19ddb49cbSWarner Losh /*- 242dcd869SChris D. Faulhaber * Copyright (c) 2001-2002 Chris D. Faulhaber 343960f15SRobert Watson * All rights reserved. 443960f15SRobert Watson * 543960f15SRobert Watson * Redistribution and use in source and binary forms, with or without 643960f15SRobert Watson * modification, are permitted provided that the following conditions 743960f15SRobert Watson * are met: 843960f15SRobert Watson * 1. Redistributions of source code must retain the above copyright 943960f15SRobert Watson * notice, this list of conditions and the following disclaimer. 1043960f15SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 1143960f15SRobert Watson * notice, this list of conditions and the following disclaimer in the 1243960f15SRobert Watson * documentation and/or other materials provided with the distribution. 1343960f15SRobert Watson * 1443960f15SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1543960f15SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1643960f15SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1743960f15SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE 1843960f15SRobert Watson * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 1943960f15SRobert Watson * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2043960f15SRobert Watson * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 2143960f15SRobert Watson * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 2243960f15SRobert Watson * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 2343960f15SRobert Watson * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2443960f15SRobert Watson * POSSIBILITY OF SUCH DAMAGE. 2543960f15SRobert Watson */ 2643960f15SRobert Watson 272749b141SDavid E. O'Brien #include <sys/cdefs.h> 282749b141SDavid E. O'Brien __FBSDID("$FreeBSD$"); 292749b141SDavid E. O'Brien 3043960f15SRobert Watson #include <sys/types.h> 3143960f15SRobert Watson #include <sys/acl.h> 3243960f15SRobert Watson #include <sys/stat.h> 3343960f15SRobert Watson 3443960f15SRobert Watson #include <err.h> 3543960f15SRobert Watson #include <errno.h> 3643960f15SRobert Watson #include <stdio.h> 3743960f15SRobert Watson #include <stdlib.h> 3843960f15SRobert Watson 3943960f15SRobert Watson #include "setfacl.h" 4043960f15SRobert Watson 4143960f15SRobert Watson /* set the appropriate mask the given ACL's */ 4243960f15SRobert Watson int 430f626307SChris D. Faulhaber set_acl_mask(acl_t *prev_acl) 4443960f15SRobert Watson { 4532e7fd59SChris D. Faulhaber acl_entry_t entry; 4643960f15SRobert Watson acl_t acl; 470f626307SChris D. Faulhaber acl_tag_t tag; 480f626307SChris D. Faulhaber int entry_id; 490f626307SChris D. Faulhaber 500f626307SChris D. Faulhaber entry = NULL; 5143960f15SRobert Watson 5243960f15SRobert Watson /* 5343960f15SRobert Watson * ... if a mask entry is specified, then the permissions of the mask 5443960f15SRobert Watson * entry in the resulting ACL shall be set to the permissions in the 5543960f15SRobert Watson * specified ACL mask entry. 5643960f15SRobert Watson */ 5743960f15SRobert Watson if (have_mask) 58a043a09dSChris D. Faulhaber return (0); 5943960f15SRobert Watson 600f626307SChris D. Faulhaber acl = acl_dup(*prev_acl); 61a043a09dSChris D. Faulhaber if (acl == NULL) 62a043a09dSChris D. Faulhaber err(1, "acl_dup() failed"); 6343960f15SRobert Watson 64a043a09dSChris D. Faulhaber if (n_flag == 0) { 6543960f15SRobert Watson /* 6643960f15SRobert Watson * If no mask entry is specified and the -n option is not 6743960f15SRobert Watson * specified, then the permissions of the resulting ACL mask 6843960f15SRobert Watson * entry shall be set to the union of the permissions 6943960f15SRobert Watson * associated with all entries which belong to the file group 7043960f15SRobert Watson * class in the resulting ACL 7143960f15SRobert Watson */ 7243960f15SRobert Watson if (acl_calc_mask(&acl)) { 7343960f15SRobert Watson warn("acl_calc_mask() failed"); 7443960f15SRobert Watson acl_free(acl); 75a043a09dSChris D. Faulhaber return (-1); 7643960f15SRobert Watson } 7743960f15SRobert Watson } else { 7843960f15SRobert Watson /* 7943960f15SRobert Watson * If no mask entry is specified and the -n option is 8043960f15SRobert Watson * specified, then the permissions of the resulting ACL 8143960f15SRobert Watson * mask entry shall remain unchanged ... 8243960f15SRobert Watson */ 830f626307SChris D. Faulhaber 840f626307SChris D. Faulhaber entry_id = ACL_FIRST_ENTRY; 850f626307SChris D. Faulhaber 860f626307SChris D. Faulhaber while (acl_get_entry(acl, entry_id, &entry) == 1) { 870f626307SChris D. Faulhaber entry_id = ACL_NEXT_ENTRY; 880f626307SChris D. Faulhaber if (acl_get_tag_type(entry, &tag) == -1) 890f626307SChris D. Faulhaber err(1, "acl_get_tag_type() failed"); 900f626307SChris D. Faulhaber 910f626307SChris D. Faulhaber if (tag == ACL_MASK) { 9243960f15SRobert Watson acl_free(acl); 93a043a09dSChris D. Faulhaber return (0); 9443960f15SRobert Watson } 950f626307SChris D. Faulhaber } 9643960f15SRobert Watson 9743960f15SRobert Watson /* 9843960f15SRobert Watson * If no mask entry is specified, the -n option is specified, 9943960f15SRobert Watson * and no ACL mask entry exists in the ACL associated with the 10043960f15SRobert Watson * file, then write an error message to standard error and 10143960f15SRobert Watson * continue with the next file. 10243960f15SRobert Watson */ 10343960f15SRobert Watson warnx("warning: no mask entry"); 10443960f15SRobert Watson acl_free(acl); 105a043a09dSChris D. Faulhaber return (0); 10643960f15SRobert Watson } 10743960f15SRobert Watson 10842dcd869SChris D. Faulhaber acl_free(*prev_acl); 10932e7fd59SChris D. Faulhaber *prev_acl = acl_dup(acl); 11043960f15SRobert Watson acl_free(acl); 11143960f15SRobert Watson 112a043a09dSChris D. Faulhaber return (0); 11343960f15SRobert Watson } 114