Commit | Line | Data |
---|---|---|
ffdc270a PE |
1 | /* Internal implementation of access control lists. |
2 | ||
ba318903 | 3 | Copyright (C) 2002-2003, 2005-2014 Free Software Foundation, Inc. |
ffdc270a PE |
4 | |
5 | This program is free software: you can redistribute it and/or modify | |
6 | it under the terms of the GNU General Public License as published by | |
7 | the Free Software Foundation; either version 3 of the License, or | |
8 | (at your option) any later version. | |
9 | ||
10 | This program is distributed in the hope that it will be useful, | |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | GNU General Public License for more details. | |
14 | ||
15 | You should have received a copy of the GNU General Public License | |
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | |
17 | ||
18 | Written by Paul Eggert, Andreas Grünbacher, and Bruno Haible. */ | |
19 | ||
20 | #include "acl.h" | |
21 | ||
22 | #include <stdbool.h> | |
23 | #include <stdlib.h> | |
24 | ||
25 | /* All systems define the ACL related API in <sys/acl.h>. */ | |
26 | #if HAVE_SYS_ACL_H | |
27 | # include <sys/acl.h> | |
28 | #endif | |
29 | #if defined HAVE_FACL && ! defined GETACLCNT && defined ACL_CNT | |
30 | # define GETACLCNT ACL_CNT | |
31 | #endif | |
32 | ||
33 | /* On Linux, additional ACL related API is available in <acl/libacl.h>. */ | |
34 | #ifdef HAVE_ACL_LIBACL_H | |
35 | # include <acl/libacl.h> | |
36 | #endif | |
37 | ||
38 | /* On HP-UX >= 11.11, additional ACL API is available in <aclv.h>. */ | |
39 | #if HAVE_ACLV_H | |
40 | # include <sys/types.h> | |
41 | # include <aclv.h> | |
42 | /* HP-UX 11.11 lacks these declarations. */ | |
43 | extern int acl (char *, int, int, struct acl *); | |
44 | extern int aclsort (int, int, struct acl *); | |
45 | #endif | |
46 | ||
47 | #include <errno.h> | |
48 | ||
49 | #include <limits.h> | |
50 | #ifndef MIN | |
51 | # define MIN(a,b) ((a) < (b) ? (a) : (b)) | |
52 | #endif | |
53 | ||
54 | #ifndef SIZE_MAX | |
55 | # define SIZE_MAX ((size_t) -1) | |
56 | #endif | |
57 | ||
58 | #ifndef HAVE_FCHMOD | |
59 | # define HAVE_FCHMOD false | |
60 | # define fchmod(fd, mode) (-1) | |
61 | #endif | |
62 | ||
230fe2a5 PE |
63 | #ifndef _GL_INLINE_HEADER_BEGIN |
64 | #error "Please include config.h first." | |
65 | #endif | |
ffdc270a PE |
66 | _GL_INLINE_HEADER_BEGIN |
67 | #ifndef ACL_INTERNAL_INLINE | |
68 | # define ACL_INTERNAL_INLINE _GL_INLINE | |
69 | #endif | |
70 | ||
71 | #if USE_ACL | |
72 | ||
73 | # if HAVE_ACL_GET_FILE | |
74 | /* POSIX 1003.1e (draft 17 -- abandoned) specific version. */ | |
75 | /* Linux, FreeBSD, Mac OS X, IRIX, Tru64 */ | |
76 | ||
77 | # ifndef MIN_ACL_ENTRIES | |
78 | # define MIN_ACL_ENTRIES 4 | |
79 | # endif | |
80 | ||
81 | /* POSIX 1003.1e (draft 17) */ | |
82 | # ifdef HAVE_ACL_GET_FD | |
83 | /* Most platforms have a 1-argument acl_get_fd, only OSF/1 has a 2-argument | |
84 | macro(!). */ | |
85 | # if HAVE_ACL_FREE_TEXT /* OSF/1 */ | |
86 | ACL_INTERNAL_INLINE acl_t | |
87 | rpl_acl_get_fd (int fd) | |
88 | { | |
89 | return acl_get_fd (fd, ACL_TYPE_ACCESS); | |
90 | } | |
91 | # undef acl_get_fd | |
92 | # define acl_get_fd rpl_acl_get_fd | |
93 | # endif | |
94 | # else | |
95 | # define HAVE_ACL_GET_FD false | |
96 | # undef acl_get_fd | |
97 | # define acl_get_fd(fd) (NULL) | |
98 | # endif | |
99 | ||
100 | /* POSIX 1003.1e (draft 17) */ | |
101 | # ifdef HAVE_ACL_SET_FD | |
102 | /* Most platforms have a 2-argument acl_set_fd, only OSF/1 has a 3-argument | |
103 | macro(!). */ | |
104 | # if HAVE_ACL_FREE_TEXT /* OSF/1 */ | |
105 | ACL_INTERNAL_INLINE int | |
106 | rpl_acl_set_fd (int fd, acl_t acl) | |
107 | { | |
108 | return acl_set_fd (fd, ACL_TYPE_ACCESS, acl); | |
109 | } | |
110 | # undef acl_set_fd | |
111 | # define acl_set_fd rpl_acl_set_fd | |
112 | # endif | |
113 | # else | |
114 | # define HAVE_ACL_SET_FD false | |
115 | # undef acl_set_fd | |
116 | # define acl_set_fd(fd, acl) (-1) | |
117 | # endif | |
118 | ||
119 | /* POSIX 1003.1e (draft 13) */ | |
120 | # if ! HAVE_ACL_FREE_TEXT | |
121 | # define acl_free_text(buf) acl_free (buf) | |
122 | # endif | |
123 | ||
124 | /* Linux-specific */ | |
125 | # ifndef HAVE_ACL_EXTENDED_FILE | |
126 | # define HAVE_ACL_EXTENDED_FILE false | |
127 | # define acl_extended_file(name) (-1) | |
128 | # endif | |
129 | ||
130 | /* Linux-specific */ | |
131 | # ifndef HAVE_ACL_FROM_MODE | |
132 | # define HAVE_ACL_FROM_MODE false | |
133 | # define acl_from_mode(mode) (NULL) | |
134 | # endif | |
135 | ||
136 | /* Set to 1 if a file's mode is implicit by the ACL. | |
137 | Set to 0 if a file's mode is stored independently from the ACL. */ | |
138 | # if (HAVE_ACL_COPY_EXT_NATIVE && HAVE_ACL_CREATE_ENTRY_NP) || defined __sgi /* Mac OS X, IRIX */ | |
139 | # define MODE_INSIDE_ACL 0 | |
140 | # else | |
141 | # define MODE_INSIDE_ACL 1 | |
142 | # endif | |
143 | ||
144 | /* Return the number of entries in ACL. | |
145 | Return -1 and set errno upon failure to determine it. */ | |
146 | /* Define a replacement for acl_entries if needed. (Only Linux has it.) */ | |
147 | # if !HAVE_ACL_ENTRIES | |
148 | # define acl_entries rpl_acl_entries | |
149 | extern int acl_entries (acl_t); | |
150 | # endif | |
151 | ||
152 | # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */ | |
153 | /* ACL is an ACL, from a file, stored as type ACL_TYPE_EXTENDED. | |
154 | Return 1 if the given ACL is non-trivial. | |
155 | Return 0 if it is trivial. */ | |
156 | extern int acl_extended_nontrivial (acl_t); | |
157 | # else | |
158 | /* ACL is an ACL, from a file, stored as type ACL_TYPE_ACCESS. | |
159 | Return 1 if the given ACL is non-trivial. | |
160 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. | |
161 | Return -1 and set errno upon failure to determine it. */ | |
162 | extern int acl_access_nontrivial (acl_t); | |
163 | # endif | |
164 | ||
165 | # elif HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */ | |
166 | ||
167 | /* Set to 1 if a file's mode is implicit by the ACL. | |
168 | Set to 0 if a file's mode is stored independently from the ACL. */ | |
169 | # if defined __CYGWIN__ /* Cygwin */ | |
170 | # define MODE_INSIDE_ACL 0 | |
171 | # else /* Solaris */ | |
172 | # define MODE_INSIDE_ACL 1 | |
173 | # endif | |
174 | ||
175 | /* Return 1 if the given ACL is non-trivial. | |
176 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
eed652d6 | 177 | extern int acl_nontrivial (int count, aclent_t *entries) _GL_ATTRIBUTE_PURE; |
ffdc270a PE |
178 | |
179 | # ifdef ACE_GETACL /* Solaris 10 */ | |
180 | ||
181 | /* Test an ACL retrieved with ACE_GETACL. | |
182 | Return 1 if the given ACL, consisting of COUNT entries, is non-trivial. | |
183 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
eed652d6 | 184 | extern int acl_ace_nontrivial (int count, ace_t *entries) _GL_ATTRIBUTE_PURE; |
ffdc270a PE |
185 | |
186 | /* Definitions for when the built executable is executed on Solaris 10 | |
187 | (newer version) or Solaris 11. */ | |
188 | /* For a_type. */ | |
189 | # define OLD_ALLOW 0 | |
190 | # define OLD_DENY 1 | |
191 | # define NEW_ACE_ACCESS_ALLOWED_ACE_TYPE 0 /* replaces ALLOW */ | |
192 | # define NEW_ACE_ACCESS_DENIED_ACE_TYPE 1 /* replaces DENY */ | |
193 | /* For a_flags. */ | |
194 | # define OLD_ACE_OWNER 0x0100 | |
195 | # define OLD_ACE_GROUP 0x0200 | |
196 | # define OLD_ACE_OTHER 0x0400 | |
197 | # define NEW_ACE_OWNER 0x1000 | |
198 | # define NEW_ACE_GROUP 0x2000 | |
199 | # define NEW_ACE_IDENTIFIER_GROUP 0x0040 | |
200 | # define NEW_ACE_EVERYONE 0x4000 | |
201 | /* For a_access_mask. */ | |
202 | # define NEW_ACE_READ_DATA 0x001 /* corresponds to 'r' */ | |
203 | # define NEW_ACE_WRITE_DATA 0x002 /* corresponds to 'w' */ | |
204 | # define NEW_ACE_APPEND_DATA 0x004 | |
205 | # define NEW_ACE_READ_NAMED_ATTRS 0x008 | |
206 | # define NEW_ACE_WRITE_NAMED_ATTRS 0x010 | |
207 | # define NEW_ACE_EXECUTE 0x020 | |
208 | # define NEW_ACE_DELETE_CHILD 0x040 | |
209 | # define NEW_ACE_READ_ATTRIBUTES 0x080 | |
210 | # define NEW_ACE_WRITE_ATTRIBUTES 0x100 | |
211 | # define NEW_ACE_DELETE 0x10000 | |
212 | # define NEW_ACE_READ_ACL 0x20000 | |
213 | # define NEW_ACE_WRITE_ACL 0x40000 | |
214 | # define NEW_ACE_WRITE_OWNER 0x80000 | |
215 | # define NEW_ACE_SYNCHRONIZE 0x100000 | |
216 | ||
217 | # endif | |
218 | ||
219 | # elif HAVE_GETACL /* HP-UX */ | |
220 | ||
221 | /* Return 1 if the given ACL is non-trivial. | |
222 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
223 | extern int acl_nontrivial (int count, struct acl_entry *entries, struct stat *sb); | |
224 | ||
225 | # if HAVE_ACLV_H /* HP-UX >= 11.11 */ | |
226 | ||
227 | /* Return 1 if the given ACL is non-trivial. | |
228 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
229 | extern int aclv_nontrivial (int count, struct acl *entries); | |
230 | ||
231 | # endif | |
232 | ||
233 | # elif HAVE_ACLX_GET && 0 /* AIX */ | |
234 | ||
235 | /* TODO */ | |
236 | ||
237 | # elif HAVE_STATACL /* older AIX */ | |
238 | ||
239 | /* Return 1 if the given ACL is non-trivial. | |
240 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
241 | extern int acl_nontrivial (struct acl *a); | |
242 | ||
243 | # elif HAVE_ACLSORT /* NonStop Kernel */ | |
244 | ||
245 | /* Return 1 if the given ACL is non-trivial. | |
246 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
247 | extern int acl_nontrivial (int count, struct acl *entries); | |
248 | ||
249 | # endif | |
250 | ||
251 | #endif | |
252 | ||
253 | _GL_INLINE_HEADER_END |