nfscommon: Factor out conversion of ae_perm to NFSv4 ACE flags

This patch factors the code that converts the ae_perm bits in an NFSv4 style ACL to the NFSv4 on-the-wire format into a separate function. This function will be used by the NFSv4 server in a future commit. This patch should not change NFSv4 semantics.
2026-06-11 09:41:03 -04:00 · 2025-06-26 13:22:53 -07:00 · 2025-06-26 13:22:53 -07:00 · 8e2a90ac80
commit 8e2a90ac80
parent b9e3e8491f
2 changed files with 39 additions and 26 deletions
--- a/sys/fs/nfs/nfs_commonacl.c
+++ b/sys/fs/nfs/nfs_commonacl.c
@ -352,32 +352,7 @@ nfsrv_buildace(struct nfsrv_descript *nd, u_char *name, int namelen,
 		if (ace->ae_perm & ACL_SYNCHRONIZE)
 			acemask |= NFSV4ACE_SYNCHRONIZE;
 	} else {
-		if (ace->ae_perm & ACL_READ_DATA)
-			acemask |= NFSV4ACE_READDATA;
-		if (ace->ae_perm & ACL_WRITE_DATA)
-			acemask |= NFSV4ACE_WRITEDATA;
-		if (ace->ae_perm & ACL_APPEND_DATA)
-			acemask |= NFSV4ACE_APPENDDATA;
-		if (ace->ae_perm & ACL_READ_NAMED_ATTRS)
-			acemask |= NFSV4ACE_READNAMEDATTR;
-		if (ace->ae_perm & ACL_WRITE_NAMED_ATTRS)
-			acemask |= NFSV4ACE_WRITENAMEDATTR;
-		if (ace->ae_perm & ACL_EXECUTE)
-			acemask |= NFSV4ACE_EXECUTE;
-		if (ace->ae_perm & ACL_READ_ATTRIBUTES)
-			acemask |= NFSV4ACE_READATTRIBUTES;
-		if (ace->ae_perm & ACL_WRITE_ATTRIBUTES)
-			acemask |= NFSV4ACE_WRITEATTRIBUTES;
-		if (ace->ae_perm & ACL_DELETE)
-			acemask |= NFSV4ACE_DELETE;
-		if (ace->ae_perm & ACL_READ_ACL)
-			acemask |= NFSV4ACE_READACL;
-		if (ace->ae_perm & ACL_WRITE_ACL)
-			acemask |= NFSV4ACE_WRITEACL;
-		if (ace->ae_perm & ACL_WRITE_OWNER)
-			acemask |= NFSV4ACE_WRITEOWNER;
-		if (ace->ae_perm & ACL_SYNCHRONIZE)
-			acemask |= NFSV4ACE_SYNCHRONIZE;
+		acemask = nfs_aceperm(ace->ae_perm);
 	}
 	*tl++ = txdr_unsigned(acemask);
 	*tl++ = txdr_unsigned(namelen);
@ -387,6 +362,43 @@ nfsrv_buildace(struct nfsrv_descript *nd, u_char *name, int namelen,
 	return (full_len + 4 * NFSX_UNSIGNED);
 }

+/*
+ * Convert ae_perm to NFSv4 ACL acemask4 for regular files.
+ */
+uint32_t
+nfs_aceperm(acl_perm_t ae_perm)
+{
+	uint32_t acemask = 0x0;
+
+	if (ae_perm & ACL_READ_DATA)
+		acemask |= NFSV4ACE_READDATA;
+	if (ae_perm & ACL_WRITE_DATA)
+		acemask |= NFSV4ACE_WRITEDATA;
+	if (ae_perm & ACL_APPEND_DATA)
+		acemask |= NFSV4ACE_APPENDDATA;
+	if (ae_perm & ACL_READ_NAMED_ATTRS)
+		acemask |= NFSV4ACE_READNAMEDATTR;
+	if (ae_perm & ACL_WRITE_NAMED_ATTRS)
+		acemask |= NFSV4ACE_WRITENAMEDATTR;
+	if (ae_perm & ACL_EXECUTE)
+		acemask |= NFSV4ACE_EXECUTE;
+	if (ae_perm & ACL_READ_ATTRIBUTES)
+		acemask |= NFSV4ACE_READATTRIBUTES;
+	if (ae_perm & ACL_WRITE_ATTRIBUTES)
+		acemask |= NFSV4ACE_WRITEATTRIBUTES;
+	if (ae_perm & ACL_DELETE)
+		acemask |= NFSV4ACE_DELETE;
+	if (ae_perm & ACL_READ_ACL)
+		acemask |= NFSV4ACE_READACL;
+	if (ae_perm & ACL_WRITE_ACL)
+		acemask |= NFSV4ACE_WRITEACL;
+	if (ae_perm & ACL_WRITE_OWNER)
+		acemask |= NFSV4ACE_WRITEOWNER;
+	if (ae_perm & ACL_SYNCHRONIZE)
+		acemask |= NFSV4ACE_SYNCHRONIZE;
+	return (acemask);
+}
+
 /*
 * Build an NFSv4 ACL.
 */
--- a/sys/fs/nfs/nfs_var.h
+++ b/sys/fs/nfs/nfs_var.h
@ -439,6 +439,7 @@ int nfs_supportsnfsv4acls(vnode_t);
 /* nfs_commonacl.c */
 int nfsrv_dissectace(struct nfsrv_descript *, struct acl_entry *,
    bool, int *, int *, NFSPROC_T *);
+uint32_t nfs_aceperm(acl_perm_t);
 int nfsrv_buildacl(struct nfsrv_descript *, NFSACL_T *, __enum_uint8(vtype),
    NFSPROC_T *);
 int nfsrv_compareacl(NFSACL_T *, NFSACL_T *);