common/acl/acl_common.c

	acl_common.c revision f48205be61a214698b763ff550ab9e657525104c
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * CDDL HEADER START
fa9e4066f08beec538e775443c5be79dd423fcabahrens *
fa9e4066f08beec538e775443c5be79dd423fcabahrens * The contents of this file are subject to the terms of the
f48205be61a214698b763ff550ab9e657525104ccasper * Common Development and Distribution License (the "License").
f48205be61a214698b763ff550ab9e657525104ccasper * You may not use this file except in compliance with the License.
fa9e4066f08beec538e775443c5be79dd423fcabahrens *
fa9e4066f08beec538e775443c5be79dd423fcabahrens * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
fa9e4066f08beec538e775443c5be79dd423fcabahrens * or http://www.opensolaris.org/os/licensing.
fa9e4066f08beec538e775443c5be79dd423fcabahrens * See the License for the specific language governing permissions
fa9e4066f08beec538e775443c5be79dd423fcabahrens * and limitations under the License.
fa9e4066f08beec538e775443c5be79dd423fcabahrens *
fa9e4066f08beec538e775443c5be79dd423fcabahrens * When distributing Covered Code, include this CDDL HEADER in each
fa9e4066f08beec538e775443c5be79dd423fcabahrens * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
fa9e4066f08beec538e775443c5be79dd423fcabahrens * If applicable, add the following below this CDDL HEADER, with the
fa9e4066f08beec538e775443c5be79dd423fcabahrens * fields enclosed by brackets "[]" replaced with your own identifying
fa9e4066f08beec538e775443c5be79dd423fcabahrens * information: Portions Copyright [yyyy] [name of copyright owner]
fa9e4066f08beec538e775443c5be79dd423fcabahrens *
fa9e4066f08beec538e775443c5be79dd423fcabahrens * CDDL HEADER END
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
f48205be61a214698b763ff550ab9e657525104ccasper * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
fa9e4066f08beec538e775443c5be79dd423fcabahrens * Use is subject to license terms.
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens#pragma ident   "%Z%%M% %I% %E% SMI"
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <sys/types.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <sys/acl.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <sys/stat.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#if defined(_KERNEL)
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <sys/systm.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#else
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <errno.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <stdlib.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <strings.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#include <assert.h>
fa9e4066f08beec538e775443c5be79dd423fcabahrens#define ASSERT  assert
fa9e4066f08beec538e775443c5be79dd423fcabahrens#endif
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrensace_t trivial_acl[] = {
f48205be61a214698b763ff550ab9e657525104ccasper    {(uid_t)-1, 0, ACE_OWNER, ACE_ACCESS_DENIED_ACE_TYPE},
f48205be61a214698b763ff550ab9e657525104ccasper    {(uid_t)-1, ACE_WRITE_ACL|ACE_WRITE_OWNER|ACE_WRITE_ATTRIBUTES|
fa9e4066f08beec538e775443c5be79dd423fcabahrens        ACE_WRITE_NAMED_ATTRS, ACE_OWNER, ACE_ACCESS_ALLOWED_ACE_TYPE},
f48205be61a214698b763ff550ab9e657525104ccasper    {(uid_t)-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP,
f48205be61a214698b763ff550ab9e657525104ccasper        ACE_ACCESS_DENIED_ACE_TYPE},
f48205be61a214698b763ff550ab9e657525104ccasper    {(uid_t)-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP,
f48205be61a214698b763ff550ab9e657525104ccasper        ACE_ACCESS_ALLOWED_ACE_TYPE},
f48205be61a214698b763ff550ab9e657525104ccasper    {(uid_t)-1, ACE_WRITE_ACL|ACE_WRITE_OWNER| ACE_WRITE_ATTRIBUTES|
fa9e4066f08beec538e775443c5be79dd423fcabahrens        ACE_WRITE_NAMED_ATTRS, ACE_EVERYONE, ACE_ACCESS_DENIED_ACE_TYPE},
f48205be61a214698b763ff550ab9e657525104ccasper    {(uid_t)-1, ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_NAMED_ATTRS|
fa9e4066f08beec538e775443c5be79dd423fcabahrens        ACE_SYNCHRONIZE, ACE_EVERYONE, ACE_ACCESS_ALLOWED_ACE_TYPE}
fa9e4066f08beec538e775443c5be79dd423fcabahrens};
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrensvoid
fa9e4066f08beec538e775443c5be79dd423fcabahrensadjust_ace_pair(ace_t *pair, mode_t mode)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (mode & S_IROTH)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        pair[1].a_access_mask |= ACE_READ_DATA;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    else
fa9e4066f08beec538e775443c5be79dd423fcabahrens        pair[0].a_access_mask |= ACE_READ_DATA;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (mode & S_IWOTH)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        pair[1].a_access_mask |=
fa9e4066f08beec538e775443c5be79dd423fcabahrens            ACE_WRITE_DATA|ACE_APPEND_DATA;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    else
fa9e4066f08beec538e775443c5be79dd423fcabahrens        pair[0].a_access_mask |=
fa9e4066f08beec538e775443c5be79dd423fcabahrens            ACE_WRITE_DATA|ACE_APPEND_DATA;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (mode & S_IXOTH)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        pair[1].a_access_mask |= ACE_EXECUTE;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    else
fa9e4066f08beec538e775443c5be79dd423fcabahrens        pair[0].a_access_mask |= ACE_EXECUTE;
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * ace_trivial:
fa9e4066f08beec538e775443c5be79dd423fcabahrens * determine whether an ace_t acl is trivial
fa9e4066f08beec538e775443c5be79dd423fcabahrens *
fa9e4066f08beec538e775443c5be79dd423fcabahrens * Trivialness implys that the acl is composed of only
fa9e4066f08beec538e775443c5be79dd423fcabahrens * owner, group, everyone entries.  ACL can't
fa9e4066f08beec538e775443c5be79dd423fcabahrens * have read_acl denied, and write_owner/write_acl/write_attributes
fa9e4066f08beec538e775443c5be79dd423fcabahrens * can only be owner@ entry.
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrensace_trivial(ace_t *acep, int aclcnt)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int i;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int owner_seen = 0;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int group_seen = 0;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int everyone_seen = 0;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    for (i = 0; i != aclcnt; i++) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        switch (acep[i].a_flags & 0xf040) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        case ACE_OWNER:
fa9e4066f08beec538e775443c5be79dd423fcabahrens            if (group_seen || everyone_seen)
fa9e4066f08beec538e775443c5be79dd423fcabahrens                return (1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens            owner_seen++;
fa9e4066f08beec538e775443c5be79dd423fcabahrens            break;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        case ACE_GROUP|ACE_IDENTIFIER_GROUP:
fa9e4066f08beec538e775443c5be79dd423fcabahrens            if (everyone_seen || owner_seen == 0)
fa9e4066f08beec538e775443c5be79dd423fcabahrens                return (1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens            group_seen++;
fa9e4066f08beec538e775443c5be79dd423fcabahrens            break;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens        case ACE_EVERYONE:
fa9e4066f08beec538e775443c5be79dd423fcabahrens            if (owner_seen == 0 || group_seen == 0)
fa9e4066f08beec538e775443c5be79dd423fcabahrens                return (1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens            everyone_seen++;
fa9e4066f08beec538e775443c5be79dd423fcabahrens            break;
fa9e4066f08beec538e775443c5be79dd423fcabahrens        default:
fa9e4066f08beec538e775443c5be79dd423fcabahrens            return (1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens        }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens        if (acep[i].a_flags & (ACE_FILE_INHERIT_ACE|
fa9e4066f08beec538e775443c5be79dd423fcabahrens            ACE_DIRECTORY_INHERIT_ACE|ACE_NO_PROPAGATE_INHERIT_ACE|
fa9e4066f08beec538e775443c5be79dd423fcabahrens            ACE_INHERIT_ONLY_ACE))
fa9e4066f08beec538e775443c5be79dd423fcabahrens            return (1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens        /*
fa9e4066f08beec538e775443c5be79dd423fcabahrens         * Special check for some special bits
fa9e4066f08beec538e775443c5be79dd423fcabahrens         *
de122929e7c37df60cbea70616404e22d20e025bmarks         * Don't allow anybody to deny reading basic
de122929e7c37df60cbea70616404e22d20e025bmarks         * attributes or a files ACL.
fa9e4066f08beec538e775443c5be79dd423fcabahrens         */
de122929e7c37df60cbea70616404e22d20e025bmarks        if ((acep[i].a_access_mask &
de122929e7c37df60cbea70616404e22d20e025bmarks            (ACE_READ_ACL|ACE_READ_ATTRIBUTES)) &&
fa9e4066f08beec538e775443c5be79dd423fcabahrens            (acep[i].a_type == ACE_ACCESS_DENIED_ACE_TYPE))
fa9e4066f08beec538e775443c5be79dd423fcabahrens            return (1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens        /*
fa9e4066f08beec538e775443c5be79dd423fcabahrens         * Allow on owner@ to allow
fa9e4066f08beec538e775443c5be79dd423fcabahrens         * write_acl/write_owner/write_attributes
fa9e4066f08beec538e775443c5be79dd423fcabahrens         */
fa9e4066f08beec538e775443c5be79dd423fcabahrens        if (acep[i].a_type == ACE_ACCESS_ALLOWED_ACE_TYPE &&
fa9e4066f08beec538e775443c5be79dd423fcabahrens            (!(acep[i].a_flags & ACE_OWNER) && (acep[i].a_access_mask &
fa9e4066f08beec538e775443c5be79dd423fcabahrens            (ACE_WRITE_OWNER|ACE_WRITE_ACL|ACE_WRITE_ATTRIBUTES))))
fa9e4066f08beec538e775443c5be79dd423fcabahrens            return (1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if ((owner_seen == 0) || (group_seen == 0) || (everyone_seen == 0))
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (0);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * Generic shellsort, from K&R (1st ed, p 58.), somewhat modified.
fa9e4066f08beec538e775443c5be79dd423fcabahrens * v = Ptr to array/vector of objs
fa9e4066f08beec538e775443c5be79dd423fcabahrens * n = # objs in the array
fa9e4066f08beec538e775443c5be79dd423fcabahrens * s = size of each obj (must be multiples of a word size)
fa9e4066f08beec538e775443c5be79dd423fcabahrens * f = ptr to function to compare two objs
fa9e4066f08beec538e775443c5be79dd423fcabahrens *  returns (-1 = less than, 0 = equal, 1 = greater than
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrensvoid
fa9e4066f08beec538e775443c5be79dd423fcabahrensksort(caddr_t v, int n, int s, int (*f)())
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    int g, i, j, ii;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    unsigned int *p1, *p2;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    unsigned int tmp;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /* No work to do */
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (v == NULL || n <= 1)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /* Sanity check on arguments */
fa9e4066f08beec538e775443c5be79dd423fcabahrens    ASSERT(((uintptr_t)v & 0x3) == 0 && (s & 0x3) == 0);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    ASSERT(s > 0);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    for (g = n / 2; g > 0; g /= 2) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens        for (i = g; i < n; i++) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens            for (j = i - g; j >= 0 &&
fa9e4066f08beec538e775443c5be79dd423fcabahrens                (*f)(v + j * s, v + (j + g) * s) == 1;
fa9e4066f08beec538e775443c5be79dd423fcabahrens                    j -= g) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens                p1 = (void *)(v + j * s);
fa9e4066f08beec538e775443c5be79dd423fcabahrens                p2 = (void *)(v + (j + g) * s);
fa9e4066f08beec538e775443c5be79dd423fcabahrens                for (ii = 0; ii < s / 4; ii++) {
fa9e4066f08beec538e775443c5be79dd423fcabahrens                    tmp = *p1;
fa9e4066f08beec538e775443c5be79dd423fcabahrens                    *p1++ = *p2;
fa9e4066f08beec538e775443c5be79dd423fcabahrens                    *p2++ = tmp;
fa9e4066f08beec538e775443c5be79dd423fcabahrens                }
fa9e4066f08beec538e775443c5be79dd423fcabahrens            }
fa9e4066f08beec538e775443c5be79dd423fcabahrens        }
fa9e4066f08beec538e775443c5be79dd423fcabahrens    }
fa9e4066f08beec538e775443c5be79dd423fcabahrens}
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens/*
fa9e4066f08beec538e775443c5be79dd423fcabahrens * Compare two acls, all fields.  Returns:
fa9e4066f08beec538e775443c5be79dd423fcabahrens * -1 (less than)
fa9e4066f08beec538e775443c5be79dd423fcabahrens *  0 (equal)
fa9e4066f08beec538e775443c5be79dd423fcabahrens * +1 (greater than)
fa9e4066f08beec538e775443c5be79dd423fcabahrens */
fa9e4066f08beec538e775443c5be79dd423fcabahrensint
fa9e4066f08beec538e775443c5be79dd423fcabahrenscmp2acls(void *a, void *b)
fa9e4066f08beec538e775443c5be79dd423fcabahrens{
fa9e4066f08beec538e775443c5be79dd423fcabahrens    aclent_t *x = (aclent_t *)a;
fa9e4066f08beec538e775443c5be79dd423fcabahrens    aclent_t *y = (aclent_t *)b;
fa9e4066f08beec538e775443c5be79dd423fcabahrens
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /* Compare types */
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (x->a_type < y->a_type)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (x->a_type > y->a_type)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /* Equal types; compare id's */
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (x->a_id < y->a_id)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (x->a_id > y->a_id)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /* Equal ids; compare perms */
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (x->a_perm < y->a_perm)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (-1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    if (x->a_perm > y->a_perm)
fa9e4066f08beec538e775443c5be79dd423fcabahrens        return (1);
fa9e4066f08beec538e775443c5be79dd423fcabahrens    /* Totally equal */
fa9e4066f08beec538e775443c5be79dd423fcabahrens    return (0);
fa9e4066f08beec538e775443c5be79dd423fcabahrens}