| 1 | /* Test whether a file has a nontrivial access control list. |
| 2 | |
| 3 | Copyright (C) 2002-2003, 2005-2014 Free Software Foundation, Inc. |
| 4 | |
| 5 | This program is free software: you can redistribute it and/or modify |
| 6 | it under the terms of the GNU General Public License as published by |
| 7 | the Free Software Foundation; either version 3 of the License, or |
| 8 | (at your option) any later version. |
| 9 | |
| 10 | This program is distributed in the hope that it will be useful, |
| 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 13 | GNU General Public License for more details. |
| 14 | |
| 15 | You should have received a copy of the GNU General Public License |
| 16 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 17 | |
| 18 | Written by Paul Eggert, Andreas Grünbacher, and Bruno Haible. */ |
| 19 | |
| 20 | /* Without this pragma, gcc 4.7.0 20120126 may suggest that the |
| 21 | file_has_acl function might be candidate for attribute 'const' */ |
| 22 | #if (__GNUC__ == 4 && 6 <= __GNUC_MINOR__) || 4 < __GNUC__ |
| 23 | # pragma GCC diagnostic ignored "-Wsuggest-attribute=const" |
| 24 | #endif |
| 25 | |
| 26 | #include <config.h> |
| 27 | |
| 28 | #include "acl.h" |
| 29 | |
| 30 | #include "acl-internal.h" |
| 31 | |
| 32 | |
| 33 | #if USE_ACL && HAVE_ACL_GET_FILE |
| 34 | |
| 35 | # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */ |
| 36 | |
| 37 | /* ACL is an ACL, from a file, stored as type ACL_TYPE_EXTENDED. |
| 38 | Return 1 if the given ACL is non-trivial. |
| 39 | Return 0 if it is trivial. */ |
| 40 | int |
| 41 | acl_extended_nontrivial (acl_t acl) |
| 42 | { |
| 43 | /* acl is non-trivial if it is non-empty. */ |
| 44 | return (acl_entries (acl) > 0); |
| 45 | } |
| 46 | |
| 47 | # else /* Linux, FreeBSD, IRIX, Tru64 */ |
| 48 | |
| 49 | /* ACL is an ACL, from a file, stored as type ACL_TYPE_ACCESS. |
| 50 | Return 1 if the given ACL is non-trivial. |
| 51 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. |
| 52 | Return -1 and set errno upon failure to determine it. */ |
| 53 | int |
| 54 | acl_access_nontrivial (acl_t acl) |
| 55 | { |
| 56 | /* acl is non-trivial if it has some entries other than for "user::", |
| 57 | "group::", and "other::". Normally these three should be present |
| 58 | at least, allowing us to write |
| 59 | return (3 < acl_entries (acl)); |
| 60 | but the following code is more robust. */ |
| 61 | # if HAVE_ACL_FIRST_ENTRY /* Linux, FreeBSD */ |
| 62 | |
| 63 | acl_entry_t ace; |
| 64 | int got_one; |
| 65 | |
| 66 | for (got_one = acl_get_entry (acl, ACL_FIRST_ENTRY, &ace); |
| 67 | got_one > 0; |
| 68 | got_one = acl_get_entry (acl, ACL_NEXT_ENTRY, &ace)) |
| 69 | { |
| 70 | acl_tag_t tag; |
| 71 | if (acl_get_tag_type (ace, &tag) < 0) |
| 72 | return -1; |
| 73 | if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ || tag == ACL_OTHER)) |
| 74 | return 1; |
| 75 | } |
| 76 | return got_one; |
| 77 | |
| 78 | # elif HAVE_ACL_TO_SHORT_TEXT /* IRIX */ |
| 79 | /* Don't use acl_get_entry: it is undocumented. */ |
| 80 | |
| 81 | int count = acl->acl_cnt; |
| 82 | int i; |
| 83 | |
| 84 | for (i = 0; i < count; i++) |
| 85 | { |
| 86 | acl_entry_t ace = &acl->acl_entry[i]; |
| 87 | acl_tag_t tag = ace->ae_tag; |
| 88 | |
| 89 | if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ |
| 90 | || tag == ACL_OTHER_OBJ)) |
| 91 | return 1; |
| 92 | } |
| 93 | return 0; |
| 94 | |
| 95 | # elif HAVE_ACL_FREE_TEXT /* Tru64 */ |
| 96 | /* Don't use acl_get_entry: it takes only one argument and does not work. */ |
| 97 | |
| 98 | int count = acl->acl_num; |
| 99 | acl_entry_t ace; |
| 100 | |
| 101 | for (ace = acl->acl_first; count > 0; ace = ace->next, count--) |
| 102 | { |
| 103 | acl_tag_t tag; |
| 104 | acl_perm_t perm; |
| 105 | |
| 106 | tag = ace->entry->acl_type; |
| 107 | if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ || tag == ACL_OTHER)) |
| 108 | return 1; |
| 109 | |
| 110 | perm = ace->entry->acl_perm; |
| 111 | /* On Tru64, perm can also contain non-standard bits such as |
| 112 | PERM_INSERT, PERM_DELETE, PERM_MODIFY, PERM_LOOKUP, ... */ |
| 113 | if ((perm & ~(ACL_READ | ACL_WRITE | ACL_EXECUTE)) != 0) |
| 114 | return 1; |
| 115 | } |
| 116 | return 0; |
| 117 | |
| 118 | # else |
| 119 | |
| 120 | errno = ENOSYS; |
| 121 | return -1; |
| 122 | # endif |
| 123 | } |
| 124 | |
| 125 | # endif |
| 126 | |
| 127 | |
| 128 | #elif USE_ACL && HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */ |
| 129 | |
| 130 | /* Test an ACL retrieved with GETACL. |
| 131 | Return 1 if the given ACL, consisting of COUNT entries, is non-trivial. |
| 132 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ |
| 133 | int |
| 134 | acl_nontrivial (int count, aclent_t *entries) |
| 135 | { |
| 136 | int i; |
| 137 | |
| 138 | for (i = 0; i < count; i++) |
| 139 | { |
| 140 | aclent_t *ace = &entries[i]; |
| 141 | |
| 142 | /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat(). |
| 143 | If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat(). |
| 144 | We don't need to check ace->a_id in these cases. */ |
| 145 | if (!(ace->a_type == USER_OBJ |
| 146 | || ace->a_type == GROUP_OBJ |
| 147 | || ace->a_type == OTHER_OBJ |
| 148 | /* Note: Cygwin does not return a CLASS_OBJ ("mask:") entry |
| 149 | sometimes. */ |
| 150 | || ace->a_type == CLASS_OBJ)) |
| 151 | return 1; |
| 152 | } |
| 153 | return 0; |
| 154 | } |
| 155 | |
| 156 | # ifdef ACE_GETACL |
| 157 | |
| 158 | /* A shortcut for a bitmask. */ |
| 159 | # define NEW_ACE_WRITEA_DATA (NEW_ACE_WRITE_DATA | NEW_ACE_APPEND_DATA) |
| 160 | |
| 161 | /* Test an ACL retrieved with ACE_GETACL. |
| 162 | Return 1 if the given ACL, consisting of COUNT entries, is non-trivial. |
| 163 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ |
| 164 | int |
| 165 | acl_ace_nontrivial (int count, ace_t *entries) |
| 166 | { |
| 167 | int i; |
| 168 | |
| 169 | /* The flags in the ace_t structure changed in a binary incompatible way |
| 170 | when ACL_NO_TRIVIAL etc. were introduced in <sys/acl.h> version 1.15. |
| 171 | How to distinguish the two conventions at runtime? |
| 172 | In the old convention, usually three ACEs have a_flags = ACE_OWNER / |
| 173 | ACE_GROUP / ACE_OTHER, in the range 0x0100..0x0400. In the new |
| 174 | convention, these values are not used. */ |
| 175 | int old_convention = 0; |
| 176 | |
| 177 | for (i = 0; i < count; i++) |
| 178 | if (entries[i].a_flags & (OLD_ACE_OWNER | OLD_ACE_GROUP | OLD_ACE_OTHER)) |
| 179 | { |
| 180 | old_convention = 1; |
| 181 | break; |
| 182 | } |
| 183 | |
| 184 | if (old_convention) |
| 185 | /* Running on Solaris 10. */ |
| 186 | for (i = 0; i < count; i++) |
| 187 | { |
| 188 | ace_t *ace = &entries[i]; |
| 189 | |
| 190 | /* Note: |
| 191 | If ace->a_flags = ACE_OWNER, ace->a_who is the st_uid from stat(). |
| 192 | If ace->a_flags = ACE_GROUP, ace->a_who is the st_gid from stat(). |
| 193 | We don't need to check ace->a_who in these cases. */ |
| 194 | if (!(ace->a_type == OLD_ALLOW |
| 195 | && (ace->a_flags == OLD_ACE_OWNER |
| 196 | || ace->a_flags == OLD_ACE_GROUP |
| 197 | || ace->a_flags == OLD_ACE_OTHER))) |
| 198 | return 1; |
| 199 | } |
| 200 | else |
| 201 | { |
| 202 | /* Running on Solaris 10 (newer version) or Solaris 11. */ |
| 203 | unsigned int access_masks[6] = |
| 204 | { |
| 205 | 0, /* owner@ deny */ |
| 206 | 0, /* owner@ allow */ |
| 207 | 0, /* group@ deny */ |
| 208 | 0, /* group@ allow */ |
| 209 | 0, /* everyone@ deny */ |
| 210 | 0 /* everyone@ allow */ |
| 211 | }; |
| 212 | |
| 213 | for (i = 0; i < count; i++) |
| 214 | { |
| 215 | ace_t *ace = &entries[i]; |
| 216 | unsigned int index1; |
| 217 | unsigned int index2; |
| 218 | |
| 219 | if (ace->a_type == NEW_ACE_ACCESS_ALLOWED_ACE_TYPE) |
| 220 | index1 = 1; |
| 221 | else if (ace->a_type == NEW_ACE_ACCESS_DENIED_ACE_TYPE) |
| 222 | index1 = 0; |
| 223 | else |
| 224 | return 1; |
| 225 | |
| 226 | if (ace->a_flags == NEW_ACE_OWNER) |
| 227 | index2 = 0; |
| 228 | else if (ace->a_flags == (NEW_ACE_GROUP | NEW_ACE_IDENTIFIER_GROUP)) |
| 229 | index2 = 2; |
| 230 | else if (ace->a_flags == NEW_ACE_EVERYONE) |
| 231 | index2 = 4; |
| 232 | else |
| 233 | return 1; |
| 234 | |
| 235 | access_masks[index1 + index2] |= ace->a_access_mask; |
| 236 | } |
| 237 | |
| 238 | /* The same bit shouldn't be both allowed and denied. */ |
| 239 | if (access_masks[0] & access_masks[1]) |
| 240 | return 1; |
| 241 | if (access_masks[2] & access_masks[3]) |
| 242 | return 1; |
| 243 | if (access_masks[4] & access_masks[5]) |
| 244 | return 1; |
| 245 | |
| 246 | /* Check minimum masks. */ |
| 247 | if ((NEW_ACE_WRITE_NAMED_ATTRS |
| 248 | | NEW_ACE_WRITE_ATTRIBUTES |
| 249 | | NEW_ACE_WRITE_ACL |
| 250 | | NEW_ACE_WRITE_OWNER) |
| 251 | & ~ access_masks[1]) |
| 252 | return 1; |
| 253 | access_masks[1] &= ~(NEW_ACE_WRITE_NAMED_ATTRS |
| 254 | | NEW_ACE_WRITE_ATTRIBUTES |
| 255 | | NEW_ACE_WRITE_ACL |
| 256 | | NEW_ACE_WRITE_OWNER); |
| 257 | if ((NEW_ACE_READ_NAMED_ATTRS |
| 258 | | NEW_ACE_READ_ATTRIBUTES |
| 259 | | NEW_ACE_READ_ACL |
| 260 | | NEW_ACE_SYNCHRONIZE) |
| 261 | & ~ access_masks[5]) |
| 262 | return 1; |
| 263 | access_masks[5] &= ~(NEW_ACE_READ_NAMED_ATTRS |
| 264 | | NEW_ACE_READ_ATTRIBUTES |
| 265 | | NEW_ACE_READ_ACL |
| 266 | | NEW_ACE_SYNCHRONIZE); |
| 267 | |
| 268 | /* Check the allowed or denied bits. */ |
| 269 | switch ((access_masks[0] | access_masks[1]) |
| 270 | & ~(NEW_ACE_READ_NAMED_ATTRS |
| 271 | | NEW_ACE_READ_ATTRIBUTES |
| 272 | | NEW_ACE_READ_ACL |
| 273 | | NEW_ACE_SYNCHRONIZE)) |
| 274 | { |
| 275 | case 0: |
| 276 | case NEW_ACE_READ_DATA: |
| 277 | case NEW_ACE_WRITEA_DATA: |
| 278 | case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA: |
| 279 | case NEW_ACE_EXECUTE: |
| 280 | case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE: |
| 281 | case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE: |
| 282 | case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE: |
| 283 | break; |
| 284 | default: |
| 285 | return 1; |
| 286 | } |
| 287 | switch ((access_masks[2] | access_masks[3]) |
| 288 | & ~(NEW_ACE_READ_NAMED_ATTRS |
| 289 | | NEW_ACE_READ_ATTRIBUTES |
| 290 | | NEW_ACE_READ_ACL |
| 291 | | NEW_ACE_SYNCHRONIZE)) |
| 292 | { |
| 293 | case 0: |
| 294 | case NEW_ACE_READ_DATA: |
| 295 | case NEW_ACE_WRITEA_DATA: |
| 296 | case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA: |
| 297 | case NEW_ACE_EXECUTE: |
| 298 | case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE: |
| 299 | case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE: |
| 300 | case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE: |
| 301 | break; |
| 302 | default: |
| 303 | return 1; |
| 304 | } |
| 305 | switch ((access_masks[4] | access_masks[5]) |
| 306 | & ~(NEW_ACE_WRITE_NAMED_ATTRS |
| 307 | | NEW_ACE_WRITE_ATTRIBUTES |
| 308 | | NEW_ACE_WRITE_ACL |
| 309 | | NEW_ACE_WRITE_OWNER)) |
| 310 | { |
| 311 | case 0: |
| 312 | case NEW_ACE_READ_DATA: |
| 313 | case NEW_ACE_WRITEA_DATA: |
| 314 | case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA: |
| 315 | case NEW_ACE_EXECUTE: |
| 316 | case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE: |
| 317 | case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE: |
| 318 | case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE: |
| 319 | break; |
| 320 | default: |
| 321 | return 1; |
| 322 | } |
| 323 | |
| 324 | /* Check that the NEW_ACE_WRITE_DATA and NEW_ACE_APPEND_DATA bits are |
| 325 | either both allowed or both denied. */ |
| 326 | if (((access_masks[0] & NEW_ACE_WRITE_DATA) != 0) |
| 327 | != ((access_masks[0] & NEW_ACE_APPEND_DATA) != 0)) |
| 328 | return 1; |
| 329 | if (((access_masks[2] & NEW_ACE_WRITE_DATA) != 0) |
| 330 | != ((access_masks[2] & NEW_ACE_APPEND_DATA) != 0)) |
| 331 | return 1; |
| 332 | if (((access_masks[4] & NEW_ACE_WRITE_DATA) != 0) |
| 333 | != ((access_masks[4] & NEW_ACE_APPEND_DATA) != 0)) |
| 334 | return 1; |
| 335 | } |
| 336 | |
| 337 | return 0; |
| 338 | } |
| 339 | |
| 340 | # endif |
| 341 | |
| 342 | #elif USE_ACL && HAVE_GETACL /* HP-UX */ |
| 343 | |
| 344 | /* Return 1 if the given ACL is non-trivial. |
| 345 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ |
| 346 | int |
| 347 | acl_nontrivial (int count, struct acl_entry *entries, struct stat *sb) |
| 348 | { |
| 349 | int i; |
| 350 | |
| 351 | for (i = 0; i < count; i++) |
| 352 | { |
| 353 | struct acl_entry *ace = &entries[i]; |
| 354 | |
| 355 | if (!((ace->uid == sb->st_uid && ace->gid == ACL_NSGROUP) |
| 356 | || (ace->uid == ACL_NSUSER && ace->gid == sb->st_gid) |
| 357 | || (ace->uid == ACL_NSUSER && ace->gid == ACL_NSGROUP))) |
| 358 | return 1; |
| 359 | } |
| 360 | return 0; |
| 361 | } |
| 362 | |
| 363 | # if HAVE_ACLV_H /* HP-UX >= 11.11 */ |
| 364 | |
| 365 | /* Return 1 if the given ACL is non-trivial. |
| 366 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ |
| 367 | int |
| 368 | aclv_nontrivial (int count, struct acl *entries) |
| 369 | { |
| 370 | int i; |
| 371 | |
| 372 | for (i = 0; i < count; i++) |
| 373 | { |
| 374 | struct acl *ace = &entries[i]; |
| 375 | |
| 376 | /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat(). |
| 377 | If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat(). |
| 378 | We don't need to check ace->a_id in these cases. */ |
| 379 | if (!(ace->a_type == USER_OBJ /* no need to check ace->a_id here */ |
| 380 | || ace->a_type == GROUP_OBJ /* no need to check ace->a_id here */ |
| 381 | || ace->a_type == CLASS_OBJ |
| 382 | || ace->a_type == OTHER_OBJ)) |
| 383 | return 1; |
| 384 | } |
| 385 | return 0; |
| 386 | } |
| 387 | |
| 388 | # endif |
| 389 | |
| 390 | #elif USE_ACL && (HAVE_ACLX_GET || HAVE_STATACL) /* AIX */ |
| 391 | |
| 392 | /* Return 1 if the given ACL is non-trivial. |
| 393 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ |
| 394 | int |
| 395 | acl_nontrivial (struct acl *a) |
| 396 | { |
| 397 | /* The normal way to iterate through an ACL is like this: |
| 398 | struct acl_entry *ace; |
| 399 | for (ace = a->acl_ext; ace != acl_last (a); ace = acl_nxt (ace)) |
| 400 | { |
| 401 | struct ace_id *aei; |
| 402 | switch (ace->ace_type) |
| 403 | { |
| 404 | case ACC_PERMIT: |
| 405 | case ACC_DENY: |
| 406 | case ACC_SPECIFY: |
| 407 | ...; |
| 408 | } |
| 409 | for (aei = ace->ace_id; aei != id_last (ace); aei = id_nxt (aei)) |
| 410 | ... |
| 411 | } |
| 412 | */ |
| 413 | return (acl_last (a) != a->acl_ext ? 1 : 0); |
| 414 | } |
| 415 | |
| 416 | # if HAVE_ACLX_GET && defined ACL_AIX_WIP /* newer AIX */ |
| 417 | |
| 418 | /* Return 1 if the given ACL is non-trivial. |
| 419 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ |
| 420 | int |
| 421 | acl_nfs4_nontrivial (nfs4_acl_int_t *a) |
| 422 | { |
| 423 | # if 1 /* let's try this first */ |
| 424 | return (a->aclEntryN > 0 ? 1 : 0); |
| 425 | # else |
| 426 | int count = a->aclEntryN; |
| 427 | int i; |
| 428 | |
| 429 | for (i = 0; i < count; i++) |
| 430 | { |
| 431 | nfs4_ace_int_t *ace = &a->aclEntry[i]; |
| 432 | |
| 433 | if (!((ace->flags & ACE4_ID_SPECIAL) != 0 |
| 434 | && (ace->aceWho.special_whoid == ACE4_WHO_OWNER |
| 435 | || ace->aceWho.special_whoid == ACE4_WHO_GROUP |
| 436 | || ace->aceWho.special_whoid == ACE4_WHO_EVERYONE) |
| 437 | && ace->aceType == ACE4_ACCESS_ALLOWED_ACE_TYPE |
| 438 | && ace->aceFlags == 0 |
| 439 | && (ace->aceMask & ~(ACE4_READ_DATA | ACE4_LIST_DIRECTORY |
| 440 | | ACE4_WRITE_DATA | ACE4_ADD_FILE |
| 441 | | ACE4_EXECUTE)) == 0)) |
| 442 | return 1; |
| 443 | } |
| 444 | return 0; |
| 445 | # endif |
| 446 | } |
| 447 | |
| 448 | # endif |
| 449 | |
| 450 | #elif USE_ACL && HAVE_ACLSORT /* NonStop Kernel */ |
| 451 | |
| 452 | /* Test an ACL retrieved with ACL_GET. |
| 453 | Return 1 if the given ACL, consisting of COUNT entries, is non-trivial. |
| 454 | Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */ |
| 455 | int |
| 456 | acl_nontrivial (int count, struct acl *entries) |
| 457 | { |
| 458 | int i; |
| 459 | |
| 460 | for (i = 0; i < count; i++) |
| 461 | { |
| 462 | struct acl *ace = &entries[i]; |
| 463 | |
| 464 | /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat(). |
| 465 | If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat(). |
| 466 | We don't need to check ace->a_id in these cases. */ |
| 467 | if (!(ace->a_type == USER_OBJ /* no need to check ace->a_id here */ |
| 468 | || ace->a_type == GROUP_OBJ /* no need to check ace->a_id here */ |
| 469 | || ace->a_type == CLASS_OBJ |
| 470 | || ace->a_type == OTHER_OBJ)) |
| 471 | return 1; |
| 472 | } |
| 473 | return 0; |
| 474 | } |
| 475 | |
| 476 | #endif |
| 477 | |
| 478 | |
| 479 | /* Return 1 if NAME has a nontrivial access control list, 0 if NAME |
| 480 | only has no or a base access control list, and -1 (setting errno) |
| 481 | on error. SB must be set to the stat buffer of NAME, obtained |
| 482 | through stat() or lstat(). */ |
| 483 | |
| 484 | int |
| 485 | file_has_acl (char const *name, struct stat const *sb) |
| 486 | { |
| 487 | #if USE_ACL |
| 488 | if (! S_ISLNK (sb->st_mode)) |
| 489 | { |
| 490 | # if HAVE_ACL_GET_FILE |
| 491 | |
| 492 | /* POSIX 1003.1e (draft 17 -- abandoned) specific version. */ |
| 493 | /* Linux, FreeBSD, Mac OS X, IRIX, Tru64 */ |
| 494 | int ret; |
| 495 | |
| 496 | if (HAVE_ACL_EXTENDED_FILE) /* Linux */ |
| 497 | { |
| 498 | /* On Linux, acl_extended_file is an optimized function: It only |
| 499 | makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for |
| 500 | ACL_TYPE_DEFAULT. */ |
| 501 | ret = acl_extended_file (name); |
| 502 | } |
| 503 | else /* FreeBSD, Mac OS X, IRIX, Tru64 */ |
| 504 | { |
| 505 | # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */ |
| 506 | /* On Mac OS X, acl_get_file (name, ACL_TYPE_ACCESS) |
| 507 | and acl_get_file (name, ACL_TYPE_DEFAULT) |
| 508 | always return NULL / EINVAL. There is no point in making |
| 509 | these two useless calls. The real ACL is retrieved through |
| 510 | acl_get_file (name, ACL_TYPE_EXTENDED). */ |
| 511 | acl_t acl = acl_get_file (name, ACL_TYPE_EXTENDED); |
| 512 | if (acl) |
| 513 | { |
| 514 | ret = acl_extended_nontrivial (acl); |
| 515 | acl_free (acl); |
| 516 | } |
| 517 | else |
| 518 | ret = -1; |
| 519 | # else /* FreeBSD, IRIX, Tru64 */ |
| 520 | acl_t acl = acl_get_file (name, ACL_TYPE_ACCESS); |
| 521 | if (acl) |
| 522 | { |
| 523 | int saved_errno; |
| 524 | |
| 525 | ret = acl_access_nontrivial (acl); |
| 526 | saved_errno = errno; |
| 527 | acl_free (acl); |
| 528 | errno = saved_errno; |
| 529 | # if HAVE_ACL_FREE_TEXT /* Tru64 */ |
| 530 | /* On OSF/1, acl_get_file (name, ACL_TYPE_DEFAULT) always |
| 531 | returns NULL with errno not set. There is no point in |
| 532 | making this call. */ |
| 533 | # else /* FreeBSD, IRIX */ |
| 534 | /* On Linux, FreeBSD, IRIX, acl_get_file (name, ACL_TYPE_ACCESS) |
| 535 | and acl_get_file (name, ACL_TYPE_DEFAULT) on a directory |
| 536 | either both succeed or both fail; it depends on the |
| 537 | file system. Therefore there is no point in making the second |
| 538 | call if the first one already failed. */ |
| 539 | if (ret == 0 && S_ISDIR (sb->st_mode)) |
| 540 | { |
| 541 | acl = acl_get_file (name, ACL_TYPE_DEFAULT); |
| 542 | if (acl) |
| 543 | { |
| 544 | ret = (0 < acl_entries (acl)); |
| 545 | acl_free (acl); |
| 546 | } |
| 547 | else |
| 548 | ret = -1; |
| 549 | } |
| 550 | # endif |
| 551 | } |
| 552 | else |
| 553 | ret = -1; |
| 554 | # endif |
| 555 | } |
| 556 | if (ret < 0) |
| 557 | return - acl_errno_valid (errno); |
| 558 | return ret; |
| 559 | |
| 560 | # elif HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */ |
| 561 | |
| 562 | # if defined ACL_NO_TRIVIAL |
| 563 | |
| 564 | /* Solaris 10 (newer version), which has additional API declared in |
| 565 | <sys/acl.h> (acl_t) and implemented in libsec (acl_set, acl_trivial, |
| 566 | acl_fromtext, ...). */ |
| 567 | return acl_trivial (name); |
| 568 | |
| 569 | # else /* Solaris, Cygwin, general case */ |
| 570 | |
| 571 | /* Solaris 2.5 through Solaris 10, Cygwin, and contemporaneous versions |
| 572 | of Unixware. The acl() call returns the access and default ACL both |
| 573 | at once. */ |
| 574 | { |
| 575 | /* Initially, try to read the entries into a stack-allocated buffer. |
| 576 | Use malloc if it does not fit. */ |
| 577 | enum |
| 578 | { |
| 579 | alloc_init = 4000 / sizeof (aclent_t), /* >= 3 */ |
| 580 | alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (aclent_t)) |
| 581 | }; |
| 582 | aclent_t buf[alloc_init]; |
| 583 | size_t alloc = alloc_init; |
| 584 | aclent_t *entries = buf; |
| 585 | aclent_t *malloced = NULL; |
| 586 | int count; |
| 587 | |
| 588 | for (;;) |
| 589 | { |
| 590 | count = acl (name, GETACL, alloc, entries); |
| 591 | if (count < 0 && errno == ENOSPC) |
| 592 | { |
| 593 | /* Increase the size of the buffer. */ |
| 594 | free (malloced); |
| 595 | if (alloc > alloc_max / 2) |
| 596 | { |
| 597 | errno = ENOMEM; |
| 598 | return -1; |
| 599 | } |
| 600 | alloc = 2 * alloc; /* <= alloc_max */ |
| 601 | entries = malloced = |
| 602 | (aclent_t *) malloc (alloc * sizeof (aclent_t)); |
| 603 | if (entries == NULL) |
| 604 | { |
| 605 | errno = ENOMEM; |
| 606 | return -1; |
| 607 | } |
| 608 | continue; |
| 609 | } |
| 610 | break; |
| 611 | } |
| 612 | if (count < 0) |
| 613 | { |
| 614 | if (errno == ENOSYS || errno == ENOTSUP) |
| 615 | ; |
| 616 | else |
| 617 | { |
| 618 | int saved_errno = errno; |
| 619 | free (malloced); |
| 620 | errno = saved_errno; |
| 621 | return -1; |
| 622 | } |
| 623 | } |
| 624 | else if (count == 0) |
| 625 | ; |
| 626 | else |
| 627 | { |
| 628 | /* Don't use MIN_ACL_ENTRIES: It's set to 4 on Cygwin, but Cygwin |
| 629 | returns only 3 entries for files with no ACL. But this is safe: |
| 630 | If there are more than 4 entries, there cannot be only the |
| 631 | "user::", "group::", "other:", and "mask:" entries. */ |
| 632 | if (count > 4) |
| 633 | { |
| 634 | free (malloced); |
| 635 | return 1; |
| 636 | } |
| 637 | |
| 638 | if (acl_nontrivial (count, entries)) |
| 639 | { |
| 640 | free (malloced); |
| 641 | return 1; |
| 642 | } |
| 643 | } |
| 644 | free (malloced); |
| 645 | } |
| 646 | |
| 647 | # ifdef ACE_GETACL |
| 648 | /* Solaris also has a different variant of ACLs, used in ZFS and NFSv4 |
| 649 | file systems (whereas the other ones are used in UFS file systems). */ |
| 650 | { |
| 651 | /* Initially, try to read the entries into a stack-allocated buffer. |
| 652 | Use malloc if it does not fit. */ |
| 653 | enum |
| 654 | { |
| 655 | alloc_init = 4000 / sizeof (ace_t), /* >= 3 */ |
| 656 | alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (ace_t)) |
| 657 | }; |
| 658 | ace_t buf[alloc_init]; |
| 659 | size_t alloc = alloc_init; |
| 660 | ace_t *entries = buf; |
| 661 | ace_t *malloced = NULL; |
| 662 | int count; |
| 663 | |
| 664 | for (;;) |
| 665 | { |
| 666 | count = acl (name, ACE_GETACL, alloc, entries); |
| 667 | if (count < 0 && errno == ENOSPC) |
| 668 | { |
| 669 | /* Increase the size of the buffer. */ |
| 670 | free (malloced); |
| 671 | if (alloc > alloc_max / 2) |
| 672 | { |
| 673 | errno = ENOMEM; |
| 674 | return -1; |
| 675 | } |
| 676 | alloc = 2 * alloc; /* <= alloc_max */ |
| 677 | entries = malloced = (ace_t *) malloc (alloc * sizeof (ace_t)); |
| 678 | if (entries == NULL) |
| 679 | { |
| 680 | errno = ENOMEM; |
| 681 | return -1; |
| 682 | } |
| 683 | continue; |
| 684 | } |
| 685 | break; |
| 686 | } |
| 687 | if (count < 0) |
| 688 | { |
| 689 | if (errno == ENOSYS || errno == EINVAL) |
| 690 | ; |
| 691 | else |
| 692 | { |
| 693 | int saved_errno = errno; |
| 694 | free (malloced); |
| 695 | errno = saved_errno; |
| 696 | return -1; |
| 697 | } |
| 698 | } |
| 699 | else if (count == 0) |
| 700 | ; |
| 701 | else |
| 702 | { |
| 703 | /* In the old (original Solaris 10) convention: |
| 704 | If there are more than 3 entries, there cannot be only the |
| 705 | ACE_OWNER, ACE_GROUP, ACE_OTHER entries. |
| 706 | In the newer Solaris 10 and Solaris 11 convention: |
| 707 | If there are more than 6 entries, there cannot be only the |
| 708 | ACE_OWNER, ACE_GROUP, ACE_EVERYONE entries, each once with |
| 709 | NEW_ACE_ACCESS_ALLOWED_ACE_TYPE and once with |
| 710 | NEW_ACE_ACCESS_DENIED_ACE_TYPE. */ |
| 711 | if (count > 6) |
| 712 | { |
| 713 | free (malloced); |
| 714 | return 1; |
| 715 | } |
| 716 | |
| 717 | if (acl_ace_nontrivial (count, entries)) |
| 718 | { |
| 719 | free (malloced); |
| 720 | return 1; |
| 721 | } |
| 722 | } |
| 723 | free (malloced); |
| 724 | } |
| 725 | # endif |
| 726 | |
| 727 | return 0; |
| 728 | # endif |
| 729 | |
| 730 | # elif HAVE_GETACL /* HP-UX */ |
| 731 | |
| 732 | { |
| 733 | struct acl_entry entries[NACLENTRIES]; |
| 734 | int count; |
| 735 | |
| 736 | count = getacl (name, NACLENTRIES, entries); |
| 737 | |
| 738 | if (count < 0) |
| 739 | { |
| 740 | /* ENOSYS is seen on newer HP-UX versions. |
| 741 | EOPNOTSUPP is typically seen on NFS mounts. |
| 742 | ENOTSUP was seen on Quantum StorNext file systems (cvfs). */ |
| 743 | if (errno == ENOSYS || errno == EOPNOTSUPP || errno == ENOTSUP) |
| 744 | ; |
| 745 | else |
| 746 | return -1; |
| 747 | } |
| 748 | else if (count == 0) |
| 749 | return 0; |
| 750 | else /* count > 0 */ |
| 751 | { |
| 752 | if (count > NACLENTRIES) |
| 753 | /* If NACLENTRIES cannot be trusted, use dynamic memory |
| 754 | allocation. */ |
| 755 | abort (); |
| 756 | |
| 757 | /* If there are more than 3 entries, there cannot be only the |
| 758 | (uid,%), (%,gid), (%,%) entries. */ |
| 759 | if (count > 3) |
| 760 | return 1; |
| 761 | |
| 762 | { |
| 763 | struct stat statbuf; |
| 764 | |
| 765 | if (stat (name, &statbuf) < 0) |
| 766 | return -1; |
| 767 | |
| 768 | return acl_nontrivial (count, entries, &statbuf); |
| 769 | } |
| 770 | } |
| 771 | } |
| 772 | |
| 773 | # if HAVE_ACLV_H /* HP-UX >= 11.11 */ |
| 774 | |
| 775 | { |
| 776 | struct acl entries[NACLVENTRIES]; |
| 777 | int count; |
| 778 | |
| 779 | count = acl ((char *) name, ACL_GET, NACLVENTRIES, entries); |
| 780 | |
| 781 | if (count < 0) |
| 782 | { |
| 783 | /* EOPNOTSUPP is seen on NFS in HP-UX 11.11, 11.23. |
| 784 | EINVAL is seen on NFS in HP-UX 11.31. */ |
| 785 | if (errno == ENOSYS || errno == EOPNOTSUPP || errno == EINVAL) |
| 786 | ; |
| 787 | else |
| 788 | return -1; |
| 789 | } |
| 790 | else if (count == 0) |
| 791 | return 0; |
| 792 | else /* count > 0 */ |
| 793 | { |
| 794 | if (count > NACLVENTRIES) |
| 795 | /* If NACLVENTRIES cannot be trusted, use dynamic memory |
| 796 | allocation. */ |
| 797 | abort (); |
| 798 | |
| 799 | /* If there are more than 4 entries, there cannot be only the |
| 800 | four base ACL entries. */ |
| 801 | if (count > 4) |
| 802 | return 1; |
| 803 | |
| 804 | return aclv_nontrivial (count, entries); |
| 805 | } |
| 806 | } |
| 807 | |
| 808 | # endif |
| 809 | |
| 810 | # elif HAVE_ACLX_GET && defined ACL_AIX_WIP /* AIX */ |
| 811 | |
| 812 | acl_type_t type; |
| 813 | char aclbuf[1024]; |
| 814 | void *acl = aclbuf; |
| 815 | size_t aclsize = sizeof (aclbuf); |
| 816 | mode_t mode; |
| 817 | |
| 818 | for (;;) |
| 819 | { |
| 820 | /* The docs say that type being 0 is equivalent to ACL_ANY, but it |
| 821 | is not true, in AIX 5.3. */ |
| 822 | type.u64 = ACL_ANY; |
| 823 | if (aclx_get (name, 0, &type, aclbuf, &aclsize, &mode) >= 0) |
| 824 | break; |
| 825 | if (errno == ENOSYS) |
| 826 | return 0; |
| 827 | if (errno != ENOSPC) |
| 828 | { |
| 829 | if (acl != aclbuf) |
| 830 | { |
| 831 | int saved_errno = errno; |
| 832 | free (acl); |
| 833 | errno = saved_errno; |
| 834 | } |
| 835 | return -1; |
| 836 | } |
| 837 | aclsize = 2 * aclsize; |
| 838 | if (acl != aclbuf) |
| 839 | free (acl); |
| 840 | acl = malloc (aclsize); |
| 841 | if (acl == NULL) |
| 842 | { |
| 843 | errno = ENOMEM; |
| 844 | return -1; |
| 845 | } |
| 846 | } |
| 847 | |
| 848 | if (type.u64 == ACL_AIXC) |
| 849 | { |
| 850 | int result = acl_nontrivial ((struct acl *) acl); |
| 851 | if (acl != aclbuf) |
| 852 | free (acl); |
| 853 | return result; |
| 854 | } |
| 855 | else if (type.u64 == ACL_NFS4) |
| 856 | { |
| 857 | int result = acl_nfs4_nontrivial ((nfs4_acl_int_t *) acl); |
| 858 | if (acl != aclbuf) |
| 859 | free (acl); |
| 860 | return result; |
| 861 | } |
| 862 | else |
| 863 | { |
| 864 | /* A newer type of ACL has been introduced in the system. |
| 865 | We should better support it. */ |
| 866 | if (acl != aclbuf) |
| 867 | free (acl); |
| 868 | errno = EINVAL; |
| 869 | return -1; |
| 870 | } |
| 871 | |
| 872 | # elif HAVE_STATACL /* older AIX */ |
| 873 | |
| 874 | union { struct acl a; char room[4096]; } u; |
| 875 | |
| 876 | if (statacl (name, STX_NORMAL, &u.a, sizeof (u)) < 0) |
| 877 | return -1; |
| 878 | |
| 879 | return acl_nontrivial (&u.a); |
| 880 | |
| 881 | # elif HAVE_ACLSORT /* NonStop Kernel */ |
| 882 | |
| 883 | { |
| 884 | struct acl entries[NACLENTRIES]; |
| 885 | int count; |
| 886 | |
| 887 | count = acl ((char *) name, ACL_GET, NACLENTRIES, entries); |
| 888 | |
| 889 | if (count < 0) |
| 890 | { |
| 891 | if (errno == ENOSYS || errno == ENOTSUP) |
| 892 | ; |
| 893 | else |
| 894 | return -1; |
| 895 | } |
| 896 | else if (count == 0) |
| 897 | return 0; |
| 898 | else /* count > 0 */ |
| 899 | { |
| 900 | if (count > NACLENTRIES) |
| 901 | /* If NACLENTRIES cannot be trusted, use dynamic memory |
| 902 | allocation. */ |
| 903 | abort (); |
| 904 | |
| 905 | /* If there are more than 4 entries, there cannot be only the |
| 906 | four base ACL entries. */ |
| 907 | if (count > 4) |
| 908 | return 1; |
| 909 | |
| 910 | return acl_nontrivial (count, entries); |
| 911 | } |
| 912 | } |
| 913 | |
| 914 | # endif |
| 915 | } |
| 916 | #endif |
| 917 | |
| 918 | return 0; |
| 919 | } |