Author: trasz Date: Thu Jun 25 12:46:59 2009 New Revision: 194955 URL: http://svn.freebsd.org/changeset/base/194955
Log: Add NFSv4 ACL support to libc. This adds the following functions to the acl(3) API: acl_add_flag_np, acl_clear_flags_np, acl_create_entry_np, acl_delete_entry_np, acl_delete_flag_np, acl_get_extended_np, acl_get_flag_np, acl_get_flagset_np, acl_set_extended_np, acl_set_flagset_np, acl_to_text_np, acl_is_trivial_np, acl_strip_np, acl_get_brand_np. Most of them are similar to what Darwin does. There are no backward-incompatible changes. Approved by: rwatson@ Added: head/lib/libc/posix1e/acl_add_flag_np.3 (contents, props changed) head/lib/libc/posix1e/acl_branding.c (contents, props changed) head/lib/libc/posix1e/acl_clear_flags_np.3 (contents, props changed) head/lib/libc/posix1e/acl_delete_flag_np.3 (contents, props changed) head/lib/libc/posix1e/acl_flag.c (contents, props changed) head/lib/libc/posix1e/acl_from_text_nfs4.c (contents, props changed) head/lib/libc/posix1e/acl_get_brand_np.3 (contents, props changed) head/lib/libc/posix1e/acl_get_entry_type_np.3 (contents, props changed) head/lib/libc/posix1e/acl_get_flag_np.3 (contents, props changed) head/lib/libc/posix1e/acl_get_flagset_np.3 (contents, props changed) head/lib/libc/posix1e/acl_is_trivial_np.3 (contents, props changed) head/lib/libc/posix1e/acl_set_entry_type_np.3 (contents, props changed) head/lib/libc/posix1e/acl_set_flagset_np.3 (contents, props changed) head/lib/libc/posix1e/acl_strip.c (contents, props changed) head/lib/libc/posix1e/acl_strip_np.3 (contents, props changed) head/lib/libc/posix1e/acl_support_nfs4.c (contents, props changed) head/lib/libc/posix1e/acl_to_text_nfs4.c (contents, props changed) Modified: head/lib/libc/posix1e/Makefile.inc head/lib/libc/posix1e/Symbol.map head/lib/libc/posix1e/acl.3 head/lib/libc/posix1e/acl_add_perm.3 head/lib/libc/posix1e/acl_calc_mask.c head/lib/libc/posix1e/acl_copy.c head/lib/libc/posix1e/acl_create_entry.3 head/lib/libc/posix1e/acl_delete_entry.3 head/lib/libc/posix1e/acl_delete_entry.c head/lib/libc/posix1e/acl_entry.c head/lib/libc/posix1e/acl_from_text.c head/lib/libc/posix1e/acl_get.3 head/lib/libc/posix1e/acl_get.c head/lib/libc/posix1e/acl_init.c head/lib/libc/posix1e/acl_set.3 head/lib/libc/posix1e/acl_set.c head/lib/libc/posix1e/acl_set_tag_type.3 head/lib/libc/posix1e/acl_support.c head/lib/libc/posix1e/acl_support.h head/lib/libc/posix1e/acl_to_text.3 head/lib/libc/posix1e/acl_to_text.c head/lib/libc/posix1e/acl_valid.c head/lib/libc/sys/pathconf.2 head/sys/sys/acl.h head/sys/sys/unistd.h Modified: head/lib/libc/posix1e/Makefile.inc ============================================================================== --- head/lib/libc/posix1e/Makefile.inc Thu Jun 25 12:34:44 2009 (r194954) +++ head/lib/libc/posix1e/Makefile.inc Thu Jun 25 12:46:59 2009 (r194955) @@ -4,52 +4,74 @@ CFLAGS+=-D_ACL_PRIVATE -SRCS+= acl_calc_mask.c \ +# Copy kern/subr_acl_nfs4.c to the libc object directory. +subr_acl_nfs4.c: ${.CURDIR}/../../sys/kern/subr_acl_nfs4.c + cat ${.ALLSRC} > ${.TARGET} + +SRCS+= acl_branding.c \ + acl_calc_mask.c \ acl_copy.c \ acl_compat.c \ acl_delete.c \ acl_delete_entry.c \ acl_entry.c \ + acl_flag.c \ acl_free.c \ acl_from_text.c \ + acl_from_text_nfs4.c \ acl_get.c \ acl_init.c \ acl_perm.c \ acl_set.c \ + acl_strip.c \ acl_support.c \ + acl_support_nfs4.c \ acl_to_text.c \ + acl_to_text_nfs4.c \ acl_valid.c \ extattr.c \ mac.c \ mac_exec.c \ mac_get.c \ - mac_set.c + mac_set.c \ + subr_acl_nfs4.c SYM_MAPS+=${.CURDIR}/posix1e/Symbol.map MAN+= acl.3 \ + acl_add_flag_np.3 \ acl_add_perm.3 \ acl_calc_mask.3 \ + acl_clear_flags_np.3 \ acl_clear_perms.3 \ acl_copy_entry.3 \ acl_create_entry.3 \ acl_delete.3 \ acl_delete_entry.3 \ + acl_delete_flag_np.3 \ acl_delete_perm.3 \ acl_dup.3 \ acl_free.3 \ acl_from_text.3 \ acl_get.3 \ + acl_get_brand_np.3 \ acl_get_entry.3 \ + acl_get_entry_type_np.3 \ + acl_get_flagset_np.3 \ + acl_get_flag_np.3 \ acl_get_permset.3 \ acl_get_perm_np.3 \ acl_get_qualifier.3 \ acl_get_tag_type.3 \ acl_init.3 \ + acl_is_trivial_np.3 \ acl_set.3 \ + acl_set_entry_type_np.3 \ + acl_set_flagset_np.3 \ acl_set_permset.3 \ acl_set_qualifier.3 \ acl_set_tag_type.3 \ + acl_strip_np.3 \ acl_to_text.3 \ acl_valid.3 \ extattr.3 \ @@ -63,15 +85,18 @@ MAN+= acl.3 \ mac_text.3 \ posix1e.3 -MLINKS+=acl_delete.3 acl_delete_def_file.3 \ +MLINKS+=acl_create_entry.3 acl_create_entry_np.3\ + acl_delete.3 acl_delete_def_file.3 \ acl_delete.3 acl_delete_file_np.3 \ acl_delete.3 acl_delete_fd_np.3 \ + acl_delete_entry.3 acl_delete_entry_np.3\ acl_get.3 acl_get_file.3 \ acl_get.3 acl_get_fd.3 \ acl_get.3 acl_get_fd_np.3 \ acl_set.3 acl_set_file.3 \ acl_set.3 acl_set_fd.3 \ acl_set.3 acl_set_fd_np.3 \ + acl_to_text.3 acl_to_text_np.3 \ acl_valid.3 acl_valid_file_np.3 \ acl_valid.3 acl_valid_fd_np.3 \ extattr.3 extattr_namespace_to_string.3 \ Modified: head/lib/libc/posix1e/Symbol.map ============================================================================== --- head/lib/libc/posix1e/Symbol.map Thu Jun 25 12:34:44 2009 (r194954) +++ head/lib/libc/posix1e/Symbol.map Thu Jun 25 12:46:59 2009 (r194955) @@ -66,7 +66,21 @@ FBSD_1.0 { }; FBSD_1.1 { + acl_add_flag_np; acl_add_perm; + acl_clear_flags_np; + acl_create_entry_np; + acl_delete_entry_np; + acl_delete_flag_np; acl_delete_perm; + acl_get_brand_np; + acl_get_entry_type_np; + acl_get_flag_np; + acl_get_flagset_np; acl_get_perm_np; + acl_is_trivial_np; + acl_set_entry_type_np; + acl_set_flagset_np; + acl_strip_np; + acl_to_text_np; }; Modified: head/lib/libc/posix1e/acl.3 ============================================================================== --- head/lib/libc/posix1e/acl.3 Thu Jun 25 12:34:44 2009 (r194954) +++ head/lib/libc/posix1e/acl.3 Thu Jun 25 12:46:59 2009 (r194955) @@ -59,6 +59,10 @@ all of these support routines are implem .Pp Available functions, sorted by behavior, include: .Bl -tag -width indent +.It Fn acl_add_flag_np +This function is described in +.Xr acl_add_flag_np 3 , +and may be used to add flags to a flagset. .It Fn acl_add_perm This function is described in .Xr acl_add_perm 3 , @@ -70,6 +74,10 @@ and may be used to calculate and set the the .Dv ACL_MASK entry. +.It Fn acl_clear_flags_np +This function is described in +.Xr acl_clear_flags_np 3 , +and may be used to clear all flags from a flagset. .It Fn acl_clear_perms This function is described in .Xr acl_clear_perms 3 , @@ -78,8 +86,11 @@ and may be used to clear all permissions This function is described in .Xr acl_copy_entry 3 , and may be used to copy the contents of an ACL entry. -.It Fn acl_create_entry -This function is described in +.It Xo +.Fn acl_create_entry , +.Fn acl_create_entry_np +.Xc +These functions are described in .Xr acl_create_entry 3 , and may be used to create an empty entry in an ACL. .It Xo @@ -92,10 +103,17 @@ and may be used to create an empty entry These functions are described in .Xr acl_delete 3 , and may be used to delete ACLs from file system objects. -.It Fn acl_delete_entry -This function is described in +.It Xo +.Fn acl_delete_entry , +.Fn acl_delete_entry_np , +.Xc +This functions are described in .Xr acl_delete_entry 3 , and may be used to delete an entry from an ACL. +.It Fn acl_delete_flag_np +This function is described in +.Xr acl_delete_flag_np 3 , +and may be used to delete flags from a flagset. .It Fn acl_delete_perm This function is described in .Xr acl_delete_perm 3 , @@ -126,6 +144,14 @@ and may be used to retrieve a designated These functions are described in .Xr acl_get 3 , and may be used to retrieve ACLs from file system objects. +.It Fn acl_get_entry_type_np +This function is described in +.Xr acl_get_entry_type_np 3 , +and may be used to retrieve an ACL type from an ACL entry. +.It Fn acl_get_flagset_np +This function is described in +.Xr acl_get_flagset_np 3 , +and may be used to retrieve a flagset from an ACL entry. .It Fn acl_get_permset This function is described in .Xr acl_get_permset 3 , @@ -142,6 +168,10 @@ and may be used to retrieve the tag type This function is described in .Xr acl_init 3 , and may be used to allocate a fresh (empty) ACL structure. +.It Fn acl_is_trivial_np +This function is described in +.Xr acl_is_trivial_np 3 , +and may be used to find out whether ACL is trivial. .It Xo .Fn acl_set_fd , .Fn acl_set_fd_np , @@ -151,6 +181,14 @@ and may be used to allocate a fresh (emp These functions are described in .Xr acl_set 3 , and may be used to assign an ACL to a file system object. +.It Fn acl_set_entry_type_np +This function is described in +.Xr acl_set_entry_type_np 3 , +and may be used to set the ACL type of an ACL entry. +.It Fn acl_set_flagset_np +This function is described in +.Xr acl_set_flagset_np 3 , +and may be used to set the flags of an ACL entry from a flagset. .It Fn acl_set_permset This function is described in .Xr acl_set_permset 3 , @@ -163,8 +201,15 @@ and may be used to set the qualifier of This function is described in .Xr acl_set_tag_type 3 , and may be used to set the tag type of an ACL. -.It Fn acl_to_text -This function is described in +.It Fn acl_strip_np +This function is describe din +.Xr acl-strip_np 3 , +and may be used to remove extended entries from an ACL. +.It Xo +.Fn acl_to_text , +.Fn acl_to_text_np +.Xc +These functions are described in .Xr acl_to_text 3 , and may be used to generate a text-form of a POSIX.1e semantics ACL. .It Xo @@ -189,25 +234,34 @@ library. .Sh SEE ALSO .Xr getfacl 1 , .Xr setfacl 1 , +.Xr acl_add_flag_np 3 , .Xr acl_add_perm 3 , .Xr acl_calc_mask 3 , +.Xr acl_clear_flags_np 3 , .Xr acl_clear_perms 3 , .Xr acl_copy_entry 3 , .Xr acl_create_entry 3 , .Xr acl_delete_entry 3 , +.Xr acl_delete_flag_np 3 , .Xr acl_delete_perm 3 , .Xr acl_dup 3 , .Xr acl_free 3 , .Xr acl_from_text 3 , .Xr acl_get 3 , +.Xr acl_get_entry_type_np 3 , +.Xr acl_get_flagset_np 3 , .Xr acl_get_permset 3 , .Xr acl_get_qualifier 3 , .Xr acl_get_tag_type 3 , .Xr acl_init 3 , +.Xr acl_is_trivial_np 3 , .Xr acl_set 3 , +.Xr acl_set_entry_type_np 3 , +.Xr acl_set_flagset_np 3 , .Xr acl_set_permset 3 , .Xr acl_set_qualifier 3 , .Xr acl_set_tag_type 3 , +.Xr acl_strip_np 3 , .Xr acl_to_text 3 , .Xr acl_valid 3 , .Xr posix1e 3 , Added: head/lib/libc/posix1e/acl_add_flag_np.3 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lib/libc/posix1e/acl_add_flag_np.3 Thu Jun 25 12:46:59 2009 (r194955) @@ -0,0 +1,294 @@ +.\"- +.\" Copyright (c) 2008, 2009 Edward Tomasz Napierala +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd March 10, 2001 +.Dt ACL_ADD_FLAG_NP 3 +.Os +.Sh NAME +.Nm acl_add_flag_np +.Nd add flags to a flagset +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/types.h +.In sys/acl.h +.Ft int +.Fn acl_add_flag_np "acl_flagset_t flagset_d" "acl_flag_t flag" +.Sh DESCRIPTION +The +.Fn acl_add_flag_np +function +is a non-portable call that adds the flags contained in +.Fa flags +to the flagset +.Fa flagset_d . +.Pp +Note: it is not considered an error to attempt to add flags +that already exist in the flagset. +.Pp +Valid values are: +.Pp +.Bl -column -offset 3n "ACL_ENTRY_NO_PROPAGATE_INHERIT" +.It ACL_ENTRY_FILE_INHERIT Will be inherited by files. +.It ACL_ENTRY_DIRECTORY_INHERIT Will be inherited by directories. +.It ACL_ENTRY_NO_PROPAGATE_INHERIT Will not propagate. +.It ACL_ENTRY_INHERIT_ONLY Inherit-only. +.El +.Sh RETURN VALUES +.Rv -std acl_add_flag_np +.Sh ERRORS +The +.Fn acl_add_flag_np +function fails if: +.Bl -tag -width Er +.It Bq Er EINVAL +Argument +.Fa flagset_d +is not a valid descriptor for a flagset within an ACL entry. +Argument +.Fa flag +does not contain a valid +.Vt acl_flag_t +value. +.El +.Sh SEE ALSO +.Xr acl 3 , +.Xr acl_clear_flags_np 3 , +.Xr acl_delete_flag_np 3 , +.Xr acl_get_flagset_np 3 , +.Xr acl_set_flagset_np 3 , +.Xr posix1e 3 +.Sh STANDARDS +POSIX.1e is described in IEEE POSIX.1e draft 17. +.Sh HISTORY +POSIX.1e support was introduced in +.Fx 4.0 . +The +.Fn acl_add_flag_np +function was added in +.Fx 8.0 . +.Sh AUTHORS +The +.Fn acl_add_flag_np +function was written by +.An Edward Tomasz Napierala Aq tr...@freebsd.org . +.\"- +.\" Copyright (c) 2008, 2009 Edward Tomasz Napierala +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd March 10, 2001 +.Dt ACL_ADD_FLAG_NP 3 +.Os +.Sh NAME +.Nm acl_add_flag_np +.Nd add flags to a flagset +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/types.h +.In sys/acl.h +.Ft int +.Fn acl_add_flag_np "acl_flagset_t flagset_d" "acl_flag_t flag" +.Sh DESCRIPTION +The +.Fn acl_add_flag_np +function +is a non-portable call that adds the flags contained in +.Fa flags +to the flagset +.Fa flagset_d . +.Pp +Note: it is not considered an error to attempt to add flags +that already exist in the flagset. +.Pp +Valid values are: +.Pp +.Bl -column -offset 3n "ACL_ENTRY_NO_PROPAGATE_INHERIT" +.It ACL_ENTRY_FILE_INHERIT Will be inherited by files. +.It ACL_ENTRY_DIRECTORY_INHERIT Will be inherited by directories. +.It ACL_ENTRY_NO_PROPAGATE_INHERIT Will not propagate. +.It ACL_ENTRY_INHERIT_ONLY Inherit-only. +.El +.Sh RETURN VALUES +.Rv -std acl_add_flag_np +.Sh ERRORS +The +.Fn acl_add_flag_np +function fails if: +.Bl -tag -width Er +.It Bq Er EINVAL +Argument +.Fa flagset_d +is not a valid descriptor for a flagset within an ACL entry. +Argument +.Fa flag +does not contain a valid +.Vt acl_flag_t +value. +.El +.Sh SEE ALSO +.Xr acl 3 , +.Xr acl_clear_flags_np 3 , +.Xr acl_delete_flag_np 3 , +.Xr acl_get_flagset_np 3 , +.Xr acl_set_flagset_np 3 , +.Xr posix1e 3 +.Sh STANDARDS +POSIX.1e is described in IEEE POSIX.1e draft 17. +.Sh HISTORY +POSIX.1e support was introduced in +.Fx 4.0 . +The +.Fn acl_add_flag_np +function was added in +.Fx 8.0 . +.Sh AUTHORS +The +.Fn acl_add_flag_np +function was written by +.An Edward Tomasz Napierala Aq tr...@freebsd.org . +.\"- +.\" Copyright (c) 2008, 2009 Edward Tomasz Napierala +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd March 10, 2001 +.Dt ACL_ADD_FLAG_NP 3 +.Os +.Sh NAME +.Nm acl_add_flag_np +.Nd add flags to a flagset +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/types.h +.In sys/acl.h +.Ft int +.Fn acl_add_flag_np "acl_flagset_t flagset_d" "acl_flag_t flag" +.Sh DESCRIPTION +The +.Fn acl_add_flag_np +function +is a non-portable call that adds the flags contained in +.Fa flags +to the flagset +.Fa flagset_d . +.Pp +Note: it is not considered an error to attempt to add flags +that already exist in the flagset. +.Pp +Valid values are: +.Pp +.Bl -column -offset 3n "ACL_ENTRY_NO_PROPAGATE_INHERIT" +.It ACL_ENTRY_FILE_INHERIT Will be inherited by files. +.It ACL_ENTRY_DIRECTORY_INHERIT Will be inherited by directories. +.It ACL_ENTRY_NO_PROPAGATE_INHERIT Will not propagate. +.It ACL_ENTRY_INHERIT_ONLY Inherit-only. +.El +.Sh RETURN VALUES +.Rv -std acl_add_flag_np +.Sh ERRORS +The +.Fn acl_add_flag_np +function fails if: +.Bl -tag -width Er +.It Bq Er EINVAL +Argument +.Fa flagset_d +is not a valid descriptor for a flagset within an ACL entry. +Argument +.Fa flag +does not contain a valid +.Vt acl_flag_t +value. +.El +.Sh SEE ALSO +.Xr acl 3 , +.Xr acl_clear_flags_np 3 , +.Xr acl_delete_flag_np 3 , +.Xr acl_get_flagset_np 3 , +.Xr acl_set_flagset_np 3 , +.Xr posix1e 3 +.Sh STANDARDS +POSIX.1e is described in IEEE POSIX.1e draft 17. +.Sh HISTORY +POSIX.1e support was introduced in +.Fx 4.0 . +The +.Fn acl_add_flag_np +function was added in +.Fx 8.0 . +.Sh AUTHORS +The +.Fn acl_add_flag_np +function was written by +.An Edward Tomasz Napierala Aq tr...@freebsd.org . Modified: head/lib/libc/posix1e/acl_add_perm.3 ============================================================================== --- head/lib/libc/posix1e/acl_add_perm.3 Thu Jun 25 12:34:44 2009 (r194954) +++ head/lib/libc/posix1e/acl_add_perm.3 Thu Jun 25 12:46:59 2009 (r194955) @@ -52,11 +52,43 @@ that already exist in the permission set .Pp For POSIX.1e ACLs, valid values are: .Pp -.Bl -column -offset 3n "ACL_EXECUTE" +.Bl -column -offset 3n "ACL_WRITE_NAMED_ATTRS" .It ACL_EXECUTE Execute permission .It ACL_WRITE Write permission .It ACL_READ Read permission .El +.Pp +For NFSv4 ACLs, valid values are: +.Pp +.Bl -column -offset 3n "ACL_WRITE_NAMED_ATTRS" +.It ACL_READ_DATA Read permission +.It ACL_LIST_DIRECTORY Same as ACL_READ_DATA +.It ACL_WRITE_DATA Write permission, or permission to create files +.It ACL_ADD_FILE Same as ACL_READ_DATA +.It ACL_APPEND_DATA Permission to create directories. Ignored for files +.It ACL_ADD_SUBDIRECTORY Same as ACL_APPEND_DATA +.It ACL_READ_NAMED_ATTRS Ignored +.It ACL_WRITE_NAMED_ATTRS Ignored +.It ACL_EXECUTE Execute permission +.It ACL_DELETE_CHILD Permission to delete files and subdirectories +.It ACL_READ_ATTRIBUTES Permission to read basic attributes +.It ACL_WRITE_ATTRIBUTES Permission to change basic attributes +.It ACL_DELETE Permission to delete the object this ACL is placed on +.It ACL_READ_ACL Permission to read ACL +.It ACL_WRITE_ACL Permission to change the ACL and file mode +.It ACL_SYNCHRONIZE Ignored +.El +.Pp +Calling +.Fn acl_add_perm +with +.Fa perm +equal to ACL_WRITE or ACL_READ brands the ACL as POSIX. +Calling it with ACL_READ_DATA, ACL_LIST_DIRECTORY, ACL_WRITE_DATA, +ACL_ADD_FILE, ACL_APPEND_DATA, ACL_ADD_SUBDIRECTORY, ACL_READ_NAMED_ATTRS, +ACL_WRITE_NAMED_ATTRS, ACL_DELETE_CHILD, ACL_READ_ATTRIBUTES, +ACL_WRITE_ATTRIBUTES, ACL_DELETE, ACL_READ_ACL, ACL_WRITE_ACL +or ACL_SYNCHRONIZE brands the ACL as NFSv4. .Sh RETURN VALUES .Rv -std acl_add_perm .Sh ERRORS @@ -73,11 +105,13 @@ Argument does not contain a valid .Vt acl_perm_t value. +ACL is already branded differently. .El .Sh SEE ALSO .Xr acl 3 , .Xr acl_clear_perms 3 , .Xr acl_delete_perm 3 , +.Xr acl_get_brand_np 3 , .Xr acl_get_permset 3 , .Xr acl_set_permset 3 , .Xr posix1e 3 Added: head/lib/libc/posix1e/acl_branding.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lib/libc/posix1e/acl_branding.c Thu Jun 25 12:46:59 2009 (r194955) @@ -0,0 +1,498 @@ +/*- + * Copyright (c) 2008, 2009 Edward Tomasz Napierała <tr...@freebsd.org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <assert.h> +#include <errno.h> +#include <sys/acl.h> + +#include "acl_support.h" + +/* + * An ugly detail of the implementation - fortunately not visible + * to the API users - is the "branding": libc needs to keep track + * of what "brand" ACL is: NFSv4, POSIX.1e or unknown. It happens + * automatically - for example, during acl_get_file(3) ACL gets + * branded according to the "type" argument; during acl_set_permset + * ACL, if its brand is unknown it gets branded as NFSv4 if any of the + * NFSv4 permissions that are not valid for POSIX.1e ACL are set etc. + * Branding information is used for printing out the ACL (acl_to_text(3)), + * veryfying acl_set_whatever arguments (checking against setting + * bits that are valid only for NFSv4 in ACL branded as POSIX.1e) etc. + */ + +static acl_t +entry2acl(acl_entry_t entry) +{ + acl_t aclp; + + aclp = (acl_t)(((long)entry >> _ACL_T_ALIGNMENT_BITS) << _ACL_T_ALIGNMENT_BITS); + + return (aclp); +} + +/* + * Return brand of an ACL. + */ +int +_acl_brand(const acl_t acl) +{ + + return (acl->ats_brand); +} + +int +_entry_brand(const acl_entry_t entry) +{ + + return (_acl_brand(entry2acl(entry))); +} + +/* + * Return 1, iff branding ACL as "brand" is ok. + */ +int +_acl_brand_may_be(const acl_t acl, int brand) +{ + + if (_acl_brand(acl) == ACL_BRAND_UNKNOWN) + return (1); + + if (_acl_brand(acl) == brand) + return (1); + + return (0); +} + +int +_entry_brand_may_be(const acl_entry_t entry, int brand) +{ + + return (_acl_brand_may_be(entry2acl(entry), brand)); +} + +/* + * Brand ACL as "brand". + */ +void +_acl_brand_as(acl_t acl, int brand) +{ + + assert(_acl_brand_may_be(acl, brand)); + + acl->ats_brand = brand; +} + +void +_entry_brand_as(const acl_entry_t entry, int brand) +{ + + _acl_brand_as(entry2acl(entry), brand); +} + +int +_acl_type_not_valid_for_acl(const acl_t acl, acl_type_t type) +{ + + switch (_acl_brand(acl)) { + case ACL_BRAND_NFS4: + if (type == ACL_TYPE_NFS4) + return (0); + break; + + case ACL_BRAND_POSIX: + if (type == ACL_TYPE_ACCESS || type == ACL_TYPE_DEFAULT) + return (0); + break; + } + + return (-1); +} + +void +_acl_brand_from_type(acl_t acl, acl_type_t type) +{ + + switch (type) { + case ACL_TYPE_NFS4: + _acl_brand_as(acl, ACL_BRAND_NFS4); + break; + case ACL_TYPE_ACCESS: + case ACL_TYPE_DEFAULT: + _acl_brand_as(acl, ACL_BRAND_POSIX); + break; + default: + /* XXX: What to do here? */ + break; + } +} + +int +acl_get_brand_np(acl_t acl, int *brand_p) +{ + + if (acl == NULL || brand_p == NULL) { + errno = EINVAL; + return (-1); + } + *brand_p = _acl_brand(acl); + + return (0); +} +/*- + * Copyright (c) 2008, 2009 Edward Tomasz Napierała <tr...@freebsd.org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <assert.h> +#include <errno.h> +#include <sys/acl.h> + +#include "acl_support.h" + +/* + * An ugly detail of the implementation - fortunately not visible + * to the API users - is the "branding": libc needs to keep track + * of what "brand" ACL is: NFSv4, POSIX.1e or unknown. It happens + * automatically - for example, during acl_get_file(3) ACL gets + * branded according to the "type" argument; during acl_set_permset + * ACL, if its brand is unknown it gets branded as NFSv4 if any of the + * NFSv4 permissions that are not valid for POSIX.1e ACL are set etc. + * Branding information is used for printing out the ACL (acl_to_text(3)), + * veryfying acl_set_whatever arguments (checking against setting + * bits that are valid only for NFSv4 in ACL branded as POSIX.1e) etc. + */ + +static acl_t +entry2acl(acl_entry_t entry) +{ + acl_t aclp; + + aclp = (acl_t)(((long)entry >> _ACL_T_ALIGNMENT_BITS) << _ACL_T_ALIGNMENT_BITS); + + return (aclp); +} + +/* + * Return brand of an ACL. + */ +int +_acl_brand(const acl_t acl) +{ + + return (acl->ats_brand); +} + +int +_entry_brand(const acl_entry_t entry) +{ + + return (_acl_brand(entry2acl(entry))); +} + +/* + * Return 1, iff branding ACL as "brand" is ok. + */ +int +_acl_brand_may_be(const acl_t acl, int brand) +{ + + if (_acl_brand(acl) == ACL_BRAND_UNKNOWN) + return (1); + + if (_acl_brand(acl) == brand) + return (1); + + return (0); +} + +int +_entry_brand_may_be(const acl_entry_t entry, int brand) +{ + + return (_acl_brand_may_be(entry2acl(entry), brand)); +} + +/* + * Brand ACL as "brand". + */ +void +_acl_brand_as(acl_t acl, int brand) +{ + + assert(_acl_brand_may_be(acl, brand)); + + acl->ats_brand = brand; +} + +void +_entry_brand_as(const acl_entry_t entry, int brand) +{ + + _acl_brand_as(entry2acl(entry), brand); +} + +int +_acl_type_not_valid_for_acl(const acl_t acl, acl_type_t type) +{ + + switch (_acl_brand(acl)) { + case ACL_BRAND_NFS4: + if (type == ACL_TYPE_NFS4) + return (0); + break; + + case ACL_BRAND_POSIX: + if (type == ACL_TYPE_ACCESS || type == ACL_TYPE_DEFAULT) + return (0); + break; + } + + return (-1); +} + +void +_acl_brand_from_type(acl_t acl, acl_type_t type) +{ + + switch (type) { + case ACL_TYPE_NFS4: + _acl_brand_as(acl, ACL_BRAND_NFS4); + break; + case ACL_TYPE_ACCESS: + case ACL_TYPE_DEFAULT: + _acl_brand_as(acl, ACL_BRAND_POSIX); + break; + default: + /* XXX: What to do here? */ + break; + } +} + +int +acl_get_brand_np(acl_t acl, int *brand_p) +{ + + if (acl == NULL || brand_p == NULL) { + errno = EINVAL; + return (-1); + } + *brand_p = _acl_brand(acl); + + return (0); +} +/*- + * Copyright (c) 2008, 2009 Edward Tomasz Napierała <tr...@freebsd.org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <assert.h> +#include <errno.h> +#include <sys/acl.h> *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"