1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011,2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) {
36 for (r = acl_get_entry(acl, ACL_FIRST_ENTRY, &i);
38 r = acl_get_entry(acl, ACL_NEXT_ENTRY, &i)) {
44 if (acl_get_tag_type(i, &tag) < 0)
50 u = acl_get_qualifier(i);
68 int calc_acl_mask_if_needed(acl_t *acl_p) {
74 for (r = acl_get_entry(*acl_p, ACL_FIRST_ENTRY, &i);
76 r = acl_get_entry(*acl_p, ACL_NEXT_ENTRY, &i)) {
79 if (acl_get_tag_type(i, &tag) < 0)
84 if (IN_SET(tag, ACL_USER, ACL_GROUP))
92 if (acl_calc_mask(acl_p) < 0)
97 int add_base_acls_if_needed(acl_t *acl_p, const char *path) {
100 bool have_user_obj = false, have_group_obj = false, have_other = false;
102 _cleanup_(acl_freep) acl_t basic = NULL;
106 for (r = acl_get_entry(*acl_p, ACL_FIRST_ENTRY, &i);
108 r = acl_get_entry(*acl_p, ACL_NEXT_ENTRY, &i)) {
111 if (acl_get_tag_type(i, &tag) < 0)
114 if (tag == ACL_USER_OBJ)
115 have_user_obj = true;
116 else if (tag == ACL_GROUP_OBJ)
117 have_group_obj = true;
118 else if (tag == ACL_OTHER)
120 if (have_user_obj && have_group_obj && have_other)
130 basic = acl_from_mode(st.st_mode);
134 for (r = acl_get_entry(basic, ACL_FIRST_ENTRY, &i);
136 r = acl_get_entry(basic, ACL_NEXT_ENTRY, &i)) {
140 if (acl_get_tag_type(i, &tag) < 0)
143 if ((tag == ACL_USER_OBJ && have_user_obj) ||
144 (tag == ACL_GROUP_OBJ && have_group_obj) ||
145 (tag == ACL_OTHER && have_other))
148 r = acl_create_entry(acl_p, &dst);
152 r = acl_copy_entry(dst, i);
161 int search_acl_groups(char*** dst, const char* path, bool* belong) {
167 acl = acl_get_file(path, ACL_TYPE_DEFAULT);
172 r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
178 r = acl_get_tag_type(entry, &tag);
182 if (tag != ACL_GROUP)
185 gid = acl_get_qualifier(entry);
189 if (in_gid(*gid) > 0) {
194 name = gid_to_name(*gid);
200 r = strv_consume(dst, name);
207 r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry);
216 int parse_acl(char *text, acl_t *acl_access, acl_t *acl_default, bool want_mask) {
217 _cleanup_free_ char **a = NULL, **d = NULL; /* strings are not be freed */
218 _cleanup_strv_free_ char **split;
221 _cleanup_(acl_freep) acl_t a_acl = NULL, d_acl = NULL;
223 split = strv_split(text, ",");
227 STRV_FOREACH(entry, split) {
230 p = startswith(*entry, "default:");
232 p = startswith(*entry, "d:");
235 r = strv_push(&d, p);
237 r = strv_push(&a, *entry);
242 if (!strv_isempty(a)) {
243 _cleanup_free_ char *join;
245 join = strv_join(a, ",");
249 a_acl = acl_from_text(join);
254 r = calc_acl_mask_if_needed(&a_acl);
260 if (!strv_isempty(d)) {
261 _cleanup_free_ char *join;
263 join = strv_join(d, ",");
267 d_acl = acl_from_text(join);
272 r = calc_acl_mask_if_needed(&d_acl);
279 *acl_default = d_acl;
280 a_acl = d_acl = NULL;
284 int acls_for_file(const char *path, acl_type_t type, acl_t new, acl_t *acl) {
285 _cleanup_(acl_freep) acl_t old;
289 old = acl_get_file(path, type);
293 for (r = acl_get_entry(new, ACL_FIRST_ENTRY, &i);
295 r = acl_get_entry(new, ACL_NEXT_ENTRY, &i)) {
299 if (acl_create_entry(&old, &j) < 0)
302 if (acl_copy_entry(j, i) < 0)