1 /* -*- buffer-read-only: t -*- vi: set ro: */
2 /* DO NOT EDIT! GENERATED AUTOMATICALLY! */
3 /* Test whether a file has a nontrivial access control list.
5 Copyright (C) 2002-2003, 2005-2013 Free Software Foundation, Inc.
7 This program is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 Written by Paul Eggert, Andreas Grünbacher, and Bruno Haible. */
22 /* Without this pragma, gcc 4.7.0 20120126 may suggest that the
23 file_has_acl function might be candidate for attribute 'const' */
24 #if (__GNUC__ == 4 && 6 <= __GNUC_MINOR__) || 4 < __GNUC__
25 # pragma GCC diagnostic ignored "-Wsuggest-attribute=const"
32 #include "acl-internal.h"
35 #if USE_ACL && HAVE_ACL_GET_FILE
37 # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */
39 /* ACL is an ACL, from a file, stored as type ACL_TYPE_EXTENDED.
40 Return 1 if the given ACL is non-trivial.
41 Return 0 if it is trivial. */
43 acl_extended_nontrivial (acl_t acl)
45 /* acl is non-trivial if it is non-empty. */
46 return (acl_entries (acl) > 0);
49 # else /* Linux, FreeBSD, IRIX, Tru64 */
51 /* ACL is an ACL, from a file, stored as type ACL_TYPE_ACCESS.
52 Return 1 if the given ACL is non-trivial.
53 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode.
54 Return -1 and set errno upon failure to determine it. */
56 acl_access_nontrivial (acl_t acl)
58 /* acl is non-trivial if it has some entries other than for "user::",
59 "group::", and "other::". Normally these three should be present
60 at least, allowing us to write
61 return (3 < acl_entries (acl));
62 but the following code is more robust. */
63 # if HAVE_ACL_FIRST_ENTRY /* Linux, FreeBSD */
68 for (got_one = acl_get_entry (acl, ACL_FIRST_ENTRY, &ace);
70 got_one = acl_get_entry (acl, ACL_NEXT_ENTRY, &ace))
73 if (acl_get_tag_type (ace, &tag) < 0)
75 if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ || tag == ACL_OTHER))
80 # else /* IRIX, Tru64 */
81 # if HAVE_ACL_TO_SHORT_TEXT /* IRIX */
82 /* Don't use acl_get_entry: it is undocumented. */
84 int count = acl->acl_cnt;
87 for (i = 0; i < count; i++)
89 acl_entry_t ace = &acl->acl_entry[i];
90 acl_tag_t tag = ace->ae_tag;
92 if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ
93 || tag == ACL_OTHER_OBJ))
99 # if HAVE_ACL_FREE_TEXT /* Tru64 */
100 /* Don't use acl_get_entry: it takes only one argument and does not work. */
102 int count = acl->acl_num;
105 for (ace = acl->acl_first; count > 0; ace = ace->next, count--)
110 tag = ace->entry->acl_type;
111 if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ || tag == ACL_OTHER))
114 perm = ace->entry->acl_perm;
115 /* On Tru64, perm can also contain non-standard bits such as
116 PERM_INSERT, PERM_DELETE, PERM_MODIFY, PERM_LOOKUP, ... */
117 if ((perm & ~(ACL_READ | ACL_WRITE | ACL_EXECUTE)) != 0)
129 #elif USE_ACL && HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */
131 /* Test an ACL retrieved with GETACL.
132 Return 1 if the given ACL, consisting of COUNT entries, is non-trivial.
133 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
135 acl_nontrivial (int count, aclent_t *entries)
139 for (i = 0; i < count; i++)
141 aclent_t *ace = &entries[i];
143 /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat().
144 If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat().
145 We don't need to check ace->a_id in these cases. */
146 if (!(ace->a_type == USER_OBJ
147 || ace->a_type == GROUP_OBJ
148 || ace->a_type == OTHER_OBJ
149 /* Note: Cygwin does not return a CLASS_OBJ ("mask:") entry
151 || ace->a_type == CLASS_OBJ))
159 /* A shortcut for a bitmask. */
160 # define NEW_ACE_WRITEA_DATA (NEW_ACE_WRITE_DATA | NEW_ACE_APPEND_DATA)
162 /* Test an ACL retrieved with ACE_GETACL.
163 Return 1 if the given ACL, consisting of COUNT entries, is non-trivial.
164 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
166 acl_ace_nontrivial (int count, ace_t *entries)
170 /* The flags in the ace_t structure changed in a binary incompatible way
171 when ACL_NO_TRIVIAL etc. were introduced in <sys/acl.h> version 1.15.
172 How to distinguish the two conventions at runtime?
173 In the old convention, usually three ACEs have a_flags = ACE_OWNER /
174 ACE_GROUP / ACE_OTHER, in the range 0x0100..0x0400. In the new
175 convention, these values are not used. */
176 int old_convention = 0;
178 for (i = 0; i < count; i++)
179 if (entries[i].a_flags & (OLD_ACE_OWNER | OLD_ACE_GROUP | OLD_ACE_OTHER))
186 /* Running on Solaris 10. */
187 for (i = 0; i < count; i++)
189 ace_t *ace = &entries[i];
192 If ace->a_flags = ACE_OWNER, ace->a_who is the st_uid from stat().
193 If ace->a_flags = ACE_GROUP, ace->a_who is the st_gid from stat().
194 We don't need to check ace->a_who in these cases. */
195 if (!(ace->a_type == OLD_ALLOW
196 && (ace->a_flags == OLD_ACE_OWNER
197 || ace->a_flags == OLD_ACE_GROUP
198 || ace->a_flags == OLD_ACE_OTHER)))
203 /* Running on Solaris 10 (newer version) or Solaris 11. */
204 unsigned int access_masks[6] =
207 0, /* owner@ allow */
209 0, /* group@ allow */
210 0, /* everyone@ deny */
211 0 /* everyone@ allow */
214 for (i = 0; i < count; i++)
216 ace_t *ace = &entries[i];
220 if (ace->a_type == NEW_ACE_ACCESS_ALLOWED_ACE_TYPE)
222 else if (ace->a_type == NEW_ACE_ACCESS_DENIED_ACE_TYPE)
227 if (ace->a_flags == NEW_ACE_OWNER)
229 else if (ace->a_flags == (NEW_ACE_GROUP | NEW_ACE_IDENTIFIER_GROUP))
231 else if (ace->a_flags == NEW_ACE_EVERYONE)
236 access_masks[index1 + index2] |= ace->a_access_mask;
239 /* The same bit shouldn't be both allowed and denied. */
240 if (access_masks[0] & access_masks[1])
242 if (access_masks[2] & access_masks[3])
244 if (access_masks[4] & access_masks[5])
247 /* Check minimum masks. */
248 if ((NEW_ACE_WRITE_NAMED_ATTRS
249 | NEW_ACE_WRITE_ATTRIBUTES
251 | NEW_ACE_WRITE_OWNER)
254 access_masks[1] &= ~(NEW_ACE_WRITE_NAMED_ATTRS
255 | NEW_ACE_WRITE_ATTRIBUTES
257 | NEW_ACE_WRITE_OWNER);
258 if ((NEW_ACE_READ_NAMED_ATTRS
259 | NEW_ACE_READ_ATTRIBUTES
261 | NEW_ACE_SYNCHRONIZE)
264 access_masks[5] &= ~(NEW_ACE_READ_NAMED_ATTRS
265 | NEW_ACE_READ_ATTRIBUTES
267 | NEW_ACE_SYNCHRONIZE);
269 /* Check the allowed or denied bits. */
270 switch ((access_masks[0] | access_masks[1])
271 & ~(NEW_ACE_READ_NAMED_ATTRS
272 | NEW_ACE_READ_ATTRIBUTES
274 | NEW_ACE_SYNCHRONIZE))
277 case NEW_ACE_READ_DATA:
278 case NEW_ACE_WRITEA_DATA:
279 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA:
280 case NEW_ACE_EXECUTE:
281 case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE:
282 case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
283 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
288 switch ((access_masks[2] | access_masks[3])
289 & ~(NEW_ACE_READ_NAMED_ATTRS
290 | NEW_ACE_READ_ATTRIBUTES
292 | NEW_ACE_SYNCHRONIZE))
295 case NEW_ACE_READ_DATA:
296 case NEW_ACE_WRITEA_DATA:
297 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA:
298 case NEW_ACE_EXECUTE:
299 case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE:
300 case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
301 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
306 switch ((access_masks[4] | access_masks[5])
307 & ~(NEW_ACE_WRITE_NAMED_ATTRS
308 | NEW_ACE_WRITE_ATTRIBUTES
310 | NEW_ACE_WRITE_OWNER))
313 case NEW_ACE_READ_DATA:
314 case NEW_ACE_WRITEA_DATA:
315 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA:
316 case NEW_ACE_EXECUTE:
317 case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE:
318 case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
319 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
325 /* Check that the NEW_ACE_WRITE_DATA and NEW_ACE_APPEND_DATA bits are
326 either both allowed or both denied. */
327 if (((access_masks[0] & NEW_ACE_WRITE_DATA) != 0)
328 != ((access_masks[0] & NEW_ACE_APPEND_DATA) != 0))
330 if (((access_masks[2] & NEW_ACE_WRITE_DATA) != 0)
331 != ((access_masks[2] & NEW_ACE_APPEND_DATA) != 0))
333 if (((access_masks[4] & NEW_ACE_WRITE_DATA) != 0)
334 != ((access_masks[4] & NEW_ACE_APPEND_DATA) != 0))
343 #elif USE_ACL && HAVE_GETACL /* HP-UX */
345 /* Return 1 if the given ACL is non-trivial.
346 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
348 acl_nontrivial (int count, struct acl_entry *entries, struct stat *sb)
352 for (i = 0; i < count; i++)
354 struct acl_entry *ace = &entries[i];
356 if (!((ace->uid == sb->st_uid && ace->gid == ACL_NSGROUP)
357 || (ace->uid == ACL_NSUSER && ace->gid == sb->st_gid)
358 || (ace->uid == ACL_NSUSER && ace->gid == ACL_NSGROUP)))
364 # if HAVE_ACLV_H /* HP-UX >= 11.11 */
366 /* Return 1 if the given ACL is non-trivial.
367 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
369 aclv_nontrivial (int count, struct acl *entries)
373 for (i = 0; i < count; i++)
375 struct acl *ace = &entries[i];
377 /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat().
378 If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat().
379 We don't need to check ace->a_id in these cases. */
380 if (!(ace->a_type == USER_OBJ /* no need to check ace->a_id here */
381 || ace->a_type == GROUP_OBJ /* no need to check ace->a_id here */
382 || ace->a_type == CLASS_OBJ
383 || ace->a_type == OTHER_OBJ))
391 #elif USE_ACL && (HAVE_ACLX_GET || HAVE_STATACL) /* AIX */
393 /* Return 1 if the given ACL is non-trivial.
394 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
396 acl_nontrivial (struct acl *a)
398 /* The normal way to iterate through an ACL is like this:
399 struct acl_entry *ace;
400 for (ace = a->acl_ext; ace != acl_last (a); ace = acl_nxt (ace))
403 switch (ace->ace_type)
410 for (aei = ace->ace_id; aei != id_last (ace); aei = id_nxt (aei))
414 return (acl_last (a) != a->acl_ext ? 1 : 0);
417 # if HAVE_ACLX_GET && defined ACL_AIX_WIP /* newer AIX */
419 /* Return 1 if the given ACL is non-trivial.
420 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
422 acl_nfs4_nontrivial (nfs4_acl_int_t *a)
424 # if 1 /* let's try this first */
425 return (a->aclEntryN > 0 ? 1 : 0);
427 int count = a->aclEntryN;
430 for (i = 0; i < count; i++)
432 nfs4_ace_int_t *ace = &a->aclEntry[i];
434 if (!((ace->flags & ACE4_ID_SPECIAL) != 0
435 && (ace->aceWho.special_whoid == ACE4_WHO_OWNER
436 || ace->aceWho.special_whoid == ACE4_WHO_GROUP
437 || ace->aceWho.special_whoid == ACE4_WHO_EVERYONE)
438 && ace->aceType == ACE4_ACCESS_ALLOWED_ACE_TYPE
439 && ace->aceFlags == 0
440 && (ace->aceMask & ~(ACE4_READ_DATA | ACE4_LIST_DIRECTORY
441 | ACE4_WRITE_DATA | ACE4_ADD_FILE
442 | ACE4_EXECUTE)) == 0))
451 #elif USE_ACL && HAVE_ACLSORT /* NonStop Kernel */
453 /* Test an ACL retrieved with ACL_GET.
454 Return 1 if the given ACL, consisting of COUNT entries, is non-trivial.
455 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
457 acl_nontrivial (int count, struct acl *entries)
461 for (i = 0; i < count; i++)
463 struct acl *ace = &entries[i];
465 /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat().
466 If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat().
467 We don't need to check ace->a_id in these cases. */
468 if (!(ace->a_type == USER_OBJ /* no need to check ace->a_id here */
469 || ace->a_type == GROUP_OBJ /* no need to check ace->a_id here */
470 || ace->a_type == CLASS_OBJ
471 || ace->a_type == OTHER_OBJ))
480 /* Return 1 if NAME has a nontrivial access control list, 0 if NAME
481 only has no or a base access control list, and -1 (setting errno)
482 on error. SB must be set to the stat buffer of NAME, obtained
483 through stat() or lstat(). */
486 file_has_acl (char const *name, struct stat const *sb)
489 if (! S_ISLNK (sb->st_mode))
491 # if HAVE_ACL_GET_FILE
493 /* POSIX 1003.1e (draft 17 -- abandoned) specific version. */
494 /* Linux, FreeBSD, Mac OS X, IRIX, Tru64 */
497 if (HAVE_ACL_EXTENDED_FILE) /* Linux */
499 /* On Linux, acl_extended_file is an optimized function: It only
500 makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for
502 ret = acl_extended_file (name);
504 else /* FreeBSD, Mac OS X, IRIX, Tru64 */
506 # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */
507 /* On Mac OS X, acl_get_file (name, ACL_TYPE_ACCESS)
508 and acl_get_file (name, ACL_TYPE_DEFAULT)
509 always return NULL / EINVAL. There is no point in making
510 these two useless calls. The real ACL is retrieved through
511 acl_get_file (name, ACL_TYPE_EXTENDED). */
512 acl_t acl = acl_get_file (name, ACL_TYPE_EXTENDED);
515 ret = acl_extended_nontrivial (acl);
520 # else /* FreeBSD, IRIX, Tru64 */
521 acl_t acl = acl_get_file (name, ACL_TYPE_ACCESS);
526 ret = acl_access_nontrivial (acl);
530 # if HAVE_ACL_FREE_TEXT /* Tru64 */
531 /* On OSF/1, acl_get_file (name, ACL_TYPE_DEFAULT) always
532 returns NULL with errno not set. There is no point in
534 # else /* FreeBSD, IRIX */
535 /* On Linux, FreeBSD, IRIX, acl_get_file (name, ACL_TYPE_ACCESS)
536 and acl_get_file (name, ACL_TYPE_DEFAULT) on a directory
537 either both succeed or both fail; it depends on the
538 file system. Therefore there is no point in making the second
539 call if the first one already failed. */
540 if (ret == 0 && S_ISDIR (sb->st_mode))
542 acl = acl_get_file (name, ACL_TYPE_DEFAULT);
545 ret = (0 < acl_entries (acl));
558 return - acl_errno_valid (errno);
561 # elif HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */
563 # if defined ACL_NO_TRIVIAL
565 /* Solaris 10 (newer version), which has additional API declared in
566 <sys/acl.h> (acl_t) and implemented in libsec (acl_set, acl_trivial,
567 acl_fromtext, ...). */
568 return acl_trivial (name);
570 # else /* Solaris, Cygwin, general case */
572 /* Solaris 2.5 through Solaris 10, Cygwin, and contemporaneous versions
573 of Unixware. The acl() call returns the access and default ACL both
576 /* Initially, try to read the entries into a stack-allocated buffer.
577 Use malloc if it does not fit. */
580 alloc_init = 4000 / sizeof (aclent_t), /* >= 3 */
581 alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (aclent_t))
583 aclent_t buf[alloc_init];
584 size_t alloc = alloc_init;
585 aclent_t *entries = buf;
586 aclent_t *malloced = NULL;
591 count = acl (name, GETACL, alloc, entries);
592 if (count < 0 && errno == ENOSPC)
594 /* Increase the size of the buffer. */
596 if (alloc > alloc_max / 2)
601 alloc = 2 * alloc; /* <= alloc_max */
603 (aclent_t *) malloc (alloc * sizeof (aclent_t));
615 if (errno == ENOSYS || errno == ENOTSUP)
619 int saved_errno = errno;
629 /* Don't use MIN_ACL_ENTRIES: It's set to 4 on Cygwin, but Cygwin
630 returns only 3 entries for files with no ACL. But this is safe:
631 If there are more than 4 entries, there cannot be only the
632 "user::", "group::", "other:", and "mask:" entries. */
639 if (acl_nontrivial (count, entries))
649 /* Solaris also has a different variant of ACLs, used in ZFS and NFSv4
650 file systems (whereas the other ones are used in UFS file systems). */
652 /* Initially, try to read the entries into a stack-allocated buffer.
653 Use malloc if it does not fit. */
656 alloc_init = 4000 / sizeof (ace_t), /* >= 3 */
657 alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (ace_t))
659 ace_t buf[alloc_init];
660 size_t alloc = alloc_init;
661 ace_t *entries = buf;
662 ace_t *malloced = NULL;
667 count = acl (name, ACE_GETACL, alloc, entries);
668 if (count < 0 && errno == ENOSPC)
670 /* Increase the size of the buffer. */
672 if (alloc > alloc_max / 2)
677 alloc = 2 * alloc; /* <= alloc_max */
678 entries = malloced = (ace_t *) malloc (alloc * sizeof (ace_t));
690 if (errno == ENOSYS || errno == EINVAL)
694 int saved_errno = errno;
704 /* In the old (original Solaris 10) convention:
705 If there are more than 3 entries, there cannot be only the
706 ACE_OWNER, ACE_GROUP, ACE_OTHER entries.
707 In the newer Solaris 10 and Solaris 11 convention:
708 If there are more than 6 entries, there cannot be only the
709 ACE_OWNER, ACE_GROUP, ACE_EVERYONE entries, each once with
710 NEW_ACE_ACCESS_ALLOWED_ACE_TYPE and once with
711 NEW_ACE_ACCESS_DENIED_ACE_TYPE. */
718 if (acl_ace_nontrivial (count, entries))
731 # elif HAVE_GETACL /* HP-UX */
734 struct acl_entry entries[NACLENTRIES];
737 count = getacl (name, NACLENTRIES, entries);
741 /* ENOSYS is seen on newer HP-UX versions.
742 EOPNOTSUPP is typically seen on NFS mounts.
743 ENOTSUP was seen on Quantum StorNext file systems (cvfs). */
744 if (errno == ENOSYS || errno == EOPNOTSUPP || errno == ENOTSUP)
753 if (count > NACLENTRIES)
754 /* If NACLENTRIES cannot be trusted, use dynamic memory
758 /* If there are more than 3 entries, there cannot be only the
759 (uid,%), (%,gid), (%,%) entries. */
766 if (stat (name, &statbuf) < 0)
769 return acl_nontrivial (count, entries, &statbuf);
774 # if HAVE_ACLV_H /* HP-UX >= 11.11 */
777 struct acl entries[NACLVENTRIES];
780 count = acl ((char *) name, ACL_GET, NACLVENTRIES, entries);
784 /* EOPNOTSUPP is seen on NFS in HP-UX 11.11, 11.23.
785 EINVAL is seen on NFS in HP-UX 11.31. */
786 if (errno == ENOSYS || errno == EOPNOTSUPP || errno == EINVAL)
795 if (count > NACLVENTRIES)
796 /* If NACLVENTRIES cannot be trusted, use dynamic memory
800 /* If there are more than 4 entries, there cannot be only the
801 four base ACL entries. */
805 return aclv_nontrivial (count, entries);
811 # elif HAVE_ACLX_GET && defined ACL_AIX_WIP /* AIX */
816 size_t aclsize = sizeof (aclbuf);
821 /* The docs say that type being 0 is equivalent to ACL_ANY, but it
822 is not true, in AIX 5.3. */
824 if (aclx_get (name, 0, &type, aclbuf, &aclsize, &mode) >= 0)
832 int saved_errno = errno;
838 aclsize = 2 * aclsize;
841 acl = malloc (aclsize);
849 if (type.u64 == ACL_AIXC)
851 int result = acl_nontrivial ((struct acl *) acl);
856 else if (type.u64 == ACL_NFS4)
858 int result = acl_nfs4_nontrivial ((nfs4_acl_int_t *) acl);
865 /* A newer type of ACL has been introduced in the system.
866 We should better support it. */
873 # elif HAVE_STATACL /* older AIX */
875 union { struct acl a; char room[4096]; } u;
877 if (statacl (name, STX_NORMAL, &u.a, sizeof (u)) < 0)
880 return acl_nontrivial (&u.a);
882 # elif HAVE_ACLSORT /* NonStop Kernel */
885 struct acl entries[NACLENTRIES];
888 count = acl ((char *) name, ACL_GET, NACLENTRIES, entries);
892 if (errno == ENOSYS || errno == ENOTSUP)
901 if (count > NACLENTRIES)
902 /* If NACLENTRIES cannot be trusted, use dynamic memory
906 /* If there are more than 4 entries, there cannot be only the
907 four base ACL entries. */
911 return acl_nontrivial (count, entries);