logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

vaccess_acl_nfs4 — generate a NFSv4 ACL access control decision using vnode parameters

Authors

       Current implementation of vaccess_acl_nfs4() was written by Edward Tomasz Napierala <trasz@FreeBSD.org>.

Bugs

       This  manual  page  should  include  a  full  description of the NFSv4 ACL evaluation algorithm, or cross
       reference another page that does.

Debian                                         September 18, 2009                            VACCESS_ACL_NFS4(9)

Description

       This call implements the logic for the Unix discretionary file security model with NFSv4 ACL  extensions.
       It  accepts  the vnodes type type, owning UID file_uid, owning GID file_gid, access ACL for the file acl,
       desired access mode accmode, requesting credential cred, and an optional  call-by-reference  int  pointer
       returning  whether  or  not  privilege  was  required for successful evaluation of the call; the privused
       pointer may be set to NULL by the caller in order not to be informed of privilege information, or it  may
       point to an integer that will be set to 1 if privilege is used, and 0 otherwise.

       This  call  is  intended  to  support  implementations  of VOP_ACCESS(9), which will use their own access
       methods to retrieve the vnode properties, and then invoke vaccess_acl_nfs4()  in  order  to  perform  the
       actual  check.   Implementations  of VOP_ACCESS(9) may choose to implement additional security mechanisms
       whose results will be composed with the return value.

       The algorithm used by vaccess_acl_nfs4() is based on the NFSv4 ACL evaluation algorithm, as described  in
       NFSv4  Minor  Version  1,  draft-ietf-nfsv4-minorversion1-21.txt.  The algorithm selects a matching entry
       from the access ACL, which may then be composed with an available ACL mask entry, providing Unix security
       compatibility.

       Once appropriate protections are selected for the current  credential,  the  requested  access  mode,  in
       combination  with  the  vnode  type,  will  be  compared  with the discretionary rights available for the
       credential.  If the rights  granted  by  discretionary  protections  are  insufficient,  then  super-user
       privilege, if available for the credential, will also be considered.

Errors

       [EACCES]           Permission  denied.   An  attempt  was made to access a file in a way forbidden by its
                          file access permissions.

       [EPERM]            Operation not permitted.  An attempt was made  to  perform  an  operation  limited  to
                          processes with appropriate privileges or to the owner of a file or other resource.

Name

       vaccess_acl_nfs4 — generate a NFSv4 ACL access control decision using vnode parameters

Return Values

vaccess_acl_nfs4() will return 0 on success, or a non-zero error value on failure.

See Also

vaccess(9), vnode(9), VOP_ACCESS(9)

Synopsis

#include<sys/param.h>#include<sys/vnode.h>#include<sys/acl.h>intvaccess_acl_nfs4(enumvtypetype,  uid_tfile_uid,  gid_tfile_gid,  structacl*acl,  accmode_taccmode,
           structucred*cred, int*privused);

See Also