Add the following POSIX 1003.1e functions and man pages:

  o acl_calc_mask(): calculates the ACL mask entry associated with
    the given ACL.
  o acl_delete_entry(): remove a specified ACL entry from the given
    ACL.

Approved by:	rwatson

5 files changed, 375 insertions, 1 deletions

diff --git a/lib/libc/posix1e/Makefile b/lib/libc/posix1e/Makefile
index 3a1afd6..64fc668 100644
--- a/lib/libc/posix1e/Makefile
+++ b/lib/libc/posix1e/Makefile
@@ -4,7 +4,9 @@ MAINTAINER=	rwatson@FreeBSD.org
 LIB=	posix1e
 SHLIB_MAJOR= 2 
 SHLIB_MINOR= 0
-SRCS+=	acl_delete.c			\
+SRCS+=	acl_calc_mask.c			\
+	acl_delete.c			\
+	acl_delete_entry.c		\
 	acl_free.c			\
 	acl_from_text.c			\
 	acl_get.c			\
@@ -29,7 +31,9 @@ SRCS+=	acl_delete.c			\
 
 
 MAN3=	acl.3				\
+	acl_calc_mask.3			\
 	acl_delete.3			\
+	acl_delete_entry.3		\
 	acl_dup.3			\
 	acl_free.3			\
 	acl_from_text.3			\
diff --git a/lib/libc/posix1e/acl_calc_mask.3 b/lib/libc/posix1e/acl_calc_mask.3
new file mode 100644
index 0000000..2e0486e
--- /dev/null
+++ b/lib/libc/posix1e/acl_calc_mask.3
@@ -0,0 +1,98 @@
+.\"-
+.\" Copyright (c) 2001 Chris D. Faulhaber
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
+.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd March 10, 2001
+.Dt ACL_CALC_MASK 3
+.Os
+.Sh NAME
+.Nm acl_calc_mask
+.Nd Calculate and set ACL mask permissions
+.Sh LIBRARY
+.Lb libposix1e
+.Sh SYNOPSIS
+.Fd #include <sys/types.h>
+.Fd #include <sys/acl.h>
+.Ft int
+.Fn acl_calc_mask "acl_t *acl_p"
+.Sh DESCRIPTION
+.Fn acl_calc_mask
+is a POSIX.1e call that calculates and set the permissions
+associated with the ACL_MASK ACL entry of the ACL referred to by
+.Ar acl_p .
+.Pp
+The value of new permissions are the union of the permissions
+granted by the ACL_GROUP, ACL_GROUP_OBJ, ACL_USER tag types which
+match processes in the file group class contained in the ACL
+referred to by
+.Ar acl_p .
+.Pp
+If the ACL referred to by
+.Ar acl_p
+already contains an ACL_MASK entry, its permissions shall be
+overwritten; if it does not contain an ACL_MASK entry, one shall
+be added.
+.Sh RETURN VALUES
+Upon successful completion, the function shall return a value of
+.Va 0 .
+Otherwise, a value of
+.Va -1
+shall be returned, and
+.Va errno
+shall be set to indicate the error.
+.Sh ERRORS
+If the following condition occurs, the
+.Fn acl_calc_mask
+function shall return a value of
+.Va -1
+and set
+.Va errno
+to the corresponding value:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+Argument
+.Ar acl_p
+does not point to a pointer to a valid ACL.
+.El
+.Sh SEE ALSO
+.Xr acl 3 ,
+.Xr acl_get_entry 3 ,
+.Xr acl_valid 3 ,
+.Xr posix1e 3
+.Sh STANDARDS
+POSIX.1e is described in IEEE POSIX.1e draft 17.
+.Sh HISTORY
+POSIX.1e support was introduced in
+.Fx 4.0 .
+The
+.Fn acl_calc_mask
+function was added in
+.Fx 5.0 .
+.Sh AUTHORS
+The
+.Fn acl_calc_mask
+function was written by
+.An Chris D. Faulhaber Aq jedgar@fxp.org .
diff --git a/lib/libc/posix1e/acl_calc_mask.c b/lib/libc/posix1e/acl_calc_mask.c
new file mode 100644
index 0000000..ebacb02
--- /dev/null
+++ b/lib/libc/posix1e/acl_calc_mask.c
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2001 Chris D. Faulhaber
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/types.h>
+#include <sys/acl.h>
+
+#include <errno.h>
+
+/*
+ * acl_calc_mask() calculates and set the permissions associated
+ * with the ACL_MASK ACL entry.  If the ACL already contains an
+ * ACL_MASK entry, its permissions shall be overwritten; if not,
+ * one shall be added.
+ */
+int
+acl_calc_mask(acl_t *acl_p)
+{
+	acl_t acl_new;
+	int group_obj, i, mask_mode, mask_num, other_obj, user_obj;
+
+	/* check args */
+	if (!acl_p || !*acl_p || ((*acl_p)->acl_cnt < 3) ||
+	    ((*acl_p)->acl_cnt > ACL_MAX_ENTRIES)) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	acl_new = acl_dup(*acl_p);
+	if (!acl_new)
+		return -1;
+
+	user_obj = group_obj = other_obj = mask_mode = 0;
+	mask_num = -1;
+
+	/* gather permissions and find a mask entry */
+	for (i = 0; i < acl_new->acl_cnt; i++) {
+		switch(acl_new->acl_entry[i].ae_tag) {
+		case ACL_USER_OBJ:
+			user_obj++;
+			break;
+		case ACL_OTHER:
+			other_obj++;
+			break;
+		case ACL_GROUP_OBJ:
+			group_obj++;
+			/* FALLTHROUGH */
+		case ACL_GROUP:
+		case ACL_USER:
+			mask_mode |=
+			    acl_new->acl_entry[i].ae_perm & ACL_PERM_BITS;
+			break;
+		case ACL_MASK:
+			mask_num = i;
+			break;
+		default:
+			errno = EINVAL;
+			acl_free(acl_new);
+			return -1;
+			/* NOTREACHED */
+		}
+	}
+	if ((user_obj != 1) || (group_obj != 1) || (other_obj != 1)) {
+		errno = EINVAL;
+		acl_free(acl_new);
+		return -1;
+	}
+	/* if a mask entry already exists, overwrite the perms */
+	if (mask_num != -1) {
+		acl_new->acl_entry[mask_num].ae_perm = mask_mode;
+	} else {
+		/* if no mask exists, check acl_cnt... */
+		if (acl_new->acl_cnt == ACL_MAX_ENTRIES) {
+			errno = EINVAL;
+			acl_free(acl_new);
+			return -1;
+		}
+		/* ...and add the mask entry */
+		acl_new->acl_entry[acl_new->acl_cnt].ae_tag  = ACL_MASK;
+		acl_new->acl_entry[acl_new->acl_cnt].ae_id   = 0;
+		acl_new->acl_entry[acl_new->acl_cnt].ae_perm = mask_mode;
+		acl_new->acl_cnt++;
+	}
+
+	if (acl_valid(acl_new) == -1) {
+		errno = EINVAL;
+		acl_free(acl_new);
+		return -1;
+	}
+
+	**acl_p = *acl_new;
+	acl_free(acl_new);
+
+	return 0;
+}
diff --git a/lib/libc/posix1e/acl_delete_entry.3 b/lib/libc/posix1e/acl_delete_entry.3
new file mode 100644
index 0000000..256498c
--- /dev/null
+++ b/lib/libc/posix1e/acl_delete_entry.3
@@ -0,0 +1,90 @@
+.\"-
+.\" Copyright (c) 2001 Chris D. Faulhaber
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
+.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd March 10, 2001
+.Dt ACL_DELETE_ENTRY 3
+.Os
+.Sh NAME
+.Nm acl_delete_entry
+.Nd Delete an ACL entry from an ACL
+.Sh LIBRARY
+.Lb libposix1e
+.Sh SYNOPSIS
+.Fd #include <sys/types.h>
+.Fd #include <sys/acl.h>
+.Ft int
+.Fn acl_delete_entry "acl_t acl" "acl_entry_t entry_d"
+.Sh DESCRIPTION
+.Fn acl_delete_entry
+is a POSIX.1e call that removes the ACL entry
+.Ar entry_d
+from ACL
+.Ar acl .
+.Sh RETURN VALUES
+Upon successful completion, the function shall return a value of
+.Va 0 .
+Otherwise, a value of
+.Va -1
+shall be returned, and
+.Va errno
+shall be set to indicate the error.
+.Sh ERRORS
+If the following condition occurs, the
+.Fn acl_delete_entry
+function shall return a value of
+.Va -1
+and set
+.Va errno
+to the corresponding value:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+Argument
+.Ar acl
+does not point to a valid ACL.  Argument
+.Ar entry_d
+is not a valid descriptor for an ACL entry in
+.Ar acl .
+.El
+.Sh SEE ALSO
+.Xr acl 3 ,
+.Xr acl_copy_entry 3 ,
+.Xr acl_get_entry 3 ,
+.Xr posix1e 3
+.Sh STANDARDS
+POSIX.1e is described in IEEE POSIX.1e draft 17.
+.Sh HISTORY
+POSIX.1e support was introduced in
+.Fx 4.0 .
+The
+.Fn acl_delete_entry
+function was added in
+.Fx 5.0 .
+.Sh AUTHORS
+The
+.Fn acl_delete_entry
+function was written by
+.An Chris D. Faulhaber Aq jedgar@fxp.org .
diff --git a/lib/libc/posix1e/acl_delete_entry.c b/lib/libc/posix1e/acl_delete_entry.c
new file mode 100644
index 0000000..d1f25d2
--- /dev/null
+++ b/lib/libc/posix1e/acl_delete_entry.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2001 Chris D. Faulhaber
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+/* acl_delete_entry() - delete an ACL entry from an ACL */
+
+#include <sys/types.h>
+#include <sys/acl.h>
+#include <errno.h>
+#include <string.h>
+
+int
+acl_delete_entry(acl_t acl, acl_entry_t entry_d)
+{
+	int i;
+
+	if (!acl || !entry_d || (acl->acl_cnt < 1) ||
+	    (acl->acl_cnt > ACL_MAX_ENTRIES)) {
+		errno = EINVAL;
+		return -1;
+	}
+	for (i = 0; i < acl->acl_cnt; i++) {
+		/* if this is our entry... */
+		if ((acl->acl_entry[i].ae_tag == entry_d->ae_tag) &&
+		    (acl->acl_entry[i].ae_id == entry_d->ae_id)) {
+			/* ...shift the remaining entries... */
+			while (i < acl->acl_cnt - 1)
+				acl->acl_entry[i] = acl->acl_entry[++i];
+			/* ...drop the count and zero the unused entry... */
+			acl->acl_cnt--;
+			bzero(&acl->acl_entry[i], sizeof(struct acl_entry));
+			return 0;
+		}
+	}
+
+
+	errno = EINVAL;
+	return -1;
+}