18 Commits

Author SHA1 Message Date
Edward Tomasz Napierala
9e21ef395a Fix bug where NFSv4 ACL enforcement code wouldn't unconditionally
allow the owner to read and write ACL and file attributes when there
was no entry with subject matching the owner.  In other words,
'getfacl meh' shouldn't fail for the owner if the ACL looks like this:

# file: meh
# owner: trasz
# group: wheel
         user:root:------a-------:------:allow

Reported by:	kientzle
2012-04-17 14:54:00 +00:00
Adrian Chadd
a9a282f672 Add module load/unload stubs. 2012-03-13 20:27:48 +00:00
Edward Tomasz Napierala
4ce9c95bd8 Remove assertion against empty NFSv4 ACLs. An empty ACL is not exactly
valid - we don't allow for setting it on a file, for example - but it's
not something we should assert on.

For STABLE kernel, it changes nothing, because it's not compiled with
INVARIANTS.  If it was, it would fix crashes.  It also fixes an assert
in libc encountered with NFSv4 without nfsuserd(8) running.

Submitted by:	Yuri Pankov (earlier version)
MFC after:	1 month
2011-10-05 17:29:49 +00:00
Edward Tomasz Napierala
999d680c92 Make UFS use PSARC/2010/029 NFSv4 ACL semantics by default, bringing
it in line with ZFSv28.

X-MFC-After:	ZFSv28.
2011-03-22 19:52:29 +00:00
Edward Tomasz Napierala
cdec385674 Move the code around so that libc behaviour does not depend on a variable
that was supposed to be kernel-only.  There should be no functional changes.
2011-03-22 17:44:07 +00:00
Edward Tomasz Napierala
8a6f498522 Temporarily revert r219272; it breaks acl_is_trivial_np(3). 2011-03-06 20:12:09 +00:00
Edward Tomasz Napierala
18ac6e83dc Make UFS use PSARC/2010/029 NFSv4 ACL semantics by default, just like
ZFSv28 does.

MFC after:	2 months
2011-03-04 19:53:07 +00:00
Edward Tomasz Napierala
4c7bba9985 Adapt filesystem-independent NFSv4 ACL code (used by UFS, but not by ZFS)
to PSARC/2010/029.  In short, the semantics is simplified - "weird stuff"
no longer happens after chmod, entries don't get duplicated during
inheritance, and trivial ACLs no longer contain three "DENY" entries,
which is also more friendly to MS Windows.

By default, UFS keeps using old semantics.  To change it, set sysctl
vfs.acl_nfs4_old_semantics to 0.  I'll flip the switch when ZFSv28
hits the tree, to keep these two in sync - ZFS v28 uses PSARC semantics,
and ZFS v15 uses the old one.
2010-12-13 18:56:04 +00:00
Edward Tomasz Napierala
252e4a96e6 Fix uninitialized variable.
Found with:	Coverity Prevent(tm)
CID:		8632
2010-10-29 19:07:36 +00:00
Edward Tomasz Napierala
880cb81c5a Remove workaround for ZFS bug; fix was committed to the //depot/user/pjd/zfs/...
branch some time ago.

MFC after:	two weeks
2010-10-23 14:22:50 +00:00
Edward Tomasz Napierala
4089cc8aa1 First step at adopting FreeBSD to support PSARC/2010/029. This makes
acl_is_trivial_np(3) properly recognize the new trivial ACLs.  From
the user point of view, that means "ls -l" no longer shows plus signs
for all the files when running ZFS v28.
2010-09-20 17:10:06 +00:00
Jaakko Heinonen
de478dd4b4 execve(2) has a special check for file permissions: a file must have at
least one execute bit set, otherwise execve(2) will return EACCES even
for an user with PRIV_VFS_EXEC privilege.

Add the check also to vaccess(9), vaccess_acl_nfs4(9) and
vaccess_acl_posix1e(9). This makes access(2) to better agree with
execve(2). Because ZFS doesn't use vaccess(9) for VEXEC, add the check
to zfs_freebsd_access() too. There may be other file systems which are
not using vaccess*() functions and need to be handled separately.

PR:		kern/125009
Reviewed by:	bde, trasz
Approved by:	pjd (ZFS part)
2010-08-30 16:30:18 +00:00
Edward Tomasz Napierala
c977cdf961 The acl_cnt field is unsigned; no point in checking if it's >= 0.
Found with:	Coverity Prevent
CID:		3683
2010-06-03 13:41:55 +00:00
Edward Tomasz Napierala
922ec47140 Fix comments. 2010-01-04 12:39:42 +00:00
Edward Tomasz Napierala
558e9b5c95 Now that all the callers seem to be fixed, add KASSERTs to make sure VAPPEND
is not being used improperly.
2009-12-26 11:36:10 +00:00
Edward Tomasz Napierala
28d3fd007e Interpret VAPPEND correctly in vaccess_acl_nfs4(9). 2009-12-19 11:41:52 +00:00
Edward Tomasz Napierala
a9315dded6 Add pieces of infrastructure required for NFSv4 ACL support in UFS.
Reviewed by:	rwatson
2009-09-22 15:15:03 +00:00
Edward Tomasz Napierala
c0d345beb1 Add part of NFSv4 ACL kernel support code that is required for the upcoming
libc changes to work.  Not connected to the kernel build yet; for now,
it will be compiled into libc.

Reviewed by:	rwatson
2009-06-09 19:51:22 +00:00