From owner-svn-src-head@FreeBSD.ORG  Tue Apr 17 14:54:00 2012
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id DC2041065672;
	Tue, 17 Apr 2012 14:54:00 +0000 (UTC)
	(envelope-from trasz@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id C6C2B8FC0A;
	Tue, 17 Apr 2012 14:54:00 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q3HEs0hn086887;
	Tue, 17 Apr 2012 14:54:00 GMT (envelope-from trasz@svn.freebsd.org)
Received: (from trasz@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q3HEs0cE086885;
	Tue, 17 Apr 2012 14:54:00 GMT (envelope-from trasz@svn.freebsd.org)
Message-Id: <201204171454.q3HEs0cE086885@svn.freebsd.org>
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
Date: Tue, 17 Apr 2012 14:54:00 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r234385 - head/sys/kern
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2012 14:54:01 -0000

Author: trasz
Date: Tue Apr 17 14:54:00 2012
New Revision: 234385
URL: http://svn.freebsd.org/changeset/base/234385

Log:
  Fix bug where NFSv4 ACL enforcement code wouldn't unconditionally
  allow the owner to read and write ACL and file attributes when there
  was no entry with subject matching the owner.  In other words,
  'getfacl meh' shouldn't fail for the owner if the ACL looks like this:
  
  # file: meh
  # owner: trasz
  # group: wheel
           user:root:------a-------:------:allow
  
  Reported by:	kientzle

Modified:
  head/sys/kern/subr_acl_nfs4.c

Modified: head/sys/kern/subr_acl_nfs4.c
==============================================================================
--- head/sys/kern/subr_acl_nfs4.c	Tue Apr 17 14:37:29 2012	(r234384)
+++ head/sys/kern/subr_acl_nfs4.c	Tue Apr 17 14:54:00 2012	(r234385)
@@ -162,6 +162,9 @@ _acl_denies(const struct acl *aclp, int 
 			return (0);
 	}
 
+	if (access_mask == 0)
+		return (0);
+
 	return (1);
 }