1 /*- 2 * Copyright (c) 1999 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 *$FreeBSD: src/lib/libposix1e/acl_support.c,v 1.3 2000/01/26 04:19:37 rwatson Exp $ 27 *$DragonFly: src/lib/libposix1e/acl_support.c,v 1.3 2005/08/04 17:27:09 drhodus Exp $ 28 */ 29 /* 30 * Support functionality for the POSIX.1e ACL interface 31 * These calls are intended only to be called within the library. 32 */ 33 34 #include <sys/types.h> 35 #include <sys/acl.h> 36 #include <errno.h> 37 #include <grp.h> 38 #include <pwd.h> 39 #include <stdio.h> 40 #include <stdlib.h> 41 42 #include "acl_support.h" 43 44 #define ACL_STRING_PERM_WRITE 'w' 45 #define ACL_STRING_PERM_READ 'r' 46 #define ACL_STRING_PERM_EXEC 'x' 47 #define ACL_STRING_PERM_NONE '-' 48 49 /* 50 * acl_entry_compare -- compare two acl_entry structures to determine the 51 * order they should appear in. Used by acl_sort to sort ACL entries into 52 * the kernel-desired order -- i.e., the order useful for evaluation and 53 * O(n) validity checking. Beter to have an O(nlogn) sort in userland and 54 * an O(n) in kernel than to have both in kernel. 55 */ 56 typedef int (*compare)(const void *, const void *); 57 static int 58 acl_entry_compare(struct acl_entry *a, struct acl_entry *b) 59 { 60 /* 61 * First, sort between tags -- conveniently defined in the correct 62 * order for verification. 63 */ 64 if (a->ae_tag < b->ae_tag) 65 return (-1); 66 if (a->ae_tag > b->ae_tag) 67 return (1); 68 69 /* 70 * Next compare uids/gids on appropriate types. 71 */ 72 73 if (a->ae_tag == ACL_USER || a->ae_tag == ACL_GROUP) { 74 if (a->ae_id < b->ae_id) 75 return (-1); 76 if (a->ae_id > b->ae_id) 77 return (1); 78 79 /* shouldn't be equal, fall through to the invalid case */ 80 } 81 82 /* 83 * Don't know how to sort multiple entries of the rest--either it's 84 * a bad entry, or there shouldn't be more than one. Ignore and the 85 * validity checker can get it later. 86 */ 87 return (0); 88 } 89 90 /* 91 * acl_sort -- sort ACL entries. 92 * Give the opportunity to fail, althouh we don't currently have a way 93 * to fail. 94 */ 95 int 96 acl_sort(acl_t acl) 97 { 98 99 qsort(&acl->acl_entry[0], acl->acl_cnt, sizeof(struct acl_entry), 100 (compare) acl_entry_compare); 101 102 return (0); 103 } 104 105 /* 106 * acl_posix1e -- in what situations should we acl_sort before submission? 107 * We apply posix1e ACL semantics for any ACL of type ACL_TYPE_ACCESS or 108 * ACL_TYPE_DEFAULT 109 */ 110 int 111 acl_posix1e(acl_t acl, acl_type_t type) 112 { 113 114 return ((type == ACL_TYPE_ACCESS) || (type == ACL_TYPE_DEFAULT)); 115 } 116 117 /* 118 * acl_check -- given an ACL, check its validity. This is mirrored from 119 * code in sys/kern/kern_acl.c, and if changes are made in one, they should 120 * be made in the other also. This copy of acl_check is made available 121 * in userland for the benefit of processes wanting to check ACLs for 122 * validity before submitting them to the kernel, or for performing 123 * in userland file system checking. Needless to say, the kernel makes 124 * the real checks on calls to get/setacl. 125 * 126 * See the comments in kernel for explanation -- just briefly, it assumes 127 * an already sorted ACL, and checks based on that assumption. The 128 * POSIX.1e interface, acl_valid(), will perform the sort before calling 129 * this. Returns 0 on success, EINVAL on failure. 130 */ 131 int 132 acl_check(struct acl *acl) 133 { 134 struct acl_entry *entry; /* current entry */ 135 uid_t obj_uid=-1, obj_gid=-1, highest_uid=0, highest_gid=0; 136 int stage = ACL_USER_OBJ; 137 int i = 0; 138 int count_user_obj=0, count_user=0, count_group_obj=0, 139 count_group=0, count_mask=0, count_other=0; 140 141 /* printf("acl_check: checking acl with %d entries\n", acl->acl_cnt); */ 142 while (i < acl->acl_cnt) { 143 144 entry = &acl->acl_entry[i]; 145 146 if ((entry->ae_perm | ACL_PERM_BITS) != ACL_PERM_BITS) 147 return (EINVAL); 148 149 switch(entry->ae_tag) { 150 case ACL_USER_OBJ: 151 /* printf("acl_check: %d: ACL_USER_OBJ\n", i); */ 152 if (stage > ACL_USER_OBJ) 153 return (EINVAL); 154 stage = ACL_USER; 155 count_user_obj++; 156 obj_uid = entry->ae_id; 157 break; 158 159 case ACL_USER: 160 /* printf("acl_check: %d: ACL_USER\n", i); */ 161 if (stage > ACL_USER) 162 return (EINVAL); 163 stage = ACL_USER; 164 if (entry->ae_id == obj_uid) 165 return (EINVAL); 166 if (count_user && (entry->ae_id <= highest_uid)) 167 return (EINVAL); 168 highest_uid = entry->ae_id; 169 count_user++; 170 break; 171 172 case ACL_GROUP_OBJ: 173 /* printf("acl_check: %d: ACL_GROUP_OBJ\n", i); */ 174 if (stage > ACL_GROUP_OBJ) 175 return (EINVAL); 176 stage = ACL_GROUP; 177 count_group_obj++; 178 obj_gid = entry->ae_id; 179 break; 180 181 case ACL_GROUP: 182 /* printf("acl_check: %d: ACL_GROUP\n", i); */ 183 if (stage > ACL_GROUP) 184 return (EINVAL); 185 stage = ACL_GROUP; 186 if (entry->ae_id == obj_gid) 187 return (EINVAL); 188 if (count_group && (entry->ae_id <= highest_gid)) 189 return (EINVAL); 190 highest_gid = entry->ae_id; 191 count_group++; 192 break; 193 194 case ACL_MASK: 195 /* printf("acl_check: %d: ACL_MASK\n", i); */ 196 if (stage > ACL_MASK) 197 return (EINVAL); 198 stage = ACL_MASK; 199 count_mask++; 200 break; 201 202 case ACL_OTHER: 203 /* printf("acl_check: %d: ACL_OTHER\n", i); */ 204 if (stage > ACL_OTHER) 205 return (EINVAL); 206 stage = ACL_OTHER; 207 count_other++; 208 break; 209 210 default: 211 /* printf("acl_check: %d: INVALID\n", i); */ 212 return (EINVAL); 213 } 214 i++; 215 } 216 217 if (count_user_obj != 1) 218 return (EINVAL); 219 220 if (count_group_obj != 1) 221 return (EINVAL); 222 223 if (count_mask != 0 && count_mask != 1) 224 return (EINVAL); 225 226 if (count_other != 1) 227 return (EINVAL); 228 229 return (0); 230 } 231 232 233 /* 234 * Given a uid/gid, return a username/groupname for the text form of an ACL 235 * XXX NOT THREAD SAFE, RELIES ON GETPWUID, GETGRGID 236 * XXX USES *PW* AND *GR* WHICH ARE STATEFUL AND THEREFORE THIS ROUTINE 237 * MAY HAVE SIDE-EFFECTS 238 */ 239 int 240 acl_id_to_name(acl_tag_t tag, uid_t id, ssize_t buf_len, char *buf) 241 { 242 struct group *g; 243 struct passwd *p; 244 int i; 245 246 switch(tag) { 247 case ACL_USER: 248 p = getpwuid(id); 249 if (!p) 250 i = snprintf(buf, buf_len, "%d", id); 251 else 252 i = snprintf(buf, buf_len, "%s", p->pw_name); 253 254 if (i >= buf_len) { 255 errno = ENOMEM; 256 return (-1); 257 } 258 return (0); 259 260 case ACL_GROUP: 261 g = getgrgid(id); 262 if (!g) 263 i = snprintf(buf, buf_len, "%d", id); 264 else 265 i = snprintf(buf, buf_len, "%s", g->gr_name); 266 267 if (i >= buf_len) { 268 errno = ENOMEM; 269 return (-1); 270 } 271 return (0); 272 273 default: 274 return (EINVAL); 275 } 276 } 277 278 279 /* 280 * Given a username/groupname from a text form of an ACL, return the uid/gid 281 * XXX NOT THREAD SAFE, RELIES ON GETPWNAM, GETGRNAM 282 * XXX USES *PW* AND *GR* WHICH ARE STATEFUL AND THEREFORE THIS ROUTINE 283 * MAY HAVE SIDE-EFFECTS 284 * 285 * XXX currently doesn't deal correctly with a numeric uid being passed 286 * instead of a username. What is correct behavior here? Check chown. 287 */ 288 int 289 acl_name_to_id(acl_tag_t tag, char *name, uid_t *id) 290 { 291 struct group *g; 292 struct passwd *p; 293 294 switch(tag) { 295 case ACL_USER: 296 p = getpwnam(name); 297 if (!p) { 298 errno = EINVAL; 299 return (-1); 300 } 301 *id = p->pw_uid; 302 return (0); 303 304 case ACL_GROUP: 305 g = getgrnam(name); 306 if (g) { 307 errno = EINVAL; 308 return (-1); 309 } 310 *id = g->gr_gid; 311 return (0); 312 313 default: 314 return (EINVAL); 315 } 316 } 317 318 319 /* 320 * Given a right-shifted permission (i.e., direct ACL_PERM_* mask), fill 321 * in a string describing the permissions. 322 */ 323 int 324 acl_perm_to_string(acl_perm_t perm, ssize_t buf_len, char *buf) 325 { 326 327 if (buf_len < ACL_STRING_PERM_MAXSIZE + 1) { 328 errno = ENOMEM; 329 return (-1); 330 } 331 332 if ((perm | ACL_PERM_BITS) != ACL_PERM_BITS) { 333 errno = EINVAL; 334 return (-1); 335 } 336 337 buf[3] = 0; /* null terminate */ 338 339 if (perm & ACL_PERM_READ) 340 buf[0] = ACL_STRING_PERM_READ; 341 else 342 buf[0] = ACL_STRING_PERM_NONE; 343 344 if (perm & ACL_PERM_WRITE) 345 buf[1] = ACL_STRING_PERM_WRITE; 346 else 347 buf[1] = ACL_STRING_PERM_NONE; 348 349 if (perm & ACL_PERM_EXEC) 350 buf[2] = ACL_STRING_PERM_EXEC; 351 else 352 buf[2] = ACL_STRING_PERM_NONE; 353 354 return (0); 355 } 356 357 /* 358 * given a string, return a permission describing it 359 */ 360 int 361 acl_string_to_perm(char *string, acl_perm_t *perm) 362 { 363 acl_perm_t myperm = ACL_PERM_NONE; 364 char *ch; 365 366 ch = string; 367 while (*ch) { 368 switch(*ch) { 369 case ACL_STRING_PERM_READ: 370 myperm |= ACL_PERM_READ; 371 break; 372 case ACL_STRING_PERM_WRITE: 373 myperm |= ACL_PERM_WRITE; 374 break; 375 case ACL_STRING_PERM_EXEC: 376 myperm |= ACL_PERM_EXEC; 377 break; 378 case ACL_STRING_PERM_NONE: 379 break; 380 default: 381 return (EINVAL); 382 } 383 ch++; 384 } 385 386 *perm = myperm; 387 return (0); 388 } 389 390 /* 391 * Add an ACL entry without doing much checking, et al 392 */ 393 int 394 acl_add_entry(acl_t acl, acl_tag_t tag, uid_t id, acl_perm_t perm) 395 { 396 struct acl_entry *e; 397 398 if (acl->acl_cnt >= ACL_MAX_ENTRIES) { 399 errno = ENOMEM; 400 return (-1); 401 } 402 403 e = &(acl->acl_entry[acl->acl_cnt]); 404 e->ae_perm = perm; 405 e->ae_tag = tag; 406 e->ae_id = id; 407 acl->acl_cnt++; 408 409 return (0); 410 } 411