]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright (c) 2004 Apple Computer, Inc. All rights reserved. | |
3 | * | |
4 | * @APPLE_LICENSE_HEADER_START@ | |
5 | * | |
6 | * This file contains Original Code and/or Modifications of Original Code | |
7 | * as defined in and that are subject to the Apple Public Source License | |
8 | * Version 2.0 (the 'License'). You may not use this file except in | |
9 | * compliance with the License. Please obtain a copy of the License at | |
10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
11 | * file. | |
12 | * | |
13 | * The Original Code and all software distributed under the License are | |
14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
18 | * Please see the License for the specific language governing rights and | |
19 | * limitations under the License. | |
20 | * | |
21 | * @APPLE_LICENSE_HEADER_END@ | |
22 | */ | |
23 | #include <sys/types.h> | |
24 | #include <sys/acl.h> | |
25 | #include <errno.h> | |
26 | #include <unistd.h> | |
27 | #include <fcntl.h> | |
28 | #include <string.h> | |
29 | ||
30 | enum {OPENX, MKFIFOX, MKDIRX}; | |
31 | ||
32 | extern int __open_extended(const char *, int, uid_t, gid_t, int, struct kauth_filesec *); | |
33 | extern int __mkfifo_extended(const char *, uid_t, gid_t, int, struct kauth_filesec *); | |
34 | extern int __mkdir_extended(const char *, uid_t, gid_t, int, struct kauth_filesec *); | |
35 | ||
36 | static int | |
37 | _mkfilex_np(int opcode, const char *path, int flags, filesec_t fsec) | |
38 | { | |
39 | uid_t owner = KAUTH_UID_NONE; | |
40 | gid_t group = KAUTH_GID_NONE; | |
41 | mode_t mode = 0; | |
42 | size_t size = 0; | |
43 | int fsacl_used = 0; | |
44 | struct kauth_filesec *fsacl = NULL; | |
45 | struct kauth_filesec static_filesec; | |
46 | ||
47 | /* handle extended security data */ | |
48 | if (fsec != NULL) { | |
49 | /* fetch basic parameters */ | |
50 | if ((filesec_get_property(fsec, FILESEC_OWNER, &owner) != 0) && (errno != ENOENT)) | |
51 | return(-1); | |
52 | if ((filesec_get_property(fsec, FILESEC_GROUP, &group) != 0) && (errno != ENOENT)) | |
53 | return(-1); | |
54 | if ((filesec_get_property(fsec, FILESEC_MODE, &mode) != 0) && (errno != ENOENT)) | |
55 | return(-1); | |
56 | ||
57 | /* try to fetch the ACL */ | |
58 | if (((filesec_get_property(fsec, FILESEC_ACL_RAW, &fsacl) != 0) || | |
59 | (filesec_get_property(fsec, FILESEC_ACL_ALLOCSIZE, &size) != 0)) && | |
60 | (errno != ENOENT)) | |
61 | return(-1); | |
62 | ||
63 | /* only valid for chmod */ | |
64 | if (fsacl == _FILESEC_REMOVE_ACL) { | |
65 | errno = EINVAL; | |
66 | return(-1); | |
67 | } | |
68 | ||
69 | /* no ACL, use local filesec */ | |
70 | if (fsacl == NULL) { | |
71 | bzero(&static_filesec, sizeof(static_filesec)); | |
72 | fsacl = &static_filesec; | |
73 | fsacl->fsec_magic = KAUTH_FILESEC_MAGIC; | |
74 | fsacl->fsec_entrycount = KAUTH_FILESEC_NOACL; | |
75 | } else { | |
76 | fsacl_used = 1; | |
77 | } | |
78 | ||
79 | /* grab the owner and group UUID if present */ | |
80 | if (filesec_get_property(fsec, FILESEC_UUID, &fsacl->fsec_owner) != 0) { | |
81 | if (errno != ENOENT) | |
82 | return(-1); | |
83 | bzero(&fsacl->fsec_owner, sizeof(fsacl->fsec_owner)); | |
84 | } else { | |
85 | fsacl_used = 1; | |
86 | } | |
87 | if (filesec_get_property(fsec, FILESEC_GRPUUID, &fsacl->fsec_group) != 0) { | |
88 | if (errno != ENOENT) | |
89 | return(-1); | |
90 | bzero(&fsacl->fsec_group, sizeof(fsacl->fsec_group)); | |
91 | } else { | |
92 | fsacl_used = 1; | |
93 | } | |
94 | ||
95 | /* after all this, if we didn't find anything that needs it, don't pass it in */ | |
96 | if (!fsacl_used) | |
97 | fsacl = NULL; | |
98 | } | |
99 | ||
100 | switch (opcode) { | |
101 | case OPENX: | |
102 | return(__open_extended(path, flags, owner, group, mode, fsacl)); | |
103 | case MKFIFOX: | |
104 | return(__mkfifo_extended(path, owner, group, mode, fsacl)); | |
105 | case MKDIRX: | |
106 | return(__mkdir_extended(path, owner, group, mode, fsacl)); | |
107 | } | |
108 | /* should never get here */ | |
109 | errno = EINVAL; | |
110 | return(-1); | |
111 | } | |
112 | ||
113 | int | |
114 | openx_np(const char *path, int flags, filesec_t fsec) | |
115 | { | |
116 | /* optimise for the simple case */ | |
117 | if (!(flags & O_CREAT) || (fsec == NULL)) | |
118 | return(open(path, flags)); | |
119 | return(_mkfilex_np(OPENX, path, flags, fsec)); | |
120 | } | |
121 | ||
122 | int | |
123 | mkfifox_np(const char *path, filesec_t fsec) | |
124 | { | |
125 | return(_mkfilex_np(MKFIFOX, path, 0, fsec)); | |
126 | } | |
127 | ||
128 | int | |
129 | mkdirx_np(const char *path, filesec_t fsec) | |
130 | { | |
131 | return(_mkfilex_np(MKDIRX, path, 0, fsec)); | |
132 | } |