1 /* 2 * Copyright (c) 2001-2002 Chris D. Faulhaber 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #include <sys/types.h> 31 #include "namespace.h" 32 #include <sys/acl.h> 33 #include "un-namespace.h" 34 35 #include <errno.h> 36 #include <stdio.h> 37 38 #include "acl_support.h" 39 40 /* 41 * acl_calc_mask() (23.4.2): calculate and set the permissions 42 * associated with the ACL_MASK ACL entry. If the ACL already 43 * contains an ACL_MASK entry, its permissions shall be 44 * overwritten; if not, one shall be added. 45 */ 46 int 47 acl_calc_mask(acl_t *acl_p) 48 { 49 struct acl *acl_int, *acl_int_new; 50 acl_t acl_new; 51 int i, mask_mode, mask_num; 52 53 if (!_acl_brand_may_be(*acl_p, ACL_BRAND_POSIX)) { 54 errno = EINVAL; 55 return (-1); 56 } 57 _acl_brand_as(*acl_p, ACL_BRAND_POSIX); 58 59 /* 60 * (23.4.2.4) requires acl_p to point to a pointer to a valid ACL. 61 * Since one of the primary reasons to use this function would be 62 * to calculate the appropriate mask to obtain a valid ACL, we only 63 * perform sanity checks here and validate the ACL prior to 64 * returning. 65 */ 66 if (acl_p == NULL || *acl_p == NULL) { 67 errno = EINVAL; 68 return (-1); 69 } 70 acl_int = &(*acl_p)->ats_acl; 71 if ((acl_int->acl_cnt < 3) || (acl_int->acl_cnt > ACL_MAX_ENTRIES)) { 72 errno = EINVAL; 73 return (-1); 74 } 75 76 acl_new = acl_dup(*acl_p); 77 if (acl_new == NULL) 78 return (-1); 79 acl_int_new = &acl_new->ats_acl; 80 81 mask_mode = 0; 82 mask_num = -1; 83 84 /* gather permissions and find a mask entry */ 85 for (i = 0; i < acl_int_new->acl_cnt; i++) { 86 switch(acl_int_new->acl_entry[i].ae_tag) { 87 case ACL_USER: 88 case ACL_GROUP: 89 case ACL_GROUP_OBJ: 90 mask_mode |= 91 acl_int_new->acl_entry[i].ae_perm & ACL_PERM_BITS; 92 break; 93 case ACL_MASK: 94 mask_num = i; 95 break; 96 } 97 } 98 99 /* if a mask entry already exists, overwrite the perms */ 100 if (mask_num != -1) 101 acl_int_new->acl_entry[mask_num].ae_perm = mask_mode; 102 else { 103 /* if no mask exists, check acl_cnt... */ 104 if (acl_int_new->acl_cnt == ACL_MAX_ENTRIES) { 105 errno = ENOMEM; 106 return (-1); 107 } 108 /* ...and add the mask entry */ 109 acl_int_new->acl_entry[acl_int_new->acl_cnt].ae_tag = ACL_MASK; 110 acl_int_new->acl_entry[acl_int_new->acl_cnt].ae_id = 111 ACL_UNDEFINED_ID; 112 acl_int_new->acl_entry[acl_int_new->acl_cnt].ae_perm = 113 mask_mode; 114 acl_int_new->acl_cnt++; 115 } 116 117 if (acl_valid(acl_new) == -1) { 118 errno = EINVAL; 119 acl_free(acl_new); 120 return (-1); 121 } 122 123 **acl_p = *acl_new; 124 acl_free(acl_new); 125 126 return (0); 127 } 128