85 Commits

Author SHA1 Message Date
Mark Johnston
15e594351a Don't set NFSv4 ACL inheritance flags on non-directories.
They only make sense in the context of directory ACLs, and attempting
to set them on regular files results in errors, causing a recursive
setfacl invocation to abort.

This is derived from patches by Shawn Webb <shawn.webb@hardenedbsd.org>
and Mitchell Horne <mhorne063@gmail.com>.

PR:		155163
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15061
2018-10-26 21:17:06 +00:00
Mark Johnston
10cb5344fd Don't print pathconf() errors if the target file doesn't exist.
The subsequent acl_get_file(3) call will simply echo the same error.

PR:		229930
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-10-26 19:01:52 +00:00
Mark Johnston
f024dd3bf0 Avoid leaking memory in error paths.
CID:		1390906
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-10-26 18:56:58 +00:00
Ed Maste
b79f74cc64 setfacl: style and break main() into manageable pieces
Submitted by:	Mitchell Horne
MFC with:	r332396
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15060
2018-04-27 15:25:24 +00:00
Ed Maste
21c5f7dec5 setfacl: minor man page edit to appease igor(1) 2018-04-11 13:33:12 +00:00
Ed Maste
0629b15276 setfacl: add recursive functionality
Add a -R option to setfacl to operate recursively on directories, along
with the accompanying flags -H, -L, and -P (whose behaviour mimics
chmod).

A patch was submitted with PR 155163, but this is a new implementation
based on comments raised in the Phabricator review for that patch
(review D9096).

PR:		155163
Submitted by:	Mitchell Horne <mhorne063@gmail.com>
Reviewed by:	jilles
MFC after:	2 weeks
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14934
2018-04-10 23:29:57 +00:00
Benjamin Kaduk
f3aff7c91b Fix mandoc -Tlint warnings in bin/
Many style-level issues are still reported.

Submitted by:	Yuri Pankov <yuripv@gmx.com>
Reviewed by:	jilles (previous revision)
Differential Revision:	https://reviews.freebsd.org/D13334
2017-12-07 01:57:27 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Don Lewis
4af86fb4f9 Explicitly NUL terminate the buffer filled by fread().
The fix in r300649 was not sufficient to convince Coverity that the
buffer was NUL terminated, even with the buffer pre-zeroed.  Swap
the size and nmemb arguments to fread() so that a valid lenght is
returned, which we can use to terminate the string in the buffer
at the correct location.  This should also quiet the complaint about
the return value of fread() not being checked.

Reported by:	Coverity
CID:		1019054, 1009614
MFC after:	1 week
2016-06-08 05:32:39 +00:00
Don Lewis
b1b73fc4c9 Fix Coverity CID 1019054 (String not null terminated) in setfacl.
Increase the size of buf[] by one to allow room for a NUL character
at the end.

Reported by:	Coverity
CID:		1019054
MFC after:	1 week
2016-05-25 05:20:34 +00:00
Glen Barber
ac2875fa16 Explicitly add unmarked bin/ binaries to the runtime package.
Note: tcsh(1) has a MK_TCSH=no test, so this should be a separate
package, which requires pre-install/post-install scripts, to be
added later.

Sponsored by:	The FreeBSD Foundation
2016-02-09 16:58:50 +00:00
Edward Tomasz Napierala
fe819ced32 Don't mention the "canonical six" in setfacl(1); it describes semantics
that's long gone.

MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-01-23 12:19:37 +00:00
Xin LI
28ffe927c2 Expose an interface to determine if an ACE is inherited.
Submitted by:	sef
Reviewed by:	trasz
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D3540
2015-09-04 00:14:20 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
ee7b0571c2 Merge head from 7/28 2014-08-19 06:50:54 +00:00
Baptiste Daroussin
bd0891ceb3 use .Mt to mark up email addresses consistently (part1)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:40:43 +00:00
Simon J. Gerraty
fae50821ae Updated dependencies 2014-05-16 14:09:51 +00:00
Simon J. Gerraty
76b28ad6ab Updated dependencies 2014-05-10 05:16:28 +00:00
Simon J. Gerraty
69e6d7b75e sync from head 2013-04-12 20:48:55 +00:00
Edward Tomasz Napierala
f8992fccda Mention that read_attributes, write_attributes, read_acl and write_acl
are always permitted for the file owner.

PR:		kern/174948
MFC after:	1 week
2013-04-01 13:17:28 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Edward Tomasz Napierala
a3bc22a09b Fix NFSv4 permission description in setfacl(1) manual page: the 'D'
means delete_child, not delete.

MFC after:	1 week
2013-02-08 18:43:47 +00:00
Edward Tomasz Napierala
bac44ad218 Improve description of the "-m" option to setfacl(1).
Submitted by:	scottl
MFC after:	1 week
2013-02-08 18:12:16 +00:00
Edward Tomasz Napierala
5293f9bee4 In the setfacl(1) manual page, make it clear that for NFSv4 ACLs,
one should really use -a and -x instead of -m.

MFC after:	1 week
2013-02-08 18:02:28 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Ed Schouten
ae824d80f2 Fix warnings found by -Wmising-variable-declarations.
This self-written compiler warning, which is hopefully going to be
committed into LLVM sources soon, warns about potentially missing
`static' keywords, similar to -Wmissing-prototypes.

- bin/pax: Move external declaration of chdname and s_mask into extern.h.
- bin/setfacl: Move setfacl.c-specific stuff out of setfacl.h.
- sbin/mount_fusefs: Remove char *progname; use getprogname().
- others: add `static' where possible.
2012-10-19 05:43:38 +00:00
Edward Tomasz Napierala
6e924edbde Fix an error in setfacl(1) that manifested like this:
# setfacl -m u:trasz:rwx x
# setfacl -m u:root:rwx x
# getfacl x
# file: x
# owner: root
# group: wheel
user::rw-
user:root:rwx
user:trasz:rwx
group::r--
mask::rwx
other::r--
# setfacl -m u:root:rwx x
setfacl: x: acl_calc_mask() failed: Invalid argument
setfacl: x: failed to set ACL mask

For NFSv4 ACLs, this sort of situation would result in duplicated
entries.

MFC after:	1 month
2012-09-04 12:19:34 +00:00
Edward Tomasz Napierala
8ed068d31c Make "setfacl -bd" an alias for "setfacl -k". Previously it would crash
on assert.

PR:		bin/165807
MFC after:	1 month
2012-09-04 11:50:13 +00:00
Edward Tomasz Napierala
00b2b3a55d Make setfacl(1) behave properly in situations like "setfacl -kd".
MFC after:	1 month
2012-09-04 11:43:00 +00:00
Edward Tomasz Napierala
9828700277 Fix compact form of "synchronize" permission in setfacl(1) manual page - it
should be "s", not "S".

PR:		docs/162380
MFC after:	2 weeks
2012-09-03 17:26:20 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Eitan Adler
50d675f7a9 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
Edward Tomasz Napierala
181b4eebb9 Make it possible to use permission sets (full_set, modify_set, read_set
and write_set) with setfacl(1).

PR:		kern/154113
Submitted by:	Shawn Webb <lattera at gmail dot com> (earlier version)
MFC after:	1 month
2011-04-09 07:42:25 +00:00
Jaakko Heinonen
b38dc7ebea Increase carried_error if we skip a file due to an error. This ensures
that setfacl(1) exits with proper exit status on failure.

PR:		bin/149780
Submitted by:	Ævar Arnfjörð Bjarmason (original version)
Reviewed by:	trasz
MFC after:	3 weeks
2011-01-03 17:17:31 +00:00
Benedict Reuschling
c73b6b8f1d Typo fix: s/ommited/omitted
MFC after: 4 days
2010-07-27 17:33:02 +00:00
Edward Tomasz Napierala
413f7daf59 Update authors and history.
MFC after:	1 week
2010-05-13 16:46:23 +00:00
Joel Dahl
a303eae7c8 Switch to our preferred license text.
Approved by:	jedgar
2010-03-07 07:59:05 +00:00
Edward Tomasz Napierala
6c9c14c5dc Fix breakage introduced in last commit. 2009-12-26 11:03:10 +00:00
Edward Tomasz Napierala
c93b62deca Improve ACL branding mismatch detection and reporting in some rare cases,
such as "setfacl -m ''".
2009-12-26 10:06:45 +00:00
Edward Tomasz Napierala
3f22187878 Add NFSv4 support to setfacl(1).
Reviewed by:	rwatson
2009-09-07 16:19:32 +00:00
Edward Tomasz Napierala
23f80af2ca Fix double free in setfacl(1). Description from the author:
Initially, 'acl' (an 'acl_t *') is allocated, and its ACCESS_ACL and
DEFAULT_ACL fields are passed to the 'libc' ACL routines for subsequent
allocation. If the '-m' option (merge existing ACL with a new one) is
specified, then 'set_acl_mask()' will be called and passed one of the
two ACLs. This function, in turn, replaces this given ACL structure by
another, freshly allocated. However, the pointer in the 'acl' variable
in the caller is not updated. The caller then proceeds to free the ACL,
incurring in a double free condition.

Submitted by:	Pedro Martelletto <pedro at ambientworks.net>
Approved by:	rwatson (mentor)
2008-09-06 13:17:35 +00:00
Christian S.J. Peron
f9655da0fb Add hard sentence breaks.
Pointed out by:	rwatson
MFC after:	1 week
2008-07-06 22:47:10 +00:00
Christian S.J. Peron
bc068d93d1 Document default ACLs and how to use them.
MFC after:	1 week
2008-07-06 20:29:35 +00:00
Kirk McKusick
b5ea8f4cbc Implement the -h flag (set an ACL on a symbolic link).
Before this fix the -h flag was ignored (i.e. setfacl
always set the ACL on the file pointed to by the symbolic
link even when the -h flag requested that the ACL be set
on the symbolic link itself).
2007-02-26 00:42:17 +00:00
Ruslan Ermilov
9badf57f01 Markup fixes. 2006-09-17 17:40:07 +00:00
Maxim Konovalov
1627632858 o Fix grammar, format. 2006-06-09 17:03:24 +00:00
Konstantin Belousov
ba4af6fa0d Document the way to get list of files to process from the stdin.
MFC after:	1 week
Approved by:	kan (mentor)
2006-06-09 16:11:23 +00:00
Konstantin Belousov
410572a159 Copy filename read from the stdin into the private buffer. Otherwise,
next read filename overwrite previous one, resulting in acl being
applied only to the last name in the list.

Submitted by:	Oleg Lomaka <oleg.lomaka at gmail com>
MFC after:	1 week
Approved by:	kan (mentor)
2006-06-09 16:09:26 +00:00