libc/posix1e: Add acl_equiv_mode_np() function.

Reviewed by: kib, debdrup, gbe Approved by: kib Differential Revision: https://reviews.freebsd.org/D28255
2021-01-19 22:05:57 +04:00 · 2021-01-19 22:05:57 +04:00 · d81d5b2f2c
commit d81d5b2f2c
parent 937f807a36
5 changed files with 200 additions and 0 deletions
--- a/lib/libc/posix1e/Makefile.inc
+++ b/lib/libc/posix1e/Makefile.inc
@ -17,6 +17,7 @@ SRCS+=	acl_branding.c			\
 	acl_delete.c			\
 	acl_delete_entry.c		\
 	acl_entry.c			\
+	acl_equiv_mode_np.c		\
 	acl_flag.c			\
 	acl_free.c			\
 	acl_from_mode_np.c		\
@ -56,6 +57,7 @@ MAN+=	acl.3				\
 	acl_delete_flag_np.3		\
 	acl_delete_perm.3		\
 	acl_dup.3			\
+	acl_equiv_mode_np.3		\
 	acl_free.3			\
 	acl_from_mode_np.3		\
 	acl_from_text.3			\
--- a/lib/libc/posix1e/Symbol.map
+++ b/lib/libc/posix1e/Symbol.map
@ -87,5 +87,6 @@ FBSD_1.1 {

 FBSD_1.7 {
 	acl_cmp_np;
+	acl_equiv_mode_np;
 	acl_from_mode_np;
 };
--- a/lib/libc/posix1e/acl_equiv_mode_np.3
+++ b/lib/libc/posix1e/acl_equiv_mode_np.3
@ -0,0 +1,95 @@
+.\"-
+.\" Copyright (c) 2021 Gleb Popov
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd January 20, 2021
+.Dt ACL_EQUIV_MODE_NP 3
+.Os
+.Sh NAME
+.Nm acl_equiv_mode_np
+.Nd check if ACL can be represented as UNIX permissions
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/types.h
+.In sys/acl.h
+.Ft int
+.Fn acl_equiv_mode_np "acl_t acl" "mode_t* mode_p"
+.Sh DESCRIPTION
+The
+.Fn acl_equiv_mode_np
+function is a non-portable call which checks that entries contained in the
+.Va acl
+argument use only the ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER tag types, and that
+permissions contained in these entries consist only of ACL_READ, ACL_WRITE and
+ACL_EXECUTE.
+If the check succeeds, the ACL can be represented as traditional UNIX
+file permissions bits set.
+.Pp
+If
+.Va mode_p
+is not NULL and the check succeeds, the function fills the argument with a mode
+value corresponding to permissions contained in the ACL.
+.Sh RETURN VALUES
+Upon successful completion, the function returns 0 if the ACL can be represented
+as UNIX permissions and 1 if it is not possible.
+Otherwise, a value
+of
+.Va -1
+is returned, and
+.Va errno
+is set to indicate the error.
+.Sh ERRORS
+If any of the following conditions occur, the
+.Fn acl_equiv_mode_np
+function returns a value of
+.Va -1
+and set
+.Va errno
+to the corresponding value:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+Argument
+.Fa acl
+does not point to a valid ACL.
+.El
+.Sh SEE ALSO
+.Xr acl 3 ,
+.Xr acl_from_mode_np 3 ,
+.Xr posix1e 3
+.Sh STANDARDS
+POSIX.1e is described in IEEE POSIX.1e draft 17.
+Discussion
+of the draft continues on the cross-platform POSIX.1e implementation
+mailing list.
+To join this list, see the
+.Fx
+POSIX.1e implementation
+page for more information.
+.Sh HISTORY
+POSIX.1e support was introduced in
+.Fx 4.0 ,
+and development continues.
+.Sh AUTHORS
+.An Gleb Popov
--- a/lib/libc/posix1e/acl_equiv_mode_np.c
+++ b/lib/libc/posix1e/acl_equiv_mode_np.c
@ -0,0 +1,101 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ *
+ * Copyright (c) 2021 Gleb Popov
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * acl_equiv_mode_np: Check if an ACL can be represented as a mode_t.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/errno.h>
+#include <sys/stat.h>
+#include <sys/acl.h>
+
+#include "acl_support.h"
+
+int
+acl_equiv_mode_np(acl_t acl, mode_t *mode_p)
+{
+	mode_t ret_mode = 0;
+
+	if (acl == NULL) {
+		errno = EINVAL;
+		return (-1);
+	}
+
+	/* Linux returns 0 for ACL returned by acl_init() */
+	if (_acl_brand(acl) == ACL_BRAND_UNKNOWN && acl->ats_acl.acl_cnt == 0)
+		return (0);
+
+	// TODO: Do we want to handle ACL_BRAND_NFS4 in this function? */
+	if (_acl_brand(acl) != ACL_BRAND_POSIX)
+		return (1);
+
+	for (int cur_entry = 0; cur_entry < acl->ats_acl.acl_cnt; cur_entry++) {
+		acl_entry_t entry = &acl->ats_acl.acl_entry[cur_entry];
+
+		if ((entry->ae_perm & ACL_PERM_BITS) != entry->ae_perm)
+			return (1);
+
+		switch (entry->ae_tag) {
+		case ACL_USER_OBJ:
+			if (entry->ae_perm & ACL_READ)
+				ret_mode |= S_IRUSR;
+			if (entry->ae_perm & ACL_WRITE)
+				ret_mode |= S_IWUSR;
+			if (entry->ae_perm & ACL_EXECUTE)
+				ret_mode |= S_IXUSR;
+			break;
+		case ACL_GROUP_OBJ:
+			if (entry->ae_perm & ACL_READ)
+				ret_mode |= S_IRGRP;
+			if (entry->ae_perm & ACL_WRITE)
+				ret_mode |= S_IWGRP;
+			if (entry->ae_perm & ACL_EXECUTE)
+				ret_mode |= S_IXGRP;
+			break;
+		case ACL_OTHER:
+			if (entry->ae_perm & ACL_READ)
+				ret_mode |= S_IROTH;
+			if (entry->ae_perm & ACL_WRITE)
+				ret_mode |= S_IWOTH;
+			if (entry->ae_perm & ACL_EXECUTE)
+				ret_mode |= S_IXOTH;
+			break;
+		default:
+			return (1);
+		}
+	}
+
+	if (mode_p != NULL)
+		*mode_p = ret_mode;
+
+	return (0);
+}
--- a/sys/sys/acl.h
+++ b/sys/sys/acl.h
@ -379,6 +379,7 @@ int	acl_delete_def_link_np(const char *_path_p);
 int	acl_delete_flag_np(acl_flagset_t _flagset_d, acl_flag_t _flag);
 int	acl_delete_perm(acl_permset_t _permset_d, acl_perm_t _perm);
 acl_t	acl_dup(acl_t _acl);
+int	acl_equiv_mode_np(acl_t acl, mode_t *mode_p);
 int	acl_free(void *_obj_p);
 acl_t	acl_from_mode_np(const mode_t mode);
 acl_t	acl_from_text(const char *_buf_p);