1 /* 2 * Copyright (c) 2001-2002 Chris D. Faulhaber 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE 18 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 * POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #include <sys/types.h> 31 #include "namespace.h" 32 #include <sys/acl.h> 33 #include "un-namespace.h" 34 35 #include <errno.h> 36 #include <stdio.h> 37 38 /* 39 * acl_calc_mask() (23.4.2): calculate and set the permissions 40 * associated with the ACL_MASK ACL entry. If the ACL already 41 * contains an ACL_MASK entry, its permissions shall be 42 * overwritten; if not, one shall be added. 43 */ 44 int 45 acl_calc_mask(acl_t *acl_p) 46 { 47 struct acl *acl_int, *acl_int_new; 48 acl_t acl_new; 49 int i, mask_mode, mask_num; 50 51 /* 52 * (23.4.2.4) requires acl_p to point to a pointer to a valid ACL. 53 * Since one of the primary reasons to use this function would be 54 * to calculate the appropriate mask to obtain a valid ACL, we only 55 * perform sanity checks here and validate the ACL prior to 56 * returning. 57 */ 58 if (acl_p == NULL || *acl_p == NULL) { 59 errno = EINVAL; 60 return (-1); 61 } 62 acl_int = &(*acl_p)->ats_acl; 63 if ((acl_int->acl_cnt < 3) || (acl_int->acl_cnt > ACL_MAX_ENTRIES)) { 64 errno = EINVAL; 65 return (-1); 66 } 67 68 acl_new = acl_dup(*acl_p); 69 if (acl_new == NULL) 70 return (-1); 71 acl_int_new = &acl_new->ats_acl; 72 73 mask_mode = 0; 74 mask_num = -1; 75 76 /* gather permissions and find a mask entry */ 77 for (i = 0; i < acl_int_new->acl_cnt; i++) { 78 switch(acl_int_new->acl_entry[i].ae_tag) { 79 case ACL_USER: 80 case ACL_GROUP: 81 case ACL_GROUP_OBJ: 82 mask_mode |= 83 acl_int_new->acl_entry[i].ae_perm & ACL_PERM_BITS; 84 break; 85 case ACL_MASK: 86 mask_num = i; 87 break; 88 } 89 } 90 91 /* if a mask entry already exists, overwrite the perms */ 92 if (mask_num != -1) 93 acl_int_new->acl_entry[mask_num].ae_perm = mask_mode; 94 else { 95 /* if no mask exists, check acl_cnt... */ 96 if (acl_int_new->acl_cnt == ACL_MAX_ENTRIES) { 97 errno = ENOMEM; 98 return (-1); 99 } 100 /* ...and add the mask entry */ 101 acl_int_new->acl_entry[acl_int_new->acl_cnt].ae_tag = ACL_MASK; 102 acl_int_new->acl_entry[acl_int_new->acl_cnt].ae_id = 103 ACL_UNDEFINED_ID; 104 acl_int_new->acl_entry[acl_int_new->acl_cnt].ae_perm = 105 mask_mode; 106 acl_int_new->acl_cnt++; 107 } 108 109 if (acl_valid(acl_new) == -1) { 110 errno = EINVAL; 111 acl_free(acl_new); 112 return (-1); 113 } 114 115 **acl_p = *acl_new; 116 acl_free(acl_new); 117 118 return (0); 119 } 120