File Manager

003 File Manager

Current Path: /usr/src/sys/kern

📁 ..
📄 Make.tags.inc(2.13 KB)
📄 Makefile(302 B)
📄 bus_if.m(26.31 KB)
📄 capabilities.conf(13.67 KB)
📄 clock_if.m(1.7 KB)
📄 cpufreq_if.m(2.27 KB)
📄 device_if.m(10.41 KB)
📄 firmw.S(2.15 KB)
📄 genassym.sh(1.11 KB)
📄 genoffset.c(1.68 KB)
📄 genoffset.sh(3.58 KB)
📄 imgact_aout.c(9.45 KB)
📄 imgact_binmisc.c(18.64 KB)
📄 imgact_elf.c(76.32 KB)
📄 imgact_elf32.c(1.47 KB)
📄 imgact_elf64.c(1.47 KB)
📄 imgact_shell.c(8.41 KB)
📄 init_main.c(24.31 KB)
📄 init_sysent.c(95.3 KB)
📄 kern_acct.c(19.03 KB)
📄 kern_alq.c(24.97 KB)
📄 kern_clock.c(21.12 KB)
📄 kern_clocksource.c(23.34 KB)
📄 kern_condvar.c(11.28 KB)
📄 kern_conf.c(36.14 KB)
📄 kern_cons.c(15.75 KB)
📄 kern_context.c(3.59 KB)
📄 kern_cpu.c(30.77 KB)
📄 kern_cpuset.c(59.78 KB)
📄 kern_ctf.c(8.73 KB)
📄 kern_descrip.c(112.87 KB)
📄 kern_dtrace.c(2.94 KB)
📄 kern_dump.c(8.51 KB)
📄 kern_environment.c(22.75 KB)
📄 kern_et.c(7.1 KB)
📄 kern_event.c(62.49 KB)
📄 kern_exec.c(46.67 KB)
📄 kern_exit.c(34.61 KB)
📄 kern_fail.c(29.32 KB)
📄 kern_ffclock.c(12.66 KB)
📄 kern_fork.c(28.29 KB)
📄 kern_hhook.c(13.58 KB)
📄 kern_idle.c(2.74 KB)
📄 kern_intr.c(40.44 KB)
📄 kern_jail.c(112.67 KB)
📄 kern_kcov.c(15.32 KB)
📄 kern_khelp.c(9.45 KB)
📄 kern_kthread.c(11.8 KB)
📄 kern_ktr.c(11.93 KB)
📄 kern_ktrace.c(31.41 KB)
📄 kern_linker.c(54.3 KB)
📄 kern_lock.c(46.99 KB)
📄 kern_lockf.c(64.46 KB)
📄 kern_lockstat.c(3.8 KB)
📄 kern_loginclass.c(6.69 KB)
📄 kern_malloc.c(37.09 KB)
📄 kern_mbuf.c(43.16 KB)
📄 kern_mib.c(24.26 KB)
📄 kern_module.c(11.05 KB)
📄 kern_mtxpool.c(5.82 KB)
📄 kern_mutex.c(33.62 KB)
📄 kern_ntptime.c(32.49 KB)
📄 kern_osd.c(12.37 KB)
📄 kern_physio.c(5.74 KB)
📄 kern_pmc.c(8.89 KB)
📄 kern_poll.c(15.86 KB)
📄 kern_priv.c(9.14 KB)
📄 kern_proc.c(80.01 KB)
📄 kern_procctl.c(19.48 KB)
📄 kern_prot.c(57.94 KB)
📄 kern_racct.c(34.01 KB)
📄 kern_rangelock.c(8.67 KB)
📄 kern_rctl.c(53.87 KB)
📄 kern_resource.c(36.66 KB)
📄 kern_rmlock.c(28.27 KB)
📄 kern_rwlock.c(40.72 KB)
📄 kern_sdt.c(2.05 KB)
📄 kern_sema.c(4.85 KB)
📄 kern_sendfile.c(33.97 KB)
📄 kern_sharedpage.c(10.37 KB)
📄 kern_shutdown.c(43.34 KB)
📄 kern_sig.c(101.89 KB)
📄 kern_switch.c(13.85 KB)
📄 kern_sx.c(40.27 KB)
📄 kern_synch.c(18.17 KB)
📄 kern_syscalls.c(6.74 KB)
📄 kern_sysctl.c(67.24 KB)
📄 kern_tc.c(55.73 KB)
📄 kern_thr.c(14.14 KB)
📄 kern_thread.c(41.75 KB)
📄 kern_time.c(40.89 KB)
📄 kern_timeout.c(43.08 KB)
📄 kern_tslog.c(3.44 KB)
📄 kern_ubsan.c(50.74 KB)
📄 kern_umtx.c(107.14 KB)
📄 kern_uuid.c(11.68 KB)
📄 kern_xxx.c(10.44 KB)
📄 ksched.c(6.56 KB)
📄 link_elf.c(47.99 KB)
📄 link_elf_obj.c(44.41 KB)
📄 linker_if.m(3.96 KB)
📄 makesyscalls.sh(23.57 KB)
📄 md4c.c(7.89 KB)
📄 md5c.c(9.56 KB)
📄 msi_if.m(2.48 KB)
📄 p1003_1b.c(8.84 KB)
📄 pic_if.m(3.9 KB)
📄 posix4_mib.c(5.59 KB)
📄 sched_4bsd.c(45.03 KB)
📄 sched_ule.c(82.65 KB)
📄 serdev_if.m(3.49 KB)
📄 stack_protector.c(613 B)
📄 subr_acl_nfs4.c(37.42 KB)
📄 subr_acl_posix1e.c(17.71 KB)
📄 subr_atomic64.c(3.97 KB)
📄 subr_autoconf.c(7.7 KB)
📄 subr_blist.c(31.88 KB)
📄 subr_boot.c(5.8 KB)
📄 subr_bufring.c(2.21 KB)
📄 subr_bus.c(145.4 KB)
📄 subr_bus_dma.c(19.67 KB)
📄 subr_busdma_bufalloc.c(5.24 KB)
📄 subr_capability.c(11.93 KB)
📄 subr_clock.c(10.61 KB)
📄 subr_compressor.c(13.11 KB)
📄 subr_counter.c(4.44 KB)
📄 subr_coverage.c(6.17 KB)
📄 subr_csan.c(25.39 KB)
📄 subr_devmap.c(9.8 KB)
📄 subr_devstat.c(16.21 KB)
📄 subr_disk.c(8.54 KB)
📄 subr_dummy_vdso_tc.c(1.7 KB)
📄 subr_early.c(2.26 KB)
📄 subr_epoch.c(25.02 KB)
📄 subr_eventhandler.c(9.17 KB)
📄 subr_fattime.c(9.98 KB)
📄 subr_filter.c(12.2 KB)
📄 subr_firmware.c(13.88 KB)
📄 subr_gtaskqueue.c(20.19 KB)
📄 subr_hash.c(4.8 KB)
📄 subr_hints.c(12.87 KB)
📄 subr_intr.c(40.61 KB)
📄 subr_kdb.c(16.13 KB)
📄 subr_kobj.c(7.1 KB)
📄 subr_lock.c(18.81 KB)
📄 subr_log.c(7.64 KB)
📄 subr_mchain.c(11.06 KB)
📄 subr_module.c(12.98 KB)
📄 subr_msgbuf.c(10.6 KB)
📄 subr_param.c(10.93 KB)
📄 subr_pcpu.c(10.18 KB)
📄 subr_pctrie.c(20.99 KB)
📄 subr_physmem.c(11.52 KB)
📄 subr_pidctrl.c(5.43 KB)
📄 subr_power.c(3.13 KB)
📄 subr_prf.c(27.42 KB)
📄 subr_prng.c(3.36 KB)
📄 subr_prof.c(15.43 KB)
📄 subr_rangeset.c(8.5 KB)
📄 subr_rman.c(27.61 KB)
📄 subr_rtc.c(11.42 KB)
📄 subr_sbuf.c(20.53 KB)
📄 subr_scanf.c(15.59 KB)
📄 subr_sfbuf.c(6.17 KB)
📄 subr_sglist.c(22.83 KB)
📄 subr_sleepqueue.c(39.43 KB)
📄 subr_smp.c(31.62 KB)
📄 subr_smr.c(20.17 KB)
📄 subr_stack.c(6.47 KB)
📄 subr_stats.c(103.01 KB)
📄 subr_syscall.c(7.98 KB)
📄 subr_taskqueue.c(21.1 KB)
📄 subr_terminal.c(15.52 KB)
📄 subr_trap.c(10.87 KB)
📄 subr_turnstile.c(35.58 KB)
📄 subr_uio.c(11.38 KB)
📄 subr_unit.c(22.97 KB)
📄 subr_vmem.c(43.25 KB)
📄 subr_witness.c(84.59 KB)
📄 sys_capability.c(15.06 KB)
📄 sys_eventfd.c(8.42 KB)
📄 sys_generic.c(44.22 KB)
📄 sys_getrandom.c(4.21 KB)
📄 sys_pipe.c(45.14 KB)
📄 sys_procdesc.c(14.57 KB)
📄 sys_process.c(30.73 KB)
📄 sys_socket.c(20.11 KB)
📄 syscalls.c(22.73 KB)
📄 syscalls.master(60.26 KB)
📄 systrace_args.c(178.49 KB)
📄 sysv_ipc.c(6.53 KB)
📄 sysv_msg.c(48.65 KB)
📄 sysv_sem.c(49.85 KB)
📄 sysv_shm.c(43.93 KB)
📄 tty.c(55.14 KB)
📄 tty_compat.c(11.46 KB)
📄 tty_info.c(9.93 KB)
📄 tty_inq.c(12.22 KB)
📄 tty_outq.c(8.74 KB)
📄 tty_pts.c(19.74 KB)
📄 tty_tty.c(2.83 KB)
📄 tty_ttydisc.c(28.6 KB)
📄 uipc_accf.c(8.07 KB)
📄 uipc_debug.c(12.42 KB)
📄 uipc_domain.c(13.13 KB)
📄 uipc_ktls.c(55.7 KB)
📄 uipc_mbuf.c(52.45 KB)
📄 uipc_mbuf2.c(12.64 KB)
📄 uipc_mbufhash.c(4.9 KB)
📄 uipc_mqueue.c(64.64 KB)
📄 uipc_sem.c(25.18 KB)
📄 uipc_shm.c(50.47 KB)
📄 uipc_sockbuf.c(42.9 KB)
📄 uipc_socket.c(110.61 KB)
📄 uipc_syscalls.c(35.94 KB)
📄 uipc_usrreq.c(75.11 KB)
📄 vfs_acl.c(14.5 KB)
📄 vfs_aio.c(76.32 KB)
📄 vfs_bio.c(145.39 KB)
📄 vfs_cache.c(143.09 KB)
📄 vfs_cluster.c(28.36 KB)
📄 vfs_default.c(33.16 KB)
📄 vfs_export.c(14.55 KB)
📄 vfs_extattr.c(17.91 KB)
📄 vfs_hash.c(6 KB)
📄 vfs_init.c(15.86 KB)
📄 vfs_lookup.c(45.48 KB)
📄 vfs_mount.c(62.58 KB)
📄 vfs_mountroot.c(26.23 KB)
📄 vfs_subr.c(167.52 KB)
📄 vfs_syscalls.c(106.86 KB)
📄 vfs_vnops.c(86.28 KB)
📄 vnode_if.src(13.66 KB)

Editing: subr_acl_posix1e.c

/*-
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 *
 * Copyright (c) 1999-2006 Robert N. M. Watson
 * All rights reserved.
 *
 * This software was developed by Robert Watson for the TrustedBSD Project.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */
/*
 * Developed by the TrustedBSD Project.
 *
 * ACL support routines specific to POSIX.1e access control lists.  These are
 * utility routines for code common across file systems implementing POSIX.1e
 * ACLs.
 */

#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");

#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/module.h>
#include <sys/systm.h>
#include <sys/mount.h>
#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/errno.h>
#include <sys/stat.h>
#include <sys/acl.h>

/*
 * Implement a version of vaccess() that understands POSIX.1e ACL semantics;
 * the access ACL has already been prepared for evaluation by the file system
 * and is passed via 'uid', 'gid', and 'acl'.  Return 0 on success, else an
 * errno value.
 */
int
vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
    struct acl *acl, accmode_t accmode, struct ucred *cred)
{
	struct acl_entry *acl_other, *acl_mask;
	accmode_t dac_granted;
	accmode_t priv_granted;
	accmode_t acl_mask_granted;
	int group_matched, i;

KASSERT((accmode & ~(VEXEC | VWRITE | VREAD | VADMIN | VAPPEND)) == 0,
	    ("invalid bit in accmode"));
	KASSERT((accmode & VAPPEND) == 0 || (accmode & VWRITE),
	    	("VAPPEND without VWRITE"));

/*
	 * Look for a normal, non-privileged way to access the file/directory
	 * as requested.  If it exists, go with that.  Otherwise, attempt to
	 * use privileges granted via priv_granted.  In some cases, which
	 * privileges to use may be ambiguous due to "best match", in which
	 * case fall back on first match for the time being.
	 */

/*
	 * Determine privileges now, but don't apply until we've found a DAC
	 * entry that matches but has failed to allow access.
	 *
	 * XXXRW: Ideally, we'd determine the privileges required before
	 * asking for them.
	 */
	priv_granted = 0;

if (type == VDIR) {
		if ((accmode & VEXEC) && !priv_check_cred(cred, PRIV_VFS_LOOKUP))
			priv_granted |= VEXEC;
	} else {
		/*
		 * Ensure that at least one execute bit is on. Otherwise,
		 * a privileged user will always succeed, and we don't want
		 * this to happen unless the file really is executable.
		 */
		if ((accmode & VEXEC) && (acl_posix1e_acl_to_mode(acl) &
		    (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
		    !priv_check_cred(cred, PRIV_VFS_EXEC))
			priv_granted |= VEXEC;
	}

if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ))
		priv_granted |= VREAD;

if (((accmode & VWRITE) || (accmode & VAPPEND)) &&
	    !priv_check_cred(cred, PRIV_VFS_WRITE))
		priv_granted |= (VWRITE | VAPPEND);

if ((accmode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN))
		priv_granted |= VADMIN;

/*
	 * The owner matches if the effective uid associated with the
	 * credential matches that of the ACL_USER_OBJ entry.  While we're
	 * doing the first scan, also cache the location of the ACL_MASK and
	 * ACL_OTHER entries, preventing some future iterations.
	 */
	acl_mask = acl_other = NULL;
	for (i = 0; i < acl->acl_cnt; i++) {
		switch (acl->acl_entry[i].ae_tag) {
		case ACL_USER_OBJ:
			if (file_uid != cred->cr_uid)
				break;
			dac_granted = 0;
			dac_granted |= VADMIN;
			if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)
				dac_granted |= VEXEC;
			if (acl->acl_entry[i].ae_perm & ACL_READ)
				dac_granted |= VREAD;
			if (acl->acl_entry[i].ae_perm & ACL_WRITE)
				dac_granted |= (VWRITE | VAPPEND);
			if ((accmode & dac_granted) == accmode)
				return (0);

/*
			 * XXXRW: Do privilege lookup here.
			 */
			if ((accmode & (dac_granted | priv_granted)) ==
			    accmode) {
				return (0);
			}
			goto error;

case ACL_MASK:
			acl_mask = &acl->acl_entry[i];
			break;

case ACL_OTHER:
			acl_other = &acl->acl_entry[i];
			break;

default:
			break;
		}
	}

/*
	 * An ACL_OTHER entry should always exist in a valid access ACL.  If
	 * it doesn't, then generate a serious failure.  For now, this means
	 * a debugging message and EPERM, but in the future should probably
	 * be a panic.
	 */
	if (acl_other == NULL) {
		/*
		 * XXX This should never happen
		 */
		printf("vaccess_acl_posix1e: ACL_OTHER missing\n");
		return (EPERM);
	}

/*
	 * Checks against ACL_USER, ACL_GROUP_OBJ, and ACL_GROUP fields are
	 * masked by an ACL_MASK entry, if any.  As such, first identify the
	 * ACL_MASK field, then iterate through identifying potential user
	 * matches, then group matches.  If there is no ACL_MASK, assume that
	 * the mask allows all requests to succeed.
	 */
	if (acl_mask != NULL) {
		acl_mask_granted = 0;
		if (acl_mask->ae_perm & ACL_EXECUTE)
			acl_mask_granted |= VEXEC;
		if (acl_mask->ae_perm & ACL_READ)
			acl_mask_granted |= VREAD;
		if (acl_mask->ae_perm & ACL_WRITE)
			acl_mask_granted |= (VWRITE | VAPPEND);
	} else
		acl_mask_granted = VEXEC | VREAD | VWRITE | VAPPEND;

/*
	 * Check ACL_USER ACL entries.  There will either be one or no
	 * matches; if there is one, we accept or rejected based on the
	 * match; otherwise, we continue on to groups.
	 */
	for (i = 0; i < acl->acl_cnt; i++) {
		switch (acl->acl_entry[i].ae_tag) {
		case ACL_USER:
			if (acl->acl_entry[i].ae_id != cred->cr_uid)
				break;
			dac_granted = 0;
			if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)
				dac_granted |= VEXEC;
			if (acl->acl_entry[i].ae_perm & ACL_READ)
				dac_granted |= VREAD;
			if (acl->acl_entry[i].ae_perm & ACL_WRITE)
				dac_granted |= (VWRITE | VAPPEND);
			dac_granted &= acl_mask_granted;
			if ((accmode & dac_granted) == accmode)
				return (0);
			/*
			 * XXXRW: Do privilege lookup here.
			 */
			if ((accmode & (dac_granted | priv_granted)) !=
			    accmode)
				goto error;

return (0);
		}
	}

/*
	 * Group match is best-match, not first-match, so find a "best"
	 * match.  Iterate across, testing each potential group match.  Make
	 * sure we keep track of whether we found a match or not, so that we
	 * know if we should try again with any available privilege, or if we
	 * should move on to ACL_OTHER.
	 */
	group_matched = 0;
	for (i = 0; i < acl->acl_cnt; i++) {
		switch (acl->acl_entry[i].ae_tag) {
		case ACL_GROUP_OBJ:
			if (!groupmember(file_gid, cred))
				break;
			dac_granted = 0;
			if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)
				dac_granted |= VEXEC;
			if (acl->acl_entry[i].ae_perm & ACL_READ)
				dac_granted |= VREAD;
			if (acl->acl_entry[i].ae_perm & ACL_WRITE)
				dac_granted |= (VWRITE | VAPPEND);
			dac_granted  &= acl_mask_granted;

if ((accmode & dac_granted) == accmode)
				return (0);

group_matched = 1;
			break;

case ACL_GROUP:
			if (!groupmember(acl->acl_entry[i].ae_id, cred))
				break;
			dac_granted = 0;
			if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)
				dac_granted |= VEXEC;
			if (acl->acl_entry[i].ae_perm & ACL_READ)
				dac_granted |= VREAD;
			if (acl->acl_entry[i].ae_perm & ACL_WRITE)
				dac_granted |= (VWRITE | VAPPEND);
			dac_granted  &= acl_mask_granted;

if ((accmode & dac_granted) == accmode)
				return (0);

group_matched = 1;
			break;

default:
			break;
		}
	}

if (group_matched == 1) {
		/*
		 * There was a match, but it did not grant rights via pure
		 * DAC.  Try again, this time with privilege.
		 */
		for (i = 0; i < acl->acl_cnt; i++) {
			switch (acl->acl_entry[i].ae_tag) {
			case ACL_GROUP_OBJ:
				if (!groupmember(file_gid, cred))
					break;
				dac_granted = 0;
				if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)
					dac_granted |= VEXEC;
				if (acl->acl_entry[i].ae_perm & ACL_READ)
					dac_granted |= VREAD;
				if (acl->acl_entry[i].ae_perm & ACL_WRITE)
					dac_granted |= (VWRITE | VAPPEND);
				dac_granted &= acl_mask_granted;

/*
				 * XXXRW: Do privilege lookup here.
				 */
				if ((accmode & (dac_granted | priv_granted))
				    != accmode)
					break;

return (0);

case ACL_GROUP:
				if (!groupmember(acl->acl_entry[i].ae_id,
				    cred))
					break;
				dac_granted = 0;
				if (acl->acl_entry[i].ae_perm & ACL_EXECUTE)
				dac_granted |= VEXEC;
				if (acl->acl_entry[i].ae_perm & ACL_READ)
					dac_granted |= VREAD;
				if (acl->acl_entry[i].ae_perm & ACL_WRITE)
					dac_granted |= (VWRITE | VAPPEND);
				dac_granted &= acl_mask_granted;

/*
				 * XXXRW: Do privilege lookup here.
				 */
				if ((accmode & (dac_granted | priv_granted))
				    != accmode)
					break;

return (0);

default:
				break;
			}
		}
		/*
		 * Even with privilege, group membership was not sufficient.
		 * Return failure.
		 */
		goto error;
	}
		
	/*
	 * Fall back on ACL_OTHER.  ACL_MASK is not applied to ACL_OTHER.
	 */
	dac_granted = 0;
	if (acl_other->ae_perm & ACL_EXECUTE)
		dac_granted |= VEXEC;
	if (acl_other->ae_perm & ACL_READ)
		dac_granted |= VREAD;
	if (acl_other->ae_perm & ACL_WRITE)
		dac_granted |= (VWRITE | VAPPEND);

if ((accmode & dac_granted) == accmode)
		return (0);
	/*
	 * XXXRW: Do privilege lookup here.
	 */
	if ((accmode & (dac_granted | priv_granted)) == accmode) {
		return (0);
	}

error:
	return ((accmode & VADMIN) ? EPERM : EACCES);
}

/*
 * For the purposes of filesystems maintaining the _OBJ entries in an inode
 * with a mode_t field, this routine converts a mode_t entry to an
 * acl_perm_t.
 */
acl_perm_t
acl_posix1e_mode_to_perm(acl_tag_t tag, mode_t mode)
{
	acl_perm_t	perm = 0;

switch(tag) {
	case ACL_USER_OBJ:
		if (mode & S_IXUSR)
			perm |= ACL_EXECUTE;
		if (mode & S_IRUSR)
			perm |= ACL_READ;
		if (mode & S_IWUSR)
			perm |= ACL_WRITE;
		return (perm);

case ACL_GROUP_OBJ:
		if (mode & S_IXGRP)
			perm |= ACL_EXECUTE;
		if (mode & S_IRGRP)
			perm |= ACL_READ;
		if (mode & S_IWGRP)
			perm |= ACL_WRITE;
		return (perm);

case ACL_OTHER:
		if (mode & S_IXOTH)
			perm |= ACL_EXECUTE;
		if (mode & S_IROTH)
			perm |= ACL_READ;
		if (mode & S_IWOTH)
			perm |= ACL_WRITE;
		return (perm);

default:
		printf("acl_posix1e_mode_to_perm: invalid tag (%d)\n", tag);
		return (0);
	}
}

/*
 * Given inode information (uid, gid, mode), return an acl entry of the
 * appropriate type.
 */
struct acl_entry
acl_posix1e_mode_to_entry(acl_tag_t tag, uid_t uid, gid_t gid, mode_t mode)
{
	struct acl_entry	acl_entry;

acl_entry.ae_tag = tag;
	acl_entry.ae_perm = acl_posix1e_mode_to_perm(tag, mode);
	acl_entry.ae_entry_type = 0;
	acl_entry.ae_flags = 0;
	switch(tag) {
	case ACL_USER_OBJ:
		acl_entry.ae_id = uid;
		break;

case ACL_GROUP_OBJ:
		acl_entry.ae_id = gid;
		break;

case ACL_OTHER:
		acl_entry.ae_id = ACL_UNDEFINED_ID;
		break;

default:
		acl_entry.ae_id = ACL_UNDEFINED_ID;
		printf("acl_posix1e_mode_to_entry: invalid tag (%d)\n", tag);
	}

return (acl_entry);
}

/*
 * Utility function to generate a file mode given appropriate ACL entries.
 */
mode_t
acl_posix1e_perms_to_mode(struct acl_entry *acl_user_obj_entry,
    struct acl_entry *acl_group_obj_entry, struct acl_entry *acl_other_entry)
{
	mode_t	mode;

mode = 0;
	if (acl_user_obj_entry->ae_perm & ACL_EXECUTE)
		mode |= S_IXUSR;
	if (acl_user_obj_entry->ae_perm & ACL_READ)
		mode |= S_IRUSR;
	if (acl_user_obj_entry->ae_perm & ACL_WRITE)
		mode |= S_IWUSR;
	if (acl_group_obj_entry->ae_perm & ACL_EXECUTE)
		mode |= S_IXGRP;
	if (acl_group_obj_entry->ae_perm & ACL_READ)
		mode |= S_IRGRP;
	if (acl_group_obj_entry->ae_perm & ACL_WRITE)
		mode |= S_IWGRP;
	if (acl_other_entry->ae_perm & ACL_EXECUTE)
		mode |= S_IXOTH;
	if (acl_other_entry->ae_perm & ACL_READ)
		mode |= S_IROTH;
	if (acl_other_entry->ae_perm & ACL_WRITE)
		mode |= S_IWOTH;

return (mode);
}

/*
 * Utility function to generate a file mode given a complete POSIX.1e access
 * ACL.  Note that if the ACL is improperly formed, this may result in a
 * panic.
 */
mode_t
acl_posix1e_acl_to_mode(struct acl *acl)
{
	struct acl_entry *acl_mask, *acl_user_obj, *acl_group_obj, *acl_other;
	int i;

/*
	 * Find the ACL entries relevant to a POSIX permission mode.
	 */
	acl_user_obj = acl_group_obj = acl_other = acl_mask = NULL;
	for (i = 0; i < acl->acl_cnt; i++) {
		switch (acl->acl_entry[i].ae_tag) {
		case ACL_USER_OBJ:
			acl_user_obj = &acl->acl_entry[i];
			break;

case ACL_GROUP_OBJ:
			acl_group_obj = &acl->acl_entry[i];
			break;

case ACL_OTHER:
			acl_other = &acl->acl_entry[i];
			break;

case ACL_MASK:
			acl_mask = &acl->acl_entry[i];
			break;

case ACL_USER:
		case ACL_GROUP:
			break;

default:
			panic("acl_posix1e_acl_to_mode: bad ae_tag");
		}
	}

if (acl_user_obj == NULL || acl_group_obj == NULL || acl_other == NULL)
		panic("acl_posix1e_acl_to_mode: missing base ae_tags");

/*
	 * POSIX.1e specifies that if there is an ACL_MASK entry, we replace
	 * the mode "group" bits with its permissions.  If there isn't, we
	 * use the ACL_GROUP_OBJ permissions.
	 */
	if (acl_mask != NULL)
		return (acl_posix1e_perms_to_mode(acl_user_obj, acl_mask,
		    acl_other));
	else
		return (acl_posix1e_perms_to_mode(acl_user_obj, acl_group_obj,
		    acl_other));
}

/*
 * Perform a syntactic check of the ACL, sufficient to allow an implementing
 * filesystem to determine if it should accept this and rely on the POSIX.1e
 * ACL properties.
 */
int
acl_posix1e_check(struct acl *acl)
{
	int num_acl_user_obj, num_acl_user, num_acl_group_obj, num_acl_group;
	int num_acl_mask, num_acl_other, i;

/*
	 * Verify that the number of entries does not exceed the maximum
	 * defined for acl_t.
	 *
	 * Verify that the correct number of various sorts of ae_tags are
	 * present:
	 *   Exactly one ACL_USER_OBJ
	 *   Exactly one ACL_GROUP_OBJ
	 *   Exactly one ACL_OTHER
	 *   If any ACL_USER or ACL_GROUP entries appear, then exactly one
	 *   ACL_MASK entry must also appear.
	 *
	 * Verify that all ae_perm entries are in ACL_PERM_BITS.
	 *
	 * Verify all ae_tag entries are understood by this implementation.
	 *
	 * Note: Does not check for uniqueness of qualifier (ae_id) field.
	 */
	num_acl_user_obj = num_acl_user = num_acl_group_obj = num_acl_group =
	    num_acl_mask = num_acl_other = 0;
	if (acl->acl_cnt > ACL_MAX_ENTRIES)
		return (EINVAL);
	for (i = 0; i < acl->acl_cnt; i++) {
		/*
		 * Check for a valid tag.
		 */
		switch(acl->acl_entry[i].ae_tag) {
		case ACL_USER_OBJ:
			acl->acl_entry[i].ae_id = ACL_UNDEFINED_ID; /* XXX */
			if (acl->acl_entry[i].ae_id != ACL_UNDEFINED_ID)
				return (EINVAL);
			num_acl_user_obj++;
			break;
		case ACL_GROUP_OBJ:
			acl->acl_entry[i].ae_id = ACL_UNDEFINED_ID; /* XXX */
			if (acl->acl_entry[i].ae_id != ACL_UNDEFINED_ID)
				return (EINVAL);
			num_acl_group_obj++;
			break;
		case ACL_USER:
			if (acl->acl_entry[i].ae_id == ACL_UNDEFINED_ID)
				return (EINVAL);
			num_acl_user++;
			break;
		case ACL_GROUP:
			if (acl->acl_entry[i].ae_id == ACL_UNDEFINED_ID)
				return (EINVAL);
			num_acl_group++;
			break;
		case ACL_OTHER:
			acl->acl_entry[i].ae_id = ACL_UNDEFINED_ID; /* XXX */
			if (acl->acl_entry[i].ae_id != ACL_UNDEFINED_ID)
				return (EINVAL);
			num_acl_other++;
			break;
		case ACL_MASK:
			acl->acl_entry[i].ae_id = ACL_UNDEFINED_ID; /* XXX */
			if (acl->acl_entry[i].ae_id != ACL_UNDEFINED_ID)
				return (EINVAL);
			num_acl_mask++;
			break;
		default:
			return (EINVAL);
		}
		/*
		 * Check for valid perm entries.
		 */
		if ((acl->acl_entry[i].ae_perm | ACL_PERM_BITS) !=
		    ACL_PERM_BITS)
			return (EINVAL);
	}
	if ((num_acl_user_obj != 1) || (num_acl_group_obj != 1) ||
	    (num_acl_other != 1) || (num_acl_mask != 0 && num_acl_mask != 1))
		return (EINVAL);
	if (((num_acl_group != 0) || (num_acl_user != 0)) &&
	    (num_acl_mask != 1))
		return (EINVAL);
	return (0);
}

/*
 * Given a requested mode for a new object, and a default ACL, combine the
 * two to produce a new mode.  Be careful not to clear any bits that aren't
 * intended to be affected by the POSIX.1e ACL.  Eventually, this might also
 * take the cmask as an argument, if we push that down into
 * per-filesystem-code.
 */
mode_t
acl_posix1e_newfilemode(mode_t cmode, struct acl *dacl)
{
	mode_t mode;

mode = cmode;
	/*
	 * The current composition policy is that a permission bit must be
	 * set in *both* the ACL and the requested creation mode for it to
	 * appear in the resulting mode/ACL.  First clear any possibly
	 * effected bits, then reconstruct.
	 */
	mode &= ACL_PRESERVE_MASK;
	mode |= (ACL_OVERRIDE_MASK & cmode & acl_posix1e_acl_to_mode(dacl));

return (mode);
}

static int
acl_posix1e_modload(module_t mod, int what, void *arg)
{
	int ret;

ret = 0;

switch (what) {
	case MOD_LOAD:
	case MOD_SHUTDOWN:
		break;

case MOD_QUIESCE:
		/* XXX TODO */
		ret = 0;
		break;

case MOD_UNLOAD:
		/* XXX TODO */
		ret = 0;
		break;
	default:
		ret = EINVAL;
		break;
	}

return (ret);
}

static moduledata_t acl_posix1e_mod = {
	"acl_posix1e",
	acl_posix1e_modload,
	NULL
};

DECLARE_MODULE(acl_posix1e, acl_posix1e_mod, SI_SUB_VFS, SI_ORDER_FIRST);
MODULE_VERSION(acl_posix1e, 1);

003 File Manager

Editing: subr_acl_posix1e.c

Upload File

Create Folder