svn commit: r205740 - stable/8/share/man/man9
Edward Tomasz Napierala
trasz at FreeBSD.org
Sat Mar 27 16:41:23 UTC 2010
Author: trasz
Date: Sat Mar 27 16:41:23 2010
New Revision: 205740
URL: http://svn.freebsd.org/changeset/base/205740
Log:
MFC r197405, missing part:
Add pieces of infrastructure required for NFSv4 ACL support in UFS.
Reviewed by: rwatson
Added:
stable/8/share/man/man9/vaccess_acl_nfs4.9
- copied unchanged from r197405, head/share/man/man9/vaccess_acl_nfs4.9
Modified:
stable/8/share/man/man9/Makefile
stable/8/share/man/man9/VOP_ACCESS.9
stable/8/share/man/man9/acl.9
stable/8/share/man/man9/vaccess.9
Directory Properties:
stable/8/share/man/man9/ (props changed)
Modified: stable/8/share/man/man9/Makefile
==============================================================================
--- stable/8/share/man/man9/Makefile Sat Mar 27 16:35:25 2010 (r205739)
+++ stable/8/share/man/man9/Makefile Sat Mar 27 16:41:23 2010 (r205740)
@@ -255,6 +255,7 @@ MAN= accept_filter.9 \
usbdi.9 \
utopia.9 \
vaccess.9 \
+ vaccess_acl_nfs4.9 \
vaccess_acl_posix1e.9 \
vcount.9 \
vflush.9 \
Modified: stable/8/share/man/man9/VOP_ACCESS.9
==============================================================================
--- stable/8/share/man/man9/VOP_ACCESS.9 Sat Mar 27 16:35:25 2010 (r205739)
+++ stable/8/share/man/man9/VOP_ACCESS.9 Sat Mar 27 16:41:23 2010 (r205740)
@@ -29,7 +29,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd June 1, 2009
+.Dd September 18, 2009
.Os
.Dt VOP_ACCESS 9
.Sh NAME
@@ -95,6 +95,7 @@ requested access.
.El
.Sh SEE ALSO
.Xr vaccess 9 ,
+.Xr vaccess_acl_nfs4 9 ,
.Xr vaccess_acl_posix1e 9 ,
.Xr vnode 9
.Sh AUTHORS
Modified: stable/8/share/man/man9/acl.9
==============================================================================
--- stable/8/share/man/man9/acl.9 Sat Mar 27 16:35:25 2010 (r205739)
+++ stable/8/share/man/man9/acl.9 Sat Mar 27 16:41:23 2010 (r205740)
@@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd December 23, 1999
+.Dd September 18, 2009
.Os
.Dt ACL 9
.Sh NAME
@@ -207,6 +207,7 @@ The following values are valid:
.El
.Sh SEE ALSO
.Xr acl 3 ,
+.Xr vaccess_acl_nfs4 9 ,
.Xr vaccess_acl_posix1e 9 ,
.Xr VFS 9 ,
.Xr vnaccess 9 ,
Modified: stable/8/share/man/man9/vaccess.9
==============================================================================
--- stable/8/share/man/man9/vaccess.9 Sat Mar 27 16:35:25 2010 (r205739)
+++ stable/8/share/man/man9/vaccess.9 Sat Mar 27 16:41:23 2010 (r205740)
@@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd August 22, 2001
+.Dd September 18, 2009
.Os
.Dt VACCESS 9
.Sh NAME
@@ -117,6 +117,7 @@ An attempt was made to perform an operat
appropriate privileges or to the owner of a file or other resource.
.El
.Sh SEE ALSO
+.Xr vaccess_acl_nfs4 9 ,
.Xr vaccess_acl_posix1e 9 ,
.Xr vnode 9 ,
.Xr VOP_ACCESS 9
Copied: stable/8/share/man/man9/vaccess_acl_nfs4.9 (from r197405, head/share/man/man9/vaccess_acl_nfs4.9)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ stable/8/share/man/man9/vaccess_acl_nfs4.9 Sat Mar 27 16:41:23 2010 (r205740, copy of r197405, head/share/man/man9/vaccess_acl_nfs4.9)
@@ -0,0 +1,129 @@
+.\"-
+.\" Copyright (c) 2001 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd September 18, 2009
+.Os
+.Dt VACCESS_ACL_NFS4 9
+.Sh NAME
+.Nm vaccess_acl_nfs4
+.Nd generate a NFSv4 ACL access control decision using vnode parameters
+.Sh SYNOPSIS
+.In sys/param.h
+.In sys/vnode.h
+.In sys/acl.h
+.Ft int
+.Fo vaccess_acl_nfs4
+.Fa "enum vtype type"
+.Fa "uid_t file_uid"
+.Fa "gid_t file_gid"
+.Fa "struct acl *acl"
+.Fa "accmode_t accmode"
+.Fa "struct ucred *cred"
+.Fa "int *privused"
+.Fc
+.Sh DESCRIPTION
+This call implements the logic for the
+.Ux
+discretionary file security model
+with NFSv4 ACL extensions.
+It accepts the vnodes type
+.Fa type ,
+owning UID
+.Fa file_uid ,
+owning GID
+.Fa file_gid ,
+access ACL for the file
+.Fa acl ,
+desired access mode
+.Fa accmode ,
+requesting credential
+.Fa cred ,
+and an optional call-by-reference
+.Vt int
+pointer returning whether or not
+privilege was required for successful evaluation of the call; the
+.Fa privused
+pointer may be set to
+.Dv NULL
+by the caller in order not to be informed of
+privilege information, or it may point to an integer that will be set to
+1 if privilege is used, and 0 otherwise.
+.Pp
+This call is intended to support implementations of
+.Xr VOP_ACCESS 9 ,
+which will use their own access methods to retrieve the vnode properties,
+and then invoke
+.Fn vaccess_acl_nfs4
+in order to perform the actual check.
+Implementations of
+.Xr VOP_ACCESS 9
+may choose to implement additional security mechanisms whose results will
+be composed with the return value.
+.Pp
+The algorithm used by
+.Fn vaccess_acl_nfs4
+is based on the NFSv4 ACL evaluation algorithm, as described in
+NFSv4 Minor Version 1, draft-ietf-nfsv4-minorversion1-21.txt.
+The algorithm selects a
+.Em matching
+entry from the access ACL, which may
+then be composed with an available ACL mask entry, providing
+.Ux
+security compatibility.
+.Pp
+Once appropriate protections are selected for the current credential,
+the requested access mode, in combination with the vnode type, will be
+compared with the discretionary rights available for the credential.
+If the rights granted by discretionary protections are insufficient,
+then super-user privilege, if available for the credential, will also be
+considered.
+.Sh RETURN VALUES
+.Fn vaccess_acl_nfs4
+will return 0 on success, or a non-zero error value on failure.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EACCES
+Permission denied.
+An attempt was made to access a file in a way forbidden by its file access
+permissions.
+.It Bq Er EPERM
+Operation not permitted.
+An attempt was made to perform an operation limited to processes with
+appropriate privileges or to the owner of a file or other resource.
+.El
+.Sh SEE ALSO
+.Xr vaccess 9 ,
+.Xr vnode 9 ,
+.Xr VOP_ACCESS 9
+.Sh AUTHORS
+Current implementation of
+.Fn vaccess_acl_nfs4
+was written by
+.An Edward Tomasz Napierala Aq trasz at FreeBSD.org .
+.Sh BUGS
+This manual page should include a full description of the NFSv4 ACL
+evaluation algorithm, or cross reference another page that does.
More information about the svn-src-stable-8
mailing list