Commit | Line | Data |
---|---|---|
ffdc270a PE |
1 | /* Test whether a file has a nontrivial access control list. |
2 | ||
3 | Copyright (C) 2002-2003, 2005-2013 Free Software Foundation, Inc. | |
4 | ||
5 | This program is free software: you can redistribute it and/or modify | |
6 | it under the terms of the GNU General Public License as published by | |
7 | the Free Software Foundation; either version 3 of the License, or | |
8 | (at your option) any later version. | |
9 | ||
10 | This program is distributed in the hope that it will be useful, | |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | GNU General Public License for more details. | |
14 | ||
15 | You should have received a copy of the GNU General Public License | |
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | |
17 | ||
18 | Written by Paul Eggert, Andreas Grünbacher, and Bruno Haible. */ | |
19 | ||
20 | /* Without this pragma, gcc 4.7.0 20120126 may suggest that the | |
21 | file_has_acl function might be candidate for attribute 'const' */ | |
22 | #if (__GNUC__ == 4 && 6 <= __GNUC_MINOR__) || 4 < __GNUC__ | |
23 | # pragma GCC diagnostic ignored "-Wsuggest-attribute=const" | |
24 | #endif | |
25 | ||
26 | #include <config.h> | |
27 | ||
28 | #include "acl.h" | |
29 | ||
30 | #include "acl-internal.h" | |
31 | ||
32 | ||
33 | #if USE_ACL && HAVE_ACL_GET_FILE | |
34 | ||
35 | # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */ | |
36 | ||
37 | /* ACL is an ACL, from a file, stored as type ACL_TYPE_EXTENDED. | |
38 | Return 1 if the given ACL is non-trivial. | |
39 | Return 0 if it is trivial. */ | |
40 | int | |
41 | acl_extended_nontrivial (acl_t acl) | |
42 | { | |
43 | /* acl is non-trivial if it is non-empty. */ | |
44 | return (acl_entries (acl) > 0); | |
45 | } | |
46 | ||
47 | # else /* Linux, FreeBSD, IRIX, Tru64 */ | |
48 | ||
49 | /* ACL is an ACL, from a file, stored as type ACL_TYPE_ACCESS. | |
50 | Return 1 if the given ACL is non-trivial. | |
51 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. | |
52 | Return -1 and set errno upon failure to determine it. */ | |
53 | int | |
54 | acl_access_nontrivial (acl_t acl) | |
55 | { | |
56 | /* acl is non-trivial if it has some entries other than for "user::", | |
57 | "group::", and "other::". Normally these three should be present | |
58 | at least, allowing us to write | |
59 | return (3 < acl_entries (acl)); | |
60 | but the following code is more robust. */ | |
61 | # if HAVE_ACL_FIRST_ENTRY /* Linux, FreeBSD */ | |
62 | ||
63 | acl_entry_t ace; | |
64 | int got_one; | |
65 | ||
66 | for (got_one = acl_get_entry (acl, ACL_FIRST_ENTRY, &ace); | |
67 | got_one > 0; | |
68 | got_one = acl_get_entry (acl, ACL_NEXT_ENTRY, &ace)) | |
69 | { | |
70 | acl_tag_t tag; | |
71 | if (acl_get_tag_type (ace, &tag) < 0) | |
72 | return -1; | |
73 | if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ || tag == ACL_OTHER)) | |
74 | return 1; | |
75 | } | |
76 | return got_one; | |
77 | ||
e9ad5665 | 78 | # elif HAVE_ACL_TO_SHORT_TEXT /* IRIX */ |
ffdc270a PE |
79 | /* Don't use acl_get_entry: it is undocumented. */ |
80 | ||
81 | int count = acl->acl_cnt; | |
82 | int i; | |
83 | ||
84 | for (i = 0; i < count; i++) | |
85 | { | |
86 | acl_entry_t ace = &acl->acl_entry[i]; | |
87 | acl_tag_t tag = ace->ae_tag; | |
88 | ||
89 | if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ | |
90 | || tag == ACL_OTHER_OBJ)) | |
91 | return 1; | |
92 | } | |
93 | return 0; | |
94 | ||
e9ad5665 | 95 | # elif HAVE_ACL_FREE_TEXT /* Tru64 */ |
ffdc270a PE |
96 | /* Don't use acl_get_entry: it takes only one argument and does not work. */ |
97 | ||
98 | int count = acl->acl_num; | |
99 | acl_entry_t ace; | |
100 | ||
101 | for (ace = acl->acl_first; count > 0; ace = ace->next, count--) | |
102 | { | |
103 | acl_tag_t tag; | |
104 | acl_perm_t perm; | |
105 | ||
106 | tag = ace->entry->acl_type; | |
107 | if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ || tag == ACL_OTHER)) | |
108 | return 1; | |
109 | ||
110 | perm = ace->entry->acl_perm; | |
111 | /* On Tru64, perm can also contain non-standard bits such as | |
112 | PERM_INSERT, PERM_DELETE, PERM_MODIFY, PERM_LOOKUP, ... */ | |
113 | if ((perm & ~(ACL_READ | ACL_WRITE | ACL_EXECUTE)) != 0) | |
114 | return 1; | |
115 | } | |
116 | return 0; | |
117 | ||
e9ad5665 PE |
118 | # else |
119 | ||
120 | errno = ENOSYS; | |
121 | return -1; | |
ffdc270a PE |
122 | # endif |
123 | } | |
124 | ||
125 | # endif | |
126 | ||
127 | ||
128 | #elif USE_ACL && HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */ | |
129 | ||
130 | /* Test an ACL retrieved with GETACL. | |
131 | Return 1 if the given ACL, consisting of COUNT entries, is non-trivial. | |
132 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
133 | int | |
134 | acl_nontrivial (int count, aclent_t *entries) | |
135 | { | |
136 | int i; | |
137 | ||
138 | for (i = 0; i < count; i++) | |
139 | { | |
140 | aclent_t *ace = &entries[i]; | |
141 | ||
142 | /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat(). | |
143 | If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat(). | |
144 | We don't need to check ace->a_id in these cases. */ | |
145 | if (!(ace->a_type == USER_OBJ | |
146 | || ace->a_type == GROUP_OBJ | |
147 | || ace->a_type == OTHER_OBJ | |
148 | /* Note: Cygwin does not return a CLASS_OBJ ("mask:") entry | |
149 | sometimes. */ | |
150 | || ace->a_type == CLASS_OBJ)) | |
151 | return 1; | |
152 | } | |
153 | return 0; | |
154 | } | |
155 | ||
156 | # ifdef ACE_GETACL | |
157 | ||
158 | /* A shortcut for a bitmask. */ | |
159 | # define NEW_ACE_WRITEA_DATA (NEW_ACE_WRITE_DATA | NEW_ACE_APPEND_DATA) | |
160 | ||
161 | /* Test an ACL retrieved with ACE_GETACL. | |
162 | Return 1 if the given ACL, consisting of COUNT entries, is non-trivial. | |
163 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
164 | int | |
165 | acl_ace_nontrivial (int count, ace_t *entries) | |
166 | { | |
167 | int i; | |
168 | ||
169 | /* The flags in the ace_t structure changed in a binary incompatible way | |
170 | when ACL_NO_TRIVIAL etc. were introduced in <sys/acl.h> version 1.15. | |
171 | How to distinguish the two conventions at runtime? | |
172 | In the old convention, usually three ACEs have a_flags = ACE_OWNER / | |
173 | ACE_GROUP / ACE_OTHER, in the range 0x0100..0x0400. In the new | |
174 | convention, these values are not used. */ | |
175 | int old_convention = 0; | |
176 | ||
177 | for (i = 0; i < count; i++) | |
178 | if (entries[i].a_flags & (OLD_ACE_OWNER | OLD_ACE_GROUP | OLD_ACE_OTHER)) | |
179 | { | |
180 | old_convention = 1; | |
181 | break; | |
182 | } | |
183 | ||
184 | if (old_convention) | |
185 | /* Running on Solaris 10. */ | |
186 | for (i = 0; i < count; i++) | |
187 | { | |
188 | ace_t *ace = &entries[i]; | |
189 | ||
190 | /* Note: | |
191 | If ace->a_flags = ACE_OWNER, ace->a_who is the st_uid from stat(). | |
192 | If ace->a_flags = ACE_GROUP, ace->a_who is the st_gid from stat(). | |
193 | We don't need to check ace->a_who in these cases. */ | |
194 | if (!(ace->a_type == OLD_ALLOW | |
195 | && (ace->a_flags == OLD_ACE_OWNER | |
196 | || ace->a_flags == OLD_ACE_GROUP | |
197 | || ace->a_flags == OLD_ACE_OTHER))) | |
198 | return 1; | |
199 | } | |
200 | else | |
201 | { | |
202 | /* Running on Solaris 10 (newer version) or Solaris 11. */ | |
203 | unsigned int access_masks[6] = | |
204 | { | |
205 | 0, /* owner@ deny */ | |
206 | 0, /* owner@ allow */ | |
207 | 0, /* group@ deny */ | |
208 | 0, /* group@ allow */ | |
209 | 0, /* everyone@ deny */ | |
210 | 0 /* everyone@ allow */ | |
211 | }; | |
212 | ||
213 | for (i = 0; i < count; i++) | |
214 | { | |
215 | ace_t *ace = &entries[i]; | |
216 | unsigned int index1; | |
217 | unsigned int index2; | |
218 | ||
219 | if (ace->a_type == NEW_ACE_ACCESS_ALLOWED_ACE_TYPE) | |
220 | index1 = 1; | |
221 | else if (ace->a_type == NEW_ACE_ACCESS_DENIED_ACE_TYPE) | |
222 | index1 = 0; | |
223 | else | |
224 | return 1; | |
225 | ||
226 | if (ace->a_flags == NEW_ACE_OWNER) | |
227 | index2 = 0; | |
228 | else if (ace->a_flags == (NEW_ACE_GROUP | NEW_ACE_IDENTIFIER_GROUP)) | |
229 | index2 = 2; | |
230 | else if (ace->a_flags == NEW_ACE_EVERYONE) | |
231 | index2 = 4; | |
232 | else | |
233 | return 1; | |
234 | ||
235 | access_masks[index1 + index2] |= ace->a_access_mask; | |
236 | } | |
237 | ||
238 | /* The same bit shouldn't be both allowed and denied. */ | |
239 | if (access_masks[0] & access_masks[1]) | |
240 | return 1; | |
241 | if (access_masks[2] & access_masks[3]) | |
242 | return 1; | |
243 | if (access_masks[4] & access_masks[5]) | |
244 | return 1; | |
245 | ||
246 | /* Check minimum masks. */ | |
247 | if ((NEW_ACE_WRITE_NAMED_ATTRS | |
248 | | NEW_ACE_WRITE_ATTRIBUTES | |
249 | | NEW_ACE_WRITE_ACL | |
250 | | NEW_ACE_WRITE_OWNER) | |
251 | & ~ access_masks[1]) | |
252 | return 1; | |
253 | access_masks[1] &= ~(NEW_ACE_WRITE_NAMED_ATTRS | |
254 | | NEW_ACE_WRITE_ATTRIBUTES | |
255 | | NEW_ACE_WRITE_ACL | |
256 | | NEW_ACE_WRITE_OWNER); | |
257 | if ((NEW_ACE_READ_NAMED_ATTRS | |
258 | | NEW_ACE_READ_ATTRIBUTES | |
259 | | NEW_ACE_READ_ACL | |
260 | | NEW_ACE_SYNCHRONIZE) | |
261 | & ~ access_masks[5]) | |
262 | return 1; | |
263 | access_masks[5] &= ~(NEW_ACE_READ_NAMED_ATTRS | |
264 | | NEW_ACE_READ_ATTRIBUTES | |
265 | | NEW_ACE_READ_ACL | |
266 | | NEW_ACE_SYNCHRONIZE); | |
267 | ||
268 | /* Check the allowed or denied bits. */ | |
269 | switch ((access_masks[0] | access_masks[1]) | |
270 | & ~(NEW_ACE_READ_NAMED_ATTRS | |
271 | | NEW_ACE_READ_ATTRIBUTES | |
272 | | NEW_ACE_READ_ACL | |
273 | | NEW_ACE_SYNCHRONIZE)) | |
274 | { | |
275 | case 0: | |
276 | case NEW_ACE_READ_DATA: | |
277 | case NEW_ACE_WRITEA_DATA: | |
278 | case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA: | |
279 | case NEW_ACE_EXECUTE: | |
280 | case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE: | |
281 | case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE: | |
282 | case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE: | |
283 | break; | |
284 | default: | |
285 | return 1; | |
286 | } | |
287 | switch ((access_masks[2] | access_masks[3]) | |
288 | & ~(NEW_ACE_READ_NAMED_ATTRS | |
289 | | NEW_ACE_READ_ATTRIBUTES | |
290 | | NEW_ACE_READ_ACL | |
291 | | NEW_ACE_SYNCHRONIZE)) | |
292 | { | |
293 | case 0: | |
294 | case NEW_ACE_READ_DATA: | |
295 | case NEW_ACE_WRITEA_DATA: | |
296 | case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA: | |
297 | case NEW_ACE_EXECUTE: | |
298 | case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE: | |
299 | case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE: | |
300 | case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE: | |
301 | break; | |
302 | default: | |
303 | return 1; | |
304 | } | |
305 | switch ((access_masks[4] | access_masks[5]) | |
306 | & ~(NEW_ACE_WRITE_NAMED_ATTRS | |
307 | | NEW_ACE_WRITE_ATTRIBUTES | |
308 | | NEW_ACE_WRITE_ACL | |
309 | | NEW_ACE_WRITE_OWNER)) | |
310 | { | |
311 | case 0: | |
312 | case NEW_ACE_READ_DATA: | |
313 | case NEW_ACE_WRITEA_DATA: | |
314 | case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA: | |
315 | case NEW_ACE_EXECUTE: | |
316 | case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE: | |
317 | case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE: | |
318 | case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE: | |
319 | break; | |
320 | default: | |
321 | return 1; | |
322 | } | |
323 | ||
324 | /* Check that the NEW_ACE_WRITE_DATA and NEW_ACE_APPEND_DATA bits are | |
325 | either both allowed or both denied. */ | |
326 | if (((access_masks[0] & NEW_ACE_WRITE_DATA) != 0) | |
327 | != ((access_masks[0] & NEW_ACE_APPEND_DATA) != 0)) | |
328 | return 1; | |
329 | if (((access_masks[2] & NEW_ACE_WRITE_DATA) != 0) | |
330 | != ((access_masks[2] & NEW_ACE_APPEND_DATA) != 0)) | |
331 | return 1; | |
332 | if (((access_masks[4] & NEW_ACE_WRITE_DATA) != 0) | |
333 | != ((access_masks[4] & NEW_ACE_APPEND_DATA) != 0)) | |
334 | return 1; | |
335 | } | |
336 | ||
337 | return 0; | |
338 | } | |
339 | ||
340 | # endif | |
341 | ||
342 | #elif USE_ACL && HAVE_GETACL /* HP-UX */ | |
343 | ||
344 | /* Return 1 if the given ACL is non-trivial. | |
345 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
346 | int | |
347 | acl_nontrivial (int count, struct acl_entry *entries, struct stat *sb) | |
348 | { | |
349 | int i; | |
350 | ||
351 | for (i = 0; i < count; i++) | |
352 | { | |
353 | struct acl_entry *ace = &entries[i]; | |
354 | ||
355 | if (!((ace->uid == sb->st_uid && ace->gid == ACL_NSGROUP) | |
356 | || (ace->uid == ACL_NSUSER && ace->gid == sb->st_gid) | |
357 | || (ace->uid == ACL_NSUSER && ace->gid == ACL_NSGROUP))) | |
358 | return 1; | |
359 | } | |
360 | return 0; | |
361 | } | |
362 | ||
363 | # if HAVE_ACLV_H /* HP-UX >= 11.11 */ | |
364 | ||
365 | /* Return 1 if the given ACL is non-trivial. | |
366 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
367 | int | |
368 | aclv_nontrivial (int count, struct acl *entries) | |
369 | { | |
370 | int i; | |
371 | ||
372 | for (i = 0; i < count; i++) | |
373 | { | |
374 | struct acl *ace = &entries[i]; | |
375 | ||
376 | /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat(). | |
377 | If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat(). | |
378 | We don't need to check ace->a_id in these cases. */ | |
379 | if (!(ace->a_type == USER_OBJ /* no need to check ace->a_id here */ | |
380 | || ace->a_type == GROUP_OBJ /* no need to check ace->a_id here */ | |
381 | || ace->a_type == CLASS_OBJ | |
382 | || ace->a_type == OTHER_OBJ)) | |
383 | return 1; | |
384 | } | |
385 | return 0; | |
386 | } | |
387 | ||
388 | # endif | |
389 | ||
390 | #elif USE_ACL && (HAVE_ACLX_GET || HAVE_STATACL) /* AIX */ | |
391 | ||
392 | /* Return 1 if the given ACL is non-trivial. | |
393 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
394 | int | |
395 | acl_nontrivial (struct acl *a) | |
396 | { | |
397 | /* The normal way to iterate through an ACL is like this: | |
398 | struct acl_entry *ace; | |
399 | for (ace = a->acl_ext; ace != acl_last (a); ace = acl_nxt (ace)) | |
400 | { | |
401 | struct ace_id *aei; | |
402 | switch (ace->ace_type) | |
403 | { | |
404 | case ACC_PERMIT: | |
405 | case ACC_DENY: | |
406 | case ACC_SPECIFY: | |
407 | ...; | |
408 | } | |
409 | for (aei = ace->ace_id; aei != id_last (ace); aei = id_nxt (aei)) | |
410 | ... | |
411 | } | |
412 | */ | |
413 | return (acl_last (a) != a->acl_ext ? 1 : 0); | |
414 | } | |
415 | ||
416 | # if HAVE_ACLX_GET && defined ACL_AIX_WIP /* newer AIX */ | |
417 | ||
418 | /* Return 1 if the given ACL is non-trivial. | |
419 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
420 | int | |
421 | acl_nfs4_nontrivial (nfs4_acl_int_t *a) | |
422 | { | |
423 | # if 1 /* let's try this first */ | |
424 | return (a->aclEntryN > 0 ? 1 : 0); | |
425 | # else | |
426 | int count = a->aclEntryN; | |
427 | int i; | |
428 | ||
429 | for (i = 0; i < count; i++) | |
430 | { | |
431 | nfs4_ace_int_t *ace = &a->aclEntry[i]; | |
432 | ||
433 | if (!((ace->flags & ACE4_ID_SPECIAL) != 0 | |
434 | && (ace->aceWho.special_whoid == ACE4_WHO_OWNER | |
435 | || ace->aceWho.special_whoid == ACE4_WHO_GROUP | |
436 | || ace->aceWho.special_whoid == ACE4_WHO_EVERYONE) | |
437 | && ace->aceType == ACE4_ACCESS_ALLOWED_ACE_TYPE | |
438 | && ace->aceFlags == 0 | |
439 | && (ace->aceMask & ~(ACE4_READ_DATA | ACE4_LIST_DIRECTORY | |
440 | | ACE4_WRITE_DATA | ACE4_ADD_FILE | |
441 | | ACE4_EXECUTE)) == 0)) | |
442 | return 1; | |
443 | } | |
444 | return 0; | |
445 | # endif | |
446 | } | |
447 | ||
448 | # endif | |
449 | ||
450 | #elif USE_ACL && HAVE_ACLSORT /* NonStop Kernel */ | |
451 | ||
452 | /* Test an ACL retrieved with ACL_GET. | |
453 | Return 1 if the given ACL, consisting of COUNT entries, is non-trivial. | |
454 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ | |
455 | int | |
456 | acl_nontrivial (int count, struct acl *entries) | |
457 | { | |
458 | int i; | |
459 | ||
460 | for (i = 0; i < count; i++) | |
461 | { | |
462 | struct acl *ace = &entries[i]; | |
463 | ||
464 | /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat(). | |
465 | If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat(). | |
466 | We don't need to check ace->a_id in these cases. */ | |
467 | if (!(ace->a_type == USER_OBJ /* no need to check ace->a_id here */ | |
468 | || ace->a_type == GROUP_OBJ /* no need to check ace->a_id here */ | |
469 | || ace->a_type == CLASS_OBJ | |
470 | || ace->a_type == OTHER_OBJ)) | |
471 | return 1; | |
472 | } | |
473 | return 0; | |
474 | } | |
475 | ||
476 | #endif | |
477 | ||
478 | ||
479 | /* Return 1 if NAME has a nontrivial access control list, 0 if NAME | |
480 | only has no or a base access control list, and -1 (setting errno) | |
481 | on error. SB must be set to the stat buffer of NAME, obtained | |
482 | through stat() or lstat(). */ | |
483 | ||
484 | int | |
485 | file_has_acl (char const *name, struct stat const *sb) | |
486 | { | |
487 | #if USE_ACL | |
488 | if (! S_ISLNK (sb->st_mode)) | |
489 | { | |
490 | # if HAVE_ACL_GET_FILE | |
491 | ||
492 | /* POSIX 1003.1e (draft 17 -- abandoned) specific version. */ | |
493 | /* Linux, FreeBSD, Mac OS X, IRIX, Tru64 */ | |
494 | int ret; | |
495 | ||
496 | if (HAVE_ACL_EXTENDED_FILE) /* Linux */ | |
497 | { | |
498 | /* On Linux, acl_extended_file is an optimized function: It only | |
499 | makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for | |
500 | ACL_TYPE_DEFAULT. */ | |
501 | ret = acl_extended_file (name); | |
502 | } | |
503 | else /* FreeBSD, Mac OS X, IRIX, Tru64 */ | |
504 | { | |
505 | # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */ | |
506 | /* On Mac OS X, acl_get_file (name, ACL_TYPE_ACCESS) | |
507 | and acl_get_file (name, ACL_TYPE_DEFAULT) | |
508 | always return NULL / EINVAL. There is no point in making | |
509 | these two useless calls. The real ACL is retrieved through | |
510 | acl_get_file (name, ACL_TYPE_EXTENDED). */ | |
511 | acl_t acl = acl_get_file (name, ACL_TYPE_EXTENDED); | |
512 | if (acl) | |
513 | { | |
514 | ret = acl_extended_nontrivial (acl); | |
515 | acl_free (acl); | |
516 | } | |
517 | else | |
518 | ret = -1; | |
519 | # else /* FreeBSD, IRIX, Tru64 */ | |
520 | acl_t acl = acl_get_file (name, ACL_TYPE_ACCESS); | |
521 | if (acl) | |
522 | { | |
523 | int saved_errno; | |
524 | ||
525 | ret = acl_access_nontrivial (acl); | |
526 | saved_errno = errno; | |
527 | acl_free (acl); | |
528 | errno = saved_errno; | |
529 | # if HAVE_ACL_FREE_TEXT /* Tru64 */ | |
530 | /* On OSF/1, acl_get_file (name, ACL_TYPE_DEFAULT) always | |
531 | returns NULL with errno not set. There is no point in | |
532 | making this call. */ | |
533 | # else /* FreeBSD, IRIX */ | |
534 | /* On Linux, FreeBSD, IRIX, acl_get_file (name, ACL_TYPE_ACCESS) | |
535 | and acl_get_file (name, ACL_TYPE_DEFAULT) on a directory | |
536 | either both succeed or both fail; it depends on the | |
537 | file system. Therefore there is no point in making the second | |
538 | call if the first one already failed. */ | |
539 | if (ret == 0 && S_ISDIR (sb->st_mode)) | |
540 | { | |
541 | acl = acl_get_file (name, ACL_TYPE_DEFAULT); | |
542 | if (acl) | |
543 | { | |
544 | ret = (0 < acl_entries (acl)); | |
545 | acl_free (acl); | |
546 | } | |
547 | else | |
548 | ret = -1; | |
549 | } | |
550 | # endif | |
551 | } | |
552 | else | |
553 | ret = -1; | |
554 | # endif | |
555 | } | |
556 | if (ret < 0) | |
557 | return - acl_errno_valid (errno); | |
558 | return ret; | |
559 | ||
560 | # elif HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */ | |
561 | ||
562 | # if defined ACL_NO_TRIVIAL | |
563 | ||
564 | /* Solaris 10 (newer version), which has additional API declared in | |
565 | <sys/acl.h> (acl_t) and implemented in libsec (acl_set, acl_trivial, | |
566 | acl_fromtext, ...). */ | |
567 | return acl_trivial (name); | |
568 | ||
569 | # else /* Solaris, Cygwin, general case */ | |
570 | ||
571 | /* Solaris 2.5 through Solaris 10, Cygwin, and contemporaneous versions | |
572 | of Unixware. The acl() call returns the access and default ACL both | |
573 | at once. */ | |
574 | { | |
575 | /* Initially, try to read the entries into a stack-allocated buffer. | |
576 | Use malloc if it does not fit. */ | |
577 | enum | |
578 | { | |
579 | alloc_init = 4000 / sizeof (aclent_t), /* >= 3 */ | |
580 | alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (aclent_t)) | |
581 | }; | |
582 | aclent_t buf[alloc_init]; | |
583 | size_t alloc = alloc_init; | |
584 | aclent_t *entries = buf; | |
585 | aclent_t *malloced = NULL; | |
586 | int count; | |
587 | ||
588 | for (;;) | |
589 | { | |
590 | count = acl (name, GETACL, alloc, entries); | |
591 | if (count < 0 && errno == ENOSPC) | |
592 | { | |
593 | /* Increase the size of the buffer. */ | |
594 | free (malloced); | |
595 | if (alloc > alloc_max / 2) | |
596 | { | |
597 | errno = ENOMEM; | |
598 | return -1; | |
599 | } | |
600 | alloc = 2 * alloc; /* <= alloc_max */ | |
601 | entries = malloced = | |
602 | (aclent_t *) malloc (alloc * sizeof (aclent_t)); | |
603 | if (entries == NULL) | |
604 | { | |
605 | errno = ENOMEM; | |
606 | return -1; | |
607 | } | |
608 | continue; | |
609 | } | |
610 | break; | |
611 | } | |
612 | if (count < 0) | |
613 | { | |
614 | if (errno == ENOSYS || errno == ENOTSUP) | |
615 | ; | |
616 | else | |
617 | { | |
618 | int saved_errno = errno; | |
619 | free (malloced); | |
620 | errno = saved_errno; | |
621 | return -1; | |
622 | } | |
623 | } | |
624 | else if (count == 0) | |
625 | ; | |
626 | else | |
627 | { | |
628 | /* Don't use MIN_ACL_ENTRIES: It's set to 4 on Cygwin, but Cygwin | |
629 | returns only 3 entries for files with no ACL. But this is safe: | |
630 | If there are more than 4 entries, there cannot be only the | |
631 | "user::", "group::", "other:", and "mask:" entries. */ | |
632 | if (count > 4) | |
633 | { | |
634 | free (malloced); | |
635 | return 1; | |
636 | } | |
637 | ||
638 | if (acl_nontrivial (count, entries)) | |
639 | { | |
640 | free (malloced); | |
641 | return 1; | |
642 | } | |
643 | } | |
644 | free (malloced); | |
645 | } | |
646 | ||
647 | # ifdef ACE_GETACL | |
648 | /* Solaris also has a different variant of ACLs, used in ZFS and NFSv4 | |
649 | file systems (whereas the other ones are used in UFS file systems). */ | |
650 | { | |
651 | /* Initially, try to read the entries into a stack-allocated buffer. | |
652 | Use malloc if it does not fit. */ | |
653 | enum | |
654 | { | |
655 | alloc_init = 4000 / sizeof (ace_t), /* >= 3 */ | |
656 | alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (ace_t)) | |
657 | }; | |
658 | ace_t buf[alloc_init]; | |
659 | size_t alloc = alloc_init; | |
660 | ace_t *entries = buf; | |
661 | ace_t *malloced = NULL; | |
662 | int count; | |
663 | ||
664 | for (;;) | |
665 | { | |
666 | count = acl (name, ACE_GETACL, alloc, entries); | |
667 | if (count < 0 && errno == ENOSPC) | |
668 | { | |
669 | /* Increase the size of the buffer. */ | |
670 | free (malloced); | |
671 | if (alloc > alloc_max / 2) | |
672 | { | |
673 | errno = ENOMEM; | |
674 | return -1; | |
675 | } | |
676 | alloc = 2 * alloc; /* <= alloc_max */ | |
677 | entries = malloced = (ace_t *) malloc (alloc * sizeof (ace_t)); | |
678 | if (entries == NULL) | |
679 | { | |
680 | errno = ENOMEM; | |
681 | return -1; | |
682 | } | |
683 | continue; | |
684 | } | |
685 | break; | |
686 | } | |
687 | if (count < 0) | |
688 | { | |
689 | if (errno == ENOSYS || errno == EINVAL) | |
690 | ; | |
691 | else | |
692 | { | |
693 | int saved_errno = errno; | |
694 | free (malloced); | |
695 | errno = saved_errno; | |
696 | return -1; | |
697 | } | |
698 | } | |
699 | else if (count == 0) | |
700 | ; | |
701 | else | |
702 | { | |
703 | /* In the old (original Solaris 10) convention: | |
704 | If there are more than 3 entries, there cannot be only the | |
705 | ACE_OWNER, ACE_GROUP, ACE_OTHER entries. | |
706 | In the newer Solaris 10 and Solaris 11 convention: | |
707 | If there are more than 6 entries, there cannot be only the | |
708 | ACE_OWNER, ACE_GROUP, ACE_EVERYONE entries, each once with | |
709 | NEW_ACE_ACCESS_ALLOWED_ACE_TYPE and once with | |
710 | NEW_ACE_ACCESS_DENIED_ACE_TYPE. */ | |
711 | if (count > 6) | |
712 | { | |
713 | free (malloced); | |
714 | return 1; | |
715 | } | |
716 | ||
717 | if (acl_ace_nontrivial (count, entries)) | |
718 | { | |
719 | free (malloced); | |
720 | return 1; | |
721 | } | |
722 | } | |
723 | free (malloced); | |
724 | } | |
725 | # endif | |
726 | ||
727 | return 0; | |
728 | # endif | |
729 | ||
730 | # elif HAVE_GETACL /* HP-UX */ | |
731 | ||
732 | { | |
733 | struct acl_entry entries[NACLENTRIES]; | |
734 | int count; | |
735 | ||
736 | count = getacl (name, NACLENTRIES, entries); | |
737 | ||
738 | if (count < 0) | |
739 | { | |
740 | /* ENOSYS is seen on newer HP-UX versions. | |
741 | EOPNOTSUPP is typically seen on NFS mounts. | |
742 | ENOTSUP was seen on Quantum StorNext file systems (cvfs). */ | |
743 | if (errno == ENOSYS || errno == EOPNOTSUPP || errno == ENOTSUP) | |
744 | ; | |
745 | else | |
746 | return -1; | |
747 | } | |
748 | else if (count == 0) | |
749 | return 0; | |
750 | else /* count > 0 */ | |
751 | { | |
752 | if (count > NACLENTRIES) | |
753 | /* If NACLENTRIES cannot be trusted, use dynamic memory | |
754 | allocation. */ | |
755 | abort (); | |
756 | ||
757 | /* If there are more than 3 entries, there cannot be only the | |
758 | (uid,%), (%,gid), (%,%) entries. */ | |
759 | if (count > 3) | |
760 | return 1; | |
761 | ||
762 | { | |
763 | struct stat statbuf; | |
764 | ||
765 | if (stat (name, &statbuf) < 0) | |
766 | return -1; | |
767 | ||
768 | return acl_nontrivial (count, entries, &statbuf); | |
769 | } | |
770 | } | |
771 | } | |
772 | ||
773 | # if HAVE_ACLV_H /* HP-UX >= 11.11 */ | |
774 | ||
775 | { | |
776 | struct acl entries[NACLVENTRIES]; | |
777 | int count; | |
778 | ||
779 | count = acl ((char *) name, ACL_GET, NACLVENTRIES, entries); | |
780 | ||
781 | if (count < 0) | |
782 | { | |
783 | /* EOPNOTSUPP is seen on NFS in HP-UX 11.11, 11.23. | |
784 | EINVAL is seen on NFS in HP-UX 11.31. */ | |
785 | if (errno == ENOSYS || errno == EOPNOTSUPP || errno == EINVAL) | |
786 | ; | |
787 | else | |
788 | return -1; | |
789 | } | |
790 | else if (count == 0) | |
791 | return 0; | |
792 | else /* count > 0 */ | |
793 | { | |
794 | if (count > NACLVENTRIES) | |
795 | /* If NACLVENTRIES cannot be trusted, use dynamic memory | |
796 | allocation. */ | |
797 | abort (); | |
798 | ||
799 | /* If there are more than 4 entries, there cannot be only the | |
800 | four base ACL entries. */ | |
801 | if (count > 4) | |
802 | return 1; | |
803 | ||
804 | return aclv_nontrivial (count, entries); | |
805 | } | |
806 | } | |
807 | ||
808 | # endif | |
809 | ||
810 | # elif HAVE_ACLX_GET && defined ACL_AIX_WIP /* AIX */ | |
811 | ||
812 | acl_type_t type; | |
813 | char aclbuf[1024]; | |
814 | void *acl = aclbuf; | |
815 | size_t aclsize = sizeof (aclbuf); | |
816 | mode_t mode; | |
817 | ||
818 | for (;;) | |
819 | { | |
820 | /* The docs say that type being 0 is equivalent to ACL_ANY, but it | |
821 | is not true, in AIX 5.3. */ | |
822 | type.u64 = ACL_ANY; | |
823 | if (aclx_get (name, 0, &type, aclbuf, &aclsize, &mode) >= 0) | |
824 | break; | |
825 | if (errno == ENOSYS) | |
826 | return 0; | |
827 | if (errno != ENOSPC) | |
828 | { | |
829 | if (acl != aclbuf) | |
830 | { | |
831 | int saved_errno = errno; | |
832 | free (acl); | |
833 | errno = saved_errno; | |
834 | } | |
835 | return -1; | |
836 | } | |
837 | aclsize = 2 * aclsize; | |
838 | if (acl != aclbuf) | |
839 | free (acl); | |
840 | acl = malloc (aclsize); | |
841 | if (acl == NULL) | |
842 | { | |
843 | errno = ENOMEM; | |
844 | return -1; | |
845 | } | |
846 | } | |
847 | ||
848 | if (type.u64 == ACL_AIXC) | |
849 | { | |
850 | int result = acl_nontrivial ((struct acl *) acl); | |
851 | if (acl != aclbuf) | |
852 | free (acl); | |
853 | return result; | |
854 | } | |
855 | else if (type.u64 == ACL_NFS4) | |
856 | { | |
857 | int result = acl_nfs4_nontrivial ((nfs4_acl_int_t *) acl); | |
858 | if (acl != aclbuf) | |
859 | free (acl); | |
860 | return result; | |
861 | } | |
862 | else | |
863 | { | |
864 | /* A newer type of ACL has been introduced in the system. | |
865 | We should better support it. */ | |
866 | if (acl != aclbuf) | |
867 | free (acl); | |
868 | errno = EINVAL; | |
869 | return -1; | |
870 | } | |
871 | ||
872 | # elif HAVE_STATACL /* older AIX */ | |
873 | ||
874 | union { struct acl a; char room[4096]; } u; | |
875 | ||
876 | if (statacl (name, STX_NORMAL, &u.a, sizeof (u)) < 0) | |
877 | return -1; | |
878 | ||
879 | return acl_nontrivial (&u.a); | |
880 | ||
881 | # elif HAVE_ACLSORT /* NonStop Kernel */ | |
882 | ||
883 | { | |
884 | struct acl entries[NACLENTRIES]; | |
885 | int count; | |
886 | ||
887 | count = acl ((char *) name, ACL_GET, NACLENTRIES, entries); | |
888 | ||
889 | if (count < 0) | |
890 | { | |
891 | if (errno == ENOSYS || errno == ENOTSUP) | |
892 | ; | |
893 | else | |
894 | return -1; | |
895 | } | |
896 | else if (count == 0) | |
897 | return 0; | |
898 | else /* count > 0 */ | |
899 | { | |
900 | if (count > NACLENTRIES) | |
901 | /* If NACLENTRIES cannot be trusted, use dynamic memory | |
902 | allocation. */ | |
903 | abort (); | |
904 | ||
905 | /* If there are more than 4 entries, there cannot be only the | |
906 | four base ACL entries. */ | |
907 | if (count > 4) | |
908 | return 1; | |
909 | ||
910 | return acl_nontrivial (count, entries); | |
911 | } | |
912 | } | |
913 | ||
914 | # endif | |
915 | } | |
916 | #endif | |
917 | ||
918 | return 0; | |
919 | } |