diff --git a/lib/libc/posix1e/Makefile.inc b/lib/libc/posix1e/Makefile.inc --- a/lib/libc/posix1e/Makefile.inc +++ b/lib/libc/posix1e/Makefile.inc @@ -18,6 +18,7 @@ acl_entry.c \ acl_flag.c \ acl_free.c \ + acl_from_mode_np.c \ acl_from_text.c \ acl_from_text_nfs4.c \ acl_get.c \ @@ -54,6 +55,7 @@ acl_delete_perm.3 \ acl_dup.3 \ acl_free.3 \ + acl_from_mode_np.3 \ acl_from_text.3 \ acl_get.3 \ acl_get_brand_np.3 \ diff --git a/lib/libc/posix1e/Symbol.map b/lib/libc/posix1e/Symbol.map --- a/lib/libc/posix1e/Symbol.map +++ b/lib/libc/posix1e/Symbol.map @@ -84,3 +84,7 @@ acl_strip_np; acl_to_text_np; }; + +FBSD_1.7 { + acl_from_mode_np; +}; diff --git a/lib/libc/posix1e/acl_from_mode_np.3 b/lib/libc/posix1e/acl_from_mode_np.3 new file mode 100644 --- /dev/null +++ b/lib/libc/posix1e/acl_from_mode_np.3 @@ -0,0 +1,95 @@ +.\"- +.\" Copyright (c) 2021 Gleb Popov +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd January 20, 2021 +.Dt ACL_FROM_MODE_NP 3 +.Os +.Sh NAME +.Nm acl_from_mode_np +.Nd create an ACL from status information +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/types.h +.In sys/acl.h +.Ft acl_t +.Fn acl_from_mode_np "const mode_t mode" +.Sh DESCRIPTION +The +.Fn acl_from_mode_np +function is a non-portable call that converts the permissions set referred to by +.Va mode +into the corresponding minimal ACL structure, appropriate for applying to +files or manipulating. +.Pp +This function causes memory to be allocated. +The caller should free any +free-able memory, when the new ACL is no longer required, by calling +.Xr acl_free 3 +with the +.Va (void *)acl_t +as an argument. +.Sh RETURN VALUES +Upon successful completion, the function returns a pointer to the +internal representation of the ACL in working storage. +Otherwise, a value +of +.Va (acl_t)NULL +is returned, and +.Va errno +is set to indicate the error. +.Sh ERRORS +If any of the following conditions occur, the +.Fn acl_from_mode_np +function returns a value of +.Va (acl_t)NULL +and set +.Va errno +to the corresponding value: +.Bl -tag -width Er +.It Bq Er ENOMEM +The ACL working storage requires more memory than is allowed by the +hardware or system-imposed memory management constraints. +.El +.Sh SEE ALSO +.Xr acl 3 , +.Xr acl_free 3 , +.Xr acl_from_text 3 , +.Xr posix1e 3 +.Sh STANDARDS +POSIX.1e is described in IEEE POSIX.1e draft 17. +Discussion +of the draft continues on the cross-platform POSIX.1e implementation +mailing list. +To join this list, see the +.Fx +POSIX.1e implementation +page for more information. +.Sh HISTORY +POSIX.1e support was introduced in +.Fx 4.0 , +and development continues. +.Sh AUTHORS +.An Gleb Popov diff --git a/lib/libc/posix1e/acl_from_mode_np.c b/lib/libc/posix1e/acl_from_mode_np.c new file mode 100644 --- /dev/null +++ b/lib/libc/posix1e/acl_from_mode_np.c @@ -0,0 +1,115 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * + * Copyright (c) 2021 Robert N M Watson, Gleb Popov + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* + * acl_from_mode_np: Create an ACL from a mode_t. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include + +/* + * return an ACL corresponding to the permissions + * contained in mode_t + */ +acl_t +acl_from_mode_np(const mode_t mode) +{ + acl_t acl; + acl_entry_t entry; + acl_permset_t perms; + + /* create the ACL */ + acl = acl_init(3); + /* here and below, the only possible reason to fail is ENOMEM, so + * no need to set errno again + */ + if (acl == NULL) + return (NULL); + + /* First entry: ACL_USER_OBJ */ + if (acl_create_entry(&acl, &entry) == -1) + return (NULL); + /* TODO: need to handle error there and below? */ + acl_set_tag_type(entry, ACL_USER_OBJ); + + acl_get_permset(entry, &perms); + acl_clear_perms(perms); + + /* calculate user mode */ + if (mode & S_IRUSR) + acl_add_perm(perms, ACL_READ); + if (mode & S_IWUSR) + acl_add_perm(perms, ACL_WRITE); + if (mode & S_IXUSR) + acl_add_perm(perms, ACL_EXECUTE); + + acl_set_permset(entry, perms); + + /* Second entry: ACL_GROUP_OBJ */ + if (acl_create_entry(&acl, &entry) == -1) + return (NULL); + acl_set_tag_type(entry, ACL_GROUP_OBJ); + + acl_get_permset(entry, &perms); + acl_clear_perms(perms); + + /* calculate group mode */ + if (mode & S_IRGRP) + acl_add_perm(perms, ACL_READ); + if (mode & S_IWGRP) + acl_add_perm(perms, ACL_WRITE); + if (mode & S_IXGRP) + acl_add_perm(perms, ACL_EXECUTE); + + acl_set_permset(entry, perms); + + /* Third entry: ACL_OTHER */ + if (acl_create_entry(&acl, &entry) == -1) + return (NULL); + acl_set_tag_type(entry, ACL_OTHER); + + acl_get_permset(entry, &perms); + acl_clear_perms(perms); + + /* calculate other mode */ + if (mode & S_IROTH) + acl_add_perm(perms, ACL_READ); + if (mode & S_IWOTH) + acl_add_perm(perms, ACL_WRITE); + if (mode & S_IXOTH) + acl_add_perm(perms, ACL_EXECUTE); + + acl_set_permset(entry, perms); + + return (acl); +} diff --git a/sys/sys/acl.h b/sys/sys/acl.h --- a/sys/sys/acl.h +++ b/sys/sys/acl.h @@ -30,7 +30,7 @@ * * $FreeBSD$ */ -/* +/* * Developed by the TrustedBSD Project. * Support for POSIX.1e and NFSv4 access control lists. */ @@ -379,6 +379,7 @@ int acl_delete_perm(acl_permset_t _permset_d, acl_perm_t _perm); acl_t acl_dup(acl_t _acl); int acl_free(void *_obj_p); +acl_t acl_from_mode_np(const mode_t mode); acl_t acl_from_text(const char *_buf_p); int acl_get_brand_np(acl_t _acl, int *_brand_p); int acl_get_entry(acl_t _acl, int _entry_id, acl_entry_t *_entry_p);