Update libc POSIX.1e code and documentation to reflect:

- Updated copyrights, modified dates
- Remove "BUGS" entry indicating that ACLs are unimplemented
- Implement acl_*_link() library wrapper variants for get, set,
  delete, aclvalid.
- Document acl_*_link() calls.

Obtained from:	TrustedBSD Project

8 files changed, 164 insertions, 44 deletions

diff --git a/lib/libc/posix1e/acl.3 b/lib/libc/posix1e/acl.3
index 88e5d0b..966f4d1 100644
--- a/lib/libc/posix1e/acl.3
+++ b/lib/libc/posix1e/acl.3
@@ -2,6 +2,8 @@
 .\" Copyright (c) 2000, 2001, 2002 Robert N. M. Watson
 .\" All rights reserved.
 .\"
+.\" This software was developed by Robert Watson for the TrustedBSD Project.
+.\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
@@ -25,7 +27,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 28, 2000
+.Dd December 18, 2002
 .Dt ACL 3
 .Os
 .Sh NAME
@@ -82,8 +84,10 @@ This function is described in
 and may be used to create an empty entry in an ACL.
 .It Xo
 .Fn acl_delete_def_file ,
+.Fn acl_delete_def_link_np ,
+.Fn acl_delete_fd_np ,
 .Fn acl_delete_file_np ,
-.Fn acl_delete_fd_np
+.Fn acl_delete_link_np
 .Xc
 These functions are described in
 .Xr acl_delete 3 ,
@@ -114,9 +118,10 @@ This function is described in
 .Xr acl_get_entry 3 ,
 and may be used to retrieve a designated ACL entry from an ACL.
 .It Xo
-.Fn acl_get_file ,
 .Fn acl_get_fd ,
-.Fn acl_get_fd_np
+.Fn acl_get_fd_np ,
+.Fn acl_get_file ,
+.Fn acl_get_link_np
 .Xc
 These functions are described in
 .Xr acl_get 3 ,
@@ -138,9 +143,10 @@ This function is described in
 .Xr acl_init 3 ,
 and may be used to allocate a fresh (empty) ACL structure.
 .It Xo
-.Fn acl_set_file ,
 .Fn acl_set_fd ,
-.Fn acl_set_fd_np
+.Fn acl_set_fd_np ,
+.Fn acl_set_file ,
+.Fn acl_set_link_np
 .Xc
 These functions are described in
 .Xr acl_set 3 ,
@@ -163,8 +169,9 @@ This function is described in
 and may be used to generate a text-form of a POSIX.1e semantics ACL.
 .It Xo
 .Fn acl_valid ,
+.Fn acl_valid_fd_np ,
 .Fn acl_valid_file_np ,
-.Fn acl_valid_fd_np
+.Fn acl_valid_link_np
 .Xc
 These functions are described in
 .Xr acl_valid 3 ,
diff --git a/lib/libc/posix1e/acl_delete.3 b/lib/libc/posix1e/acl_delete.3
index b3fb658..41d4a530 100644
--- a/lib/libc/posix1e/acl_delete.3
+++ b/lib/libc/posix1e/acl_delete.3
@@ -1,7 +1,9 @@
 .\"-
-.\" Copyright (c) 2000 Robert N. M. Watson
+.\" Copyright (c) 2000, 2002 Robert N. M. Watson
 .\" All rights reserved.
 .\"
+.\" This software was developed by Robert Watson for the TrustedBSD Project.
+.\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
@@ -25,13 +27,15 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 28, 2000
+.Dd December 29, 2002
 .Dt ACL_DELETE 3
 .Os
 .Sh NAME
 .Nm acl_delete_def_file ,
+.Nm acl_delete_def_link_np ,
 .Nm acl_delete_fd_np ,
 .Nm acl_delete_file_np
+.Nm acl_delete_link_np
 .Nd delete an ACL from a file
 .Sh LIBRARY
 .Lb libc
@@ -41,23 +45,35 @@
 .Ft int
 .Fn acl_delete_def_file "const char *path_p"
 .Ft int
-.Fn acl_delete_file_np "const char *path_p" "acl_type_t type"
+.Fn acl_delete_def_link_np "const char *path_p"
 .Ft int
 .Fn acl_delete_fd_np "int filedes" "acl_type_t type"
+.Ft int
+.Fn acl_delete_file_np "const char *path_p" "acl_type_t type"
+.Ft int
+.Fn acl_delete_link_np "const char *path_p" "acl_type_t type"
 .Sh DESCRIPTION
 The
 .Fn acl_delete_def_file ,
+.Fn acl_delete_def_link_np ,
+.Fn acl_delete_fd_np ,
 .Fn acl_delete_file_np ,
 and
-.Fn acl_delete_fd_np
+.Fn acl_delete_link_np
 each allow the deletion of an ACL from a file.
 The
 .Fn acl_delete_def_file
 function
 is a POSIX.1e call that deletes the default ACL from a file (normally a
-directory) by name; the other two calls are non-portable extensions that
-allow deleting of arbitrary ACL types from a file/directory by either path
-name, or by file descriptor.
+directory) by name; the remainder of the calls are non-portable extensions
+that permit the deletion of arbitrary ACL types from a file/directory
+either by path name or file descriptor.
+The
+.Fn _file
+variations follow a symlink if it occurs in the last segment of the
+path name; the
+.Fn _linke
+variations operate on the symlink itself.
 .Sh IMPLEMENTATION NOTES
 .Fx Ns 's
 support for POSIX.1e interfaces and features is still under
@@ -120,5 +136,3 @@ POSIX.1e support was introduced in
 and development continues.
 .Sh AUTHORS
 .An Robert N M Watson
-.Sh BUGS
-These features are not yet fully implemented.
diff --git a/lib/libc/posix1e/acl_delete.c b/lib/libc/posix1e/acl_delete.c
index fc929c4..a93cd7b 100644
--- a/lib/libc/posix1e/acl_delete.c
+++ b/lib/libc/posix1e/acl_delete.c
@@ -1,7 +1,9 @@
 /*-
- * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson
+ * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
  * All rights reserved.
  *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -43,6 +45,12 @@ acl_delete_def_file(const char *path_p)
 	return (__acl_delete_file(path_p, ACL_TYPE_DEFAULT));
 }
 
+int
+acl_delete_def_link_np(const char *path_p)
+{
+
+	return (__acl_delete_link(path_p, ACL_TYPE_DEFAULT));
+}
 
 int
 acl_delete_file_np(const char *path_p, acl_type_t type)
@@ -51,6 +59,13 @@ acl_delete_file_np(const char *path_p, acl_type_t type)
 	return (__acl_delete_file(path_p, type));
 }
 
+int
+acl_delete_link_np(const char *path_p, acl_type_t type)
+{
+
+	return (__acl_delete_link(path_p, type));
+}
+
 
 int
 acl_delete_fd_np(int filedes, acl_type_t type)
diff --git a/lib/libc/posix1e/acl_get.3 b/lib/libc/posix1e/acl_get.3
index 4ca86b5..e39c0a4 100644
--- a/lib/libc/posix1e/acl_get.3
+++ b/lib/libc/posix1e/acl_get.3
@@ -1,7 +1,9 @@
 .\"-
-.\" Copyright (c) 2000 Robert N. M. Watson
+.\" Copyright (c) 2000, 2002 Robert N. M. Watson
 .\" All rights reserved.
 .\"
+.\" This software was developed by Robert Watson for the TrustedBSD Project.
+.\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
@@ -25,13 +27,14 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 28, 2000
+.Dd December 29, 2002
 .Dt ACL_GET 3
 .Os
 .Sh NAME
 .Nm acl_get_fd ,
 .Nm acl_get_fd_np ,
-.Nm acl_get_file
+.Nm acl_get_file ,
+.Nm acl_get_link_np
 .Nd get an ACL for a file
 .Sh LIBRARY
 .Lb libc
@@ -39,23 +42,21 @@
 .In sys/types.h
 .In sys/acl.h
 .Ft acl_t
-.Fn acl_get_file "const char *path_p" "acl_type_t type"
-.Ft acl_t
 .Fn acl_get_fd "int fd"
 .Ft acl_t
 .Fn acl_get_fd_np "int fd" "acl_type_t type"
+.Ft acl_t
+.Fn acl_get_file "const char *path_p" "acl_type_t type"
+.Ft acl_t
+.Fn acl_get_link_np "const char *path_p" "acl_type_t type"
 .Sh DESCRIPTION
 The
-.Fn acl_get_file ,
 .Fn acl_get_fd ,
-and
+.Fn acl_get_file ,
+.Fn acl_get_link_np ,
 .Fn acl_get_fd_np
 each allow the retrieval of an ACL from a file.
 The
-.Fn acl_get_file
-function
-is a POSIX.1e call that allows the retrieval of a
-specified type of ACL from a file by name;
 .Fn acl_get_fd
 is a POSIX.1e call that allows the retrieval of an ACL of type
 ACL_TYPE_ACCESS
@@ -66,8 +67,16 @@ function
 is a non-portable form of
 .Fn acl_get_fd
 that allows the retrieval of any type of ACL from a file descriptor.
+.Fn acl_get_file
+is a POSIX.1e call that allows the retrieval of a
+specified type of ACL from a file by name;
+.Fn acl_get_link_np
+is a non-portable variation on
+.Fn acl_get_file
+which does not follow a symlink if the target of the call is a
+symlink.
 .Pp
-This function may cause memory to be allocated.  The caller should free
+These functions may cause memory to be allocated.  The caller should free
 any releasable memory, when the new ACL is no longer required, by calling
 .Xr acl_free 3
 with the
@@ -139,5 +148,3 @@ POSIX.1e support was introduced in
 and development continues.
 .Sh AUTHORS
 .An Robert N M Watson
-.Sh BUGS
-These features are not yet fully implemented.
diff --git a/lib/libc/posix1e/acl_get.c b/lib/libc/posix1e/acl_get.c
index 87a51dd..1f97baa 100644
--- a/lib/libc/posix1e/acl_get.c
+++ b/lib/libc/posix1e/acl_get.c
@@ -1,7 +1,9 @@
 /*-
- * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson
+ * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
  * All rights reserved.
  *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -24,9 +26,11 @@
  * SUCH DAMAGE.
  */
 /*
- * acl_get_file - syscall wrapper for retrieving ACL by filename
  * acl_get_fd - syscall wrapper for retrieving access ACL by fd
  * acl_get_fd_np - syscall wrapper for retrieving ACL by fd (non-POSIX)
+ * acl_get_file - syscall wrapper for retrieving ACL by filename
+ * acl_get_link_np - syscall wrapper for retrieving ACL by filename (NOFOLLOW)
+ *                   (non-POSIX)
  * acl_get_perm_np() checks if a permission is in the specified
  *                   permset (non-POSIX)
  * acl_get_permset() returns the permission set in the ACL entry
@@ -66,6 +70,25 @@ acl_get_file(const char *path_p, acl_type_t type)
 }
 
 acl_t
+acl_get_link_np(const char *path_p, acl_type_t type)
+{
+	acl_t	aclp;
+	int	error;
+
+	aclp = acl_init(ACL_MAX_ENTRIES);
+	if (aclp == NULL)
+		return (NULL);
+
+	error = __acl_get_link(path_p, type, &aclp->ats_acl);
+	if (error) {
+		acl_free(aclp);
+		return (NULL);
+	}
+
+	return (aclp);
+}
+
+acl_t
 acl_get_fd(int fd)
 {
 	acl_t	aclp;
diff --git a/lib/libc/posix1e/acl_set.c b/lib/libc/posix1e/acl_set.c
index b9e6860..34d5a33 100644
--- a/lib/libc/posix1e/acl_set.c
+++ b/lib/libc/posix1e/acl_set.c
@@ -1,7 +1,9 @@
 /*-
- * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson
+ * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
  * All rights reserved.
  *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -70,6 +72,28 @@ acl_set_file(const char *path_p, acl_type_t type, acl_t acl)
 }
 
 int
+acl_set_link_np(const char *path_p, acl_type_t type, acl_t acl)
+{
+	int	error;
+
+	if (acl == NULL || path_p == NULL) {
+		errno = EINVAL;
+		return (-1);
+	}
+	if (_posix1e_acl(acl, type)) {
+		error = _posix1e_acl_sort(acl);
+		if (error) {
+			errno = error;
+			return (-1);
+		}
+	}
+
+	acl->ats_cur_entry = 0;
+
+	return (__acl_set_link(path_p, type, &acl->ats_acl));
+}
+
+int
 acl_set_fd(int fd, acl_t acl)
 {
 	int	error;
diff --git a/lib/libc/posix1e/acl_valid.3 b/lib/libc/posix1e/acl_valid.3
index 6e1b3d9..3d47da5 100644
--- a/lib/libc/posix1e/acl_valid.3
+++ b/lib/libc/posix1e/acl_valid.3
@@ -1,7 +1,9 @@
 .\"-
-.\" Copyright (c) 2000 Robert N. M. Watson
+.\" Copyright (c) 2000, 2002 Robert N. M. Watson
 .\" All rights reserved.
 .\"
+.\" This software was developed by Robert Watson for the TrustedBSD Project.
+.\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
@@ -25,13 +27,14 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 28, 2000
+.Dd December 29, 2002
 .Dt ACL_VALID 3
 .Os
 .Sh NAME
 .Nm acl_valid ,
 .Nm acl_valid_fd_np ,
-.Nm acl_valid_file_np
+.Nm acl_valid_file_np ,
+.Nm acl_valid_link_np
 .Nd validate an ACL
 .Sh LIBRARY
 .Lb libc
@@ -44,6 +47,8 @@
 .Fn acl_valid_fd_np "int fd" "acl_type_t type" "acl_t acl"
 .Ft int
 .Fn acl_valid_file_np "const char *path_p" "acl_type_t type" "acl_t acl"
+.Ft int
+.Fn acl_valid_link_np "const char *path_p" "acl_type_t type" "acl_t acl"
 .Sh DESCRIPTION
 These functions check that the ACL referred to by the argument
 .Va acl
@@ -51,13 +56,20 @@ is valid.  The POSIX.1e routine,
 .Fn acl_valid ,
 checks this validity only with POSIX.1e ACL semantics, and irrespective
 of the context in which the ACL is to be used.  The non-portable forms,
-.Fn acl_valid_fd_np
-and
+.Fn acl_valid_fd_np ,
 .Fn acl_valid_file_np ,
+and
+.Fn acl_valid_link_np
 allow an ACL to be checked in the context of a specific acl type,
 .Va type ,
-and file system object.  In environments where additional ACL types are
+and file system object.
+In environments where additional ACL types are
 supported than just POSIX.1e, this makes more sense.
+Whereas
+.Fn acl_valid_file_np
+will follow the symlink if the specified path is to a symlink,
+.Fn acl_valid_link_np
+will not.
 .Pp
 For POSIX.1e semantics, the checks include:
 .Bd -literal -offset indent
@@ -140,5 +152,3 @@ POSIX.1e support was introduced in
 and development continues.
 .Sh AUTHORS
 .An Robert N M Watson
-.Sh BUGS
-These features are not yet fully implemented.
diff --git a/lib/libc/posix1e/acl_valid.c b/lib/libc/posix1e/acl_valid.c
index 179e47e..9b1f9b9 100644
--- a/lib/libc/posix1e/acl_valid.c
+++ b/lib/libc/posix1e/acl_valid.c
@@ -1,7 +1,9 @@
 /*-
- * Copyright (c) 1999, 2000, 20001 Robert N. M. Watson
+ * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
  * All rights reserved.
  *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -70,7 +72,6 @@ acl_valid(acl_t acl)
 	}
 }
 
-
 int
 acl_valid_file_np(const char *pathp, acl_type_t type, acl_t acl)
 {
@@ -91,6 +92,25 @@ acl_valid_file_np(const char *pathp, acl_type_t type, acl_t acl)
 	return (__acl_aclcheck_file(pathp, type, &acl->ats_acl));
 }
 
+int
+acl_valid_link_np(const char *pathp, acl_type_t type, acl_t acl)
+{
+	int	error;
+
+	if (pathp == NULL || acl == NULL) {
+		errno = EINVAL;
+		return (-1);
+	}
+	if (_posix1e_acl(acl, type)) {
+		error = _posix1e_acl_sort(acl);
+		if (error) {
+			errno = error;
+			return (-1);
+		}
+	}
+
+	return (__acl_aclcheck_link(pathp, type, &acl->ats_acl));
+}
 
 int
 acl_valid_fd_np(int fd, acl_type_t type, acl_t acl)