1 /* @(#)acltext.c 1.16 16/02/08 2005-2016 J. Schilling from SMI */
2 #include <schily/mconfig.h>
3 #ifndef lint
4 static UConst char sccsid[] =
5 "@(#)acltext.c 1.16 16/02/08 2005-2016 J. Schilling from SMI";
6 #endif
7 /*
8 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
9 *
10 * The contents of this file are subject to the terms of the
11 * Common Development and Distribution License, Version 1.0 only.
12 * See the file CDDL.Sun.txt in this distribution or
13 * http://www.opensolaris.org/license/ for details.
14 */
15
16 #include <schily/mconfig.h>
17 #if defined(HAVE_SUN_ACL) && !defined(IS_CYGWIN)
18
19 #pragma ident "@(#)acltext.c 1.11 02/10/02 SMI"
20 /*LINTLIBRARY*/
21
22 #include <schily/grp.h>
23 #include <schily/pwd.h>
24 #include <schily/string.h>
25 #include <limits.h>
26 #include <schily/stdlib.h>
27 #include <schily/ctype.h>
28 #include <schily/errno.h>
29 #include <schily/param.h>
30 #include <schily/types.h>
31 #include <sys/acl.h>
32 #include <schily/schily.h>
33
34 /*
35 * acltotext() converts each ACL entry to look like this:
36 *
37 * entry_type:uid^gid^name:perms
38 *
39 * The maximum length of entry_type is 14 ("defaultgroup::" and
40 * "defaultother::") hence ENTRYTYPELEN is set to 14.
41 *
42 * The max length of a uid^gid^name entry (in theory) is 8, hence we use
43 * LOGNAME_MAX.
44 *
45 * The length of a perms entry is 4 to allow for the comma appended to each
46 * to each acl entry. Hence PERMS is set to 4.
47 */
48 /*
49 * Warning: LOGNAME_MAX is 8 but sizeof (struct utmpx.ut_user) is 32
50 * 8 is also not sufficient to hold a int32_t uid_t and we may even need
51 * it to be able to hold a int64_t uid_t which needs 20 chars.
52 */
53 #if LOGNAME_MAX < 32
54 #define _LOGNAME_MAX_ 32
55 #else
56 #define _LOGNAME_MAX_ LOGNAME_MAX
57 #endif
58
59 #define ENTRYTYPELEN 14
60 #define PERMS 4
61 #define ACL_ENTRY_SIZE (ENTRYTYPELEN + _LOGNAME_MAX_ + PERMS)
62
63 struct dynaclstr {
64 size_t bufsize; /* current size of aclexport */
65 char *aclexport;
66 };
67
68 static char *strappend(char *, char *);
69 static char *convert_perm(char *, o_mode_t);
70 static int increase_length(struct dynaclstr *, size_t);
71 static int isnumeric(char *);
72
73 #define FREE free(aclp);\
74 free(allocp)
75
76 /*
77 * Convert internal acl representation to external representation.
78 *
79 * The length of a non-owning user name or non-owning group name ie entries
80 * of type DEF_USER, USER, DEF_GROUP or GROUP, can exceed LOGNAME_MAX. We
81 * thus check the length of these entries, and if greater than LOGNAME_MAX,
82 * we realloc() via increase_length().
83 *
84 * The LOGNAME_MAX, ENTRYTYPELEN and PERMS limits are otherwise always
85 * adhered to.
86 */
87 char *
acltotext(aclent_t * aclp,int aclcnt)88 acltotext(aclent_t *aclp, int aclcnt)
89 {
90 char *aclexport;
91 char *where;
92 struct group *groupp;
93 struct passwd *passwdp;
94 struct dynaclstr *dstr;
95 int i, rtn;
96 size_t excess = 0;
97
98 if (aclp == NULL)
99 return (NULL);
100 if ((dstr = malloc(sizeof (struct dynaclstr))) == NULL)
101 return (NULL);
102 dstr->bufsize = aclcnt * ACL_ENTRY_SIZE;
103 if ((dstr->aclexport = malloc(dstr->bufsize)) == NULL) {
104 free(dstr);
105 return (NULL);
106 }
107 *dstr->aclexport = '\0';
108 where = dstr->aclexport;
109
110 for (i = 0; i < aclcnt; i++, aclp++) {
111 switch (aclp->a_type) {
112 case DEF_USER_OBJ:
113 case USER_OBJ:
114 if (aclp->a_type == USER_OBJ)
115 where = strappend(where, "user::");
116 else
117 where = strappend(where, "defaultuser::");
118 where = convert_perm(where, aclp->a_perm);
119 break;
120 case DEF_USER:
121 case USER:
122 if (aclp->a_type == USER)
123 where = strappend(where, "user:");
124 else
125 where = strappend(where, "defaultuser:");
126 passwdp = getpwuid(aclp->a_id);
127 if (passwdp == (struct passwd *)NULL) {
128 /* put in uid instead */
129 /* XXX better use %j and intmax_t */
130 (void) sprintf(where, "%lld",
131 (long long)aclp->a_id);
132 } else {
133 excess = strlen(passwdp->pw_name) -
134 _LOGNAME_MAX_;
135 if (excess > 0) {
136 rtn = increase_length(dstr, excess);
137 if (rtn == 1)
138 /* reset where */
139 where = dstr->aclexport +
140 strlen(dstr->aclexport);
141 else
142 return (NULL);
143 }
144 where = strappend(where, passwdp->pw_name);
145 }
146 where = strappend(where, ":");
147 where = convert_perm(where, aclp->a_perm);
148 break;
149 case DEF_GROUP_OBJ:
150 case GROUP_OBJ:
151 if (aclp->a_type == GROUP_OBJ)
152 where = strappend(where, "group::");
153 else
154 where = strappend(where, "defaultgroup::");
155 where = convert_perm(where, aclp->a_perm);
156 break;
157 case DEF_GROUP:
158 case GROUP:
159 if (aclp->a_type == GROUP)
160 where = strappend(where, "group:");
161 else
162 where = strappend(where, "defaultgroup:");
163 groupp = getgrgid(aclp->a_id);
164 if (groupp == (struct group *)NULL) {
165 /* put in gid instead */
166 /* XXX better use %j and intmax_t */
167 (void) sprintf(where, "%lld",
168 (long long)aclp->a_id);
169 } else {
170 excess = strlen(groupp->gr_name) -
171 _LOGNAME_MAX_;
172 if (excess > 0) {
173 rtn = increase_length(dstr, excess);
174 if (rtn == 1)
175 /* reset where */
176 where = dstr->aclexport +
177 strlen(dstr->aclexport);
178 else
179 return (NULL);
180 }
181 where = strappend(where, groupp->gr_name);
182 }
183 where = strappend(where, ":");
184 where = convert_perm(where, aclp->a_perm);
185 break;
186 case DEF_CLASS_OBJ:
187 case CLASS_OBJ:
188 if (aclp->a_type == CLASS_OBJ)
189 where = strappend(where, "mask:");
190 else
191 where = strappend(where, "defaultmask:");
192 where = convert_perm(where, aclp->a_perm);
193 break;
194 case DEF_OTHER_OBJ:
195 case OTHER_OBJ:
196 if (aclp->a_type == OTHER_OBJ)
197 where = strappend(where, "other:");
198 else
199 where = strappend(where, "defaultother:");
200 where = convert_perm(where, aclp->a_perm);
201 break;
202 default:
203 free(dstr->aclexport);
204 free(dstr);
205 return (NULL);
206
207 }
208 if (i < aclcnt - 1)
209 where = strappend(where, ",");
210 }
211 aclexport = dstr->aclexport;
212 free(dstr);
213 return (aclexport);
214 }
215
216 /*
217 * Convert external acl representation to internal representation.
218 * The accepted syntax is: <acl_entry>[,<acl_entry>]*[,]
219 * The comma at the end is not prescribed by the man pages.
220 * But it is needed not to break the old programs.
221 */
222 aclent_t *
aclfromtext(char * aclstr,int * aclcnt)223 aclfromtext(char *aclstr, int *aclcnt)
224 {
225 char *fieldp;
226 char *tp;
227 char *nextp;
228 char *allocp;
229 char *aclimport;
230 int entry_type;
231 int id;
232 int len;
233 o_mode_t perm;
234 aclent_t *tmpaclp;
235 aclent_t *aclp;
236 struct group *groupp;
237 struct passwd *passwdp;
238
239 *aclcnt = 0;
240 aclp = NULL;
241
242 if (! aclstr)
243 return (NULL);
244
245 len = strlen(aclstr);
246
247 if ((aclimport = allocp = strdup(aclstr)) == NULL) {
248 (void) fprintf(stderr, "malloc() failed\n");
249 return (NULL);
250 }
251
252 if (aclimport[len - 1] == ',')
253 aclimport[len - 1] = '\0';
254
255 for (; aclimport; ) {
256 /* make sure id is always set up */
257 id = -1;
258
259 /* look for an ACL entry */
260 tp = strchr(aclimport, ',');
261 if (tp == NULL) {
262 nextp = NULL;
263 } else {
264 *tp = '\0';
265 nextp = tp + 1;
266 }
267
268 *aclcnt += 1;
269
270 /*
271 * get additional memory:
272 * can be more efficient by allocating a bigger block
273 * each time.
274 */
275 if (*aclcnt > 1)
276 tmpaclp = (aclent_t *)realloc(aclp,
277 sizeof (aclent_t) * (*aclcnt));
278 else
279 tmpaclp = (aclent_t *)malloc(sizeof (aclent_t));
280 if (tmpaclp == NULL) {
281 free(allocp);
282 if (aclp)
283 free(aclp);
284 return (NULL);
285 }
286 aclp = tmpaclp;
287 tmpaclp = aclp + (*aclcnt - 1);
288
289 /* look for entry type field */
290 tp = strchr(aclimport, ':');
291 if (tp == NULL) {
292 FREE;
293 return (NULL);
294 } else
295 *tp = '\0';
296 if (strcmp(aclimport, "user") == 0) {
297 if (*(tp+1) == ':')
298 entry_type = USER_OBJ;
299 else
300 entry_type = USER;
301 } else if (strcmp(aclimport, "group") == 0) {
302 if (*(tp+1) == ':')
303 entry_type = GROUP_OBJ;
304 else
305 entry_type = GROUP;
306 } else if (strcmp(aclimport, "other") == 0)
307 entry_type = OTHER_OBJ;
308 else if (strcmp(aclimport, "mask") == 0)
309 entry_type = CLASS_OBJ;
310 else if (strcmp(aclimport, "defaultuser") == 0) {
311 if (*(tp+1) == ':')
312 entry_type = DEF_USER_OBJ;
313 else
314 entry_type = DEF_USER;
315 } else if (strcmp(aclimport, "defaultgroup") == 0) {
316 if (*(tp+1) == ':')
317 entry_type = DEF_GROUP_OBJ;
318 else
319 entry_type = DEF_GROUP;
320 } else if (strcmp(aclimport, "defaultmask") == 0)
321 entry_type = DEF_CLASS_OBJ;
322 else if (strcmp(aclimport, "defaultother") == 0)
323 entry_type = DEF_OTHER_OBJ;
324 else {
325 FREE;
326 return (NULL);
327 }
328
329 /* look for user/group name */
330 if (entry_type != CLASS_OBJ && entry_type != OTHER_OBJ &&
331 entry_type != DEF_CLASS_OBJ &&
332 entry_type != DEF_OTHER_OBJ) {
333 fieldp = tp + 1;
334 tp = strchr(fieldp, ':');
335 if (tp == NULL) {
336 FREE;
337 return (NULL);
338 } else
339 *tp = '\0';
340 if (fieldp != tp) {
341 /*
342 * The second field could be empty. We only care
343 * when the field has user/group name.
344 */
345 if (entry_type == USER ||
346 entry_type == DEF_USER) {
347 struct passwd pw;
348
349 /*
350 * The reentrant interface getpwnam_r()
351 * is uncommitted and subject to
352 * change. Use the friendlier interface
353 * getpwnam().
354 */
355 if (isnumeric(fieldp)) {
356 uid_t uid;
357
358
359 errno = 0;
360 uid = (uid_t)strtol(fieldp,
361 NULL, 10);
362 if (errno == 0) {
363 passwdp = &pw;
364 passwdp->pw_uid = uid;
365 } else {
366 passwdp = NULL;
367 }
368 } else {
369 passwdp = getpwnam(fieldp);
370 }
371 if (passwdp == NULL) {
372 (void) fprintf(stderr,
373 "user %s not found\n", fieldp);
374 id = UID_NOBODY; /* nobody */
375 } else {
376 id = passwdp->pw_uid;
377 }
378 } else if (entry_type == GROUP ||
379 entry_type == DEF_GROUP) {
380 struct group gr;
381
382 if (isnumeric(fieldp)) {
383 gid_t gid;
384
385 errno = 0;
386 gid = (gid_t)strtol(fieldp,
387 NULL, 10);
388 if (errno == 0) {
389 groupp = &gr;
390 groupp->gr_gid = gid;
391 } else {
392 groupp = NULL;
393 }
394 } else {
395 groupp = getgrnam(fieldp);
396 }
397 if (groupp == NULL) {
398 (void) fprintf(stderr,
399 "group %s not found\n",
400 fieldp);
401 /* no group? */
402 id = GID_NOBODY;
403 } else {
404 id = groupp->gr_gid;
405 }
406 } else {
407 (void) fprintf(stderr,
408 "acl import errors\n");
409 FREE;
410 return (NULL);
411 }
412 } else {
413 /*
414 * The second field is empty.
415 * Treat it as undefined (-1)
416 */
417 id = -1;
418 }
419 } else {
420 /*
421 * Let's not break the old applications
422 * that use mask::rwx, other::rwx format,
423 * though they violate the man pages.
424 */
425 if (*(tp + 1) == ':')
426 *++tp = 0;
427 }
428
429 /* next field: permission */
430 fieldp = tp + 1;
431 if (strlen(fieldp) != 3) {
432 /* not "rwx" format */
433 FREE;
434 return (NULL);
435 } else {
436 char s[] = "rwx";
437 int mask = 0x04;
438 int i;
439 perm = 0;
440
441 for (i = 0; i < 3; i++, mask /= 2) {
442 if (fieldp[i] == s[i])
443 perm |= mask;
444 else if (fieldp[i] != '-') {
445 FREE;
446 return (NULL);
447 }
448 }
449 }
450
451 tmpaclp->a_type = entry_type;
452 tmpaclp->a_id = id;
453 tmpaclp->a_perm = perm;
454 aclimport = nextp;
455 }
456 free(allocp);
457 return (aclp);
458 }
459
460 static char *
strappend(char * where,char * newstr)461 strappend(char *where, char *newstr)
462 {
463 (void) strcat(where, newstr);
464 return (where + strlen(newstr));
465 }
466
467 static char *
convert_perm(char * where,o_mode_t perm)468 convert_perm(char *where, o_mode_t perm)
469 {
470 if (perm & 04)
471 where = strappend(where, "r");
472 else
473 where = strappend(where, "-");
474 if (perm & 02)
475 where = strappend(where, "w");
476 else
477 where = strappend(where, "-");
478 if (perm & 01)
479 where = strappend(where, "x");
480 else
481 where = strappend(where, "-");
482 /* perm is the last field */
483 return (where);
484 }
485
486 /*
487 * Callers should check the return code as this routine may change the string
488 * pointer in dynaclstr.
489 */
490 static int
increase_length(struct dynaclstr * dacl,size_t increase)491 increase_length(struct dynaclstr *dacl, size_t increase)
492 {
493 char *tptr;
494 size_t newsize;
495
496 newsize = dacl->bufsize + increase;
497 tptr = realloc(dacl->aclexport, newsize);
498 if (tptr != NULL) {
499 dacl->aclexport = tptr;
500 dacl->bufsize = newsize;
501 return (1);
502 } else
503 return (0);
504 }
505
506 static int
isnumeric(char * p)507 isnumeric(char *p)
508 {
509 int c;
510
511 while ((c = *p++) != '\0') {
512 if (!isdigit(c))
513 return (0);
514 }
515 return (1);
516 }
517
518 #endif /* defined(HAVE_SUN_ACL) && !defined(IS_CYGWIN) */
519