xref: /freebsd/lib/libc/posix1e/acl_support.c (revision d4eeb02986980bf33dd56c41ceb9fc5f180c0d47)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 1999-2001, 2008 Robert N. M. Watson
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 /*
29  * Support functionality for the POSIX.1e ACL interface
30  * These calls are intended only to be called within the library.
31  */
32 
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
35 
36 #include <sys/types.h>
37 #include "namespace.h"
38 #include <sys/acl.h>
39 #include "un-namespace.h"
40 #include <errno.h>
41 #include <grp.h>
42 #include <pwd.h>
43 #include <stdio.h>
44 #include <stdlib.h>
45 #include <string.h>
46 #include <assert.h>
47 
48 #include "acl_support.h"
49 
50 #define ACL_STRING_PERM_WRITE   'w'
51 #define ACL_STRING_PERM_READ    'r'
52 #define ACL_STRING_PERM_EXEC    'x'
53 #define ACL_STRING_PERM_NONE    '-'
54 
55 /*
56  * Return 0, if both ACLs are identical.
57  */
58 int
59 _acl_differs(const acl_t a, const acl_t b)
60 {
61 	int i;
62 	struct acl_entry *entrya, *entryb;
63 
64 	assert(_acl_brand(a) == _acl_brand(b));
65 
66 	if (a->ats_acl.acl_cnt != b->ats_acl.acl_cnt)
67 		return (1);
68 
69 	for (i = 0; i < b->ats_acl.acl_cnt; i++) {
70 		entrya = &(a->ats_acl.acl_entry[i]);
71 		entryb = &(b->ats_acl.acl_entry[i]);
72 
73 		if (entrya->ae_tag != entryb->ae_tag ||
74 		    entrya->ae_id != entryb->ae_id ||
75 		    entrya->ae_perm != entryb->ae_perm ||
76 		    entrya->ae_entry_type != entryb->ae_entry_type ||
77 		    entrya->ae_flags != entryb->ae_flags)
78 			return (1);
79 	}
80 
81 	return (0);
82 }
83 
84 /*
85  * _posix1e_acl_entry_compare -- compare two acl_entry structures to
86  * determine the order they should appear in.  Used by _posix1e_acl_sort to
87  * sort ACL entries into the kernel-desired order -- i.e., the order useful
88  * for evaluation and O(n) validity checking.  Beter to have an O(nlogn) sort
89  * in userland and an O(n) in kernel than to have both in kernel.
90  */
91 typedef int (*compare)(const void *, const void *);
92 static int
93 _posix1e_acl_entry_compare(struct acl_entry *a, struct acl_entry *b)
94 {
95 
96 	assert(_entry_brand(a) == ACL_BRAND_POSIX);
97 	assert(_entry_brand(b) == ACL_BRAND_POSIX);
98 
99 	/*
100 	 * First, sort between tags -- conveniently defined in the correct
101 	 * order for verification.
102 	 */
103 	if (a->ae_tag < b->ae_tag)
104 		return (-1);
105 	if (a->ae_tag > b->ae_tag)
106 		return (1);
107 
108 	/*
109 	 * Next compare uids/gids on appropriate types.
110 	 */
111 
112 	if (a->ae_tag == ACL_USER || a->ae_tag == ACL_GROUP) {
113 		if (a->ae_id < b->ae_id)
114 			return (-1);
115 		if (a->ae_id > b->ae_id)
116 			return (1);
117 
118 		/* shouldn't be equal, fall through to the invalid case */
119 	}
120 
121 	/*
122 	 * Don't know how to sort multiple entries of the rest--either it's
123 	 * a bad entry, or there shouldn't be more than one.  Ignore and the
124 	 * validity checker can get it later.
125 	 */
126 	return (0);
127 }
128 
129 /*
130  * _posix1e_acl_sort -- sort ACL entries in POSIX.1e-formatted ACLs.
131  */
132 void
133 _posix1e_acl_sort(acl_t acl)
134 {
135 	struct acl *acl_int;
136 
137 	acl_int = &acl->ats_acl;
138 
139 	qsort(&acl_int->acl_entry[0], acl_int->acl_cnt,
140 	    sizeof(struct acl_entry), (compare) _posix1e_acl_entry_compare);
141 }
142 
143 /*
144  * acl_posix1e -- in what situations should we acl_sort before submission?
145  * We apply posix1e ACL semantics for any ACL of type ACL_TYPE_ACCESS or
146  * ACL_TYPE_DEFAULT
147  */
148 int
149 _posix1e_acl(acl_t acl, acl_type_t type)
150 {
151 
152 	if (_acl_brand(acl) != ACL_BRAND_POSIX)
153 		return (0);
154 
155 	return ((type == ACL_TYPE_ACCESS) || (type == ACL_TYPE_DEFAULT));
156 }
157 
158 /*
159  * _posix1e_acl_check -- given an ACL, check its validity.  This is mirrored
160  * from code in sys/kern/kern_acl.c, and if changes are made in one, they
161  * should be made in the other also.  This copy of acl_check is made
162  * available * in userland for the benefit of processes wanting to check ACLs
163  * for validity before submitting them to the kernel, or for performing
164  * in userland file system checking.  Needless to say, the kernel makes
165  * the real checks on calls to get/setacl.
166  *
167  * See the comments in kernel for explanation -- just briefly, it assumes
168  * an already sorted ACL, and checks based on that assumption.  The
169  * POSIX.1e interface, acl_valid(), will perform the sort before calling
170  * this.  Returns 0 on success, EINVAL on failure.
171  */
172 int
173 _posix1e_acl_check(acl_t acl)
174 {
175 	struct acl *acl_int;
176 	struct acl_entry	*entry; 	/* current entry */
177 	uid_t	highest_uid=0, highest_gid=0;
178 	int	stage = ACL_USER_OBJ;
179 	int	i = 0;
180 	int	count_user_obj=0, count_user=0, count_group_obj=0,
181 		count_group=0, count_mask=0, count_other=0;
182 
183 	acl_int = &acl->ats_acl;
184 
185 	/* printf("_posix1e_acl_check: checking acl with %d entries\n",
186 	    acl->acl_cnt); */
187 	while (i < acl_int->acl_cnt) {
188 		entry = &acl_int->acl_entry[i];
189 
190 		if ((entry->ae_perm | ACL_PERM_BITS) != ACL_PERM_BITS)
191 			return (EINVAL);
192 
193 		switch(entry->ae_tag) {
194 		case ACL_USER_OBJ:
195 			/* printf("_posix1e_acl_check: %d: ACL_USER_OBJ\n",
196 			    i); */
197 			if (stage > ACL_USER_OBJ)
198 				return (EINVAL);
199 			stage = ACL_USER;
200 			count_user_obj++;
201 			break;
202 
203 		case ACL_USER:
204 			/* printf("_posix1e_acl_check: %d: ACL_USER\n", i); */
205 			if (stage > ACL_USER)
206 				return (EINVAL);
207 			stage = ACL_USER;
208 			if (count_user && (entry->ae_id <= highest_uid))
209 				return (EINVAL);
210 			highest_uid = entry->ae_id;
211 			count_user++;
212 			break;
213 
214 		case ACL_GROUP_OBJ:
215 			/* printf("_posix1e_acl_check: %d: ACL_GROUP_OBJ\n",
216 			    i); */
217 			if (stage > ACL_GROUP_OBJ)
218 				return (EINVAL);
219 			stage = ACL_GROUP;
220 			count_group_obj++;
221 			break;
222 
223 		case ACL_GROUP:
224 			/* printf("_posix1e_acl_check: %d: ACL_GROUP\n", i); */
225 			if (stage > ACL_GROUP)
226 				return (EINVAL);
227 			stage = ACL_GROUP;
228 			if (count_group && (entry->ae_id <= highest_gid))
229 				return (EINVAL);
230 			highest_gid = entry->ae_id;
231 			count_group++;
232 			break;
233 
234 		case ACL_MASK:
235 			/* printf("_posix1e_acl_check: %d: ACL_MASK\n", i); */
236 			if (stage > ACL_MASK)
237 				return (EINVAL);
238 			stage = ACL_MASK;
239 			count_mask++;
240 			break;
241 
242 		case ACL_OTHER:
243 			/* printf("_posix1e_acl_check: %d: ACL_OTHER\n", i); */
244 			if (stage > ACL_OTHER)
245 				return (EINVAL);
246 			stage = ACL_OTHER;
247 			count_other++;
248 			break;
249 
250 		default:
251 			/* printf("_posix1e_acl_check: %d: INVALID\n", i); */
252 			return (EINVAL);
253 		}
254 		i++;
255 	}
256 
257 	if (count_user_obj != 1)
258 		return (EINVAL);
259 
260 	if (count_group_obj != 1)
261 		return (EINVAL);
262 
263 	if (count_mask != 0 && count_mask != 1)
264 		return (EINVAL);
265 
266 	if (count_other != 1)
267 		return (EINVAL);
268 
269 	return (0);
270 }
271 
272 /*
273  * Given a right-shifted permission (i.e., direct ACL_PERM_* mask), fill
274  * in a string describing the permissions.
275  */
276 int
277 _posix1e_acl_perm_to_string(acl_perm_t perm, ssize_t buf_len, char *buf)
278 {
279 
280 	if (buf_len < _POSIX1E_ACL_STRING_PERM_MAXSIZE + 1) {
281 		errno = ENOMEM;
282 		return (-1);
283 	}
284 
285 	if ((perm | ACL_PERM_BITS) != ACL_PERM_BITS) {
286 		errno = EINVAL;
287 		return (-1);
288 	}
289 
290 	buf[3] = 0;	/* null terminate */
291 
292 	if (perm & ACL_READ)
293 		buf[0] = ACL_STRING_PERM_READ;
294 	else
295 		buf[0] = ACL_STRING_PERM_NONE;
296 
297 	if (perm & ACL_WRITE)
298 		buf[1] = ACL_STRING_PERM_WRITE;
299 	else
300 		buf[1] = ACL_STRING_PERM_NONE;
301 
302 	if (perm & ACL_EXECUTE)
303 		buf[2] = ACL_STRING_PERM_EXEC;
304 	else
305 		buf[2] = ACL_STRING_PERM_NONE;
306 
307 	return (0);
308 }
309 
310 /*
311  * given a string, return a permission describing it
312  */
313 int
314 _posix1e_acl_string_to_perm(char *string, acl_perm_t *perm)
315 {
316 	acl_perm_t	myperm = ACL_PERM_NONE;
317 	char	*ch;
318 
319 	ch = string;
320 	while (*ch) {
321 		switch(*ch) {
322 		case ACL_STRING_PERM_READ:
323 			myperm |= ACL_READ;
324 			break;
325 		case ACL_STRING_PERM_WRITE:
326 			myperm |= ACL_WRITE;
327 			break;
328 		case ACL_STRING_PERM_EXEC:
329 			myperm |= ACL_EXECUTE;
330 			break;
331 		case ACL_STRING_PERM_NONE:
332 			break;
333 		default:
334 			return (EINVAL);
335 		}
336 		ch++;
337 	}
338 
339 	*perm = myperm;
340 	return (0);
341 }
342 
343 /*
344  * Add an ACL entry without doing much checking, et al
345  */
346 int
347 _posix1e_acl_add_entry(acl_t acl, acl_tag_t tag, uid_t id, acl_perm_t perm)
348 {
349 	struct acl		*acl_int;
350 	struct acl_entry	*e;
351 
352 	acl_int = &acl->ats_acl;
353 
354 	if (acl_int->acl_cnt >= ACL_MAX_ENTRIES) {
355 		errno = ENOMEM;
356 		return (-1);
357 	}
358 
359 	e = &(acl_int->acl_entry[acl_int->acl_cnt]);
360 	e->ae_perm = perm;
361 	e->ae_tag = tag;
362 	e->ae_id = id;
363 	acl_int->acl_cnt++;
364 
365 	return (0);
366 }
367 
368 /*
369  * Convert "old" type - ACL_TYPE_{ACCESS,DEFAULT}_OLD - into its "new"
370  * counterpart.  It's necessary for the old (pre-NFSv4 ACLs) binaries
371  * to work with new libc and kernel.  Fixing 'type' for old binaries with
372  * old libc and new kernel is being done by kern/vfs_acl.c:type_unold().
373  */
374 int
375 _acl_type_unold(acl_type_t type)
376 {
377 
378 	switch (type) {
379 	case ACL_TYPE_ACCESS_OLD:
380 		return (ACL_TYPE_ACCESS);
381 	case ACL_TYPE_DEFAULT_OLD:
382 		return (ACL_TYPE_DEFAULT);
383 	default:
384 		return (type);
385 	}
386 }
387 
388 char *
389 string_skip_whitespace(char *string)
390 {
391 
392 	while (*string && ((*string == ' ') || (*string == '\t')))
393 		string++;
394 
395 	return (string);
396 }
397 
398 void
399 string_trim_trailing_whitespace(char *string)
400 {
401 	char	*end;
402 
403 	if (*string == '\0')
404 		return;
405 
406 	end = string + strlen(string) - 1;
407 
408 	while (end != string) {
409 		if ((*end == ' ') || (*end == '\t')) {
410 			*end = '\0';
411 			end--;
412 		} else {
413 			return;
414 		}
415 	}
416 
417 	return;
418 }
419