diff options
| author | trasz <trasz@FreeBSD.org> | 2012-04-17 14:54:00 +0000 |
|---|---|---|
| committer | trasz <trasz@FreeBSD.org> | 2012-04-17 14:54:00 +0000 |
| commit | 7f09aee7a12feb487299902e6c6ec4c3ae44cdf3 (patch) | |
| tree | 585b60aec15aa21382037b692eecd6dec3d47f0b /sys/kern/subr_acl_nfs4.c | |
| parent | 29ba0a35f6797ce4bf491112e3cf87135d7699fa (diff) | |
| download | FreeBSD-src-7f09aee7a12feb487299902e6c6ec4c3ae44cdf3.zip FreeBSD-src-7f09aee7a12feb487299902e6c6ec4c3ae44cdf3.tar.gz | |
Fix bug where NFSv4 ACL enforcement code wouldn't unconditionally
allow the owner to read and write ACL and file attributes when there
was no entry with subject matching the owner. In other words,
'getfacl meh' shouldn't fail for the owner if the ACL looks like this:
# file: meh
# owner: trasz
# group: wheel
user:root:------a-------:------:allow
Reported by: kientzle
Diffstat (limited to 'sys/kern/subr_acl_nfs4.c')
| -rw-r--r-- | sys/kern/subr_acl_nfs4.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/kern/subr_acl_nfs4.c b/sys/kern/subr_acl_nfs4.c index ce45be3..ef378a0 100644 --- a/sys/kern/subr_acl_nfs4.c +++ b/sys/kern/subr_acl_nfs4.c @@ -162,6 +162,9 @@ _acl_denies(const struct acl *aclp, int access_mask, struct ucred *cred, return (0); } + if (access_mask == 0) + return (0); + return (1); } |
