xref: /freebsd/lib/libc/posix1e/acl_support.c (revision 42249ef2) 
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 1999-2001, 2008 Robert N. M. Watson
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 /*
29  * Support functionality for the POSIX.1e ACL interface
30  * These calls are intended only to be called within the library.
31  */
32 
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
35 
36 #include <sys/types.h>
37 #include "namespace.h"
38 #include <sys/acl.h>
39 #include "un-namespace.h"
40 #include <errno.h>
41 #include <grp.h>
42 #include <pwd.h>
43 #include <stdio.h>
44 #include <stdlib.h>
45 #include <string.h>
46 #include <assert.h>
47 
48 #include "acl_support.h"
49 
50 #define ACL_STRING_PERM_WRITE   'w'
51 #define ACL_STRING_PERM_READ    'r'
52 #define ACL_STRING_PERM_EXEC    'x'
53 #define ACL_STRING_PERM_NONE    '-'
54 
55 /*
56  * Return 0, if both ACLs are identical.
57  */
58 int
59 _acl_differs(const acl_t a, const acl_t b)
60 {
61 	int i;
62 	struct acl_entry *entrya, *entryb;
63 
64 	assert(_acl_brand(a) == _acl_brand(b));
65 	assert(_acl_brand(a) != ACL_BRAND_UNKNOWN);
66 	assert(_acl_brand(b) != ACL_BRAND_UNKNOWN);
67 
68 	if (a->ats_acl.acl_cnt != b->ats_acl.acl_cnt)
69 		return (1);
70 
71 	for (i = 0; i < b->ats_acl.acl_cnt; i++) {
72 		entrya = &(a->ats_acl.acl_entry[i]);
73 		entryb = &(b->ats_acl.acl_entry[i]);
74 
75 		if (entrya->ae_tag != entryb->ae_tag ||
76 		    entrya->ae_id != entryb->ae_id ||
77 		    entrya->ae_perm != entryb->ae_perm ||
78 		    entrya->ae_entry_type != entryb->ae_entry_type ||
79 		    entrya->ae_flags != entryb->ae_flags)
80 			return (1);
81 	}
82 
83 	return (0);
84 }
85 
86 /*
87  * _posix1e_acl_entry_compare -- compare two acl_entry structures to
88  * determine the order they should appear in.  Used by _posix1e_acl_sort to
89  * sort ACL entries into the kernel-desired order -- i.e., the order useful
90  * for evaluation and O(n) validity checking.  Beter to have an O(nlogn) sort
91  * in userland and an O(n) in kernel than to have both in kernel.
92  */
93 typedef int (*compare)(const void *, const void *);
94 static int
95 _posix1e_acl_entry_compare(struct acl_entry *a, struct acl_entry *b)
96 {
97 
98 	assert(_entry_brand(a) == ACL_BRAND_POSIX);
99 	assert(_entry_brand(b) == ACL_BRAND_POSIX);
100 
101 	/*
102 	 * First, sort between tags -- conveniently defined in the correct
103 	 * order for verification.
104 	 */
105 	if (a->ae_tag < b->ae_tag)
106 		return (-1);
107 	if (a->ae_tag > b->ae_tag)
108 		return (1);
109 
110 	/*
111 	 * Next compare uids/gids on appropriate types.
112 	 */
113 
114 	if (a->ae_tag == ACL_USER || a->ae_tag == ACL_GROUP) {
115 		if (a->ae_id < b->ae_id)
116 			return (-1);
117 		if (a->ae_id > b->ae_id)
118 			return (1);
119 
120 		/* shouldn't be equal, fall through to the invalid case */
121 	}
122 
123 	/*
124 	 * Don't know how to sort multiple entries of the rest--either it's
125 	 * a bad entry, or there shouldn't be more than one.  Ignore and the
126 	 * validity checker can get it later.
127 	 */
128 	return (0);
129 }
130 
131 /*
132  * _posix1e_acl_sort -- sort ACL entries in POSIX.1e-formatted ACLs.
133  */
134 void
135 _posix1e_acl_sort(acl_t acl)
136 {
137 	struct acl *acl_int;
138 
139 	acl_int = &acl->ats_acl;
140 
141 	qsort(&acl_int->acl_entry[0], acl_int->acl_cnt,
142 	    sizeof(struct acl_entry), (compare) _posix1e_acl_entry_compare);
143 }
144 
145 /*
146  * acl_posix1e -- in what situations should we acl_sort before submission?
147  * We apply posix1e ACL semantics for any ACL of type ACL_TYPE_ACCESS or
148  * ACL_TYPE_DEFAULT
149  */
150 int
151 _posix1e_acl(acl_t acl, acl_type_t type)
152 {
153 
154 	if (_acl_brand(acl) != ACL_BRAND_POSIX)
155 		return (0);
156 
157 	return ((type == ACL_TYPE_ACCESS) || (type == ACL_TYPE_DEFAULT));
158 }
159 
160 /*
161  * _posix1e_acl_check -- given an ACL, check its validity.  This is mirrored
162  * from code in sys/kern/kern_acl.c, and if changes are made in one, they
163  * should be made in the other also.  This copy of acl_check is made
164  * available * in userland for the benefit of processes wanting to check ACLs
165  * for validity before submitting them to the kernel, or for performing
166  * in userland file system checking.  Needless to say, the kernel makes
167  * the real checks on calls to get/setacl.
168  *
169  * See the comments in kernel for explanation -- just briefly, it assumes
170  * an already sorted ACL, and checks based on that assumption.  The
171  * POSIX.1e interface, acl_valid(), will perform the sort before calling
172  * this.  Returns 0 on success, EINVAL on failure.
173  */
174 int
175 _posix1e_acl_check(acl_t acl)
176 {
177 	struct acl *acl_int;
178 	struct acl_entry	*entry; 	/* current entry */
179 	uid_t	highest_uid=0, highest_gid=0;
180 	int	stage = ACL_USER_OBJ;
181 	int	i = 0;
182 	int	count_user_obj=0, count_user=0, count_group_obj=0,
183 		count_group=0, count_mask=0, count_other=0;
184 
185 	acl_int = &acl->ats_acl;
186 
187 	/* printf("_posix1e_acl_check: checking acl with %d entries\n",
188 	    acl->acl_cnt); */
189 	while (i < acl_int->acl_cnt) {
190 		entry = &acl_int->acl_entry[i];
191 
192 		if ((entry->ae_perm | ACL_PERM_BITS) != ACL_PERM_BITS)
193 			return (EINVAL);
194 
195 		switch(entry->ae_tag) {
196 		case ACL_USER_OBJ:
197 			/* printf("_posix1e_acl_check: %d: ACL_USER_OBJ\n",
198 			    i); */
199 			if (stage > ACL_USER_OBJ)
200 				return (EINVAL);
201 			stage = ACL_USER;
202 			count_user_obj++;
203 			break;
204 
205 		case ACL_USER:
206 			/* printf("_posix1e_acl_check: %d: ACL_USER\n", i); */
207 			if (stage > ACL_USER)
208 				return (EINVAL);
209 			stage = ACL_USER;
210 			if (count_user && (entry->ae_id <= highest_uid))
211 				return (EINVAL);
212 			highest_uid = entry->ae_id;
213 			count_user++;
214 			break;
215 
216 		case ACL_GROUP_OBJ:
217 			/* printf("_posix1e_acl_check: %d: ACL_GROUP_OBJ\n",
218 			    i); */
219 			if (stage > ACL_GROUP_OBJ)
220 				return (EINVAL);
221 			stage = ACL_GROUP;
222 			count_group_obj++;
223 			break;
224 
225 		case ACL_GROUP:
226 			/* printf("_posix1e_acl_check: %d: ACL_GROUP\n", i); */
227 			if (stage > ACL_GROUP)
228 				return (EINVAL);
229 			stage = ACL_GROUP;
230 			if (count_group && (entry->ae_id <= highest_gid))
231 				return (EINVAL);
232 			highest_gid = entry->ae_id;
233 			count_group++;
234 			break;
235 
236 		case ACL_MASK:
237 			/* printf("_posix1e_acl_check: %d: ACL_MASK\n", i); */
238 			if (stage > ACL_MASK)
239 				return (EINVAL);
240 			stage = ACL_MASK;
241 			count_mask++;
242 			break;
243 
244 		case ACL_OTHER:
245 			/* printf("_posix1e_acl_check: %d: ACL_OTHER\n", i); */
246 			if (stage > ACL_OTHER)
247 				return (EINVAL);
248 			stage = ACL_OTHER;
249 			count_other++;
250 			break;
251 
252 		default:
253 			/* printf("_posix1e_acl_check: %d: INVALID\n", i); */
254 			return (EINVAL);
255 		}
256 		i++;
257 	}
258 
259 	if (count_user_obj != 1)
260 		return (EINVAL);
261 
262 	if (count_group_obj != 1)
263 		return (EINVAL);
264 
265 	if (count_mask != 0 && count_mask != 1)
266 		return (EINVAL);
267 
268 	if (count_other != 1)
269 		return (EINVAL);
270 
271 	return (0);
272 }
273 
274 /*
275  * Given a right-shifted permission (i.e., direct ACL_PERM_* mask), fill
276  * in a string describing the permissions.
277  */
278 int
279 _posix1e_acl_perm_to_string(acl_perm_t perm, ssize_t buf_len, char *buf)
280 {
281 
282 	if (buf_len < _POSIX1E_ACL_STRING_PERM_MAXSIZE + 1) {
283 		errno = ENOMEM;
284 		return (-1);
285 	}
286 
287 	if ((perm | ACL_PERM_BITS) != ACL_PERM_BITS) {
288 		errno = EINVAL;
289 		return (-1);
290 	}
291 
292 	buf[3] = 0;	/* null terminate */
293 
294 	if (perm & ACL_READ)
295 		buf[0] = ACL_STRING_PERM_READ;
296 	else
297 		buf[0] = ACL_STRING_PERM_NONE;
298 
299 	if (perm & ACL_WRITE)
300 		buf[1] = ACL_STRING_PERM_WRITE;
301 	else
302 		buf[1] = ACL_STRING_PERM_NONE;
303 
304 	if (perm & ACL_EXECUTE)
305 		buf[2] = ACL_STRING_PERM_EXEC;
306 	else
307 		buf[2] = ACL_STRING_PERM_NONE;
308 
309 	return (0);
310 }
311 
312 /*
313  * given a string, return a permission describing it
314  */
315 int
316 _posix1e_acl_string_to_perm(char *string, acl_perm_t *perm)
317 {
318 	acl_perm_t	myperm = ACL_PERM_NONE;
319 	char	*ch;
320 
321 	ch = string;
322 	while (*ch) {
323 		switch(*ch) {
324 		case ACL_STRING_PERM_READ:
325 			myperm |= ACL_READ;
326 			break;
327 		case ACL_STRING_PERM_WRITE:
328 			myperm |= ACL_WRITE;
329 			break;
330 		case ACL_STRING_PERM_EXEC:
331 			myperm |= ACL_EXECUTE;
332 			break;
333 		case ACL_STRING_PERM_NONE:
334 			break;
335 		default:
336 			return (EINVAL);
337 		}
338 		ch++;
339 	}
340 
341 	*perm = myperm;
342 	return (0);
343 }
344 
345 /*
346  * Add an ACL entry without doing much checking, et al
347  */
348 int
349 _posix1e_acl_add_entry(acl_t acl, acl_tag_t tag, uid_t id, acl_perm_t perm)
350 {
351 	struct acl		*acl_int;
352 	struct acl_entry	*e;
353 
354 	acl_int = &acl->ats_acl;
355 
356 	if (acl_int->acl_cnt >= ACL_MAX_ENTRIES) {
357 		errno = ENOMEM;
358 		return (-1);
359 	}
360 
361 	e = &(acl_int->acl_entry[acl_int->acl_cnt]);
362 	e->ae_perm = perm;
363 	e->ae_tag = tag;
364 	e->ae_id = id;
365 	acl_int->acl_cnt++;
366 
367 	return (0);
368 }
369 
370 /*
371  * Convert "old" type - ACL_TYPE_{ACCESS,DEFAULT}_OLD - into its "new"
372  * counterpart.  It's necessary for the old (pre-NFSv4 ACLs) binaries
373  * to work with new libc and kernel.  Fixing 'type' for old binaries with
374  * old libc and new kernel is being done by kern/vfs_acl.c:type_unold().
375  */
376 int
377 _acl_type_unold(acl_type_t type)
378 {
379 
380 	switch (type) {
381 	case ACL_TYPE_ACCESS_OLD:
382 		return (ACL_TYPE_ACCESS);
383 	case ACL_TYPE_DEFAULT_OLD:
384 		return (ACL_TYPE_DEFAULT);
385 	default:
386 		return (type);
387 	}
388 }
389 
390 char *
391 string_skip_whitespace(char *string)
392 {
393 
394 	while (*string && ((*string == ' ') || (*string == '\t')))
395 		string++;
396 
397 	return (string);
398 }
399 
400 void
401 string_trim_trailing_whitespace(char *string)
402 {
403 	char	*end;
404 
405 	if (*string == '\0')
406 		return;
407 
408 	end = string + strlen(string) - 1;
409 
410 	while (end != string) {
411 		if ((*end == ' ') || (*end == '\t')) {
412 			*end = '\0';
413 			end--;
414 		} else {
415 			return;
416 		}
417 	}
418 
419 	return;
420 }
421