diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-12-29 20:47:05 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-12-29 20:47:05 +0000 |
commit | bce6bfbbec294637e0155592caaded654445629a (patch) | |
tree | 985bdae2196acf3128685ad7f46fecd574f00a3f /lib/libc | |
parent | 22c41db3e52c6f1d4dc6adf5207326b1259e119b (diff) | |
download | FreeBSD-src-bce6bfbbec294637e0155592caaded654445629a.zip FreeBSD-src-bce6bfbbec294637e0155592caaded654445629a.tar.gz |
Update libc POSIX.1e code and documentation to reflect:
- Updated copyrights, modified dates
- Remove "BUGS" entry indicating that ACLs are unimplemented
- Implement acl_*_link() library wrapper variants for get, set,
delete, aclvalid.
- Document acl_*_link() calls.
Obtained from: TrustedBSD Project
Diffstat (limited to 'lib/libc')
-rw-r--r-- | lib/libc/posix1e/acl.3 | 21 | ||||
-rw-r--r-- | lib/libc/posix1e/acl_delete.3 | 32 | ||||
-rw-r--r-- | lib/libc/posix1e/acl_delete.c | 17 | ||||
-rw-r--r-- | lib/libc/posix1e/acl_get.3 | 35 | ||||
-rw-r--r-- | lib/libc/posix1e/acl_get.c | 27 | ||||
-rw-r--r-- | lib/libc/posix1e/acl_set.c | 26 | ||||
-rw-r--r-- | lib/libc/posix1e/acl_valid.3 | 26 | ||||
-rw-r--r-- | lib/libc/posix1e/acl_valid.c | 24 |
8 files changed, 164 insertions, 44 deletions
diff --git a/lib/libc/posix1e/acl.3 b/lib/libc/posix1e/acl.3 index 88e5d0b..966f4d1 100644 --- a/lib/libc/posix1e/acl.3 +++ b/lib/libc/posix1e/acl.3 @@ -2,6 +2,8 @@ .\" Copyright (c) 2000, 2001, 2002 Robert N. M. Watson .\" All rights reserved. .\" +.\" This software was developed by Robert Watson for the TrustedBSD Project. +.\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: @@ -25,7 +27,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 28, 2000 +.Dd December 18, 2002 .Dt ACL 3 .Os .Sh NAME @@ -82,8 +84,10 @@ This function is described in and may be used to create an empty entry in an ACL. .It Xo .Fn acl_delete_def_file , +.Fn acl_delete_def_link_np , +.Fn acl_delete_fd_np , .Fn acl_delete_file_np , -.Fn acl_delete_fd_np +.Fn acl_delete_link_np .Xc These functions are described in .Xr acl_delete 3 , @@ -114,9 +118,10 @@ This function is described in .Xr acl_get_entry 3 , and may be used to retrieve a designated ACL entry from an ACL. .It Xo -.Fn acl_get_file , .Fn acl_get_fd , -.Fn acl_get_fd_np +.Fn acl_get_fd_np , +.Fn acl_get_file , +.Fn acl_get_link_np .Xc These functions are described in .Xr acl_get 3 , @@ -138,9 +143,10 @@ This function is described in .Xr acl_init 3 , and may be used to allocate a fresh (empty) ACL structure. .It Xo -.Fn acl_set_file , .Fn acl_set_fd , -.Fn acl_set_fd_np +.Fn acl_set_fd_np , +.Fn acl_set_file , +.Fn acl_set_link_np .Xc These functions are described in .Xr acl_set 3 , @@ -163,8 +169,9 @@ This function is described in and may be used to generate a text-form of a POSIX.1e semantics ACL. .It Xo .Fn acl_valid , +.Fn acl_valid_fd_np , .Fn acl_valid_file_np , -.Fn acl_valid_fd_np +.Fn acl_valid_link_np .Xc These functions are described in .Xr acl_valid 3 , diff --git a/lib/libc/posix1e/acl_delete.3 b/lib/libc/posix1e/acl_delete.3 index b3fb658..41d4a530 100644 --- a/lib/libc/posix1e/acl_delete.3 +++ b/lib/libc/posix1e/acl_delete.3 @@ -1,7 +1,9 @@ .\"- -.\" Copyright (c) 2000 Robert N. M. Watson +.\" Copyright (c) 2000, 2002 Robert N. M. Watson .\" All rights reserved. .\" +.\" This software was developed by Robert Watson for the TrustedBSD Project. +.\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: @@ -25,13 +27,15 @@ .\" .\" $FreeBSD$ .\" -.Dd January 28, 2000 +.Dd December 29, 2002 .Dt ACL_DELETE 3 .Os .Sh NAME .Nm acl_delete_def_file , +.Nm acl_delete_def_link_np , .Nm acl_delete_fd_np , .Nm acl_delete_file_np +.Nm acl_delete_link_np .Nd delete an ACL from a file .Sh LIBRARY .Lb libc @@ -41,23 +45,35 @@ .Ft int .Fn acl_delete_def_file "const char *path_p" .Ft int -.Fn acl_delete_file_np "const char *path_p" "acl_type_t type" +.Fn acl_delete_def_link_np "const char *path_p" .Ft int .Fn acl_delete_fd_np "int filedes" "acl_type_t type" +.Ft int +.Fn acl_delete_file_np "const char *path_p" "acl_type_t type" +.Ft int +.Fn acl_delete_link_np "const char *path_p" "acl_type_t type" .Sh DESCRIPTION The .Fn acl_delete_def_file , +.Fn acl_delete_def_link_np , +.Fn acl_delete_fd_np , .Fn acl_delete_file_np , and -.Fn acl_delete_fd_np +.Fn acl_delete_link_np each allow the deletion of an ACL from a file. The .Fn acl_delete_def_file function is a POSIX.1e call that deletes the default ACL from a file (normally a -directory) by name; the other two calls are non-portable extensions that -allow deleting of arbitrary ACL types from a file/directory by either path -name, or by file descriptor. +directory) by name; the remainder of the calls are non-portable extensions +that permit the deletion of arbitrary ACL types from a file/directory +either by path name or file descriptor. +The +.Fn _file +variations follow a symlink if it occurs in the last segment of the +path name; the +.Fn _linke +variations operate on the symlink itself. .Sh IMPLEMENTATION NOTES .Fx Ns 's support for POSIX.1e interfaces and features is still under @@ -120,5 +136,3 @@ POSIX.1e support was introduced in and development continues. .Sh AUTHORS .An Robert N M Watson -.Sh BUGS -These features are not yet fully implemented. diff --git a/lib/libc/posix1e/acl_delete.c b/lib/libc/posix1e/acl_delete.c index fc929c4..a93cd7b 100644 --- a/lib/libc/posix1e/acl_delete.c +++ b/lib/libc/posix1e/acl_delete.c @@ -1,7 +1,9 @@ /*- - * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson + * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson * All rights reserved. * + * This software was developed by Robert Watson for the TrustedBSD Project. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -43,6 +45,12 @@ acl_delete_def_file(const char *path_p) return (__acl_delete_file(path_p, ACL_TYPE_DEFAULT)); } +int +acl_delete_def_link_np(const char *path_p) +{ + + return (__acl_delete_link(path_p, ACL_TYPE_DEFAULT)); +} int acl_delete_file_np(const char *path_p, acl_type_t type) @@ -51,6 +59,13 @@ acl_delete_file_np(const char *path_p, acl_type_t type) return (__acl_delete_file(path_p, type)); } +int +acl_delete_link_np(const char *path_p, acl_type_t type) +{ + + return (__acl_delete_link(path_p, type)); +} + int acl_delete_fd_np(int filedes, acl_type_t type) diff --git a/lib/libc/posix1e/acl_get.3 b/lib/libc/posix1e/acl_get.3 index 4ca86b5..e39c0a4 100644 --- a/lib/libc/posix1e/acl_get.3 +++ b/lib/libc/posix1e/acl_get.3 @@ -1,7 +1,9 @@ .\"- -.\" Copyright (c) 2000 Robert N. M. Watson +.\" Copyright (c) 2000, 2002 Robert N. M. Watson .\" All rights reserved. .\" +.\" This software was developed by Robert Watson for the TrustedBSD Project. +.\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: @@ -25,13 +27,14 @@ .\" .\" $FreeBSD$ .\" -.Dd January 28, 2000 +.Dd December 29, 2002 .Dt ACL_GET 3 .Os .Sh NAME .Nm acl_get_fd , .Nm acl_get_fd_np , -.Nm acl_get_file +.Nm acl_get_file , +.Nm acl_get_link_np .Nd get an ACL for a file .Sh LIBRARY .Lb libc @@ -39,23 +42,21 @@ .In sys/types.h .In sys/acl.h .Ft acl_t -.Fn acl_get_file "const char *path_p" "acl_type_t type" -.Ft acl_t .Fn acl_get_fd "int fd" .Ft acl_t .Fn acl_get_fd_np "int fd" "acl_type_t type" +.Ft acl_t +.Fn acl_get_file "const char *path_p" "acl_type_t type" +.Ft acl_t +.Fn acl_get_link_np "const char *path_p" "acl_type_t type" .Sh DESCRIPTION The -.Fn acl_get_file , .Fn acl_get_fd , -and +.Fn acl_get_file , +.Fn acl_get_link_np , .Fn acl_get_fd_np each allow the retrieval of an ACL from a file. The -.Fn acl_get_file -function -is a POSIX.1e call that allows the retrieval of a -specified type of ACL from a file by name; .Fn acl_get_fd is a POSIX.1e call that allows the retrieval of an ACL of type ACL_TYPE_ACCESS @@ -66,8 +67,16 @@ function is a non-portable form of .Fn acl_get_fd that allows the retrieval of any type of ACL from a file descriptor. +.Fn acl_get_file +is a POSIX.1e call that allows the retrieval of a +specified type of ACL from a file by name; +.Fn acl_get_link_np +is a non-portable variation on +.Fn acl_get_file +which does not follow a symlink if the target of the call is a +symlink. .Pp -This function may cause memory to be allocated. The caller should free +These functions may cause memory to be allocated. The caller should free any releasable memory, when the new ACL is no longer required, by calling .Xr acl_free 3 with the @@ -139,5 +148,3 @@ POSIX.1e support was introduced in and development continues. .Sh AUTHORS .An Robert N M Watson -.Sh BUGS -These features are not yet fully implemented. diff --git a/lib/libc/posix1e/acl_get.c b/lib/libc/posix1e/acl_get.c index 87a51dd..1f97baa 100644 --- a/lib/libc/posix1e/acl_get.c +++ b/lib/libc/posix1e/acl_get.c @@ -1,7 +1,9 @@ /*- - * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson + * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson * All rights reserved. * + * This software was developed by Robert Watson for the TrustedBSD Project. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -24,9 +26,11 @@ * SUCH DAMAGE. */ /* - * acl_get_file - syscall wrapper for retrieving ACL by filename * acl_get_fd - syscall wrapper for retrieving access ACL by fd * acl_get_fd_np - syscall wrapper for retrieving ACL by fd (non-POSIX) + * acl_get_file - syscall wrapper for retrieving ACL by filename + * acl_get_link_np - syscall wrapper for retrieving ACL by filename (NOFOLLOW) + * (non-POSIX) * acl_get_perm_np() checks if a permission is in the specified * permset (non-POSIX) * acl_get_permset() returns the permission set in the ACL entry @@ -66,6 +70,25 @@ acl_get_file(const char *path_p, acl_type_t type) } acl_t +acl_get_link_np(const char *path_p, acl_type_t type) +{ + acl_t aclp; + int error; + + aclp = acl_init(ACL_MAX_ENTRIES); + if (aclp == NULL) + return (NULL); + + error = __acl_get_link(path_p, type, &aclp->ats_acl); + if (error) { + acl_free(aclp); + return (NULL); + } + + return (aclp); +} + +acl_t acl_get_fd(int fd) { acl_t aclp; diff --git a/lib/libc/posix1e/acl_set.c b/lib/libc/posix1e/acl_set.c index b9e6860..34d5a33 100644 --- a/lib/libc/posix1e/acl_set.c +++ b/lib/libc/posix1e/acl_set.c @@ -1,7 +1,9 @@ /*- - * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson + * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson * All rights reserved. * + * This software was developed by Robert Watson for the TrustedBSD Project. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -70,6 +72,28 @@ acl_set_file(const char *path_p, acl_type_t type, acl_t acl) } int +acl_set_link_np(const char *path_p, acl_type_t type, acl_t acl) +{ + int error; + + if (acl == NULL || path_p == NULL) { + errno = EINVAL; + return (-1); + } + if (_posix1e_acl(acl, type)) { + error = _posix1e_acl_sort(acl); + if (error) { + errno = error; + return (-1); + } + } + + acl->ats_cur_entry = 0; + + return (__acl_set_link(path_p, type, &acl->ats_acl)); +} + +int acl_set_fd(int fd, acl_t acl) { int error; diff --git a/lib/libc/posix1e/acl_valid.3 b/lib/libc/posix1e/acl_valid.3 index 6e1b3d9..3d47da5 100644 --- a/lib/libc/posix1e/acl_valid.3 +++ b/lib/libc/posix1e/acl_valid.3 @@ -1,7 +1,9 @@ .\"- -.\" Copyright (c) 2000 Robert N. M. Watson +.\" Copyright (c) 2000, 2002 Robert N. M. Watson .\" All rights reserved. .\" +.\" This software was developed by Robert Watson for the TrustedBSD Project. +.\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: @@ -25,13 +27,14 @@ .\" .\" $FreeBSD$ .\" -.Dd January 28, 2000 +.Dd December 29, 2002 .Dt ACL_VALID 3 .Os .Sh NAME .Nm acl_valid , .Nm acl_valid_fd_np , -.Nm acl_valid_file_np +.Nm acl_valid_file_np , +.Nm acl_valid_link_np .Nd validate an ACL .Sh LIBRARY .Lb libc @@ -44,6 +47,8 @@ .Fn acl_valid_fd_np "int fd" "acl_type_t type" "acl_t acl" .Ft int .Fn acl_valid_file_np "const char *path_p" "acl_type_t type" "acl_t acl" +.Ft int +.Fn acl_valid_link_np "const char *path_p" "acl_type_t type" "acl_t acl" .Sh DESCRIPTION These functions check that the ACL referred to by the argument .Va acl @@ -51,13 +56,20 @@ is valid. The POSIX.1e routine, .Fn acl_valid , checks this validity only with POSIX.1e ACL semantics, and irrespective of the context in which the ACL is to be used. The non-portable forms, -.Fn acl_valid_fd_np -and +.Fn acl_valid_fd_np , .Fn acl_valid_file_np , +and +.Fn acl_valid_link_np allow an ACL to be checked in the context of a specific acl type, .Va type , -and file system object. In environments where additional ACL types are +and file system object. +In environments where additional ACL types are supported than just POSIX.1e, this makes more sense. +Whereas +.Fn acl_valid_file_np +will follow the symlink if the specified path is to a symlink, +.Fn acl_valid_link_np +will not. .Pp For POSIX.1e semantics, the checks include: .Bd -literal -offset indent @@ -140,5 +152,3 @@ POSIX.1e support was introduced in and development continues. .Sh AUTHORS .An Robert N M Watson -.Sh BUGS -These features are not yet fully implemented. diff --git a/lib/libc/posix1e/acl_valid.c b/lib/libc/posix1e/acl_valid.c index 179e47e..9b1f9b9 100644 --- a/lib/libc/posix1e/acl_valid.c +++ b/lib/libc/posix1e/acl_valid.c @@ -1,7 +1,9 @@ /*- - * Copyright (c) 1999, 2000, 20001 Robert N. M. Watson + * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson * All rights reserved. * + * This software was developed by Robert Watson for the TrustedBSD Project. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -70,7 +72,6 @@ acl_valid(acl_t acl) } } - int acl_valid_file_np(const char *pathp, acl_type_t type, acl_t acl) { @@ -91,6 +92,25 @@ acl_valid_file_np(const char *pathp, acl_type_t type, acl_t acl) return (__acl_aclcheck_file(pathp, type, &acl->ats_acl)); } +int +acl_valid_link_np(const char *pathp, acl_type_t type, acl_t acl) +{ + int error; + + if (pathp == NULL || acl == NULL) { + errno = EINVAL; + return (-1); + } + if (_posix1e_acl(acl, type)) { + error = _posix1e_acl_sort(acl); + if (error) { + errno = error; + return (-1); + } + } + + return (__acl_aclcheck_link(pathp, type, &acl->ats_acl)); +} int acl_valid_fd_np(int fd, acl_type_t type, acl_t acl) |