264 Commits

Author SHA1 Message Date
trasz
53df99cb04 Make it possible to use permission sets (full_set, modify_set, read_set
and write_set) with setfacl(1).

PR:		kern/154113
Submitted by:	Shawn Webb <lattera at gmail dot com> (earlier version)
MFC after:	1 month
2011-04-09 07:42:25 +00:00
trasz
eb401e64c1 Move the code around so that libc behaviour does not depend on a variable
that was supposed to be kernel-only.  There should be no functional changes.
2011-03-22 17:44:07 +00:00
trasz
a751651e6d Make acl_strip_np(3) use new trivial ACL format for NFSv4 ACls (three
entries instead of six).  This makes "setfacl -b" do the right thing
for ACLs on ZFS.  UFS recognizes both kinds of trivial ACLs; no change
there.

MFC after:	2 months
2011-03-04 17:23:10 +00:00
trasz
62c21ef295 Bump manual page date. 2010-12-13 19:03:10 +00:00
trasz
969e953241 After PSARC/2010/029, "canonical six" no longer exists. 2010-12-13 19:01:23 +00:00
uqs
8ae3afcfad mdoc: drop redundant .Pp and .LP calls
They have no effect when coming in pairs, or before .Bl/.Bd
2010-10-08 12:40:16 +00:00
trasz
3e2d23f909 First step at adopting FreeBSD to support PSARC/2010/029. This makes
acl_is_trivial_np(3) properly recognize the new trivial ACLs.  From
the user point of view, that means "ls -l" no longer shows plus signs
for all the files when running ZFS v28.
2010-09-20 17:10:06 +00:00
trasz
9925a95918 Arrgh, tested wrong source tree _again_. Fix previous commit. Also,
this and previous one are MFC candidate.

MFC after:	1 month
2010-09-09 20:37:19 +00:00
trasz
d7dd2333f7 Add minor optimization. It's less strict than its kernel counterpart
due to upcoming ACL changes required by the new ZFS.
2010-09-09 20:07:40 +00:00
joel
52dbc8b634 Spelling fixes. 2010-08-02 16:01:45 +00:00
trasz
01650ad878 Fix acl_from_text(3) - and, therefore, setfacl(1) - for user and group
names names starting with a digit.

MFC after:	1 month
2010-07-06 17:20:08 +00:00
trasz
3b22f10bbd Remove comment which didn't match reality for a long time.
Reviewed by:	rwatson
2010-07-05 19:01:10 +00:00
kientzle
d044db72cd Separate _posix1e_acl_id_to_name() into a separate file, to
break an unnecessary dependency on getpwuid() and getgrgid().

MFC after: 1 month
2010-06-14 02:26:13 +00:00
trasz
46a01349e9 Don't use pointer to 64 bit value (id_t) to point to 32 bit value (uid_t).
Found with:	Coverity Prevent
CID:		7466, 7467
MFC after:	2 weeks
2010-06-05 07:40:32 +00:00
trasz
7c23796624 Don't forget to free the string in error case.
Found with:	Coverity Prevent
CID:		6585
2010-06-03 14:51:29 +00:00
trasz
307713b0cf _posix1e_acl_sort() never returns anything other than 0; change its
return type to void and update callers.  This simplifies code and
fixes one place where the returned value was not actually checked.

Found with:	Coverity Prevent
CID:		4791
2010-06-03 14:29:17 +00:00
trasz
26f044985f Fix usage of uninitialized variable.
Found with:	Coverity Prevent
CID:		7517
MFC after:	2 weeks
2010-06-03 14:27:18 +00:00
trasz
45e71b2250 The 'acl_cnt' field is unsigned; no point in checking if it's >= 0.
Found with:	Coverity Prevent
CID:		6192
2010-06-03 14:16:58 +00:00
trasz
0463f9931f The 'acl_cnt' field is unsigned; no point in checking if it's >= 0.
Found with:	Coverity Prevent
CID:		6193
2010-06-03 14:15:08 +00:00
trasz
2040787fbf Make acl_get_perm_np(3) work with NFSv4 ACLs.
Reviewed by:	kientzle@
MFC after:	1 week
2010-05-23 08:12:36 +00:00
trasz
645d8207e1 Make branding less intrusive - in acl_set(3), in case ACL brand
is ACL_BRAND_UNKNOWN, do what the programmer says instead of failing.

MFC after:	1 week
2010-05-13 16:44:27 +00:00
trasz
b01f1cf8e0 Make it possible to actually use NFSv4 permission bits with acl_set_perm(3)
and acl_delete_perm(3).  It went undetected, because neither setfacl(1)
nor Samba use this routines.  D'oh.

MFC after:	1 week
2010-05-13 16:42:01 +00:00
uqs
3960614646 mdoc: order prologue macros consistently by Dd/Dt/Os
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by:	ru
Approved by:	philip, ed (mentors)
2010-04-14 19:08:06 +00:00
trasz
b49ccfb35d Make acl_to_text_np(3) not crash on long group or user names in NFSv4 ACLs.
PR:		amd64/145091
MFC after:	2 weeks
2010-03-28 17:29:15 +00:00
joel
8a03745eab Switch to our preferred license text.
Approved by:	jedgar
2010-03-07 07:59:05 +00:00
joel
0b73196964 Use our standard license text. No more voices in the authors head. :-)
Approved by:	trasz
2010-03-04 19:38:24 +00:00
trhodes
9aa063fee4 s/APIS/APIs - not part of the original submission. 2010-02-11 19:20:06 +00:00
trhodes
2f0d280191 Correct two typoes.
Submitted by:	Matthew Seaman <m.seaman@infracaninophile.co.uk>
2010-02-11 14:45:00 +00:00
ed
a922794e92 Don't forget to clean up the file copied from the kernel sources.
MFC after:	1 week
2010-01-02 20:27:14 +00:00
markus
de21e8d4af Use a local copy of entry_d for finding matches. Otherwise, if entry_d pointed
to an entry of 'acl', all ACL entries starting with entry_d would be deleted.

Reviewed by:	trasz
Approved by:	emax (mentor)
MFC after:	3 days
2009-12-25 18:05:06 +00:00
ed
e912442e98 Don't let the C library depend on <utmp.h>.
The maximum length of a username has nothing to do with the size of the
username in the utmp files. Use MAXLOGNAME, which is defined as 17
(UT_USERSIZE + 1).
2009-12-05 19:04:21 +00:00
brueffer
0f3100cf28 Fix a memory leak in acl_from_text() in case the conversion succeeded.
Submitted by:	Jim Wilcoxson <prirun@gmail.com>
MFC after:	1 week
2009-11-16 09:28:22 +00:00
trasz
008ef8cd3b Fix regression introduced with NFSv4 ACL support - make acl_to_text(3)
and acl_calc_mask(3) return error instead of crashing when acl passed
to them is NULL.

Submitted by:	markus
Reviewed by:	rwatson
MFC after:	3 days
2009-09-01 18:30:17 +00:00
kientzle
13a2f00901 Style: Remove trailing whitespace. 2009-08-29 03:17:24 +00:00
rwatson
f430081d70 Update posix1e-related man pages, especially as relates to MAC, to more
accurately reflect the last ten years of work.

Approved by:	re (kib)
2009-08-12 10:46:48 +00:00
trasz
43717b2100 Add missing MLINKS for acl_{get,set}_link_fd(3).
Approved by:	re (kib)
2009-07-14 19:37:53 +00:00
trasz
26f635f51f Fix acl_set_fd(3) and acl_get_fd(3) for cases where the kernel doesn't know
anything about _PC_ACL_NFS4.
2009-06-25 20:57:53 +00:00
trasz
07492aedb8 Manual page tweaks. 2009-06-25 16:34:29 +00:00
trasz
28121c52ac Fix c194955 - somehow I managed all the new files, tripling their
contents.
2009-06-25 13:08:02 +00:00
trasz
860d8cee97 Bump manual page timestamps. 2009-06-25 12:53:50 +00:00
trasz
ff27511233 Add NFSv4 ACL support to libc.
This adds the following functions to the acl(3) API: acl_add_flag_np,
acl_clear_flags_np, acl_create_entry_np, acl_delete_entry_np,
acl_delete_flag_np, acl_get_extended_np, acl_get_flag_np, acl_get_flagset_np,
acl_set_extended_np, acl_set_flagset_np, acl_to_text_np, acl_is_trivial_np,
acl_strip_np, acl_get_brand_np.  Most of them are similar to what Darwin
does.  There are no backward-incompatible changes.

Approved by:    rwatson@
2009-06-25 12:46:59 +00:00
trasz
7449a8ffdf Fix off by one error in acl_create_entry(3).
Reviewed by:	rwatson@
MFC after:	2 weeks
2009-05-28 07:20:52 +00:00
trasz
38205ec380 Change license to more bori^Wadul^Wcanonical.
Submitted by:	rwatson@
2009-05-26 11:42:06 +00:00
trasz
6cb6efd9fd Improve API documentation.
Reviewed by:	rwatson (earlier version)
2009-05-23 13:51:05 +00:00
trasz
fb57d2691e Make 'struct acl' larger, as required to support NFSv4 ACLs. Provide
compatibility interfaces in both kernel and libc.

Reviewed by:	rwatson
2009-05-22 15:56:43 +00:00
brueffer
5742509236 Since audit(4) isn't based on posix1e, remove the commented out audit.h header,
xref libbsm(3).

Submitted by:	rwatson
MFC after:	3 days
2009-05-19 22:28:33 +00:00
trasz
bbc311fa83 Fix typo. 2009-04-26 10:12:20 +00:00
imp
c472e6126e Replace the non-standard disclaimer with the standard one from /COPYRIGHT
Approved by:	jedgar@
2008-11-04 00:20:43 +00:00
rwatson
c57e2fc46a The libc acl_valid(3) function validates the contents of a POSIX.1e ACL.
This change removes the requirement that an ACL contain no ACL_USER
entries with a uid the same as those of a file, or ACL_GROUP entries
with a gid the same as those of a file.  This requirement is not in the
specification, and not enforced by the kernel's ACL implementation.

Reported by:	Iustin Pop <iusty at k1024 dot org>
MFC after:	1 week
2008-07-13 16:37:51 +00:00
rwatson
360d527360 Add __FBSDID() tags.
MFC after:	3 days
2008-03-07 15:25:56 +00:00