1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 __FBSDID("$FreeBSD$"); 30 31 #include <stdio.h> 32 #include <stdlib.h> 33 #include <unistd.h> 34 #include <errno.h> 35 #include <assert.h> 36 #include <string.h> 37 #include <pwd.h> 38 #include <grp.h> 39 #include <sys/syscall.h> 40 #include <sys/types.h> 41 #include <sys/acl.h> 42 43 #include "acl_support.h" 44 45 #define MAX_ENTRY_LENGTH 512 46 47 static int 48 format_who(char *str, size_t size, const acl_entry_t entry, int numeric) 49 { 50 int error; 51 acl_tag_t tag; 52 struct passwd *pwd; 53 struct group *grp; 54 uid_t *id; 55 56 error = acl_get_tag_type(entry, &tag); 57 if (error) 58 return (error); 59 60 switch (tag) { 61 case ACL_USER_OBJ: 62 snprintf(str, size, "owner@"); 63 break; 64 65 case ACL_USER: 66 id = (uid_t *)acl_get_qualifier(entry); 67 if (id == NULL) 68 return (-1); 69 /* XXX: Thread-unsafe. */ 70 if (!numeric) 71 pwd = getpwuid(*id); 72 else 73 pwd = NULL; 74 if (pwd == NULL) 75 snprintf(str, size, "user:%d", (unsigned int)*id); 76 else 77 snprintf(str, size, "user:%s", pwd->pw_name); 78 break; 79 80 case ACL_GROUP_OBJ: 81 snprintf(str, size, "group@"); 82 break; 83 84 case ACL_GROUP: 85 id = (uid_t *)acl_get_qualifier(entry); 86 if (id == NULL) 87 return (-1); 88 /* XXX: Thread-unsafe. */ 89 if (!numeric) 90 grp = getgrgid(*id); 91 else 92 grp = NULL; 93 if (grp == NULL) 94 snprintf(str, size, "group:%d", (unsigned int)*id); 95 else 96 snprintf(str, size, "group:%s", grp->gr_name); 97 break; 98 99 case ACL_EVERYONE: 100 snprintf(str, size, "everyone@"); 101 break; 102 103 default: 104 return (-1); 105 } 106 107 return (0); 108 } 109 110 static int 111 format_entry_type(char *str, size_t size, const acl_entry_t entry) 112 { 113 int error; 114 acl_entry_type_t entry_type; 115 116 error = acl_get_entry_type_np(entry, &entry_type); 117 if (error) 118 return (error); 119 120 switch (entry_type) { 121 case ACL_ENTRY_TYPE_ALLOW: 122 snprintf(str, size, "allow"); 123 break; 124 case ACL_ENTRY_TYPE_DENY: 125 snprintf(str, size, "deny"); 126 break; 127 case ACL_ENTRY_TYPE_AUDIT: 128 snprintf(str, size, "audit"); 129 break; 130 case ACL_ENTRY_TYPE_ALARM: 131 snprintf(str, size, "alarm"); 132 break; 133 default: 134 return (-1); 135 } 136 137 return (0); 138 } 139 140 static int 141 format_additional_id(char *str, size_t size, const acl_entry_t entry) 142 { 143 int error; 144 acl_tag_t tag; 145 uid_t *id; 146 147 error = acl_get_tag_type(entry, &tag); 148 if (error) 149 return (error); 150 151 switch (tag) { 152 case ACL_USER_OBJ: 153 case ACL_GROUP_OBJ: 154 case ACL_EVERYONE: 155 str[0] = '\0'; 156 break; 157 158 default: 159 id = (uid_t *)acl_get_qualifier(entry); 160 if (id == NULL) 161 return (-1); 162 snprintf(str, size, ":%d", (unsigned int)*id); 163 } 164 165 return (0); 166 } 167 168 static int 169 format_entry(char *str, size_t size, const acl_entry_t entry, int flags) 170 { 171 size_t off = 0, min_who_field_length = 18; 172 acl_permset_t permset; 173 acl_flagset_t flagset; 174 int error, len; 175 char buf[MAX_ENTRY_LENGTH + 1]; 176 177 assert(_entry_brand(entry) == ACL_BRAND_NFS4); 178 179 error = acl_get_flagset_np(entry, &flagset); 180 if (error) 181 return (error); 182 183 error = acl_get_permset(entry, &permset); 184 if (error) 185 return (error); 186 187 error = format_who(buf, sizeof(buf), entry, 188 flags & ACL_TEXT_NUMERIC_IDS); 189 if (error) 190 return (error); 191 len = strlen(buf); 192 if (len < min_who_field_length) 193 len = min_who_field_length; 194 off += snprintf(str + off, size - off, "%*s:", len, buf); 195 196 error = _nfs4_format_access_mask(buf, sizeof(buf), *permset, 197 flags & ACL_TEXT_VERBOSE); 198 if (error) 199 return (error); 200 off += snprintf(str + off, size - off, "%s:", buf); 201 202 error = _nfs4_format_flags(buf, sizeof(buf), *flagset, 203 flags & ACL_TEXT_VERBOSE); 204 if (error) 205 return (error); 206 off += snprintf(str + off, size - off, "%s:", buf); 207 208 error = format_entry_type(buf, sizeof(buf), entry); 209 if (error) 210 return (error); 211 off += snprintf(str + off, size - off, "%s", buf); 212 213 if (flags & ACL_TEXT_APPEND_ID) { 214 error = format_additional_id(buf, sizeof(buf), entry); 215 if (error) 216 return (error); 217 off += snprintf(str + off, size - off, "%s", buf); 218 } 219 220 off += snprintf(str + off, size - off, "\n"); 221 222 /* Make sure we didn't truncate anything. */ 223 assert (off < size); 224 225 return (0); 226 } 227 228 char * 229 _nfs4_acl_to_text_np(const acl_t aclp, ssize_t *len_p, int flags) 230 { 231 int error, off = 0, size, entry_id = ACL_FIRST_ENTRY; 232 char *str; 233 acl_entry_t entry; 234 235 if (aclp->ats_acl.acl_cnt == 0) 236 return strdup(""); 237 238 size = aclp->ats_acl.acl_cnt * MAX_ENTRY_LENGTH; 239 str = malloc(size); 240 if (str == NULL) 241 return (NULL); 242 243 while (acl_get_entry(aclp, entry_id, &entry) == 1) { 244 entry_id = ACL_NEXT_ENTRY; 245 246 assert(off < size); 247 248 error = format_entry(str + off, size - off, entry, flags); 249 if (error) { 250 free(str); 251 errno = EINVAL; 252 return (NULL); 253 } 254 255 off = strlen(str); 256 } 257 258 assert(off < size); 259 str[off] = '\0'; 260 261 if (len_p != NULL) 262 *len_p = off; 263 264 return (str); 265 } 266