diff options
| author | jedgar <jedgar@FreeBSD.org> | 2001-04-24 22:45:41 +0000 |
|---|---|---|
| committer | jedgar <jedgar@FreeBSD.org> | 2001-04-24 22:45:41 +0000 |
| commit | 2da23531d99e45f34811fd6982a681112de0e182 (patch) | |
| tree | 0b8830fcccafadf6607f3658e96733124ef8617d /lib | |
| parent | ecbf3eacd9a17a3a9b238e2fa65b2d33d85e8d1f (diff) | |
| download | FreeBSD-src-2da23531d99e45f34811fd6982a681112de0e182.zip FreeBSD-src-2da23531d99e45f34811fd6982a681112de0e182.tar.gz | |
o Separate acl_t into internal and external representations as
required by POSIX.1e. This maintains the current 'struct acl'
in the kernel while providing the generic external acl_t
interface required to complete the ACL editing library.
o Add the acl_get_entry() function.
o Convert the existing ACL utilities, getfacl and setfacl, to
fully make use of the ACL editing library.
Obtained from: TrustedBSD Project
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/posix1e/Makefile.inc | 1 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_calc_mask.c | 83 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_copy.c | 2 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_delete_entry.c | 35 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_entry.c | 44 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_free.c | 10 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_from_text.c | 14 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_get.c | 37 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_get_entry.3 | 139 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_init.c | 17 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_perm.c | 40 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_set.c | 14 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_support.c | 25 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_support.h | 2 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_to_text.c | 35 | ||||
| -rw-r--r-- | lib/libc/posix1e/acl_valid.c | 7 |
16 files changed, 373 insertions, 132 deletions
diff --git a/lib/libc/posix1e/Makefile.inc b/lib/libc/posix1e/Makefile.inc index d6f51fe..d7b4faa 100644 --- a/lib/libc/posix1e/Makefile.inc +++ b/lib/libc/posix1e/Makefile.inc @@ -47,6 +47,7 @@ MAN+= acl.3 \ acl_free.3 \ acl_from_text.3 \ acl_get.3 \ + acl_get_entry.3 \ acl_get_permset.3 \ acl_get_perm_np.3 \ acl_get_qualifier.3 \ diff --git a/lib/libc/posix1e/acl_calc_mask.c b/lib/libc/posix1e/acl_calc_mask.c index d9d9322..90fe224 100644 --- a/lib/libc/posix1e/acl_calc_mask.c +++ b/lib/libc/posix1e/acl_calc_mask.c @@ -32,22 +32,34 @@ #include "un-namespace.h" #include <errno.h> +#include <stdio.h> /* - * acl_calc_mask() calculates and set the permissions associated - * with the ACL_MASK ACL entry. If the ACL already contains an - * ACL_MASK entry, its permissions shall be overwritten; if not, - * one shall be added. + * acl_calc_mask() (23.4.2): calculate and set the permissions + * associated with the ACL_MASK ACL entry. If the ACL already + * contains an ACL_MASK entry, its permissions shall be + * overwritten; if not, one shall be added. */ int acl_calc_mask(acl_t *acl_p) { - acl_t acl_new; - int group_obj, i, mask_mode, mask_num, other_obj, user_obj; + struct acl *acl_int, *acl_int_new; + acl_t acl_new; + int i, mask_mode, mask_num; - /* check args */ - if (!acl_p || !*acl_p || ((*acl_p)->acl_cnt < 3) || - ((*acl_p)->acl_cnt > ACL_MAX_ENTRIES)) { + /* + * (23.4.2.4) requires acl_p to point to a pointer to a valid ACL. + * Since one of the primary reasons to use this function would be + * to calculate the appropriate mask to obtain a valid ACL, we only + * perform sanity checks here and validate the ACL prior to + * returning. + */ + if (!acl_p || !*acl_p) { + errno = EINVAL; + return -1; + } + acl_int = &(*acl_p)->ats_acl; + if ((acl_int->acl_cnt < 3) || (acl_int->acl_cnt > ACL_MAX_ENTRIES)) { errno = EINVAL; return -1; } @@ -55,57 +67,42 @@ acl_calc_mask(acl_t *acl_p) acl_new = acl_dup(*acl_p); if (!acl_new) return -1; + acl_int_new = &acl_new->ats_acl; - user_obj = group_obj = other_obj = mask_mode = 0; + mask_mode = 0; mask_num = -1; /* gather permissions and find a mask entry */ - for (i = 0; i < acl_new->acl_cnt; i++) { - switch(acl_new->acl_entry[i].ae_tag) { - case ACL_USER_OBJ: - user_obj++; - break; - case ACL_OTHER: - other_obj++; - break; - case ACL_GROUP_OBJ: - group_obj++; - /* FALLTHROUGH */ - case ACL_GROUP: + for (i = 0; i < acl_int_new->acl_cnt; i++) { + switch(acl_int_new->acl_entry[i].ae_tag) { case ACL_USER: + case ACL_GROUP: + case ACL_GROUP_OBJ: mask_mode |= - acl_new->acl_entry[i].ae_perm & ACL_PERM_BITS; + acl_int_new->acl_entry[i].ae_perm & ACL_PERM_BITS; break; case ACL_MASK: mask_num = i; break; - default: - errno = EINVAL; - acl_free(acl_new); - return -1; - /* NOTREACHED */ } } - if ((user_obj != 1) || (group_obj != 1) || (other_obj != 1)) { - errno = EINVAL; - acl_free(acl_new); - return -1; - } + /* if a mask entry already exists, overwrite the perms */ - if (mask_num != -1) { - acl_new->acl_entry[mask_num].ae_perm = mask_mode; - } else { + if (mask_num != -1) + acl_int_new->acl_entry[mask_num].ae_perm = mask_mode; + else { /* if no mask exists, check acl_cnt... */ - if (acl_new->acl_cnt == ACL_MAX_ENTRIES) { - errno = EINVAL; - acl_free(acl_new); + if (acl_int_new->acl_cnt == ACL_MAX_ENTRIES) { + errno = ENOMEM; return -1; } /* ...and add the mask entry */ - acl_new->acl_entry[acl_new->acl_cnt].ae_tag = ACL_MASK; - acl_new->acl_entry[acl_new->acl_cnt].ae_id = 0; - acl_new->acl_entry[acl_new->acl_cnt].ae_perm = mask_mode; - acl_new->acl_cnt++; + acl_int_new->acl_entry[acl_int_new->acl_cnt].ae_tag = ACL_MASK; + acl_int_new->acl_entry[acl_int_new->acl_cnt].ae_id = + ACL_UNDEFINED_ID; + acl_int_new->acl_entry[acl_int_new->acl_cnt].ae_perm = + mask_mode; + acl_int_new->acl_cnt++; } if (acl_valid(acl_new) == -1) { diff --git a/lib/libc/posix1e/acl_copy.c b/lib/libc/posix1e/acl_copy.c index 9725231..800648a 100644 --- a/lib/libc/posix1e/acl_copy.c +++ b/lib/libc/posix1e/acl_copy.c @@ -35,7 +35,7 @@ #include <string.h> /* - * acl_copy_entry() - copy the contents of ACL entry src_d to + * acl_copy_entry() (23.4.4): copy the contents of ACL entry src_d to * ACL entry dest_d */ int diff --git a/lib/libc/posix1e/acl_delete_entry.c b/lib/libc/posix1e/acl_delete_entry.c index e961ab2..760078f 100644 --- a/lib/libc/posix1e/acl_delete_entry.c +++ b/lib/libc/posix1e/acl_delete_entry.c @@ -26,8 +26,6 @@ * $FreeBSD$ */ -/* acl_delete_entry() - delete an ACL entry from an ACL */ - #include <sys/types.h> #include "namespace.h" #include <sys/acl.h> @@ -35,26 +33,41 @@ #include <errno.h> #include <string.h> +/* + * acl_delete_entry() (23.4.9): remove the ACL entry indicated by entry_d + * from acl. + */ int acl_delete_entry(acl_t acl, acl_entry_t entry_d) { + struct acl *acl_int; int i; - if (!acl || !entry_d || (acl->acl_cnt < 1) || - (acl->acl_cnt > ACL_MAX_ENTRIES)) { + if (!acl || !entry_d) { + errno = EINVAL; + return -1; + } + + acl_int = &acl->ats_acl; + + if ((acl->ats_acl.acl_cnt < 1) || + (acl->ats_acl.acl_cnt > ACL_MAX_ENTRIES)) { errno = EINVAL; return -1; } - for (i = 0; i < acl->acl_cnt; i++) { + for (i = 0; i < acl->ats_acl.acl_cnt; i++) { /* if this is our entry... */ - if ((acl->acl_entry[i].ae_tag == entry_d->ae_tag) && - (acl->acl_entry[i].ae_id == entry_d->ae_id)) { + if ((acl->ats_acl.acl_entry[i].ae_tag == entry_d->ae_tag) && + (acl->ats_acl.acl_entry[i].ae_id == entry_d->ae_id)) { /* ...shift the remaining entries... */ - while (i < acl->acl_cnt - 1) - acl->acl_entry[i] = acl->acl_entry[++i]; + while (i < acl->ats_acl.acl_cnt - 1) + acl->ats_acl.acl_entry[i] = + acl->ats_acl.acl_entry[++i]; /* ...drop the count and zero the unused entry... */ - acl->acl_cnt--; - bzero(&acl->acl_entry[i], sizeof(struct acl_entry)); + acl->ats_acl.acl_cnt--; + bzero(&acl->ats_acl.acl_entry[i], + sizeof(struct acl_entry)); + acl->ats_cur_entry = 0; return 0; } } diff --git a/lib/libc/posix1e/acl_entry.c b/lib/libc/posix1e/acl_entry.c index cfb5e80..337340d 100644 --- a/lib/libc/posix1e/acl_entry.c +++ b/lib/libc/posix1e/acl_entry.c @@ -34,32 +34,64 @@ #include <errno.h> #include <stdlib.h> +/* + * acl_create_entry() (23.4.7): create a new ACL entry in the ACL pointed + * to by acl_p. + */ int acl_create_entry(acl_t *acl_p, acl_entry_t *entry_p) { - acl_t acl; + struct acl *acl_int; - if (!acl_p || !*acl_p || ((*acl_p)->acl_cnt >= ACL_MAX_ENTRIES) || - ((*acl_p)->acl_cnt < 0)) { + if (!acl_p) { errno = EINVAL; return -1; } - acl = *acl_p; + acl_int = &(*acl_p)->ats_acl; + + if ((acl_int->acl_cnt >= ACL_MAX_ENTRIES) || (acl_int->acl_cnt < 0)) { + errno = EINVAL; + return -1; + } - *entry_p = &acl->acl_entry[acl->acl_cnt++]; + *entry_p = &acl_int->acl_entry[acl_int->acl_cnt++]; (**entry_p).ae_tag = ACL_UNDEFINED_TAG; (**entry_p).ae_id = ACL_UNDEFINED_ID; (**entry_p).ae_perm = ACL_PERM_NONE; + (*acl_p)->ats_cur_entry = 0; + return 0; } +/* + * acl_get_entry() (23.4.14): returns an ACL entry from an ACL + * indicated by entry_id. + */ int acl_get_entry(acl_t acl, int entry_id, acl_entry_t *entry_p) { + struct acl *acl_int; + + if (!acl) { + errno = EINVAL; + return -1; + } + acl_int = &acl->ats_acl; + + switch(entry_id) { + case ACL_FIRST_ENTRY: + acl->ats_cur_entry = 0; + /* PASSTHROUGH */ + case ACL_NEXT_ENTRY: + if (acl->ats_cur_entry >= acl->ats_acl.acl_cnt) + return 0; + *entry_p = &acl_int->acl_entry[acl->ats_cur_entry++]; + return 1; + } - errno = ENOSYS; + errno = EINVAL; return -1; } diff --git a/lib/libc/posix1e/acl_free.c b/lib/libc/posix1e/acl_free.c index 9dd9ee9..b4aeb1ab 100644 --- a/lib/libc/posix1e/acl_free.c +++ b/lib/libc/posix1e/acl_free.c @@ -36,10 +36,18 @@ #include <sys/errno.h> #include <stdlib.h> +/* + * acl_free() (23.4.12): free any releasable memory allocated to the + * ACL data object identified by obj_p. + */ int acl_free(void *obj_p) { - free(obj_p); + if (obj_p) { + free(obj_p); + obj_p = NULL; + } + return (0); } diff --git a/lib/libc/posix1e/acl_from_text.c b/lib/libc/posix1e/acl_from_text.c index 8b47338..d391089 100644 --- a/lib/libc/posix1e/acl_from_text.c +++ b/lib/libc/posix1e/acl_from_text.c @@ -109,13 +109,13 @@ acl_string_to_tag(char *tag, char *qualifier) acl_t acl_from_text(const char *buf_p) { - acl_tag_t t; - acl_perm_t p; - acl_t acl; - uid_t id; - char *mybuf_p, *line, *cur, *notcomment, *comment, *entry; - char *tag, *qualifier, *permission; - int error; + acl_tag_t t; + acl_perm_t p; + acl_t acl; + char *mybuf_p, *line, *cur, *notcomment, *comment, *entry; + char *tag, *qualifier, *permission; + int error; + uid_t id; /* Local copy we can mess up. */ mybuf_p = strdup(buf_p); diff --git a/lib/libc/posix1e/acl_get.c b/lib/libc/posix1e/acl_get.c index 3388041..4f84cef 100644 --- a/lib/libc/posix1e/acl_get.c +++ b/lib/libc/posix1e/acl_get.c @@ -48,7 +48,7 @@ acl_t acl_get_file(const char *path_p, acl_type_t type) { - struct acl *aclp; + acl_t aclp; int error; aclp = acl_init(ACL_MAX_ENTRIES); @@ -56,7 +56,7 @@ acl_get_file(const char *path_p, acl_type_t type) return (NULL); } - error = __acl_get_file(path_p, type, aclp); + error = __acl_get_file(path_p, type, &aclp->ats_acl); if (error) { acl_free(aclp); return (NULL); @@ -68,7 +68,7 @@ acl_get_file(const char *path_p, acl_type_t type) acl_t acl_get_fd(int fd) { - struct acl *aclp; + acl_t aclp; int error; aclp = acl_init(ACL_MAX_ENTRIES); @@ -76,7 +76,7 @@ acl_get_fd(int fd) return (NULL); } - error = ___acl_get_fd(fd, ACL_TYPE_ACCESS, aclp); + error = ___acl_get_fd(fd, ACL_TYPE_ACCESS, &aclp->ats_acl); if (error) { acl_free(aclp); return (NULL); @@ -88,7 +88,7 @@ acl_get_fd(int fd) acl_t acl_get_fd_np(int fd, acl_type_t type) { - struct acl *aclp; + acl_t aclp; int error; aclp = acl_init(ACL_MAX_ENTRIES); @@ -96,7 +96,7 @@ acl_get_fd_np(int fd, acl_type_t type) return (NULL); } - error = ___acl_get_fd(fd, type, aclp); + error = ___acl_get_fd(fd, type, &aclp->ats_acl); if (error) { acl_free(aclp); return (NULL); @@ -109,6 +109,11 @@ int acl_get_perm_np(acl_permset_t permset_d, acl_perm_t perm) { + if (!permset_d) { + errno = EINVAL; + return -1; + } + switch(perm) { case ACL_READ: case ACL_WRITE: @@ -124,6 +129,10 @@ acl_get_perm_np(acl_permset_t permset_d, acl_perm_t perm) return 0; } +/* + * acl_get_permset() (23.4.17): return via permset_p a descriptor to + * the permission set in the ACL entry entry_d. + */ int acl_get_permset(acl_entry_t entry_d, acl_permset_t *permset_p) { @@ -138,6 +147,10 @@ acl_get_permset(acl_entry_t entry_d, acl_permset_t *permset_p) return 0; } +/* + * acl_get_qualifier() (23.4.18): retrieve the qualifier of the tag + * for the ACL entry entry_d. + */ void * acl_get_qualifier(acl_entry_t entry_d) { @@ -152,16 +165,20 @@ acl_get_qualifier(acl_entry_t entry_d) case ACL_USER: case ACL_GROUP: retval = malloc(sizeof(uid_t)); - if (retval) { - *retval = entry_d->ae_id; - return retval; - } + if (!retval) + return NULL; + *retval = entry_d->ae_id; + return retval; } errno = EINVAL; return NULL; } +/* + * acl_get_tag_type() (23.4.19): return the tag type for the ACL + * entry entry_p. + */ int acl_get_tag_type(acl_entry_t entry_d, acl_tag_t *tag_type_p) { diff --git a/lib/libc/posix1e/acl_get_entry.3 b/lib/libc/posix1e/acl_get_entry.3 new file mode 100644 index 0000000..e9269c9 --- /dev/null +++ b/lib/libc/posix1e/acl_get_entry.3 @@ -0,0 +1,139 @@ +.\"- +.\" Copyright (c) 2001 Chris D. Faulhaber +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd April 13, 2001 +.Dt ACL_GET_ENTRY 3 +.Os +.Sh NAME +.Nm acl_get_entry +.Nd retrieve an ACL entry from an ACL +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.Fd #include <sys/types.h> +.Fd #include <sys/acl.h> +.Ft void * +.Fn acl_get_entry "acl_t acl" "int entry_id" "acl_entry_t entry_p" +.Sh DESCRIPTION +.Fn acl_get_entry +is a POSIX.1e call that retrieves a descriptor for an ACL entry +specified by the argument +.Fa entry_d +within the ACL indicated by the argument +.Fa acl . +.Pp +If the value of +.Fa entry_id +is +.Dv ACL_FIRST_ENTRY , +then the function will return in +.Fa entry_p +a descriptor for the first ACL entry within +.Fa acl . +If a call is made to +.Fn acl_get_entry +with +.Fa entry_id +set to +.Dv ACL_NEXT_ENTRY +when there has not been either an initial successful call to +.Fn acl_get_entry , +or a previous successfull call to +.Fn acl_create_entry , +.Fn acl_delete_entry , +.Fn acl_dup , +.Fn acl_from_text , +.Fn acl_get_fd , +.Fn acl_get_file , +.Fn acl_set_fd , +.Fn acl_set_file, +or +.Fn acl_valid , +then the result is unspecified. +.Pp +.Sh RETURN VALUES +If the +.Fn acl_get_entry +function successfully obtains an ACL entry, a value of 1 is returned. +If the ACL has no ACL entries, the +.Fn function +returns a value of 0. If the value of +.Fa entry_id +is +.Dv ACL_NEXT_ENTRY +and the last ACL entry in the ACL has already been returned by a +previous call to +.Fn acl_get_entry , +a value of 0 will be returned until a successful call with +.Fa entry_id +of +.Dv ACL_FIRST_ENTRY +is made. Otherwise, a value of -1 will be returned and +.Va errno +will be set to indicate the error. +.Sh ERRORS +The +.Fn acl_get_entry +fails if: +.Bl -tag -width Er +.It Bq Er EINVAL +Argument +.Fa acl +does not point to a valid ACL. Argument +.Fa entry_id +is neither +.Dv ACL_FIRST_ENTRY +nor +.Dv ACL_NEXT_ENTRY . +.Sh SEE ALSO +.Xr acl 3 , +.Xr acl_calc_mask 3 , +.Xr acl_create_entry 3 , +.Xr acl_delete_entry 3 , +.Xr acl_dup 3 , +.Xr acl_from_text 3 , +.Xr acl_get_fd 3 , +.Xr acl_get_file 3 , +.Xr acl_init 3 , +.Xr acl_set_fd 3 , +.Xr acl_set_file 3 , +.Xr acl_valid 3 , +.Xr posix1e 3 +.Sh STANDARDS +POSIX.1e is described in IEEE POSIX.1e draft 17. +.Sh HISTORY +POSIX.1e support was introduced in +.Fx 4.0 . +The +.Fn acl_get_entry +function was added in +.Fx 5.0 . +.Sh AUTHORS +The +.Fn acl_get_entry +function was written by +.An Chris D. Faulhaber Aq jedgar@fxp.org . diff --git a/lib/libc/posix1e/acl_init.c b/lib/libc/posix1e/acl_init.c index d6e8f05..da36156 100644 --- a/lib/libc/posix1e/acl_init.c +++ b/lib/libc/posix1e/acl_init.c @@ -41,16 +41,20 @@ acl_t acl_init(int count) { - struct acl *acl; + acl_t acl; if (count > ACL_MAX_ENTRIES) { errno = ENOMEM; return (NULL); } + if (count < 0) { + errno = EINVAL; + return (NULL); + } - acl = (struct acl *) malloc(sizeof(struct acl)); + acl = malloc(sizeof(struct acl_t_struct)); if (acl != NULL) - bzero(acl, sizeof(struct acl)); + bzero(acl, sizeof(struct acl_t_struct)); return (acl); } @@ -58,13 +62,14 @@ acl_init(int count) acl_t acl_dup(acl_t acl) { - struct acl *acl_new; + acl_t acl_new; acl_new = acl_init(ACL_MAX_ENTRIES); if (!acl_new) - return(NULL); - + return NULL; *acl_new = *acl; + acl->ats_cur_entry = 0; + acl_new->ats_cur_entry = 0; return(acl_new); } diff --git a/lib/libc/posix1e/acl_perm.c b/lib/libc/posix1e/acl_perm.c index cdd8e30..8f634cb 100644 --- a/lib/libc/posix1e/acl_perm.c +++ b/lib/libc/posix1e/acl_perm.c @@ -35,25 +35,29 @@ #include <string.h> /* - * acl_add_perm() adds the permission contained in perm to the + * acl_add_perm() (23.4.1): add the permission contained in perm to the * permission set permset_d */ int acl_add_perm(acl_permset_t permset_d, acl_perm_t perm) { - if (!permset_d || (perm & !(ACL_PERM_BITS))) { - errno = EINVAL; - return -1; + if (permset_d) { + switch(perm) { + case ACL_READ: + case ACL_WRITE: + case ACL_EXECUTE: + *permset_d |= perm; + return 0; + } } - *permset_d |= perm; - - return 0; + errno = EINVAL; + return -1; } /* - * acl_clear_perms() clears all permisions from the permission + * acl_clear_perms() (23.4.3): clear all permisions from the permission * set permset_d */ int @@ -65,25 +69,29 @@ acl_clear_perms(acl_permset_t permset_d) return -1; } - *permset_d = 0; + *permset_d = ACL_PERM_NONE; return 0; } /* - * acl_delete_perm() removes the permission in perm from the + * acl_delete_perm() (23.4.10): remove the permission in perm from the * permission set permset_d */ int acl_delete_perm(acl_permset_t permset_d, acl_perm_t perm) { - if (!permset_d) { - errno = EINVAL; - return -1; + if (permset_d) { + switch(perm) { + case ACL_READ: + case ACL_WRITE: + case ACL_EXECUTE: + *permset_d &= ~(perm & ACL_PERM_BITS); + return 0; + } } - *permset_d &= ~(perm & ACL_PERM_BITS); - - return 0; + errno = EINVAL; + return -1; } diff --git a/lib/libc/posix1e/acl_set.c b/lib/libc/posix1e/acl_set.c index e8f177d..6b7dded 100644 --- a/lib/libc/posix1e/acl_set.c +++ b/lib/libc/posix1e/acl_set.c @@ -59,7 +59,9 @@ acl_set_file(const char *path_p, acl_type_t type, acl_t acl) } } - return (__acl_set_file(path_p, type, acl)); + acl->ats_cur_entry = 0; + + return (__acl_set_file(path_p, type, &acl->ats_acl)); } int @@ -73,7 +75,9 @@ acl_set_fd(int fd, acl_t acl) return(-1); } - return (___acl_set_fd(fd, ACL_TYPE_ACCESS, acl)); + acl->ats_cur_entry = 0; + + return (___acl_set_fd(fd, ACL_TYPE_ACCESS, &acl->ats_acl)); } int @@ -89,11 +93,13 @@ acl_set_fd_np(int fd, acl_t acl, acl_type_t type) } } - return (___acl_set_fd(fd, type, acl)); + acl->ats_cur_entry = 0; + + return (___acl_set_fd(fd, type, &acl->ats_acl)); } /* - * acl_set_permset() sets the permissions of ACL entry entry_d + * acl_set_permset() (23.4.23): sets the permissions of ACL entry entry_d * with the permissions in permset_d */ int diff --git a/lib/libc/posix1e/acl_support.c b/lib/libc/posix1e/acl_support.c index 26fcf07..0ab061d 100644 --- a/lib/libc/posix1e/acl_support.c +++ b/lib/libc/posix1e/acl_support.c @@ -96,9 +96,12 @@ _posix1e_acl_entry_compare(struct acl_entry *a, struct acl_entry *b) int _posix1e_acl_sort(acl_t acl) { + struct acl *acl_int; - qsort(&acl->acl_entry[0], acl->acl_cnt, sizeof(struct acl_entry), - (compare) _posix1e_acl_entry_compare); + acl_int = &acl->ats_acl; + + qsort(&acl_int->acl_entry[0], acl_int->acl_cnt, + sizeof(struct acl_entry), (compare) _posix1e_acl_entry_compare); return (0); } @@ -130,8 +133,9 @@ _posix1e_acl(acl_t acl, acl_type_t type) * this. Returns 0 on success, EINVAL on failure. */ int -_posix1e_acl_check(struct acl *acl) +_posix1e_acl_check(acl_t acl) { + struct acl *acl_int; struct acl_entry *entry; /* current entry */ uid_t obj_uid=-1, obj_gid=-1, highest_uid=0, highest_gid=0; int stage = ACL_USER_OBJ; @@ -139,10 +143,12 @@ _posix1e_acl_check(struct acl *acl) int count_user_obj=0, count_user=0, count_group_obj=0, count_group=0, count_mask=0, count_other=0; + acl_int = &acl->ats_acl; + /* printf("_posix1e_acl_check: checking acl with %d entries\n", acl->acl_cnt); */ - while (i < acl->acl_cnt) { - entry = &acl->acl_entry[i]; + while (i < acl_int->acl_cnt) { + entry = &acl_int->acl_entry[i]; if ((entry->ae_perm | ACL_PERM_BITS) != ACL_PERM_BITS) return (EINVAL); @@ -408,18 +414,21 @@ _posix1e_acl_string_to_perm(char *string, acl_perm_t *perm) int _posix1e_acl_add_entry(acl_t acl, acl_tag_t tag, uid_t id, acl_perm_t perm) { + struct acl *acl_int; struct acl_entry *e; - if (acl->acl_cnt >= ACL_MAX_ENTRIES) { + acl_int = &acl->ats_acl; + + if (acl_int->acl_cnt >= ACL_MAX_ENTRIES) { errno = ENOMEM; return (-1); } - e = &(acl->acl_entry[acl->acl_cnt]); + e = &(acl_int->acl_entry[acl_int->acl_cnt]); e->ae_perm = perm; e->ae_tag = tag; e->ae_id = id; - acl->acl_cnt++; + acl_int->acl_cnt++; return (0); } diff --git a/lib/libc/posix1e/acl_support.h b/lib/libc/posix1e/acl_support.h index a907e52..6cccf0b 100644 --- a/lib/libc/posix1e/acl_support.h +++ b/lib/libc/posix1e/acl_support.h @@ -34,7 +34,7 @@ #define _POSIX1E_ACL_STRING_PERM_MAXSIZE 3 /* read, write, exec */ -int _posix1e_acl_check(struct acl *acl); +int _posix1e_acl_check(acl_t acl); int _posix1e_acl_sort(acl_t acl); int _posix1e_acl(acl_t acl, acl_type_t type); int _posix1e_acl_id_to_name(acl_tag_t tag, uid_t id, ssize_t buf_len, diff --git a/lib/libc/posix1e/acl_to_text.c b/lib/libc/posix1e/acl_to_text.c index 20f2b9e..4c079e4 100644 --- a/lib/libc/posix1e/acl_to_text.c +++ b/lib/libc/posix1e/acl_to_text.c @@ -52,28 +52,31 @@ char * acl_to_text(acl_t acl, ssize_t *len_p) { - char *buf, *tmpbuf; - char name_buf[UT_NAMESIZE+1]; - char perm_buf[_POSIX1E_ACL_STRING_PERM_MAXSIZE+1], - effective_perm_buf[_POSIX1E_ACL_STRING_PERM_MAXSIZE+1]; - int i, error, len; - uid_t ae_id; - acl_tag_t ae_tag; - acl_perm_t ae_perm, effective_perm, mask_perm; + struct acl *acl_int; + char *buf, *tmpbuf; + char name_buf[UT_NAMESIZE+1]; + char perm_buf[_POSIX1E_ACL_STRING_PERM_MAXSIZE+1], + effective_perm_buf[_POSIX1E_ACL_STRING_PERM_MAXSIZE+1]; + int i, error, len; + uid_t ae_id; + acl_tag_t ae_tag; + acl_perm_t ae_perm, effective_perm, mask_perm; buf = strdup(""); if (!buf) return(NULL); + acl_int = &acl->ats_acl; + mask_perm = ACL_PERM_BITS; /* effective is regular if no mask */ - for (i = 0; i < acl->acl_cnt; i++) - if (acl->acl_entry[i].ae_tag == ACL_MASK) - mask_perm = acl->acl_entry[i].ae_perm; - - for (i = 0; i < acl->acl_cnt; i++) { - ae_tag = acl->acl_entry[i].ae_tag; - ae_id = acl->acl_entry[i].ae_id; - ae_perm = acl->acl_entry[i].ae_perm; + for (i = 0; i < acl_int->acl_cnt; i++) + if (acl_int->acl_entry[i].ae_tag == ACL_MASK) + mask_perm = acl_int->acl_entry[i].ae_perm; + + for (i = 0; i < acl_int->acl_cnt; i++) { + ae_tag = acl_int->acl_entry[i].ae_tag; + ae_id = acl_int->acl_entry[i].ae_id; + ae_perm = acl_int->acl_entry[i].ae_perm; switch(ae_tag) { case ACL_USER_OBJ: diff --git a/lib/libc/posix1e/acl_valid.c b/lib/libc/posix1e/acl_valid.c index fe50889..6eaa6ac 100644 --- a/lib/libc/posix1e/acl_valid.c +++ b/lib/libc/posix1e/acl_valid.c @@ -78,7 +78,7 @@ acl_valid_file_np(const char *pathp, acl_type_t type, acl_t acl) } } - return (__acl_aclcheck_file(pathp, type, acl)); + return (__acl_aclcheck_file(pathp, type, &acl->ats_acl)); } @@ -95,5 +95,8 @@ acl_valid_fd_np(int fd, acl_type_t type, acl_t acl) } } - return (___acl_aclcheck_fd(fd, type, acl)); + acl->ats_cur_entry = 0; + + + return (___acl_aclcheck_fd(fd, type, &acl->ats_acl)); } |
