From 14721edabe737684cc2e18d6e3147bb5c60f18d1 Mon Sep 17 00:00:00 2001 From: "Chris D. Faulhaber" Date: Mon, 19 Mar 2001 03:19:51 +0000 Subject: [PATCH] Add the following POSIX 1003.1e functions and man pages: o acl_calc_mask(): calculates the ACL mask entry associated with the given ACL. o acl_delete_entry(): remove a specified ACL entry from the given ACL. Approved by: rwatson --- lib/libc/posix1e/Makefile | 6 +- lib/libc/posix1e/acl_calc_mask.3 | 98 +++++++++++++++++++++++ lib/libc/posix1e/acl_calc_mask.c | 119 ++++++++++++++++++++++++++++ lib/libc/posix1e/acl_delete_entry.3 | 90 +++++++++++++++++++++ lib/libc/posix1e/acl_delete_entry.c | 63 +++++++++++++++ lib/libposix1e/Makefile | 6 +- lib/libposix1e/acl_calc_mask.3 | 98 +++++++++++++++++++++++ lib/libposix1e/acl_calc_mask.c | 119 ++++++++++++++++++++++++++++ lib/libposix1e/acl_delete_entry.3 | 90 +++++++++++++++++++++ lib/libposix1e/acl_delete_entry.c | 63 +++++++++++++++ sys/sys/acl.h | 2 + 11 files changed, 752 insertions(+), 2 deletions(-) create mode 100644 lib/libc/posix1e/acl_calc_mask.3 create mode 100644 lib/libc/posix1e/acl_calc_mask.c create mode 100644 lib/libc/posix1e/acl_delete_entry.3 create mode 100644 lib/libc/posix1e/acl_delete_entry.c create mode 100644 lib/libposix1e/acl_calc_mask.3 create mode 100644 lib/libposix1e/acl_calc_mask.c create mode 100644 lib/libposix1e/acl_delete_entry.3 create mode 100644 lib/libposix1e/acl_delete_entry.c diff --git a/lib/libc/posix1e/Makefile b/lib/libc/posix1e/Makefile index 3a1afd6f59ca..64fc668464d3 100644 --- a/lib/libc/posix1e/Makefile +++ b/lib/libc/posix1e/Makefile @@ -4,7 +4,9 @@ MAINTAINER= rwatson@FreeBSD.org LIB= posix1e SHLIB_MAJOR= 2 SHLIB_MINOR= 0 -SRCS+= acl_delete.c \ +SRCS+= acl_calc_mask.c \ + acl_delete.c \ + acl_delete_entry.c \ acl_free.c \ acl_from_text.c \ acl_get.c \ @@ -29,7 +31,9 @@ SRCS+= acl_delete.c \ MAN3= acl.3 \ + acl_calc_mask.3 \ acl_delete.3 \ + acl_delete_entry.3 \ acl_dup.3 \ acl_free.3 \ acl_from_text.3 \ diff --git a/lib/libc/posix1e/acl_calc_mask.3 b/lib/libc/posix1e/acl_calc_mask.3 new file mode 100644 index 000000000000..2e0486e85953 --- /dev/null +++ b/lib/libc/posix1e/acl_calc_mask.3 @@ -0,0 +1,98 @@ +.\"- +.\" Copyright (c) 2001 Chris D. Faulhaber +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd March 10, 2001 +.Dt ACL_CALC_MASK 3 +.Os +.Sh NAME +.Nm acl_calc_mask +.Nd Calculate and set ACL mask permissions +.Sh LIBRARY +.Lb libposix1e +.Sh SYNOPSIS +.Fd #include +.Fd #include +.Ft int +.Fn acl_calc_mask "acl_t *acl_p" +.Sh DESCRIPTION +.Fn acl_calc_mask +is a POSIX.1e call that calculates and set the permissions +associated with the ACL_MASK ACL entry of the ACL referred to by +.Ar acl_p . +.Pp +The value of new permissions are the union of the permissions +granted by the ACL_GROUP, ACL_GROUP_OBJ, ACL_USER tag types which +match processes in the file group class contained in the ACL +referred to by +.Ar acl_p . +.Pp +If the ACL referred to by +.Ar acl_p +already contains an ACL_MASK entry, its permissions shall be +overwritten; if it does not contain an ACL_MASK entry, one shall +be added. +.Sh RETURN VALUES +Upon successful completion, the function shall return a value of +.Va 0 . +Otherwise, a value of +.Va -1 +shall be returned, and +.Va errno +shall be set to indicate the error. +.Sh ERRORS +If the following condition occurs, the +.Fn acl_calc_mask +function shall return a value of +.Va -1 +and set +.Va errno +to the corresponding value: +.Bl -tag -width Er +.It Bq Er EINVAL +Argument +.Ar acl_p +does not point to a pointer to a valid ACL. +.El +.Sh SEE ALSO +.Xr acl 3 , +.Xr acl_get_entry 3 , +.Xr acl_valid 3 , +.Xr posix1e 3 +.Sh STANDARDS +POSIX.1e is described in IEEE POSIX.1e draft 17. +.Sh HISTORY +POSIX.1e support was introduced in +.Fx 4.0 . +The +.Fn acl_calc_mask +function was added in +.Fx 5.0 . +.Sh AUTHORS +The +.Fn acl_calc_mask +function was written by +.An Chris D. Faulhaber Aq jedgar@fxp.org . diff --git a/lib/libc/posix1e/acl_calc_mask.c b/lib/libc/posix1e/acl_calc_mask.c new file mode 100644 index 000000000000..ebacb024395a --- /dev/null +++ b/lib/libc/posix1e/acl_calc_mask.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2001 Chris D. Faulhaber + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include + +#include + +/* + * acl_calc_mask() calculates and set the permissions associated + * with the ACL_MASK ACL entry. If the ACL already contains an + * ACL_MASK entry, its permissions shall be overwritten; if not, + * one shall be added. + */ +int +acl_calc_mask(acl_t *acl_p) +{ + acl_t acl_new; + int group_obj, i, mask_mode, mask_num, other_obj, user_obj; + + /* check args */ + if (!acl_p || !*acl_p || ((*acl_p)->acl_cnt < 3) || + ((*acl_p)->acl_cnt > ACL_MAX_ENTRIES)) { + errno = EINVAL; + return -1; + } + + acl_new = acl_dup(*acl_p); + if (!acl_new) + return -1; + + user_obj = group_obj = other_obj = mask_mode = 0; + mask_num = -1; + + /* gather permissions and find a mask entry */ + for (i = 0; i < acl_new->acl_cnt; i++) { + switch(acl_new->acl_entry[i].ae_tag) { + case ACL_USER_OBJ: + user_obj++; + break; + case ACL_OTHER: + other_obj++; + break; + case ACL_GROUP_OBJ: + group_obj++; + /* FALLTHROUGH */ + case ACL_GROUP: + case ACL_USER: + mask_mode |= + acl_new->acl_entry[i].ae_perm & ACL_PERM_BITS; + break; + case ACL_MASK: + mask_num = i; + break; + default: + errno = EINVAL; + acl_free(acl_new); + return -1; + /* NOTREACHED */ + } + } + if ((user_obj != 1) || (group_obj != 1) || (other_obj != 1)) { + errno = EINVAL; + acl_free(acl_new); + return -1; + } + /* if a mask entry already exists, overwrite the perms */ + if (mask_num != -1) { + acl_new->acl_entry[mask_num].ae_perm = mask_mode; + } else { + /* if no mask exists, check acl_cnt... */ + if (acl_new->acl_cnt == ACL_MAX_ENTRIES) { + errno = EINVAL; + acl_free(acl_new); + return -1; + } + /* ...and add the mask entry */ + acl_new->acl_entry[acl_new->acl_cnt].ae_tag = ACL_MASK; + acl_new->acl_entry[acl_new->acl_cnt].ae_id = 0; + acl_new->acl_entry[acl_new->acl_cnt].ae_perm = mask_mode; + acl_new->acl_cnt++; + } + + if (acl_valid(acl_new) == -1) { + errno = EINVAL; + acl_free(acl_new); + return -1; + } + + **acl_p = *acl_new; + acl_free(acl_new); + + return 0; +} diff --git a/lib/libc/posix1e/acl_delete_entry.3 b/lib/libc/posix1e/acl_delete_entry.3 new file mode 100644 index 000000000000..256498c371ac --- /dev/null +++ b/lib/libc/posix1e/acl_delete_entry.3 @@ -0,0 +1,90 @@ +.\"- +.\" Copyright (c) 2001 Chris D. Faulhaber +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd March 10, 2001 +.Dt ACL_DELETE_ENTRY 3 +.Os +.Sh NAME +.Nm acl_delete_entry +.Nd Delete an ACL entry from an ACL +.Sh LIBRARY +.Lb libposix1e +.Sh SYNOPSIS +.Fd #include +.Fd #include +.Ft int +.Fn acl_delete_entry "acl_t acl" "acl_entry_t entry_d" +.Sh DESCRIPTION +.Fn acl_delete_entry +is a POSIX.1e call that removes the ACL entry +.Ar entry_d +from ACL +.Ar acl . +.Sh RETURN VALUES +Upon successful completion, the function shall return a value of +.Va 0 . +Otherwise, a value of +.Va -1 +shall be returned, and +.Va errno +shall be set to indicate the error. +.Sh ERRORS +If the following condition occurs, the +.Fn acl_delete_entry +function shall return a value of +.Va -1 +and set +.Va errno +to the corresponding value: +.Bl -tag -width Er +.It Bq Er EINVAL +Argument +.Ar acl +does not point to a valid ACL. Argument +.Ar entry_d +is not a valid descriptor for an ACL entry in +.Ar acl . +.El +.Sh SEE ALSO +.Xr acl 3 , +.Xr acl_copy_entry 3 , +.Xr acl_get_entry 3 , +.Xr posix1e 3 +.Sh STANDARDS +POSIX.1e is described in IEEE POSIX.1e draft 17. +.Sh HISTORY +POSIX.1e support was introduced in +.Fx 4.0 . +The +.Fn acl_delete_entry +function was added in +.Fx 5.0 . +.Sh AUTHORS +The +.Fn acl_delete_entry +function was written by +.An Chris D. Faulhaber Aq jedgar@fxp.org . diff --git a/lib/libc/posix1e/acl_delete_entry.c b/lib/libc/posix1e/acl_delete_entry.c new file mode 100644 index 000000000000..d1f25d280b6e --- /dev/null +++ b/lib/libc/posix1e/acl_delete_entry.c @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2001 Chris D. Faulhaber + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* acl_delete_entry() - delete an ACL entry from an ACL */ + +#include +#include +#include +#include + +int +acl_delete_entry(acl_t acl, acl_entry_t entry_d) +{ + int i; + + if (!acl || !entry_d || (acl->acl_cnt < 1) || + (acl->acl_cnt > ACL_MAX_ENTRIES)) { + errno = EINVAL; + return -1; + } + for (i = 0; i < acl->acl_cnt; i++) { + /* if this is our entry... */ + if ((acl->acl_entry[i].ae_tag == entry_d->ae_tag) && + (acl->acl_entry[i].ae_id == entry_d->ae_id)) { + /* ...shift the remaining entries... */ + while (i < acl->acl_cnt - 1) + acl->acl_entry[i] = acl->acl_entry[++i]; + /* ...drop the count and zero the unused entry... */ + acl->acl_cnt--; + bzero(&acl->acl_entry[i], sizeof(struct acl_entry)); + return 0; + } + } + + + errno = EINVAL; + return -1; +} diff --git a/lib/libposix1e/Makefile b/lib/libposix1e/Makefile index 3a1afd6f59ca..64fc668464d3 100644 --- a/lib/libposix1e/Makefile +++ b/lib/libposix1e/Makefile @@ -4,7 +4,9 @@ MAINTAINER= rwatson@FreeBSD.org LIB= posix1e SHLIB_MAJOR= 2 SHLIB_MINOR= 0 -SRCS+= acl_delete.c \ +SRCS+= acl_calc_mask.c \ + acl_delete.c \ + acl_delete_entry.c \ acl_free.c \ acl_from_text.c \ acl_get.c \ @@ -29,7 +31,9 @@ SRCS+= acl_delete.c \ MAN3= acl.3 \ + acl_calc_mask.3 \ acl_delete.3 \ + acl_delete_entry.3 \ acl_dup.3 \ acl_free.3 \ acl_from_text.3 \ diff --git a/lib/libposix1e/acl_calc_mask.3 b/lib/libposix1e/acl_calc_mask.3 new file mode 100644 index 000000000000..2e0486e85953 --- /dev/null +++ b/lib/libposix1e/acl_calc_mask.3 @@ -0,0 +1,98 @@ +.\"- +.\" Copyright (c) 2001 Chris D. Faulhaber +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd March 10, 2001 +.Dt ACL_CALC_MASK 3 +.Os +.Sh NAME +.Nm acl_calc_mask +.Nd Calculate and set ACL mask permissions +.Sh LIBRARY +.Lb libposix1e +.Sh SYNOPSIS +.Fd #include +.Fd #include +.Ft int +.Fn acl_calc_mask "acl_t *acl_p" +.Sh DESCRIPTION +.Fn acl_calc_mask +is a POSIX.1e call that calculates and set the permissions +associated with the ACL_MASK ACL entry of the ACL referred to by +.Ar acl_p . +.Pp +The value of new permissions are the union of the permissions +granted by the ACL_GROUP, ACL_GROUP_OBJ, ACL_USER tag types which +match processes in the file group class contained in the ACL +referred to by +.Ar acl_p . +.Pp +If the ACL referred to by +.Ar acl_p +already contains an ACL_MASK entry, its permissions shall be +overwritten; if it does not contain an ACL_MASK entry, one shall +be added. +.Sh RETURN VALUES +Upon successful completion, the function shall return a value of +.Va 0 . +Otherwise, a value of +.Va -1 +shall be returned, and +.Va errno +shall be set to indicate the error. +.Sh ERRORS +If the following condition occurs, the +.Fn acl_calc_mask +function shall return a value of +.Va -1 +and set +.Va errno +to the corresponding value: +.Bl -tag -width Er +.It Bq Er EINVAL +Argument +.Ar acl_p +does not point to a pointer to a valid ACL. +.El +.Sh SEE ALSO +.Xr acl 3 , +.Xr acl_get_entry 3 , +.Xr acl_valid 3 , +.Xr posix1e 3 +.Sh STANDARDS +POSIX.1e is described in IEEE POSIX.1e draft 17. +.Sh HISTORY +POSIX.1e support was introduced in +.Fx 4.0 . +The +.Fn acl_calc_mask +function was added in +.Fx 5.0 . +.Sh AUTHORS +The +.Fn acl_calc_mask +function was written by +.An Chris D. Faulhaber Aq jedgar@fxp.org . diff --git a/lib/libposix1e/acl_calc_mask.c b/lib/libposix1e/acl_calc_mask.c new file mode 100644 index 000000000000..ebacb024395a --- /dev/null +++ b/lib/libposix1e/acl_calc_mask.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2001 Chris D. Faulhaber + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include + +#include + +/* + * acl_calc_mask() calculates and set the permissions associated + * with the ACL_MASK ACL entry. If the ACL already contains an + * ACL_MASK entry, its permissions shall be overwritten; if not, + * one shall be added. + */ +int +acl_calc_mask(acl_t *acl_p) +{ + acl_t acl_new; + int group_obj, i, mask_mode, mask_num, other_obj, user_obj; + + /* check args */ + if (!acl_p || !*acl_p || ((*acl_p)->acl_cnt < 3) || + ((*acl_p)->acl_cnt > ACL_MAX_ENTRIES)) { + errno = EINVAL; + return -1; + } + + acl_new = acl_dup(*acl_p); + if (!acl_new) + return -1; + + user_obj = group_obj = other_obj = mask_mode = 0; + mask_num = -1; + + /* gather permissions and find a mask entry */ + for (i = 0; i < acl_new->acl_cnt; i++) { + switch(acl_new->acl_entry[i].ae_tag) { + case ACL_USER_OBJ: + user_obj++; + break; + case ACL_OTHER: + other_obj++; + break; + case ACL_GROUP_OBJ: + group_obj++; + /* FALLTHROUGH */ + case ACL_GROUP: + case ACL_USER: + mask_mode |= + acl_new->acl_entry[i].ae_perm & ACL_PERM_BITS; + break; + case ACL_MASK: + mask_num = i; + break; + default: + errno = EINVAL; + acl_free(acl_new); + return -1; + /* NOTREACHED */ + } + } + if ((user_obj != 1) || (group_obj != 1) || (other_obj != 1)) { + errno = EINVAL; + acl_free(acl_new); + return -1; + } + /* if a mask entry already exists, overwrite the perms */ + if (mask_num != -1) { + acl_new->acl_entry[mask_num].ae_perm = mask_mode; + } else { + /* if no mask exists, check acl_cnt... */ + if (acl_new->acl_cnt == ACL_MAX_ENTRIES) { + errno = EINVAL; + acl_free(acl_new); + return -1; + } + /* ...and add the mask entry */ + acl_new->acl_entry[acl_new->acl_cnt].ae_tag = ACL_MASK; + acl_new->acl_entry[acl_new->acl_cnt].ae_id = 0; + acl_new->acl_entry[acl_new->acl_cnt].ae_perm = mask_mode; + acl_new->acl_cnt++; + } + + if (acl_valid(acl_new) == -1) { + errno = EINVAL; + acl_free(acl_new); + return -1; + } + + **acl_p = *acl_new; + acl_free(acl_new); + + return 0; +} diff --git a/lib/libposix1e/acl_delete_entry.3 b/lib/libposix1e/acl_delete_entry.3 new file mode 100644 index 000000000000..256498c371ac --- /dev/null +++ b/lib/libposix1e/acl_delete_entry.3 @@ -0,0 +1,90 @@ +.\"- +.\" Copyright (c) 2001 Chris D. Faulhaber +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd March 10, 2001 +.Dt ACL_DELETE_ENTRY 3 +.Os +.Sh NAME +.Nm acl_delete_entry +.Nd Delete an ACL entry from an ACL +.Sh LIBRARY +.Lb libposix1e +.Sh SYNOPSIS +.Fd #include +.Fd #include +.Ft int +.Fn acl_delete_entry "acl_t acl" "acl_entry_t entry_d" +.Sh DESCRIPTION +.Fn acl_delete_entry +is a POSIX.1e call that removes the ACL entry +.Ar entry_d +from ACL +.Ar acl . +.Sh RETURN VALUES +Upon successful completion, the function shall return a value of +.Va 0 . +Otherwise, a value of +.Va -1 +shall be returned, and +.Va errno +shall be set to indicate the error. +.Sh ERRORS +If the following condition occurs, the +.Fn acl_delete_entry +function shall return a value of +.Va -1 +and set +.Va errno +to the corresponding value: +.Bl -tag -width Er +.It Bq Er EINVAL +Argument +.Ar acl +does not point to a valid ACL. Argument +.Ar entry_d +is not a valid descriptor for an ACL entry in +.Ar acl . +.El +.Sh SEE ALSO +.Xr acl 3 , +.Xr acl_copy_entry 3 , +.Xr acl_get_entry 3 , +.Xr posix1e 3 +.Sh STANDARDS +POSIX.1e is described in IEEE POSIX.1e draft 17. +.Sh HISTORY +POSIX.1e support was introduced in +.Fx 4.0 . +The +.Fn acl_delete_entry +function was added in +.Fx 5.0 . +.Sh AUTHORS +The +.Fn acl_delete_entry +function was written by +.An Chris D. Faulhaber Aq jedgar@fxp.org . diff --git a/lib/libposix1e/acl_delete_entry.c b/lib/libposix1e/acl_delete_entry.c new file mode 100644 index 000000000000..d1f25d280b6e --- /dev/null +++ b/lib/libposix1e/acl_delete_entry.c @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2001 Chris D. Faulhaber + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* acl_delete_entry() - delete an ACL entry from an ACL */ + +#include +#include +#include +#include + +int +acl_delete_entry(acl_t acl, acl_entry_t entry_d) +{ + int i; + + if (!acl || !entry_d || (acl->acl_cnt < 1) || + (acl->acl_cnt > ACL_MAX_ENTRIES)) { + errno = EINVAL; + return -1; + } + for (i = 0; i < acl->acl_cnt; i++) { + /* if this is our entry... */ + if ((acl->acl_entry[i].ae_tag == entry_d->ae_tag) && + (acl->acl_entry[i].ae_id == entry_d->ae_id)) { + /* ...shift the remaining entries... */ + while (i < acl->acl_cnt - 1) + acl->acl_entry[i] = acl->acl_entry[++i]; + /* ...drop the count and zero the unused entry... */ + acl->acl_cnt--; + bzero(&acl->acl_entry[i], sizeof(struct acl_entry)); + return 0; + } + } + + + errno = EINVAL; + return -1; +} diff --git a/sys/sys/acl.h b/sys/sys/acl.h index fdb623556c94..e5ba67cc0c2b 100644 --- a/sys/sys/acl.h +++ b/sys/sys/acl.h @@ -133,7 +133,9 @@ __END_DECLS * ACL type for different file systems (i.e., AFS). */ __BEGIN_DECLS +int acl_calc_mask(acl_t *acl_p); int acl_delete_fd_np(int _filedes, acl_type_t _type); +int acl_delete_entry(acl_t acl, acl_entry_t entry_d); int acl_delete_file_np(const char *_path_p, acl_type_t _type); int acl_delete_def_file(const char *_path_p); acl_t acl_dup(acl_t _acl);