *acesizep = 4 * NFSX_UNSIGNED;
74 if (len > NFSV4_SMALLSTR)
75 name = malloc(len + 1, M_NFSSTRING, M_WAITOK);
78 error = nfsrv_mtostr(nd, name, len);
80 if (len > NFSV4_SMALLSTR)
81 free(name, M_NFSSTRING);
85 if (!NFSBCMP(name, "OWNER@", 6)) {
86 acep->ae_tag = ACL_USER_OBJ;
87 acep->ae_id = ACL_UNDEFINED_ID;
90 } else if (!NFSBCMP(name, "GROUP@", 6)) {
91 acep->ae_tag = ACL_GROUP_OBJ;
92 acep->ae_id = ACL_UNDEFINED_ID;
95 } else if (len == 9 && !NFSBCMP(name, "EVERYONE@", 9)) {
96 acep->ae_tag = ACL_EVERYONE;
97 acep->ae_id = ACL_UNDEFINED_ID;
101 if (flag & NFSV4ACE_IDENTIFIERGROUP) {
102 acep->ae_tag = ACL_GROUP;
103 aceerr = nfsv4_strtogid(name, len, &gid, p);
105 acep->ae_id = (uid_t)gid;
107 acep->ae_tag = ACL_USER;
108 aceerr = nfsv4_strtouid(name, len, &uid, p);
113 if (len > NFSV4_SMALLSTR)
114 free(name, M_NFSSTRING);
120 flag &= ~NFSV4ACE_IDENTIFIERGROUP;
121 if (flag & NFSV4ACE_FILEINHERIT) {
122 flag &= ~NFSV4ACE_FILEINHERIT;
123 acep->ae_flags |= ACL_ENTRY_FILE_INHERIT;
125 if (flag & NFSV4ACE_DIRECTORYINHERIT) {
126 flag &= ~NFSV4ACE_DIRECTORYINHERIT;
127 acep->ae_flags |= ACL_ENTRY_DIRECTORY_INHERIT;
129 if (flag & NFSV4ACE_NOPROPAGATEINHERIT) {
130 flag &= ~NFSV4ACE_NOPROPAGATEINHERIT;
131 acep->ae_flags |= ACL_ENTRY_NO_PROPAGATE_INHERIT;
133 if (flag & NFSV4ACE_INHERITONLY) {
134 flag &= ~NFSV4ACE_INHERITONLY;
135 acep->ae_flags |= ACL_ENTRY_INHERIT_ONLY;
137 if (flag & NFSV4ACE_SUCCESSFULACCESS) {
138 flag &= ~NFSV4ACE_SUCCESSFULACCESS;
139 acep->ae_flags |= ACL_ENTRY_SUCCESSFUL_ACCESS;
141 if (flag & NFSV4ACE_FAILEDACCESS) {
142 flag &= ~NFSV4ACE_FAILEDACCESS;
143 acep->ae_flags |= ACL_ENTRY_FAILED_ACCESS;
148 if (acetype == NFSV4ACE_ALLOWEDTYPE)
149 acep->ae_entry_type = ACL_ENTRY_TYPE_ALLOW;
150 else if (acetype == NFSV4ACE_DENIEDTYPE)
151 acep->ae_entry_type = ACL_ENTRY_TYPE_DENY;
152 else if (acetype == NFSV4ACE_AUDITTYPE)
153 acep->ae_entry_type = ACL_ENTRY_TYPE_AUDIT;
154 else if (acetype == NFSV4ACE_ALARMTYPE)
155 acep->ae_entry_type = ACL_ENTRY_TYPE_ALARM;
157 aceerr = NFSERR_ATTRNOTSUPP;
161 * Now, check for unsupported flag bits.
163 if (aceerr == 0 && flag != 0)
164 aceerr = NFSERR_ATTRNOTSUPP;
167 * And turn the mask into perm bits.
170 aceerr = nfsrv_acemasktoperm(acetype, mask, owner, VREG,
174 *acesizep = NFSM_RNDUP(len) + (4 * NFSX_UNSIGNED);
181 * Turn an NFSv4 ace mask into R/W/X flag bits.
184 nfsrv_acemasktoperm(u_int32_t acetype, u_int32_t mask, int owner,
185 enum vtype type, acl_perm_t *permp)
187 acl_perm_t perm = 0x0;
189 if (mask & NFSV4ACE_READDATA) {
190 mask &= ~NFSV4ACE_READDATA;
191 perm |= ACL_READ_DATA;
193 if (mask & NFSV4ACE_LISTDIRECTORY) {
194 mask &= ~NFSV4ACE_LISTDIRECTORY;
195 perm |= ACL_LIST_DIRECTORY;
197 if (mask & NFSV4ACE_WRITEDATA) {
198 mask &= ~NFSV4ACE_WRITEDATA;
199 perm |= ACL_WRITE_DATA;
201 if (mask & NFSV4ACE_ADDFILE) {
202 mask &= ~NFSV4ACE_ADDFILE;
203 perm |= ACL_ADD_FILE;
205 if (mask & NFSV4ACE_APPENDDATA) {
206 mask &= ~NFSV4ACE_APPENDDATA;
207 perm |= ACL_APPEND_DATA;
209 if (mask & NFSV4ACE_ADDSUBDIRECTORY) {
210 mask &= ~NFSV4ACE_ADDSUBDIRECTORY;
211 perm |= ACL_ADD_SUBDIRECTORY;
213 if (mask & NFSV4ACE_READNAMEDATTR) {
214 mask &= ~NFSV4ACE_READNAMEDATTR;
215 perm |= ACL_READ_NAMED_ATTRS;
217 if (mask & NFSV4ACE_WRITENAMEDATTR) {
218 mask &= ~NFSV4ACE_WRITENAMEDATTR;
219 perm |= ACL_WRITE_NAMED_ATTRS;
221 if (mask & NFSV4ACE_EXECUTE) {
222 mask &= ~NFSV4ACE_EXECUTE;
225 if (mask & NFSV4ACE_SEARCH) {
226 mask &= ~NFSV4ACE_SEARCH;
229 if (mask & NFSV4ACE_DELETECHILD) {
230 mask &= ~NFSV4ACE_DELETECHILD;
231 perm |= ACL_DELETE_CHILD;
233 if (mask & NFSV4ACE_READATTRIBUTES) {
234 mask &= ~NFSV4ACE_READATTRIBUTES;
235 perm |= ACL_READ_ATTRIBUTES;
237 if (mask & NFSV4ACE_WRITEATTRIBUTES) {
238 mask &= ~NFSV4ACE_WRITEATTRIBUTES;
239 perm |= ACL_WRITE_ATTRIBUTES;
241 if (mask & NFSV4ACE_DELETE) {
242 mask &= ~NFSV4ACE_DELETE;
245 if (mask & NFSV4ACE_READACL) {
246 mask &= ~NFSV4ACE_READACL;
247 perm |= ACL_READ_ACL;
249 if (mask & NFSV4ACE_WRITEACL) {
250 mask &= ~NFSV4ACE_WRITEACL;
251 perm |= ACL_WRITE_ACL;
253 if (mask & NFSV4ACE_WRITEOWNER) {
254 mask &= ~NFSV4ACE_WRITEOWNER;
255 perm |= ACL_WRITE_OWNER;
257 if (mask & NFSV4ACE_SYNCHRONIZE) {
258 mask &= ~NFSV4ACE_SYNCHRONIZE;
259 perm |= ACL_SYNCHRONIZE;
262 return (NFSERR_ATTRNOTSUPP);
268 * Handle xdr for an ace.
271 nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep,
272 int *aceerrp, int *acesizep, NFSPROC_T *p)
275 int len, gotid = 0, owner = 0, error = 0, aceerr = 0;
276 u_char *name, namestr[NFSV4_SMALLSTR + 1];
277 u_int32_t flag, mask, acetype;
282 NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
283 acetype = fxdr_unsigned(u_int32_t, *tl++);
284 flag = fxdr_unsigned(u_int32_t, *tl++);
285 mask = fxdr_unsigned(u_int32_t, *tl++);
286 len = fxdr_unsigned(int, *tl);
288 return (NFSERR_BADXDR);
289 } else if (len == 0) {
290 /* Netapp filers return a 0 length who for nil users */
291 acep->ae_tag = ACL_UNDEFINED_TAG;
292 acep->ae_id = ACL_UNDEFINED_ID;
293 acep->ae_perm = (acl_perm_t)0;
295 *acesizep = 4 * NFSX_UNSIGNED;
298 if (len > NFSV4_SMALLSTR)
299 name = malloc(len + 1, M_NFSSTRING, M_WAITOK);
302 error = nfsrv_mtostr(nd, name, len);
304 if (len > NFSV4_SMALLSTR)
305 free(name, M_NFSSTRING);
309 if (!NFSBCMP(name, "OWNER@", 6)) {
310 acep->ae_tag = ACL_USER_OBJ;
311 acep->ae_id = ACL_UNDEFINED_ID;
314 } else if (!NFSBCMP(name, "GROUP@", 6)) {
315 acep->ae_tag = ACL_GROUP_OBJ;
316 acep->ae_id = ACL_UNDEFINED_ID;
318 flag &= ~NFSV4ACE_IDENTIFIERGROUP;
320 } else if (len == 9 && !NFSBCMP(name, "EVERYONE@", 9)) {
321 acep->ae_tag = ACL_OTHER;
322 acep->ae_id = ACL_UNDEFINED_ID;
326 if (flag & NFSV4ACE_IDENTIFIERGROUP) {
327 flag &= ~NFSV4ACE_IDENTIFIERGROUP;
328 acep->ae_tag = ACL_GROUP;
329 aceerr = nfsv4_strtogid(name, len, &gid, p);
331 acep->ae_id = (uid_t)gid;
333 acep->ae_tag = ACL_USER;
334 aceerr = nfsv4_strtouid(name, len, &uid, p);
339 if (len > NFSV4_SMALLSTR)
340 free(name, M_NFSSTRING);
343 * Now, check for unsupported types or flag bits.
345 if (!aceerr && ((acetype != NFSV4ACE_ALLOWEDTYPE &&
346 acetype != NFSV4ACE_AUDITTYPE && acetype != NFSV4ACE_ALARMTYPE
347 && acetype != NFSV4ACE_DENIEDTYPE) || flag))
348 aceerr = NFSERR_ATTRNOTSUPP;
351 * And turn the mask into perm bits.
354 aceerr = nfsrv_acemasktoperm(acetype, mask, owner, VREG,
358 *acesizep = NFSM_RNDUP(len) + (4 * NFSX_UNSIGNED);
365 * Turn an NFSv4 ace mask into R/W/X flag bits.
368 nfsrv_acemasktoperm(u_int32_t acetype, u_int32_t mask, int owner,
369 enum vtype type, acl_perm_t *permp)
371 acl_perm_t perm = 0x0;
373 if (acetype != NFSV4ACE_ALLOWEDTYPE && acetype != NFSV4ACE_DENIEDTYPE){
374 if (mask & ~NFSV4ACE_AUDITMASK)
375 return (NFSERR_ATTRNOTSUPP);
377 if (mask & NFSV4ACE_DELETE) {
378 return (NFSERR_ATTRNOTSUPP);
380 if (acetype == NFSV4ACE_DENIEDTYPE) {
381 if (mask & NFSV4ACE_ALLFILESMASK) {
382 return (NFSERR_ATTRNOTSUPP);
385 if (mask & NFSV4ACE_OWNERMASK) {
386 return (NFSERR_ATTRNOTSUPP);
389 if ((mask & NFSV4ACE_OWNERMASK) != NFSV4ACE_OWNERMASK) {
390 return (NFSERR_ATTRNOTSUPP);
392 mask &= ~NFSV4ACE_OWNERMASK;
394 } else if (acetype == NFSV4ACE_ALLOWEDTYPE) {
395 if ((mask & NFSV4ACE_ALLFILESMASK) != NFSV4ACE_ALLFILESMASK) {
396 return (NFSERR_ATTRNOTSUPP);
398 mask &= ~NFSV4ACE_ALLFILESMASK;
400 if ((mask & NFSV4ACE_OWNERMASK) != NFSV4ACE_OWNERMASK) {
401 return (NFSERR_ATTRNOTSUPP);
403 mask &= ~NFSV4ACE_OWNERMASK;
404 } else if (mask & NFSV4ACE_OWNERMASK) {
405 return (NFSERR_ATTRNOTSUPP);
409 if ((mask & NFSV4ACE_DIRREADMASK) == NFSV4ACE_DIRREADMASK) {
411 mask &= ~NFSV4ACE_DIRREADMASK;
413 if ((mask & NFSV4ACE_DIRWRITEMASK) == NFSV4ACE_DIRWRITEMASK) {
415 mask &= ~NFSV4ACE_DIRWRITEMASK;
417 if ((mask & NFSV4ACE_DIREXECUTEMASK)==NFSV4ACE_DIREXECUTEMASK){
419 mask &= ~NFSV4ACE_DIREXECUTEMASK;
422 if (acetype == NFSV4ACE_DENIEDTYPE &&
423 (mask & NFSV4ACE_SYNCHRONIZE)) {
424 return (NFSERR_ATTRNOTSUPP);
426 mask &= ~(NFSV4ACE_SYNCHRONIZE | NFSV4ACE_DELETECHILD);
427 if ((mask & NFSV4ACE_READMASK) == NFSV4ACE_READMASK) {
429 mask &= ~NFSV4ACE_READMASK;
431 if ((mask & NFSV4ACE_WRITEMASK) == NFSV4ACE_WRITEMASK) {
433 mask &= ~NFSV4ACE_WRITEMASK;
435 if ((mask & NFSV4ACE_EXECUTEMASK) == NFSV4ACE_EXECUTEMASK) {
437 mask &= ~NFSV4ACE_EXECUTEMASK;
441 return (NFSERR_ATTRNOTSUPP);
446 #endif /* !NFS4_ACL_EXTATTR_NAME */
448 #ifdef NFS4_ACL_EXTATTR_NAME
449 /* local functions */
450 static int nfsrv_buildace(struct nfsrv_descript *, u_char *, int,
451 enum vtype, int, int, struct acl_entry *);
454 * This function builds an NFS ace.
457 nfsrv_buildace(struct nfsrv_descript *nd, u_char *name, int namelen,
458 enum vtype type, int group, int owner, struct acl_entry *ace)
460 u_int32_t *tl, aceflag = 0x0, acemask = 0x0, acetype;
463 full_len = NFSM_RNDUP(namelen);
464 NFSM_BUILD(tl, u_int32_t *, 4 * NFSX_UNSIGNED + full_len);
467 * Fill in the ace type.
469 if (ace->ae_entry_type & ACL_ENTRY_TYPE_ALLOW)
470 acetype = NFSV4ACE_ALLOWEDTYPE;
471 else if (ace->ae_entry_type & ACL_ENTRY_TYPE_DENY)
472 acetype = NFSV4ACE_DENIEDTYPE;
473 else if (ace->ae_entry_type & ACL_ENTRY_TYPE_AUDIT)
474 acetype = NFSV4ACE_AUDITTYPE;
476 acetype = NFSV4ACE_ALARMTYPE;
477 *tl++ = txdr_unsigned(acetype);
480 * Set the flag bits from the ACL.
482 if (ace->ae_flags & ACL_ENTRY_FILE_INHERIT)
483 aceflag |= NFSV4ACE_FILEINHERIT;
484 if (ace->ae_flags & ACL_ENTRY_DIRECTORY_INHERIT)
485 aceflag |= NFSV4ACE_DIRECTORYINHERIT;
486 if (ace->ae_flags & ACL_ENTRY_NO_PROPAGATE_INHERIT)
487 aceflag |= NFSV4ACE_NOPROPAGATEINHERIT;
488 if (ace->ae_flags & ACL_ENTRY_INHERIT_ONLY)
489 aceflag |= NFSV4ACE_INHERITONLY;
490 if (ace->ae_flags & ACL_ENTRY_SUCCESSFUL_ACCESS)
491 aceflag |= NFSV4ACE_SUCCESSFULACCESS;
492 if (ace->ae_flags & ACL_ENTRY_FAILED_ACCESS)
493 aceflag |= NFSV4ACE_FAILEDACCESS;
495 aceflag |= NFSV4ACE_IDENTIFIERGROUP;
496 *tl++ = txdr_unsigned(aceflag);
498 if (ace->ae_perm & ACL_LIST_DIRECTORY)
499 acemask |= NFSV4ACE_LISTDIRECTORY;
500 if (ace->ae_perm & ACL_ADD_FILE)
501 acemask |= NFSV4ACE_ADDFILE;
502 if (ace->ae_perm & ACL_ADD_SUBDIRECTORY)
503 acemask |= NFSV4ACE_ADDSUBDIRECTORY;
504 if (ace->ae_perm & ACL_READ_NAMED_ATTRS)
505 acemask |= NFSV4ACE_READNAMEDATTR;
506 if (ace->ae_perm & ACL_WRITE_NAMED_ATTRS)
507 acemask |= NFSV4ACE_WRITENAMEDATTR;
508 if (ace->ae_perm & ACL_EXECUTE)
509 acemask |= NFSV4ACE_SEARCH;
510 if (ace->ae_perm & ACL_DELETE_CHILD)
511 acemask |= NFSV4ACE_DELETECHILD;
512 if (ace->ae_perm & ACL_READ_ATTRIBUTES)
513 acemask |= NFSV4ACE_READATTRIBUTES;
514 if (ace->ae_perm & ACL_WRITE_ATTRIBUTES)
515 acemask |= NFSV4ACE_WRITEATTRIBUTES;
516 if (ace->ae_perm & ACL_DELETE)
517 acemask |= NFSV4ACE_DELETE;
518 if (ace->ae_perm & ACL_READ_ACL)
519 acemask |= NFSV4ACE_READACL;
520 if (ace->ae_perm & ACL_WRITE_ACL)
521 acemask |= NFSV4ACE_WRITEACL;
522 if (ace->ae_perm & ACL_WRITE_OWNER)
523 acemask |= NFSV4ACE_WRITEOWNER;
525 if (ace->ae_perm & ACL_READ_DATA)
526 acemask |= NFSV4ACE_READDATA;
527 if (ace->ae_perm & ACL_WRITE_DATA)
528 acemask |= NFSV4ACE_WRITEDATA;
529 if (ace->ae_perm & ACL_APPEND_DATA)
530 acemask |= NFSV4ACE_APPENDDATA;
531 if (ace->ae_perm & ACL_READ_NAMED_ATTRS)
532 acemask |= NFSV4ACE_READNAMEDATTR;
533 if (ace->ae_perm & ACL_WRITE_NAMED_ATTRS)
534 acemask |= NFSV4ACE_WRITENAMEDATTR;
535 if (ace->ae_perm & ACL_EXECUTE)
536 acemask |= NFSV4ACE_EXECUTE;
537 if (ace->ae_perm & ACL_READ_ATTRIBUTES)
538 acemask |= NFSV4ACE_READATTRIBUTES;
539 if (ace->ae_perm & ACL_WRITE_ATTRIBUTES)
540 acemask |= NFSV4ACE_WRITEATTRIBUTES;
541 if (ace->ae_perm & ACL_DELETE)
542 acemask |= NFSV4ACE_DELETE;
543 if (ace->ae_perm & ACL_READ_ACL)
544 acemask |= NFSV4ACE_READACL;
545 if (ace->ae_perm & ACL_WRITE_ACL)
546 acemask |= NFSV4ACE_WRITEACL;
547 if (ace->ae_perm & ACL_WRITE_OWNER)
548 acemask |= NFSV4ACE_WRITEOWNER;
549 if (ace->ae_perm & ACL_SYNCHRONIZE)
550 acemask |= NFSV4ACE_SYNCHRONIZE;
552 *tl++ = txdr_unsigned(acemask);
553 *tl++ = txdr_unsigned(namelen);
554 if (full_len - namelen)
555 *(tl + (namelen / NFSX_UNSIGNED)) = 0x0;
556 NFSBCOPY(name, (caddr_t)tl, namelen);
557 return (full_len + 4 * NFSX_UNSIGNED);
561 * Build an NFSv4 ACL.
564 nfsrv_buildacl(struct nfsrv_descript *nd, NFSACL_T *aclp, enum vtype type,
567 int i, entrycnt = 0, retlen;
568 u_int32_t *entrycntp;
569 int isowner, isgroup, namelen, malloced;
570 u_char *name, namestr[NFSV4_SMALLSTR];
572 NFSM_BUILD(entrycntp, u_int32_t *, NFSX_UNSIGNED);
573 retlen = NFSX_UNSIGNED;
575 * Loop through the acl entries, building each one.
577 for (i = 0; i < aclp->acl_cnt; i++) {
578 isowner = isgroup = malloced = 0;
579 switch (aclp->acl_entry[i].ae_tag) {
596 nfsv4_uidtostr(aclp->acl_entry[i].ae_id, &name,
604 nfsv4_gidtostr((gid_t)aclp->acl_entry[i].ae_id, &name,
612 retlen += nfsrv_buildace(nd, name, namelen, type, isgroup,
613 isowner, &aclp->acl_entry[i]);
616 free(name, M_NFSSTRING);
618 *entrycntp = txdr_unsigned(entrycnt);
626 nfsrv_setacl(vnode_t vp, NFSACL_T *aclp, struct ucred *cred,
631 if (nfsrv_useacl == 0 || !NFSHASNFS4ACL(vnode_mount(vp)))
632 return (NFSERR_ATTRNOTSUPP);
634 * With NFSv4 ACLs, chmod(2) may need to add additional entries.
635 * Make sure it has enough room for that - splitting every entry
636 * into two and appending "canonical six" entries at the end.
637 * Cribbed out of kern/vfs_acl.c - Rick M.
639 if (aclp->acl_cnt > (ACL_MAX_ENTRIES - 6) / 2)
640 return (NFSERR_ATTRNOTSUPP);
641 error = VOP_ACLCHECK(vp, ACL_TYPE_NFS4, aclp, cred, p);
643 error = VOP_SETACL(vp, ACL_TYPE_NFS4, aclp, cred, p);
648 * Compare two NFSv4 acls.
649 * Return 0 if they are the same, 1 if not the same.
652 nfsrv_compareacl(NFSACL_T *aclp1, NFSACL_T *aclp2)
655 struct acl_entry *acep1, *acep2;
657 if (aclp1->acl_cnt != aclp2->acl_cnt)
659 acep1 = aclp1->acl_entry;
660 acep2 = aclp2->acl_entry;
661 for (i = 0; i < aclp1->acl_cnt; i++) {
662 if (acep1->ae_tag != acep2->ae_tag)
664 switch (acep1->ae_tag) {
667 if (acep1->ae_id != acep2->ae_id)
673 if (acep1->ae_perm != acep2->ae_perm)
682 #endif /* NFS4_ACL_EXTATTR_NAME */