From 937f807a3675d0970be68437c2eb5ce4c82fd68f Mon Sep 17 00:00:00 2001
From: Gleb Popov <arrowd@FreeBSD.org>
Date: Tue, 19 Jan 2021 19:26:19 +0400
Subject: [PATCH] libc/posix1e: Add acl_cmp_np() function.

Reviewed by: kib, debdrup, gbe
Approved by: kib
Differential Revision: https://reviews.freebsd.org/D28255
---
 lib/libc/posix1e/Makefile.inc  |  2 +
 lib/libc/posix1e/Symbol.map    |  1 +
 lib/libc/posix1e/acl_cmp_np.3  | 83 ++++++++++++++++++++++++++++++++++
 lib/libc/posix1e/acl_cmp_np.c  | 55 ++++++++++++++++++++++
 lib/libc/posix1e/acl_support.c |  2 -
 sys/sys/acl.h                  |  1 +
 6 files changed, 142 insertions(+), 2 deletions(-)
 create mode 100644 lib/libc/posix1e/acl_cmp_np.3
 create mode 100644 lib/libc/posix1e/acl_cmp_np.c

diff --git a/lib/libc/posix1e/Makefile.inc b/lib/libc/posix1e/Makefile.inc
index 865a5e120b0f..de3fa17ab3c9 100644
--- a/lib/libc/posix1e/Makefile.inc
+++ b/lib/libc/posix1e/Makefile.inc
@@ -11,6 +11,7 @@ subr_acl_nfs4.c: ${SRCTOP}/sys/kern/subr_acl_nfs4.c
 CONFS+=	posix1e/mac.conf
 SRCS+=	acl_branding.c			\
 	acl_calc_mask.c			\
+	acl_cmp_np.c			\
 	acl_compat.c			\
 	acl_copy.c			\
 	acl_delete.c			\
@@ -47,6 +48,7 @@ MAN+=	acl.3				\
 	acl_calc_mask.3			\
 	acl_clear_flags_np.3		\
 	acl_clear_perms.3		\
+	acl_cmp_np.3			\
 	acl_copy_entry.3		\
 	acl_create_entry.3		\
 	acl_delete.3			\
diff --git a/lib/libc/posix1e/Symbol.map b/lib/libc/posix1e/Symbol.map
index 6cc05daee818..a83d69e9a887 100644
--- a/lib/libc/posix1e/Symbol.map
+++ b/lib/libc/posix1e/Symbol.map
@@ -86,5 +86,6 @@ FBSD_1.1 {
 };
 
 FBSD_1.7 {
+	acl_cmp_np;
 	acl_from_mode_np;
 };
diff --git a/lib/libc/posix1e/acl_cmp_np.3 b/lib/libc/posix1e/acl_cmp_np.3
new file mode 100644
index 000000000000..a8dca4959d2e
--- /dev/null
+++ b/lib/libc/posix1e/acl_cmp_np.3
@@ -0,0 +1,83 @@
+.\"-
+.\" Copyright (c) 2021 Gleb Popov
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd January 20, 2021
+.Dt ACL_CMP_NP 3
+.Os
+.Sh NAME
+.Nm acl_cmp
+.Nd compare between two ACLs
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/types.h
+.In sys/acl.h
+.Ft int
+.Fn acl_cmp_np "acl_t acl1" "acl_t acl2"
+.Sh DESCRIPTION
+The
+.Fn acl_cmp_np
+function is a non-portable call that checks if ACLs pointed to by
+.Va acl1
+and
+.Va acl2
+are equivalent.
+The two ACLs are considered equal when they contain the same
+entries with matching tag types, qualifiers and permissions.
+.Sh RETURN VALUES
+Upon successful completion, this function returns 0 if the given ACLs are
+equivalent and 1 if they differ.
+Otherwise, the value -1 is returned, and
+.Va errno
+indicates the error.
+.Sh ERRORS
+If any of the following conditions occur, the
+.Fn acl_cmp_np
+function shall return a value of
+.Va -1
+and set
+.Va errno
+to the corresponding value:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+Either first or second argument does not point to a valid ACL.
+.Sh SEE ALSO
+.Xr acl 3 ,
+.Xr posix1e 3
+.Sh STANDARDS
+POSIX.1e is described in IEEE POSIX.1e draft 17.
+Discussion
+of the draft continues on the cross-platform POSIX.1e implementation
+mailing list.
+To join this list, see the
+.Fx
+POSIX.1e implementation
+page for more information.
+.Sh HISTORY
+POSIX.1e support was introduced in
+.Fx 4.0 ,
+and development continues.
+.Sh AUTHORS
+.An Gleb Popov
diff --git a/lib/libc/posix1e/acl_cmp_np.c b/lib/libc/posix1e/acl_cmp_np.c
new file mode 100644
index 000000000000..43fe9dcb3f7e
--- /dev/null
+++ b/lib/libc/posix1e/acl_cmp_np.c
@@ -0,0 +1,55 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ *
+ * Copyright (c) 2021 Gleb Popov
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * acl_cmp_np: Compare two ACL's.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/acl.h>
+#include <sys/errno.h>
+
+#include "acl_support.h"
+
+/*
+ * returns 0 if acl_t's are identical, 1 otherwise
+ */
+int
+acl_cmp_np(acl_t acl1, acl_t acl2)
+{
+	if (acl1 == NULL || acl2 == NULL) {
+		errno = EINVAL;
+		return (-1);
+	}
+
+	if (_acl_brand(acl1) != _acl_brand(acl2))
+		return (1);
+
+	return (_acl_differs(acl1, acl2));
+}
diff --git a/lib/libc/posix1e/acl_support.c b/lib/libc/posix1e/acl_support.c
index bb09d119f988..342d2853ddda 100644
--- a/lib/libc/posix1e/acl_support.c
+++ b/lib/libc/posix1e/acl_support.c
@@ -62,8 +62,6 @@ _acl_differs(const acl_t a, const acl_t b)
 	struct acl_entry *entrya, *entryb;
 
 	assert(_acl_brand(a) == _acl_brand(b));
-	assert(_acl_brand(a) != ACL_BRAND_UNKNOWN);
-	assert(_acl_brand(b) != ACL_BRAND_UNKNOWN);
 
 	if (a->ats_acl.acl_cnt != b->ats_acl.acl_cnt)
 		return (1);
diff --git a/sys/sys/acl.h b/sys/sys/acl.h
index 71bb0f2ac058..bbf0987a75e4 100644
--- a/sys/sys/acl.h
+++ b/sys/sys/acl.h
@@ -363,6 +363,7 @@ int	acl_add_perm(acl_permset_t _permset_d, acl_perm_t _perm);
 int	acl_calc_mask(acl_t *_acl_p);
 int	acl_clear_flags_np(acl_flagset_t _flagset_d);
 int	acl_clear_perms(acl_permset_t _permset_d);
+int	acl_cmp_np(acl_t _acl1, acl_t _acl2);
 int	acl_copy_entry(acl_entry_t _dest_d, acl_entry_t _src_d);
 ssize_t	acl_copy_ext(void *_buf_p, acl_t _acl, ssize_t _size);
 acl_t	acl_copy_int(const void *_buf_p);