Commit Graph

20 Commits

Author SHA1 Message Date
pfg
cc22a86800 sys/kern: adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
2017-11-27 15:20:12 +00:00
delphij
db0a2c953d Expose an interface to determine if an ACE is inherited.
Submitted by:	sef
Reviewed by:	trasz
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D3540
2015-09-04 00:14:20 +00:00
trasz
7f09aee7a1 Fix bug where NFSv4 ACL enforcement code wouldn't unconditionally
allow the owner to read and write ACL and file attributes when there
was no entry with subject matching the owner.  In other words,
'getfacl meh' shouldn't fail for the owner if the ACL looks like this:

# file: meh
# owner: trasz
# group: wheel
         user:root:------a-------:------:allow

Reported by:	kientzle
2012-04-17 14:54:00 +00:00
adrian
f2bb6a85d7 Add module load/unload stubs. 2012-03-13 20:27:48 +00:00
trasz
2276ee2733 Remove assertion against empty NFSv4 ACLs. An empty ACL is not exactly
valid - we don't allow for setting it on a file, for example - but it's
not something we should assert on.

For STABLE kernel, it changes nothing, because it's not compiled with
INVARIANTS.  If it was, it would fix crashes.  It also fixes an assert
in libc encountered with NFSv4 without nfsuserd(8) running.

Submitted by:	Yuri Pankov (earlier version)
MFC after:	1 month
2011-10-05 17:29:49 +00:00
trasz
359437c29d Make UFS use PSARC/2010/029 NFSv4 ACL semantics by default, bringing
it in line with ZFSv28.

X-MFC-After:	ZFSv28.
2011-03-22 19:52:29 +00:00
trasz
eb401e64c1 Move the code around so that libc behaviour does not depend on a variable
that was supposed to be kernel-only.  There should be no functional changes.
2011-03-22 17:44:07 +00:00
trasz
0d90d0ceb0 Temporarily revert r219272; it breaks acl_is_trivial_np(3). 2011-03-06 20:12:09 +00:00
trasz
e78a2a669a Make UFS use PSARC/2010/029 NFSv4 ACL semantics by default, just like
ZFSv28 does.

MFC after:	2 months
2011-03-04 19:53:07 +00:00
trasz
6be0018c93 Adapt filesystem-independent NFSv4 ACL code (used by UFS, but not by ZFS)
to PSARC/2010/029.  In short, the semantics is simplified - "weird stuff"
no longer happens after chmod, entries don't get duplicated during
inheritance, and trivial ACLs no longer contain three "DENY" entries,
which is also more friendly to MS Windows.

By default, UFS keeps using old semantics.  To change it, set sysctl
vfs.acl_nfs4_old_semantics to 0.  I'll flip the switch when ZFSv28
hits the tree, to keep these two in sync - ZFS v28 uses PSARC semantics,
and ZFS v15 uses the old one.
2010-12-13 18:56:04 +00:00
trasz
81e925ec28 Fix uninitialized variable.
Found with:	Coverity Prevent(tm)
CID:		8632
2010-10-29 19:07:36 +00:00
trasz
06405a0e7b Remove workaround for ZFS bug; fix was committed to the //depot/user/pjd/zfs/...
branch some time ago.

MFC after:	two weeks
2010-10-23 14:22:50 +00:00
trasz
3e2d23f909 First step at adopting FreeBSD to support PSARC/2010/029. This makes
acl_is_trivial_np(3) properly recognize the new trivial ACLs.  From
the user point of view, that means "ls -l" no longer shows plus signs
for all the files when running ZFS v28.
2010-09-20 17:10:06 +00:00
jh
c2cb836190 execve(2) has a special check for file permissions: a file must have at
least one execute bit set, otherwise execve(2) will return EACCES even
for an user with PRIV_VFS_EXEC privilege.

Add the check also to vaccess(9), vaccess_acl_nfs4(9) and
vaccess_acl_posix1e(9). This makes access(2) to better agree with
execve(2). Because ZFS doesn't use vaccess(9) for VEXEC, add the check
to zfs_freebsd_access() too. There may be other file systems which are
not using vaccess*() functions and need to be handled separately.

PR:		kern/125009
Reviewed by:	bde, trasz
Approved by:	pjd (ZFS part)
2010-08-30 16:30:18 +00:00
trasz
cbfca8b888 The acl_cnt field is unsigned; no point in checking if it's >= 0.
Found with:	Coverity Prevent
CID:		3683
2010-06-03 13:41:55 +00:00
trasz
85a258e1b1 Fix comments. 2010-01-04 12:39:42 +00:00
trasz
a78d6a0fda Now that all the callers seem to be fixed, add KASSERTs to make sure VAPPEND
is not being used improperly.
2009-12-26 11:36:10 +00:00
trasz
6d8f8050bf Interpret VAPPEND correctly in vaccess_acl_nfs4(9). 2009-12-19 11:41:52 +00:00
trasz
7af86ad4d9 Add pieces of infrastructure required for NFSv4 ACL support in UFS.
Reviewed by:	rwatson
2009-09-22 15:15:03 +00:00
trasz
583b806b87 Add part of NFSv4 ACL kernel support code that is required for the upcoming
libc changes to work.  Not connected to the kernel build yet; for now,
it will be compiled into libc.

Reviewed by:	rwatson
2009-06-09 19:51:22 +00:00