Make heredocs more robust in Tramp.
[emacs.git] / lib / file-has-acl.c
blob5104a41eb6f6baf12a30a8485e91bda741aac12d
1 /* Test whether a file has a nontrivial access control list.
3 Copyright (C) 2002-2003, 2005-2014 Free Software Foundation, Inc.
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 Written by Paul Eggert, Andreas Grünbacher, and Bruno Haible. */
20 /* Without this pragma, gcc 4.7.0 20120126 may suggest that the
21 file_has_acl function might be candidate for attribute 'const' */
22 #if (__GNUC__ == 4 && 6 <= __GNUC_MINOR__) || 4 < __GNUC__
23 # pragma GCC diagnostic ignored "-Wsuggest-attribute=const"
24 #endif
26 #include <config.h>
28 #include "acl.h"
30 #include "acl-internal.h"
33 #if USE_ACL && HAVE_ACL_GET_FILE
35 # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */
37 /* ACL is an ACL, from a file, stored as type ACL_TYPE_EXTENDED.
38 Return 1 if the given ACL is non-trivial.
39 Return 0 if it is trivial. */
40 int
41 acl_extended_nontrivial (acl_t acl)
43 /* acl is non-trivial if it is non-empty. */
44 return (acl_entries (acl) > 0);
47 # else /* Linux, FreeBSD, IRIX, Tru64 */
49 /* ACL is an ACL, from a file, stored as type ACL_TYPE_ACCESS.
50 Return 1 if the given ACL is non-trivial.
51 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode.
52 Return -1 and set errno upon failure to determine it. */
53 int
54 acl_access_nontrivial (acl_t acl)
56 /* acl is non-trivial if it has some entries other than for "user::",
57 "group::", and "other::". Normally these three should be present
58 at least, allowing us to write
59 return (3 < acl_entries (acl));
60 but the following code is more robust. */
61 # if HAVE_ACL_FIRST_ENTRY /* Linux, FreeBSD */
63 acl_entry_t ace;
64 int got_one;
66 for (got_one = acl_get_entry (acl, ACL_FIRST_ENTRY, &ace);
67 got_one > 0;
68 got_one = acl_get_entry (acl, ACL_NEXT_ENTRY, &ace))
70 acl_tag_t tag;
71 if (acl_get_tag_type (ace, &tag) < 0)
72 return -1;
73 if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ || tag == ACL_OTHER))
74 return 1;
76 return got_one;
78 # elif HAVE_ACL_TO_SHORT_TEXT /* IRIX */
79 /* Don't use acl_get_entry: it is undocumented. */
81 int count = acl->acl_cnt;
82 int i;
84 for (i = 0; i < count; i++)
86 acl_entry_t ace = &acl->acl_entry[i];
87 acl_tag_t tag = ace->ae_tag;
89 if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ
90 || tag == ACL_OTHER_OBJ))
91 return 1;
93 return 0;
95 # elif HAVE_ACL_FREE_TEXT /* Tru64 */
96 /* Don't use acl_get_entry: it takes only one argument and does not work. */
98 int count = acl->acl_num;
99 acl_entry_t ace;
101 for (ace = acl->acl_first; count > 0; ace = ace->next, count--)
103 acl_tag_t tag;
104 acl_perm_t perm;
106 tag = ace->entry->acl_type;
107 if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ || tag == ACL_OTHER))
108 return 1;
110 perm = ace->entry->acl_perm;
111 /* On Tru64, perm can also contain non-standard bits such as
112 PERM_INSERT, PERM_DELETE, PERM_MODIFY, PERM_LOOKUP, ... */
113 if ((perm & ~(ACL_READ | ACL_WRITE | ACL_EXECUTE)) != 0)
114 return 1;
116 return 0;
118 # else
120 errno = ENOSYS;
121 return -1;
122 # endif
125 # endif
128 #elif USE_ACL && HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */
130 /* Test an ACL retrieved with GETACL.
131 Return 1 if the given ACL, consisting of COUNT entries, is non-trivial.
132 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
134 acl_nontrivial (int count, aclent_t *entries)
136 int i;
138 for (i = 0; i < count; i++)
140 aclent_t *ace = &entries[i];
142 /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat().
143 If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat().
144 We don't need to check ace->a_id in these cases. */
145 if (!(ace->a_type == USER_OBJ
146 || ace->a_type == GROUP_OBJ
147 || ace->a_type == OTHER_OBJ
148 /* Note: Cygwin does not return a CLASS_OBJ ("mask:") entry
149 sometimes. */
150 || ace->a_type == CLASS_OBJ))
151 return 1;
153 return 0;
156 # ifdef ACE_GETACL
158 /* A shortcut for a bitmask. */
159 # define NEW_ACE_WRITEA_DATA (NEW_ACE_WRITE_DATA | NEW_ACE_APPEND_DATA)
161 /* Test an ACL retrieved with ACE_GETACL.
162 Return 1 if the given ACL, consisting of COUNT entries, is non-trivial.
163 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
165 acl_ace_nontrivial (int count, ace_t *entries)
167 int i;
169 /* The flags in the ace_t structure changed in a binary incompatible way
170 when ACL_NO_TRIVIAL etc. were introduced in <sys/acl.h> version 1.15.
171 How to distinguish the two conventions at runtime?
172 In the old convention, usually three ACEs have a_flags = ACE_OWNER /
173 ACE_GROUP / ACE_OTHER, in the range 0x0100..0x0400. In the new
174 convention, these values are not used. */
175 int old_convention = 0;
177 for (i = 0; i < count; i++)
178 if (entries[i].a_flags & (OLD_ACE_OWNER | OLD_ACE_GROUP | OLD_ACE_OTHER))
180 old_convention = 1;
181 break;
184 if (old_convention)
185 /* Running on Solaris 10. */
186 for (i = 0; i < count; i++)
188 ace_t *ace = &entries[i];
190 /* Note:
191 If ace->a_flags = ACE_OWNER, ace->a_who is the st_uid from stat().
192 If ace->a_flags = ACE_GROUP, ace->a_who is the st_gid from stat().
193 We don't need to check ace->a_who in these cases. */
194 if (!(ace->a_type == OLD_ALLOW
195 && (ace->a_flags == OLD_ACE_OWNER
196 || ace->a_flags == OLD_ACE_GROUP
197 || ace->a_flags == OLD_ACE_OTHER)))
198 return 1;
200 else
202 /* Running on Solaris 10 (newer version) or Solaris 11. */
203 unsigned int access_masks[6] =
205 0, /* owner@ deny */
206 0, /* owner@ allow */
207 0, /* group@ deny */
208 0, /* group@ allow */
209 0, /* everyone@ deny */
210 0 /* everyone@ allow */
213 for (i = 0; i < count; i++)
215 ace_t *ace = &entries[i];
216 unsigned int index1;
217 unsigned int index2;
219 if (ace->a_type == NEW_ACE_ACCESS_ALLOWED_ACE_TYPE)
220 index1 = 1;
221 else if (ace->a_type == NEW_ACE_ACCESS_DENIED_ACE_TYPE)
222 index1 = 0;
223 else
224 return 1;
226 if (ace->a_flags == NEW_ACE_OWNER)
227 index2 = 0;
228 else if (ace->a_flags == (NEW_ACE_GROUP | NEW_ACE_IDENTIFIER_GROUP))
229 index2 = 2;
230 else if (ace->a_flags == NEW_ACE_EVERYONE)
231 index2 = 4;
232 else
233 return 1;
235 access_masks[index1 + index2] |= ace->a_access_mask;
238 /* The same bit shouldn't be both allowed and denied. */
239 if (access_masks[0] & access_masks[1])
240 return 1;
241 if (access_masks[2] & access_masks[3])
242 return 1;
243 if (access_masks[4] & access_masks[5])
244 return 1;
246 /* Check minimum masks. */
247 if ((NEW_ACE_WRITE_NAMED_ATTRS
248 | NEW_ACE_WRITE_ATTRIBUTES
249 | NEW_ACE_WRITE_ACL
250 | NEW_ACE_WRITE_OWNER)
251 & ~ access_masks[1])
252 return 1;
253 access_masks[1] &= ~(NEW_ACE_WRITE_NAMED_ATTRS
254 | NEW_ACE_WRITE_ATTRIBUTES
255 | NEW_ACE_WRITE_ACL
256 | NEW_ACE_WRITE_OWNER);
257 if ((NEW_ACE_READ_NAMED_ATTRS
258 | NEW_ACE_READ_ATTRIBUTES
259 | NEW_ACE_READ_ACL
260 | NEW_ACE_SYNCHRONIZE)
261 & ~ access_masks[5])
262 return 1;
263 access_masks[5] &= ~(NEW_ACE_READ_NAMED_ATTRS
264 | NEW_ACE_READ_ATTRIBUTES
265 | NEW_ACE_READ_ACL
266 | NEW_ACE_SYNCHRONIZE);
268 /* Check the allowed or denied bits. */
269 switch ((access_masks[0] | access_masks[1])
270 & ~(NEW_ACE_READ_NAMED_ATTRS
271 | NEW_ACE_READ_ATTRIBUTES
272 | NEW_ACE_READ_ACL
273 | NEW_ACE_SYNCHRONIZE))
275 case 0:
276 case NEW_ACE_READ_DATA:
277 case NEW_ACE_WRITEA_DATA:
278 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA:
279 case NEW_ACE_EXECUTE:
280 case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE:
281 case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
282 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
283 break;
284 default:
285 return 1;
287 switch ((access_masks[2] | access_masks[3])
288 & ~(NEW_ACE_READ_NAMED_ATTRS
289 | NEW_ACE_READ_ATTRIBUTES
290 | NEW_ACE_READ_ACL
291 | NEW_ACE_SYNCHRONIZE))
293 case 0:
294 case NEW_ACE_READ_DATA:
295 case NEW_ACE_WRITEA_DATA:
296 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA:
297 case NEW_ACE_EXECUTE:
298 case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE:
299 case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
300 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
301 break;
302 default:
303 return 1;
305 switch ((access_masks[4] | access_masks[5])
306 & ~(NEW_ACE_WRITE_NAMED_ATTRS
307 | NEW_ACE_WRITE_ATTRIBUTES
308 | NEW_ACE_WRITE_ACL
309 | NEW_ACE_WRITE_OWNER))
311 case 0:
312 case NEW_ACE_READ_DATA:
313 case NEW_ACE_WRITEA_DATA:
314 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA:
315 case NEW_ACE_EXECUTE:
316 case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE:
317 case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
318 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
319 break;
320 default:
321 return 1;
324 /* Check that the NEW_ACE_WRITE_DATA and NEW_ACE_APPEND_DATA bits are
325 either both allowed or both denied. */
326 if (((access_masks[0] & NEW_ACE_WRITE_DATA) != 0)
327 != ((access_masks[0] & NEW_ACE_APPEND_DATA) != 0))
328 return 1;
329 if (((access_masks[2] & NEW_ACE_WRITE_DATA) != 0)
330 != ((access_masks[2] & NEW_ACE_APPEND_DATA) != 0))
331 return 1;
332 if (((access_masks[4] & NEW_ACE_WRITE_DATA) != 0)
333 != ((access_masks[4] & NEW_ACE_APPEND_DATA) != 0))
334 return 1;
337 return 0;
340 # endif
342 #elif USE_ACL && HAVE_GETACL /* HP-UX */
344 /* Return 1 if the given ACL is non-trivial.
345 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
347 acl_nontrivial (int count, struct acl_entry *entries, struct stat *sb)
349 int i;
351 for (i = 0; i < count; i++)
353 struct acl_entry *ace = &entries[i];
355 if (!((ace->uid == sb->st_uid && ace->gid == ACL_NSGROUP)
356 || (ace->uid == ACL_NSUSER && ace->gid == sb->st_gid)
357 || (ace->uid == ACL_NSUSER && ace->gid == ACL_NSGROUP)))
358 return 1;
360 return 0;
363 # if HAVE_ACLV_H /* HP-UX >= 11.11 */
365 /* Return 1 if the given ACL is non-trivial.
366 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
368 aclv_nontrivial (int count, struct acl *entries)
370 int i;
372 for (i = 0; i < count; i++)
374 struct acl *ace = &entries[i];
376 /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat().
377 If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat().
378 We don't need to check ace->a_id in these cases. */
379 if (!(ace->a_type == USER_OBJ /* no need to check ace->a_id here */
380 || ace->a_type == GROUP_OBJ /* no need to check ace->a_id here */
381 || ace->a_type == CLASS_OBJ
382 || ace->a_type == OTHER_OBJ))
383 return 1;
385 return 0;
388 # endif
390 #elif USE_ACL && (HAVE_ACLX_GET || HAVE_STATACL) /* AIX */
392 /* Return 1 if the given ACL is non-trivial.
393 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
395 acl_nontrivial (struct acl *a)
397 /* The normal way to iterate through an ACL is like this:
398 struct acl_entry *ace;
399 for (ace = a->acl_ext; ace != acl_last (a); ace = acl_nxt (ace))
401 struct ace_id *aei;
402 switch (ace->ace_type)
404 case ACC_PERMIT:
405 case ACC_DENY:
406 case ACC_SPECIFY:
407 ...;
409 for (aei = ace->ace_id; aei != id_last (ace); aei = id_nxt (aei))
413 return (acl_last (a) != a->acl_ext ? 1 : 0);
416 # if HAVE_ACLX_GET && defined ACL_AIX_WIP /* newer AIX */
418 /* Return 1 if the given ACL is non-trivial.
419 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
421 acl_nfs4_nontrivial (nfs4_acl_int_t *a)
423 # if 1 /* let's try this first */
424 return (a->aclEntryN > 0 ? 1 : 0);
425 # else
426 int count = a->aclEntryN;
427 int i;
429 for (i = 0; i < count; i++)
431 nfs4_ace_int_t *ace = &a->aclEntry[i];
433 if (!((ace->flags & ACE4_ID_SPECIAL) != 0
434 && (ace->aceWho.special_whoid == ACE4_WHO_OWNER
435 || ace->aceWho.special_whoid == ACE4_WHO_GROUP
436 || ace->aceWho.special_whoid == ACE4_WHO_EVERYONE)
437 && ace->aceType == ACE4_ACCESS_ALLOWED_ACE_TYPE
438 && ace->aceFlags == 0
439 && (ace->aceMask & ~(ACE4_READ_DATA | ACE4_LIST_DIRECTORY
440 | ACE4_WRITE_DATA | ACE4_ADD_FILE
441 | ACE4_EXECUTE)) == 0))
442 return 1;
444 return 0;
445 # endif
448 # endif
450 #elif USE_ACL && HAVE_ACLSORT /* NonStop Kernel */
452 /* Test an ACL retrieved with ACL_GET.
453 Return 1 if the given ACL, consisting of COUNT entries, is non-trivial.
454 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
456 acl_nontrivial (int count, struct acl *entries)
458 int i;
460 for (i = 0; i < count; i++)
462 struct acl *ace = &entries[i];
464 /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat().
465 If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat().
466 We don't need to check ace->a_id in these cases. */
467 if (!(ace->a_type == USER_OBJ /* no need to check ace->a_id here */
468 || ace->a_type == GROUP_OBJ /* no need to check ace->a_id here */
469 || ace->a_type == CLASS_OBJ
470 || ace->a_type == OTHER_OBJ))
471 return 1;
473 return 0;
476 #endif
479 /* Return 1 if NAME has a nontrivial access control list, 0 if NAME
480 only has no or a base access control list, and -1 (setting errno)
481 on error. SB must be set to the stat buffer of NAME, obtained
482 through stat() or lstat(). */
485 file_has_acl (char const *name, struct stat const *sb)
487 #if USE_ACL
488 if (! S_ISLNK (sb->st_mode))
490 # if HAVE_ACL_GET_FILE
492 /* POSIX 1003.1e (draft 17 -- abandoned) specific version. */
493 /* Linux, FreeBSD, Mac OS X, IRIX, Tru64 */
494 int ret;
496 if (HAVE_ACL_EXTENDED_FILE) /* Linux */
498 /* On Linux, acl_extended_file is an optimized function: It only
499 makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for
500 ACL_TYPE_DEFAULT. */
501 ret = acl_extended_file (name);
503 else /* FreeBSD, Mac OS X, IRIX, Tru64 */
505 # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */
506 /* On Mac OS X, acl_get_file (name, ACL_TYPE_ACCESS)
507 and acl_get_file (name, ACL_TYPE_DEFAULT)
508 always return NULL / EINVAL. There is no point in making
509 these two useless calls. The real ACL is retrieved through
510 acl_get_file (name, ACL_TYPE_EXTENDED). */
511 acl_t acl = acl_get_file (name, ACL_TYPE_EXTENDED);
512 if (acl)
514 ret = acl_extended_nontrivial (acl);
515 acl_free (acl);
517 else
518 ret = -1;
519 # else /* FreeBSD, IRIX, Tru64 */
520 acl_t acl = acl_get_file (name, ACL_TYPE_ACCESS);
521 if (acl)
523 int saved_errno;
525 ret = acl_access_nontrivial (acl);
526 saved_errno = errno;
527 acl_free (acl);
528 errno = saved_errno;
529 # if HAVE_ACL_FREE_TEXT /* Tru64 */
530 /* On OSF/1, acl_get_file (name, ACL_TYPE_DEFAULT) always
531 returns NULL with errno not set. There is no point in
532 making this call. */
533 # else /* FreeBSD, IRIX */
534 /* On Linux, FreeBSD, IRIX, acl_get_file (name, ACL_TYPE_ACCESS)
535 and acl_get_file (name, ACL_TYPE_DEFAULT) on a directory
536 either both succeed or both fail; it depends on the
537 file system. Therefore there is no point in making the second
538 call if the first one already failed. */
539 if (ret == 0 && S_ISDIR (sb->st_mode))
541 acl = acl_get_file (name, ACL_TYPE_DEFAULT);
542 if (acl)
544 ret = (0 < acl_entries (acl));
545 acl_free (acl);
547 else
548 ret = -1;
550 # endif
552 else
553 ret = -1;
554 # endif
556 if (ret < 0)
557 return - acl_errno_valid (errno);
558 return ret;
560 # elif HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */
562 # if defined ACL_NO_TRIVIAL
564 /* Solaris 10 (newer version), which has additional API declared in
565 <sys/acl.h> (acl_t) and implemented in libsec (acl_set, acl_trivial,
566 acl_fromtext, ...). */
567 return acl_trivial (name);
569 # else /* Solaris, Cygwin, general case */
571 /* Solaris 2.5 through Solaris 10, Cygwin, and contemporaneous versions
572 of Unixware. The acl() call returns the access and default ACL both
573 at once. */
575 /* Initially, try to read the entries into a stack-allocated buffer.
576 Use malloc if it does not fit. */
577 enum
579 alloc_init = 4000 / sizeof (aclent_t), /* >= 3 */
580 alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (aclent_t))
582 aclent_t buf[alloc_init];
583 size_t alloc = alloc_init;
584 aclent_t *entries = buf;
585 aclent_t *malloced = NULL;
586 int count;
588 for (;;)
590 count = acl (name, GETACL, alloc, entries);
591 if (count < 0 && errno == ENOSPC)
593 /* Increase the size of the buffer. */
594 free (malloced);
595 if (alloc > alloc_max / 2)
597 errno = ENOMEM;
598 return -1;
600 alloc = 2 * alloc; /* <= alloc_max */
601 entries = malloced =
602 (aclent_t *) malloc (alloc * sizeof (aclent_t));
603 if (entries == NULL)
605 errno = ENOMEM;
606 return -1;
608 continue;
610 break;
612 if (count < 0)
614 if (errno == ENOSYS || errno == ENOTSUP)
616 else
618 int saved_errno = errno;
619 free (malloced);
620 errno = saved_errno;
621 return -1;
624 else if (count == 0)
626 else
628 /* Don't use MIN_ACL_ENTRIES: It's set to 4 on Cygwin, but Cygwin
629 returns only 3 entries for files with no ACL. But this is safe:
630 If there are more than 4 entries, there cannot be only the
631 "user::", "group::", "other:", and "mask:" entries. */
632 if (count > 4)
634 free (malloced);
635 return 1;
638 if (acl_nontrivial (count, entries))
640 free (malloced);
641 return 1;
644 free (malloced);
647 # ifdef ACE_GETACL
648 /* Solaris also has a different variant of ACLs, used in ZFS and NFSv4
649 file systems (whereas the other ones are used in UFS file systems). */
651 /* Initially, try to read the entries into a stack-allocated buffer.
652 Use malloc if it does not fit. */
653 enum
655 alloc_init = 4000 / sizeof (ace_t), /* >= 3 */
656 alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (ace_t))
658 ace_t buf[alloc_init];
659 size_t alloc = alloc_init;
660 ace_t *entries = buf;
661 ace_t *malloced = NULL;
662 int count;
664 for (;;)
666 count = acl (name, ACE_GETACL, alloc, entries);
667 if (count < 0 && errno == ENOSPC)
669 /* Increase the size of the buffer. */
670 free (malloced);
671 if (alloc > alloc_max / 2)
673 errno = ENOMEM;
674 return -1;
676 alloc = 2 * alloc; /* <= alloc_max */
677 entries = malloced = (ace_t *) malloc (alloc * sizeof (ace_t));
678 if (entries == NULL)
680 errno = ENOMEM;
681 return -1;
683 continue;
685 break;
687 if (count < 0)
689 if (errno == ENOSYS || errno == EINVAL)
691 else
693 int saved_errno = errno;
694 free (malloced);
695 errno = saved_errno;
696 return -1;
699 else if (count == 0)
701 else
703 /* In the old (original Solaris 10) convention:
704 If there are more than 3 entries, there cannot be only the
705 ACE_OWNER, ACE_GROUP, ACE_OTHER entries.
706 In the newer Solaris 10 and Solaris 11 convention:
707 If there are more than 6 entries, there cannot be only the
708 ACE_OWNER, ACE_GROUP, ACE_EVERYONE entries, each once with
709 NEW_ACE_ACCESS_ALLOWED_ACE_TYPE and once with
710 NEW_ACE_ACCESS_DENIED_ACE_TYPE. */
711 if (count > 6)
713 free (malloced);
714 return 1;
717 if (acl_ace_nontrivial (count, entries))
719 free (malloced);
720 return 1;
723 free (malloced);
725 # endif
727 return 0;
728 # endif
730 # elif HAVE_GETACL /* HP-UX */
733 struct acl_entry entries[NACLENTRIES];
734 int count;
736 count = getacl (name, NACLENTRIES, entries);
738 if (count < 0)
740 /* ENOSYS is seen on newer HP-UX versions.
741 EOPNOTSUPP is typically seen on NFS mounts.
742 ENOTSUP was seen on Quantum StorNext file systems (cvfs). */
743 if (errno == ENOSYS || errno == EOPNOTSUPP || errno == ENOTSUP)
745 else
746 return -1;
748 else if (count == 0)
749 return 0;
750 else /* count > 0 */
752 if (count > NACLENTRIES)
753 /* If NACLENTRIES cannot be trusted, use dynamic memory
754 allocation. */
755 abort ();
757 /* If there are more than 3 entries, there cannot be only the
758 (uid,%), (%,gid), (%,%) entries. */
759 if (count > 3)
760 return 1;
763 struct stat statbuf;
765 if (stat (name, &statbuf) < 0)
766 return -1;
768 return acl_nontrivial (count, entries, &statbuf);
773 # if HAVE_ACLV_H /* HP-UX >= 11.11 */
776 struct acl entries[NACLVENTRIES];
777 int count;
779 count = acl ((char *) name, ACL_GET, NACLVENTRIES, entries);
781 if (count < 0)
783 /* EOPNOTSUPP is seen on NFS in HP-UX 11.11, 11.23.
784 EINVAL is seen on NFS in HP-UX 11.31. */
785 if (errno == ENOSYS || errno == EOPNOTSUPP || errno == EINVAL)
787 else
788 return -1;
790 else if (count == 0)
791 return 0;
792 else /* count > 0 */
794 if (count > NACLVENTRIES)
795 /* If NACLVENTRIES cannot be trusted, use dynamic memory
796 allocation. */
797 abort ();
799 /* If there are more than 4 entries, there cannot be only the
800 four base ACL entries. */
801 if (count > 4)
802 return 1;
804 return aclv_nontrivial (count, entries);
808 # endif
810 # elif HAVE_ACLX_GET && defined ACL_AIX_WIP /* AIX */
812 acl_type_t type;
813 char aclbuf[1024];
814 void *acl = aclbuf;
815 size_t aclsize = sizeof (aclbuf);
816 mode_t mode;
818 for (;;)
820 /* The docs say that type being 0 is equivalent to ACL_ANY, but it
821 is not true, in AIX 5.3. */
822 type.u64 = ACL_ANY;
823 if (aclx_get (name, 0, &type, aclbuf, &aclsize, &mode) >= 0)
824 break;
825 if (errno == ENOSYS)
826 return 0;
827 if (errno != ENOSPC)
829 if (acl != aclbuf)
831 int saved_errno = errno;
832 free (acl);
833 errno = saved_errno;
835 return -1;
837 aclsize = 2 * aclsize;
838 if (acl != aclbuf)
839 free (acl);
840 acl = malloc (aclsize);
841 if (acl == NULL)
843 errno = ENOMEM;
844 return -1;
848 if (type.u64 == ACL_AIXC)
850 int result = acl_nontrivial ((struct acl *) acl);
851 if (acl != aclbuf)
852 free (acl);
853 return result;
855 else if (type.u64 == ACL_NFS4)
857 int result = acl_nfs4_nontrivial ((nfs4_acl_int_t *) acl);
858 if (acl != aclbuf)
859 free (acl);
860 return result;
862 else
864 /* A newer type of ACL has been introduced in the system.
865 We should better support it. */
866 if (acl != aclbuf)
867 free (acl);
868 errno = EINVAL;
869 return -1;
872 # elif HAVE_STATACL /* older AIX */
874 union { struct acl a; char room[4096]; } u;
876 if (statacl (name, STX_NORMAL, &u.a, sizeof (u)) < 0)
877 return -1;
879 return acl_nontrivial (&u.a);
881 # elif HAVE_ACLSORT /* NonStop Kernel */
884 struct acl entries[NACLENTRIES];
885 int count;
887 count = acl ((char *) name, ACL_GET, NACLENTRIES, entries);
889 if (count < 0)
891 if (errno == ENOSYS || errno == ENOTSUP)
893 else
894 return -1;
896 else if (count == 0)
897 return 0;
898 else /* count > 0 */
900 if (count > NACLENTRIES)
901 /* If NACLENTRIES cannot be trusted, use dynamic memory
902 allocation. */
903 abort ();
905 /* If there are more than 4 entries, there cannot be only the
906 four base ACL entries. */
907 if (count > 4)
908 return 1;
910 return acl_nontrivial (count, entries);
914 # endif
916 #endif
918 return 0;