Add acl_get_perm_np(3), a non-portable function to check if a

permission is in a permission set, required for third-party
applications such as Samba.

Reviewed by:	rwatson
Obtained from:	TrustedBSD Project

4 files changed, 115 insertions, 0 deletions

diff --git a/lib/libc/posix1e/Makefile.inc b/lib/libc/posix1e/Makefile.inc
index af24156..d6f51fe 100644
--- a/lib/libc/posix1e/Makefile.inc
+++ b/lib/libc/posix1e/Makefile.inc
@@ -48,6 +48,7 @@ MAN+=	acl.3				\
 	acl_from_text.3			\
 	acl_get.3			\
 	acl_get_permset.3		\
+	acl_get_perm_np.3		\
 	acl_get_qualifier.3		\
 	acl_get_tag_type.3		\
 	acl_init.3			\
diff --git a/lib/libc/posix1e/acl_get.c b/lib/libc/posix1e/acl_get.c
index 2d5ebff..3388041 100644
--- a/lib/libc/posix1e/acl_get.c
+++ b/lib/libc/posix1e/acl_get.c
@@ -29,6 +29,8 @@
  * acl_get_file - syscall wrapper for retrieving ACL by filename
  * acl_get_fd - syscall wrapper for retrieving access ACL by fd
  * acl_get_fd_np - syscall wrapper for retrieving ACL by fd (non-POSIX)
+ * acl_get_perm_np() checks if a permission is in the specified
+ *                   permset (non-POSIX)
  * acl_get_permset() returns the permission set in the ACL entry
  * acl_get_qualifier() retrieves the qualifier of the tag from the ACL entry
  * acl_get_tag_type() returns the tag type for the ACL entry entry_d
@@ -104,6 +106,25 @@ acl_get_fd_np(int fd, acl_type_t type)
 }
 
 int
+acl_get_perm_np(acl_permset_t permset_d, acl_perm_t perm)
+{
+
+	switch(perm) {
+	case ACL_READ:
+	case ACL_WRITE:
+	case ACL_EXECUTE:
+		if (*permset_d & perm)
+			return 1;
+		break;
+	default:
+		errno = EINVAL;
+		return -1;
+	}
+
+	return 0;
+}
+
+int
 acl_get_permset(acl_entry_t entry_d, acl_permset_t *permset_p)
 {
 
diff --git a/lib/libc/posix1e/acl_get_perm_np.3 b/lib/libc/posix1e/acl_get_perm_np.3
new file mode 100644
index 0000000..10b0cd1
--- /dev/null
+++ b/lib/libc/posix1e/acl_get_perm_np.3
@@ -0,0 +1,92 @@
+.\"-
+.\" Copyright (c) 2001 Chris D. Faulhaber
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
+.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd April 10, 2001
+.Dt ACL_GET_PERM_NP 3
+.Os
+.Sh NAME
+.Nm acl_get_perm_np
+.Nd check if a permission is set in a permission set
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.Fd #include <sys/types.h>
+.Fd #include <sys/acl.h>
+.Ft int
+.Fn acl_get_perm_np "acl_permset_t permset_d" "acl_perm_t perm"
+.Sh DESCRIPTION
+.Fn acl_get_perm_np
+is a non-portable function that checks if a permission is set in
+a permission set.
+.Sh RETURN VALUES
+If the permission in
+.Fa perm
+is set in the permission set
+.Fa permset_d ,
+a value of
+.Va 1
+is returned, otherwise a value of
+.Va 0
+is returned.
+.Sh ERRORS
+If any of the following conditions occur, the
+.Fn acl_get_perm_np
+function will return a value of
+.Va -1
+and set
+.Va errno
+to the corresponding value:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+Argument
+.Fa perm
+does not contain a valid ACL permission or argument
+.Fa permset_d
+is not a valid ACL permset.
+.El
+.Sh SEE ALSO
+.Xr acl 3 ,
+.Xr acl_add_perm 3 ,
+.Xr acl_clear_perms 3 ,
+.Xr acl_delete_perm 3 ,
+.Xr acl_get_permset 3 ,
+.Xr acl_set_permset 3 ,
+.Xr posix1e 3
+.Sh STANDARDS
+POSIX.1e is described in IEEE POSIX.1e draft 17.
+.Sh HISTORY
+POSIX.1e support was introduced in
+.Fx 4.0 .
+The
+.Fn acl_get_perm_np
+function was added in
+.Fx 5.0 .
+.Sh AUTHORS
+The
+.Fn acl_get_perm_np
+function was written by
+.An Chris D. Faulhaber Aq jedgar@fxp.org .
diff --git a/sys/sys/acl.h b/sys/sys/acl.h
index ed49aa6..a16e666 100644
--- a/sys/sys/acl.h
+++ b/sys/sys/acl.h
@@ -167,6 +167,7 @@ acl_t	acl_get_fd(int _fd);
 acl_t	acl_get_fd_np(int fd, acl_type_t _type);
 acl_t	acl_get_file(const char *_path_p, acl_type_t _type);
 void	*acl_get_qualifier(acl_entry_t _entry_d);
+int	acl_get_perm_np(acl_permset_t _permset_d, acl_perm_t _perm);
 int	acl_get_permset(acl_entry_t _entry_d, acl_permset_t *_permset_p);
 int	acl_get_tag_type(acl_entry_t _entry_d, acl_tag_t *_tag_type_p);
 acl_t	acl_init(int _count);