libc/posix1e: Add acl_extended_file_np() function.

Reviewed by: kib, debdrup, gbe
Approved by: kib
Differential Revision: https://reviews.freebsd.org/D28255

lib/libc/posix1e/Makefile.inc

@@ -18,6 +18,7 @@ SRCS+=	acl_branding.c			\
 	acl_delete_entry.c		\
 	acl_entry.c			\
 	acl_equiv_mode_np.c		\
+	acl_extended_file_np.c		\
 	acl_flag.c			\
 	acl_free.c			\
 	acl_from_mode_np.c		\
@@ -58,6 +59,7 @@ MAN+=	acl.3				\
 	acl_delete_perm.3		\
 	acl_dup.3			\
 	acl_equiv_mode_np.3		\
+	acl_extended_file_np.3		\
 	acl_free.3			\
 	acl_from_mode_np.3		\
 	acl_from_text.3			\
@@ -98,6 +100,8 @@ MLINKS+=acl_create_entry.3 acl_create_entry_np.3\
 	acl_delete.3 acl_delete_file_np.3	\
 	acl_delete.3 acl_delete_fd_np.3		\
 	acl_delete_entry.3 acl_delete_entry_np.3\
+	acl_extended_file_np.3 acl_extended_file_nofollow_np.3 \
+	acl_extended_file_np.3 acl_extended_link_np.3 \
 	acl_get.3 acl_get_file.3		\
 	acl_get.3 acl_get_fd.3			\
 	acl_get.3 acl_get_fd_np.3		\

lib/libc/posix1e/Symbol.map

@@ -88,5 +88,8 @@ FBSD_1.1 {
 FBSD_1.7 {
 	acl_cmp_np;
 	acl_equiv_mode_np;
+	acl_extended_file_np;
+	acl_extended_file_nofollow_np;
+	acl_extended_link_np;
 	acl_from_mode_np;
 };

lib/libc/posix1e/acl_extended_file_np.3

@@ -0,0 +1,95 @@
+.\"-
+.\" Copyright (c) 2021 Gleb Popov
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd February 26, 2021
+.Dt ACL_EXTENDED_FILE_NP 3
+.Os
+.Sh NAME
+.Nm acl_extended_file_np ,
+.Nm acl_extended_file_nofollow_np ,
+.Nm acl_extended_link_np
+.Nd checks if the file has extended ACLs set
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/types.h
+.In sys/acl.h
+.Ft int
+.Fn acl_extended_file_np "const char* path_p"
+.Ft int
+.Fn acl_extended_file_nofollow_np "const char* path_p"
+.Ft int
+.Fn acl_extended_link_np "const char* path_p"
+.Sh DESCRIPTION
+The
+.Fn acl_extended_file_np
+function is a non-portable call that checks if the file or directory referred to
+by the argument
+.Va path_p
+contains extended access ACLs. The
+.Fn acl_extended_file_nofollow_np
+function works the same way, except it does not follow symlinks. The
+.Fn acl_extended_link_np
+function is a synonim to
+.Fn acl_extended_file_nofollow_np
+named in FreeBSD style.
+An ACL is considered to be extended access one if it contains entries other
+than the three required entries of tag types ACL_USER_OBJ, ACL_GROUP_OBJ and
+ACL_OTHER.
+.Sh RETURN VALUES
+Upon successful completion, this function returns 0 if the file object does not
+contain extended access ACLs and 1 in the other case.
+Otherwise, the value -1 is returned, and
+.Va errno
+indicates the error.
+.Sh ERRORS
+If any of the following conditions occur, the
+.Fn acl_extended_file_np
+function shall return a value of
+.Va -1
+and set
+.Va errno
+to the corresponding value:
+.Bl -tag -width Er
+.It Bq Er EACCES
+Search permission is denied for a component of the path prefix.
+.Sh SEE ALSO
+.Xr extattr_get_file 2 ,
+.Xr posix1e 3
+.Sh STANDARDS
+POSIX.1e is described in IEEE POSIX.1e draft 17.
+Discussion
+of the draft continues on the cross-platform POSIX.1e implementation
+mailing list.
+To join this list, see the
+.Fx
+POSIX.1e implementation
+page for more information.
+.Sh HISTORY
+POSIX.1e support was introduced in
+.Fx 4.0 ,
+and development continues.
+.Sh AUTHORS
+.An Gleb Popov

lib/libc/posix1e/acl_extended_file_np.c

@@ -0,0 +1,85 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ *
+ * Copyright (c) 2021 Gleb Popov
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * acl_extended_file_np: Check if the file has extended ACLs set.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/param.h>
+#include <sys/errno.h>
+#include <sys/acl.h>
+
+#include <unistd.h>
+
+typedef acl_t (*acl_get_func)(const char *, acl_type_t);
+typedef long (*pathconf_func)(const char *, int);
+
+static int
+_acl_extended_file(acl_get_func f, pathconf_func pathconf_f, const char* path_p);
+
+int
+acl_extended_file_np(const char *path_p)
+{
+	return (_acl_extended_file(acl_get_file, pathconf, path_p));
+}
+
+int
+acl_extended_file_nofollow_np(const char *path_p)
+{
+	return (_acl_extended_file(acl_get_link_np, lpathconf, path_p));
+}
+
+int
+acl_extended_link_np(const char *path_p)
+{
+	return (_acl_extended_file(acl_get_link_np, lpathconf, path_p));
+}
+
+int
+_acl_extended_file(acl_get_func acl_get, pathconf_func pathconf_f, const char* path_p)
+{
+	acl_t acl;
+	int retval, istrivial, acltype = ACL_TYPE_ACCESS;
+
+	retval = pathconf_f(path_p, _PC_ACL_NFS4);
+	if (retval > 0)
+		acltype = ACL_TYPE_NFS4;
+
+	acl = acl_get(path_p, acltype);
+	if (acl == NULL)
+		return (-1);
+
+	retval = acl_is_trivial_np(acl, &istrivial);
+	acl_free(acl);
+	if (retval == -1)
+		return (-1);
+
+	return (!istrivial);
+}

sys/sys/acl.h

@@ -379,9 +379,12 @@ int	acl_delete_def_link_np(const char *_path_p);
 int	acl_delete_flag_np(acl_flagset_t _flagset_d, acl_flag_t _flag);
 int	acl_delete_perm(acl_permset_t _permset_d, acl_perm_t _perm);
 acl_t	acl_dup(acl_t _acl);
-int	acl_equiv_mode_np(acl_t acl, mode_t *mode_p);
+int	acl_equiv_mode_np(acl_t _acl, mode_t *_mode_p);
+int	acl_extended_file_np(const char* _path_p);
+int	acl_extended_file_nofollow_np(const char* _path_p);
+int	acl_extended_link_np(const char* _path_p);
 int	acl_free(void *_obj_p);
-acl_t	acl_from_mode_np(const mode_t mode);
+acl_t	acl_from_mode_np(const mode_t _mode);
 acl_t	acl_from_text(const char *_buf_p);
 int	acl_get_brand_np(acl_t _acl, int *_brand_p);
 int	acl_get_entry(acl_t _acl, int _entry_id, acl_entry_t *_entry_p);