1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 1999-2001, 2008 Robert N. M. Watson
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28 /*
29 * Support functionality for the POSIX.1e ACL interface
30 * These calls are intended only to be called within the library.
31 */
32
33 #include <sys/cdefs.h>
34 #if 0
35 __FBSDID("$FreeBSD: head/lib/libc/posix1e/acl_support.c 326193 2017-11-25 17:12:48Z pfg $");
36 #else
37 __RCSID("$NetBSD: acl_support.c,v 1.1 2020/05/16 18:31:47 christos Exp $");
38 #endif
39
40 #include "namespace.h"
41 #include <sys/types.h>
42 #include <sys/acl.h>
43 #include <errno.h>
44 #include <grp.h>
45 #include <pwd.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #include <assert.h>
50
51 #include "acl_support.h"
52
53 #define ACL_STRING_PERM_WRITE 'w'
54 #define ACL_STRING_PERM_READ 'r'
55 #define ACL_STRING_PERM_EXEC 'x'
56 #define ACL_STRING_PERM_NONE '-'
57
58 /*
59 * Return 0, if both ACLs are identical.
60 */
61 int
_acl_differs(const acl_t a,const acl_t b)62 _acl_differs(const acl_t a, const acl_t b)
63 {
64 size_t i;
65 struct acl_entry *entrya, *entryb;
66
67 assert(_acl_brand(a) == _acl_brand(b));
68 assert(_acl_brand(a) != ACL_BRAND_UNKNOWN);
69 assert(_acl_brand(b) != ACL_BRAND_UNKNOWN);
70
71 if (a->ats_acl.acl_cnt != b->ats_acl.acl_cnt)
72 return (1);
73
74 for (i = 0; i < b->ats_acl.acl_cnt; i++) {
75 entrya = &(a->ats_acl.acl_entry[i]);
76 entryb = &(b->ats_acl.acl_entry[i]);
77
78 if (entrya->ae_tag != entryb->ae_tag ||
79 entrya->ae_id != entryb->ae_id ||
80 entrya->ae_perm != entryb->ae_perm ||
81 entrya->ae_entry_type != entryb->ae_entry_type ||
82 entrya->ae_flags != entryb->ae_flags)
83 return (1);
84 }
85
86 return (0);
87 }
88
89 /*
90 * _posix1e_acl_entry_compare -- compare two acl_entry structures to
91 * determine the order they should appear in. Used by _posix1e_acl_sort to
92 * sort ACL entries into the kernel-desired order -- i.e., the order useful
93 * for evaluation and O(n) validity checking. Beter to have an O(nlogn) sort
94 * in userland and an O(n) in kernel than to have both in kernel.
95 */
96 typedef int (*compare)(const void *, const void *);
97 static int
_posix1e_acl_entry_compare(struct acl_entry * a,struct acl_entry * b)98 _posix1e_acl_entry_compare(struct acl_entry *a, struct acl_entry *b)
99 {
100
101 assert(_entry_brand(a) == ACL_BRAND_POSIX);
102 assert(_entry_brand(b) == ACL_BRAND_POSIX);
103
104 /*
105 * First, sort between tags -- conveniently defined in the correct
106 * order for verification.
107 */
108 if (a->ae_tag < b->ae_tag)
109 return (-1);
110 if (a->ae_tag > b->ae_tag)
111 return (1);
112
113 /*
114 * Next compare uids/gids on appropriate types.
115 */
116
117 if (a->ae_tag == ACL_USER || a->ae_tag == ACL_GROUP) {
118 if (a->ae_id < b->ae_id)
119 return (-1);
120 if (a->ae_id > b->ae_id)
121 return (1);
122
123 /* shouldn't be equal, fall through to the invalid case */
124 }
125
126 /*
127 * Don't know how to sort multiple entries of the rest--either it's
128 * a bad entry, or there shouldn't be more than one. Ignore and the
129 * validity checker can get it later.
130 */
131 return (0);
132 }
133
134 /*
135 * _posix1e_acl_sort -- sort ACL entries in POSIX.1e-formatted ACLs.
136 */
137 void
_posix1e_acl_sort(acl_t acl)138 _posix1e_acl_sort(acl_t acl)
139 {
140 struct acl *acl_int;
141
142 acl_int = &acl->ats_acl;
143
144 qsort(&acl_int->acl_entry[0], acl_int->acl_cnt,
145 sizeof(struct acl_entry), (compare) _posix1e_acl_entry_compare);
146 }
147
148 /*
149 * acl_posix1e -- in what situations should we acl_sort before submission?
150 * We apply posix1e ACL semantics for any ACL of type ACL_TYPE_ACCESS or
151 * ACL_TYPE_DEFAULT
152 */
153 int
_posix1e_acl(acl_t acl,acl_type_t type)154 _posix1e_acl(acl_t acl, acl_type_t type)
155 {
156
157 if (_acl_brand(acl) != ACL_BRAND_POSIX)
158 return (0);
159
160 return ((type == ACL_TYPE_ACCESS) || (type == ACL_TYPE_DEFAULT));
161 }
162
163 /*
164 * _posix1e_acl_check -- given an ACL, check its validity. This is mirrored
165 * from code in sys/kern/kern_acl.c, and if changes are made in one, they
166 * should be made in the other also. This copy of acl_check is made
167 * available * in userland for the benefit of processes wanting to check ACLs
168 * for validity before submitting them to the kernel, or for performing
169 * in userland file system checking. Needless to say, the kernel makes
170 * the real checks on calls to get/setacl.
171 *
172 * See the comments in kernel for explanation -- just briefly, it assumes
173 * an already sorted ACL, and checks based on that assumption. The
174 * POSIX.1e interface, acl_valid(), will perform the sort before calling
175 * this. Returns 0 on success, EINVAL on failure.
176 */
177 int
_posix1e_acl_check(acl_t acl)178 _posix1e_acl_check(acl_t acl)
179 {
180 struct acl *acl_int;
181 struct acl_entry *entry; /* current entry */
182 uid_t highest_uid=0, highest_gid=0;
183 int stage = ACL_USER_OBJ;
184 size_t i = 0;
185 int count_user_obj=0, count_user=0, count_group_obj=0,
186 count_group=0, count_mask=0, count_other=0;
187
188 acl_int = &acl->ats_acl;
189
190 /* printf("_posix1e_acl_check: checking acl with %d entries\n",
191 acl->acl_cnt); */
192 while (i < acl_int->acl_cnt) {
193 entry = &acl_int->acl_entry[i];
194
195 if ((entry->ae_perm | ACL_PERM_BITS) != ACL_PERM_BITS)
196 return (EINVAL);
197
198 switch(entry->ae_tag) {
199 case ACL_USER_OBJ:
200 /* printf("_posix1e_acl_check: %d: ACL_USER_OBJ\n",
201 i); */
202 if (stage > ACL_USER_OBJ)
203 return (EINVAL);
204 stage = ACL_USER;
205 count_user_obj++;
206 break;
207
208 case ACL_USER:
209 /* printf("_posix1e_acl_check: %d: ACL_USER\n", i); */
210 if (stage > ACL_USER)
211 return (EINVAL);
212 stage = ACL_USER;
213 if (count_user && (entry->ae_id <= highest_uid))
214 return (EINVAL);
215 highest_uid = entry->ae_id;
216 count_user++;
217 break;
218
219 case ACL_GROUP_OBJ:
220 /* printf("_posix1e_acl_check: %d: ACL_GROUP_OBJ\n",
221 i); */
222 if (stage > ACL_GROUP_OBJ)
223 return (EINVAL);
224 stage = ACL_GROUP;
225 count_group_obj++;
226 break;
227
228 case ACL_GROUP:
229 /* printf("_posix1e_acl_check: %d: ACL_GROUP\n", i); */
230 if (stage > ACL_GROUP)
231 return (EINVAL);
232 stage = ACL_GROUP;
233 if (count_group && (entry->ae_id <= highest_gid))
234 return (EINVAL);
235 highest_gid = entry->ae_id;
236 count_group++;
237 break;
238
239 case ACL_MASK:
240 /* printf("_posix1e_acl_check: %d: ACL_MASK\n", i); */
241 if (stage > ACL_MASK)
242 return (EINVAL);
243 stage = ACL_MASK;
244 count_mask++;
245 break;
246
247 case ACL_OTHER:
248 /* printf("_posix1e_acl_check: %d: ACL_OTHER\n", i); */
249 if (stage > ACL_OTHER)
250 return (EINVAL);
251 stage = ACL_OTHER;
252 count_other++;
253 break;
254
255 default:
256 /* printf("_posix1e_acl_check: %d: INVALID\n", i); */
257 return (EINVAL);
258 }
259 i++;
260 }
261
262 if (count_user_obj != 1)
263 return (EINVAL);
264
265 if (count_group_obj != 1)
266 return (EINVAL);
267
268 if (count_mask != 0 && count_mask != 1)
269 return (EINVAL);
270
271 if (count_other != 1)
272 return (EINVAL);
273
274 return (0);
275 }
276
277 /*
278 * Given a right-shifted permission (i.e., direct ACL_PERM_* mask), fill
279 * in a string describing the permissions.
280 */
281 int
_posix1e_acl_perm_to_string(acl_perm_t perm,ssize_t buf_len,char * buf)282 _posix1e_acl_perm_to_string(acl_perm_t perm, ssize_t buf_len, char *buf)
283 {
284
285 if (buf_len < _POSIX1E_ACL_STRING_PERM_MAXSIZE + 1) {
286 errno = ENOMEM;
287 return (-1);
288 }
289
290 if ((perm | ACL_PERM_BITS) != ACL_PERM_BITS) {
291 errno = EINVAL;
292 return (-1);
293 }
294
295 buf[3] = 0; /* null terminate */
296
297 if (perm & ACL_READ)
298 buf[0] = ACL_STRING_PERM_READ;
299 else
300 buf[0] = ACL_STRING_PERM_NONE;
301
302 if (perm & ACL_WRITE)
303 buf[1] = ACL_STRING_PERM_WRITE;
304 else
305 buf[1] = ACL_STRING_PERM_NONE;
306
307 if (perm & ACL_EXECUTE)
308 buf[2] = ACL_STRING_PERM_EXEC;
309 else
310 buf[2] = ACL_STRING_PERM_NONE;
311
312 return (0);
313 }
314
315 /*
316 * given a string, return a permission describing it
317 */
318 int
_posix1e_acl_string_to_perm(char * string,acl_perm_t * perm)319 _posix1e_acl_string_to_perm(char *string, acl_perm_t *perm)
320 {
321 acl_perm_t myperm = ACL_PERM_NONE;
322 char *ch;
323
324 ch = string;
325 while (*ch) {
326 switch(*ch) {
327 case ACL_STRING_PERM_READ:
328 myperm |= ACL_READ;
329 break;
330 case ACL_STRING_PERM_WRITE:
331 myperm |= ACL_WRITE;
332 break;
333 case ACL_STRING_PERM_EXEC:
334 myperm |= ACL_EXECUTE;
335 break;
336 case ACL_STRING_PERM_NONE:
337 break;
338 default:
339 return (EINVAL);
340 }
341 ch++;
342 }
343
344 *perm = myperm;
345 return (0);
346 }
347
348 /*
349 * Add an ACL entry without doing much checking, et al
350 */
351 int
_posix1e_acl_add_entry(acl_t acl,acl_tag_t tag,uid_t id,acl_perm_t perm)352 _posix1e_acl_add_entry(acl_t acl, acl_tag_t tag, uid_t id, acl_perm_t perm)
353 {
354 struct acl *acl_int;
355 struct acl_entry *e;
356
357 acl_int = &acl->ats_acl;
358
359 if (acl_int->acl_cnt >= ACL_MAX_ENTRIES) {
360 errno = ENOMEM;
361 return (-1);
362 }
363
364 e = &(acl_int->acl_entry[acl_int->acl_cnt]);
365 e->ae_perm = perm;
366 e->ae_tag = tag;
367 e->ae_id = id;
368 acl_int->acl_cnt++;
369
370 return (0);
371 }
372
373 /*
374 * Convert "old" type - ACL_TYPE_{ACCESS,DEFAULT}_OLD - into its "new"
375 * counterpart. It's necessary for the old (pre-NFSv4 ACLs) binaries
376 * to work with new libc and kernel. Fixing 'type' for old binaries with
377 * old libc and new kernel is being done by kern/vfs_acl.c:type_unold().
378 */
379 int
_acl_type_unold(acl_type_t type)380 _acl_type_unold(acl_type_t type)
381 {
382
383 switch (type) {
384 case ACL_TYPE_ACCESS_OLD:
385 return (ACL_TYPE_ACCESS);
386 case ACL_TYPE_DEFAULT_OLD:
387 return (ACL_TYPE_DEFAULT);
388 default:
389 return (type);
390 }
391 }
392
393 char *
string_skip_whitespace(char * string)394 string_skip_whitespace(char *string)
395 {
396
397 while (*string && ((*string == ' ') || (*string == '\t')))
398 string++;
399
400 return (string);
401 }
402
403 void
string_trim_trailing_whitespace(char * string)404 string_trim_trailing_whitespace(char *string)
405 {
406 char *end;
407
408 if (*string == '\0')
409 return;
410
411 end = string + strlen(string) - 1;
412
413 while (end != string) {
414 if ((*end == ' ') || (*end == '\t')) {
415 *end = '\0';
416 end--;
417 } else {
418 return;
419 }
420 }
421
422 return;
423 }
424