Lines Matching +full:mode +full:- +full:xxx
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 1999-2006 Robert N. M. Watson
71 * Look for a normal, non-privileged way to access the file/directory in vaccess_acl_posix1e()
119 for (i = 0; i < acl->acl_cnt; i++) { in vaccess_acl_posix1e()
120 switch (acl->acl_entry[i].ae_tag) { in vaccess_acl_posix1e()
122 if (file_uid != cred->cr_uid) in vaccess_acl_posix1e()
126 if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) in vaccess_acl_posix1e()
128 if (acl->acl_entry[i].ae_perm & ACL_READ) in vaccess_acl_posix1e()
130 if (acl->acl_entry[i].ae_perm & ACL_WRITE) in vaccess_acl_posix1e()
145 acl_mask = &acl->acl_entry[i]; in vaccess_acl_posix1e()
149 acl_other = &acl->acl_entry[i]; in vaccess_acl_posix1e()
165 * XXX This should never happen in vaccess_acl_posix1e()
180 if (acl_mask->ae_perm & ACL_EXECUTE) in vaccess_acl_posix1e()
182 if (acl_mask->ae_perm & ACL_READ) in vaccess_acl_posix1e()
184 if (acl_mask->ae_perm & ACL_WRITE) in vaccess_acl_posix1e()
194 for (i = 0; i < acl->acl_cnt; i++) { in vaccess_acl_posix1e()
195 switch (acl->acl_entry[i].ae_tag) { in vaccess_acl_posix1e()
197 if (acl->acl_entry[i].ae_id != cred->cr_uid) in vaccess_acl_posix1e()
200 if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) in vaccess_acl_posix1e()
202 if (acl->acl_entry[i].ae_perm & ACL_READ) in vaccess_acl_posix1e()
204 if (acl->acl_entry[i].ae_perm & ACL_WRITE) in vaccess_acl_posix1e()
221 * Group match is best-match, not first-match, so find a "best" in vaccess_acl_posix1e()
228 for (i = 0; i < acl->acl_cnt; i++) { in vaccess_acl_posix1e()
229 switch (acl->acl_entry[i].ae_tag) { in vaccess_acl_posix1e()
234 if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) in vaccess_acl_posix1e()
236 if (acl->acl_entry[i].ae_perm & ACL_READ) in vaccess_acl_posix1e()
238 if (acl->acl_entry[i].ae_perm & ACL_WRITE) in vaccess_acl_posix1e()
249 if (!groupmember(acl->acl_entry[i].ae_id, cred)) in vaccess_acl_posix1e()
252 if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) in vaccess_acl_posix1e()
254 if (acl->acl_entry[i].ae_perm & ACL_READ) in vaccess_acl_posix1e()
256 if (acl->acl_entry[i].ae_perm & ACL_WRITE) in vaccess_acl_posix1e()
276 for (i = 0; i < acl->acl_cnt; i++) { in vaccess_acl_posix1e()
277 switch (acl->acl_entry[i].ae_tag) { in vaccess_acl_posix1e()
282 if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) in vaccess_acl_posix1e()
284 if (acl->acl_entry[i].ae_perm & ACL_READ) in vaccess_acl_posix1e()
286 if (acl->acl_entry[i].ae_perm & ACL_WRITE) in vaccess_acl_posix1e()
300 if (!groupmember(acl->acl_entry[i].ae_id, in vaccess_acl_posix1e()
304 if (acl->acl_entry[i].ae_perm & ACL_EXECUTE) in vaccess_acl_posix1e()
306 if (acl->acl_entry[i].ae_perm & ACL_READ) in vaccess_acl_posix1e()
308 if (acl->acl_entry[i].ae_perm & ACL_WRITE) in vaccess_acl_posix1e()
336 if (acl_other->ae_perm & ACL_EXECUTE) in vaccess_acl_posix1e()
338 if (acl_other->ae_perm & ACL_READ) in vaccess_acl_posix1e()
340 if (acl_other->ae_perm & ACL_WRITE) in vaccess_acl_posix1e()
362 acl_posix1e_mode_to_perm(acl_tag_t tag, mode_t mode) in acl_posix1e_mode_to_perm() argument
368 if (mode & S_IXUSR) in acl_posix1e_mode_to_perm()
370 if (mode & S_IRUSR) in acl_posix1e_mode_to_perm()
372 if (mode & S_IWUSR) in acl_posix1e_mode_to_perm()
377 if (mode & S_IXGRP) in acl_posix1e_mode_to_perm()
379 if (mode & S_IRGRP) in acl_posix1e_mode_to_perm()
381 if (mode & S_IWGRP) in acl_posix1e_mode_to_perm()
386 if (mode & S_IXOTH) in acl_posix1e_mode_to_perm()
388 if (mode & S_IROTH) in acl_posix1e_mode_to_perm()
390 if (mode & S_IWOTH) in acl_posix1e_mode_to_perm()
401 * Given inode information (uid, gid, mode), return an acl entry of the
405 acl_posix1e_mode_to_entry(acl_tag_t tag, uid_t uid, gid_t gid, mode_t mode) in acl_posix1e_mode_to_entry() argument
410 acl_entry.ae_perm = acl_posix1e_mode_to_perm(tag, mode); in acl_posix1e_mode_to_entry()
435 * Utility function to generate a file mode given appropriate ACL entries.
441 mode_t mode; in acl_posix1e_perms_to_mode() local
443 mode = 0; in acl_posix1e_perms_to_mode()
444 if (acl_user_obj_entry->ae_perm & ACL_EXECUTE) in acl_posix1e_perms_to_mode()
445 mode |= S_IXUSR; in acl_posix1e_perms_to_mode()
446 if (acl_user_obj_entry->ae_perm & ACL_READ) in acl_posix1e_perms_to_mode()
447 mode |= S_IRUSR; in acl_posix1e_perms_to_mode()
448 if (acl_user_obj_entry->ae_perm & ACL_WRITE) in acl_posix1e_perms_to_mode()
449 mode |= S_IWUSR; in acl_posix1e_perms_to_mode()
450 if (acl_group_obj_entry->ae_perm & ACL_EXECUTE) in acl_posix1e_perms_to_mode()
451 mode |= S_IXGRP; in acl_posix1e_perms_to_mode()
452 if (acl_group_obj_entry->ae_perm & ACL_READ) in acl_posix1e_perms_to_mode()
453 mode |= S_IRGRP; in acl_posix1e_perms_to_mode()
454 if (acl_group_obj_entry->ae_perm & ACL_WRITE) in acl_posix1e_perms_to_mode()
455 mode |= S_IWGRP; in acl_posix1e_perms_to_mode()
456 if (acl_other_entry->ae_perm & ACL_EXECUTE) in acl_posix1e_perms_to_mode()
457 mode |= S_IXOTH; in acl_posix1e_perms_to_mode()
458 if (acl_other_entry->ae_perm & ACL_READ) in acl_posix1e_perms_to_mode()
459 mode |= S_IROTH; in acl_posix1e_perms_to_mode()
460 if (acl_other_entry->ae_perm & ACL_WRITE) in acl_posix1e_perms_to_mode()
461 mode |= S_IWOTH; in acl_posix1e_perms_to_mode()
463 return (mode); in acl_posix1e_perms_to_mode()
467 * Utility function to generate a file mode given a complete POSIX.1e access
478 * Find the ACL entries relevant to a POSIX permission mode. in acl_posix1e_acl_to_mode()
481 for (i = 0; i < acl->acl_cnt; i++) { in acl_posix1e_acl_to_mode()
482 switch (acl->acl_entry[i].ae_tag) { in acl_posix1e_acl_to_mode()
484 acl_user_obj = &acl->acl_entry[i]; in acl_posix1e_acl_to_mode()
488 acl_group_obj = &acl->acl_entry[i]; in acl_posix1e_acl_to_mode()
492 acl_other = &acl->acl_entry[i]; in acl_posix1e_acl_to_mode()
496 acl_mask = &acl->acl_entry[i]; in acl_posix1e_acl_to_mode()
513 * the mode "group" bits with its permissions. If there isn't, we in acl_posix1e_acl_to_mode()
555 if (acl->acl_cnt > ACL_MAX_ENTRIES) in acl_posix1e_check()
557 for (i = 0; i < acl->acl_cnt; i++) { in acl_posix1e_check()
561 switch(acl->acl_entry[i].ae_tag) { in acl_posix1e_check()
563 acl->acl_entry[i].ae_id = ACL_UNDEFINED_ID; /* XXX */ in acl_posix1e_check()
564 if (acl->acl_entry[i].ae_id != ACL_UNDEFINED_ID) in acl_posix1e_check()
569 acl->acl_entry[i].ae_id = ACL_UNDEFINED_ID; /* XXX */ in acl_posix1e_check()
570 if (acl->acl_entry[i].ae_id != ACL_UNDEFINED_ID) in acl_posix1e_check()
575 if (acl->acl_entry[i].ae_id == ACL_UNDEFINED_ID) in acl_posix1e_check()
580 if (acl->acl_entry[i].ae_id == ACL_UNDEFINED_ID) in acl_posix1e_check()
585 acl->acl_entry[i].ae_id = ACL_UNDEFINED_ID; /* XXX */ in acl_posix1e_check()
586 if (acl->acl_entry[i].ae_id != ACL_UNDEFINED_ID) in acl_posix1e_check()
591 acl->acl_entry[i].ae_id = ACL_UNDEFINED_ID; /* XXX */ in acl_posix1e_check()
592 if (acl->acl_entry[i].ae_id != ACL_UNDEFINED_ID) in acl_posix1e_check()
602 if ((acl->acl_entry[i].ae_perm | ACL_PERM_BITS) != in acl_posix1e_check()
616 * Given a requested mode for a new object, and a default ACL, combine the
617 * two to produce a new mode. Be careful not to clear any bits that aren't
620 * per-filesystem-code.
625 mode_t mode; in acl_posix1e_newfilemode() local
627 mode = cmode; in acl_posix1e_newfilemode()
630 * set in *both* the ACL and the requested creation mode for it to in acl_posix1e_newfilemode()
631 * appear in the resulting mode/ACL. First clear any possibly in acl_posix1e_newfilemode()
634 mode &= ACL_PRESERVE_MASK; in acl_posix1e_newfilemode()
635 mode |= (ACL_OVERRIDE_MASK & cmode & acl_posix1e_acl_to_mode(dacl)); in acl_posix1e_newfilemode()
637 return (mode); in acl_posix1e_newfilemode()
653 /* XXX TODO */ in acl_posix1e_modload()
658 /* XXX TODO */ in acl_posix1e_modload()