xref: /illumos-gate/usr/src/cmd/filesync/acls.c (revision 7c478bd9)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright (c) 1995 Sun Microsystems, Inc.  All Rights Reserved
 *
 * module:
 *	acls.c
 *
 * purpose:
 * 	routines to manipulate access control lists, mapping between
 *	the data structures required by the filesystem ACL system calls
 *	and the representation used in our fileinfo structure.
 *
 */
#ident	"%W%	%E% SMI"

#include <stdio.h>
#include <stdlib.h>

#include "filesync.h"
#include "database.h"

#ifdef NO_ACLS
/*
 * Solaris 2.4 libc.so does not contain this entry point, so if we
 * want to build a 2.4 version of filesync, we need to provide a
 * dummy entry point that will fail when-ever it is called.
 */
#define	acl	bogus_acl

static int acl(const char *name, int opcode, int count, aclent_t *acls)
{
	return (-1);
}
#endif

/*
 * routine:
 *	get_acls
 *
 * purpose:
 *	to read the ACL (if any) from a file into a fileinfo structure
 *
 * parameters:
 *	name of file
 * 	pointer to fileinfo structure
 *
 * returns:
 *	number of ACL entries
 */
int
get_acls(const char *name, struct fileinfo *ip)
{	int count;
	int i;
	static aclent_t acls[MAX_ACL_ENTRIES];
	aclent_t *list;

	count = acl(name, GETACL, MAX_ACL_ENTRIES, acls);
	if (count <= 0)
		return (0);

	/* with a count of 3 or 4 there may not be any real ones */
	if (count > 4)
		goto gotsome;

	/* look for anything beyond the normal unix protection	*/
	for (i = 0; i < count; i++)
		switch (acls[i].a_type) {
			default:	/* weird types are real */
				goto gotsome;

			case USER_OBJ:
			case GROUP_OBJ:
			case OTHER_OBJ:
			case CLASS_OBJ:
				continue; /* all file have these */
		}

	return (0);	/* nothing interesting	*/

gotsome:
	/* allocate an array to hold the acls		*/
	list = (aclent_t *) malloc(count * sizeof (*list));
	if (list == 0)
		nomem("Access Control List");

	/* copy the acls into the new list		*/
	for (i = 0; i < count; i++) {
		list[i].a_type = acls[i].a_type;
		list[i].a_id = acls[i].a_id;
		list[i].a_perm = acls[i].a_perm;
	}

	ip->f_acls = list;
	ip->f_numacls = count;
	return (ip->f_numacls);
}

/*
 * routine:
 *	cmp_acls
 *
 * purpose:
 *	determine whether or not two ACLs are the same
 *
 * parameters:
 *	pointer to first fileinfo
 *	pointer to second fileinfo
 *
 * returns:
 *	true 	equal
 *	false	different
 */
int
cmp_acls(struct fileinfo *f1, struct fileinfo *f2)
{	int i;

	if (f1->f_numacls != f2->f_numacls)
		return (0);

	if (f1->f_numacls == 0)
		return (1);

	for (i = 0; i < f1->f_numacls; i++) {
		if (f1->f_acls[i].a_type != f2->f_acls[i].a_type)
			return (0);
		if (f1->f_acls[i].a_id != f2->f_acls[i].a_id)
			return (0);
		if (f1->f_acls[i].a_perm != f2->f_acls[i].a_perm)
			return (0);
	}

	return (1);
}

/*
 * routine:
 *	set_acls
 *
 * purpose:
 *	to write the ACL of a file
 *
 * parameters:
 *	name of file
 *	fileinfo pointer (which contains an acl pointer)
 *
 * returns:
 *	retcode and errno
 */
int
set_acls(const char *name, struct fileinfo *fp)
{	int rc;
	int nacl;
	aclent_t acls[4], *list;

	if (fp->f_numacls == 0) {
		/* fabricate a standard set of bogus ACLs */
		acls[0].a_type = USER_OBJ;
		acls[0].a_id = fp->f_uid;
		acls[0].a_perm = (fp->f_mode >> 6) & 7;

		acls[1].a_type = GROUP_OBJ;
		acls[1].a_id = fp->f_gid;
		acls[1].a_perm = (fp->f_mode >> 3) & 7;

		acls[2].a_type = CLASS_OBJ;
		acls[2].a_id = 0;
		acls[2].a_perm = (fp->f_mode >> 6) & 7;

		acls[3].a_type = OTHER_OBJ;
		acls[3].a_id = 0;
		acls[3].a_perm = fp->f_mode & 7;

		nacl = 4;
		list = acls;
	} else {
		nacl = fp->f_numacls;
		list = fp->f_acls;
	}

	rc = acl(name, SETACL, nacl, list);

	/* non-negative number mean success		*/
	if (rc < 0)
		return (rc);
	else
		return (0);
}

/*
 * routine:
 *	show_acls
 *
 * purpose:
 *	to map an acl into arguments for a setfacl command
 *
 * paramters:
 *	number of elements in list
 *	pointer to list
 *
 * returns:
 *	pointer to character buffer containing arguments
 */
char
*show_acls(int numacl, aclent_t *list)
{	int i, j;
	int type, perm, id;
	char *s;
	static char buf[ MAX_LINE ];

	s = buf;

	if (numacl > 0) {
		*s++ = '-';
		*s++ = 's';
		*s++ = ' ';
	} else {
		*s++ = '-';
		*s++ = 'd';
	}

	for (i = 0; i < numacl; i++) {
		type = list[i].a_type;
		id = list[i].a_id;
		perm = list[i].a_perm;

		if (i > 0)
			*s++ = ',';

		/* note whether this is per-file or default	*/
		if (type & ACL_DEFAULT) {
			*s++ = 'd';
			*s++ = ':';
		}

		/* print out the entry type			*/
		if (type & (USER_OBJ|USER)) {
			*s++ = 'u';
			*s++ = ':';
		} else if (type & (GROUP_OBJ|GROUP)) {
			*s++ = 'g';
			*s++ = ':';
		} else if (type & OTHER_OBJ) {
			*s++ = 'o';
			*s++ = ':';
		} else if (type & CLASS_OBJ) {
			*s++ = 'm';
			*s++ = ':';
		}

		/* print out the ID for this ACL		*/
		if (type & (USER_OBJ|GROUP_OBJ))
			*s++ = ':';
		else if (type & (USER|GROUP)) {
			for (j = 1; id/j > 10; j *= 10);

			while (j > 0) {
				*s++ = '0' + (id/j);
				id %= j*10;
				j /= 10;
			}

			*s++ = ':';
		}

		/* print out the permissions for this ACL	*/
		*s++ = (perm & 04) ? 'r' : '-';
		*s++ = (perm & 02) ? 'w' : '-';
		*s++ = (perm & 01) ? 'x' : '-';
	}

	*s = 0;
	return (buf);
}