1258945Sroberto/*
2258945Sroberto * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
3258945Sroberto * Copyright (C) 2000, 2001  Internet Software Consortium.
4258945Sroberto *
5258945Sroberto * Permission to use, copy, modify, and/or distribute this software for any
6258945Sroberto * purpose with or without fee is hereby granted, provided that the above
7258945Sroberto * copyright notice and this permission notice appear in all copies.
8258945Sroberto *
9258945Sroberto * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10258945Sroberto * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11258945Sroberto * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12258945Sroberto * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13258945Sroberto * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14258945Sroberto * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15258945Sroberto * PERFORMANCE OF THIS SOFTWARE.
16258945Sroberto */
17258945Sroberto
18258945Sroberto/* $Id: fsaccess.c,v 1.10 2007/06/19 23:47:17 tbox Exp $ */
19258945Sroberto
20258945Sroberto/*! \file
21258945Sroberto * \brief
22258945Sroberto * This file contains the OS-independent functionality of the API.
23258945Sroberto */
24258945Sroberto#include <isc/fsaccess.h>
25258945Sroberto#include <isc/result.h>
26258945Sroberto#include <isc/util.h>
27258945Sroberto
28258945Sroberto/*!
29258945Sroberto * Shorthand.  Maybe ISC__FSACCESS_PERMISSIONBITS should not even be in
30258945Sroberto * <isc/fsaccess.h>.  Could check consistency with sizeof(isc_fsaccess_t)
31258945Sroberto * and the number of bits in each function.
32258945Sroberto */
33258945Sroberto#define STEP		(ISC__FSACCESS_PERMISSIONBITS)
34258945Sroberto#define GROUP		(STEP)
35258945Sroberto#define OTHER		(STEP * 2)
36258945Sroberto
37258945Srobertovoid
38258945Srobertoisc_fsaccess_add(int trustee, int permission, isc_fsaccess_t *access) {
39258945Sroberto	REQUIRE(trustee <= 0x7);
40258945Sroberto	REQUIRE(permission <= 0xFF);
41258945Sroberto
42258945Sroberto	if ((trustee & ISC_FSACCESS_OWNER) != 0)
43258945Sroberto		*access |= permission;
44258945Sroberto
45258945Sroberto	if ((trustee & ISC_FSACCESS_GROUP) != 0)
46258945Sroberto		*access |= (permission << GROUP);
47258945Sroberto
48258945Sroberto	if ((trustee & ISC_FSACCESS_OTHER) != 0)
49258945Sroberto		*access |= (permission << OTHER);
50258945Sroberto}
51258945Sroberto
52258945Srobertovoid
53258945Srobertoisc_fsaccess_remove(int trustee, int permission, isc_fsaccess_t *access) {
54258945Sroberto	REQUIRE(trustee <= 0x7);
55258945Sroberto	REQUIRE(permission <= 0xFF);
56258945Sroberto
57258945Sroberto
58258945Sroberto	if ((trustee & ISC_FSACCESS_OWNER) != 0)
59258945Sroberto		*access &= ~permission;
60258945Sroberto
61258945Sroberto	if ((trustee & ISC_FSACCESS_GROUP) != 0)
62258945Sroberto		*access &= ~(permission << GROUP);
63258945Sroberto
64258945Sroberto	if ((trustee & ISC_FSACCESS_OTHER) != 0)
65258945Sroberto		*access &= ~(permission << OTHER);
66258945Sroberto}
67258945Sroberto
68258945Srobertostatic isc_result_t
69258945Srobertocheck_bad_bits(isc_fsaccess_t access, isc_boolean_t is_dir) {
70258945Sroberto	isc_fsaccess_t bits;
71258945Sroberto
72258945Sroberto	/*
73258945Sroberto	 * Check for disallowed user bits.
74258945Sroberto	 */
75258945Sroberto	if (is_dir)
76258945Sroberto		bits = ISC_FSACCESS_READ |
77258945Sroberto		       ISC_FSACCESS_WRITE |
78258945Sroberto		       ISC_FSACCESS_EXECUTE;
79258945Sroberto	else
80258945Sroberto		bits = ISC_FSACCESS_CREATECHILD |
81258945Sroberto		       ISC_FSACCESS_ACCESSCHILD |
82258945Sroberto		       ISC_FSACCESS_DELETECHILD |
83258945Sroberto		       ISC_FSACCESS_LISTDIRECTORY;
84258945Sroberto
85258945Sroberto	/*
86258945Sroberto	 * Set group bad bits.
87258945Sroberto	 */
88258945Sroberto	bits |= bits << STEP;
89258945Sroberto	/*
90258945Sroberto	 * Set other bad bits.
91258945Sroberto	 */
92258945Sroberto	bits |= bits << STEP;
93258945Sroberto
94258945Sroberto	if ((access & bits) != 0) {
95258945Sroberto		if (is_dir)
96258945Sroberto			return (ISC_R_NOTFILE);
97258945Sroberto		else
98258945Sroberto			return (ISC_R_NOTDIRECTORY);
99258945Sroberto	}
100258945Sroberto
101258945Sroberto	return (ISC_R_SUCCESS);
102258945Sroberto}
103