2 * Copyright (c) 1999 Robert N. M. Watson
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 *$FreeBSD: src/lib/libposix1e/acl_support.c,v 1.3 2000/01/26 04:19:37 rwatson Exp $
27 *$DragonFly: src/lib/libposix1e/acl_support.c,v 1.3 2005/08/04 17:27:09 drhodus Exp $
30 * Support functionality for the POSIX.1e ACL interface
31 * These calls are intended only to be called within the library.
34 #include <sys/types.h>
42 #include "acl_support.h"
44 #define ACL_STRING_PERM_WRITE 'w'
45 #define ACL_STRING_PERM_READ 'r'
46 #define ACL_STRING_PERM_EXEC 'x'
47 #define ACL_STRING_PERM_NONE '-'
50 * acl_entry_compare -- compare two acl_entry structures to determine the
51 * order they should appear in. Used by acl_sort to sort ACL entries into
52 * the kernel-desired order -- i.e., the order useful for evaluation and
53 * O(n) validity checking. Beter to have an O(nlogn) sort in userland and
54 * an O(n) in kernel than to have both in kernel.
56 typedef int (*compare
)(const void *, const void *);
58 acl_entry_compare(struct acl_entry
*a
, struct acl_entry
*b
)
61 * First, sort between tags -- conveniently defined in the correct
62 * order for verification.
64 if (a
->ae_tag
< b
->ae_tag
)
66 if (a
->ae_tag
> b
->ae_tag
)
70 * Next compare uids/gids on appropriate types.
73 if (a
->ae_tag
== ACL_USER
|| a
->ae_tag
== ACL_GROUP
) {
74 if (a
->ae_id
< b
->ae_id
)
76 if (a
->ae_id
> b
->ae_id
)
79 /* shouldn't be equal, fall through to the invalid case */
83 * Don't know how to sort multiple entries of the rest--either it's
84 * a bad entry, or there shouldn't be more than one. Ignore and the
85 * validity checker can get it later.
91 * acl_sort -- sort ACL entries.
92 * Give the opportunity to fail, althouh we don't currently have a way
99 qsort(&acl
->acl_entry
[0], acl
->acl_cnt
, sizeof(struct acl_entry
),
100 (compare
) acl_entry_compare
);
106 * acl_posix1e -- in what situations should we acl_sort before submission?
107 * We apply posix1e ACL semantics for any ACL of type ACL_TYPE_ACCESS or
111 acl_posix1e(acl_t acl
, acl_type_t type
)
114 return ((type
== ACL_TYPE_ACCESS
) || (type
== ACL_TYPE_DEFAULT
));
118 * acl_check -- given an ACL, check its validity. This is mirrored from
119 * code in sys/kern/kern_acl.c, and if changes are made in one, they should
120 * be made in the other also. This copy of acl_check is made available
121 * in userland for the benefit of processes wanting to check ACLs for
122 * validity before submitting them to the kernel, or for performing
123 * in userland file system checking. Needless to say, the kernel makes
124 * the real checks on calls to get/setacl.
126 * See the comments in kernel for explanation -- just briefly, it assumes
127 * an already sorted ACL, and checks based on that assumption. The
128 * POSIX.1e interface, acl_valid(), will perform the sort before calling
129 * this. Returns 0 on success, EINVAL on failure.
132 acl_check(struct acl
*acl
)
134 struct acl_entry
*entry
; /* current entry */
135 uid_t obj_uid
=-1, obj_gid
=-1, highest_uid
=0, highest_gid
=0;
136 int stage
= ACL_USER_OBJ
;
138 int count_user_obj
=0, count_user
=0, count_group_obj
=0,
139 count_group
=0, count_mask
=0, count_other
=0;
141 /* printf("acl_check: checking acl with %d entries\n", acl->acl_cnt); */
142 while (i
< acl
->acl_cnt
) {
144 entry
= &acl
->acl_entry
[i
];
146 if ((entry
->ae_perm
| ACL_PERM_BITS
) != ACL_PERM_BITS
)
149 switch(entry
->ae_tag
) {
151 /* printf("acl_check: %d: ACL_USER_OBJ\n", i); */
152 if (stage
> ACL_USER_OBJ
)
156 obj_uid
= entry
->ae_id
;
160 /* printf("acl_check: %d: ACL_USER\n", i); */
161 if (stage
> ACL_USER
)
164 if (entry
->ae_id
== obj_uid
)
166 if (count_user
&& (entry
->ae_id
<= highest_uid
))
168 highest_uid
= entry
->ae_id
;
173 /* printf("acl_check: %d: ACL_GROUP_OBJ\n", i); */
174 if (stage
> ACL_GROUP_OBJ
)
178 obj_gid
= entry
->ae_id
;
182 /* printf("acl_check: %d: ACL_GROUP\n", i); */
183 if (stage
> ACL_GROUP
)
186 if (entry
->ae_id
== obj_gid
)
188 if (count_group
&& (entry
->ae_id
<= highest_gid
))
190 highest_gid
= entry
->ae_id
;
195 /* printf("acl_check: %d: ACL_MASK\n", i); */
196 if (stage
> ACL_MASK
)
203 /* printf("acl_check: %d: ACL_OTHER\n", i); */
204 if (stage
> ACL_OTHER
)
211 /* printf("acl_check: %d: INVALID\n", i); */
217 if (count_user_obj
!= 1)
220 if (count_group_obj
!= 1)
223 if (count_mask
!= 0 && count_mask
!= 1)
226 if (count_other
!= 1)
234 * Given a uid/gid, return a username/groupname for the text form of an ACL
235 * XXX NOT THREAD SAFE, RELIES ON GETPWUID, GETGRGID
236 * XXX USES *PW* AND *GR* WHICH ARE STATEFUL AND THEREFORE THIS ROUTINE
237 * MAY HAVE SIDE-EFFECTS
240 acl_id_to_name(acl_tag_t tag
, uid_t id
, ssize_t buf_len
, char *buf
)
250 i
= snprintf(buf
, buf_len
, "%d", id
);
252 i
= snprintf(buf
, buf_len
, "%s", p
->pw_name
);
263 i
= snprintf(buf
, buf_len
, "%d", id
);
265 i
= snprintf(buf
, buf_len
, "%s", g
->gr_name
);
280 * Given a username/groupname from a text form of an ACL, return the uid/gid
281 * XXX NOT THREAD SAFE, RELIES ON GETPWNAM, GETGRNAM
282 * XXX USES *PW* AND *GR* WHICH ARE STATEFUL AND THEREFORE THIS ROUTINE
283 * MAY HAVE SIDE-EFFECTS
285 * XXX currently doesn't deal correctly with a numeric uid being passed
286 * instead of a username. What is correct behavior here? Check chown.
289 acl_name_to_id(acl_tag_t tag
, char *name
, uid_t
*id
)
320 * Given a right-shifted permission (i.e., direct ACL_PERM_* mask), fill
321 * in a string describing the permissions.
324 acl_perm_to_string(acl_perm_t perm
, ssize_t buf_len
, char *buf
)
327 if (buf_len
< ACL_STRING_PERM_MAXSIZE
+ 1) {
332 if ((perm
| ACL_PERM_BITS
) != ACL_PERM_BITS
) {
337 buf
[3] = 0; /* null terminate */
339 if (perm
& ACL_PERM_READ
)
340 buf
[0] = ACL_STRING_PERM_READ
;
342 buf
[0] = ACL_STRING_PERM_NONE
;
344 if (perm
& ACL_PERM_WRITE
)
345 buf
[1] = ACL_STRING_PERM_WRITE
;
347 buf
[1] = ACL_STRING_PERM_NONE
;
349 if (perm
& ACL_PERM_EXEC
)
350 buf
[2] = ACL_STRING_PERM_EXEC
;
352 buf
[2] = ACL_STRING_PERM_NONE
;
358 * given a string, return a permission describing it
361 acl_string_to_perm(char *string
, acl_perm_t
*perm
)
363 acl_perm_t myperm
= ACL_PERM_NONE
;
369 case ACL_STRING_PERM_READ
:
370 myperm
|= ACL_PERM_READ
;
372 case ACL_STRING_PERM_WRITE
:
373 myperm
|= ACL_PERM_WRITE
;
375 case ACL_STRING_PERM_EXEC
:
376 myperm
|= ACL_PERM_EXEC
;
378 case ACL_STRING_PERM_NONE
:
391 * Add an ACL entry without doing much checking, et al
394 acl_add_entry(acl_t acl
, acl_tag_t tag
, uid_t id
, acl_perm_t perm
)
398 if (acl
->acl_cnt
>= ACL_MAX_ENTRIES
) {
403 e
= &(acl
->acl_entry
[acl
->acl_cnt
]);