1*00b67f09SDavid van Moolenbroek /* $NetBSD: fsaccess.c,v 1.4 2014/12/10 04:37:59 christos Exp $ */
2*00b67f09SDavid van Moolenbroek
3*00b67f09SDavid van Moolenbroek /*
4*00b67f09SDavid van Moolenbroek * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
5*00b67f09SDavid van Moolenbroek * Copyright (C) 2000, 2001 Internet Software Consortium.
6*00b67f09SDavid van Moolenbroek *
7*00b67f09SDavid van Moolenbroek * Permission to use, copy, modify, and/or distribute this software for any
8*00b67f09SDavid van Moolenbroek * purpose with or without fee is hereby granted, provided that the above
9*00b67f09SDavid van Moolenbroek * copyright notice and this permission notice appear in all copies.
10*00b67f09SDavid van Moolenbroek *
11*00b67f09SDavid van Moolenbroek * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12*00b67f09SDavid van Moolenbroek * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13*00b67f09SDavid van Moolenbroek * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14*00b67f09SDavid van Moolenbroek * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15*00b67f09SDavid van Moolenbroek * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16*00b67f09SDavid van Moolenbroek * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17*00b67f09SDavid van Moolenbroek * PERFORMANCE OF THIS SOFTWARE.
18*00b67f09SDavid van Moolenbroek */
19*00b67f09SDavid van Moolenbroek
20*00b67f09SDavid van Moolenbroek /* Id: fsaccess.c,v 1.10 2007/06/19 23:47:17 tbox Exp */
21*00b67f09SDavid van Moolenbroek
22*00b67f09SDavid van Moolenbroek /*! \file
23*00b67f09SDavid van Moolenbroek * \brief
24*00b67f09SDavid van Moolenbroek * This file contains the OS-independent functionality of the API.
25*00b67f09SDavid van Moolenbroek */
26*00b67f09SDavid van Moolenbroek #include <isc/fsaccess.h>
27*00b67f09SDavid van Moolenbroek #include <isc/result.h>
28*00b67f09SDavid van Moolenbroek #include <isc/util.h>
29*00b67f09SDavid van Moolenbroek
30*00b67f09SDavid van Moolenbroek /*!
31*00b67f09SDavid van Moolenbroek * Shorthand. Maybe ISC__FSACCESS_PERMISSIONBITS should not even be in
32*00b67f09SDavid van Moolenbroek * <isc/fsaccess.h>. Could check consistency with sizeof(isc_fsaccess_t)
33*00b67f09SDavid van Moolenbroek * and the number of bits in each function.
34*00b67f09SDavid van Moolenbroek */
35*00b67f09SDavid van Moolenbroek #define STEP (ISC__FSACCESS_PERMISSIONBITS)
36*00b67f09SDavid van Moolenbroek #define GROUP (STEP)
37*00b67f09SDavid van Moolenbroek #define OTHER (STEP * 2)
38*00b67f09SDavid van Moolenbroek
39*00b67f09SDavid van Moolenbroek void
isc_fsaccess_add(int trustee,int permission,isc_fsaccess_t * access)40*00b67f09SDavid van Moolenbroek isc_fsaccess_add(int trustee, int permission, isc_fsaccess_t *access) {
41*00b67f09SDavid van Moolenbroek REQUIRE(trustee <= 0x7);
42*00b67f09SDavid van Moolenbroek REQUIRE(permission <= 0xFF);
43*00b67f09SDavid van Moolenbroek
44*00b67f09SDavid van Moolenbroek if ((trustee & ISC_FSACCESS_OWNER) != 0)
45*00b67f09SDavid van Moolenbroek *access |= permission;
46*00b67f09SDavid van Moolenbroek
47*00b67f09SDavid van Moolenbroek if ((trustee & ISC_FSACCESS_GROUP) != 0)
48*00b67f09SDavid van Moolenbroek *access |= (permission << GROUP);
49*00b67f09SDavid van Moolenbroek
50*00b67f09SDavid van Moolenbroek if ((trustee & ISC_FSACCESS_OTHER) != 0)
51*00b67f09SDavid van Moolenbroek *access |= (permission << OTHER);
52*00b67f09SDavid van Moolenbroek }
53*00b67f09SDavid van Moolenbroek
54*00b67f09SDavid van Moolenbroek void
isc_fsaccess_remove(int trustee,int permission,isc_fsaccess_t * access)55*00b67f09SDavid van Moolenbroek isc_fsaccess_remove(int trustee, int permission, isc_fsaccess_t *access) {
56*00b67f09SDavid van Moolenbroek REQUIRE(trustee <= 0x7);
57*00b67f09SDavid van Moolenbroek REQUIRE(permission <= 0xFF);
58*00b67f09SDavid van Moolenbroek
59*00b67f09SDavid van Moolenbroek
60*00b67f09SDavid van Moolenbroek if ((trustee & ISC_FSACCESS_OWNER) != 0)
61*00b67f09SDavid van Moolenbroek *access &= ~permission;
62*00b67f09SDavid van Moolenbroek
63*00b67f09SDavid van Moolenbroek if ((trustee & ISC_FSACCESS_GROUP) != 0)
64*00b67f09SDavid van Moolenbroek *access &= ~(permission << GROUP);
65*00b67f09SDavid van Moolenbroek
66*00b67f09SDavid van Moolenbroek if ((trustee & ISC_FSACCESS_OTHER) != 0)
67*00b67f09SDavid van Moolenbroek *access &= ~(permission << OTHER);
68*00b67f09SDavid van Moolenbroek }
69*00b67f09SDavid van Moolenbroek
70*00b67f09SDavid van Moolenbroek static isc_result_t
check_bad_bits(isc_fsaccess_t access,isc_boolean_t is_dir)71*00b67f09SDavid van Moolenbroek check_bad_bits(isc_fsaccess_t access, isc_boolean_t is_dir) {
72*00b67f09SDavid van Moolenbroek isc_fsaccess_t bits;
73*00b67f09SDavid van Moolenbroek
74*00b67f09SDavid van Moolenbroek /*
75*00b67f09SDavid van Moolenbroek * Check for disallowed user bits.
76*00b67f09SDavid van Moolenbroek */
77*00b67f09SDavid van Moolenbroek if (is_dir)
78*00b67f09SDavid van Moolenbroek bits = ISC_FSACCESS_READ |
79*00b67f09SDavid van Moolenbroek ISC_FSACCESS_WRITE |
80*00b67f09SDavid van Moolenbroek ISC_FSACCESS_EXECUTE;
81*00b67f09SDavid van Moolenbroek else
82*00b67f09SDavid van Moolenbroek bits = ISC_FSACCESS_CREATECHILD |
83*00b67f09SDavid van Moolenbroek ISC_FSACCESS_ACCESSCHILD |
84*00b67f09SDavid van Moolenbroek ISC_FSACCESS_DELETECHILD |
85*00b67f09SDavid van Moolenbroek ISC_FSACCESS_LISTDIRECTORY;
86*00b67f09SDavid van Moolenbroek
87*00b67f09SDavid van Moolenbroek /*
88*00b67f09SDavid van Moolenbroek * Set group bad bits.
89*00b67f09SDavid van Moolenbroek */
90*00b67f09SDavid van Moolenbroek bits |= bits << STEP;
91*00b67f09SDavid van Moolenbroek /*
92*00b67f09SDavid van Moolenbroek * Set other bad bits.
93*00b67f09SDavid van Moolenbroek */
94*00b67f09SDavid van Moolenbroek bits |= bits << STEP;
95*00b67f09SDavid van Moolenbroek
96*00b67f09SDavid van Moolenbroek if ((access & bits) != 0) {
97*00b67f09SDavid van Moolenbroek if (is_dir)
98*00b67f09SDavid van Moolenbroek return (ISC_R_NOTFILE);
99*00b67f09SDavid van Moolenbroek else
100*00b67f09SDavid van Moolenbroek return (ISC_R_NOTDIRECTORY);
101*00b67f09SDavid van Moolenbroek }
102*00b67f09SDavid van Moolenbroek
103*00b67f09SDavid van Moolenbroek return (ISC_R_SUCCESS);
104*00b67f09SDavid van Moolenbroek }
105