From d81d5b2f2c9cda96ad960aac3313b89b2769323e Mon Sep 17 00:00:00 2001 From: Gleb Popov Date: Tue, 19 Jan 2021 22:05:57 +0400 Subject: [PATCH] libc/posix1e: Add acl_equiv_mode_np() function. Reviewed by: kib, debdrup, gbe Approved by: kib Differential Revision: https://reviews.freebsd.org/D28255 --- lib/libc/posix1e/Makefile.inc | 2 + lib/libc/posix1e/Symbol.map | 1 + lib/libc/posix1e/acl_equiv_mode_np.3 | 95 +++++++++++++++++++++++++ lib/libc/posix1e/acl_equiv_mode_np.c | 101 +++++++++++++++++++++++++++ sys/sys/acl.h | 1 + 5 files changed, 200 insertions(+) create mode 100644 lib/libc/posix1e/acl_equiv_mode_np.3 create mode 100644 lib/libc/posix1e/acl_equiv_mode_np.c diff --git a/lib/libc/posix1e/Makefile.inc b/lib/libc/posix1e/Makefile.inc index de3fa17ab3c9..181e43026a6d 100644 --- a/lib/libc/posix1e/Makefile.inc +++ b/lib/libc/posix1e/Makefile.inc @@ -17,6 +17,7 @@ SRCS+= acl_branding.c \ acl_delete.c \ acl_delete_entry.c \ acl_entry.c \ + acl_equiv_mode_np.c \ acl_flag.c \ acl_free.c \ acl_from_mode_np.c \ @@ -56,6 +57,7 @@ MAN+= acl.3 \ acl_delete_flag_np.3 \ acl_delete_perm.3 \ acl_dup.3 \ + acl_equiv_mode_np.3 \ acl_free.3 \ acl_from_mode_np.3 \ acl_from_text.3 \ diff --git a/lib/libc/posix1e/Symbol.map b/lib/libc/posix1e/Symbol.map index a83d69e9a887..40098d42d13d 100644 --- a/lib/libc/posix1e/Symbol.map +++ b/lib/libc/posix1e/Symbol.map @@ -87,5 +87,6 @@ FBSD_1.1 { FBSD_1.7 { acl_cmp_np; + acl_equiv_mode_np; acl_from_mode_np; }; diff --git a/lib/libc/posix1e/acl_equiv_mode_np.3 b/lib/libc/posix1e/acl_equiv_mode_np.3 new file mode 100644 index 000000000000..33281e349fba --- /dev/null +++ b/lib/libc/posix1e/acl_equiv_mode_np.3 @@ -0,0 +1,95 @@ +.\"- +.\" Copyright (c) 2021 Gleb Popov +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd January 20, 2021 +.Dt ACL_EQUIV_MODE_NP 3 +.Os +.Sh NAME +.Nm acl_equiv_mode_np +.Nd check if ACL can be represented as UNIX permissions +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/types.h +.In sys/acl.h +.Ft int +.Fn acl_equiv_mode_np "acl_t acl" "mode_t* mode_p" +.Sh DESCRIPTION +The +.Fn acl_equiv_mode_np +function is a non-portable call which checks that entries contained in the +.Va acl +argument use only the ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER tag types, and that +permissions contained in these entries consist only of ACL_READ, ACL_WRITE and +ACL_EXECUTE. +If the check succeeds, the ACL can be represented as traditional UNIX +file permissions bits set. +.Pp +If +.Va mode_p +is not NULL and the check succeeds, the function fills the argument with a mode +value corresponding to permissions contained in the ACL. +.Sh RETURN VALUES +Upon successful completion, the function returns 0 if the ACL can be represented +as UNIX permissions and 1 if it is not possible. +Otherwise, a value +of +.Va -1 +is returned, and +.Va errno +is set to indicate the error. +.Sh ERRORS +If any of the following conditions occur, the +.Fn acl_equiv_mode_np +function returns a value of +.Va -1 +and set +.Va errno +to the corresponding value: +.Bl -tag -width Er +.It Bq Er EINVAL +Argument +.Fa acl +does not point to a valid ACL. +.El +.Sh SEE ALSO +.Xr acl 3 , +.Xr acl_from_mode_np 3 , +.Xr posix1e 3 +.Sh STANDARDS +POSIX.1e is described in IEEE POSIX.1e draft 17. +Discussion +of the draft continues on the cross-platform POSIX.1e implementation +mailing list. +To join this list, see the +.Fx +POSIX.1e implementation +page for more information. +.Sh HISTORY +POSIX.1e support was introduced in +.Fx 4.0 , +and development continues. +.Sh AUTHORS +.An Gleb Popov diff --git a/lib/libc/posix1e/acl_equiv_mode_np.c b/lib/libc/posix1e/acl_equiv_mode_np.c new file mode 100644 index 000000000000..a6dfb03bfc46 --- /dev/null +++ b/lib/libc/posix1e/acl_equiv_mode_np.c @@ -0,0 +1,101 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * + * Copyright (c) 2021 Gleb Popov + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* + * acl_equiv_mode_np: Check if an ACL can be represented as a mode_t. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include + +#include "acl_support.h" + +int +acl_equiv_mode_np(acl_t acl, mode_t *mode_p) +{ + mode_t ret_mode = 0; + + if (acl == NULL) { + errno = EINVAL; + return (-1); + } + + /* Linux returns 0 for ACL returned by acl_init() */ + if (_acl_brand(acl) == ACL_BRAND_UNKNOWN && acl->ats_acl.acl_cnt == 0) + return (0); + + // TODO: Do we want to handle ACL_BRAND_NFS4 in this function? */ + if (_acl_brand(acl) != ACL_BRAND_POSIX) + return (1); + + for (int cur_entry = 0; cur_entry < acl->ats_acl.acl_cnt; cur_entry++) { + acl_entry_t entry = &acl->ats_acl.acl_entry[cur_entry]; + + if ((entry->ae_perm & ACL_PERM_BITS) != entry->ae_perm) + return (1); + + switch (entry->ae_tag) { + case ACL_USER_OBJ: + if (entry->ae_perm & ACL_READ) + ret_mode |= S_IRUSR; + if (entry->ae_perm & ACL_WRITE) + ret_mode |= S_IWUSR; + if (entry->ae_perm & ACL_EXECUTE) + ret_mode |= S_IXUSR; + break; + case ACL_GROUP_OBJ: + if (entry->ae_perm & ACL_READ) + ret_mode |= S_IRGRP; + if (entry->ae_perm & ACL_WRITE) + ret_mode |= S_IWGRP; + if (entry->ae_perm & ACL_EXECUTE) + ret_mode |= S_IXGRP; + break; + case ACL_OTHER: + if (entry->ae_perm & ACL_READ) + ret_mode |= S_IROTH; + if (entry->ae_perm & ACL_WRITE) + ret_mode |= S_IWOTH; + if (entry->ae_perm & ACL_EXECUTE) + ret_mode |= S_IXOTH; + break; + default: + return (1); + } + } + + if (mode_p != NULL) + *mode_p = ret_mode; + + return (0); +} diff --git a/sys/sys/acl.h b/sys/sys/acl.h index bbf0987a75e4..7c81570739c6 100644 --- a/sys/sys/acl.h +++ b/sys/sys/acl.h @@ -379,6 +379,7 @@ int acl_delete_def_link_np(const char *_path_p); int acl_delete_flag_np(acl_flagset_t _flagset_d, acl_flag_t _flag); int acl_delete_perm(acl_permset_t _permset_d, acl_perm_t _perm); acl_t acl_dup(acl_t _acl); +int acl_equiv_mode_np(acl_t acl, mode_t *mode_p); int acl_free(void *_obj_p); acl_t acl_from_mode_np(const mode_t mode); acl_t acl_from_text(const char *_buf_p);