1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <sys/cdefs.h>
30 #if 0
31 __FBSDID("$FreeBSD: head/lib/libc/posix1e/acl_branding.c 326193 2017-11-25 17:12:48Z pfg $");
32 #else
33 __RCSID("$NetBSD: acl_branding.c,v 1.2 2024/01/20 14:52:48 christos Exp $");
34 #endif
35
36 #include <assert.h>
37 #include <errno.h>
38 #include <sys/acl.h>
39
40 #include "acl_support.h"
41
42 /*
43 * An ugly detail of the implementation - fortunately not visible
44 * to the API users - is the "branding": libc needs to keep track
45 * of what "brand" ACL is: NFSv4, POSIX.1e or unknown. It happens
46 * automatically - for example, during acl_get_file(3) ACL gets
47 * branded according to the "type" argument; during acl_set_permset
48 * ACL, if its brand is unknown it gets branded as NFSv4 if any of the
49 * NFSv4 permissions that are not valid for POSIX.1e ACL are set etc.
50 * Branding information is used for printing out the ACL (acl_to_text(3)),
51 * veryfying acl_set_whatever arguments (checking against setting
52 * bits that are valid only for NFSv4 in ACL branded as POSIX.1e) etc.
53 */
54
55 static acl_t
entry2acl(acl_entry_t entry)56 entry2acl(acl_entry_t entry)
57 {
58 acl_t aclp;
59
60 aclp = (acl_t)(((unsigned long)entry >> _ACL_T_ALIGNMENT_BITS) << _ACL_T_ALIGNMENT_BITS);
61
62 return (aclp);
63 }
64
65 /*
66 * Return brand of an ACL.
67 */
68 int
_acl_brand(const acl_t acl)69 _acl_brand(const acl_t acl)
70 {
71
72 return (acl->ats_brand);
73 }
74
75 int
_entry_brand(const acl_entry_t entry)76 _entry_brand(const acl_entry_t entry)
77 {
78
79 return (_acl_brand(entry2acl(entry)));
80 }
81
82 /*
83 * Return 1, iff branding ACL as "brand" is ok.
84 */
85 int
_acl_brand_may_be(const acl_t acl,int brand)86 _acl_brand_may_be(const acl_t acl, int brand)
87 {
88
89 if (_acl_brand(acl) == ACL_BRAND_UNKNOWN)
90 return (1);
91
92 if (_acl_brand(acl) == brand)
93 return (1);
94
95 return (0);
96 }
97
98 int
_entry_brand_may_be(const acl_entry_t entry,int brand)99 _entry_brand_may_be(const acl_entry_t entry, int brand)
100 {
101
102 return (_acl_brand_may_be(entry2acl(entry), brand));
103 }
104
105 /*
106 * Brand ACL as "brand".
107 */
108 void
_acl_brand_as(acl_t acl,int brand)109 _acl_brand_as(acl_t acl, int brand)
110 {
111
112 assert(_acl_brand_may_be(acl, brand));
113
114 acl->ats_brand = brand;
115 }
116
117 void
_entry_brand_as(const acl_entry_t entry,int brand)118 _entry_brand_as(const acl_entry_t entry, int brand)
119 {
120
121 _acl_brand_as(entry2acl(entry), brand);
122 }
123
124 int
_acl_type_not_valid_for_acl(const acl_t acl,acl_type_t type)125 _acl_type_not_valid_for_acl(const acl_t acl, acl_type_t type)
126 {
127
128 switch (_acl_brand(acl)) {
129 case ACL_BRAND_NFS4:
130 if (type == ACL_TYPE_NFS4)
131 return (0);
132 break;
133
134 case ACL_BRAND_POSIX:
135 if (type == ACL_TYPE_ACCESS || type == ACL_TYPE_DEFAULT)
136 return (0);
137 break;
138
139 case ACL_BRAND_UNKNOWN:
140 return (0);
141 }
142
143 return (-1);
144 }
145
146 void
_acl_brand_from_type(acl_t acl,acl_type_t type)147 _acl_brand_from_type(acl_t acl, acl_type_t type)
148 {
149
150 switch (type) {
151 case ACL_TYPE_NFS4:
152 _acl_brand_as(acl, ACL_BRAND_NFS4);
153 break;
154 case ACL_TYPE_ACCESS:
155 case ACL_TYPE_DEFAULT:
156 _acl_brand_as(acl, ACL_BRAND_POSIX);
157 break;
158 default:
159 /* XXX: What to do here? */
160 break;
161 }
162 }
163
164 int
acl_get_brand_np(acl_t acl,int * brand_p)165 acl_get_brand_np(acl_t acl, int *brand_p)
166 {
167
168 if (acl == NULL || brand_p == NULL) {
169 errno = EINVAL;
170 return (-1);
171 }
172 *brand_p = _acl_brand(acl);
173
174 return (0);
175 }
176