Author: trasz
Date: Thu Jun 25 12:46:59 2009
New Revision: 194955
URL: http://svn.freebsd.org/changeset/base/194955
Log:
Add NFSv4 ACL support to libc.
This adds the following functions to the acl(3) API: acl_add_flag_np,
acl_clear_flags_np, acl_create_entry_np, acl_delete_entry_np,
acl_delete_flag_np, acl_get_extended_np, acl_get_flag_np, acl_get_flagset_np,
acl_set_extended_np, acl_set_flagset_np, acl_to_text_np, acl_is_trivial_np,
acl_strip_np, acl_get_brand_np. Most of them are similar to what Darwin
does. There are no backward-incompatible changes.
Approved by: rwatson@
Added:
head/lib/libc/posix1e/acl_add_flag_np.3 (contents, props changed)
head/lib/libc/posix1e/acl_branding.c (contents, props changed)
head/lib/libc/posix1e/acl_clear_flags_np.3 (contents, props changed)
head/lib/libc/posix1e/acl_delete_flag_np.3 (contents, props changed)
head/lib/libc/posix1e/acl_flag.c (contents, props changed)
head/lib/libc/posix1e/acl_from_text_nfs4.c (contents, props changed)
head/lib/libc/posix1e/acl_get_brand_np.3 (contents, props changed)
head/lib/libc/posix1e/acl_get_entry_type_np.3 (contents, props changed)
head/lib/libc/posix1e/acl_get_flag_np.3 (contents, props changed)
head/lib/libc/posix1e/acl_get_flagset_np.3 (contents, props changed)
head/lib/libc/posix1e/acl_is_trivial_np.3 (contents, props changed)
head/lib/libc/posix1e/acl_set_entry_type_np.3 (contents, props changed)
head/lib/libc/posix1e/acl_set_flagset_np.3 (contents, props changed)
head/lib/libc/posix1e/acl_strip.c (contents, props changed)
head/lib/libc/posix1e/acl_strip_np.3 (contents, props changed)
head/lib/libc/posix1e/acl_support_nfs4.c (contents, props changed)
head/lib/libc/posix1e/acl_to_text_nfs4.c (contents, props changed)
Modified:
head/lib/libc/posix1e/Makefile.inc
head/lib/libc/posix1e/Symbol.map
head/lib/libc/posix1e/acl.3
head/lib/libc/posix1e/acl_add_perm.3
head/lib/libc/posix1e/acl_calc_mask.c
head/lib/libc/posix1e/acl_copy.c
head/lib/libc/posix1e/acl_create_entry.3
head/lib/libc/posix1e/acl_delete_entry.3
head/lib/libc/posix1e/acl_delete_entry.c
head/lib/libc/posix1e/acl_entry.c
head/lib/libc/posix1e/acl_from_text.c
head/lib/libc/posix1e/acl_get.3
head/lib/libc/posix1e/acl_get.c
head/lib/libc/posix1e/acl_init.c
head/lib/libc/posix1e/acl_set.3
head/lib/libc/posix1e/acl_set.c
head/lib/libc/posix1e/acl_set_tag_type.3
head/lib/libc/posix1e/acl_support.c
head/lib/libc/posix1e/acl_support.h
head/lib/libc/posix1e/acl_to_text.3
head/lib/libc/posix1e/acl_to_text.c
head/lib/libc/posix1e/acl_valid.c
head/lib/libc/sys/pathconf.2
head/sys/sys/acl.h
head/sys/sys/unistd.h
Modified: head/lib/libc/posix1e/Makefile.inc
==============================================================================
--- head/lib/libc/posix1e/Makefile.inc Thu Jun 25 12:34:44 2009
(r194954)
+++ head/lib/libc/posix1e/Makefile.inc Thu Jun 25 12:46:59 2009
(r194955)
@@ -4,52 +4,74 @@
CFLAGS+=-D_ACL_PRIVATE
-SRCS+= acl_calc_mask.c \
+# Copy kern/subr_acl_nfs4.c to the libc object directory.
+subr_acl_nfs4.c: ${.CURDIR}/../../sys/kern/subr_acl_nfs4.c
+ cat ${.ALLSRC} > ${.TARGET}
+
+SRCS+= acl_branding.c \
+ acl_calc_mask.c \
acl_copy.c \
acl_compat.c \
acl_delete.c \
acl_delete_entry.c \
acl_entry.c \
+ acl_flag.c \
acl_free.c \
acl_from_text.c \
+ acl_from_text_nfs4.c \
acl_get.c \
acl_init.c \
acl_perm.c \
acl_set.c \
+ acl_strip.c \
acl_support.c \
+ acl_support_nfs4.c \
acl_to_text.c \
+ acl_to_text_nfs4.c \
acl_valid.c \
extattr.c \
mac.c \
mac_exec.c \
mac_get.c \
- mac_set.c
+ mac_set.c \
+ subr_acl_nfs4.c
SYM_MAPS+=${.CURDIR}/posix1e/Symbol.map
MAN+= acl.3 \
+ acl_add_flag_np.3 \
acl_add_perm.3 \
acl_calc_mask.3 \
+ acl_clear_flags_np.3 \
acl_clear_perms.3 \
acl_copy_entry.3 \
acl_create_entry.3 \
acl_delete.3 \
acl_delete_entry.3 \
+ acl_delete_flag_np.3 \
acl_delete_perm.3 \
acl_dup.3 \
acl_free.3 \
acl_from_text.3 \
acl_get.3 \
+ acl_get_brand_np.3 \
acl_get_entry.3 \
+ acl_get_entry_type_np.3 \
+ acl_get_flagset_np.3 \
+ acl_get_flag_np.3 \
acl_get_permset.3 \
acl_get_perm_np.3 \
acl_get_qualifier.3 \
acl_get_tag_type.3 \
acl_init.3 \
+ acl_is_trivial_np.3 \
acl_set.3 \
+ acl_set_entry_type_np.3 \
+ acl_set_flagset_np.3 \
acl_set_permset.3 \
acl_set_qualifier.3 \
acl_set_tag_type.3 \
+ acl_strip_np.3 \
acl_to_text.3 \
acl_valid.3 \
extattr.3 \
@@ -63,15 +85,18 @@ MAN+= acl.3 \
mac_text.3 \
posix1e.3
-MLINKS+=acl_delete.3 acl_delete_def_file.3 \
+MLINKS+=acl_create_entry.3 acl_create_entry_np.3\
+ acl_delete.3 acl_delete_def_file.3 \
acl_delete.3 acl_delete_file_np.3 \
acl_delete.3 acl_delete_fd_np.3 \
+ acl_delete_entry.3 acl_delete_entry_np.3\
acl_get.3 acl_get_file.3 \
acl_get.3 acl_get_fd.3 \
acl_get.3 acl_get_fd_np.3 \
acl_set.3 acl_set_file.3 \
acl_set.3 acl_set_fd.3 \
acl_set.3 acl_set_fd_np.3 \
+ acl_to_text.3 acl_to_text_np.3 \
acl_valid.3 acl_valid_file_np.3 \
acl_valid.3 acl_valid_fd_np.3 \
extattr.3 extattr_namespace_to_string.3 \
Modified: head/lib/libc/posix1e/Symbol.map
==============================================================================
--- head/lib/libc/posix1e/Symbol.map Thu Jun 25 12:34:44 2009
(r194954)
+++ head/lib/libc/posix1e/Symbol.map Thu Jun 25 12:46:59 2009
(r194955)
@@ -66,7 +66,21 @@ FBSD_1.0 {
};
FBSD_1.1 {
+ acl_add_flag_np;
acl_add_perm;
+ acl_clear_flags_np;
+ acl_create_entry_np;
+ acl_delete_entry_np;
+ acl_delete_flag_np;
acl_delete_perm;
+ acl_get_brand_np;
+ acl_get_entry_type_np;
+ acl_get_flag_np;
+ acl_get_flagset_np;
acl_get_perm_np;
+ acl_is_trivial_np;
+ acl_set_entry_type_np;
+ acl_set_flagset_np;
+ acl_strip_np;
+ acl_to_text_np;
};
Modified: head/lib/libc/posix1e/acl.3
==============================================================================
--- head/lib/libc/posix1e/acl.3 Thu Jun 25 12:34:44 2009 (r194954)
+++ head/lib/libc/posix1e/acl.3 Thu Jun 25 12:46:59 2009 (r194955)
@@ -59,6 +59,10 @@ all of these support routines are implem
.Pp
Available functions, sorted by behavior, include:
.Bl -tag -width indent
+.It Fn acl_add_flag_np
+This function is described in
+.Xr acl_add_flag_np 3 ,
+and may be used to add flags to a flagset.
.It Fn acl_add_perm
This function is described in
.Xr acl_add_perm 3 ,
@@ -70,6 +74,10 @@ and may be used to calculate and set the
the
.Dv ACL_MASK
entry.
+.It Fn acl_clear_flags_np
+This function is described in
+.Xr acl_clear_flags_np 3 ,
+and may be used to clear all flags from a flagset.
.It Fn acl_clear_perms
This function is described in
.Xr acl_clear_perms 3 ,
@@ -78,8 +86,11 @@ and may be used to clear all permissions
This function is described in
.Xr acl_copy_entry 3 ,
and may be used to copy the contents of an ACL entry.
-.It Fn acl_create_entry
-This function is described in
+.It Xo
+.Fn acl_create_entry ,
+.Fn acl_create_entry_np
+.Xc
+These functions are described in
.Xr acl_create_entry 3 ,
and may be used to create an empty entry in an ACL.
.It Xo
@@ -92,10 +103,17 @@ and may be used to create an empty entry
These functions are described in
.Xr acl_delete 3 ,
and may be used to delete ACLs from file system objects.
-.It Fn acl_delete_entry
-This function is described in
+.It Xo
+.Fn acl_delete_entry ,
+.Fn acl_delete_entry_np ,
+.Xc
+This functions are described in
.Xr acl_delete_entry 3 ,
and may be used to delete an entry from an ACL.
+.It Fn acl_delete_flag_np
+This function is described in
+.Xr acl_delete_flag_np 3 ,
+and may be used to delete flags from a flagset.
.It Fn acl_delete_perm
This function is described in
.Xr acl_delete_perm 3 ,
@@ -126,6 +144,14 @@ and may be used to retrieve a designated
These functions are described in
.Xr acl_get 3 ,
and may be used to retrieve ACLs from file system objects.
+.It Fn acl_get_entry_type_np
+This function is described in
+.Xr acl_get_entry_type_np 3 ,
+and may be used to retrieve an ACL type from an ACL entry.
+.It Fn acl_get_flagset_np
+This function is described in
+.Xr acl_get_flagset_np 3 ,
+and may be used to retrieve a flagset from an ACL entry.
.It Fn acl_get_permset
This function is described in
.Xr acl_get_permset 3 ,
@@ -142,6 +168,10 @@ and may be used to retrieve the tag type
This function is described in
.Xr acl_init 3 ,
and may be used to allocate a fresh (empty) ACL structure.
+.It Fn acl_is_trivial_np
+This function is described in
+.Xr acl_is_trivial_np 3 ,
+and may be used to find out whether ACL is trivial.
.It Xo
.Fn acl_set_fd ,
.Fn acl_set_fd_np ,
@@ -151,6 +181,14 @@ and may be used to allocate a fresh (emp
These functions are described in
.Xr acl_set 3 ,
and may be used to assign an ACL to a file system object.
+.It Fn acl_set_entry_type_np
+This function is described in
+.Xr acl_set_entry_type_np 3 ,
+and may be used to set the ACL type of an ACL entry.
+.It Fn acl_set_flagset_np
+This function is described in
+.Xr acl_set_flagset_np 3 ,
+and may be used to set the flags of an ACL entry from a flagset.
.It Fn acl_set_permset
This function is described in
.Xr acl_set_permset 3 ,
@@ -163,8 +201,15 @@ and may be used to set the qualifier of
This function is described in
.Xr acl_set_tag_type 3 ,
and may be used to set the tag type of an ACL.
-.It Fn acl_to_text
-This function is described in
+.It Fn acl_strip_np
+This function is describe din
+.Xr acl-strip_np 3 ,
+and may be used to remove extended entries from an ACL.
+.It Xo
+.Fn acl_to_text ,
+.Fn acl_to_text_np
+.Xc
+These functions are described in
.Xr acl_to_text 3 ,
and may be used to generate a text-form of a POSIX.1e semantics ACL.
.It Xo
@@ -189,25 +234,34 @@ library.
.Sh SEE ALSO
.Xr getfacl 1 ,
.Xr setfacl 1 ,
+.Xr acl_add_flag_np 3 ,
.Xr acl_add_perm 3 ,
.Xr acl_calc_mask 3 ,
+.Xr acl_clear_flags_np 3 ,
.Xr acl_clear_perms 3 ,
.Xr acl_copy_entry 3 ,
.Xr acl_create_entry 3 ,
.Xr acl_delete_entry 3 ,
+.Xr acl_delete_flag_np 3 ,
.Xr acl_delete_perm 3 ,
.Xr acl_dup 3 ,
.Xr acl_free 3 ,
.Xr acl_from_text 3 ,
.Xr acl_get 3 ,
+.Xr acl_get_entry_type_np 3 ,
+.Xr acl_get_flagset_np 3 ,
.Xr acl_get_permset 3 ,
.Xr acl_get_qualifier 3 ,
.Xr acl_get_tag_type 3 ,
.Xr acl_init 3 ,
+.Xr acl_is_trivial_np 3 ,
.Xr acl_set 3 ,
+.Xr acl_set_entry_type_np 3 ,
+.Xr acl_set_flagset_np 3 ,
.Xr acl_set_permset 3 ,
.Xr acl_set_qualifier 3 ,
.Xr acl_set_tag_type 3 ,
+.Xr acl_strip_np 3 ,
.Xr acl_to_text 3 ,
.Xr acl_valid 3 ,
.Xr posix1e 3 ,
Added: head/lib/libc/posix1e/acl_add_flag_np.3
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lib/libc/posix1e/acl_add_flag_np.3 Thu Jun 25 12:46:59 2009
(r194955)
@@ -0,0 +1,294 @@
+.\"-
+.\" Copyright (c) 2008, 2009 Edward Tomasz Napierala
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
+.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd March 10, 2001
+.Dt ACL_ADD_FLAG_NP 3
+.Os
+.Sh NAME
+.Nm acl_add_flag_np
+.Nd add flags to a flagset
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/types.h
+.In sys/acl.h
+.Ft int
+.Fn acl_add_flag_np "acl_flagset_t flagset_d" "acl_flag_t flag"
+.Sh DESCRIPTION
+The
+.Fn acl_add_flag_np
+function
+is a non-portable call that adds the flags contained in
+.Fa flags
+to the flagset
+.Fa flagset_d .
+.Pp
+Note: it is not considered an error to attempt to add flags
+that already exist in the flagset.
+.Pp
+Valid values are:
+.Pp
+.Bl -column -offset 3n "ACL_ENTRY_NO_PROPAGATE_INHERIT"
+.It ACL_ENTRY_FILE_INHERIT Will be inherited by files.
+.It ACL_ENTRY_DIRECTORY_INHERIT Will be inherited by directories.
+.It ACL_ENTRY_NO_PROPAGATE_INHERIT Will not propagate.
+.It ACL_ENTRY_INHERIT_ONLY Inherit-only.
+.El
+.Sh RETURN VALUES
+.Rv -std acl_add_flag_np
+.Sh ERRORS
+The
+.Fn acl_add_flag_np
+function fails if:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+Argument
+.Fa flagset_d
+is not a valid descriptor for a flagset within an ACL entry.
+Argument
+.Fa flag
+does not contain a valid
+.Vt acl_flag_t
+value.
+.El
+.Sh SEE ALSO
+.Xr acl 3 ,
+.Xr acl_clear_flags_np 3 ,
+.Xr acl_delete_flag_np 3 ,
+.Xr acl_get_flagset_np 3 ,
+.Xr acl_set_flagset_np 3 ,
+.Xr posix1e 3
+.Sh STANDARDS
+POSIX.1e is described in IEEE POSIX.1e draft 17.
+.Sh HISTORY
+POSIX.1e support was introduced in
+.Fx 4.0 .
+The
+.Fn acl_add_flag_np
+function was added in
+.Fx 8.0 .
+.Sh AUTHORS
+The
+.Fn acl_add_flag_np
+function was written by
+.An Edward Tomasz Napierala Aq tr...@freebsd.org .
+.\"-
+.\" Copyright (c) 2008, 2009 Edward Tomasz Napierala
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
+.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd March 10, 2001
+.Dt ACL_ADD_FLAG_NP 3
+.Os
+.Sh NAME
+.Nm acl_add_flag_np
+.Nd add flags to a flagset
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/types.h
+.In sys/acl.h
+.Ft int
+.Fn acl_add_flag_np "acl_flagset_t flagset_d" "acl_flag_t flag"
+.Sh DESCRIPTION
+The
+.Fn acl_add_flag_np
+function
+is a non-portable call that adds the flags contained in
+.Fa flags
+to the flagset
+.Fa flagset_d .
+.Pp
+Note: it is not considered an error to attempt to add flags
+that already exist in the flagset.
+.Pp
+Valid values are:
+.Pp
+.Bl -column -offset 3n "ACL_ENTRY_NO_PROPAGATE_INHERIT"
+.It ACL_ENTRY_FILE_INHERIT Will be inherited by files.
+.It ACL_ENTRY_DIRECTORY_INHERIT Will be inherited by directories.
+.It ACL_ENTRY_NO_PROPAGATE_INHERIT Will not propagate.
+.It ACL_ENTRY_INHERIT_ONLY Inherit-only.
+.El
+.Sh RETURN VALUES
+.Rv -std acl_add_flag_np
+.Sh ERRORS
+The
+.Fn acl_add_flag_np
+function fails if:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+Argument
+.Fa flagset_d
+is not a valid descriptor for a flagset within an ACL entry.
+Argument
+.Fa flag
+does not contain a valid
+.Vt acl_flag_t
+value.
+.El
+.Sh SEE ALSO
+.Xr acl 3 ,
+.Xr acl_clear_flags_np 3 ,
+.Xr acl_delete_flag_np 3 ,
+.Xr acl_get_flagset_np 3 ,
+.Xr acl_set_flagset_np 3 ,
+.Xr posix1e 3
+.Sh STANDARDS
+POSIX.1e is described in IEEE POSIX.1e draft 17.
+.Sh HISTORY
+POSIX.1e support was introduced in
+.Fx 4.0 .
+The
+.Fn acl_add_flag_np
+function was added in
+.Fx 8.0 .
+.Sh AUTHORS
+The
+.Fn acl_add_flag_np
+function was written by
+.An Edward Tomasz Napierala Aq tr...@freebsd.org .
+.\"-
+.\" Copyright (c) 2008, 2009 Edward Tomasz Napierala
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
+.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd March 10, 2001
+.Dt ACL_ADD_FLAG_NP 3
+.Os
+.Sh NAME
+.Nm acl_add_flag_np
+.Nd add flags to a flagset
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/types.h
+.In sys/acl.h
+.Ft int
+.Fn acl_add_flag_np "acl_flagset_t flagset_d" "acl_flag_t flag"
+.Sh DESCRIPTION
+The
+.Fn acl_add_flag_np
+function
+is a non-portable call that adds the flags contained in
+.Fa flags
+to the flagset
+.Fa flagset_d .
+.Pp
+Note: it is not considered an error to attempt to add flags
+that already exist in the flagset.
+.Pp
+Valid values are:
+.Pp
+.Bl -column -offset 3n "ACL_ENTRY_NO_PROPAGATE_INHERIT"
+.It ACL_ENTRY_FILE_INHERIT Will be inherited by files.
+.It ACL_ENTRY_DIRECTORY_INHERIT Will be inherited by directories.
+.It ACL_ENTRY_NO_PROPAGATE_INHERIT Will not propagate.
+.It ACL_ENTRY_INHERIT_ONLY Inherit-only.
+.El
+.Sh RETURN VALUES
+.Rv -std acl_add_flag_np
+.Sh ERRORS
+The
+.Fn acl_add_flag_np
+function fails if:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+Argument
+.Fa flagset_d
+is not a valid descriptor for a flagset within an ACL entry.
+Argument
+.Fa flag
+does not contain a valid
+.Vt acl_flag_t
+value.
+.El
+.Sh SEE ALSO
+.Xr acl 3 ,
+.Xr acl_clear_flags_np 3 ,
+.Xr acl_delete_flag_np 3 ,
+.Xr acl_get_flagset_np 3 ,
+.Xr acl_set_flagset_np 3 ,
+.Xr posix1e 3
+.Sh STANDARDS
+POSIX.1e is described in IEEE POSIX.1e draft 17.
+.Sh HISTORY
+POSIX.1e support was introduced in
+.Fx 4.0 .
+The
+.Fn acl_add_flag_np
+function was added in
+.Fx 8.0 .
+.Sh AUTHORS
+The
+.Fn acl_add_flag_np
+function was written by
+.An Edward Tomasz Napierala Aq tr...@freebsd.org .
Modified: head/lib/libc/posix1e/acl_add_perm.3
==============================================================================
--- head/lib/libc/posix1e/acl_add_perm.3 Thu Jun 25 12:34:44 2009
(r194954)
+++ head/lib/libc/posix1e/acl_add_perm.3 Thu Jun 25 12:46:59 2009
(r194955)
@@ -52,11 +52,43 @@ that already exist in the permission set
.Pp
For POSIX.1e ACLs, valid values are:
.Pp
-.Bl -column -offset 3n "ACL_EXECUTE"
+.Bl -column -offset 3n "ACL_WRITE_NAMED_ATTRS"
.It ACL_EXECUTE Execute permission
.It ACL_WRITE Write permission
.It ACL_READ Read permission
.El
+.Pp
+For NFSv4 ACLs, valid values are:
+.Pp
+.Bl -column -offset 3n "ACL_WRITE_NAMED_ATTRS"
+.It ACL_READ_DATA Read permission
+.It ACL_LIST_DIRECTORY Same as ACL_READ_DATA
+.It ACL_WRITE_DATA Write permission, or permission to create files
+.It ACL_ADD_FILE Same as ACL_READ_DATA
+.It ACL_APPEND_DATA Permission to create directories. Ignored for
files
+.It ACL_ADD_SUBDIRECTORY Same as ACL_APPEND_DATA
+.It ACL_READ_NAMED_ATTRS Ignored
+.It ACL_WRITE_NAMED_ATTRS Ignored
+.It ACL_EXECUTE Execute permission
+.It ACL_DELETE_CHILD Permission to delete files and subdirectories
+.It ACL_READ_ATTRIBUTES Permission to read basic attributes
+.It ACL_WRITE_ATTRIBUTES Permission to change basic attributes
+.It ACL_DELETE Permission to delete the object this ACL is
placed on
+.It ACL_READ_ACL Permission to read ACL
+.It ACL_WRITE_ACL Permission to change the ACL and file mode
+.It ACL_SYNCHRONIZE Ignored
+.El
+.Pp
+Calling
+.Fn acl_add_perm
+with
+.Fa perm
+equal to ACL_WRITE or ACL_READ brands the ACL as POSIX.
+Calling it with ACL_READ_DATA, ACL_LIST_DIRECTORY, ACL_WRITE_DATA,
+ACL_ADD_FILE, ACL_APPEND_DATA, ACL_ADD_SUBDIRECTORY, ACL_READ_NAMED_ATTRS,
+ACL_WRITE_NAMED_ATTRS, ACL_DELETE_CHILD, ACL_READ_ATTRIBUTES,
+ACL_WRITE_ATTRIBUTES, ACL_DELETE, ACL_READ_ACL, ACL_WRITE_ACL
+or ACL_SYNCHRONIZE brands the ACL as NFSv4.
.Sh RETURN VALUES
.Rv -std acl_add_perm
.Sh ERRORS
@@ -73,11 +105,13 @@ Argument
does not contain a valid
.Vt acl_perm_t
value.
+ACL is already branded differently.
.El
.Sh SEE ALSO
.Xr acl 3 ,
.Xr acl_clear_perms 3 ,
.Xr acl_delete_perm 3 ,
+.Xr acl_get_brand_np 3 ,
.Xr acl_get_permset 3 ,
.Xr acl_set_permset 3 ,
.Xr posix1e 3
Added: head/lib/libc/posix1e/acl_branding.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lib/libc/posix1e/acl_branding.c Thu Jun 25 12:46:59 2009
(r194955)
@@ -0,0 +1,498 @@
+/*-
+ * Copyright (c) 2008, 2009 Edward Tomasz Napierała <tr...@freebsd.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <assert.h>
+#include <errno.h>
+#include <sys/acl.h>
+
+#include "acl_support.h"
+
+/*
+ * An ugly detail of the implementation - fortunately not visible
+ * to the API users - is the "branding": libc needs to keep track
+ * of what "brand" ACL is: NFSv4, POSIX.1e or unknown. It happens
+ * automatically - for example, during acl_get_file(3) ACL gets
+ * branded according to the "type" argument; during acl_set_permset
+ * ACL, if its brand is unknown it gets branded as NFSv4 if any of the
+ * NFSv4 permissions that are not valid for POSIX.1e ACL are set etc.
+ * Branding information is used for printing out the ACL (acl_to_text(3)),
+ * veryfying acl_set_whatever arguments (checking against setting
+ * bits that are valid only for NFSv4 in ACL branded as POSIX.1e) etc.
+ */
+
+static acl_t
+entry2acl(acl_entry_t entry)
+{
+ acl_t aclp;
+
+ aclp = (acl_t)(((long)entry >> _ACL_T_ALIGNMENT_BITS) <<
_ACL_T_ALIGNMENT_BITS);
+
+ return (aclp);
+}
+
+/*
+ * Return brand of an ACL.
+ */
+int
+_acl_brand(const acl_t acl)
+{
+
+ return (acl->ats_brand);
+}
+
+int
+_entry_brand(const acl_entry_t entry)
+{
+
+ return (_acl_brand(entry2acl(entry)));
+}
+
+/*
+ * Return 1, iff branding ACL as "brand" is ok.
+ */
+int
+_acl_brand_may_be(const acl_t acl, int brand)
+{
+
+ if (_acl_brand(acl) == ACL_BRAND_UNKNOWN)
+ return (1);
+
+ if (_acl_brand(acl) == brand)
+ return (1);
+
+ return (0);
+}
+
+int
+_entry_brand_may_be(const acl_entry_t entry, int brand)
+{
+
+ return (_acl_brand_may_be(entry2acl(entry), brand));
+}
+
+/*
+ * Brand ACL as "brand".
+ */
+void
+_acl_brand_as(acl_t acl, int brand)
+{
+
+ assert(_acl_brand_may_be(acl, brand));
+
+ acl->ats_brand = brand;
+}
+
+void
+_entry_brand_as(const acl_entry_t entry, int brand)
+{
+
+ _acl_brand_as(entry2acl(entry), brand);
+}
+
+int
+_acl_type_not_valid_for_acl(const acl_t acl, acl_type_t type)
+{
+
+ switch (_acl_brand(acl)) {
+ case ACL_BRAND_NFS4:
+ if (type == ACL_TYPE_NFS4)
+ return (0);
+ break;
+
+ case ACL_BRAND_POSIX:
+ if (type == ACL_TYPE_ACCESS || type == ACL_TYPE_DEFAULT)
+ return (0);
+ break;
+ }
+
+ return (-1);
+}
+
+void
+_acl_brand_from_type(acl_t acl, acl_type_t type)
+{
+
+ switch (type) {
+ case ACL_TYPE_NFS4:
+ _acl_brand_as(acl, ACL_BRAND_NFS4);
+ break;
+ case ACL_TYPE_ACCESS:
+ case ACL_TYPE_DEFAULT:
+ _acl_brand_as(acl, ACL_BRAND_POSIX);
+ break;
+ default:
+ /* XXX: What to do here? */
+ break;
+ }
+}
+
+int
+acl_get_brand_np(acl_t acl, int *brand_p)
+{
+
+ if (acl == NULL || brand_p == NULL) {
+ errno = EINVAL;
+ return (-1);
+ }
+ *brand_p = _acl_brand(acl);
+
+ return (0);
+}
+/*-
+ * Copyright (c) 2008, 2009 Edward Tomasz Napierała <tr...@freebsd.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <assert.h>
+#include <errno.h>
+#include <sys/acl.h>
+
+#include "acl_support.h"
+
+/*
+ * An ugly detail of the implementation - fortunately not visible
+ * to the API users - is the "branding": libc needs to keep track
+ * of what "brand" ACL is: NFSv4, POSIX.1e or unknown. It happens
+ * automatically - for example, during acl_get_file(3) ACL gets
+ * branded according to the "type" argument; during acl_set_permset
+ * ACL, if its brand is unknown it gets branded as NFSv4 if any of the
+ * NFSv4 permissions that are not valid for POSIX.1e ACL are set etc.
+ * Branding information is used for printing out the ACL (acl_to_text(3)),
+ * veryfying acl_set_whatever arguments (checking against setting
+ * bits that are valid only for NFSv4 in ACL branded as POSIX.1e) etc.
+ */
+
+static acl_t
+entry2acl(acl_entry_t entry)
+{
+ acl_t aclp;
+
+ aclp = (acl_t)(((long)entry >> _ACL_T_ALIGNMENT_BITS) <<
_ACL_T_ALIGNMENT_BITS);
+
+ return (aclp);
+}
+
+/*
+ * Return brand of an ACL.
+ */
+int
+_acl_brand(const acl_t acl)
+{
+
+ return (acl->ats_brand);
+}
+
+int
+_entry_brand(const acl_entry_t entry)
+{
+
+ return (_acl_brand(entry2acl(entry)));
+}
+
+/*
+ * Return 1, iff branding ACL as "brand" is ok.
+ */
+int
+_acl_brand_may_be(const acl_t acl, int brand)
+{
+
+ if (_acl_brand(acl) == ACL_BRAND_UNKNOWN)
+ return (1);
+
+ if (_acl_brand(acl) == brand)
+ return (1);
+
+ return (0);
+}
+
+int
+_entry_brand_may_be(const acl_entry_t entry, int brand)
+{
+
+ return (_acl_brand_may_be(entry2acl(entry), brand));
+}
+
+/*
+ * Brand ACL as "brand".
+ */
+void
+_acl_brand_as(acl_t acl, int brand)
+{
+
+ assert(_acl_brand_may_be(acl, brand));
+
+ acl->ats_brand = brand;
+}
+
+void
+_entry_brand_as(const acl_entry_t entry, int brand)
+{
+
+ _acl_brand_as(entry2acl(entry), brand);
+}
+
+int
+_acl_type_not_valid_for_acl(const acl_t acl, acl_type_t type)
+{
+
+ switch (_acl_brand(acl)) {
+ case ACL_BRAND_NFS4:
+ if (type == ACL_TYPE_NFS4)
+ return (0);
+ break;
+
+ case ACL_BRAND_POSIX:
+ if (type == ACL_TYPE_ACCESS || type == ACL_TYPE_DEFAULT)
+ return (0);
+ break;
+ }
+
+ return (-1);
+}
+
+void
+_acl_brand_from_type(acl_t acl, acl_type_t type)
+{
+
+ switch (type) {
+ case ACL_TYPE_NFS4:
+ _acl_brand_as(acl, ACL_BRAND_NFS4);
+ break;
+ case ACL_TYPE_ACCESS:
+ case ACL_TYPE_DEFAULT:
+ _acl_brand_as(acl, ACL_BRAND_POSIX);
+ break;
+ default:
+ /* XXX: What to do here? */
+ break;
+ }
+}
+
+int
+acl_get_brand_np(acl_t acl, int *brand_p)
+{
+
+ if (acl == NULL || brand_p == NULL) {
+ errno = EINVAL;
+ return (-1);
+ }
+ *brand_p = _acl_brand(acl);
+
+ return (0);
+}
+/*-
+ * Copyright (c) 2008, 2009 Edward Tomasz Napierała <tr...@freebsd.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <assert.h>
+#include <errno.h>
+#include <sys/acl.h>
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
