diff options
author | trasz <trasz@FreeBSD.org> | 2009-06-25 12:46:59 +0000 |
---|---|---|
committer | trasz <trasz@FreeBSD.org> | 2009-06-25 12:46:59 +0000 |
commit | ff2751123334f5d80faa47567304d59aed236eba (patch) | |
tree | 2ef84b1a3d387c8edf2b81194552ad8337bd003b /lib/libc/posix1e/acl_set.c | |
parent | 9a27798fa1cde67ed249d166ee358fee1a684179 (diff) | |
download | FreeBSD-src-ff2751123334f5d80faa47567304d59aed236eba.zip FreeBSD-src-ff2751123334f5d80faa47567304d59aed236eba.tar.gz |
Add NFSv4 ACL support to libc.
This adds the following functions to the acl(3) API: acl_add_flag_np,
acl_clear_flags_np, acl_create_entry_np, acl_delete_entry_np,
acl_delete_flag_np, acl_get_extended_np, acl_get_flag_np, acl_get_flagset_np,
acl_set_extended_np, acl_set_flagset_np, acl_to_text_np, acl_is_trivial_np,
acl_strip_np, acl_get_brand_np. Most of them are similar to what Darwin
does. There are no backward-incompatible changes.
Approved by: rwatson@
Diffstat (limited to 'lib/libc/posix1e/acl_set.c')
-rw-r--r-- | lib/libc/posix1e/acl_set.c | 89 |
1 files changed, 79 insertions, 10 deletions
diff --git a/lib/libc/posix1e/acl_set.c b/lib/libc/posix1e/acl_set.c index 8abbe1b..7086c4b 100644 --- a/lib/libc/posix1e/acl_set.c +++ b/lib/libc/posix1e/acl_set.c @@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$"); #include <errno.h> #include <stdlib.h> #include <string.h> +#include <unistd.h> #include "acl_support.h" @@ -59,6 +60,10 @@ acl_set_file(const char *path_p, acl_type_t type, acl_t acl) return (-1); } type = _acl_type_unold(type); + if (_acl_type_not_valid_for_acl(acl, type)) { + errno = EINVAL; + return (-1); + } if (_posix1e_acl(acl, type)) { error = _posix1e_acl_sort(acl); if (error) { @@ -82,6 +87,10 @@ acl_set_link_np(const char *path_p, acl_type_t type, acl_t acl) return (-1); } type = _acl_type_unold(type); + if (_acl_type_not_valid_for_acl(acl, type)) { + errno = EINVAL; + return (-1); + } if (_posix1e_acl(acl, type)) { error = _posix1e_acl_sort(acl); if (error) { @@ -98,17 +107,11 @@ acl_set_link_np(const char *path_p, acl_type_t type, acl_t acl) int acl_set_fd(int fd, acl_t acl) { - int error; - error = _posix1e_acl_sort(acl); - if (error) { - errno = error; - return(-1); - } - - acl->ats_cur_entry = 0; + if (fpathconf(fd, _PC_ACL_NFS4)) + return (acl_set_fd_np(fd, acl, ACL_TYPE_NFS4)); - return (___acl_set_fd(fd, ACL_TYPE_ACCESS, &acl->ats_acl)); + return (acl_set_fd_np(fd, acl, ACL_TYPE_ACCESS)); } int @@ -116,7 +119,15 @@ acl_set_fd_np(int fd, acl_t acl, acl_type_t type) { int error; + if (acl == NULL) { + errno = EINVAL; + return (-1); + } type = _acl_type_unold(type); + if (_acl_type_not_valid_for_acl(acl, type)) { + errno = EINVAL; + return (-1); + } if (_posix1e_acl(acl, type)) { error = _posix1e_acl_sort(acl); if (error) { @@ -143,6 +154,18 @@ acl_set_permset(acl_entry_t entry_d, acl_permset_t permset_d) return (-1); } + if ((*permset_d & ACL_POSIX1E_BITS) != *permset_d) { + if ((*permset_d & ACL_NFS4_PERM_BITS) != *permset_d) { + errno = EINVAL; + return (-1); + } + if (!_entry_brand_may_be(entry_d, ACL_BRAND_NFS4)) { + errno = EINVAL; + return (-1); + } + _entry_brand_as(entry_d, ACL_BRAND_NFS4); + } + entry_d->ae_perm = *permset_d; return (0); @@ -155,11 +178,11 @@ acl_set_permset(acl_entry_t entry_d, acl_permset_t permset_d) int acl_set_qualifier(acl_entry_t entry_d, const void *tag_qualifier_p) { + if (!entry_d || !tag_qualifier_p) { errno = EINVAL; return (-1); } - switch(entry_d->ae_tag) { case ACL_USER: case ACL_GROUP: @@ -187,12 +210,31 @@ acl_set_tag_type(acl_entry_t entry_d, acl_tag_t tag_type) } switch(tag_type) { + case ACL_OTHER: + case ACL_MASK: + if (!_entry_brand_may_be(entry_d, ACL_BRAND_POSIX)) { + errno = EINVAL; + return (-1); + } + _entry_brand_as(entry_d, ACL_BRAND_POSIX); + break; + case ACL_EVERYONE: + if (!_entry_brand_may_be(entry_d, ACL_BRAND_NFS4)) { + errno = EINVAL; + return (-1); + } + _entry_brand_as(entry_d, ACL_BRAND_NFS4); + break; + } + + switch(tag_type) { case ACL_USER_OBJ: case ACL_USER: case ACL_GROUP_OBJ: case ACL_GROUP: case ACL_MASK: case ACL_OTHER: + case ACL_EVERYONE: entry_d->ae_tag = tag_type; return (0); } @@ -200,3 +242,30 @@ acl_set_tag_type(acl_entry_t entry_d, acl_tag_t tag_type) errno = EINVAL; return (-1); } + +int +acl_set_entry_type_np(acl_entry_t entry_d, acl_entry_type_t entry_type) +{ + + if (entry_d == NULL) { + errno = EINVAL; + return (-1); + } + if (!_entry_brand_may_be(entry_d, ACL_BRAND_NFS4)) { + errno = EINVAL; + return (-1); + } + _entry_brand_as(entry_d, ACL_BRAND_NFS4); + + switch (entry_type) { + case ACL_ENTRY_TYPE_ALLOW: + case ACL_ENTRY_TYPE_DENY: + case ACL_ENTRY_TYPE_AUDIT: + case ACL_ENTRY_TYPE_ALARM: + entry_d->ae_entry_type = entry_type; + return (0); + } + + errno = EINVAL; + return (-1); +} |