acl_support.c revision 74191
1/*- 2 * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD: head/lib/libc/posix1e/acl_support.c 74191 2001-03-13 02:31:32Z rwatson $ 27 */ 28/* 29 * Support functionality for the POSIX.1e ACL interface 30 * These calls are intended only to be called within the library. 31 */ 32 33#include <sys/types.h> 34#include <sys/acl.h> 35#include <errno.h> 36#include <grp.h> 37#include <pwd.h> 38#include <stdio.h> 39#include <stdlib.h> 40 41#include "acl_support.h" 42 43#define ACL_STRING_PERM_WRITE 'w' 44#define ACL_STRING_PERM_READ 'r' 45#define ACL_STRING_PERM_EXEC 'x' 46#define ACL_STRING_PERM_NONE '-' 47 48/* 49 * _posix1e_acl_entry_compare -- compare two acl_entry structures to 50 * determine the order they should appear in. Used by _posix1e_acl_sort to 51 * sort ACL entries into the kernel-desired order -- i.e., the order useful 52 * for evaluation and O(n) validity checking. Beter to have an O(nlogn) sort 53 * in userland and an O(n) in kernel than to have both in kernel. 54 */ 55typedef int (*compare)(const void *, const void *); 56static int 57_posix1e_acl_entry_compare(struct acl_entry *a, struct acl_entry *b) 58{ 59 /* 60 * First, sort between tags -- conveniently defined in the correct 61 * order for verification. 62 */ 63 if (a->ae_tag < b->ae_tag) 64 return (-1); 65 if (a->ae_tag > b->ae_tag) 66 return (1); 67 68 /* 69 * Next compare uids/gids on appropriate types. 70 */ 71 72 if (a->ae_tag == ACL_USER || a->ae_tag == ACL_GROUP) { 73 if (a->ae_id < b->ae_id) 74 return (-1); 75 if (a->ae_id > b->ae_id) 76 return (1); 77 78 /* shouldn't be equal, fall through to the invalid case */ 79 } 80 81 /* 82 * Don't know how to sort multiple entries of the rest--either it's 83 * a bad entry, or there shouldn't be more than one. Ignore and the 84 * validity checker can get it later. 85 */ 86 return (0); 87} 88 89/* 90 * _posix1e_acl_sort -- sort ACL entries in POSIX.1e-formatted ACLs 91 * Give the opportunity to fail, althouh we don't currently have a way 92 * to fail. 93 */ 94int 95_posix1e_acl_sort(acl_t acl) 96{ 97 98 qsort(&acl->acl_entry[0], acl->acl_cnt, sizeof(struct acl_entry), 99 (compare) _posix1e_acl_entry_compare); 100 101 return (0); 102} 103 104/* 105 * acl_posix1e -- in what situations should we acl_sort before submission? 106 * We apply posix1e ACL semantics for any ACL of type ACL_TYPE_ACCESS or 107 * ACL_TYPE_DEFAULT 108 */ 109int 110_posix1e_acl(acl_t acl, acl_type_t type) 111{ 112 113 return ((type == ACL_TYPE_ACCESS) || (type == ACL_TYPE_DEFAULT)); 114} 115 116/* 117 * _posix1e_acl_check -- given an ACL, check its validity. This is mirrored 118 * from code in sys/kern/kern_acl.c, and if changes are made in one, they 119 * should be made in the other also. This copy of acl_check is made 120 * available * in userland for the benefit of processes wanting to check ACLs 121 * for validity before submitting them to the kernel, or for performing 122 * in userland file system checking. Needless to say, the kernel makes 123 * the real checks on calls to get/setacl. 124 * 125 * See the comments in kernel for explanation -- just briefly, it assumes 126 * an already sorted ACL, and checks based on that assumption. The 127 * POSIX.1e interface, acl_valid(), will perform the sort before calling 128 * this. Returns 0 on success, EINVAL on failure. 129 */ 130int 131_posix1e_acl_check(struct acl *acl) 132{ 133 struct acl_entry *entry; /* current entry */ 134 uid_t obj_uid=-1, obj_gid=-1, highest_uid=0, highest_gid=0; 135 int stage = ACL_USER_OBJ; 136 int i = 0; 137 int count_user_obj=0, count_user=0, count_group_obj=0, 138 count_group=0, count_mask=0, count_other=0; 139 140 /* printf("_posix1e_acl_check: checking acl with %d entries\n", 141 acl->acl_cnt); */ 142 while (i < acl->acl_cnt) { 143 entry = &acl->acl_entry[i]; 144 145 if ((entry->ae_perm | ACL_PERM_BITS) != ACL_PERM_BITS) 146 return (EINVAL); 147 148 switch(entry->ae_tag) { 149 case ACL_USER_OBJ: 150 /* printf("_posix1e_acl_check: %d: ACL_USER_OBJ\n", 151 i); */ 152 if (stage > ACL_USER_OBJ) 153 return (EINVAL); 154 stage = ACL_USER; 155 count_user_obj++; 156 obj_uid = entry->ae_id; 157 break; 158 159 case ACL_USER: 160 /* printf("_posix1e_acl_check: %d: ACL_USER\n", i); */ 161 if (stage > ACL_USER) 162 return (EINVAL); 163 stage = ACL_USER; 164 if (entry->ae_id == obj_uid) 165 return (EINVAL); 166 if (count_user && (entry->ae_id <= highest_uid)) 167 return (EINVAL); 168 highest_uid = entry->ae_id; 169 count_user++; 170 break; 171 172 case ACL_GROUP_OBJ: 173 /* printf("_posix1e_acl_check: %d: ACL_GROUP_OBJ\n", 174 i); */ 175 if (stage > ACL_GROUP_OBJ) 176 return (EINVAL); 177 stage = ACL_GROUP; 178 count_group_obj++; 179 obj_gid = entry->ae_id; 180 break; 181 182 case ACL_GROUP: 183 /* printf("_posix1e_acl_check: %d: ACL_GROUP\n", i); */ 184 if (stage > ACL_GROUP) 185 return (EINVAL); 186 stage = ACL_GROUP; 187 if (entry->ae_id == obj_gid) 188 return (EINVAL); 189 if (count_group && (entry->ae_id <= highest_gid)) 190 return (EINVAL); 191 highest_gid = entry->ae_id; 192 count_group++; 193 break; 194 195 case ACL_MASK: 196 /* printf("_posix1e_acl_check: %d: ACL_MASK\n", i); */ 197 if (stage > ACL_MASK) 198 return (EINVAL); 199 stage = ACL_MASK; 200 count_mask++; 201 break; 202 203 case ACL_OTHER: 204 /* printf("_posix1e_acl_check: %d: ACL_OTHER\n", i); */ 205 if (stage > ACL_OTHER) 206 return (EINVAL); 207 stage = ACL_OTHER; 208 count_other++; 209 break; 210 211 default: 212 /* printf("_posix1e_acl_check: %d: INVALID\n", i); */ 213 return (EINVAL); 214 } 215 i++; 216 } 217 218 if (count_user_obj != 1) 219 return (EINVAL); 220 221 if (count_group_obj != 1) 222 return (EINVAL); 223 224 if (count_mask != 0 && count_mask != 1) 225 return (EINVAL); 226 227 if (count_other != 1) 228 return (EINVAL); 229 230 return (0); 231} 232 233 234/* 235 * Given a uid/gid, return a username/groupname for the text form of an ACL 236 * XXX NOT THREAD SAFE, RELIES ON GETPWUID, GETGRGID 237 * XXX USES *PW* AND *GR* WHICH ARE STATEFUL AND THEREFORE THIS ROUTINE 238 * MAY HAVE SIDE-EFFECTS 239 */ 240int 241_posix1e_acl_id_to_name(acl_tag_t tag, uid_t id, ssize_t buf_len, char *buf) 242{ 243 struct group *g; 244 struct passwd *p; 245 int i; 246 247 switch(tag) { 248 case ACL_USER: 249 p = getpwuid(id); 250 if (!p) 251 i = snprintf(buf, buf_len, "%d", id); 252 else 253 i = snprintf(buf, buf_len, "%s", p->pw_name); 254 255 if (i >= buf_len) { 256 errno = ENOMEM; 257 return (-1); 258 } 259 return (0); 260 261 case ACL_GROUP: 262 g = getgrgid(id); 263 if (!g) 264 i = snprintf(buf, buf_len, "%d", id); 265 else 266 i = snprintf(buf, buf_len, "%s", g->gr_name); 267 268 if (i >= buf_len) { 269 errno = ENOMEM; 270 return (-1); 271 } 272 return (0); 273 274 default: 275 return (EINVAL); 276 } 277} 278 279 280/* 281 * Given a username/groupname from a text form of an ACL, return the uid/gid 282 * XXX NOT THREAD SAFE, RELIES ON GETPWNAM, GETGRNAM 283 * XXX USES *PW* AND *GR* WHICH ARE STATEFUL AND THEREFORE THIS ROUTINE 284 * MAY HAVE SIDE-EFFECTS 285 * 286 * XXX currently doesn't deal correctly with a numeric uid being passed 287 * instead of a username. What is correct behavior here? Check chown. 288 */ 289int 290_posix1e_acl_name_to_id(acl_tag_t tag, char *name, uid_t *id) 291{ 292 struct group *g; 293 struct passwd *p; 294 unsigned long l; 295 char *endp; 296 297 switch(tag) { 298 case ACL_USER: 299 p = getpwnam(name); 300 if (p == NULL) { 301 l = strtoul(name, &endp, 0); 302 if (*endp != '\0' || l != (unsigned long)(uid_t)l) { 303 errno = EINVAL; 304 return (-1); 305 } 306 *id = (uid_t)l; 307 return (0); 308 } 309 *id = p->pw_uid; 310 return (0); 311 312 case ACL_GROUP: 313 g = getgrnam(name); 314 if (g == NULL) { 315 l = strtoul(name, &endp, 0); 316 if (*endp != '\0' || l != (unsigned long)(gid_t)l) { 317 errno = EINVAL; 318 return (-1); 319 } 320 *id = (gid_t)l; 321 return (0); 322 } 323 *id = g->gr_gid; 324 return (0); 325 326 default: 327 return (EINVAL); 328 } 329} 330 331 332/* 333 * Given a right-shifted permission (i.e., direct ACL_PERM_* mask), fill 334 * in a string describing the permissions. 335 */ 336int 337_posix1e_acl_perm_to_string(acl_perm_t perm, ssize_t buf_len, char *buf) 338{ 339 340 if (buf_len < _POSIX1E_ACL_STRING_PERM_MAXSIZE + 1) { 341 errno = ENOMEM; 342 return (-1); 343 } 344 345 if ((perm | ACL_PERM_BITS) != ACL_PERM_BITS) { 346 errno = EINVAL; 347 return (-1); 348 } 349 350 buf[3] = 0; /* null terminate */ 351 352 if (perm & ACL_PERM_READ) 353 buf[0] = ACL_STRING_PERM_READ; 354 else 355 buf[0] = ACL_STRING_PERM_NONE; 356 357 if (perm & ACL_PERM_WRITE) 358 buf[1] = ACL_STRING_PERM_WRITE; 359 else 360 buf[1] = ACL_STRING_PERM_NONE; 361 362 if (perm & ACL_PERM_EXEC) 363 buf[2] = ACL_STRING_PERM_EXEC; 364 else 365 buf[2] = ACL_STRING_PERM_NONE; 366 367 return (0); 368} 369 370/* 371 * given a string, return a permission describing it 372 */ 373int 374_posix1e_acl_string_to_perm(char *string, acl_perm_t *perm) 375{ 376 acl_perm_t myperm = ACL_PERM_NONE; 377 char *ch; 378 379 ch = string; 380 while (*ch) { 381 switch(*ch) { 382 case ACL_STRING_PERM_READ: 383 myperm |= ACL_PERM_READ; 384 break; 385 case ACL_STRING_PERM_WRITE: 386 myperm |= ACL_PERM_WRITE; 387 break; 388 case ACL_STRING_PERM_EXEC: 389 myperm |= ACL_PERM_EXEC; 390 break; 391 case ACL_STRING_PERM_NONE: 392 break; 393 default: 394 return (EINVAL); 395 } 396 ch++; 397 } 398 399 *perm = myperm; 400 return (0); 401} 402 403/* 404 * Add an ACL entry without doing much checking, et al 405 */ 406int 407_posix1e_acl_add_entry(acl_t acl, acl_tag_t tag, uid_t id, acl_perm_t perm) 408{ 409 struct acl_entry *e; 410 411 if (acl->acl_cnt >= ACL_MAX_ENTRIES) { 412 errno = ENOMEM; 413 return (-1); 414 } 415 416 e = &(acl->acl_entry[acl->acl_cnt]); 417 e->ae_perm = perm; 418 e->ae_tag = tag; 419 e->ae_id = id; 420 acl->acl_cnt++; 421 422 return (0); 423} 424