1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011,2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) {
36 for (r = acl_get_entry(acl, ACL_FIRST_ENTRY, &i);
38 r = acl_get_entry(acl, ACL_NEXT_ENTRY, &i)) {
44 if (acl_get_tag_type(i, &tag) < 0)
50 u = acl_get_qualifier(i);
68 int calc_acl_mask_if_needed(acl_t *acl_p) {
74 for (r = acl_get_entry(*acl_p, ACL_FIRST_ENTRY, &i);
76 r = acl_get_entry(*acl_p, ACL_NEXT_ENTRY, &i)) {
79 if (acl_get_tag_type(i, &tag) < 0)
84 if (IN_SET(tag, ACL_USER, ACL_GROUP))
92 if (acl_calc_mask(acl_p) < 0)
97 int add_base_acls_if_needed(acl_t *acl_p, const char *path) {
100 bool have_user_obj = false, have_group_obj = false, have_other = false;
102 _cleanup_(acl_freep) acl_t basic = NULL;
106 for (r = acl_get_entry(*acl_p, ACL_FIRST_ENTRY, &i);
108 r = acl_get_entry(*acl_p, ACL_NEXT_ENTRY, &i)) {
111 if (acl_get_tag_type(i, &tag) < 0)
114 if (tag == ACL_USER_OBJ)
115 have_user_obj = true;
116 else if (tag == ACL_GROUP_OBJ)
117 have_group_obj = true;
118 else if (tag == ACL_OTHER)
120 if (have_user_obj && have_group_obj && have_other)
130 basic = acl_from_mode(st.st_mode);
134 for (r = acl_get_entry(basic, ACL_FIRST_ENTRY, &i);
136 r = acl_get_entry(basic, ACL_NEXT_ENTRY, &i)) {
140 if (acl_get_tag_type(i, &tag) < 0)
143 if ((tag == ACL_USER_OBJ && have_user_obj) ||
144 (tag == ACL_GROUP_OBJ && have_group_obj) ||
145 (tag == ACL_OTHER && have_other))
148 r = acl_create_entry(acl_p, &dst);
152 r = acl_copy_entry(dst, i);
161 int search_acl_groups(char*** dst, const char* path, bool* belong) {
167 acl = acl_get_file(path, ACL_TYPE_DEFAULT);
172 r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
178 r = acl_get_tag_type(entry, &tag);
182 if (tag != ACL_GROUP)
185 gid = acl_get_qualifier(entry);
189 if (in_gid(*gid) > 0) {
194 name = gid_to_name(*gid);
200 r = strv_consume(dst, name);
207 r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry);
216 int parse_acl(char *text, acl_t *acl_access, acl_t *acl_default, bool want_mask) {
217 _cleanup_free_ char **a = NULL, **d = NULL; /* strings are not be freed */
218 _cleanup_strv_free_ char **split;
221 _cleanup_(acl_freep) acl_t a_acl = NULL, d_acl = NULL;
223 split = strv_split(text, ",");
227 STRV_FOREACH(entry, split) {
230 p = startswith(*entry, "default:");
232 p = startswith(*entry, "d:");
235 r = strv_push(&d, p);
237 r = strv_push(&a, *entry);
242 if (!strv_isempty(a)) {
243 _cleanup_free_ char *join;
245 join = strv_join(a, ",");
249 a_acl = acl_from_text(join);
254 r = calc_acl_mask_if_needed(&a_acl);
260 if (!strv_isempty(d)) {
261 _cleanup_free_ char *join;
263 join = strv_join(d, ",");
267 d_acl = acl_from_text(join);
272 r = calc_acl_mask_if_needed(&d_acl);
279 *acl_default = d_acl;
280 a_acl = d_acl = NULL;
284 static int acl_entry_equal(acl_entry_t a, acl_entry_t b) {
285 acl_tag_t tag_a, tag_b;
287 if (acl_get_tag_type(a, &tag_a) < 0)
290 if (acl_get_tag_type(b, &tag_b) < 0)
301 /* can have only one of those */
304 _cleanup_(acl_free_uid_tpp) uid_t *uid_a = NULL, *uid_b = NULL;
306 uid_a = acl_get_qualifier(a);
310 uid_b = acl_get_qualifier(b);
314 return *uid_a == *uid_b;
317 _cleanup_(acl_free_gid_tpp) gid_t *gid_a = NULL, *gid_b = NULL;
319 gid_a = acl_get_qualifier(a);
323 gid_b = acl_get_qualifier(b);
327 return *gid_a == *gid_b;
330 assert_not_reached("Unknown acl tag type");
334 static int find_acl_entry(acl_t acl, acl_entry_t entry, acl_entry_t *out) {
338 for (r = acl_get_entry(acl, ACL_FIRST_ENTRY, &i);
340 r = acl_get_entry(acl, ACL_NEXT_ENTRY, &i)) {
342 r = acl_entry_equal(i, entry);
355 int acls_for_file(const char *path, acl_type_t type, acl_t new, acl_t *acl) {
356 _cleanup_(acl_freep) acl_t old;
360 old = acl_get_file(path, type);
364 for (r = acl_get_entry(new, ACL_FIRST_ENTRY, &i);
366 r = acl_get_entry(new, ACL_NEXT_ENTRY, &i)) {
370 r = find_acl_entry(old, i, &j);
374 if (acl_create_entry(&old, &j) < 0)
377 if (acl_copy_entry(j, i) < 0)