1 /* -*- buffer-read-only: t -*- vi: set ro: */
2 /* DO NOT EDIT! GENERATED AUTOMATICALLY! */
3 /* Test whether a file has a nontrivial access control list.
5 Copyright (C) 2002-2003, 2005-2014 Free Software Foundation, Inc.
7 This program is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 Written by Paul Eggert, Andreas Grünbacher, and Bruno Haible. */
22 /* Without this pragma, gcc 4.7.0 20120126 may suggest that the
23 file_has_acl function might be candidate for attribute 'const' */
24 #if (__GNUC__ == 4 && 6 <= __GNUC_MINOR__) || 4 < __GNUC__
25 # pragma GCC diagnostic ignored "-Wsuggest-attribute=const"
32 #include "acl-internal.h"
35 #if USE_ACL && HAVE_ACL_GET_FILE
37 # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */
39 /* ACL is an ACL, from a file, stored as type ACL_TYPE_EXTENDED.
40 Return 1 if the given ACL is non-trivial.
41 Return 0 if it is trivial. */
43 acl_extended_nontrivial (acl_t acl)
45 /* acl is non-trivial if it is non-empty. */
46 return (acl_entries (acl) > 0);
49 # else /* Linux, FreeBSD, IRIX, Tru64 */
51 /* ACL is an ACL, from a file, stored as type ACL_TYPE_ACCESS.
52 Return 1 if the given ACL is non-trivial.
53 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode.
54 Return -1 and set errno upon failure to determine it. */
56 acl_access_nontrivial (acl_t acl)
58 /* acl is non-trivial if it has some entries other than for "user::",
59 "group::", and "other::". Normally these three should be present
60 at least, allowing us to write
61 return (3 < acl_entries (acl));
62 but the following code is more robust. */
63 # if HAVE_ACL_FIRST_ENTRY /* Linux, FreeBSD */
68 for (got_one = acl_get_entry (acl, ACL_FIRST_ENTRY, &ace);
70 got_one = acl_get_entry (acl, ACL_NEXT_ENTRY, &ace))
73 if (acl_get_tag_type (ace, &tag) < 0)
75 if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ || tag == ACL_OTHER))
80 # elif HAVE_ACL_TO_SHORT_TEXT /* IRIX */
81 /* Don't use acl_get_entry: it is undocumented. */
83 int count = acl->acl_cnt;
86 for (i = 0; i < count; i++)
88 acl_entry_t ace = &acl->acl_entry[i];
89 acl_tag_t tag = ace->ae_tag;
91 if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ
92 || tag == ACL_OTHER_OBJ))
97 # elif HAVE_ACL_FREE_TEXT /* Tru64 */
98 /* Don't use acl_get_entry: it takes only one argument and does not work. */
100 int count = acl->acl_num;
103 for (ace = acl->acl_first; count > 0; ace = ace->next, count--)
108 tag = ace->entry->acl_type;
109 if (!(tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ || tag == ACL_OTHER))
112 perm = ace->entry->acl_perm;
113 /* On Tru64, perm can also contain non-standard bits such as
114 PERM_INSERT, PERM_DELETE, PERM_MODIFY, PERM_LOOKUP, ... */
115 if ((perm & ~(ACL_READ | ACL_WRITE | ACL_EXECUTE)) != 0)
130 #elif USE_ACL && HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */
132 /* Test an ACL retrieved with GETACL.
133 Return 1 if the given ACL, consisting of COUNT entries, is non-trivial.
134 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
136 acl_nontrivial (int count, aclent_t *entries)
140 for (i = 0; i < count; i++)
142 aclent_t *ace = &entries[i];
144 /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat().
145 If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat().
146 We don't need to check ace->a_id in these cases. */
147 if (!(ace->a_type == USER_OBJ
148 || ace->a_type == GROUP_OBJ
149 || ace->a_type == OTHER_OBJ
150 /* Note: Cygwin does not return a CLASS_OBJ ("mask:") entry
152 || ace->a_type == CLASS_OBJ))
160 /* A shortcut for a bitmask. */
161 # define NEW_ACE_WRITEA_DATA (NEW_ACE_WRITE_DATA | NEW_ACE_APPEND_DATA)
163 /* Test an ACL retrieved with ACE_GETACL.
164 Return 1 if the given ACL, consisting of COUNT entries, is non-trivial.
165 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
167 acl_ace_nontrivial (int count, ace_t *entries)
171 /* The flags in the ace_t structure changed in a binary incompatible way
172 when ACL_NO_TRIVIAL etc. were introduced in <sys/acl.h> version 1.15.
173 How to distinguish the two conventions at runtime?
174 In the old convention, usually three ACEs have a_flags = ACE_OWNER /
175 ACE_GROUP / ACE_OTHER, in the range 0x0100..0x0400. In the new
176 convention, these values are not used. */
177 int old_convention = 0;
179 for (i = 0; i < count; i++)
180 if (entries[i].a_flags & (OLD_ACE_OWNER | OLD_ACE_GROUP | OLD_ACE_OTHER))
187 /* Running on Solaris 10. */
188 for (i = 0; i < count; i++)
190 ace_t *ace = &entries[i];
193 If ace->a_flags = ACE_OWNER, ace->a_who is the st_uid from stat().
194 If ace->a_flags = ACE_GROUP, ace->a_who is the st_gid from stat().
195 We don't need to check ace->a_who in these cases. */
196 if (!(ace->a_type == OLD_ALLOW
197 && (ace->a_flags == OLD_ACE_OWNER
198 || ace->a_flags == OLD_ACE_GROUP
199 || ace->a_flags == OLD_ACE_OTHER)))
204 /* Running on Solaris 10 (newer version) or Solaris 11. */
205 unsigned int access_masks[6] =
208 0, /* owner@ allow */
210 0, /* group@ allow */
211 0, /* everyone@ deny */
212 0 /* everyone@ allow */
215 for (i = 0; i < count; i++)
217 ace_t *ace = &entries[i];
221 if (ace->a_type == NEW_ACE_ACCESS_ALLOWED_ACE_TYPE)
223 else if (ace->a_type == NEW_ACE_ACCESS_DENIED_ACE_TYPE)
228 if (ace->a_flags == NEW_ACE_OWNER)
230 else if (ace->a_flags == (NEW_ACE_GROUP | NEW_ACE_IDENTIFIER_GROUP))
232 else if (ace->a_flags == NEW_ACE_EVERYONE)
237 access_masks[index1 + index2] |= ace->a_access_mask;
240 /* The same bit shouldn't be both allowed and denied. */
241 if (access_masks[0] & access_masks[1])
243 if (access_masks[2] & access_masks[3])
245 if (access_masks[4] & access_masks[5])
248 /* Check minimum masks. */
249 if ((NEW_ACE_WRITE_NAMED_ATTRS
250 | NEW_ACE_WRITE_ATTRIBUTES
252 | NEW_ACE_WRITE_OWNER)
255 access_masks[1] &= ~(NEW_ACE_WRITE_NAMED_ATTRS
256 | NEW_ACE_WRITE_ATTRIBUTES
258 | NEW_ACE_WRITE_OWNER);
259 if ((NEW_ACE_READ_NAMED_ATTRS
260 | NEW_ACE_READ_ATTRIBUTES
262 | NEW_ACE_SYNCHRONIZE)
265 access_masks[5] &= ~(NEW_ACE_READ_NAMED_ATTRS
266 | NEW_ACE_READ_ATTRIBUTES
268 | NEW_ACE_SYNCHRONIZE);
270 /* Check the allowed or denied bits. */
271 switch ((access_masks[0] | access_masks[1])
272 & ~(NEW_ACE_READ_NAMED_ATTRS
273 | NEW_ACE_READ_ATTRIBUTES
275 | NEW_ACE_SYNCHRONIZE))
278 case NEW_ACE_READ_DATA:
279 case NEW_ACE_WRITEA_DATA:
280 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA:
281 case NEW_ACE_EXECUTE:
282 case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE:
283 case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
284 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
289 switch ((access_masks[2] | access_masks[3])
290 & ~(NEW_ACE_READ_NAMED_ATTRS
291 | NEW_ACE_READ_ATTRIBUTES
293 | NEW_ACE_SYNCHRONIZE))
296 case NEW_ACE_READ_DATA:
297 case NEW_ACE_WRITEA_DATA:
298 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA:
299 case NEW_ACE_EXECUTE:
300 case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE:
301 case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
302 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
307 switch ((access_masks[4] | access_masks[5])
308 & ~(NEW_ACE_WRITE_NAMED_ATTRS
309 | NEW_ACE_WRITE_ATTRIBUTES
311 | NEW_ACE_WRITE_OWNER))
314 case NEW_ACE_READ_DATA:
315 case NEW_ACE_WRITEA_DATA:
316 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA:
317 case NEW_ACE_EXECUTE:
318 case NEW_ACE_READ_DATA | NEW_ACE_EXECUTE:
319 case NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
320 case NEW_ACE_READ_DATA | NEW_ACE_WRITEA_DATA | NEW_ACE_EXECUTE:
326 /* Check that the NEW_ACE_WRITE_DATA and NEW_ACE_APPEND_DATA bits are
327 either both allowed or both denied. */
328 if (((access_masks[0] & NEW_ACE_WRITE_DATA) != 0)
329 != ((access_masks[0] & NEW_ACE_APPEND_DATA) != 0))
331 if (((access_masks[2] & NEW_ACE_WRITE_DATA) != 0)
332 != ((access_masks[2] & NEW_ACE_APPEND_DATA) != 0))
334 if (((access_masks[4] & NEW_ACE_WRITE_DATA) != 0)
335 != ((access_masks[4] & NEW_ACE_APPEND_DATA) != 0))
344 #elif USE_ACL && HAVE_GETACL /* HP-UX */
346 /* Return 1 if the given ACL is non-trivial.
347 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
349 acl_nontrivial (int count, struct acl_entry *entries, struct stat *sb)
353 for (i = 0; i < count; i++)
355 struct acl_entry *ace = &entries[i];
357 if (!((ace->uid == sb->st_uid && ace->gid == ACL_NSGROUP)
358 || (ace->uid == ACL_NSUSER && ace->gid == sb->st_gid)
359 || (ace->uid == ACL_NSUSER && ace->gid == ACL_NSGROUP)))
365 # if HAVE_ACLV_H /* HP-UX >= 11.11 */
367 /* Return 1 if the given ACL is non-trivial.
368 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
370 aclv_nontrivial (int count, struct acl *entries)
374 for (i = 0; i < count; i++)
376 struct acl *ace = &entries[i];
378 /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat().
379 If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat().
380 We don't need to check ace->a_id in these cases. */
381 if (!(ace->a_type == USER_OBJ /* no need to check ace->a_id here */
382 || ace->a_type == GROUP_OBJ /* no need to check ace->a_id here */
383 || ace->a_type == CLASS_OBJ
384 || ace->a_type == OTHER_OBJ))
392 #elif USE_ACL && (HAVE_ACLX_GET || HAVE_STATACL) /* AIX */
394 /* Return 1 if the given ACL is non-trivial.
395 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
397 acl_nontrivial (struct acl *a)
399 /* The normal way to iterate through an ACL is like this:
400 struct acl_entry *ace;
401 for (ace = a->acl_ext; ace != acl_last (a); ace = acl_nxt (ace))
404 switch (ace->ace_type)
411 for (aei = ace->ace_id; aei != id_last (ace); aei = id_nxt (aei))
415 return (acl_last (a) != a->acl_ext ? 1 : 0);
418 # if HAVE_ACLX_GET && defined ACL_AIX_WIP /* newer AIX */
420 /* Return 1 if the given ACL is non-trivial.
421 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
423 acl_nfs4_nontrivial (nfs4_acl_int_t *a)
425 # if 1 /* let's try this first */
426 return (a->aclEntryN > 0 ? 1 : 0);
428 int count = a->aclEntryN;
431 for (i = 0; i < count; i++)
433 nfs4_ace_int_t *ace = &a->aclEntry[i];
435 if (!((ace->flags & ACE4_ID_SPECIAL) != 0
436 && (ace->aceWho.special_whoid == ACE4_WHO_OWNER
437 || ace->aceWho.special_whoid == ACE4_WHO_GROUP
438 || ace->aceWho.special_whoid == ACE4_WHO_EVERYONE)
439 && ace->aceType == ACE4_ACCESS_ALLOWED_ACE_TYPE
440 && ace->aceFlags == 0
441 && (ace->aceMask & ~(ACE4_READ_DATA | ACE4_LIST_DIRECTORY
442 | ACE4_WRITE_DATA | ACE4_ADD_FILE
443 | ACE4_EXECUTE)) == 0))
452 #elif USE_ACL && HAVE_ACLSORT /* NonStop Kernel */
454 /* Test an ACL retrieved with ACL_GET.
455 Return 1 if the given ACL, consisting of COUNT entries, is non-trivial.
456 Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
458 acl_nontrivial (int count, struct acl *entries)
462 for (i = 0; i < count; i++)
464 struct acl *ace = &entries[i];
466 /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat().
467 If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat().
468 We don't need to check ace->a_id in these cases. */
469 if (!(ace->a_type == USER_OBJ /* no need to check ace->a_id here */
470 || ace->a_type == GROUP_OBJ /* no need to check ace->a_id here */
471 || ace->a_type == CLASS_OBJ
472 || ace->a_type == OTHER_OBJ))
481 /* Return 1 if NAME has a nontrivial access control list, 0 if NAME
482 only has no or a base access control list, and -1 (setting errno)
483 on error. SB must be set to the stat buffer of NAME, obtained
484 through stat() or lstat(). */
487 file_has_acl (char const *name, struct stat const *sb)
490 if (! S_ISLNK (sb->st_mode))
492 # if HAVE_ACL_GET_FILE
494 /* POSIX 1003.1e (draft 17 -- abandoned) specific version. */
495 /* Linux, FreeBSD, Mac OS X, IRIX, Tru64 */
498 if (HAVE_ACL_EXTENDED_FILE) /* Linux */
500 /* On Linux, acl_extended_file is an optimized function: It only
501 makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for
503 ret = acl_extended_file (name);
505 else /* FreeBSD, Mac OS X, IRIX, Tru64 */
507 # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */
508 /* On Mac OS X, acl_get_file (name, ACL_TYPE_ACCESS)
509 and acl_get_file (name, ACL_TYPE_DEFAULT)
510 always return NULL / EINVAL. There is no point in making
511 these two useless calls. The real ACL is retrieved through
512 acl_get_file (name, ACL_TYPE_EXTENDED). */
513 acl_t acl = acl_get_file (name, ACL_TYPE_EXTENDED);
516 ret = acl_extended_nontrivial (acl);
521 # else /* FreeBSD, IRIX, Tru64 */
522 acl_t acl = acl_get_file (name, ACL_TYPE_ACCESS);
527 ret = acl_access_nontrivial (acl);
531 # if HAVE_ACL_FREE_TEXT /* Tru64 */
532 /* On OSF/1, acl_get_file (name, ACL_TYPE_DEFAULT) always
533 returns NULL with errno not set. There is no point in
535 # else /* FreeBSD, IRIX */
536 /* On Linux, FreeBSD, IRIX, acl_get_file (name, ACL_TYPE_ACCESS)
537 and acl_get_file (name, ACL_TYPE_DEFAULT) on a directory
538 either both succeed or both fail; it depends on the
539 file system. Therefore there is no point in making the second
540 call if the first one already failed. */
541 if (ret == 0 && S_ISDIR (sb->st_mode))
543 acl = acl_get_file (name, ACL_TYPE_DEFAULT);
546 ret = (0 < acl_entries (acl));
559 return - acl_errno_valid (errno);
562 # elif HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */
564 # if defined ACL_NO_TRIVIAL
566 /* Solaris 10 (newer version), which has additional API declared in
567 <sys/acl.h> (acl_t) and implemented in libsec (acl_set, acl_trivial,
568 acl_fromtext, ...). */
569 return acl_trivial (name);
571 # else /* Solaris, Cygwin, general case */
573 /* Solaris 2.5 through Solaris 10, Cygwin, and contemporaneous versions
574 of Unixware. The acl() call returns the access and default ACL both
577 /* Initially, try to read the entries into a stack-allocated buffer.
578 Use malloc if it does not fit. */
581 alloc_init = 4000 / sizeof (aclent_t), /* >= 3 */
582 alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (aclent_t))
584 aclent_t buf[alloc_init];
585 size_t alloc = alloc_init;
586 aclent_t *entries = buf;
587 aclent_t *malloced = NULL;
592 count = acl (name, GETACL, alloc, entries);
593 if (count < 0 && errno == ENOSPC)
595 /* Increase the size of the buffer. */
597 if (alloc > alloc_max / 2)
602 alloc = 2 * alloc; /* <= alloc_max */
604 (aclent_t *) malloc (alloc * sizeof (aclent_t));
616 if (errno == ENOSYS || errno == ENOTSUP)
620 int saved_errno = errno;
630 /* Don't use MIN_ACL_ENTRIES: It's set to 4 on Cygwin, but Cygwin
631 returns only 3 entries for files with no ACL. But this is safe:
632 If there are more than 4 entries, there cannot be only the
633 "user::", "group::", "other:", and "mask:" entries. */
640 if (acl_nontrivial (count, entries))
650 /* Solaris also has a different variant of ACLs, used in ZFS and NFSv4
651 file systems (whereas the other ones are used in UFS file systems). */
653 /* Initially, try to read the entries into a stack-allocated buffer.
654 Use malloc if it does not fit. */
657 alloc_init = 4000 / sizeof (ace_t), /* >= 3 */
658 alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (ace_t))
660 ace_t buf[alloc_init];
661 size_t alloc = alloc_init;
662 ace_t *entries = buf;
663 ace_t *malloced = NULL;
668 count = acl (name, ACE_GETACL, alloc, entries);
669 if (count < 0 && errno == ENOSPC)
671 /* Increase the size of the buffer. */
673 if (alloc > alloc_max / 2)
678 alloc = 2 * alloc; /* <= alloc_max */
679 entries = malloced = (ace_t *) malloc (alloc * sizeof (ace_t));
691 if (errno == ENOSYS || errno == EINVAL)
695 int saved_errno = errno;
705 /* In the old (original Solaris 10) convention:
706 If there are more than 3 entries, there cannot be only the
707 ACE_OWNER, ACE_GROUP, ACE_OTHER entries.
708 In the newer Solaris 10 and Solaris 11 convention:
709 If there are more than 6 entries, there cannot be only the
710 ACE_OWNER, ACE_GROUP, ACE_EVERYONE entries, each once with
711 NEW_ACE_ACCESS_ALLOWED_ACE_TYPE and once with
712 NEW_ACE_ACCESS_DENIED_ACE_TYPE. */
719 if (acl_ace_nontrivial (count, entries))
732 # elif HAVE_GETACL /* HP-UX */
735 struct acl_entry entries[NACLENTRIES];
738 count = getacl (name, NACLENTRIES, entries);
742 /* ENOSYS is seen on newer HP-UX versions.
743 EOPNOTSUPP is typically seen on NFS mounts.
744 ENOTSUP was seen on Quantum StorNext file systems (cvfs). */
745 if (errno == ENOSYS || errno == EOPNOTSUPP || errno == ENOTSUP)
754 if (count > NACLENTRIES)
755 /* If NACLENTRIES cannot be trusted, use dynamic memory
759 /* If there are more than 3 entries, there cannot be only the
760 (uid,%), (%,gid), (%,%) entries. */
767 if (stat (name, &statbuf) < 0)
770 return acl_nontrivial (count, entries, &statbuf);
775 # if HAVE_ACLV_H /* HP-UX >= 11.11 */
778 struct acl entries[NACLVENTRIES];
781 count = acl ((char *) name, ACL_GET, NACLVENTRIES, entries);
785 /* EOPNOTSUPP is seen on NFS in HP-UX 11.11, 11.23.
786 EINVAL is seen on NFS in HP-UX 11.31. */
787 if (errno == ENOSYS || errno == EOPNOTSUPP || errno == EINVAL)
796 if (count > NACLVENTRIES)
797 /* If NACLVENTRIES cannot be trusted, use dynamic memory
801 /* If there are more than 4 entries, there cannot be only the
802 four base ACL entries. */
806 return aclv_nontrivial (count, entries);
812 # elif HAVE_ACLX_GET && defined ACL_AIX_WIP /* AIX */
817 size_t aclsize = sizeof (aclbuf);
822 /* The docs say that type being 0 is equivalent to ACL_ANY, but it
823 is not true, in AIX 5.3. */
825 if (aclx_get (name, 0, &type, aclbuf, &aclsize, &mode) >= 0)
833 int saved_errno = errno;
839 aclsize = 2 * aclsize;
842 acl = malloc (aclsize);
850 if (type.u64 == ACL_AIXC)
852 int result = acl_nontrivial ((struct acl *) acl);
857 else if (type.u64 == ACL_NFS4)
859 int result = acl_nfs4_nontrivial ((nfs4_acl_int_t *) acl);
866 /* A newer type of ACL has been introduced in the system.
867 We should better support it. */
874 # elif HAVE_STATACL /* older AIX */
876 union { struct acl a; char room[4096]; } u;
878 if (statacl (name, STX_NORMAL, &u.a, sizeof (u)) < 0)
881 return acl_nontrivial (&u.a);
883 # elif HAVE_ACLSORT /* NonStop Kernel */
886 struct acl entries[NACLENTRIES];
889 count = acl ((char *) name, ACL_GET, NACLENTRIES, entries);
893 if (errno == ENOSYS || errno == ENOTSUP)
902 if (count > NACLENTRIES)
903 /* If NACLENTRIES cannot be trusted, use dynamic memory
907 /* If there are more than 4 entries, there cannot be only the
908 four base ACL entries. */
912 return acl_nontrivial (count, entries);