2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 1999-2001, 2008 Robert N. M. Watson
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * Support functionality for the POSIX.1e ACL interface
30 * These calls are intended only to be called within the library.
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <sys/types.h>
37 #include "namespace.h"
39 #include "un-namespace.h"
48 #include "acl_support.h"
50 #define ACL_STRING_PERM_WRITE 'w'
51 #define ACL_STRING_PERM_READ 'r'
52 #define ACL_STRING_PERM_EXEC 'x'
53 #define ACL_STRING_PERM_NONE '-'
56 * Return 0, if both ACLs are identical.
59 _acl_differs(const acl_t a, const acl_t b)
62 struct acl_entry *entrya, *entryb;
64 assert(_acl_brand(a) == _acl_brand(b));
65 assert(_acl_brand(a) != ACL_BRAND_UNKNOWN);
66 assert(_acl_brand(b) != ACL_BRAND_UNKNOWN);
68 if (a->ats_acl.acl_cnt != b->ats_acl.acl_cnt)
71 for (i = 0; i < b->ats_acl.acl_cnt; i++) {
72 entrya = &(a->ats_acl.acl_entry[i]);
73 entryb = &(b->ats_acl.acl_entry[i]);
75 if (entrya->ae_tag != entryb->ae_tag ||
76 entrya->ae_id != entryb->ae_id ||
77 entrya->ae_perm != entryb->ae_perm ||
78 entrya->ae_entry_type != entryb->ae_entry_type ||
79 entrya->ae_flags != entryb->ae_flags)
87 * _posix1e_acl_entry_compare -- compare two acl_entry structures to
88 * determine the order they should appear in. Used by _posix1e_acl_sort to
89 * sort ACL entries into the kernel-desired order -- i.e., the order useful
90 * for evaluation and O(n) validity checking. Beter to have an O(nlogn) sort
91 * in userland and an O(n) in kernel than to have both in kernel.
93 typedef int (*compare)(const void *, const void *);
95 _posix1e_acl_entry_compare(struct acl_entry *a, struct acl_entry *b)
98 assert(_entry_brand(a) == ACL_BRAND_POSIX);
99 assert(_entry_brand(b) == ACL_BRAND_POSIX);
102 * First, sort between tags -- conveniently defined in the correct
103 * order for verification.
105 if (a->ae_tag < b->ae_tag)
107 if (a->ae_tag > b->ae_tag)
111 * Next compare uids/gids on appropriate types.
114 if (a->ae_tag == ACL_USER || a->ae_tag == ACL_GROUP) {
115 if (a->ae_id < b->ae_id)
117 if (a->ae_id > b->ae_id)
120 /* shouldn't be equal, fall through to the invalid case */
124 * Don't know how to sort multiple entries of the rest--either it's
125 * a bad entry, or there shouldn't be more than one. Ignore and the
126 * validity checker can get it later.
132 * _posix1e_acl_sort -- sort ACL entries in POSIX.1e-formatted ACLs.
135 _posix1e_acl_sort(acl_t acl)
139 acl_int = &acl->ats_acl;
141 qsort(&acl_int->acl_entry[0], acl_int->acl_cnt,
142 sizeof(struct acl_entry), (compare) _posix1e_acl_entry_compare);
146 * acl_posix1e -- in what situations should we acl_sort before submission?
147 * We apply posix1e ACL semantics for any ACL of type ACL_TYPE_ACCESS or
151 _posix1e_acl(acl_t acl, acl_type_t type)
154 if (_acl_brand(acl) != ACL_BRAND_POSIX)
157 return ((type == ACL_TYPE_ACCESS) || (type == ACL_TYPE_DEFAULT));
161 * _posix1e_acl_check -- given an ACL, check its validity. This is mirrored
162 * from code in sys/kern/kern_acl.c, and if changes are made in one, they
163 * should be made in the other also. This copy of acl_check is made
164 * available * in userland for the benefit of processes wanting to check ACLs
165 * for validity before submitting them to the kernel, or for performing
166 * in userland file system checking. Needless to say, the kernel makes
167 * the real checks on calls to get/setacl.
169 * See the comments in kernel for explanation -- just briefly, it assumes
170 * an already sorted ACL, and checks based on that assumption. The
171 * POSIX.1e interface, acl_valid(), will perform the sort before calling
172 * this. Returns 0 on success, EINVAL on failure.
175 _posix1e_acl_check(acl_t acl)
178 struct acl_entry *entry; /* current entry */
179 uid_t highest_uid=0, highest_gid=0;
180 int stage = ACL_USER_OBJ;
182 int count_user_obj=0, count_user=0, count_group_obj=0,
183 count_group=0, count_mask=0, count_other=0;
185 acl_int = &acl->ats_acl;
187 /* printf("_posix1e_acl_check: checking acl with %d entries\n",
189 while (i < acl_int->acl_cnt) {
190 entry = &acl_int->acl_entry[i];
192 if ((entry->ae_perm | ACL_PERM_BITS) != ACL_PERM_BITS)
195 switch(entry->ae_tag) {
197 /* printf("_posix1e_acl_check: %d: ACL_USER_OBJ\n",
199 if (stage > ACL_USER_OBJ)
206 /* printf("_posix1e_acl_check: %d: ACL_USER\n", i); */
207 if (stage > ACL_USER)
210 if (count_user && (entry->ae_id <= highest_uid))
212 highest_uid = entry->ae_id;
217 /* printf("_posix1e_acl_check: %d: ACL_GROUP_OBJ\n",
219 if (stage > ACL_GROUP_OBJ)
226 /* printf("_posix1e_acl_check: %d: ACL_GROUP\n", i); */
227 if (stage > ACL_GROUP)
230 if (count_group && (entry->ae_id <= highest_gid))
232 highest_gid = entry->ae_id;
237 /* printf("_posix1e_acl_check: %d: ACL_MASK\n", i); */
238 if (stage > ACL_MASK)
245 /* printf("_posix1e_acl_check: %d: ACL_OTHER\n", i); */
246 if (stage > ACL_OTHER)
253 /* printf("_posix1e_acl_check: %d: INVALID\n", i); */
259 if (count_user_obj != 1)
262 if (count_group_obj != 1)
265 if (count_mask != 0 && count_mask != 1)
268 if (count_other != 1)
275 * Given a right-shifted permission (i.e., direct ACL_PERM_* mask), fill
276 * in a string describing the permissions.
279 _posix1e_acl_perm_to_string(acl_perm_t perm, ssize_t buf_len, char *buf)
282 if (buf_len < _POSIX1E_ACL_STRING_PERM_MAXSIZE + 1) {
287 if ((perm | ACL_PERM_BITS) != ACL_PERM_BITS) {
292 buf[3] = 0; /* null terminate */
295 buf[0] = ACL_STRING_PERM_READ;
297 buf[0] = ACL_STRING_PERM_NONE;
299 if (perm & ACL_WRITE)
300 buf[1] = ACL_STRING_PERM_WRITE;
302 buf[1] = ACL_STRING_PERM_NONE;
304 if (perm & ACL_EXECUTE)
305 buf[2] = ACL_STRING_PERM_EXEC;
307 buf[2] = ACL_STRING_PERM_NONE;
313 * given a string, return a permission describing it
316 _posix1e_acl_string_to_perm(char *string, acl_perm_t *perm)
318 acl_perm_t myperm = ACL_PERM_NONE;
324 case ACL_STRING_PERM_READ:
327 case ACL_STRING_PERM_WRITE:
330 case ACL_STRING_PERM_EXEC:
331 myperm |= ACL_EXECUTE;
333 case ACL_STRING_PERM_NONE:
346 * Add an ACL entry without doing much checking, et al
349 _posix1e_acl_add_entry(acl_t acl, acl_tag_t tag, uid_t id, acl_perm_t perm)
354 acl_int = &acl->ats_acl;
356 if (acl_int->acl_cnt >= ACL_MAX_ENTRIES) {
361 e = &(acl_int->acl_entry[acl_int->acl_cnt]);
371 * Convert "old" type - ACL_TYPE_{ACCESS,DEFAULT}_OLD - into its "new"
372 * counterpart. It's necessary for the old (pre-NFSv4 ACLs) binaries
373 * to work with new libc and kernel. Fixing 'type' for old binaries with
374 * old libc and new kernel is being done by kern/vfs_acl.c:type_unold().
377 _acl_type_unold(acl_type_t type)
381 case ACL_TYPE_ACCESS_OLD:
382 return (ACL_TYPE_ACCESS);
383 case ACL_TYPE_DEFAULT_OLD:
384 return (ACL_TYPE_DEFAULT);
391 string_skip_whitespace(char *string)
394 while (*string && ((*string == ' ') || (*string == '\t')))
401 string_trim_trailing_whitespace(char *string)
408 end = string + strlen(string) - 1;
410 while (end != string) {
411 if ((*end == ' ') || (*end == '\t')) {