Commit Graph

85 Commits

Author SHA1 Message Date
markj
2793a18599 Don't set NFSv4 ACL inheritance flags on non-directories.
They only make sense in the context of directory ACLs, and attempting
to set them on regular files results in errors, causing a recursive
setfacl invocation to abort.

This is derived from patches by Shawn Webb <shawn.webb@hardenedbsd.org>
and Mitchell Horne <mhorne063@gmail.com>.

PR:		155163
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15061
2018-10-26 21:17:06 +00:00
markj
a9a2d8945a Don't print pathconf() errors if the target file doesn't exist.
The subsequent acl_get_file(3) call will simply echo the same error.

PR:		229930
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-10-26 19:01:52 +00:00
markj
1cf51102c5 Avoid leaking memory in error paths.
CID:		1390906
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-10-26 18:56:58 +00:00
emaste
63000aa1e6 setfacl: style and break main() into manageable pieces
Submitted by:	Mitchell Horne
MFC with:	r332396
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15060
2018-04-27 15:25:24 +00:00
emaste
08678b9328 setfacl: minor man page edit to appease igor(1) 2018-04-11 13:33:12 +00:00
emaste
9d834e6c49 setfacl: add recursive functionality
Add a -R option to setfacl to operate recursively on directories, along
with the accompanying flags -H, -L, and -P (whose behaviour mimics
chmod).

A patch was submitted with PR 155163, but this is a new implementation
based on comments raised in the Phabricator review for that patch
(review D9096).

PR:		155163
Submitted by:	Mitchell Horne <mhorne063@gmail.com>
Reviewed by:	jilles
MFC after:	2 weeks
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14934
2018-04-10 23:29:57 +00:00
bjk
782597315d Fix mandoc -Tlint warnings in bin/
Many style-level issues are still reported.

Submitted by:	Yuri Pankov <yuripv@gmx.com>
Reviewed by:	jilles (previous revision)
Differential Revision:	https://reviews.freebsd.org/D13334
2017-12-07 01:57:27 +00:00
bdrewery
a598c4b809 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
truckman
7f608aeba9 Explicitly NUL terminate the buffer filled by fread().
The fix in r300649 was not sufficient to convince Coverity that the
buffer was NUL terminated, even with the buffer pre-zeroed.  Swap
the size and nmemb arguments to fread() so that a valid lenght is
returned, which we can use to terminate the string in the buffer
at the correct location.  This should also quiet the complaint about
the return value of fread() not being checked.

Reported by:	Coverity
CID:		1019054, 1009614
MFC after:	1 week
2016-06-08 05:32:39 +00:00
truckman
e891aa6cfe Fix Coverity CID 1019054 (String not null terminated) in setfacl.
Increase the size of buf[] by one to allow room for a NUL character
at the end.

Reported by:	Coverity
CID:		1019054
MFC after:	1 week
2016-05-25 05:20:34 +00:00
gjb
ee23b7758f Explicitly add unmarked bin/ binaries to the runtime package.
Note: tcsh(1) has a MK_TCSH=no test, so this should be a separate
package, which requires pre-install/post-install scripts, to be
added later.

Sponsored by:	The FreeBSD Foundation
2016-02-09 16:58:50 +00:00
trasz
ccc7c0bf60 Don't mention the "canonical six" in setfacl(1); it describes semantics
that's long gone.

MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-01-23 12:19:37 +00:00
delphij
db0a2c953d Expose an interface to determine if an ACE is inherited.
Submitted by:	sef
Reviewed by:	trasz
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D3540
2015-09-04 00:14:20 +00:00
sjg
008d7c831f Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
sjg
75a137820d dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
sjg
d7cd1d425c Merge head from 7/28 2014-08-19 06:50:54 +00:00
bapt
42044eb342 use .Mt to mark up email addresses consistently (part1)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:40:43 +00:00
sjg
5860f0d106 Updated dependencies 2014-05-16 14:09:51 +00:00
sjg
1a7e48acf1 Updated dependencies 2014-05-10 05:16:28 +00:00
sjg
97d8b94956 sync from head 2013-04-12 20:48:55 +00:00
trasz
3b2ecc9e06 Mention that read_attributes, write_attributes, read_acl and write_acl
are always permitted for the file owner.

PR:		kern/174948
MFC after:	1 week
2013-04-01 13:17:28 +00:00
sjg
6d37b86f2b Updated dependencies 2013-03-11 17:21:52 +00:00
sjg
0ee5295509 Updated dependencies 2013-02-16 01:23:54 +00:00
trasz
57fb31bcdb Fix NFSv4 permission description in setfacl(1) manual page: the 'D'
means delete_child, not delete.

MFC after:	1 week
2013-02-08 18:43:47 +00:00
trasz
19b8d932d1 Improve description of the "-m" option to setfacl(1).
Submitted by:	scottl
MFC after:	1 week
2013-02-08 18:12:16 +00:00
trasz
2e7f4de812 In the setfacl(1) manual page, make it clear that for NFSv4 ACLs,
one should really use -a and -x instead of -m.

MFC after:	1 week
2013-02-08 18:02:28 +00:00
sjg
778e93c51a Sync from head 2012-11-04 02:52:03 +00:00
ed
fbb83e78c0 Fix warnings found by -Wmising-variable-declarations.
This self-written compiler warning, which is hopefully going to be
committed into LLVM sources soon, warns about potentially missing
`static' keywords, similar to -Wmissing-prototypes.

- bin/pax: Move external declaration of chdname and s_mask into extern.h.
- bin/setfacl: Move setfacl.c-specific stuff out of setfacl.h.
- sbin/mount_fusefs: Remove char *progname; use getprogname().
- others: add `static' where possible.
2012-10-19 05:43:38 +00:00
trasz
9e473fee55 Fix an error in setfacl(1) that manifested like this:
# setfacl -m u:trasz:rwx x
# setfacl -m u:root:rwx x
# getfacl x
# file: x
# owner: root
# group: wheel
user::rw-
user:root:rwx
user:trasz:rwx
group::r--
mask::rwx
other::r--
# setfacl -m u:root:rwx x
setfacl: x: acl_calc_mask() failed: Invalid argument
setfacl: x: failed to set ACL mask

For NFSv4 ACLs, this sort of situation would result in duplicated
entries.

MFC after:	1 month
2012-09-04 12:19:34 +00:00
trasz
d6100248e1 Make "setfacl -bd" an alias for "setfacl -k". Previously it would crash
on assert.

PR:		bin/165807
MFC after:	1 month
2012-09-04 11:50:13 +00:00
trasz
510edf439e Make setfacl(1) behave properly in situations like "setfacl -kd".
MFC after:	1 month
2012-09-04 11:43:00 +00:00
trasz
0d3b3bd793 Fix compact form of "synchronize" permission in setfacl(1) manual page - it
should be "s", not "S".

PR:		docs/162380
MFC after:	2 weeks
2012-09-03 17:26:20 +00:00
marcel
9dd41e3647 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
eadler
1ef5fe44d3 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
trasz
53df99cb04 Make it possible to use permission sets (full_set, modify_set, read_set
and write_set) with setfacl(1).

PR:		kern/154113
Submitted by:	Shawn Webb <lattera at gmail dot com> (earlier version)
MFC after:	1 month
2011-04-09 07:42:25 +00:00
jh
4c78089710 Increase carried_error if we skip a file due to an error. This ensures
that setfacl(1) exits with proper exit status on failure.

PR:		bin/149780
Submitted by:	Ævar Arnfjörð Bjarmason (original version)
Reviewed by:	trasz
MFC after:	3 weeks
2011-01-03 17:17:31 +00:00
bcr
b14508778a Typo fix: s/ommited/omitted
MFC after: 4 days
2010-07-27 17:33:02 +00:00
trasz
5508b47842 Update authors and history.
MFC after:	1 week
2010-05-13 16:46:23 +00:00
joel
8a03745eab Switch to our preferred license text.
Approved by:	jedgar
2010-03-07 07:59:05 +00:00
trasz
690bd6b428 Fix breakage introduced in last commit. 2009-12-26 11:03:10 +00:00
trasz
0d8feb4153 Improve ACL branding mismatch detection and reporting in some rare cases,
such as "setfacl -m ''".
2009-12-26 10:06:45 +00:00
trasz
365d19e2c3 Add NFSv4 support to setfacl(1).
Reviewed by:	rwatson
2009-09-07 16:19:32 +00:00
trasz
009db84f9e Fix double free in setfacl(1). Description from the author:
Initially, 'acl' (an 'acl_t *') is allocated, and its ACCESS_ACL and
DEFAULT_ACL fields are passed to the 'libc' ACL routines for subsequent
allocation. If the '-m' option (merge existing ACL with a new one) is
specified, then 'set_acl_mask()' will be called and passed one of the
two ACLs. This function, in turn, replaces this given ACL structure by
another, freshly allocated. However, the pointer in the 'acl' variable
in the caller is not updated. The caller then proceeds to free the ACL,
incurring in a double free condition.

Submitted by:	Pedro Martelletto <pedro at ambientworks.net>
Approved by:	rwatson (mentor)
2008-09-06 13:17:35 +00:00
csjp
3b3c1f459b Add hard sentence breaks.
Pointed out by:	rwatson
MFC after:	1 week
2008-07-06 22:47:10 +00:00
csjp
05c2789f33 Document default ACLs and how to use them.
MFC after:	1 week
2008-07-06 20:29:35 +00:00
mckusick
271ce58544 Implement the -h flag (set an ACL on a symbolic link).
Before this fix the -h flag was ignored (i.e. setfacl
always set the ACL on the file pointed to by the symbolic
link even when the -h flag requested that the ACL be set
on the symbolic link itself).
2007-02-26 00:42:17 +00:00
ru
36d05684e7 Markup fixes. 2006-09-17 17:40:07 +00:00
maxim
50f099ffb3 o Fix grammar, format. 2006-06-09 17:03:24 +00:00
kib
75caa7bb1c Document the way to get list of files to process from the stdin.
MFC after:	1 week
Approved by:	kan (mentor)
2006-06-09 16:11:23 +00:00
kib
7c17e7ced2 Copy filename read from the stdin into the private buffer. Otherwise,
next read filename overwrite previous one, resulting in acl being
applied only to the last name in the list.

Submitted by:	Oleg Lomaka <oleg.lomaka at gmail com>
MFC after:	1 week
Approved by:	kan (mentor)
2006-06-09 16:09:26 +00:00