]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright (c) 2004 Apple Computer, Inc. All rights reserved. | |
3 | * | |
4 | * @APPLE_LICENSE_HEADER_START@ | |
5 | * | |
6 | * This file contains Original Code and/or Modifications of Original Code | |
7 | * as defined in and that are subject to the Apple Public Source License | |
8 | * Version 2.0 (the 'License'). You may not use this file except in | |
9 | * compliance with the License. Please obtain a copy of the License at | |
10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
11 | * file. | |
12 | * | |
13 | * The Original Code and all software distributed under the License are | |
14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
18 | * Please see the License for the specific language governing rights and | |
19 | * limitations under the License. | |
20 | * | |
21 | * @APPLE_LICENSE_HEADER_END@ | |
22 | */ | |
23 | #include <sys/types.h> | |
24 | #include <sys/acl.h> | |
25 | #include <errno.h> | |
26 | #include <sys/syscall.h> | |
27 | #include <unistd.h> | |
28 | #include <fcntl.h> | |
29 | #include <string.h> | |
30 | ||
31 | static int | |
32 | _mkfilex_np(int opcode, const char *path, int flags, filesec_t fsec) | |
33 | { | |
34 | uid_t owner = KAUTH_UID_NONE; | |
35 | gid_t group = KAUTH_GID_NONE; | |
36 | mode_t mode = 0; | |
37 | size_t size = 0; | |
38 | int fsacl_used = 0; | |
39 | struct kauth_filesec *fsacl = NULL; | |
40 | struct kauth_filesec static_filesec; | |
41 | ||
42 | /* handle extended security data */ | |
43 | if (fsec != NULL) { | |
44 | /* fetch basic parameters */ | |
45 | if ((filesec_get_property(fsec, FILESEC_OWNER, &owner) != 0) && (errno != ENOENT)) | |
46 | return(-1); | |
47 | if ((filesec_get_property(fsec, FILESEC_GROUP, &group) != 0) && (errno != ENOENT)) | |
48 | return(-1); | |
49 | if ((filesec_get_property(fsec, FILESEC_MODE, &mode) != 0) && (errno != ENOENT)) | |
50 | return(-1); | |
51 | ||
52 | /* try to fetch the ACL */ | |
53 | if (((filesec_get_property(fsec, FILESEC_ACL_RAW, &fsacl) != 0) || | |
54 | (filesec_get_property(fsec, FILESEC_ACL_ALLOCSIZE, &size) != 0)) && | |
55 | (errno != ENOENT)) | |
56 | return(-1); | |
57 | ||
58 | /* only valid for chmod */ | |
59 | if (fsacl == _FILESEC_REMOVE_ACL) { | |
60 | errno = EINVAL; | |
61 | return(-1); | |
62 | } | |
63 | ||
64 | /* no ACL, use local filesec */ | |
65 | if (fsacl == NULL) { | |
66 | bzero(&static_filesec, sizeof(static_filesec)); | |
67 | fsacl = &static_filesec; | |
68 | fsacl->fsec_magic = KAUTH_FILESEC_MAGIC; | |
69 | fsacl->fsec_entrycount = KAUTH_FILESEC_NOACL; | |
70 | } else { | |
71 | fsacl_used = 1; | |
72 | } | |
73 | ||
74 | /* grab the owner and group UUID if present */ | |
75 | if (filesec_get_property(fsec, FILESEC_UUID, &fsacl->fsec_owner) != 0) { | |
76 | if (errno != ENOENT) | |
77 | return(-1); | |
78 | bzero(&fsacl->fsec_owner, sizeof(fsacl->fsec_owner)); | |
79 | } else { | |
80 | fsacl_used = 1; | |
81 | } | |
82 | if (filesec_get_property(fsec, FILESEC_GRPUUID, &fsacl->fsec_group) != 0) { | |
83 | if (errno != ENOENT) | |
84 | return(-1); | |
85 | bzero(&fsacl->fsec_group, sizeof(fsacl->fsec_group)); | |
86 | } else { | |
87 | fsacl_used = 1; | |
88 | } | |
89 | ||
90 | /* after all this, if we didn't find anything that needs it, don't pass it in */ | |
91 | if (!fsacl_used) | |
92 | fsacl = NULL; | |
93 | } | |
94 | ||
95 | if (opcode == SYS_open_extended) { | |
96 | return(syscall(opcode, path, flags, owner, group, mode, fsacl)); | |
97 | } else { | |
98 | return(syscall(opcode, path, owner, group, mode, fsacl)); | |
99 | } | |
100 | } | |
101 | ||
102 | int | |
103 | openx_np(const char *path, int flags, filesec_t fsec) | |
104 | { | |
105 | /* optimise for the simple case */ | |
106 | if (!(flags & O_CREAT) || (fsec == NULL)) | |
107 | return(open(path, flags)); | |
108 | return(_mkfilex_np(SYS_open_extended, path, flags, fsec)); | |
109 | } | |
110 | ||
111 | int | |
112 | mkfifox_np(const char *path, filesec_t fsec) | |
113 | { | |
114 | return(_mkfilex_np(SYS_mkfifo_extended, path, 0, fsec)); | |
115 | } | |
116 | ||
117 | int | |
118 | mkdirx_np(const char *path, filesec_t fsec) | |
119 | { | |
120 | return(_mkfilex_np(SYS_mkdir_extended, path, 0, fsec)); | |
121 | } |