/*-1* SPDX-License-Identifier: BSD-2-Clause2*3* Copyright (c) 2008, 2009 Edward Tomasz Napierała <[email protected]>4*5* Redistribution and use in source and binary forms, with or without6* modification, are permitted provided that the following conditions7* are met:8* 1. Redistributions of source code must retain the above copyright9* notice, this list of conditions and the following disclaimer.10* 2. Redistributions in binary form must reproduce the above copyright11* notice, this list of conditions and the following disclaimer in the12* documentation and/or other materials provided with the distribution.13*14* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND15* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE16* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE17* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE18* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL19* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS20* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)21* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT22* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY23* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF24* SUCH DAMAGE.25*/2627#include <assert.h>28#include <errno.h>29#include <sys/acl.h>3031#include "acl_support.h"3233/*34* An ugly detail of the implementation - fortunately not visible35* to the API users - is the "branding": libc needs to keep track36* of what "brand" ACL is: NFSv4, POSIX.1e or unknown. It happens37* automatically - for example, during acl_get_file(3) ACL gets38* branded according to the "type" argument; during acl_set_permset39* ACL, if its brand is unknown it gets branded as NFSv4 if any of the40* NFSv4 permissions that are not valid for POSIX.1e ACL are set etc.41* Branding information is used for printing out the ACL (acl_to_text(3)),42* veryfying acl_set_whatever arguments (checking against setting43* bits that are valid only for NFSv4 in ACL branded as POSIX.1e) etc.44*/4546static acl_t47entry2acl(acl_entry_t entry)48{49acl_t aclp;5051aclp = (acl_t)(((long)entry >> _ACL_T_ALIGNMENT_BITS) << _ACL_T_ALIGNMENT_BITS);5253return (aclp);54}5556/*57* Return brand of an ACL.58*/59int60_acl_brand(const acl_t acl)61{6263return (acl->ats_brand);64}6566int67_entry_brand(const acl_entry_t entry)68{6970return (_acl_brand(entry2acl(entry)));71}7273/*74* Return 1, iff branding ACL as "brand" is ok.75*/76int77_acl_brand_may_be(const acl_t acl, int brand)78{7980if (_acl_brand(acl) == ACL_BRAND_UNKNOWN)81return (1);8283if (_acl_brand(acl) == brand)84return (1);8586return (0);87}8889int90_entry_brand_may_be(const acl_entry_t entry, int brand)91{9293return (_acl_brand_may_be(entry2acl(entry), brand));94}9596/*97* Brand ACL as "brand".98*/99void100_acl_brand_as(acl_t acl, int brand)101{102103assert(_acl_brand_may_be(acl, brand));104105acl->ats_brand = brand;106}107108void109_entry_brand_as(const acl_entry_t entry, int brand)110{111112_acl_brand_as(entry2acl(entry), brand);113}114115int116_acl_type_not_valid_for_acl(const acl_t acl, acl_type_t type)117{118119switch (_acl_brand(acl)) {120case ACL_BRAND_NFS4:121if (type == ACL_TYPE_NFS4)122return (0);123break;124125case ACL_BRAND_POSIX:126if (type == ACL_TYPE_ACCESS || type == ACL_TYPE_DEFAULT)127return (0);128break;129130case ACL_BRAND_UNKNOWN:131return (0);132}133134return (-1);135}136137void138_acl_brand_from_type(acl_t acl, acl_type_t type)139{140141switch (type) {142case ACL_TYPE_NFS4:143_acl_brand_as(acl, ACL_BRAND_NFS4);144break;145case ACL_TYPE_ACCESS:146case ACL_TYPE_DEFAULT:147_acl_brand_as(acl, ACL_BRAND_POSIX);148break;149default:150/* XXX: What to do here? */151break;152}153}154155int156acl_get_brand_np(acl_t acl, int *brand_p)157{158159if (acl == NULL || brand_p == NULL) {160errno = EINVAL;161return (-1);162}163*brand_p = _acl_brand(acl);164165return (0);166}167168169